Get the top HN stories in your inbox every day.
matteason
evilmonkey19
Personally, myself I have been greatly impacted by this measures. Several services of mine were unavailable because LaLiga said so. No notification, no justification, they block and that's all. It has been a shame since the beginning.
thaumasiotes
What would it look like if you sued La Liga for using their lawful blocking power in a way that injured you?
bobthepanda
I don’t know that this would work that well given Spain is civil law, not common law
PeterStuer
The legal system in many countries is very, very different from that is the US (or UK).
brendoelfrendo
A very expensive lawsuit that, even if successful, will result in a difficult to enforce judgment?
embedding-shape
> No notification
What ISP? I'm using Vodafone and if I accept the insecure connection (because of mismatched certificate), I get served the notification. You don't get that?
brian-armstrong
Why would you ever accept a mismatched certificate? Even assuming that you think your ISP has no nefarious plans, are you going to be able to rigorously confirm it's their certificate? At that point you've bypassed all the mechanisms in your browser that do this heavy lifting for you.
tomnipotent
Presumes you're using the ISP's DNS and not custom servers or DoH.
pjc50
Maybe someone can explain, but I don't understand why such an order isn't applied to cloudflare themselves?
martin8412
It was. La Liga isn’t satisfied with the response time of Cloudflare. Cloudflare would not commit to content being taken down during while the match is still going.
La Liga wants to be able to point to a URL hosted by Cloudflare and demand it taken down that instant while the match is still on. It would require dedicated staff at Cloudflare to deal with La Liga stream takedowns.
dbbk
Cloudflare said they created a dedicated hotline for LaLiga, and apparently it wasn't enough for them
pavon
More so, La Liga wants Cloudflare to take it down for the entire world, not just block it from Spanish IPs, regardless of whether the host resides in Spain. Cloudflare has refused to do so.
tshaddox
Presumably the Cloudflare network resources in question were not located in Spain and thus not under Spanish jurisduction. Or even if they were, it may be procedurally simpler for the Spanish government to compel ISPs to block IPs.
embedding-shape
> it may be procedurally simpler for the Spanish government to compel ISPs to block IPs.
The Spanish government is not the ones enforcing the ban here. La Liga and Telefonica went to the judges, who are the ones making ISPs to enforce these blocks, as an intermediate "fix" essentially.
halJordan
The state hasn't setup processes to enable that. It will happen
AtNightWeCode
CF would pretty much need to monitor this live in that case which is impossible. The pirates sometimes even create new domains for specific games.
This is a risk with shared IP addresses. I sold CF to many customers and I would say the risk in general is minimal. At least outside Spain. But people should stop whining and use a better service if needed.
petcat
> But people should stop whining and use a better service if needed.
A better service that the Spanish government will also block?
Cloudflare is not the bad actor here. The Spanish government is.
madduci
In Italy, Serie A got the approval of Government to do so, which is even worse
inglor_cz
I fervently hope that no one manages to obtain a similar judgment at the pan-EU level, that would be a disaster.
arlort
I don't think there's an injunction mechanism like that at the EU level
And even if there were I doubt the legal basis in EU law exists for such an injunction
gizajob
yet
dmitrygr
I actually hope they do. this will force a proper reckoning about the situation and maybe a proper fix.
estebank
On the one hand, I would tend to agree that making things painful enough might force people to stop ignoring and improve things. On the other, after seeing waves hands at everything since 2016 makes me very skeptical of accelerationism: sometimes things just get worse and worse, there's no bottom to bounce from. Or maybe we just never really hit rock bottom?
WhyNotHugo
At that scale, it might make Cloudflare customers reconsider their affiliations. It might not be as terrible.
By affecting only Spain, the impact is too small for most websites to care.
dylan604
What other provider than Cloudflare is out there that offers the things Cloudflare does? Why are people not already switching to them if they are available?
squigz
If they compelled Cloudflare to do so, what makes you think they couldn't compel whatever provider those customers then switch to?
richwater
Yes, trusting Cloudflare to be the arbiter of the internet will work out great.
Just as trying to make social media be the arbiter of speech...
basisword
As shitty as the government approach is here we can't keep glossing over the fact that a significant part of the web is now incredibly dependent on Cloudflare and no matter how many times we face issues with huge consequences nobody seems to care.
jerf
One of the things that so often gets lost in politics is the concept of a stopping principle. If you know you want to do X, be it "enforce traffic tickets", "spend money chasing drug trafficking", or anything else, you really ought to be able to articulate some sort of stopping principle where you stop pouring the resources in. Maybe the problem is adequately solved. Maybe the further resources don't justify the tiny incremental change. Maybe the intrusion on liberty starts to overwhelm the benefits. Something. Otherwise you just end up going farther and farther down the road with no idea when to stop.
These IP blocks don't seem to come with a stopping principle. They were large and growing, and inevitably more and more entities were going to say "Hey, if that company is large enough to flip the switch to protect their assets then I'm large enough for that too!" and the obvious and inevitable stopping point was 100% blockage.
Taken to its logical conclusion, and I do mean "logical" and not "rhetorically overblown for effect", this comes perilously close to just declaring that the value of the Internet is so net negative due to piracy that it should just be shut down in Spain. If that's true during certain sports matches it's already not far from being true for lots of other things too. This was leading in an obviously-economically-untenable direction.
hnlmorg
> Taken to its logical conclusion, and I do mean "logical" and not "rhetorically overblown for effect", this comes perilously close to just declaring that the value of the Internet is so net negative due to piracy that it should just be shut down in Spain.
What you’ve described there is completely overblown for rhetoric.
The internet is still needed for delivering legal streams of matches. So there’s never going to be any pressure to turn off the entire internet.
Plus the likes of Amazon, and other online businesses would sue the hell out of La Liga for loss of trade.
So there’s no way in hell the situation would descend into your “logical conclusion”.
That’s not to say that the situation couldn’t get worse that it already is. Just that your logical conclusion isn’t very logical.
pdpi
> The internet is still needed for delivering legal streams of matches. So there’s never going to be any pressure to turn off the entire internet.
Cloudflare serves a whole bunch of legal and genuinely important services, and yet there was enough pressure to block them off.
hnlmorg
…and that was already enough to get Congress to review the situation. The first paragraph in the article we are discussing says:
> The complaints about the massive fall of web pages caused by LaLiga's fight against piracy reached Congress months ago. And the Chamber is now preparing to take measures.
But even ignoring the fact that TFA directly disproves your and the GP's argument, the point you're making that "x got approved so y also will" isn't how things work in the real world. People do have a pain threshold and just because CloudFlare was tolerated until now doesn't mean greater blockages would have been equally tolerated.
walrus01
Blocking large swathes of cloudflare IP space at the entire CIDR range level has significant negative repercussions on thousands of other completely non-football related companies, governments, non-profits, personal projects who are hosting content on them. It's absolutely unfair to those impacted by this extremely heavy handed method.
It's like saying there's some people who have been seen selling counterfeit made in China purses from a blanket in a street market in one particular neighborhood in a big city, so we're going to erect a roadblock to all vehicle and pedestrian traffic, and cut off metro train access to the area.
hnlmorg
I completely agree and nothing I posted suggested otherwise.
My point was just that Amazon is large enough to scare La Liga in ways that nearly no other online retailer is. Ergo La Liga wouldn’t ever push for a total internet block like the GP claimed.
matheusmoreira
Why not declare that the value of La Liga's "IP" is a net negative and holding society back, and then simply invalidate all of it on the spot?
chihuahua
That depends on whether Spain is interested in being a serious country with perhaps some technology jobs, or a clown show where the highest priority is Sportsball.
fireant
I don't understand why you are downvoted. Placing economic interests of entertainment megacorp over the rest of internet is one of the things thats wrong with society these days.
ajsnigrutin
I think in this case, it's more of a concept of causing damages and not having to pay for them. If LaLiga had to pay for every lost cent of revenue for every site blocked by their too-wide ban, they'd rethink what they're doing.
But with copyright, everything is broken everywhere, so they don't have to.
TZubiri
I think if a court enforces a judgement and a court order, regardless of how trivial it was initially, all measures including use of armed force is warranted, the matter at hand stops being the original dispute, but sovereignity and power of the law.
Does it matter that it happens over IP or CSAM? It doesn't happen over CSAM because there is no dispute there, there is no desync there between spain,the us and cloudflare.
But the mechanisms around these court orders aren't much different than those that would be used for other illegal or contentious material.
If a vendor chooses to pool and encrypt connections in a way that it is impossible to filter by hosts, and that vendor doesn't comply with court orders, then a country should absolutely block that entire vendor.
The liability of an unrelated pooled service failing is either the responsibility of the vendor or the application that chooses that vendor, not on the courts for enforcing the law without a subjective 'stopping point'.
What these vendors do is very similar to pooling in the layering phase of money laundering, but with packets: get traffic from legitimate customers, mix it with traffic from unlawful customers, pool them, and send encrypted EHLO so that the origin domain is encrypted and the packet source /destination are replaced by the vendor's. If this were done with money it would instantly trip all AML flags, but the tech world is much younger and hasn't discovered that laundering isn't cool or free as in freedom, it's a tool that the baddies use.
pier25
Finally. The situation is ridiculous and afaik it really didn't do anything to solve the piracy problem.
superjose
1000% I got legit Cloudflare Workers Anycast IPs that I was using for websockets blocked.
I also got blocked from using RustDesk.
It's been crazy. As this happens intermittently. I had to set up a tailscale exit node in one of my servers to circumvent this crap. I lost several days and called Vodafone (ISP) to understand what was going on.
That's when I read Reddit and saw that crap.
GranPC
I don't think RustDesk was hit by this. If you weren't able to access it two weeks ago, it was due to an outage on their end: https://github.com/rustdesk/uptime/issues/53
superjose
Thanks for the heads up! I'm using it self-hosted on a Hetzner VPS.
Apparently they also block certain ports. As soon as I route the traffic through Tailscale through the same VPS I can connect without issues (My phone was affected as well)
lostlogin
I’m suprised no one has sued over it, some sort of class action.
pretzel5297
Who would you sue? The courts?
dbbk
Genuinely never thought I'd see the day. This has been horrible for me running an event ticketing business in Spain... where downtime is basically not acceptable.
embedding-shape
Why would you be using Cloudflare when there are better options, especially if you've known for years that this has been going on? Seems like a poor business decision really.
Don't get me wrong, I hate getting blocked just because there is a La Liga game, but lets also take some responsibility for our own decisions here...
utrack
Is there a good alternative option for their reverse tunnels/ways to hide my real egress that'll also block the bots?
wiether
I've used AWS CloudFront & Bunny on some projects
dbbk
Right I mean I had to move off Cloudflare. I looked into some creative options like DNS steering to keep it for all other countries, but in the end it was cleaner to just move away entirely which was a shame.
here2learnstuff
Are you saying your event-ticketing business having downtime is not acceptable or that having downtime for the Spanish demographic is not acceptable?
dbbk
For the business. eg you don't want to be able to not sell tickets, or scan tickets on the door...
dylan604
I'm interested in how those conversations went between the LaLiga and Cloudflare that convinced them to do this. I know I'm not Cloudflare, but if a company (any company) came to me demanding blocking IP ranges according the their schedule that would require a bunch of work on my end to make it happen, there's going to be a lot of push back. It'd take a dump truck load of money to make that happen.
clort
No conversation at all needed to happen. LaLiga got a court order. The order specifically stated that if LaLiga flag your IP address, the internet providers in Spain must block it during the match. Cloudflare have nothing to do with it.
Who could have forseen, that LaLiga would end up abusing this system!?
kelnos
That's not how this worked. Cloudflare was not involved at all. Spanish ISPs were ordered by Spanish courts to block their customers from accessing specific IP addresses.
matteason
Cloudflare are very much pushing back: https://www.laliga.com/en-GB/news/official-statement-in-rela...
booi
This statement really makes no sense..
> Google, Cloudflare, VPN providers, and other entities facilitating piracy are responsible for the illegal activities they enable and profit from.
Why wouldn't ISPs be responsible too? or the cable modem providers? or the computer providers? or your eyes. Let's just blame all those things and not the person that made it or the person that consumes it.
Symbiote
Cloudflare are actively involved in publishing this content — they are equivalent to the hosting provider.
dariosalvi78
it's La Liga, what do you expect?
echoangle
> Through this conduct, Cloudflare is actively enabling illegal activities such as human trafficking, prostitution, pornography, counterfeiting, fraud, and scams, among other things.
Pornography is illegal in Spain now?
otherme123
Prostitution isn't illegal, is a-legal (the prostitutes register as waitress or similar). Pimping is illegal.
phillipseamore
hey, at least they've dropped terrorism and organized crime from the list of "if you support piracy you are really supporting..."
gnfargbl
That statement from La Liga is nothing short of embarrassing. Raving about child pornography, in a simple copyright infringement case? And the repeated focus on "IPs" is incredibly disingenuous; Cloudflare's multiplexing of half the internet onto a small number of IP addresses is not exactly a secret in the tech community.
Why are Spain's courts allowing this injunction to stand? It's clearly being used to bring the court system itself into disrepute at this point.
asveikau
From the link:
> Cloudflare has facilitated by knowingly protecting criminal organisations for profit
The propaganda is strong with these guys ...
xp84
I thought the government just forced their ISPs to block. Was CF involved at all?
dghlsakjg
It wasn’t a conversation. It was a court order.
pjc50
Cloudflare are apparently not involved. It's an order against local ISPs to block Cloudflare.
alprado50
It is insane that you could block access to hundreds of sites just because some people decided to watch an ilegal stream.
booi
try 45 million sites including many absolutely critical to people's lives and health.
wraptile
And people wonder why Spain is doing so poorly when tribal corporate entertainment takes such a priority over everything else.
tonyedgecombe
I wonder why you think "Spain is doing so poorly".
b00ty4breakfast
That a sports league was empowered by the courts to do this in first place is buck wild to me. I live in America, so it's not like I'm unaccustomed to the government giving preferential treatment to corporations but I cannot fathom a court allowing the NFL to tell ISPs to block IPs across the entire country.
pie_flavor
America produces many things more valuable than the NFL, is the difference. LaLiga is presently the single most valuable brand in Spain. When e.g. Google asks low-polarization parts of the government for things, it frequently gets them.
pulimento
hope that doesn't end on "monitoring the situation" and doing nothing. entire cloudflare IP blocks are being blocked, even on work days
e1g
We actually had to revert our rollout of CF Workers because enough of our users were in Spain and couldn’t access endpoints at seemingly arbitrary times (due to the matches)
estebank
Your customers should be proper Spaniards and be watching the match, hence not noticing the downtime! /s
dylan604
Your answer is better than mine
dylan604
They are only seemingly arbitrary to people that are not actually paying attention. Now that people are, the blocks are known in advance to those that look at a the schedule. Sure, it sucks to have to build this into your own schedule, but that's better than it happening "unexpectedly". You could do something crazy like import these times into your own calendar with reminders.
dbbk
I'm not sure what you're saying. Obviously the schedule of matches is public. But what are you suggesting the business does during this time...? Their site is offline.
richwater
Absolutely ridiculous to make people do that. What you're proposing is not a real solution. The real solution is to not block wide IP ranges at the random desire of some private football league.
oliverx0
Finally. For anyone affected by this, I have been using Clouflare WARP successfully to bypass this block.
kinow
I hadn't heard about Cloudflare WARP. Found this Reddit thread with questions/comments I also had, https://www.reddit.com/r/CloudFlare/comments/ldejnt/how_is_c..., and also what I think is CF's main website for WARP info, https://one.one.one.one/ (which I must confess I had never head even though I use 1.1.1.1).
I struggle with LaLiga's filter during matches, but I am more interested if it'll help with latency/speed. Have you noticed any different when using WARP vs. without it regarding Internet speed?
Thanks!
officialchicken
Great, this means Telefonica reliability goes from zero nines to still below zero nines.
loloquwowndueo
Joining a select club that includes GitHub and Anthropic yay
ACCount37
Nah, those two have a proud one nine of reliability. It just feels like it must be less when you eat every single outage to your face.
kevin_thibedeau
The lofty .88889
LocalH
Negative nines
aduwah
I wonder why didn't Cloudflare just say that technically they can't block the IPs for a short time as they have no mechanism to do it and it would take a significant amount of $$ to develop it.
Right after this statement they could have permanently block all the IPs and let the outraged customers make enough noise that would have prompt the government to act sooner.
undefined
pixel_popping
Love the hypocrisy (my IP is blocked):
403 ERROR The request could not be satisfied. Generated by cloudfront (CloudFront)
necubi
CloudFront may sound like Cloudflare, but it is an unrelated AWS service (https://aws.amazon.com/cloudfront/)
(Disclaimer: I work for Cloudflare)
Get the top HN stories in your inbox every day.
Context: last year LaLiga (top-level Spanish football league) obtained a court order compelling Spanish ISPs to block certain IPs during football matches, as those IPs have been associated with illegal streams of live matches. Many of those IPs are shared Cloudflare IPs, with the result being many legitimate sites become unavailable in Spain during LaLiga matches
https://cybernews.com/news/spain-laliga-streaming-piracy-cam...