Conversation with Sarah Tavel, General Partner @ Benchmark Capital
A special conversation with Sarah Tavel, joined by Matthew Prince, co-founder and CEO of Cloudflare.
Sarah Tavel is a General Partner at Benchmark. Sarah invests in consumer businesses (particular focus on marketplaces & social), SaaS, and the future of work. Sarah led Benchmark's investment and currently sits on the boards of Chainalysis, Hipcamp and four unannounced companies. She also led three acquisitions as she helped the company scale through a period of hyper-growth. Sarah graduated from Harvard College with a degree in Philosophy.
Music Hi Sarah Hey, how you doing?
I'm well I have to apologize to everyone that you just moved into a new house so your, your video a little bit but I think we've got the audio set up okay, it's great to, it's great to see you I think we met for the first time.
I mean it hasn't been back when it when we were talking to In 2010, you were working with Jeremy Levine, and, and Bessemer looked at potentially investing in Cloudflare and, and I was always bummed that we didn't get to work together directly.
It's been so cool though I have always shared that regret, and it's also so cool to see just how far things have come and how consistent it's been with what you guys talked about way back when that really it's 10 years ago now it's incredible.
It's, it's been, it's been quite right I mean you've had this incredible ride though too so you were at Bessemer, as, as, as one of the only women investing partners and then you made with Jeremy, the investment in Pinterest and then you joined Pinterest I think is one of the first product managers there, and then went from there to being the only I think the only female partner at Greylock, and now at Benchmark.
That's a pretty, how is it like, how's the last 10 years that's going to be just kind of a crazy, crazy last 10 years for you too.
Man, it's a better luck than good.
It's, it's, I like you know there's people who take full credit for their accomplishments I attribute a lot of it to, to luck.
You know, just being, I was like so lucky to land at Bessemer and be working with Jeremy Levine whom is just a phenomenal person and investor and learned everything I could and then, you know, the, I gained to know the Pinterest team and invest there and then, you know, throwing my hat into the ring to join because I was just so excited about it.
And it's just these things where you can't predict how the, how your, you know, the dots will connect kind of looking forward but when you look backward it's, it's, it's a nice.
It's been, it's been a fun, fun 10 years for sure.
I also added a two year old in the mix. So, it's another another dimension to the last 10 years that have been, you know, What surprised you most about being a parent?
I think that before we had a kid, you know, all you could think about are the things that you're going to be giving up right like oh I love my lazy mornings I love like being able to travel anywhere and a hat, you know, drop of a hat.
And what you don't realize that sometimes like a greater happiness lies and substituting something else.
And for us like with Marco like what we just realized is the things that we used to think made us happy and trust me every once in a while I definitely missed the lazy morning, but, um, you just are so happy to substitute that thing that you thought made you happy for this new thing because it's a, there's an expansiveness to the joy you get with a with a little person that that I didn't realize we were just going to enjoy as much as we do.
So, you know, you've also sort of, I mean, you know, your, your, your partner Bill Gurley talks about being on both sides of, you know, the table and, and, you know, you've, you've, you have sat on both sides of the table, being both an operator at Pinterest from from early on and Investor, how do those roles like how do those roles differ because it seems there are very few people that I think have that as as as as like as as as intimately as as you have both having been an investor at Pinterest and then got going to going to work there.
Man, how are they different. It's like, I know. How long do we have to talk about how different they are right like Minutes, if you want.
Perfect. I mean, look like What so Well, what, like, maybe the simplest way to talk about it.
Is, you know, we as VCs. We always use the cliche of like we're at 30 ,000 feet.
And then what happens as you kind of progress down an organization from like the board level, which is, you know, for for investors at 30,000 foot level to the, you know, the CEO, who is spanning both like the 10,000 and the 30,000 but then as you go down the org, you get kind of deep, you know, you get more and more I guess to extend the analogy in the weeds.
And so I think that like a lot of what happens when you're operating is that you tend to be working on something and Kind of use what I like my job at Pinterest.
I was responsible for the discovery products on Pinterest. So the search the recommendations, the home feed.
And so everything that I did was about driving a metric, which was weekly active repainters.
So someone who found Something on Pinterest and pinned it and that you know that was my OKR and that's what I was driving towards.
But as you go higher up in the organization, you start to, you know, that metric.
Rolls into something else, which is, you know, whatever the the core metric is for the company, which, you know, you know, there's thinking about how to build kind of Set the company up for success to really be able to grow with velocity to build a profitable enduring business like, you know, Scaling the team like thinking about the org, all those things.
And that's what you end up spending more time thinking about on the board, which is Really not just the how do you move a metric, but how are you setting up the whole system of the company.
In order to be able to scale with with the velocity and eventually become one of those enduring iconic companies.
So just the perspective that you have is very different.
And then the second thing. Is that, you know, when you're operating as you know you you control your input.
And so you have a direct you direct effect on your output, whereas as an investor, and I'm sure you feel this all the you probably feel this too.
Does that you don't, you can't execute, you know, you can't like if you want something done.
It's not like you can jump in and make it happen.
You're, you're using, you know, persuasion and influence. And, you know, making sure we're focused on the right the right metrics, the right strategic objectives in order to affect the what the people what the teams do to get to the outcome that you want.
So it's a very different muscle. I remember you said you said somewhere that that going from operating to investing is is trading stress for anxiety, which I Really, that's a really interesting role.
Do you, do you, which, which one do you think you are better at Well, I made the decision.
I think I was, you'd have to ask my my colleagues at Pinterest.
I think I was pretty good at it, but I didn't think I was ever going to become the best at it.
And I think that, you know, in venture, you know, there's so many different ways to do this job.
You know, there's you look at the best VCs out there and there's not there's not like a single archetype of how to be great at the job, but I, I think it's a better fit for both like who I am like You know, kind of fundamentally, almost like the the structure of my brain, honestly, but then also like the work that I love to do, which really and I'm not pandering when I say this, I promise I married a founder Is about working with founders, like, and I think you know what I felt when I was at Pinterest and I loved it.
I loved it. But like I definitely felt that my day to day became more and more about my team as my team grew, then about thinking about the big strategic decisions.
Of the company and where we were we focused on the right things and and were there blind spots that we had when we were kind of building the company.
And those are the problems that I like to think more about.
Then if I'm being honest, though, like, how do I get you know my, my, you know, the team to kind of ship with greater velocity.
Did you, did you consider at any point being a founder?
I think the founder is something that you don't.
My, my own personal view on this Matthew is like founder is not something you kind of rationally say, I'd like to be a founder.
One day, I think it's an affliction.
I think it's like it's a virus and you catch it and and there's some people that have the affliction and some people that don't.
I started a company when I was in college and it was hard.
And What was the company. Oh, it was, it was a house, you know, kind of, I was, I was a philosophy major in college.
So it was the start off as exterior residential house painting.
And I heard about these companies like College Pro and University Painters and I was like, I can do that myself and I want to make money.
So I, I started it and then we I ended up kind of expanding into general contracting and that is, I'll tell you, that's a hard job.
Your services job. You're like, you know, every Homeowner thinks that their home is the most important thing.
And they're, you know, they're looking at everything with a magnifying glass and they call you at 6am and you have to get in your car and drive to them because that's the business.
It's really hard. And so I, I would much rather like I think that what I am best at is helping founders achieve what they want to achieve.
You know, I, I kind of think of this Kantian concept of, you know, adopting the ends of another person as their own as your own like that's that's kind of what that's what I think my job is as a VC is to adopt The ends of the founders.
I work with as my own and help them succeed. And by doing that, it'll, it'll build a really big company and I'd much rather be in service to founders and to try to be one myself.
That's interesting because I hadn't, I hadn't really thought about it that way.
But there is there is a there's a counter narrative to to being a VC that's sort of an anti Kantian where you're where you're using founders You know, efforts as a means Right.
Yeah, which, you know, I'd be curious, which, which is that, you know, for you because you've got to raise money from LPs and I would imagine that at some level, there's a there's a there's a principal agent issue there as well because because at the end of the day, you're in the business of making money for your for your Yeah, but we like I mean you look at the record of track record of success and and there's no question that the companies that continue to unlock new opportunities over time are the ones that are founder lab.
And so, like, I think it's like a very clear alignment of our interest with the founders, which is that we want to invest in companies that have founders that can go the distance.
The reality is, is that that doesn't always happen.
And there's different circumstances that that lead that to not be the scenario that we all hope for.
But that's never by design like we never invest in a company and think to ourselves, we'll probably have to find a new CEO over time like that wouldn't wouldn't be authentic to us.
It certainly wouldn't be authentic to me.
It's always about trying to help someone Invest in someone who you hope will be able to grow into the CEO of a public company one day.
The, you know, if you look at Bessemer, Craylock, Benchmark.
I mean, these are three of the most iconic venture firms that and you've gotten to see from sort of the inside out.
What's the, I mean, and again without Without, you know, Every firm has strengths and weaknesses and things.
But what are some of the differences, maybe not on a particular attribute to any of those three firms, but what are some, like, what are some things that would surprise you know an entrepreneur that was listening in that are sort of differences from one firm to another, or maybe how similar are they Oh my gosh, they are so different.
It's such an interesting cross section.
I mean, I'll give the extremes. So Bessemer and Benchmark are very, very different.
At Bessemer where I'm so grateful to have started my career there and to kind of learn.
It's very much a process of you come in junior And you work your way up kind of each rung of the ladder to until you become a GP.
And, and there's, and it's not that it's never been done, but it's incredibly rare at Bessemer to be hired in as a GP.
It's much more about learning the way building credibility over time get getting enough rope to choke yourself with And then, you know, another, another person who I Yes, that's exactly it.
And then, so in order to enable so and it's a firm that also believes that with that type of structure, you can be horizontally scalable in the firm.
And you can see you can hire more junior people and have more parallel processing of career tracks in a way to kind of become partners.
And if you get more partners who are great and to make you know great investments and you can raise more capital, honestly, because the business is horizontally scalable.
So in order to enable that type of organizational structure and hierarchy, you have to have a whole set of systems internally processes internally to To kind of create mentorship, but then also accountability.
And like when you're looking at an investment you write what they call a flash.
So you kind of give people like a quick summary and written document about a company.
And then if you're deciding that you actually want to invest and you write a longer document called an investment recommendation that Gives the whole investment thesis background, all that stuff.
And it's like a real effort. So then let me contrast that with. And by the way, one last thing offices, you know, New York, Boston, California, Israel, India.
At one point, China, like global company firm bit you know rate of, you know, I don't know what the last Bessemer Fund size.
Yeah. In dollars or something so big.
Yeah, big probably a couple billion now so benchmark. We, we believe I'm sorry, I should say one more thing just to kind of, it's just so such a contrast talent team, you know, marketing partner and then of course you have principals associates analysts everything down the down the ladder.
Then you take benchmark. So there are four GPS right now and we have no talent team no marketing team.
We were an equal partnership.
So there's no hierarchy like organizationally culturally or compensation wise like we're all we you know everything that comes in, we split equally.
And because of that, we believe strongly that you can't start off as a junior person and work your way up because if you start with that structure, you're always going to have a little bit of a, a kind of an overt like a shadow on on kind of how you started.
So you have to come in as an equal day one. And then we don't have anybody to whom we delegate any part of our job.
So there's no there's no associates.
There's no talent team. There's no There's nobody else who's going to help with the diligence when we dig in on the company.
It really is about the four of us.
Working together as a team to make the best decisions we can on which investments we make and then ultimately support those companies.
And we don't think that our partnership can ever get bigger than six people.
And, and, and when you have that type of structure, we have actually zero internal systems and process like we don't even write a memo when we Make an investment in the company.
It's like we just have conversations and there's a there's a truth seeking that happens.
That's just very different than what you what you have in a bigger firm. So it's been it's been fascinating to see the contrast.
How does it, you know, I think it's, it's always seemed to me that one of the really hard things about about venture is that You know, you've, you've always got this kind of constant pressure for sort of new talent to come in and and then old talent to sort of step out of the way and that that tension is is there and benchmark seems to have managed You really well with, you know, Bill step down Recently, and and and you've seen me Bruce back in the day and Kevin and everyone.
Yeah. Then this this sort of You knew the whole crew, huh.
Well, yeah, yeah. We talked to benchmark once upon a time. So, and like them a lot and like never could find a way to work with them.
But, uh, but, you know, how does How does that go because that's because it's got to be tough because if you know if you're if you're if you're part if you're part of this you you know your paychecks coming in and and and then the next day, you sort of have to step aside for the next group.
Yeah. And, you know, we always give the credit to our founders, the benchmark founders for that because they just set up a structure where, you know, When you don't have like at at a Bessemer or at most other firms.
Not everybody that the compensation is is not split equally. And so people who have been there longer can tend to have a bigger percentage of the carry or, you know, the management fees.
But there's, you know, and there's a little bit more of this like the young people have to earn it.
And there is something that feels really good when you're that senior person that you don't want to give way.
But at benchmark, you know, and sorry. There's one other thing, which is that bigger firms.
It's almost easier to hide. Also, like that you're like at benchmark, though, there's It's so small that you really feel someone's not pulling their weight.
And, you know, the analogy Bill Gurley uses is like no one wants to be the, you know, the basketball player who's trying to play past their prime.
And and and rather like the culture is very much like at, you know, at a certain point.
You know, this job takes a lot of hustle and it takes kind of reviving your network all the time and staying, you know, Playing with all the new things and that certain point that like just stops being what you know someone's motivated to do.
And the second that happens, like you should stop making new commitments to companies and you should raise your hand and say that you're ready to to move on and make room for the next generation.
And so there's just a very clear culture of that at benchmark and it's been I think it's, it's been, you know, successful so far.
You know, one of the things you've written a lot about our, our marketplaces and and how that how that plays out.
And, and I think that's a word that gets thrown around a lot.
What, what is a marketplace. Oh, there's two. There's, I mean, the cloud.
The easiest way is you're bringing buyers and sellers directly together.
In a way that they haven't been clearly is is Facebook. I do think of Facebook.
Actually, you know, so I, I have a blog post. I've been meaning to to finish that I think all user generated Sites are marketplaces, because if you think about it, you have content creators, the supply side.
And you have the demand side and it's just that social networks and UGC sites, you have the people who are the supply side are also 100% you know There's 100% overlap of the supply side with the demand side, although that's not the case of the demand side like not all people who view content also create content, but it's a very different dynamic.
And I think about it all the time. Now, when I look at kind of new emerging social products.
You know, and you wrote, you wrote recently about how like the key metric that you have to look at when you're building a marketplace is is is is sort of that user happiness and I kind of, I sort of scratched my head a little bit.
And maybe it's the University of Chicago and me and I was sort of like is happiness.
Just another word for utility or is there, is there something like what's what's different between happiness and utility.
Oh, I don't have a good answer for that.
Um, maybe I'll, I'll, I'll take a I'll take an all attempted.
And by the way, like I have a I'm working on an update to it because I do think happiness is is Can be a little I wish I could put my finger on it a little bit like more to the point.
And there's a little bit of a lagging indicator that I kind of use to measure happiness that I have an update to that.
I think it's a little bit better.
Very, it felt very much like it described Pinterest. It was very Pinterest.
But then, like, I'm not Being a part of, I mean, Facebook, maybe early on was half made people happier, but I'm not sure it did long term and yet you know massively successful marketplace.
Yeah, so the way you know so are you familiar with Sean Ellis.
Now, He, he was a Someone who worked with Dropbox and a number of other companies in the very early days to help them get to product market fit.
And he has a survey that he kind of used and it's like a lot of people rely on that promoter score.
I hate that promoter score. And I think then Sean Ellis question is so has so much more utility.
And the question he asks is, if you know Cloudflare were to disappear tomorrow.
How disappointed, would you be And it's like a five point scale of like I wouldn't really care to very disappointed.
And what he says is that until you hit 40% of people saying that they would be very disappointed.
You don't actually have product market fit.
And I think that that's that's actually probably in a way, a better measure of what I was pointing my finger at, you know, when I when I like talk about happiness like to me what a bit.
It is, is like this feeling of Exceeding expectations of what a buyer or seller might have with the experience that they're getting like, oh, wow.
I didn't know like this is So much better than what my substitute is like what the alternative is in the market.
And that's the feeling that I was trying to put my finger on But it's a, but it's, you know, it's a little bit.
It's kind of more like you're you're driving towards exceeding expectations and making your customers happy, but it's can sometimes be a little bit too ephemeral like to Yeah, you just as an as an engineer.
I'm sure you're like I want something more specific as the University So like I took lots of philosophy.
Talk about content and and and and roles and whoever, whoever you want.
I love it. Actually, the, the sort of that that that framework and in some way that that felt that felt felt kind of interesting.
But, you know, when we were getting ready to do this.
The biggest thing. Sorry, sorry to interrupt.
But the biggest thing is that the most important point that I don't want to get lost in the is that people focus on GMB and it's the wrong thing to focus on You know, when you're building a marketplace in the early days, like it's so it becomes a scoreboard where you kind of want to see that number.
Keep going up. But actually, if you focus on the scoreboard, you're going to play the wrong game.
Because it's going to create all the wrong incentives for you when you're building a marketplace.
And so that's, that's kind of what I was trying to do, which is like you can't focus on The GMB number that's gonna it's a positive externality of of building happiness of doing the right thing of creating something that people really want But like you have to then be able to focus on something different.
And that's something different that I that I point to and I think about a lot of kind of net revenue retention and that's that's a little bit where it comes from.
Yeah, and I thought when you talking about it. It's not just about how counting up users.
It's counting up users that are doing whatever that kind of core function is so in the case of That was probably adding adding a website.
And in the case of Facebook.
That was was adding friends in the case of It was pinning.
It was pinning something and that matters a lot more than just, you know, counting up how many people are you're you're you're using your product signer signed up Exactly.
That's precisely very, very. Yeah. And like that, you know, that's my you're referencing the other framework I put together the hierarchy of engagement, but they're very, very similar like When you're building a social product focusing on monthly active users is the same thing as focusing on GMB if you're building a marketplace.
It's a vanity metric and it doesn't get to whether or not you're really creating enduring value.
So when I when I wrote to you last night. I said, What do you want to talk about you said you said And I've left us four minutes because I'm scared of what what trouble we can get About that, that topic.
But why, why is it, what do you want to talk.
What's, what's interesting to you about tick tock right now.
You know, I actually I read the I read Ben Thompson's piece.
And I he's just so good. And like he put his finger on something that I've been thinking about a lot.
And I was, you know, and as always, he puts it in a way that is more You know, crisper than what I was thinking, which is just this idea that like a lot of people have been focused with tick tock on the privacy and the data security angle of it.
And the thing that I was feeling increasingly uneasy about Is the algorithmic driven feed and like, you know, we talked about Facebook and Twitter and what impact their algorithmic speed has had on our society, but yet at least we can feel some Trust may be too strong of a word, but like some alignment of values of the people who are making the decisions that Facebook and Twitter.
And we can't say the same thing about the people who are making decisions for tick tock.
We just don't know. So that's what you know Yeah, so, so Ben. So Ben writes a for those people who don't know, right, a post That's semi semi weekly or semi semi daily That's called strategy, which is terrible branding because no one can pronounce it.
But I think that's how you pronounce it. Yeah, is and then he does a podcast.
Called exponent with a guy named James all worth who used to be Clay Christensen's research assistant I hired James to basically come in and keep Cloudflare honest and so I've been having this debate.
And I think the interesting question is, you know, yet that that might be true today, but as more users that are in places that are outside of China use the tick tock as as as a system does does that inherently force the does that force it to become a a more The values of the organization have to change to meet what the what the users are.
The question is, who's more powerful is the algorithm more powerful and influencing the users or ultimately are the users more powerful and influencing the algorithm.
I think the algorithm.
I mean, like if it was if it like we the hard thing is that the algorithm is definitionally a black box.
And if someone, you know, the point that Ben makes in his piece, which I thought you know how it occurred to me until he said it is, you know, the Tulsa.
Event that Trump organized in Tulsa and how there was that campaign that went viral on tick tock about people having young people sign up for a seat and and then end up not showing That is, you know, there's, there is an algorithm, but you can I mean I was responsible for an algorithm at Pinterest, like you, there's always ways to change the heuristics to boost things to to do things that you know the algorithm doesn't have to dictate 100% of what goes through that feed.
And so it is, you know, We should assume In order, we should be paranoid that there is the ability to make content go viral in tick tock that has been hand selected by someone And and and we just don't know if we like, how would we know if that's happening and by whom that would be happening and what their, their, you know, their goals are And that's the thing that is, you know, I'm not.
I'm not a conspiracy theorist, by any means, but that is the thing that I've been thinking about.
And I thought Ben's piece put it really, really well. So the curse of live TV is we're probably off the air at this point, but I'm curious, does.
I mean, if you carry that out far enough.
Does that, does that just mean you can't have global social networks that that fundamentally That the values of an organism of a of a group of people are going to get built into into the into the networks itself or, you know, the question I've always Pondered is, how has it been possible that there isn't a Fox News search engine.
Well, if Google has personalization that you would if you did a search in the red part of Utah.
You logged into a, you know, a hotel somewhere or and and you just kind of you had a blank slate experience versus when you do the search, you'll get completely different results.
And and so there, there is actually an echo chamber that happens already in Google that may not be 100% what you would get if it was a Fox search engine, but it's pretty, but it's not not pretty close, but it's more different than I think Even from just a market perspective, you know, I mean, search is a hard problem, but it's not an it's not an infinitely hard problem Fox launches a search engine tomorrow.
And, you know, what percentage of the US market would shift over to them.
I would guess it's going to be 5% that's a $5 billion company like that, which is when it's what's puzzled me is that that you really only have Two national national search engines with Yandex and Baidu.
Yeah, and that and that you haven't had more specialization in something like that, that, that, that, that sort of recognition that algorithms are that they that they can have, you know, Opinion that's behind them that that that that hasn't been more more recognized Yeah.
But by the way, like to your point on like why does this mean we cannot have global, um, you know, so like networks.
Um, I think Ben puts up like puts it really well, which is like their China is different than every not every other country like there's Iran and there's, you know, there's other places but like China more than in North Korea.
That's one of the points also that I just, I'm not sure I agree with Ben on so he's he's his point is we all worry about balkanizing the Internet.
And again, I think that's it. But, and he says, yeah, but the Internet has already started to balkanize because China, China did it first.
His point. His point is more that the ideological difference of China, i.e. Marxism and anything that isn't that is an enemy of China.
And so like his point is that ideologically China thinks that liberalism is bad and anything that they can do to and that it's a it's an opposition to what they believe Um, and, and so if they can, you know, do anything to dismantle our liberalism and and China can be ascendant.
That's, that's the difference. I don't think like you'll have that problem with like Europe or South America, you know, like that's where the values to the incentive is very different.
Do you think so. I mean, so at Greylock you guys made the investment musically, which was, which was a Chinese me, but it was all the engineers are in China that had no penetration in China itself.
Yeah, was it.
I mean, was this a conversation that I mean without again without revealing.
Yeah, but were you guys thinking about this. Well, okay. So I'll admit, actually, we made the investment before I joined.
So, um, my no reaction was that we never came up in the car as a conversation and Josh would know if it did come up when they I'm sure they probably asked about that.
But it was not when we talked about it when we made a fall on investment.
It wasn't part of the calculus.
Yeah, it was it. I mean, I remember when that happened and it There's something about it to me that.
And again, I still think that I'm, I'm more of an optimist here, which is, I do think that And I think we're seeing this with Facebook right now that that the The pressures of your user groups tend to steer what you have to do as as a company.
And we've certainly seen that with Twitter.
We're starting to see that we're seeing that with Facebook and it's, you know, it's in the news every day.
And so I almost thought that the more that China sold outside of China, because what what we had seen in our experience was that it was it was such an inwardly looking country, you know, it would we would go in and It's so important for you to, you know, be able to sell outside into another markets, the more that you saw success where China had to engage in other markets, not just as a supplier, but actually as as a, you know, as an as a And, you know, product company.
And yeah liver that that that actually seemed like it would would I kind of had the opposite Ben sort of says that's going to drag the rest of the world towards China.
I sort of thought that would drag China towards the rest of the world.
But, uh, but I guess time will tell. Yeah, I wish you know this is one of those topics where Yeah, I feel like I want to become a student of it right now because it's like, I don't know if you saw the news today about The digital yuan that China's pushing forward and they're actually going to be working with some of the food delivery networks in China to start To start piloting their own digital currency, the digital yuan.
And when you think about it like a China's banks have grown, grown globally.
Far exceeding the pace of the US kind of our US banks that because they're doing so much investing in all these emerging markets.
They just have become like so dominant. And so you have a situation where they have their banks everywhere.
They have funding they have investment everywhere they have, you know, they own ports like they have everything, then they're going to have their own digital currency.
And they're gonna if they they execute on that they're going to be all they're going to it just seems like they're going to then use that digital currency to do the cross you know currency payments.
And to start having people use their digital yuan and you don't need. Then you don't need a bank, you can use a wallet and and then they have, you know, They can track all the transactions and I don't know.
It's just, it's starting like the tooth like reading Ben's piece last night and then waking up this morning and reading about this digital currency.
I'm just like, we've been so distracted. These last three plus years.
And it just feels like it's going to sneak up on us and Not be good.
That's what they you're there been, I think, in the, in the cyber security world.
There have been so many people who have who have been so hawkish on China for for for so long that it Yeah, it almost that it almost seems sort of I mean dogmatic at some level.
Yeah. And I think of you as a very sort of reasonable thoughtful Person I have been as a as a reasonable thoughtful person to although think living in Taiwan, it definitely kind of colors colors the perspective that Has, but it makes me nervous when when again, regardless of whether you're right or not.
It makes me nervous when you've got when when when the language of reasonable thoughtful people starts to say, well, maybe the right thing for us is not to engage in more trade, but to actually think about, you know, stopping that trade.
I don't know about trade, like I, you know, and this is where I like this is I feel like I'm talking out of turn, in a way, because there.
It's like when your ideas are just starting to Come together, but you haven't really tested them yet.
So you don't know whether they're, you know, there's, it's kind of like the high confidence low confidence.
I'm like, that's where I am right now. In thinking about this stuff, but like it does feel like there's some things coming together right now that make me uncomfortable in a new way.
And and so I want to understand it and and I do think that we've been, you know, I'm not a hawkish person by any means, but I do think we've been a little naive.
And and and I think tick tock. And I think this digital currency or and then, you know, I, I'm not at all smart enough to understand the global trade questions, but there's just some things coming together right now that I think we've got to pay attention to You know, the other thing is sort of a meta Point of this is is Ben.
I mean, the ability of Ben as an individual to change the conversation.
I mean that the subscriber list of that that he that he talks to on a daily basis is is is pretty is pretty amazing.
Yeah, number of people who who bring it up is is pretty pretty substantial so It was provocative.
It was not at all where I thought he was going to land.
And, you know, I've, I was, I've been thinking about that.
And so then that when he said it that that's when you have the confirmation bias, you know, of course.
But I am, but I definitely felt the confirmation bias of like and then he put it even I didn't think about as propaganda.
I mean, I've, you know, I haven't gone there. Am I thinking, but it's, yes.
They have that power and it's that we have to be careful with that. Well, I promise you.
Write it at 1130 41 so which is probably freaking out all the producers and everything else, but a priest.
Thank you so much. Hopefully, hopefully we get to So good to catch up.
Take care. Stay safe. Wash your hands often Yeah, you too.
Hi, we're Cloudflare.
We're building one of the world's largest global cloud networks to help make the Internet faster, more secure and more reliable.
Meet our customer HubSpot.
They're building software products that transform the way businesses market and sell online.
My name is Carrie months and I'm the director of engineering for the platform infrastructure teams here at HubSpot.
Our customers are sales and marketing professionals, they, they just need to know that we've got this.
We knew that the way that HubSpot was growing and scaling. We needed to be able to do this without having to hire an army of people to manage this.
That's why HubSpot turned to Cloudflare. Our job was to make sure that HubSpot and all of HubSpot customers could get the latest encryption quickly and easily.
We were trying to optimize SSL issuance and onboarding for tens of thousands of customer domains.
Previously, because of the difficulties we were having with our old process, we had about 5% of customers SSL enabled.
And with the release of version 68 of Chrome, it became quickly apparent that we needed to get more customers onto HTTPS very quickly to avoid insecure browsing warnings with Cloudflare.
We just did it and it was easier than we expected. Performance is also crucial to HubSpot, which leverages the deep customization and technical capabilities enabled by Cloudflare.
What Cloudflare gives us is a lot of knobs and dials to configure exactly how we want to cache content at the edge.
And that results in a better experience, faster experience for customers.
Cloudflare actually understands the Internet.
We were able to turn on TLS one three with zero round trip time with click of a button.
That's a, there's a lot of technology behind that.
Another pillar of HubSpot's experience with Cloudflare has been customer support.
The support with Cloudflare is great. It feels like we're working with another HubSpot team.
They really seem to care. They take things seriously.
I filed cases and gotten responses back in under a minute. The quality of the responses is just night and day difference.
Cloudflare has been fantastic.
It was really an exciting, amazing time to see when you have teams working very closely together HubSpot on one side and Cloudflare on the other side on this mission to solve for your customers problems, which is their businesses.
It really was magic. With customers like HubSpot and over 10 million other domains that trust Cloudflare with their security and performance, we're making the Internet fast, secure and reliable for everyone.
Cloudflare helping build a better Internet.
Cloudflare access can help prevent attacks that exploit vulnerabilities in the remote desktop protocol or RDP by securing RDP ports and connections.
This video will walk you through how to secure your RDP using Cloudflare access.
Securing RDP with Cloudflare access is a four step process.
Step one, enable access and create a policy.
Step two, install Argo tunnel and the Cloudflare D client. Step three, establish RDP connections with Argo tunnel.
And finally, step four, configure RDP using Cloudflare access.
Before getting started, you need a cloud flare account with at least one active domain.
You can sign up for a free account by visiting Cloudflare.com.
For this demo, my client machine is a Mac and the active domain is orange clouded.com.
The target device is a Windows machine. I've enabled access prior to filming this demo, so I'll show you how to create a policy.
Creating an access policy is important because without a policy in place, access can't control who can reach your target machine during and after configuration.
Using any active Cloudflare domain, navigate to the access tab in the dashboard.
To begin, create a policy for the hostname that prevents any traffic to that hostname from reaching your server.
I'll reconfigure this policy to allow traffic once the setup is complete.
In the policy creator, select deny as the decision and under include, select everyone.
This rule will prevent any requests to that hostname from bypassing access.
Now that I've set up the policy, I need to install Argo tunnel on my target machine.
Argo tunnel ensures requests route through Cloudflare before reaching the web server so you can authenticate traffic with access.
Argo tunnel uses Argo smart routing technology to route traffic over the fastest path within the Cloudflare network between the user and the data centers closest to your origin.
To begin using Argo smart routing, navigate to the traffic tab of the cloud flare dashboard, click the enable button and follow the steps in the UI to set up usage based billing.
Now that you've enabled Argo smart routing, the next step is downloading Cloudflare D to the target and client machine.
Cloudflare D is the software that runs Argo tunnel.
It's available for AMD 64, x86, and ARM v6 machines in binary, deb, and RPM types.
The code for the Cloudflare D client is also available on GitHub.
Download the Cloudflare D version appropriate for your operating system, which in this case is Windows, and extract the zip file to access the executable file.
I'm using the 64 bit version for this video. Run the Cloudflare D executable to ensure it works properly on the target machine.
To spin up a tunnel, you'll first need to log in with your Cloudflare D account.
Run Cloudflare D login to open the login page in your web browser.
If the browser fails to open, right click the login URL and navigate to it in the browser.
Log in using your Cloudflare username and password.
After logging in, you'll see a list of domains associated with your account.
Argo tunnel connection machine to the Cloudflare network by associating it with a host name in your Cloudflare account.
I'm going to locate the domain that I wish to use to represent my server and select its name in the table.
Once you select the domain, Cloudflare D will automatically install a certificate to authenticate your machine to the cloud flare network for your specific hosting.
Once Cloudflare D installs the certificate, you'll see a success message in your browser and you can start using Cloudflare D in Argo tunnel.
Now that I have the certificate, I need to go back and edit the access policy that I created before.
Let's go back to the access app to change it.
As you can see here, the original policy denied everyone. With this configuration, our Argo tunnel wouldn't work.
I'll change the policy to allow certain connections.
You have the option to include via email or predefined groups. I'll choose to allow emails ending in at orange clouded.com and click save to update the policy.
Now, I'm ready to establish my RDP connections using Argo tunnel.
Argo tunnel permits traffic over HTTP and HTTPS.
Cloudflare access opens a secure connection to proxy RDP traffic through the Cloudflare network.
Make sure that RDP connections are enabled on the target machine.
In Windows 10 Pro, you can do so by visiting settings, RDP connections.
And then toggling them on. On the target machine, run the following command to assign the host name.
Access will default to port 3389 for RDP connections.
Now that we've created the tunnel, let's establish an RDP connection.
For this, you need to install the Cloudflare D software on your client machine as well.
Do so using the same process we followed earlier.
Make sure you download the correct version of Cloudflare D for your operating system.
You can initiate an RDP connection to a machine behind access with the following command.
The command will initiate an RDP connection through a proxy to reach the corresponding Cloudflare D daemon running on the server.
You can specify any port on the local host in the command above.
It does not need to match the port in use on the target machine. Cloudflared will proceed to launch a browser window that contains the same access login page you find when attempting to reach a web application.
Select your identity provider and proceed to log in.
If the browser window is not launched, you can also use the unique URL output in your command line.
When you've successfully authenticated, the browser will return your token to Cloudflare D in a cryptographic transfer and store it.
The token is valid for the session duration configured by your access administrator.
Cloudflare D will store the token and use it to authenticate your requests.
You can now configure your RDP clients to point to local host 2244 and begin your RDP session.
This concludes the video walkthrough on securing RDP with Cloudflare access.
If you have any questions or want to use access to secure other applications or resources, visit teams .Cloudflare.com backslash access.
What is a bot?
A bot is a software application that operates on a network. Bots are programmed to automatically perform certain tasks.
Bots can be good or bad.
Good bots conduct useful tasks like indexing content for search engines, detecting copyright infringement, and providing customer service.
Bad bots conduct malicious tasks like generating fraudulent clicks, scraping content, spreading spam, and carrying out cyberattacks.
Whether they're helpful or harmful, most bots are automated to imitate and perform simple human behavior on the web at a much faster rate than an actual human user.
For example, search engines use bots to constantly crawl web pages and index content for search, a process that would take an astronomical amount of time for any human user to execute.
You run a successful business through your e-commerce platform.
Sales are at an all -time high, costs are going down, and all your projection charts are moving up and to the right.
One morning, you wake up and log into your site's analytics platform to check on current sales and see that nothing has sold recently.
You type in your URL, only to find that it is unable to load.
Unfortunately, your popularity may have made you a target of a DDoS or Distributed Denial of Service attack, a malicious attempt to disrupt the normal functioning of your service.
There are people out there with extensive computer knowledge whose intentions are to breach or bypass Internet security.
They want nothing more than to disrupt the normal transactions of businesses like yours.
They do this by infecting computers and other electronic hardware with malicious software or malware.
Each infected device is called a bot.
Each one of these infected bots works together with other bots in order to create a disruptive network called a botnet.
Botnets are created for a lot of different reasons, but they all have the same objective, taking web resources like your website offline in order to deny your customers access.
Luckily, with Cloudflare, DDoS attacks can be mitigated, and your site can stay online no matter the size, duration, and complexity of the attack.
When DDoS attacks are aimed at your Internet property, instead of your server becoming deluged with malicious traffic, Cloudflare stands in between you and any attack traffic like a buffer.
Instead of allowing the attack to overwhelm your website, we filter and distribute the attack traffic across our global network of data centers using our Anycast network.
No matter the size of the attack, Cloudflare Advanced DDoS Protection can guarantee that you stay up and run smoothly.
Want to learn about DDoS attacks in more detail? Explore the Cloudflare Learning Center to learn more.
The real privilege of working at Mozilla is that we're a mission-driven organization, and what that means is that before we do things, we ask what's good for the users as opposed to what's going to make the most money.
Mozilla's values are similar to Cloudflare's.
They care about enabling the web for everybody in a way that is secure, in a way that is private, and in a way that is trustworthy.
We've been collaborating on improving the protocols that help secure connections between browsers and websites.
Mozilla and Cloudflare have collaborated on a wide range of technologies.
The first place we really collaborated was the new TLS 1.3 protocol, and then we followed that up with QUIC and DNS over HTTPS, and most recently the new Firefox Private Network.
DNS is core to the way that everything on the Internet works.
It's a very old protocol, and it's also in plain text, meaning that it's not encrypted.
And this is something that a lot of people don't realize.
You can be using SSL and connecting securely to websites, but your DNS traffic may still be unencrypted.
When Mozilla was looking for a partner for providing encrypted DNS, Cloudflare was a natural fit.
The idea was that Cloudflare would run the server piece of it, and Mozilla would run the client piece of it, and the consequence would be that we'd protect DNS traffic for anybody who used Firefox.
Cloudflare was a great partner with this, because they were really willing early on to implement the protocol, stand up a trusted recursive resolver, and create this experience for users.
They were strong supporters of it. One of the great things about working with Cloudflare is their engineers are crazy fast.
So the time between we decide to do something, and we write down the barest protocol sketch, and they have it running in their infrastructure, is a matter of days to weeks, not a matter of months to years.
There's a difference between standing up a service that one person can use, or ten people can use, and a service that everybody on the Internet can use.
When we talk about bringing new protocols to the web, we're talking about bringing it not to millions, not to tens of millions, we're talking about hundreds of millions to billions of people.
Cloudflare's been an amazing partner in the privacy front.
They've been willing to be extremely transparent about the data that they are collecting, and why they're using it, and they've also been willing to throw those logs away.
Really, users are getting two classes of benefits out of our partnership with Cloudflare.
The first is direct benefits.
That is, we're offering services to the user that make them more secure, and we're offering them via Cloudflare.
So that's like an immediate benefit that users are getting.
The indirect benefit that users are getting is that we're developing the next generation of security and privacy technology, and Cloudflare's helping us do it.
And that will ultimately benefit every user, both Firefox users and every user of the Internet.
We're really excited to work with an organization like Mozilla that is aligned with the user's interests, and in taking the Internet and moving it in a direction that is more private, more secure, and is aligned with what we think the Internet should be.