Internet infrastructure company Cloudflare provides a range of connectivity and security services to millions of customers around the globe.

In addition to Fortune 500 companies and governments across various continents, the American company also provides its services to pirate sites.

In recent years, rightsholders have urged Cloudflare to take a more proactive stance against piracy. Their primary concern is that Cloudflare ‘hides’ the true hosting location of pirate sites, making enforcement actions more cumbersome.

Cloudflare takes a neutral stance, but it does cooperate in certain circumstances. The company has a process in place to disclose hosting information with eligible rightsholders, for example, and will also share details of allegedly pirating customers in response to DMCA subpoenas.

As far as we know, Cloudflare has not terminated any customers solely based on copyright holder complaints. This frustrated Italian broadcaster RTI up to the point where it decided to go to court.

RTI Sued Cloudflare over Pirate Site

April this year, RTI filed a complaint at the Court of Rome in an attempt to compel Cloudflare to take action against ‘Guardaserie’, a site that offers access to pirated TV streams. Guardaserie is already blocked by Italian ISPs, but it continues to operate and repeatedly switches to new domains to evade blocking actions.

Through the court, RTI wants Cloudflare to cease providing its services to Guardaserie and block all associated domain names. In addition, the broadcaster wants Cloudflare to reveal all information it holds that could help to identify the operator or operators.

RTI informed the court that Cloudflare took no action in response to a cease and desist letter it sent earlier this year. According to the broadcaster, it is nonetheless undisputed that Guardaserie offers pirated content, which was backed up by an external report by the company SP Tech.

Cloudflare did not appear in court or present a defense against the allegations, but that didn’t stop the court from taking the matter forward.

Court Deems Cloudflare Liable

After reviewing the evidence, the Court of Rome agreed that the targeted website infringes Italian copyright law and that Cloudflare can be held liable due to its failure to respond to complaints.

According to the Court, Cloudflare’s inaction makes it harder for rightsholders to identify and block pirate sites.

“With respect to those infringements, it appears prima facie that the company Cloudflare inc. is a responsible intermediary pursuant to Article 156 of the Italian Copyright Law,” the decision reads.

“It provided services aimed at preventing the identification of the portals and the location of the servers of their owners, as well as technical support services to the portals, without taking any action to end those activities despite the cease and desist letter sent to it by the counterparty.”

Court: Disconnect, Block, and Identify Guardaserie

The Court of Rome ruled in favor of RTI and ordered Cloudflare to immediately cease providing services to Guardaserie. It further required Cloudflare to disclose any identifying account information connected to the operators of the infringing domains.

Guardaserie is a Cloudflare customer so, technically, domains should become unavailable through its services when the associated account is terminated. However, the court additionally orders Cloudflare to ‘block’ Guardaserie domain names.

And it doesn’t stop there.

The domain blocking order applies to all existing domain names, but also to domains that are registered in the future to bypass blocking measures. When RTI reports future domains to Cloudflare, these should be blocked as well.

“[The court] orders the blocking of said domain names that associate a different top-level domain with the same second level domain, burdening Cloudflare Inc. with notification to RTI of any additional names activated by Cloudflare accounts,” the order reads.

Cloudflare’s Stance

The Court of Rome’s order was issued late May but, as far as we know, hasn’t been publicly discussed until today. Cloudflare hasn’t mentioned it so far, and the company didn’t immediately respond to our request for comment.

At the time of writing, it appears that guardaserie.biz is still using Cloudflare’s nameservers that currently redirect to guardaserie.school. This new domain also uses Cloudflare nameservers.

Guardaserie.school leads to a partly broken website with missing content and a malware warning from Google, so the operators may have moved on by now. There are other domains using the Guardaserie brand that are still functional.

It’s possible that Cloudflare appealed the preliminary order, which could explain the apparent inaction, but we have no information to confirm that.

The Court of Rome’s order includes a penalty clause of €1,000 per day if Cloudflare doesn’t comply, so ignoring the order without proper cause could potentially come at a cost.

This is not the first time Cloudflare has faced legal action in Italy. The company was previously ordered to block pirate site domains though its 1.1.1.1 DNS resolver . It complied with this order by implementing a geo-block that only affects Italian users. An Italian court also ordered Cloudflare to terminate accounts of pirate customers in the past.

—

A copy of the Court of Rome’s order against Cloudflare is available here (pdf)

From: TF , for the latest news on copyright battles, piracy and more.

The Alliance for Creativity and Entertainment ( ACE ), arguably the world’s most active anti-piracy coalition, is backed by dozens of major rightsholders.

The group is largely managed by the Motion Picture Association, which has requested many DMCA subpoenas on its behalf over the past few years.

New Subpoena Round

After the MPA’s former Chief of Global Content Protection Jan Van Voorn left for a new opportunity , ACE went quiet on the subpoena front. The legal requests were always signed by Van Voorn, so someone else had to fill this role going forward. But who?

The answer arrived late last week when several new subpoena requests were docketed at a California federal court. The requests are similar to those seen before, now signed by Dani Bacsa, MPA’s Deputy Chief of Content Protection.

Through the subpoenas, ACE asks Cloudflare and the .To domain registry (Tonic) for information related to several domain names. These targets can be broadly divided into three groups – streaming sites, apps, and IPTV services – some with dozens of millions of monthly visits.

Pirate Streaming Sites

Anime site Anitaku is the most prominent target, with more than 125 million visits between March and May. However, other sites such as Goojara and Kickassanime have no traffic shortage either.

The subpoenas target a total of 17 pirate streaming site domains. ACE and the MPA hope that, through their requests for information, they can learn more about the identities and whereabouts of the operators.

Domain	3 Month Visits
Anitaku.so	127 million
Anitaku.to	94 million
Goojara.to	82 million
Kickassanime.mx	55 million
Animesonlinecc.to	54 million

Piracy Apps and IPTV

In addition to streaming sites, ACE has also listed domain names of websites that offer downloads to dedicated piracy apps including ‘Gold Core App’, ‘Live NetTV’, ‘RedPlay’ and ‘MagisTv’.

In addition, the subpoenas include domain names of IPTV portals such as Atlaspro, Newtelevision, and Honeybeeiptv. The latter is particularly popular in Singapore, where it’s one of the most visited sites in the Computers and Technology category.

As with the other sites and services, links to show how these domains match to infringing titles are included for each domain.

The goal of these proposed subpoenas is to require Tonic and Cloudflare to share identifying information on the users who maintain the associated accounts. That includes any names, physical addresses, IP addresses, e-mail addresses, payment information, and account histories.

Helpful, Not Perfect

Most operators of pirate sites and services know that ACE can obtain these DMCA subpoenas. They often preempt this by using false information. However, according to MPA’s Deputy Chief of Content Protection, Dani Bacsa, these efforts can still pay off.

Speaking with TorrentFreak, Bacsa says that the subpoenas are part of a legal tool set used to unmask pirates behind mass-scale infringing services. The MPA can’t share its success rate, but subpoenaed information has been fruitful in multiple cases.

Ideally, ACE, MPA, and other rightsholder representatives would like intermediaries to verify their customers’ identities.

Without referring specifically to Cloudflare or Tonic, Bacsa confirms that it would be a positive step if online intermediaries adopted robust ‘Know Your Business Customer’ (KYBC) procedures.

“Applying a KYBC policy will also ensure legal compliance, enhance security, prevent fraud, and protect the intermediary’s reputation by verifying the legitimacy of its business customers and mitigating associated risks,” Bacsa concludes.

—

A full list of all targeted domains is available below. The associated paperwork can be found here ( 1 , 2 , 3 , 4 , 5 , 6 ).

– vegamovies.to
– goojara.to
– supernova.to
– animesonlinecc.to
– anitaku.to
– ssoap2day.to
– anitaku.so
– braflix.video
– kickassanime.mx
– movieffm.net
– hdtodaytv.icu
– animepahe.com
– animepahe.org
– gogoanime.me
– soaper.tv
– soap2day.tf
– soap2day.qa
– vegamovies.to
– gold.coreplay.tv
– livenettv.bz
– redplaycard.com
– magistv.app
– atlaspro.tv
– atlaspro.io
– newtelevision.online
– best-usahosting.com
– honeybeeiptv.com

From: TF , for the latest news on copyright battles, piracy and more.

0

In France, where laws were introduced with site-blocking and similar anti-piracy measures already baked in, entertainment giant Canal+ seems intent on taking full advantage.

Like similar broadcasters with lucrative sports rights to exploit, Canal+ has a subset of viewers who prefer to consume from pirate sources which charge much less, or even nothing at all.

To maximize its existing site-blocking efforts through local ISPs, the French broadcaster has now taken the logical, albeit controversial, next step on the site-blocking ladder.

DNS Tampering at the Local ISP Level

In 2023, Canal+ went to court in France to tackle pirate sports streaming sites including Footybite.co, Streamcheck.link, SportBay.sx, TVFutbol.info, and Catchystream.com. The broadcaster said that since subscribers of local ISPs were accessing the pirate sites using their services, the ISPs should prevent them from doing so.

When the decision went in favor of Canal+, ISPs including Orange, SFR, OutreMer Télécom, Free, and Bouygues Télécom, were required to implement technical measures. Since the ISPs have their own DNS resolvers for use by their own customers, these were configured to provide non-authentic responses to deny access to the sites in question.

In response, increasingly savvy internet users that hadn’t already done so, simply changed their settings to use different DNS providers – Cloudflare, Google, and Cisco – whose resolvers hadn’t been tampered with; at least not yet.

One More Step Up The Ladder: Public DNS Tampering

Use of third-party DNS providers to circumvent blocking isn’t uncommon so last year Canal+ took legal action against three popular public DNS providers – Cloudflare ( 1.1.1.1 ), Google ( 8.8.8.8 ), and Cisco ( 208.69.38.205 ), demanding measures similar to those implemented by French ISPs.

Tampering with public DNS is a step too far for many internet advocates but for major rightsholders, if the law can be shaped to allow it, that’s what will happen. In this case, Article L333-10 of the French Sports Code (active Jan 2022) seems capable of accommodating almost anything.

When there are “serious and repeated violations” by an “online public communication service” whose main objective is the unauthorized broadcasting of sports competitions, rightsholders can demand “all proportionate measures likely to prevent or put an end to this infringement, against any person likely to contribute to remedying it.”

Google, Cloudflare, and Cisco Ordered to Prevent Circumvention

Two decisions were handed down by the Paris judicial court last month; one concerning Premier League matches and the other the Champions League. The orders instruct Google, Cloudflare, and Cisco to implement measures similar to those in place at local ISPs. To protect the rights of Canal+, the companies must prevent French internet users from using their services to access around 117 pirate domains.

According to French publication l’Informé , which broke the news, Google attorney Sébastien Proust crunched figures published by government anti-piracy agency Arcom and concluded that the effect on piracy rates, if any, is likely to be minimal.

Starting with a pool of all users who use alternative DNS for any reason, users of pirate sites – especially sites broadcasting the matches in question – were isolated from the rest. Users of both VPNs and third-party DNS were further excluded from the group since DNS blocking is ineffective against VPNs.

Proust found that the number of users likely to be affected by DNS blocking at Google, Cloudflare, and Cisco, amounts to 0.084% of the total population of French Internet users. Citing a recent survey, which found that only 2% of those who face blocks simply give up and don’t find other means of circumvention, he reached an interesting conclusion.

“2% of 0.084% is 0.00168% of Internet users! In absolute terms, that would represent a small group of around 800 people across France!”

Court Rejected Arguments Against Blocking

In common with other courts presented with the same arguments, the Paris court said the number of people using alternative DNS to access the sites, and the simplicity of switching DNS, are irrelevant.

Canal+ owns the rights to the broadcasts and if it wishes to request a blocking injunction, it has the legal right to do so.

The DNS providers’ assertion that their services are not covered by the legislation was also waved aside by the court.

Google says it intends to comply with the order. As part of the original matter in 2023, it was already required to deindex the domains from search results under the same law.

At least in theory, this means that those who circumvented the original blocks using these alternative DNS services, will be back to square one and confronted by blocks all over again.

Given that circumventing this set of blocks will be as straightforward as circumventing the originals, that raises the question of what measures Canal+ will demand next, and from whom.

Tribunal Judiciare de Paris | Canal+ | Cloudflare/Google/Cisco
Premier League	UEFA Champions league
footybite.cc	footybite.tv
footybite.io	hesgoal.today
hesgoal.name	redditsoccerstreams.org
pirlotv.app	rsoccerstreams.net
reddit-soccerstreams.com	soccerstreams.football
redditsoccerstreams.tv	soccerstreamshd.com
streameast.gg	totalsporteks.net
volokit.to	sportsurge.app
totalsportek.ac	redditsoccerstreams.xyz
soccerstreamlinks.com	hesgoals.top
socceron.name	hdmatch.club
lacasadeltikitaka.net	bitestreams.net
streamseast.ai	livesoccer.sx
bestsolaris.com	footybite.one
radamel.icu	techclips.net
sports.f1livestream.top	sports.f1livestream.top
backfirstwo.site	reddit.soccerstreamshd.com
reddit.volokit.to	extratime.live
hitsports.pro	streameast.top
tvhd.tutvlive.site	soccerstreams.app
dotsport.live	freeviplive.com
dotsport1.com	fapxy.info
elkoora.live	1l1l.to
fel3ardaa.com	futbolonlinetv.club
golkoralive.com	hesgoal.world
silapathikaram.com	hesgoaltv.me
cainsoffering.net	sporthd.me
golkoralive.live	cdnz.one
kkooralives.com	ivesoccer.sx
koora-live.io	livetv705.me
kooralivs.com	livetv706.me
kora4live.net	pirlotvhd.online
live-kooora.com	rojadirectatv.uno
livekooora.online	soccerstreams100.io
live-kooora-tv.com	tarjetarojaenvivo.me
live-kooora-tv.net	tarjetarojatvhd.com
livekoora.io	stream.pajitotv.info
live-koora.online	hesgoaled.com
livetv707.me	1.ivesoccer.sx
livetv708.me	embx214129.apl275.me
monlive.info	emb.apl275.me
rojadirectaenvivotv.me	embx214161.apl275.me
rojadirectaes.org	stream.rodrixtv.info
awtsport.com	fk9.pw
live7.pro	m.soccerstreams100.io
sportsonline.so	ovo-line.com
4koora.elkoora.live	sportschamp.fun
f.fel3ardaa.com	givemereddit.eu
v3.sportsonline.sx	streamseast.ai
kora.live-koora.live	tazz.tv
alkora.golkoralive.live	embx214374.apl275.me
kooralive.koora-live.io	hd.espnv2.online
m.koora-live.io	embx210801.apl275.me
syria-live.us
4kooralive.live-kooora.com
5kooralive.live-kooora.com
tvkoora.livekooora.online
mypanlss.store
koora.live-kooora-tv.net
v2.sportsonline.so
kora.livekoora.io
koras.live-koora.online
embx214129.apl274.me
embx210130.apl276.me
capodeportes.run
sports-stream.info
topstreams.me
sports.chelsealivestream.com
sportsleading.online

From: TF , for the latest news on copyright battles, piracy and more.

After initially denying that Italy’s new Piracy Shield anti-piracy platform had been responsible for any over-blocking, last week telecoms regulator AGCOM conceded that an IP address belonging to Cloudflare had been blocked in error .

While that might be considered progress of sorts, the incident was downplayed as minor on the basis it was rectified a few hours later. No consolation for the many Cloudflare customers affected, of course, but that particular problem isn’t going away. Cloudflare is encouraging its customers to file complaints to draw attention to the perils of widespread blocking measures.

Yet despite calls for more transparency, not to mention an obvious need, AGCOM is still not reporting the IP addresses subjected to blocking, instead preferring to report the volume of IP addresses blocked instead. While the latter is not unimportant information, only the former can shine light on cases where IP addresses are blocked in error. Or when IP addresses are blocked despite the legal provision that prohibits blocking when IPs are not exclusively used for piracy.

New Third-Party Service Imposes Transparency

Official providers of all types of content have understood for some time that if they don’t meet demand, someone else will do it for them. After calls for transparency appeared to fall on deaf ears, transparency has been imposed on the Piracy Shield system thanks to a new, unofficial third-party system: Piracy Shield Search .

The most important feature of the service is the ability to enter an IP address or a fully qualified domain name (FQDN) to find out whether they’re on the Piracy Shield system.

The image below consists of an original blocking order (translated from Italian) issued in response to a blocking application by Sky Italia. To protect Sky’s broadcasting rights for FIM MotoGP World Championship and the Motul FIM Superbike World Championship, the domain http://live.vitocatozzo.eu was added to the Piracy Shield system.

The response from Piracy Shield Search added by us directly underneath the relevant section in the application confirms that the domain was indeed placed on the blocklist. The response also provides the time the rightsholder or its representative added the ticket to the system, which acts as the instruction for ISPs to go ahead and start blocking.

Rightsholder Tickets and Top AS By IP Address

The Piracy Shield Search system shows data relating to currently active blocking, not the total number of requests made or IP addresses/domains blocked to date.

In the image below we can see that 662 rightsholder tickets are currently live, and together they target 2,849 IPv4 IP addresses, zero IPv6 IP addresses, and 6,601 fully qualified domain names. The panel on the right shows the top AS (autonomous systems) ranked by the total number of IP addresses allocated to the AS that are currently subject to blocking.

The ticket panel on the left shows that the system deployed in Italy operates similarly to the blocking system operated in the UK.

Much is made in the media about the requirement to block IP addresses and domains within 30 minutes, possibly to imply that blocking takes place mostly during live matches. However, the two items at the top of the list show that IP addresses and domains are typically added in bulk, long after matches finish or, alternatively, long before they actually start.

Tickets Reveal More Blocking Blunders

The people behind Piracy Shield Search have decided to partially redact IP addresses requested for blocking in rightsholder tickets. Since the search facility on the front page responds to requests for specific IP addresses, there’s no need to expose the IP addresses in full here.

However, since the names of the hosts are displayed in full, it’s possible to determine whether the IP addresses that appear on the left are likely to be operated by CDN companies. More importantly, there may also be enough information to determine whether multiple services potentially share the IP address.

In a post to X, developer and researcher Matteo Contrini confirms what many people had suspected; Cloudflare isn’t the only major CDN provider whose IP addresses have ended up on the Piracy Shield system.

“The platform #PiracyShield is blocking 15 Akamai IP addresses! Not only Cloudflare but also the largest CDN in the world…,” Contrini notes.

The data suggests that transparency is a double-edged sword. Without transparency, there’s no scrutiny, and no specific fuel for criticism. When transparency exists, whether voluntarily or by imposition, scrutiny ensures that criticism can be backed up by data provided by the system itself.

What transparency offers that opacity never does, however, is a powerful incentive to do better. Whether the addition of these IP addresses is due to blunder after uncorrected blunder isn’t clear, but the alternative is unquestionably much worse.

From: TF , for the latest news on copyright battles, piracy and more.

Read 10 remaining paragraphs | Comments