Context: last year LaLiga (top-level Spanish football league) obtained a court order compelling Spanish ISPs to block certain IPs during football matches, as those IPs have been associated with illegal streams of live matches. Many of those IPs are shared Cloudflare IPs, with the result being many legitimate sites become unavailable in Spain during LaLiga matches
Personally, myself I have been greatly impacted by this measures. Several services of mine were unavailable because LaLiga said so. No notification, no justification, they block and that's all. It has been a shame since the beginning.
What ISP? I'm using Vodafone and if I accept the insecure connection (because of mismatched certificate), I get served the notification. You don't get that?
Bit hard to get notified by the ISP if you effectively try to side-step the way they notify you, don't you think? Also bit weird to blame them for that.
If I recall correctly, if you try to access the IP directly you get the same notification. No football game on right now though so cannot check.
Edit: In fact, I'm not sure they do DNS filtering at all actually, it may be just based on IP, can't remember off-hand, considering the collateral damage, I'd say IP blocks mainly.
(Disclaimer: I don't know the first word about law)
But I have been thinking about this quite a lot recently (mostly because I get angry at the power states sometimes have over individuals). Would the distinction really matter in this case?. I would think that in a "civil law" contry things could be even worse for the aggressor
It was. La Liga isn’t satisfied with the response time of Cloudflare. Cloudflare would not commit to content being taken down during while the match is still going.
La Liga wants to be able to point to a URL hosted by Cloudflare and demand it taken down that instant while the match is still on. It would require dedicated staff at Cloudflare to deal with La Liga stream takedowns.
More so, La Liga wants Cloudflare to take it down for the entire world, not just block it from Spanish IPs, regardless of whether the host resides in Spain. Cloudflare has refused to do so.
Presumably the Cloudflare network resources in question were not located in Spain and thus not under Spanish jurisduction. Or even if they were, it may be procedurally simpler for the Spanish government to compel ISPs to block IPs.
> it may be procedurally simpler for the Spanish government to compel ISPs to block IPs.
The Spanish government is not the ones enforcing the ban here. La Liga and Telefonica went to the judges, who are the ones making ISPs to enforce these blocks, as an intermediate "fix" essentially.
Judges in Spain are not part of the government ("Gobierno"). They are part of the Poder Judicial, the judiciary. The Spanish Constitution separates these clearly, give it a skim if you haven't already.
That's not what the constitution says though. "Government" ("Gobierno") is what an American would understand "executive branch" to be, I'm guessing this is why it's confusing. I tried to make it easier by adding the translations, but maybe that's just making it more confusing :)
I guess broadly in English you'd say the judges are part of the state, but they're not a part of the Spanish Government.
CF would pretty much need to monitor this live in that case which is impossible. The pirates sometimes even create new domains for specific games.
This is a risk with shared IP addresses. I sold CF to many customers and I would say the risk in general is minimal. At least outside Spain. But people should stop whining and use a better service if needed.
On the one hand, I would tend to agree that making things painful enough might force people to stop ignoring and improve things. On the other, after seeing waves hands at everything since 2016 makes me very skeptical of accelerationism: sometimes things just get worse and worse, there's no bottom to bounce from. Or maybe we just never really hit rock bottom?
Given much of the internet today, I'm not sure if a pan-EU level blocklist on all of cloudflare (damaging as that would be) would even be worse than the status-quo, let alone rock bottom.
The bottom is just so much farther down than we remember. Tremendous progress was made in the 20th century, particularly in the aftermath of WWII, and we've kind of just been coasting on it for 50 years.
It took tens of millions of dead to create the relative peace of the later 20th century, that is a hell of a rock bottom. We got the UN, nuclear Non-Proliferation Treaty, war crimes treaties, free trade, unprecedented prosperity. It's humanity's greatest achievement but we're throwing it all away. Partly due to attacks from monied interests and propagandists, partly to protect Israel (the 15th Crusade), partly because of hatred of peaceniks and bureaucrats, but largely because we've all forgotten the costly lessons.
What other provider than Cloudflare is out there that offers the things Cloudflare does? Why are people not already switching to them if they are available?
Telefonica, the telecom company who bought the rights of LaLiga and btained the judgement against cloudflare IPs, sells some of those services through its business services branch.
One of the things that so often gets lost in politics is the concept of a stopping principle. If you know you want to do X, be it "enforce traffic tickets", "spend money chasing drug trafficking", or anything else, you really ought to be able to articulate some sort of stopping principle where you stop pouring the resources in. Maybe the problem is adequately solved. Maybe the further resources don't justify the tiny incremental change. Maybe the intrusion on liberty starts to overwhelm the benefits. Something. Otherwise you just end up going farther and farther down the road with no idea when to stop.
These IP blocks don't seem to come with a stopping principle. They were large and growing, and inevitably more and more entities were going to say "Hey, if that company is large enough to flip the switch to protect their assets then I'm large enough for that too!" and the obvious and inevitable stopping point was 100% blockage.
Taken to its logical conclusion, and I do mean "logical" and not "rhetorically overblown for effect", this comes perilously close to just declaring that the value of the Internet is so net negative due to piracy that it should just be shut down in Spain. If that's true during certain sports matches it's already not far from being true for lots of other things too. This was leading in an obviously-economically-untenable direction.
I think in this case, it's more of a concept of causing damages and not having to pay for them. If LaLiga had to pay for every lost cent of revenue for every site blocked by their too-wide ban, they'd rethink what they're doing.
But with copyright, everything is broken everywhere, so they don't have to.
> Taken to its logical conclusion, and I do mean "logical" and not "rhetorically overblown for effect", this comes perilously close to just declaring that the value of the Internet is so net negative due to piracy that it should just be shut down in Spain.
What you’ve described there is completely overblown for rhetoric.
The internet is still needed for delivering legal streams of matches. So there’s never going to be any pressure to turn off the entire internet.
Plus the likes of Amazon, and other online businesses would sue the hell out of La Liga for loss of trade.
So there’s no way in hell the situation would descend into your “logical conclusion”.
That’s not to say that the situation couldn’t get worse that it already is. Just that your logical conclusion isn’t very logical.
…and that was already enough to get Congress to review the situation. The first paragraph in the article we are discussing says:
> The complaints about the massive fall of web pages caused by LaLiga's fight against piracy reached Congress months ago. And the Chamber is now preparing to take measures.
But even ignoring the fact that TFA directly disproves your and the GP's argument, the point you're making that "x got approved so y also will" isn't how things work in the real world. People do have a pain threshold and just because CloudFlare was tolerated until now doesn't mean greater blockages would have been equally tolerated.
The Cloudflare block has been in effect since December 2024, so it's been in effect almost a year and a half, and Congress is at the "will act", not "has acted" stage.
And yes, of course you're right, that people have a pain threshold, but it's also true that people will normalise behaviour over time. I'm not saying further blockages will happen, just that I don't take it for granted that they won't.
1000%
I got legit Cloudflare Workers Anycast IPs that I was using for websockets blocked.
I also got blocked from using RustDesk.
It's been crazy. As this happens intermittently. I had to set up a tailscale exit node in one of my servers to circumvent this crap. I lost several days and called Vodafone (ISP) to understand what was going on.
Thanks for the heads up!
I'm using it self-hosted on a Hetzner VPS.
Apparently they also block certain ports. As soon as I route the traffic through Tailscale through the same VPS I can connect without issues (My phone was affected as well)
Genuinely never thought I'd see the day. This has been horrible for me running an event ticketing business in Spain... where downtime is basically not acceptable.
Why would you be using Cloudflare when there are better options, especially if you've known for years that this has been going on? Seems like a poor business decision really.
Don't get me wrong, I hate getting blocked just because there is a La Liga game, but lets also take some responsibility for our own decisions here...
Very ironically I get this error trying to read the article:
403 ERROR
The request could not be satisfied.
Request blocked. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
Generated by cloudfront (CloudFront)
Qui blockat blockodiodes? Cloudfare, it turns out....
I'm interested in how those conversations went between the LaLiga and Cloudflare that convinced them to do this. I know I'm not Cloudflare, but if a company (any company) came to me demanding blocking IP ranges according the their schedule that would require a bunch of work on my end to make it happen, there's going to be a lot of push back. It'd take a dump truck load of money to make that happen.
No conversation at all needed to happen. LaLiga got a court order. The order specifically stated that if LaLiga flag your IP address, the internet providers in Spain must block it during the match. Cloudflare have nothing to do with it.
Who could have forseen, that LaLiga would end up abusing this system!?
> Google, Cloudflare, VPN providers, and other entities facilitating piracy are responsible for the illegal activities they enable and profit from.
Why wouldn't ISPs be responsible too? or the cable modem providers? or the computer providers? or your eyes. Let's just blame all those things and not the person that made it or the person that consumes it.
> Through this conduct, Cloudflare is actively enabling illegal activities such as human trafficking, prostitution, pornography, counterfeiting, fraud, and scams, among other things.
That statement from La Liga is nothing short of embarrassing. Raving about child pornography, in a simple copyright infringement case? And the repeated focus on "IPs" is incredibly disingenuous; Cloudflare's multiplexing of half the internet onto a small number of IP addresses is not exactly a secret in the tech community.
Why are Spain's courts allowing this injunction to stand? It's clearly being used to bring the court system itself into disrepute at this point.
That's not how this worked. Cloudflare was not involved at all. Spanish ISPs were ordered by Spanish courts to block their customers from accessing specific IP addresses.
I wonder why didn't Cloudflare just say that technically they can't block the IPs for a short time as they have no mechanism to do it and it would take a significant amount of $$ to develop it.
Right after this statement they could have permanently block all the IPs and let the outraged customers make enough noise that would have prompt the government to act sooner.
Cloudflare don't want to lose the piracy stream sites as customers, so they can't throw them off their platform. They want to specifically block the stream sites and specifically only for Spanish visitors, so the only thing they can do is reject Spanish traffic for specific IP-ranges in their infrastructure. Result is a bunch of collateral damage.
We actually had to revert our rollout of CF Workers because enough of our users were in Spain and couldn’t access endpoints at seemingly arbitrary times (due to the matches)
They are only seemingly arbitrary to people that are not actually paying attention. Now that people are, the blocks are known in advance to those that look at a the schedule. Sure, it sucks to have to build this into your own schedule, but that's better than it happening "unexpectedly". You could do something crazy like import these times into your own calendar with reminders.
I'm not sure what you're saying. Obviously the schedule of matches is public. But what are you suggesting the business does during this time...? Their site is offline.
Absolutely ridiculous to make people do that. What you're proposing is not a real solution. The real solution is to not block wide IP ranges at the random desire of some private football league.
I struggle with LaLiga's filter during matches, but I am more interested if it'll help with latency/speed. Have you noticed any different when using WARP vs. without it regarding Internet speed?
I understand organizations as LaLiga wanting more money but massive IP blockage seems quite unfair, effective maybe but unfair so this news does not come as a surprise.
Who says it's effective? The pirate streams still go up every game, as far as people report here. They can just change their ips or hosts occasionally.
It's the honest businesses who probably won't go through the effort of evading the block every time.
What you need is some form of - European - megacorp getting hurt by this and going after LaLiga for a ridiculously huge, LaLiga-destroying amount of money.
I'm torn on this. It always should have gone through the courts, but the fact is that cloudflare are providing access to illegal content and not doing anything about it.
They were left with two choices if Cloudflare refuse to act. Either accept it (oh well, too big to fail), or block them.
I dislike what is happening but I kind of like that they don't care about the size of Cloudflare and hold them as accountable as they would a small hosting company in Belarus. Blocking entire ranges due to illegal content isn't exactly new, the scale is new.
Again though, I really dislike that it isn't going through the legal system
> the fact is that cloudflare are providing access to illegal content
Why make CloudFlare ultimately responsible though? There are lots of companies between users and the servers providing pirated content. Cloudflare is just one step in the whole chain. Why not eg block Google Chrome?
In any case, blocking Cloudflare was a stupid thing to do. Especially because it didn't anything to solve the actual problem.
I think you're not faithfully trying to adopt their perspective here, even if you don't agree with it (just like me).
They need (in their mind, again I don't agree) to block these sites somehow, as they see it as them "stealing" viewers, judges agree with this. Now, where can the block be done, and have the least amount of collateral?
Cloudflare is not playing ball and turning of the streams, and they appear too quickly to go through court orders all the time. Banning a web browser obviously has a huge scope, so you're effectively left with blocking based IP, DNS or both/either.
Considering they are breaking local laws, and judges feel like something should be done to stop that, the solution they arrived at, regardless of how shit it is, is probably the solution with the least collateral damage, even if it has quite a lot.
Again, I don't agree with the decision, but I can also see from their perspective that they don't have a ton of choices, if we adopt the perspective that it should be stopped somehow.
It's disingenuous to believe there was any merit in blocking Cloudflare. Not only this was never going to solve the piracy problem but it was always more of a pissing context.
Furthermore, La Liga somehow convinced the courts they should be able to pick IPs for all ISPs to block in real-time without any oversight from the law. Considering this is a private company this is just absolutely insane.
Because they own the IPs that pirates are connecting to which makes it relevant for those IPs to be blocked. They are the easiest IPs to find since you can just resolve the domain of the piracy site.
It's unreasonable to expect cloudflare etc to be able to proactively identify legal vs illegal streams. The companies who own the copyrights can't even get that right much less a third party that has no idea if a stream is licensed.
Why though? Why is it unreasonable to expect a company to have some level of responsibility for serving clients that are using their platform for illegal activity?
It the same thing with social media and moderation. We don't have to let them off the hook just because doing the right thing would make them unprofitable.
I mean, how do we qualify which companies get punished for which crimes?
Do we punish gun manufacturers for someone being shot? Kitchen utensil companies for someone being stabbed? Car manufacturers for car crashes? Road construction companies for human trafficking?
How deep does this go? Is a steel foundry responsible for the stabbing? Is a camera lens manufacturer responsible for illegal porn?
Any action by cloudflare before a court order or notice would be proactive. There's no way to effectively block streamers of live shows because they can create new sites or accounts for each event and by the time they're found, reported and cloudflare reasonably reviews and acts on them the event will be long over.
What do you expect cloudflare to actually do about these streams?
Maybe I'm being optimistic but I'm assuming the first action wasn't large scale IP blocks. Cloudflare likely didn't take action.
> What do you expect cloudflare to actually do about these streams?
I'm sorry but I'm not buying that the market leader in bot detection can't detect sport suddenly being streamed to an influx of people from a new IP at kick off. If this was the US banning them, I'm sure they'd have found a way around it by now
Cloudflare can assign IPs based off customer reputation. High risk customers get high risk IPs. This way legitimate businesses stay on IPs that don't get blacklisted and sketchier businesses go on high risk IPs before they potentially get banned.
How much of a responsibility should the provider have to scan what they're hosting and proactively make a judgment on whether they should block it or not?
https://cybernews.com/news/spain-laliga-streaming-piracy-cam...
What ISP? I'm using Vodafone and if I accept the insecure connection (because of mismatched certificate), I get served the notification. You don't get that?
If I recall correctly, if you try to access the IP directly you get the same notification. No football game on right now though so cannot check.
Edit: In fact, I'm not sure they do DNS filtering at all actually, it may be just based on IP, can't remember off-hand, considering the collateral damage, I'd say IP blocks mainly.
But I have been thinking about this quite a lot recently (mostly because I get angry at the power states sometimes have over individuals). Would the distinction really matter in this case?. I would think that in a "civil law" contry things could be even worse for the aggressor
La Liga wants to be able to point to a URL hosted by Cloudflare and demand it taken down that instant while the match is still on. It would require dedicated staff at Cloudflare to deal with La Liga stream takedowns.
The Spanish government is not the ones enforcing the ban here. La Liga and Telefonica went to the judges, who are the ones making ISPs to enforce these blocks, as an intermediate "fix" essentially.
Which are part of the Spanish government.
Judges in Spain are not part of the government ("Gobierno"). They are part of the Poder Judicial, the judiciary. The Spanish Constitution separates these clearly, give it a skim if you haven't already.
I guess broadly in English you'd say the judges are part of the state, but they're not a part of the Spanish Government.
This is a risk with shared IP addresses. I sold CF to many customers and I would say the risk in general is minimal. At least outside Spain. But people should stop whining and use a better service if needed.
And even if there were I doubt the legal basis in EU law exists for such an injunction
Accelerationism was always a terrible idea.
By affecting only Spain, the impact is too small for most websites to care.
Just as trying to make social media be the arbiter of speech...
These IP blocks don't seem to come with a stopping principle. They were large and growing, and inevitably more and more entities were going to say "Hey, if that company is large enough to flip the switch to protect their assets then I'm large enough for that too!" and the obvious and inevitable stopping point was 100% blockage.
Taken to its logical conclusion, and I do mean "logical" and not "rhetorically overblown for effect", this comes perilously close to just declaring that the value of the Internet is so net negative due to piracy that it should just be shut down in Spain. If that's true during certain sports matches it's already not far from being true for lots of other things too. This was leading in an obviously-economically-untenable direction.
But with copyright, everything is broken everywhere, so they don't have to.
What you’ve described there is completely overblown for rhetoric.
The internet is still needed for delivering legal streams of matches. So there’s never going to be any pressure to turn off the entire internet.
Plus the likes of Amazon, and other online businesses would sue the hell out of La Liga for loss of trade.
So there’s no way in hell the situation would descend into your “logical conclusion”.
That’s not to say that the situation couldn’t get worse that it already is. Just that your logical conclusion isn’t very logical.
Cloudflare serves a whole bunch of legal and genuinely important services, and yet there was enough pressure to block them off.
> The complaints about the massive fall of web pages caused by LaLiga's fight against piracy reached Congress months ago. And the Chamber is now preparing to take measures.
But even ignoring the fact that TFA directly disproves your and the GP's argument, the point you're making that "x got approved so y also will" isn't how things work in the real world. People do have a pain threshold and just because CloudFlare was tolerated until now doesn't mean greater blockages would have been equally tolerated.
And yes, of course you're right, that people have a pain threshold, but it's also true that people will normalise behaviour over time. I'm not saying further blockages will happen, just that I don't take it for granted that they won't.
I also got blocked from using RustDesk.
It's been crazy. As this happens intermittently. I had to set up a tailscale exit node in one of my servers to circumvent this crap. I lost several days and called Vodafone (ISP) to understand what was going on.
That's when I read Reddit and saw that crap.
Apparently they also block certain ports. As soon as I route the traffic through Tailscale through the same VPS I can connect without issues (My phone was affected as well)
Don't get me wrong, I hate getting blocked just because there is a La Liga game, but lets also take some responsibility for our own decisions here...
403 ERROR The request could not be satisfied. Request blocked. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner. If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation. Generated by cloudfront (CloudFront)
Qui blockat blockodiodes? Cloudfare, it turns out....
Who could have forseen, that LaLiga would end up abusing this system!?
> Google, Cloudflare, VPN providers, and other entities facilitating piracy are responsible for the illegal activities they enable and profit from.
Why wouldn't ISPs be responsible too? or the cable modem providers? or the computer providers? or your eyes. Let's just blame all those things and not the person that made it or the person that consumes it.
Pornography is illegal in Spain now?
Why are Spain's courts allowing this injunction to stand? It's clearly being used to bring the court system itself into disrepute at this point.
> Cloudflare has facilitated by knowingly protecting criminal organisations for profit
The propaganda is strong with these guys ...
Right after this statement they could have permanently block all the IPs and let the outraged customers make enough noise that would have prompt the government to act sooner.
https://trends.builtwith.com/cdn/Cloudflare
However, my post was a tounge-in-cheek response.
I struggle with LaLiga's filter during matches, but I am more interested if it'll help with latency/speed. Have you noticed any different when using WARP vs. without it regarding Internet speed?
Thanks!
It's the honest businesses who probably won't go through the effort of evading the block every time.
403 ERROR The request could not be satisfied. Generated by cloudfront (CloudFront)
(Disclaimer: I work for Cloudflare)
The judicial, nation-wide blocks on CDN IPs is absurd and should have never been allowed.
I dislike what is happening but I kind of like that they don't care about the size of Cloudflare and hold them as accountable as they would a small hosting company in Belarus. Blocking entire ranges due to illegal content isn't exactly new, the scale is new.
Again though, I really dislike that it isn't going through the legal system
Why make CloudFlare ultimately responsible though? There are lots of companies between users and the servers providing pirated content. Cloudflare is just one step in the whole chain. Why not eg block Google Chrome?
In any case, blocking Cloudflare was a stupid thing to do. Especially because it didn't anything to solve the actual problem.
I think you're not faithfully trying to adopt their perspective here, even if you don't agree with it (just like me).
They need (in their mind, again I don't agree) to block these sites somehow, as they see it as them "stealing" viewers, judges agree with this. Now, where can the block be done, and have the least amount of collateral?
Cloudflare is not playing ball and turning of the streams, and they appear too quickly to go through court orders all the time. Banning a web browser obviously has a huge scope, so you're effectively left with blocking based IP, DNS or both/either.
Considering they are breaking local laws, and judges feel like something should be done to stop that, the solution they arrived at, regardless of how shit it is, is probably the solution with the least collateral damage, even if it has quite a lot.
Again, I don't agree with the decision, but I can also see from their perspective that they don't have a ton of choices, if we adopt the perspective that it should be stopped somehow.
Don't be disingenuous just because you like the company.
Furthermore, La Liga somehow convinced the courts they should be able to pick IPs for all ISPs to block in real-time without any oversight from the law. Considering this is a private company this is just absolutely insane.
It the same thing with social media and moderation. We don't have to let them off the hook just because doing the right thing would make them unprofitable.
Do we punish gun manufacturers for someone being shot? Kitchen utensil companies for someone being stabbed? Car manufacturers for car crashes? Road construction companies for human trafficking?
How deep does this go? Is a steel foundry responsible for the stabbing? Is a camera lens manufacturer responsible for illegal porn?
What do you expect cloudflare to actually do about these streams?
When there is phishing or pedo content, you think they wait for court order ?
Every hosting and CDN companies have abuse. Here is that Cloudflare is aware, and chooses to ignore the abuse requests.
Cloudflare is a US-based company so they are realistically out of reach, or too late.
If Cloudflare doesn't comply -> block Cloudflare from your country. This is their only realistic option.
At some point, the cost of complying with the law will be cheaper than handling these abuse requests.
It's like YouTube, they shutdown content on request of rights holders.
Maybe I'm being optimistic but I'm assuming the first action wasn't large scale IP blocks. Cloudflare likely didn't take action.
> What do you expect cloudflare to actually do about these streams?
I'm sorry but I'm not buying that the market leader in bot detection can't detect sport suddenly being streamed to an influx of people from a new IP at kick off. If this was the US banning them, I'm sure they'd have found a way around it by now