Nine years of Project Galileo and how the last year has changed it

If you follow Cloudflare, you know that Birthday Week is a big deal. We’ve taken a similar approach to Project Galileo since its founding in 2014. For the anniversary, we typically give an overview of what we have learned to protect the most vulnerable in the last year and announce new product features, partnerships, and how we’ve been able to expand the project.

When our Cloudflare Impact team was preparing for the anniversary, we noticed a theme. Many of the projects we worked on throughout the year involved Project Galileo. From access to new products, development of privacy-enhancing technologies, collaborations with civil society and governments, we saw that the project played a role in either facilitating conversation with the right people or bridging gaps.

After reflecting on the last year, we’ve seen a project that was initially intended to keep journalism and media sites online grew into more. So, for this year, in addition to new announcements, we want to take the time to reflect on how we have seen Project Galileo transform and how we look toward the future in protecting the most vulnerable on the Internet.

Project Galileo +

The original goal of Project Galileo was simple. Although Cloudflare had free services available to anyone online, including cyber security services like unmetered DDoS protection, based on meetings with the Committee to Protect Journalists and others, we thought there was more we could do to help important but vulnerable voices online.

To that end, we launched Project Galileo to provide free access to additional Cloudflare services for qualifying organizations. Predictably, our first challenge was deciding exactly how to determine which organizations should qualify for the program. We knew generally that we wanted to help journalists, human rights defenders, civil rights activists, and other humanitarian organizations. We also thought it would be a better, more transparent program if Cloudflare were not making those decisions on our own.

So, we recruited as many well-respected organizations working in those fields as we could. When we launched, we were incredibly excited that we had 14 organizations willing to volunteer their time to help us. Nine anniversaries later, not only are we still working with all of our original partners, often on a daily basis to review and approve new Project Galileo participants, but our partner list has actually grown to 50 organizations, including the Council of Europe and the Business & Human Rights Resource Centre.

With their help, Project Galileo now protects more than 2,271 organizations in 111 countries. In addition to helping us grow the number of organizations participating in the program, our growing list of partners has also helped drive a number of expansions and other projects, which continue to make the Internet a safer place.

Helping with new issues: In September 2022, Cloudflare extended Project Galileo services to abortion rights groups through our partnership with Digital Defense Fund, an organization that works to provide digital security tools for the abortion access movement. Extending privacy and security services to those that support access to safe and legal abortion and advocated for the right to protect and expand reproductive freedom was the right thing to do and we were proud to do it.Adding new services — internal networks: As Cloudflare has developed new product features, we’ve worked with our partners to determine which would be the most helpful to provide to vulnerable communities. In 2022, Cloudflare added Zero Trust security products for organizations under Project Galileo (and the Athenian Project). As a result, Project Galileo not only protects our participants’ web properties, but is also helping secure internal networks for organizations like CyberPeace Institute, Meedan, Organization of American States (OAS), and The Information Technology Disaster Resource Center (ITDRC). We also created the Cloudflare Social Impact Portal, which provides step-by-step onboarding instructions, videos, and tutorials to help onboard Cloudflare Zero Trust products, specifically tailored for nonprofit organizations.Tracking Internet shutdowns: In 2021, working with Access Now, Internews, the Carter Center, National Democratic Institute, Internet Society, and the International Foundation for Electoral Systems, the Cloudflare Radar team launched an alert tool to help identify outages for human rights organizations that track Internet shutdowns. In 2022, we launched alerts with Radar 2.0 and API access to make it easier for those organizations as well as other civil society groups and journalists to automatically integrate Cloudflare network data into their monitoring tools.Working with governments to protect human rights defenders: As a result of our work with Project Galileo, Cloudflare has been able to work with our partners to share our experience and best practices with the US State Department, US Agency for International Development (USAID), and other government agencies that are helping advance global privacy and security protocols to support democratic governance, privacy, and protections for human rights defenders online. As part of that work, Cloudflare made a number of additional commitments as part of the 2023 Summit for Democracy, including making post-quantum encryption available for all Cloudflare customers and Project Galileo participants at no charge.

At Cloudflare, we often talk about how we are just getting started, which is true for Project Galileo as well. But, before we talk about what’s new this year, it’s worth taking a moment to appreciate not only how the program has grown, but also how the community that has developed around it has helped launch other new ideas and initiatives to help advance human rights online.

What’s next? (Ninth anniversary!)

For the ninth anniversary, we want to focus on access to affordable cyber security tools and what we have learned protecting the most vulnerable communities. That is in the form of new technical resources, a Radar report on cyber threats to Galileo organizations, partnerships to expand product offerings, and more.

This year, we are happy to announce an extension of our partnership with the CyberPeace Institute to provide Area 1 tools to Development and Humanitarian Organizations (DHOs) as part of Project Galileo. Over the course of the partnership, CyberPeace Institute will onboard their network of NGOs that are part of the CyberPeace Builders program  and act as a centralized point of contact to feed real-time security alerts  with a focus on phishing campaigns to civil society organizations.

“United against cyber threats, the CyberPeace Institute and CloudFlare stand tall, safeguarding civil society organizations from the treacherous tide of phishing campaigns. Together, we defend the defenders and empower the champions of peace in the digital realm.”
Stéphane Duguin, CEO, CyberPeace Institute

At Cloudflare, we think it is important to have affordable cyber security tools, as the threats are increasing in frequency and sophistication, and organizations and individuals alike need effective tools to protect themselves from these threats. As part of our Zero Trust offering under Project Galileo, we have created a new Zero Trust Roadmap for high-risk organizations to make the complex world of cyber security more accessible and understandable to a wider audience.

For the Project Galileo 9th anniversary, we wanted to identify the types of attacks these groups face to better equip researchers, civil society, and organizations that are targeted with best practices for safeguarding their websites and internal data. With that, we developed a Radar report aimed at highlighting organizations that were the center of public debate in the last year. Specifically, organizations that support LGBTQ+ rights, civil society, pro-choice advocacy and health, and in Ukraine.

Our main findings:

Between July 1, 2022, and May 5, 2023, Cloudflare mitigated 20 billion attacks against organizations protected under Project Galileo. This is an average of nearly 67.7 million cyber attacks per day over the last 10 months.For LGBTQ+ organizations, we saw an average of 790,000 attacks mitigated per day over the last 10 months, with a majority of those classified as DDoS attacks.Attacks targeting civil society organizations are generally increasing. We have broken down an attack aimed at a prominent organization, with the request volume climbing as high as 667,000 requests per second. Before and after this time the organization saw little to no traffic.In Ukraine, spikes in traffic to organizations that provide emergency response and disaster relief coincide with bombings of the country over the 10-month period.

In addition, we launched new case studies and added content to our Cloudflare Social Impact Portal to help organizations stay secure with our security offerings. Cloudflare is sponsoring Access Now’s RightsCon and we are excited to be attending the conference in Costa Rica to bring together many of our Project Galileo civil society partners. RightsCon convenes a broad range of civil society groups and business and public sector stakeholders to talk and learn about digital rights issues.

The future of Project Galileo

The last year has shown us a lot on how we can use Project Galileo beyond just protecting vulnerable voices, but to work in new avenues to extend Cloudflare’s protection and provide our expertise to a range of groups working in digital security issues. As we look toward the next year, we will continue to look for new ways to expand our protections to at-risk groups around the world.

If you are an organisation looking for protection under Project Galileo, please visit our website:

About The Author