{"id":222730,"date":"2026-05-30T00:00:00","date_gmt":"2026-05-30T04:00:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/30\/ftm-ditches-us-cybersecurity-firm-over-surveillance-and-privacy-fears-follow-the-money\/"},"modified":"2026-05-30T00:10:09","modified_gmt":"2026-05-30T04:10:09","slug":"ftm-ditches-us-cybersecurity-firm-over-surveillance-and-privacy-fears-follow-the-money","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/30\/ftm-ditches-us-cybersecurity-firm-over-surveillance-and-privacy-fears-follow-the-money\/","title":{"rendered":"FTM ditches US cybersecurity firm over surveillance and privacy fears – Follow the Money"},"content":{"rendered":"

FTM ditches US cybersecurity firm over surveillance and privacy fears – Follow the Money<\/a><\/p>\n

https:\/\/www.ftm.eu\/articles\/why-ftm-is-giving-up-cloudflare<\/a><\/p>\n

Publish Date: 2026-05-30 00:00:00<\/a><\/p>\n

Source Domain: www.ftm.eu<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

At 11:55 am on a Wednesday morning, the first message came in. A Follow the Money editor sent a screenshot of the FTM app via the internal communication channels: \u201c502 bad gateway\u201d. Just a minute later, then-editor-in-chief Arne van der Wal sent the message: \u201cSITE IS DOWN\u201d.\u00a0An hour later, the website and app were still down. \u201cLooks like a targeted DDoS attack on us,\u201d FTM\u2019s systems administrator told the rest of the company.\u00a0During a DDoS attack \u2013 short for distributed denial-of-service \u2013 attackers send massive amounts of internet traffic at their target until the system is overloaded. The aim? To bring down websites, at least temporarily.Later that day, FTM publisher Jan-Willem Sanders sent a message to staff: \u201cA massive amount of automated traffic is being directed at us to disrupt our sites \u2013 unfortunately, that mission has been successful.\u201d\u00a0\u201cUnder attack?\u201dThe attack, on 24 April 2024, was the first the company had ever experienced. On that day, the servers had to cope with traffic that was 28,000 times higher than on a normal Wednesday, originating from servers in Russia and Bulgaria. One of the pages that was attacked? The section on the website that collects articles on Russia.That afternoon, the FTM system administrator scrambled to connect the website to Cloudflare\u2019s services. That firm provides a popular service: The US company \u201cblocks an average of 247 billion threats online every single day for its millions of customers\u201d, according to its website. Independent research found that almost a quarter of all websites on the internet are protected by Cloudflare.An added bonus: you can connect your systems to it in a flash \u2013 even during an attack. It\u2019s no coincidence that the website features a red \u201cunder attack?\u201d button; click it, enter your details, and you\u2019ll be protected by Cloudflare \u201cin minutes\u201d.Disrupting sitesAlthough Cloudflare managed to block 99% of the Russian and Bulgarian traffic, that 1% meant the FTM website was only up and running again at around 8 pm.\u00a0Since then, Follow the Money has luckily suffered few such attacks, thanks to Cloudflare.And yet, earlier this month the news outlet parted ways with that company\u2019s services.\u00a0Not because the threats from Russia (or elsewhere) have subsided, or because the services of Cloudflare haven\u2019t been helpful \u2013 but because using Cloudflare also comes with a risk.\u00a0In February, FTM announced that it would reduce its dependence on US software as much as possible, in view of the rapidly deteriorating relations between Europe and the US. In other words: FTM wants to use, as much as possible, alternatives to US services.\u00a0<\/p>\n

Our journalism is only possible thanks to the trust of our paying members. Not a member yet? Sign up now<\/p>\n

That\u2019s because it has become increasingly clear that the US government can leverage Europe\u2019s dependence on US tech. For example, the chief prosecutor of the International Criminal Court (ICC) found himself locked out of his email account in May last year. Microsoft had denied him access after US president Donald Trump sanctioned him for having issued an arrest warrant for Israeli Prime Minister Benjamin Netanyahu.Such risks should be reduced as much as possible.Cloudflare\u2019s software in particular poses a risk, said Erik Willems. He started working as FTM\u2019s project manager for digital autonomy last month and is responsible for the search for European alternatives. \u00a0\u201cIt is simply the flip side of protection against DDoS attacks\u201d\u00a0Because all of FTM\u2019s traffic ran via Cloudflare\u2019s servers, that company theoretically had access to a huge amount of sensitive data. \u201cCloudflare can see everything you, as a member of FTM, do on our site,\u201d Willems said. \u201cSo if someone subscribes to FTM or an existing member changes something on their own account page, Cloudflare can see it: your email address, your account number and whether you\u2019ve clicked the \u2018change password\u2019 button. And if you then change your password, even that ends up with Cloudflare.\u201dThis data is encrypted, but to assess whether internet traffic to ftm.eu is from a human or a bot, Cloudflare must access unencrypted information. Human users are allowed through, bots are not.Cloudflare claims that it doesn\u2019t store that data, and there is no evidence that it is actually monitoring traffic. However, Cloudflare did provide data to the US government about 500 times last year \u2013 out of a total of 820 legal requests.\u00a0<\/p>\n

Bureau Brussels
\n Insights from our EU specialists and news from the Brussels bubble.<\/p>\n

By comparison, there were only 18 requests from EU countries during that time. It\u2019s not clear how many were granted.Cloudflare itself has noted that there are doubts in Europe as to whether the use of \u201ccloud service providers like our company\u201d by (local) governments is in line with European privacy legislation. The reason, in Cloudflare\u2019s own words: \u201ctheir concerns about the ability of U.S. government agencies to access EU personal data \u201d.\u00a0Willems emphasises that these concerns are neither new nor unique to Cloudflare. \u201cThis has long been common knowledge among IT professionals,\u201d he said. \u201cIt is simply the flip side of protection against DDoS attacks.\u201d\u00a0To reduce risks of US authorities gaining access to your data, FTM is shifting its DDoS-protection to a European company.\u00a0The problem that Willems was faced with: Cloudflare\u2019s biggest competitors \u2013 Amazon CloudFront, Fastly and Akamai \u2013 are also all US companies, or Russian (DDoS-Guard).So Willems started looking in Europe.\u00a0\u2018Off to bunny \ud83d\ude0e\u2019Enter bunny.net. The company \u2013 with 96,000 paying customers, according to a spokesperson \u2013 provides similar services to Cloudflare. It also essentially has the same access to data as Cloudflare.\u00a0However, because the firm is based in Europe, the US government cannot simply request the data; US authorities also have no way of building in a so-called kill switch that would allow them to shut down FTM. Any data that bunny.net has access to will be protected under EU privacy laws, which are stricter than US ones.Bunny.net now uses it as its selling point. A week after Donald Trump\u2019s inauguration in January 2025, the company published a blog post on privacy: \u201cThe moment your traffic passes through a U.S.-based service provider, your logs could fall under U.S. jurisdiction, opening the door to potential data access under foreign laws.\u201d\u201cAs an EU-based company, bunny.net ensures your logs never leave the region. Free from U.S. Congress jurisdiction, we help you safeguard your customers\u2019 data while delivering a seamless experience.\u201dWhether that seamless experience is just PR remains to be seen. What is clear though, that FTM-subscriber data is now much more safe, under EU law.Earlier this month, FTM\u2019s IT department cleared the first hurdle to make it less dependent on US tech. FTM.eu was the first to move to the new service provider, and, last Wednesday the Dutch site ftm.nl was next.\u00a0\u201cFTM has moved to bunny \ud83d\ude0e,\u201d an administrator wrote.\u00a0<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

FTM ditches US cybersecurity firm over surveillance and privacy fears – Follow the Money https:\/\/www.ftm.eu\/articles\/why-ftm-is-giving-up-cloudflare…<\/p>\n","protected":false},"author":1,"featured_media":222731,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.ftm.eu\/uploads\/media_filter\/6a15d8702a843\/article_1400_nocrop\/cloudfare.jpg?v=0","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-222730","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222730"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=222730"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222730\/revisions"}],"predecessor-version":[{"id":222733,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/222730\/revisions\/222733"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/222731"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=222730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=222730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=222730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}