Enlarge (credit: Getty Images)

At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not just employees but employees' family members as well.

In the case of Twilio, a San Francisco-based provider of two-factor authentication and communication services, the unknown hackers succeeded in phishing the credentials of an undisclosed number of employees and, from there, gained unauthorized access to the company's internal systems, the company said . The threat actor then used that access to data in an undisclosed number of customer accounts.

Two days after Twilio's disclosure, content delivery network Cloudflare, also headquartered in San Francisco, revealed it had also been targeted in a similar manner. Cloudflare said that three of its employees fell for the phishing scam, but that the company's use of hardware-based MFA keys prevented the would-be intruders from accessing its internal network.

Popular CDN and DDoS protection service Cloudflare has come under a lot of pressure from copyright holders in recent years.

The company offers its services to millions of sites, some of which offer access to copyright-infringing material.

Cloudflare prefers to remain a neutral service provider and doesn’t terminate clients based on DMCA notices. Instead, it forwards these to its customers, only taking action when it receives a court order.

Repeat Infringer Lawsuit

This stance is not appreciated by all rightsholders and in 2018 the service was taken to court over the issue. The case wasn’t filed by major entertainment companies, but by two manufacturers and wholesalers of wedding dresses. Not a typical “piracy” lawsuit, but it’s a copyright case that could have broad implications.

In a complaint filed at a federal court in California , Mon Cheri Bridals and Maggie Sottero Designs argued that even after multiple warnings, Cloudflare fails to terminate sites operated by counterfeit vendors. This makes Cloudflare liable for the associated copyright infringements, they said.

Cloudflare disagreed and both sides are now conducting discovery to collect evidence for an eventual trial. Among other things, the wedding dress manufacturers were asked to hand over detailed sales records. In addition, the CDN provider is also interested in the companies’ DMCA takedown partner XMLShop LLC.

Cloudflare Wants DMCA Takedown Evidence

Over the past few months, Cloudflare has tried to get further information on how XMLShop, which is also known as Counterfeit Technology , collects evidence for its takedown notices.

These takedowns play a central role in the lawsuit and XMLShop and its employees could provide crucial information. Thus far, however, Cloudflare hasn’t been able to get what it wants.

To resolve this issue, Cloudflare submitted a motion asking the court to compel the DMCA takedown company to comply with its requests for information. According to their filing, the company may be holding back important evidence.

“Plaintiffs and XMLShop, who use the same counsel, appear to be using XMLShop’s status strategically as a ‘non-party’ to conceal relevant documents from Cloudflare. The Court should reject their gamesmanship,” Cloudflare informed the court.

After serving two subpoenas, the takedown company only produced one document, Cloudflare notes. Meanwhile, the publicly available information on the company is highly confusing or even misleading.

Who Works at XMLShop?

For example, Cloudflare would like to question XMLShop’s employees, but the company hasn’t handed over an employee directory or payroll log that would reveal who works at the company.

“XMLShop has not been forthright about its operations, leaving Cloudflare in the dark as to who else may be a witness with relevant knowledge,” Cloudflare writes.

According to XMLShop’s attorney, the company only has one employee named Suren Ter-Saakov, but this claim is contradicted by its own website and Linkedin.

“XMLShop’s own public statements contradict its counsel’s statement. Its website boasts ‘a big team of professionals working in three offices, located in Ukraine, the United States, and Dominican Republic.

“And a LinkedIn profile for an individual named Blair Hearnsberger represents that she or he is the CEO at Counterfeit Technology,” Cloudflare adds.

Fake Profile

According to the takedown company’s attorney, this profile is fake and Blair Hearnsberger does not actually exist, but Cloudflare is not convinced. Therefore, it hopes that the court will compel XMLShop to verify who works at the company and in what roles.

In addition to finding information on possible employees, Cloudflare also requests further information on the software that Counterfeit Technology used to find infringing content.

Special Takedown Bots?

The wedding dress manufacturers claimed that their takedown partner “scours the internet with special bots designed to locate and identify the unauthorized use” but it’s unclear how this technology works.

Cloudflare would like to assess the software to see how accurate it is, especially since the company states that it spends only 10 seconds sending notifications of claimed infringement to all traffic sources.

“Its use — and the reliability — of that technology is at least relevant to the predicate allegations of direct infringement it asserts. It is also relevant to Cloudflare’s contention that it never received any notifications of claimed infringement from Counterfeit Technology that were valid,” Cloudflare writes.

The CDN provider asked the court to compel XMLShop to produce the subpoenaed documents. In addition, XMLShop should be held in contempt for failing to obey the subpoena and ordered to pay the legal costs Cloudflare incurred to submit the motion.

This week, XMLShop responded to the request stating that it has already produced everything it could. It views the remaining requests as incredibly broad, since these ask for “sensitive” trade secret information. It is now up to the court to make a final decision.

—

A copy of Cloudflare’s memorandum in support of its motion to compel XLMshop to comply with the subpoena is available here (pdf).

From: TF , for the latest news on copyright battles, piracy and more.

CDN provider Cloudflare is one of the leading Internet companies, providing services to millions of customers large and small.

The service positions itself as a neutral intermediary that passes on traffic while making sure that customers remain secure. Its userbase includes billion-dollar companies such as IBM, Shopify, and L’Oreal, but also countless smaller outlets.

With a company of this size, it comes as no surprise that some Cloudflare customers are engaged in controversial activities. This includes some pirate sites and services, which have landed Cloudflare in court on several occasions.

Last year there were two prominent cases against Cloudflare in Italy. In the first one, football league Serie A and Sky Italy requested Cloudflare to block the unauthorized IPTV service “IPTV THE BEST” and in a similar case, rightsholders wanted “ENERGY IPTV” blocked.

Cloudflare Appeals Blocking Injunctions

Cloudflare lost both cases and was ordered to block the services in question. While the company hasn’t commented on the legal actions in detail, it decided to appeal the two injunctions at the Milan court.

Last Friday, the court ruled on the “IPTV THE BEST” case, confirming that Cloudflare is indeed required to block access.

In its defense, Cloudflare argued that it doesn’t provide hosting services but merely passes on bits and bytes. In addition, it pointed out that the IPTV service could still remain active even if its account was terminated.

Cloudflare Facilitates Access

The court was not convinced by these arguments and concluded that Cloudflare contributes to the infringements of its customer by optimizing and facilitating the site’s availability.

“It is in fact adequately confirmed that Cloudflare carries out support and optimization activities to showcase sites, which allow the visibility and advertising of illegal services,” the court concluded.

That the IPTV service could continue without using Cloudflare is irrelevant, the court stressed.

In addition, the court confirmed that copyright holders are entitled to these types of protective blocking measures, even if the activity of the online intermediary itself is not directly infringing.

Dynamic Orders

The Milan court reached the same conclusion in Cloudflare’s appeal against the “ENERGY IPTV” injunction, which was decided yesterday. In both cases, the court also confirmed that the injunctions are “dynamic”, which means that if the IPTV services switch to new domains or IP-addresses, these have to be blocked as well.

While the ruling is a setback for Cloudflare, copyright holders are pleased. Attorney Simona Lavagnini, who represented Sky Italy, informs TorrentFreak that it will now be easier to hold online services accountable for infringing customers.

“I am pleased to see the position taken by the Court, confirming that injunction orders can be addressed to all providers involved in the provision of services to those who offer illegal contents on the web.

“This principle is now general and includes telecoms as well as passive hosting providers and other services such as CDNs,” Lavagnini adds.

We also reached out to Cloudflare for a comment on these recent court orders but the company didn’t immediately reply. The CDN provider previously confirmed that it has been legally required to block several domains, without going into further detail.

With regard to earlier blocking orders, Cloudflare said that it complies with these in the relevant jurisdictions. In other words, the targeted services remain available in other countries. Whether that’s also the case here is unknown.

Update: The legal team representing the Lega Nazionale Professionisti Serie A (LNPA), which includes Bruno Ghirardi, Stefano Previti, Alessandro La Rosa, and Riccardo Traina Chiarini, is happy with the outcome and told us the following:

“Cloudflare participates in activities that allow the visibility of the illicit services IPTV THE BEST and ENERGY IPTV – also through the storage of data from these sites – and participates in the flow of data in violation of the rights of LNPA.”

“This implies the legitimacy of targeting Cloudflare as a passive subject of the precautionary order, despite the possibility that, in the absence of Cloudflare’s services, illicit access to the protected content would be also possible.”

From: TF , for the latest news on copyright battles, piracy and more.

Earlier this year Texas-based model Deniece Waidhofer sued Thothub for copyright infringement after the site’s users posted many of her ‘exclusive’ photos.

While Cloudflare isn’t new to copyright infringement allegations, this case has proven to be more than a nuisance. The company previously countered the claims with a motion to dismiss, but Waidhofer and her legal team are not backing off.

In an amended complaint some of the most egregious allegations, including the RICO conspiracy, were dropped. However, the copyright infringement claims remain and with two new cosplay models joining the action, the list of defendants has grown.

Last week Cloudflare responded to these new allegations, again denying any wrongdoing. In addition, the company filed a separate motion for sanctions a few days earlier, accusing the defendants of fabricating a fatally flawed theory of contributory copyright infringement.

The issue revolves around Cloudflare’s “ Argo Tunnel ” service, which allows website operators to secure their systems from outside attacks. Put simply, it does so by routing all traffic to a site through Cloudflare’s network via an encrypted tunnel.

The models argue that Thothub used this Argo Tunnel and that the CDN provider could have shut the site down by disabling this service. That would counter Cloudflare’s defense that terminating Thothub’s account would have had a limited impact.

Cloudflare informs the court that the Argo Tunnel wasn’t created to help pirates, but to better secure the sites of its users. Not just that, it notes that Thothub never used this service.

“[I]t is clear that Argo Tunnel is a cyber security product of general applicability, created for and used by thousands of users,” the company writes.

“And fatal to Plaintiffs’ claims, Argo Tunnel was never used by the Thothub.tv website or any of its subdomains, which were the alleged source of the direct infringement.”

Cloudflare repeatedly told the defense attorneys that Thothub didn’t use the Argo Tunnel and warned of potential sanctions, but the claims were added nonetheless.

This went a step too far for the CDN provider which is now asking the court to sanction the defendants and their attorneys for failing to conduct a reasonable investigation.

In addition, they should be sanctioned for “knowingly or recklessly maintaining false and frivolous allegations for the improper purpose of harassing Cloudflare with overbroad copyright infringement claims,” the company writes.

Perhaps unsurprisingly, the models and their legal team aren’t happy with the accusations and swiftly fired back this week.

Turning the tables, their detailed reply accuses Cloudflare’s attorneys of failing to conduct a reasonable investigation and failing to provide evidence. For this conduct, Cloudflare’s lawyers should be sanctioned.

“Cloudflare’s counsel’s baseless and insulting accusations impugning Plaintiffs’ counsel’s integrity and professionalism, simply because Cloudflare and its counsel baldly assert the Argo Tunnel allegations are false,” they counter.

“Because the Motion is frivolous and apparently lodged for an improper purpose to circumvent discovery, obtain privileged information, drive up litigation costs, and delay, distract, harass, and intimidate Plaintiffs, it should be denied and Cloudflare should be sanctioned.”

The plaintiffs also provide further information that is supposed to substantiate their claims. Relying on an investigation from a technical expert, who previously worked at Akamai, they conclude that it’s reasonable to believe that Thothub indeed used the Argo Tunnel.

Part of this evidence is based on the “Error 1003 Access Denied: Direct IP Access Denied” message that appeared when accessing one of the site’s Cloudflare IP-addresses.

“Based on independent research, Mr. Bell learned that this error message indicated that the site could be using an Argo Tunnel,” the models’ lawyer writes.

While that may be true, it’s no guarantee. The same error message also appears when one tries to access TorrentFreak.com’s Cloudflare IP-address, and we don’t use the Argo Tunnel.

In addition, the plaintiffs allege that Thothub used server port 8443, arguing that this is “often” used to implement an Argo Tunnel.

At the end of the day, both parties are calling for sanctions over unsubstantiated claims. Cloudflare wants the frivolous Argo Tunnel claims removed from the complaint, while the models seek to punish Cloudflare for its frivolous call for sanctions.

It is now up to the court to decide if any sanctions are indeed needed, but it’s clear that this case is proving to be quite the handful.

—-

Cloudflare’s motion for sanctions is available here and the models’ motion can be found here

From: TF , for the latest news on copyright battles, piracy and more.

Earlier this year Texas-based model Deniece Waidhofer sued Thothub for copyright infringement after the site’s users posted many of her ‘exclusive’ photos.

Soon after the complaint was filed Thothub went offline . This prompted Waidhofer to shift priorities.

In an amended complaint, submitted a few weeks ago, Thothub is no longer a defendant. Instead, the lawsuit now focuses on several sites and services that did business with the pirate site, including CDN provider Cloudflare.

Cosplay Models Join Case Against Cloudflare

Another significant change is that Waidhofer is no longer the sole plaintiff. She is now joined by two cosplay artists, Ryuu Lavitz and Margaret McGhee, better known as OMGcosplay . Together, these models have millions of online followers.

When the original case was filed, Lavitz and McGhee hadn’t registered their photos at the Copyright Office. Both submitted their registrations for hundreds of works in September, after which they were able to join the case.

In addition to removing Thothub as a defendant and adding two plaintiffs, some of the strongest allegations were stripped from the original complaint. Cloudflare is no longer alleged to be part of a RICO conspiracy but is accused of direct and contributory copyright infringement.

The models claim that Cloudflare has carved out a competitive niche by serving illegal pirate sites that other large CDN companies like Akamai Technologies would not. It ‘helps’ these sites by concealing the real IP-address and by ‘storing’ their content, it’s alleged.

Motion to Dismiss

Cloudflare replied to these allegations by pointing out that it’s merely a middleman. The company has no knowledge of the traffic that passes through its network and doesn’t store content permanently, in most cases, but simply makes temporary “cache” copies.

“Under Plaintiffs’ wildly expansive theory of liability, the owner of any computer connected to the Internet could potentially be exposed to unlimited liability,” Cloudflare argued, adding that the complaint doesn’t show bad “intent”.

Based on these and various other deficiencies, the CDN provider asked the court to dismiss the case. However, the models disagree and recently submitted several counterarguments.

‘Cloudflare Helps Pirate Sites’

The models argue that Cloudflare was aware of the copyright infringements on Thothub, but chose not to do anything. Instead, it helped the site to cope with vast amounts of traffic so it could stay online. That’s what the site does for other pirate sites as well.

“Cloudflare easily could have limited Thothub’s infringement simply by terminating service, or by not delivering URLs that it had already been notified contained infringing content. But Cloudflare stood behind Thothub instead, as it does regularly for pirates everywhere. Indeed, Cloudflare has made a cottage industry out of indulging pirates.”

The plaintiffs say that Cloudflare is liable for contributory copyright infringement. The company’s decision not to take action helped Thothub to stay online and operate more efficiently. That is enough to be held liable, the models argue, referencing the ALS Scan case against Cloudflare.

“Cloudflare enabled Thothub to be operated securely on a vast scale. The law recognizes this as a material contribution that, with knowledge, creates liability,” they write.

Thothub Alternatives Still use Cloudflare

Without Cloudflare, Thothub’s site would have been “overrun and crashed.” Although it may have come back, that ‘simple measure’ would have made a difference, at least briefly. Cloudflare, however, decided not to act and it does the same for many similar sites today.

“The Complaint identifies nearly two dozen other pirate sites — all Cloudflare clients — that are Thothub copycats, including one called Thothub.ru that is nearly a direct clone,” the plaintiffs write.

In addition to contributory infringement, the models also accuse the company of direct infringement. They argue that the CDN provider made copies of Thothub files on its own accord and continued copying works after takedown notices were sent.

The reply to Cloudflare’s motion to dismiss is filled with allegations that will eventually have to be backed up with evidence. In addition to focusing on the case at hand, it also references an EU report which concluded that 62% of the world’s top 500 pirate sites use Cloudflare.

Daily Stormer and 8Chan

And, as we predicted a few years ago , Cloudflare’s decision to ban The Daily Stormer is also being brought up.

“Despite serving most of the world’s top pirate sites, on information and belief, Cloudflare has never voluntarily terminated services to a customer for repeat copyright infringement. Cloudflare has, however, voluntarily terminated services for other customer sites, including the American Neo-Nazi group Daily Stormer and the conspiracy website 8chan,” the reply reads.

It is now up to the US District Court for the Central District of California to decide whether the case against Cloudflare should be dismissed, or if the models can pursue their claims at trial.

—

A copy of Cloudflare’s motion to dismiss the first amended complaint is available here (pdf) and the reply from the models can be found here (pdf)

From: TF , for the latest news on copyright battles, piracy and more. We have some good VPN deals here for the holidays.

CDN company Cloudflare has grown to become one of the most useful and important companies on the Internet, serving millions of websites that in turn serve countless millions of users of their own.

One of Cloudflare’s key aims is to be viewed as a neutral intermediary but that status is being chipped away by elements of the entertainment industries. The problem is that some of Cloudflare’s customers are pirate sites but as a service provider, Cloudflare insists that passing on complaints should be enough.

The music and movie industries, on the other hand, would like Cloudflare to either stop doing business with ‘bad players’ or take more responsibility for their actions.

Cloudflare Won’t Compromise So Legal Action Followed

Cloudflare is tied up in several lawsuits around the world, not for its own actions per se, but for the actions of some of its customers. In Germany there has just been a very interesting development, one that could have far-reaching consequences for how Cloudflare does business there.

Back in February , Germany-based visitors to pirate music site and Cloudflare customer DDL-Music.to were served with a rare ‘Error 451’ by Cloudflare, meaning that the site had been made inaccessible for legal reasons. At the time, no other information had been made public but as the days passed, a clearer picture emerged.

Complaint Filed By Universal Music GmbH

Early June 2019, Universal Music GmbH (Germany) sent a copyright infringement complaint to Cloudflare after finding links on DDL-Music to tracks by German singer Sarah Connor. The files themselves were not hosted by DDL-Music but could be found on a third-party hosting site. Universal asked Cloudflare make the tracks inaccessible within 24 hours but Cloudflare didn’t immediately comply.

In a subsequent response to Universal, Cloudflare denied being responsible for the activities of DDL-Music. It suggested that the label should confront DDL-Music directly, handing over an email address and details of the site’s hosting provider for contact purposes.

What happened in the interim isn’t clear but in December 2019 a hearing took place at the Cologne District Court, during which the court found that Cloudflare could be held liable for the copyright infringements of DDL-Music, if the CDN company failed to take action.

On January 30, 2020, the Cologne District Court went on to hand down a preliminary injunction against Cloudflare, advising that should it continue to facilitate access to the Universal content in question, it could be ordered to pay a fine of up to 250,000 euros ($270,000) or, in the alternative, the managing director of Cloudflare could serve up to six months in prison.

Preliminary Injunction Made Permanent

According to a statement issued late Thursday by German music industry group BVMI, the Cologne Higher Regional Court has now confirmed the judgment of the Cologne District Court. This means that Cloudflare must block access to the pirated music being offered on the website of DDL-Music. While Cloudflare will not be able to comply with that specific order (DDL-Music moved on a while ago) the principle stands. In Germany at least, Cloudflare can be held liable for the infringements of its users.

“Cloudflare offers a so-called CDN (Content Delivery Network), which is misused by structurally copyright-infringing websites in order to evade legal prosecution through anonymization. The Cologne Higher Regional Court has now put a stop to this: It has obliged Cloudflare to block customer content that has been reported to it by rights holders, or otherwise block the customer’s entire website,” BVMI’s statement reads.

Decision Welcomed By the Music Industry as a Tool to Fight Piracy

According to BVMI, the decision of the court is particularly noteworthy since it’s the first time that a higher regional court has confirmed an injunction against “an anonymization service” that conceals the identities of the servers operated by pirate sites. This decision will make that more difficult in future, the group says.

“The decision of the Cologne Higher Regional Court strengthens the position of rights holders in an important field and is a clear signal: A service that helps others to evade legal prosecution through anonymization is also illegal,” comments BVMI CEO, Dr. Florian Drücke.

“The decision is a further success for our industry against offers on the Internet that cause considerable damage to creatives and their partners and whose business models are based on generating considerable income with third-party content without acquiring licenses for this content.”

René Houareau, Managing Director of Law & Politics at the BVMI says the importance of the decision cannot be underestimated.

“Little by little we are getting closer to the modern understanding of the responsibility of all players on the Internet – especially through ambitious court decisions like this one,” Houareau says.

“An anonymization service may not allow third-parties to distribute illegal offers while disguising the identity of the servers of structurally infringing websites. In other words, excuses no longer apply in such cases. The services have to recognize more and more that some smoke screens no longer work.”

The developments in Germany arrive on the heels of a similar court ruling in Italy , which also went against Cloudflare. Following a complaint from TV platform Sky Italy and Italy’s top football league Serie A, Cloudflare is now required to block the domain names and IP-addresses of a pirate IPTV service. In that matter, Cloudflare argued that it merely passes on traffic, but the court wasn’t convinced.

From: TF , for the latest news on copyright battles, piracy and more.

In recent years, many copyright holders have complained that Cloudflare does little to nothing to stop pirate sites from using its services.

The US-based company receives numerous DMCA notices but aside from forwarding these to the affected customers, it takes no action.

Cloudflare sees itself as a neutral intermediary that simply passes on bits. This approach is not welcomed by everyone and, as a result, the company has been placed on the EU piracy watchlist alongside familiar pirate sites such as The Pirate Bay, Seasonvar and Rapidgator.

Despite this callout, Cloudflare maintains its position. The company doesn’t want to intervene based on allegations from copyright holders and requests a court order to take action. These orders are very rare, but a few days ago the Court of Milan, Italy, set a precedent.

Sky and Serie A Sued Cloudflare

The case in question was filed by the TV platform Sky Italy and Lega Serie A , Italy’s top football league. The organizations requested a court order to stop various third-party intermediaries from providing access to “IPTV THE BEST”, a popular IPTV service targeted at an Italian audience.

Since the IPTV service is a Cloudflare customer the US-based CDN provider was also sued. The copyright holders demanded Cloudflare and several other companies including hosting provider OVH, and ISPs such as Vodafone, TIM, Fastweb, Wind and Tiscali, to stop working with the pirate service.

Last September, the Court of Milan sided with Sky and Serie A. It issued a preliminary injunction ordering the companies to stop working with the IPTV provider, regardless of the domain name or IP-address it uses.

Cloudflare objected to the claim. In its defense, the company pointed out that it isn’t hosting any infringing content. As a CDN, it simply caches content and relays traffic, nothing more. In addition, the Italian court would lack jurisdiction as well, the company argued.

Cloudflare’s Defense Falls Flat

Despite the fierce defense from Cloudflare, which extended the case by more than a year, the court didn’t change its position. In a recent order, it explained that it’s irrelevant whether a company hosts files or merely caches the content. In both cases, it helps to facilitate copyright-infringing activity.

This is an important decision because services like Cloudflare are hard to classify under EU law, which makes a general distinction between hosting providers and mere conduit services. The Italian court clarified that such classification is irrelevant in this matter.

“The ruling is unique in its kind because it expressly addresses the issue of the provision of information society services that are difficult to classify in the types outlined by the European eCommerce Directive,” attorney Alessandro La Rosa informs TorrentFreak.

Together with Mr. Bruno Ghirardi, his colleague at the law firm Studio Previti , La Rosa represented the football league in this matter. They worked in tandem with attorney Simona Lavagnini , who represented Sky Italy.

‘Unique and Important Ruling’

Lavagnini tells us that the ruling is important because it’s the first blocking order to be issued against a CDN provider in Italy.

“The order is important because, at least to my knowledge, it is the first issued against a CDN, in which the CDN was ordered to cease the activities carried out in relation to illegal services, also including those activities which cannot qualify as hosting activities,” she says.

“The recent order clearly says that the services of the CDN shall be inhibited because they help to allow third parties to carry out the illegal action which is the subject matter of the urgent proceeding, even if there is no data storage by the CDN,” Lavagnini adds.

TorrentFreak also reached out to Cloudflare for a comment but at the time of writing the company has yet to respond.

Cloudflare Blocking Becomes More Common

While the attorneys we spoke with highlight the uniqueness of the ruling, Cloudflare previously noted in its transparency report that it has already blocked 22 domain names in Italy following a court order. It’s not known what case the company was referring to there, but it affects 15 separate accounts.

The blocking actions will only affect Italians but in theory, they could expand. There are grounds to apply them across Europe or even worldwide, Lavagnini tells us, but that will likely require further clarification from the court.

This isn’t the first time that Cloudflare has been ordered to block a copyright-infringing site in Europe. Earlier this year a German court ordered the company to block access to DDL-Music , or face fines and a potential prison sentence.

In Italy, the CDN provider was also required to terminate the accounts of several pirate sites last year. However, in that case, Cloudflare was seen as a hosting provider due to its “Always Online” feature. Also, that court order didn’t mention geo-blocking or blocking in general.

From: TF , for the latest news on copyright battles, piracy and more.

As one of the leading CDN and DDoS protection services, Cloudflare is used by millions of websites across the globe. This includes many pirate sites.

Copyright holders would ideally like the company to cease its ties with these platforms, but Cloudflare sees things differently. It positions itself as a neutral third-party intermediary that will only take action in response to valid court orders.

Cloudflare DMCA Subpoenas

Thus far, court orders that have required Cloudflare to block or terminate a pirate site have been very limited. More commonly, rightsholders obtain DMCA subpoenas from US courts requiring the CDN provider to hand over information it has on the operators of pirate sites.

During the first half of 2020, Cloudflare received 31 of these requests which targeted 83 accounts. Many of these were adult sites or relatively smaller pirate portals. This month, however, the anti-piracy coalition ACE has upped the ante.

Last week we reported that ACE had obtained a subpoena to go after several pirate streaming sites . This week the crackdown continues, with the anti-piracy coalition requesting Cloudflare to expose information associated with The Pirate Bay and many other high profile sites.

ACE Targets The Pirate Bay and Other Top Pirate Sites

The list of targeted sites ( 46 in total ) includes several of the top torrent sites , including YTS, 1337x, EZTV, LimeTorrents, and Tamilrockers. Other high profile non-English targets such as Cinecalidad, Pelisplus, Gnula, Altadefinizione, and DonTorrent are listed as well.

The subpoena is requested by the MPA’s Jan Van Voorn, who writes on behalf of ACE and its members Amazon, Columbia Pictures, Disney, Netflix, Paramount Pictures, and Universal City Studios. The requested information will help the anti-piracy group to investigate the sites in question.

“The purpose for which this subpoena is sought is to obtain the identities of the individuals assigned to these websites who have exploited ACE Members’ exclusive rights in their copyrighted works without their authorization,” the request reads.

“This information will only be used for the purposes of protecting the rights granted under Title 17, United States Code,” Van Voorn adds.

Cloudflare Will Hand Over Personal Details

At the time of writing the subpoena has yet to be signed off by a court clerk, but that is usually not a problem. ACE will then forward it to Cloudflare which will hand over the requested details , including names, IP-addresses, email addresses, physical addresses, phone numbers, and payment details.

How useful the provided information will be to ACE remains to be seen. Many of the affected pirate sites should be aware of the possibility that their information can be shared, and could have taken precautions.

Why Now?

Aside from the many high profile targets in this legal request, ACE’s sudden attention to Cloudflare DMCA subpoenas is interesting by itself.

In the span of just a few days, ACE has asked the company to identify the operators of more than 80 sites. Many of these sites, including The Pirate Bay, have been Cloudflare customers for years. Why ACE has decided to take action now, as opposed to years ago, is unknown.

—

A copy of ACE’s request for a DMCA subpoena, submitted to a California federal court, is available here (pdf) . A full list of all the affected domain names is provided below.

– yts.mx
– pelisplus.me
– 1337x.to F
– seasonvar.ru
– cuevana3.io
– kinogo.by
– thepiratebay.org
– lordfilm.cx
– swatchseries.to
– eztv.io
– 123movies.la
– megadede.com
– sorozatbarat.online
– cinecalidad.is
– limetorrents.info
– cinecalidad.to
– kimcartoon.to F
– tamilrockers.ws
– cima4u.io
– fullhdfilmizlesene.co
– yggtorrent.si
– time2watch.io
– online-filmek.me
– lordfilms-s.pw
– extremedown.video
– streamkiste.tv
– dontorrent.org
– kinozal.tv
– fanserial.net
– 5movies.to
– altadefinizione.group
– cpasmieux.org
– primewire.li
– primewire.ag
– primewire.vc
– series9.to
– europixhd.io
– oxtorrent.pw
– pirateproxy.voto
– rarbgmirror.org
– rlsbb.ru
– gnula.se
– rarbgproxied.org
– seriespapaya.nu
– tirexo.com
– cb01.events
– kinox.to
– filmstoon.pro
– descargasdd.net

From: TF , for the latest news on copyright battles, piracy and more.