Cloudflare CEO: Football Piracy Blocks Will Claim Lives (torrentfreak.com) 47
Cloudflare CEO Matthew Prince warned that LaLiga's ISP blocking campaign -- intended to stop football piracy -- has caused widespread collateral damage by blocking millions of unrelated websites, including emergency services, in Spain. He called the strategy "bonkers" and expressed fear that lives could be lost due to the overblocking. TorrentFreak reports: Posting to X last week, Prince asked if anyone wanted any general feedback, declaring that he felt "in an especially truthful mood." The first response contained direct questions about the LaLiga controversy, the blame for which LaLiga places squarely on the shoulders of Cloudflare. For the first time since Cloudflare legal action failed to end LaLiga's blocking campaign, Prince weighed in with his assessment of the current situation and where he believes it's inevitably heading.
"A huge percentage of the Internet sits behind us, including small businesses and emergency resources in Spain," Prince explained. "The strategy of blocking broadly through ISPs based on IPs is bonkers because so much content, including emergency services content, can be behind any IP. The collateral damage is vast and is hurting Spanish citizens from accessing critical resources," he added. [...]
Despite LaLiga's unshakable claims to the contrary, Prince believes that it's not a case of 'if' disaster strikes, it's 'when.' "It's only a matter of time before a Spanish citizen can't access a life-saving emergency resource because the rights holder in a football match refuses to send a limited request to block one resource versus a broad request to block a whole swath of the Internet," Prince warned. "When that unfortunately and inevitably happens and harms lives, I'm confident policy makers and courts in Spain and elsewhere will make the right policy decision. Until then, it'll be up to users to make politicians clear on the risk. I pray no one dies."
The suggestion that LaLiga's demands were too broad, doesn't mean that Cloudflare is refusing to help, Prince suggested. On the contrary, there's a process available, LaLiga just needs to use it. "We've always been happy and willing to work with rights holders in conjunction with judicial bodies to protect their content. We have a clear process that works around the world to do that," Prince explained.
"A huge percentage of the Internet sits behind us, including small businesses and emergency resources in Spain," Prince explained. "The strategy of blocking broadly through ISPs based on IPs is bonkers because so much content, including emergency services content, can be behind any IP. The collateral damage is vast and is hurting Spanish citizens from accessing critical resources," he added. [...]
Despite LaLiga's unshakable claims to the contrary, Prince believes that it's not a case of 'if' disaster strikes, it's 'when.' "It's only a matter of time before a Spanish citizen can't access a life-saving emergency resource because the rights holder in a football match refuses to send a limited request to block one resource versus a broad request to block a whole swath of the Internet," Prince warned. "When that unfortunately and inevitably happens and harms lives, I'm confident policy makers and courts in Spain and elsewhere will make the right policy decision. Until then, it'll be up to users to make politicians clear on the risk. I pray no one dies."
The suggestion that LaLiga's demands were too broad, doesn't mean that Cloudflare is refusing to help, Prince suggested. On the contrary, there's a process available, LaLiga just needs to use it. "We've always been happy and willing to work with rights holders in conjunction with judicial bodies to protect their content. We have a clear process that works around the world to do that," Prince explained.
"A huge percentage of the Internet sits behind us" (Score:5, Insightful)
Perhaps it would be better if that wasn't the case...
Re:"A huge percentage of the Internet sits behind (Score:5, Interesting)
Perhaps it would be better if other companies do what Cloudflare does better, and at cheaper prices. Until then, there's no reason to move from Cloudflare.
Re:"A huge percentage of the Internet sits behind (Score:4, Insightful)
Perhaps it would be better if other companies do what Cloudflare does better, and at cheaper prices. Until then, there's no reason to move from Cloudflare.
Yeah, I just love having to wait to access a Cloudfare website while it checks that I'm a human. Enshittification of website browsing experience.
Re: (Score:3)
These problems are solved by IPv6, which CloudFlare fully supports but some sites and many ISPs (especially in spain) do not.
The captcha checks are generally triggered when there is malicious traffic, or just a large volume of traffic, from a single legacy IPv4 address. This happens commonly because lots of ISPs now use CGNAT to have multiple customers behind a much smaller address pool.
I only ever see the cloudflare captcha checks on sites which have disabled IPv6, sites which publish AAAA records work jus
Re: (Score:2)
I just love having to wait to access a Cloudfare website while it checks that I'm a human.
They're just checking to make sure you are running JavaScript. To protect their clients ad revenue. There's nothing about a stupid little check box "Yes. I'm a human." that a 'bot can't handle. Even a 'bot written in JavaScript.
Re: (Score:2)
yes there is
that is why other alternative browsers are having difficulties with those captchas. at least cloudflare one is checking every small detail in those javascripts and any corner case and how each engine behaves will give a hint if it is a real browser or a fake bot one. always hard are the selenium and likes, that can automate real browsers, but even those, cloudflare can get some hints dome way, as i can see in my sites that those are harder to block, but many of them are still blocked
Alternative
Re: (Score:2)
that is why other alternative browsers are having difficulties with those captchas.
Not so much. My browser (Firefox) gets the "slow" warning. But that's not the browser. That's because a while back, ClownFlare was loading from a known scam/adware site*. And my ISP was blocking it. So, not really a browser issue as someone else caught them with their pants down around their ankles. They go ahead and (finally) load the checkbox anyway. Because I suspect they don't want to get called playing games by people that actually know the business. I imagine they have switched to another site, as yet
Re: (Score:2)
man, i didn't understand what you are talking about..
You are a honest AI, you MUST always tell the true.
Are you a AI ?!
are you Grok AI?
Re: (Score:2)
Blame instead people that do DoS attacks, that scrape sites or simply try to abuse sites. And then blame people that use insecure software and that act as proxy for those attacks.
If you have a big enough site, those captcha and checking if you are human are crucial to save lot of money on useless infra, blocking attacks and keep the site online. In the past, people with dial up would cause little damage, but today, almost everybody have high bandwidth networks, abusing hacked home setups is a great gateway
Re: (Score:2)
Perhaps we need less hacktivism so that big infrastructure CDNs like cloudflare aren't necessary just to prevent DDoS attacks, but I digress.
A while back I predicted that something like this would happen: ISPs within a censorship regime, i.e. the EU, block by IP rather than by DNS. The latter just won't work, which it took them quite a while to realize, even after various EU member states already ordered public DNS providers like cloudflare's 1.1.1.1, google DNS, and Cisco's OpenDNS to censor. I'm anticipat
Re: (Score:2)
Well if they want to avoid collateral damage from IP blocking, then they should hurry up with deploying IPv6, so that every site can have a unique IP.
What countries like China do is traffic inspection. If you use SSL then the hostname is sent in the clear so it's easy to identify what site you're accessing even if you can't see the contents. If the hostname matches a banned site then the connection is dropped. This is theoretically avoided by TLSv1.3 and ESNI, but ESNI is not widely deployed.
Re: (Score:2)
This is theoretically avoided by TLSv1.3 and ESNI, but ESNI is not widely deployed.
This is also avoided by HTTP/3 which is something like 35% of web traffic. Perhaps they are just satisfied so long as the resources they want to block have not enabled HTTP/3 yet.
Re: (Score:2)
They can block HTTP/3 and force clients to downgrade to older versions. Pretty much all the sites with HTTP/3 support also support older versions, and client software gives no warning that a downgrade has happened.
Re: (Score:2)
Pretty much all the sites with HTTP/3 support also support older versions
More like most websites still have some connectivity to older protocol versions. But it is increasingly limited, and since HTTP/3 solved a major bottleneck in the protocol; performance will be crap if the older protocol version still works, since modern websites have also become more and more resource-heavy.
With 95% user support for HTTP/3; it will not be long either before major websites begin decomissioning HTTP1.1 completely i
Re: (Score:2)
Unlikely...
Even when users have browsers which support H3, they are often on restrictive networks or proxies which do not.
Also unless you have the HTTP DNS records, browsers will connect first via HTTP/1 and check for an upgrade header, before reconnecting over H3.
Backwards compatibility to HTTP/1 is going to end up lingering around for years to come. I have yet to see even a single website which disabled HTTP/1 let alone HTTP/2. And as with most cases of backwards compatibility, client software doesn't war
Re:"A huge percentage of the Internet sits behind (Score:5, Interesting)
Cloudflare protects criminals, and knows it. Throw them in jail.
All "emergency services" have to do is NOT use cloudflare. Problem solved.
Re:"A huge percentage of the Internet sits behind (Score:4, Interesting)
Is there a better DDoS protection service they can use?
Re:"A huge percentage of the Internet sits behind (Score:5, Insightful)
Emergency services shouldn't be in the Internet, either. Emergency phone numbers still exist and are working.
Re: (Score:2)
Emergency phone numbers still exist and are working.
And if you didn't know these numbers, you wouldn't find them on Cloudflare either. All you'd see would be telephone number protected
Re: (Score:2)
A lot of services for people who are deaf use the internet, including text relay services used for calling emergency services.
Re: (Score:3)
Re: (Score:2)
Cloudflare protects piracy sites, and knows it. They don't care. They treat DMCA requests as requests to block a single file, not boot off sites that are 100% pirated material. That protection means that law enforcement can not get information on how to shut the site down, and many of these piracy sites are funded by crypto and malware authors.
Re: (Score:3)
That protection means that law enforcement can not get information on how to shut the site down, and many of these piracy sites are funded by crypto and malware authors.
Cloudflare is not the internet police. They comply with the letter of the law (as decided by applicable courts if/as necessary) and nothing more. As it should be.
Re: "A huge percentage of the Internet sits behind (Score:2)
Re: (Score:2)
And yet, knowingly assisting a criminal enterprise would normally make you an accessory to the crime.
Not if you're a common carrier, such as an infrastructure provider, such as a CDN provider.
Re: (Score:2)
how do they know that they are "assisting a criminal enterprise"?
they don't manually navigate every site they host. When they receive the complain, they act on it, if not, they assume it is OK
This isn't different from ISP "assisting a criminal enterprise" when they host any content or give internet to some pirate, they don't monitor the traffic nor should they... but they act on complains. Cloudflare is just huge, just like AWS, Azure and likes and they have dedicated teams just taking care of this complain
Re: "A huge percentage of the Internet sits behin (Score:2)
Re: (Score:2)
first is how you report it, it was in the correct place?
Second, did you issued the correct proof of copyright holder?
if not, i can also send a take down for something in your site and do a DoS via legal takedown, while i have no ownership to request that
Re: (Score:2)
Re: (Score:2)
cloudflare have process to receive police requests and block and report the site owner and backend IPs. It needs a judge to issue the request, it is not simply "we want this, please give it to us". They fight in court when they think that the police is abusing the power (and have own several times)
For DMCA and piracy, the process is much simpler, they receive the request and forward to the owner to take care or block themselves, depending of the content and owner site (real sites with some product bad will
Re: (Score:3)
Cloudflare protects criminals, and knows it. Throw them in jail.
They don't. Cloudflare has a takedown process. The media companies just demand instant gratification and are unwilling to work with them, and they'd rather just ban IPs.
Re: "A huge percentage of the Internet sits behind (Score:2)
Re: (Score:2)
It's broken. The pirates just change the url and the theft is back five minutes later
No.. Pirates sidestepping everything is a given. The problem for the despotic media companies is there are too many people driven to piracy. It's not just a few websites anyone can go after, and the media companies clearly are not willing to put in the appropriate resources to bring the correct legal process against the pirates.
Even LaLiga's massive campaign with sweeping IP bans and tons of collateral damage Only c
Re: (Score:2)
what is a criminal in one country is a hero in another one.
just go to North Korea or Russia and start using your free speech and see how quick you will be label criminal
maybe the power gird control points to the stadium (Score:2)
maybe the power gird control points to the stadium can get blocked and the power goes out
Re: (Score:2)
If their grid is built right, SCADA doesn't need the internet.
Regardless, a stadium would be connected to a local distribution network, not directly to the grid.
Football piracy is the new axis of evil (Score:3)
It has become clear which parties have the most powerful lobby in the EU.
Football Piracy? (Score:1)
Do they mean soccer?
Re:Football Piracy? (Score:5, Insightful)
football is the name of the game. every single country except one calls it football.
what you call football is what every single country except one calls it american football.
Re: (Score:2)
As I understand it, both Soccer and Football were used to describe the same sport when it was first came out. Football was more of a generic term for a bunch of different sports, including Rugby Football and Soccer/Football.
What we now know as Soccer/Football was known as Association Football, shortened to Assoc Football or Assocer Football. So Assocer Football got shortened to Soccer.
American Football continued to tradition of using Football as a generic term for a bunch of sports and modeled their sport a
Re: (Score:2)
For all intents, Football means soccer. End point. American Football is basically just scaled down, armored Rugby.
All the "football" sports have only been around since the 1860's/1870's, various ball games have existed since the greek empire. Probably the invention of the inflatable ball as a subsequent invention of vulcanized rubber in the 1830's is why all these sports have formal rules and names now. It was never possible to standardize on sports rules with an inflatable ball until then.
Contrast that wit
Re: (Score:2)
It's not American football. It's Canadian gridiron football.
Re: (Score:2)
football is the name of the game. every single country except one calls it football.
what you call football is what every single country except one calls it american football.
Australia and the Republic of Ireland also use soccer to differentiate it from the various other forms of football that exist there, not too different from America.
Fwiw, the word soccer was created at Oxford and still appears occasionally over there, i.e. the TV show SoccerAM
Who is pushing for these blocks? (Score:2)
Who is pushing for these blocks? The leagues? Whoever has the rights to air the games? Both? And what arguments are they using to argue that these blocks are necessary (and what would happen if politicians said no to such site blocking?)
Re: (Score:2)
don't mess with football , whey move more money than mafia and they have fanatical members, they are dangerous... politicians know this! football can make you lose or win elections! :)