1. La Liga (Spanish Football) finds pirates streaming their games objectionable
2. They notice that many of these streamers use Cloudflare for something, presumably CDN and load balancing.
3. They appear in court in Spain and get an ex-parte TRO blocking all Cloudflare IPs. (Ex parte TRO: restraining order granted without Cloudflare being summoned to court)
4. Based on this, they tell ISPs to block pretty much all of Cloudflare in Spain.
5. Cloudflare goes public in frustration, noting that they could just send take down requests for infringing content like every other rights holder in the world, and that many Spanish utilities and civil resources use Cloudflare.
Interesting. My gut is that it’s hard to beat La Liga on their home turf, as evidenced by not even being invited to the court hearings which shut you down across all of Spain.
Long term, I’d guess CF wins this one? Probably they will have to escalate in some way to Eurozone courts, although I have no idea how this might work. No cloud business could meet the standard put forward by La Liga; but also there are only so many CDN companies. Meantime I guess illegal streamers can move to Google and see which legal group wins that battle.
one of the claims were that this is somewhat a procedural fraud since the plaintiff (Telefonica Audiovisual) and the defendant (Telefonica Spain) is technically the same thing. the order was granted after the defendants admitted, and therefore there wasn't any hearing with CF.
And DDoS protection.
Sports broadcast piracy has a history of serious organized crime involvement, and then some, such as https://www.theregister.com/2002/03/13/murdoch_company_crack... where the allegation was NDS did the hacking and leaked the keys of the rival tech to various mob groups for exploitation.
1. IP holder representative sends notice to Cloudflare 2. Cloudflare sends automated notice to account manager 3. Cloudflare informs person from step 1 of who actually hosts the site 4. Person from #1 emails web host who is probably a shady company who in turn ignores email 5. Nothing happens
Live sports piracy has the unusual property that you have to be able to get the block in place within the ~90 minutes of a football match, even at weekends and across time zones. Otherwise there’s no point.
If the courts let Cloudflare slow roll this, at the legal system’s normal snail-like pace, the law would be effectively useless.
The huge majority of europeans have nothing against the american people. Please, do not propagate these claims.
In my circles of high level Spanish/European motorcycle racing, we continue to have a very positive reception as Americans in the paddock. The (Spanish) TV announcers have been positive towards our riders, the teams and crew are positive and helpful. We have more people wanting to talk about Route 66 than trade policy. Most Spaniards I know tend to roll their eyes at their own government more than anything happening in the U.S. The only exceptions are hysterical US expats on Facebook groups acting like the sky is falling. But they do that reliably every time a Republican gets elected.
Anecdotes aren’t data of course, but vocal people online don’t represent broader thought.
I know that people here would love to live in an alternate reality where everybody in the EU is fuming at the US having a right-wing government but that's not here at least yet. The US has done so many terrible things throughout history; they will survive this too.
I don't know how this doesn't count as a net neutrality violation.
it feels like incapable "experts" are placed in position or authority for something like this to happen.
It's not even about the power. It's about how freaking dumb of a "solution" that is.
It's not "you're too powerful" (la liga and the judges enforcing this) but really "you're too fucking dumb".
You might want to reach out to the moderation team.
Yes, sometimes CloudFlare used for some actually bad stuff, but same can be said for any cloud service. Having major internet infrastructure provider react to every whim of every single government in the world is not a good idea.
Cloudflare does not fight censorship. It actively helps create it. They have a strong team that delivers great products, but at the end of the day, it’s a for-profit company with as much for-profit morals that exist.
Lookup Tor project problems and CrimeFlare. Cheers.
https://gitlab.torproject.org/tpo/applications/tor-browser/-...
Also, CDNs have inherent economies of scale and network effects, so it is natural that there would be just a few at the top.
Now, the question really turns out to be "Is a law stating that large swaths of the Internet must be censored to stop a handful of piracy sites just?"
No. It isn't.
Maybe with IPv6 it will become normal to assign each customer their own IP? But I don't see it. This also reduces privacy because we are moving towards Encrypted Client Hello in TLS but we have made no progress to hide IPs.
Bot protection, waiting rooms, cheap static assets, WAF.
Odds are if you are running a popular platform, you need all of these things.
Stop. Trusting. Companies. To. Do. The. Right. Thing.
Cloudflare could’ve prevented this if they’d taken a stand on anything but profit motives, but they’ve repeatedly chosen not to. Piracy sites pay the bills just like Porn or Government sites, after all, and companies won’t turn down money unless forced to through regulation.
AFAIK BunnyCDN is the only service that comes close but their cloud offerings are kinda new and they charge egress.
Google, X, Facebook, Cloudflare.
All minor player are absorbed or eliminated.
Then my in-laws got tricked into sending login credentials to a phishing page fronted by cloudflare. It was obviously spoofing IDP logins of Yahoo, Microsoft, etc. I sent a request assuming they would disable the domain and it was immediately closed (in minutes) as not an issue. It made no sense that they would want to front phishing sites. I eventually got them to look more closely and it was removed, but it soured my perception of them.
I think large scale internet businesses may need to start having more liability in matters like this. Being blocked from an entire country seems extreme, but if there are financial incentives to solve the problem, the problem will get solved.
I'm sure while someone's in the process of keeling over is the perfect time to arbitrarily scrutinize their connecting details. You need to contact your doctor ASAP. Okay, but did you neighbor have a virus last week? Is your neighborhood in your city more "problematic" than average? You may have forgot to check these details before you fell ill.
Cloudflare sites should come with a big banner warning all users their connection will be arbitrarily approved by an algorithm with chilling effects built in as dark patterns.
Last I checked, Cloudflare does basically no educating of customers how badly their website will be broken for users arbitrarily when they don't use the ISP or browser Cloudflare likes. No explanation for how many customers you will lose when your website can't be visited by someone who doesn't know how to change their IP, no explanation that if you're offering a critical service then Cloudflare will give that service thousands of tiny downtimes left unknown, the screams too quiet to carry the weight of a tech CEO worried about something similar.
My impression is that everyone knows that Cloudflare is blocking some legitimate people, but nobody -- neither the customer, nor Cloudflare -- cares enough to solve that problem.
It's similar to why Google doesn't have much tech support. Or why people can be locked out of their Google or Apple accounts without recourse. Caring about the people who fall through the cracks that you created isn't profitable.
When the Internet is part of the basic material of society, we need to rediscover ideals like "it is better that ten guilty persons escape than that one innocent suffer".
And we need to start removing from power the entities who are too lazy or greedy to uphold our ideals.
(Before someone jumps on literal numbers: That doesn't mean let through 10 botnet floods, rather than prevent grandma from finding a doctor. That could just mean, for example, don't block grandma because one of her browser headers looks suspiciously like an incompetent script kiddie, even though you can see that her traffic isn't yet part of a DDoS flood. Once you change the parameters to be more consistent with a fair and just society, maybe that means that, say, a Web site's servers do see a brief blip, as a new DDoS attack spins up, so it's not a perfectly smooth ride, but every legitimate person remains served. First, don't run over grandma; apply your engineering creativity with that hard requirement in mind.)
It sucks, but no sane business would be so invested in equality of experience that they’d allow it to be completely broken for everyone.
The choice isn't necessarily between 99% and 0% of legitimate users/visitors getting through.
What if you, and every other customer of Cloudflare or its competitors, applied pressure to make that 100% of legitimate users/visitors getting through?
What if legislators also mandated that 100% for many sites?
For people who put stuff online to help people as well as to extract pure profit, knowing the anguish of your users really helps look out for them.
* If we want the internet to be a place of anonymity and free speech, then we shouldn’t be putting critical services on the public internet - or we need to stop using intermediaries like Cloudflare where a single court order could disrupt legal services
OR
* If we want critical services online and widely available, then verifiable identity is a must from the outset, such that these sorts of blocks can be highly targeted when enforced.
Piracy exists between those two forces: an anonymous internet would be rife with piracy, while an authenticated internet would see minimal amounts of it because it’s so easily eradicated. Coexistence of both worked because the internet was optional, which is no longer the case.
But nobody wants to talk about that, I find. Everyone wants the status quo to continue unabated forever, because it’s familiar. Familiarity does not mean permanent, though.
Consider an HTTP daemon serving static content on a physical server. If that physical server has a 10Gig NIC it will withstand 90%[0] of the real-world DDoS attacks which would affect the same server with a 1Gig NIC.
"Dumb" DDoS filtering means blocking UDP and SYN floods, and other simple attacks. Your goal is essentially to block traffic which could be spoofed, making your downstream traffic somewhat attributable. Many ISPs provide functions like this, and is not nearly as complicated or invasive as letting Cloudflare MITM every bit of your traffic.
Any effort past that point should just be made in caching static assets, and optimizing dynamic pages. If your website uses sessions, you can implement basic rate controls very easily. No WAF required!
[0]: I made it up
I'm not saying you aren't experiencing this, but I am curious: what is your setup that Cloudflare and Google treat you with such suspicion / hostility?
If you don't clear your state or keep its original origin VPN only, you're breaking a big point of using VPNs.
I don't like the way that large football conglomerates abuse copyright, but then those same rules _should_ be open to me for anything I produce. The main difference is I don't have a team of lawyers.
If you read between the lines, he’s claiming people will die because Cloudflare doesn’t want to take the time, effort, or money to fix the problem that they easily could by creating a separate system for critical services.
This type of “tech hypochondria” should be absolutely dragged at every opportunity. This guy runs a business and whines that his clients don’t deserve what his business agrees to provide? FOH with that ish mang I ain’t buying it.
If you define censorship as packet loss, then anything that drops packets is inherently evil, and your business (which ultimately boils down to sending packets along) is inherently good. Ergo anything you do is good and anything that questions or checks your power is evil.
This understanding of free speech didn't evolve in a vaccum, though. It was a response to the "copyright hypochondria" of the publishing industry outfits that have been insisting that "censorship is when free movies". One of the most irritating tenets of copyright maximalism is the idea that copyright somehow backstops free speech, because having an economic incentive to publish is supposed to make politicians think twice[0] about stupid censorship bullshit?
So we have two industries here that have both psyopped themselves into thinking their profit margins are a moral good, unwilling to compromise in any way that would allow legal websites to remain online. Or at least I'm assuming both sides are unwilling to compromise, because La Liga isn't saying anything, and Cloudflare is going to the public rather than the actual courts imposing this blocking order.
[0] The logic doesn't logic here, this is the same kind of thinking that gave us "capitalism has won" in the 1990s and "military alliances will make war impossible" a century prior. Politicians are ultimately polite brokers of violence, and economics is a tool they impose upon us to make us do things in lieu of guns to head. Not the other way around. Politicians will happily censor economically valuable art all day long.
I'm tempted to say "the master's tools can't destroy the master's house", but that saying is complete bullshit for different reasons.
Bundesliga, F1, NHL and FIFA world cup, that's all I (they) needed.
It turned to total mess. Service A shows F1 but not NHL. Service B shows NHL but not all NHL, only games where my city team plays. Some show LaLiga but not Bundesliga. All cost $30/mo but still show ads. Periodically they show ads instead of the event. If they can't, they split screen show the event in a little rectangle that's 25% of screen space. Dazn, TSN, ESPN are all total scam. You can see a lot of bull riding though.
We cancelled all this nonsense and just moved to pirate sites. Screw this bs.
Piracy is almost never about the price -- it's almost always about the availability. Especially when it comes to live sports.
They just stop watching.
My company's website is behind Cloudflare and I discovered this whole situation because someone couldn't access it. Also my home assistant is not accessible from the internet the days with a match. And we use it to open the garage and the house. We learned the lesson the hard way being locked outside until I managed to connect with a VPN. This is just nuts and incredibly frustrating. And for La Liga we are just a bunch of "frikis" (nerds) complaining about it... because we are the only ones that understand what the problem is.
Unfortunately, someone would have to die and a lawsuit to follow, and maybe that could stop this crazy nonsense. E.g. A few days ago I read about someone with diabetes whose device was malfunctioning because of these blocks.
They split the rights up in much more imaginative ways, like local channels can broadcast sold out local games and then the nfl itself or an rsn or major network can broadcast the remote half. I would guess that a lot of local games are over the air but if you follow a team somewhere else you might need a fairly inexpensive subscription
Are there multiple? I thought DDoS-Guard [1] had a near-monopoly on CDN services for international piracy.
[1] https://krebsonsecurity.com/2021/01/hamas-may-be-threat-to-8...
So there a lot of convinience and free stuff. It's quite obviously that when I had commercial customers where for whatever reason free tier wasn't anough I juse used them as well. Why not? There are horror stories about their corporate pricing, but for smaller company paying $20-200 for CDN is no brainer.
Also huge massive advantage of CloudFlare is that majority of their services are not metered so it's hard to wake up to $100,000 bill like it can happen with AWS and almost any other CDN provider.
I still believe this kind of centralized MiTM is bad for us all, but honestly I'd rather it be CloudFlare than Amazon, Microsoft or some other "evil corp".
Similarly there's quite a lot of push from the most powerful teams in some of these leagues to break off and form a European Super League; with Spain's two biggest teams being the biggest backers of the project.
ETA: not agreeing with how aggressive they are exactly, but do think long term they're probably in a lot of trouble if/when money starts to properly force a European Super League into existence.
(I'm generally pro-piracy and don't know the details here, but am also old enough for "the people like MONEY" to not be a particularly noteworthy quality. The things that jump out to me here are A) is Cloudflare's attempted implication that they just need a better injunction true? B) The sophomoric argument that "people will die due to this" is my "people like MONEY" smell)
I stopped pirating stuff when content platforms gave a compelling easy to use product, I’m back to pirating because it’s genuinely a better product compared to the endless hoops you have to jump through to use streaming services
People being stolen from most likely aren't going to advocate for the class stealing from them. Capitalism has one rule to wit: an in-group that is not bound but protected by the law and an out-group that is bound by but not protected by the law.
As a working class person if you 'pirate' materials you could be facing fines or even jail time.
If the capital owning class wants your IP, they'll just take it.
Paella and sol heh, not CDN's
Of course, that similar organizations (paid by huge copyright companies) tried the same in my country. And luckily our government listens to local experts (NIC.cz and others) and not to mention, pirating has big tradition here. So they failed to pass this ridiculous law. (blocking IP addresses)
