A report published by the European Commission last month assessed whether its Recommendation of May 2023 had made a difference in the fight against pirated streams.

No significant improvement ” was the downbeat conclusion.

From the perspective of top-tier Spanish football league, LaLiga, new legislation is the only workable solution, and it needs to be implemented in Europe, sooner rather than later.

LaLiga Claims to Have Slashed Piracy in Half, Give or Take

At the same time as urgently calling for new legislation, LaLiga claims to have reduced piracy of its content in Spain by as much as 60% . This was achieved under existing legislation for the season that concluded at the end of the summer. A 40% reduction, the lower figure previously cited by LaLiga, would still be unprecedented.

Yet, in the context of LaLiga’s court-ordered authority, which permits aggressive blocking of almost any site or service facilitating access to pirate streams of its premium content, such results are not absolutely impossible, at least in measured short bursts. LaLiga regularly laments Cloudflare’s refusal to prevent piracy platforms from using its services and for every week that remains the case, Cloudflare IP addresses – utilized by pirates and regular customers alike – are blocked by Spanish ISPs.

LaLiga reports that in May 2025, 38% of piracy involving LaLiga content “was distributed through Cloudflare’s infrastructure.” So at least on paper and without considering circumvention and other factors, aggressive yet effective blocking of Cloudflare would in theory be sufficient to claim a ~40% reduction in piracy rates.

The problem, which has thus far proven impossible to solve, is how blanket denial of service to piracy platforms can be executed without subjecting innocent parties to the same fate.

Internet Private Security Guard

As Head of Web Application Protection at DDoS-Guard , a Russian Internet company providing protective online services, Dmitry Nikonov understands the importance of connectivity. Operating in broadly the same market as Cloudflare, DDoS-Guard has been paying close attention to the events playing out in Spain.

LaLiga’s legal authority allows it to block Cloudflare and in the event that DDoS-Guard’s services also become a concern, there would be no legal barrier to prevent it from being treated in much the same way. The consequences of non-compliance seem to have alarmed Nikonov.

“This is happening right now, in the fall of 2025, and the scale of this phenomenon is astonishing. It seems LaLiga is beyond control,” Nikonov writes in a column for Forbes Russia .

“LaLiga can essentially apply a ‘piracy’ mask to entire ranges of addresses, often affecting endpoints that are not directly related to illegal broadcasts.”

‘Private Regulation’ of the Internet

Nikonov believes the authority delegated to LaLiga should serve as a wake-up call for the global internet. He says that the authority to interfere with internet functioning has elevated the company to a powerful position; the big question is whether anyone can do anything about it.

“LaLiga is becoming a private regulator: not a state or an independent regulator, but a commercial organization that has delegated authority to interfere with network infrastructure. Football matches have become the pretext for a large-scale experiment on the internet, testing whether there is anyone to protect its freedom,” Nikonov says.

“If the football league has such powers today, then nothing will stop other major players from acquiring them tomorrow. We’re talking about media holdings, streaming companies, and corporations for whom content is not entertainment, but a source of profit.”

Trade Barriers, No Legal Recourse

In a late October submission to the 2026 National Trade Assessment Report, Cloudflare warned the Trump administration that Spanish courts allow rightsholders to request “overbroad court orders” that cause collateral damage affecting tens of thousands of legitimate websites.

Since the Spanish government has chosen not to intervene, and “no judicial opportunity for remedy” currently exists, Cloudflare said that creates “significant trade barriers between the countries.”

Nikonov uses similar terms to those used in a Cloudflare-commissioned report released in the summer . “The internet will become fragmented,” he says, before reminding readers that state institutions won’t be responsible, but commercial organizations shielded by government.

“This scheme avoids public debate (the Spanish parliament refused to consider the issue, citing a court ruling) and instead considers the proportionality of the measures. Under the guise of copyright protection, a tool is emerging that allows commercial players to directly influence the accessibility of parts of the internet, bypassing legal proceedings.

“Access to resources will be determined not by technical standards, but by the interests of private corporations with administrative resources,” he warns.

More Powerful Tools Than Previously Reported?

Nikonov suggests that more powerful tools are being deployed in Spain, beyond simple DNS blocking. He claims that a key role belongs to the National Telecommunications Market Commission (CNMC), which, at the behest of LaLiga issues “mandatory directives” to all Spanish ISPs, urging “the fastest possible compliance.”

“[This] effectively forces them to implement DNS and BGP filtering. Border Gateway Protocol is the primary dynamic routing protocol on the internet,” he continues.

A phrase often used to convey the importance of BGP is simple but effective: BGP is the glue that holds the internet together . That’s not overblown or alarmist ; but some would argue that meddling with it is.

“As a result, telecom operators are becoming the enforcers of state anti-piracy policies. What we’re facing is no longer an isolated failure, but a testing of a model that sets a precedent for new internet governance — a private corporation, through the regulator, gains de facto access to leverage over network infrastructure.”

Regulation and Using the Same System For ‘Something Else’

It’s possible that at some point there will be calls for site blocking to be regulated, but according to Nikonov, some may welcome that with open arms.

“[M]odern digital ecosystems are structured in such a way that anyone who gains access to regulatory levers automatically gains power over the infrastructure used by millions of people. In other words, the internet today is no longer a distributed network, but a set of control points, each of which becomes a juicy target,” he notes.

“And if today this point is used to protect football broadcasts, tomorrow it will be used for something entirely different.”

From: TF , for the latest news on copyright battles, piracy and more.

Investigations, prosecutions and substantial prison sentences are an important part of the anti-piracy arsenal. The public downfall of a prolific pirate provides the kind of deterrent messaging that can put people off before they even get started.

At least, that’s a possibility, if everything goes according to plan.

Sky Investigates TikTok Star

UK man Simon Hannigan is a popular food and cooking star on social media. Active on Facebook, Instagram, and TikTok, his ‘DadtheDish’ account on the latter has over 523,000 followers and 6.4 million likes.

At what point Sky’s investigation linked Hannigan to piracy is unclear but at his sentencing last week, his Facebook groups – including one with 4,775 members – were described as “shop windows” for his sales of pirate IPTV subscriptions. Reportedly using streams sourced from an operation in Europe, Hannigan’s Android app provided 3,500 channels (including those belonging to Sky) for £28 for six months or just £50 per year. Payments for subscriptions were recorded as “paid adverts.”

According to local news outlet MEN , business was good.

“The court heard how Hannigan had previously gloated about his success in text messages, claiming that ‘business was booming’ and ‘phones were blowing up’.”

Sky Investigates, Police Step in to Make the Arrest

On March 23, 2022, what’s described as a Sky-led investigation culminated in Hannigan’s arrest. He reportedly confessed to providing ‘links’ but denied breaching copyright laws, “arguing he wasn’t in control of the system,” MEN reports.

“One of the ‘mother systems’ used to facilitate the operation was based in Europe, serving 50 million people globally,” the publication continues.

The investigation eventually traced 2,644 payments made directly into Hannigan’s bank account, together worth around £152,000.

His arrest in March 2022 apparently came as a relief; the now 35-year-old said being a ‘downstream middle man’ was ‘very difficult’ and took its toll. He was reportedly glad to see an end to the stress it had caused him but with a potential prison sentence looming at his sentencing last Thursday, would the stress return?

Sentencing

At Preston Crown Court, Hannigan received a two-year sentence suspended for 24 months, and was told to carry out 250 hours of unpaid work. So perhaps some stress, but nothing compared to the stress of a Manchester prison. For a legal system that currently hands down years in prison for offensive tweets, Hannigan might consider himself lucky.

He pleaded guilty to offenses that began in 2019 and only ended upon his arrest three years later; participating in a fraudulent business, concealing and transferring criminal property, and providing a service contrary to copyright law.

Local news reports published Friday following Hannigan’s sentencing are notable for something else; the complete absence of official commentary.

No statement from Sky is unusual, something that also raises questions about the nature of the prosecution. In common with the Premier League, Sky often carries out private prosecutions and the mention of a Sky-led investigation does seem to point in that general direction. If that’s indeed the case, balancing the prospect of future prosecutions against community service may be a difficult exercise.

The absence of any commentary from regional police is unusual too, even when considering the lack of a custodial sentence. The absence of both Sky and police is even more unusual but whether the suspended sentence dampened enthusiasm is unknown.

Whether Hannigan’s mitigation tipped the scales is unclear, but a closer look at his portrayal in the media is certainly interesting.

Get Knocked Down, and Keep Getting Back Up Again

Even before his arrest in 2022, Hannigan had appeared in national media. In April 2021, an interview with prominent broadcaster ITV revealed how 11 years earlier, Hannigan found himself homeless and living in a second hand £250 car.

A 2023 interview with national newspaper The Sun revealed that those days were long gone.

“A chef who makes thousands from sharing recipes online used to be homeless and living out of his car,” the interview begins.

“Simon makes between £2,500 – £5,000 per post, collaborating with some of the UK‘s biggest supermarket and homeware brands for sponsored content. His creative endeavor began as a bit of fun two years ago when he set up an Instagram teaching people how to cook during lockdown.”

The article also mentions how Hannigan made the leap from sleeping in a car to selling lots of them. Hannigan told The Sun he sold the car after being motivated by a kind stranger and then immediately launched a new business.

“I turned that one car into eighty cars with six months, buying and selling them, for £2,000 each,” he said, adding that landed him a job at Ford and at just 24, he became “head of business” at Ford UK on a salary of £150,000. Then he started his own recruitment company, a a post on LinkedIn reveals.

A Changed, Copyright-Aware Man

During mitigation, the Court heard that prior to the pirate IPTV business, Hannigan had been hospitalized with a burst appendix. When he returned home, he discovered that his partner had left him for his friend, and once again found himself in ‘dire financial straits’. Looking for work, he reportedly posted on Facebook and stumbled into IPTV sales, initially catering to family and friends.

MEN reports that Hannigan is now proposing to “assist Sky News and the British Copyright Council” to help deter others so that they don’t end up in a similar predicament. Yet as deterrent messaging goes, his case may not be the best example.

Instead of news that Hannigan will be sampling prison food for the next few months, any hope of sending a deterrent message on TikTok, Facebook, and Instagram, lies in shreds. Even Hannigan’s entrepreneurial spirit and never say die attitude may not be especially motivational, at least according to the paperwork.

From a car retail business, recruitment company, clothing and vodka businesses, to Dad the Dish Limited and his latest venture, Munch Box, the overwhelming majority were incorporated and then dissolved by the government for failing to file even their first set of accounts.

From: TF , for the latest news on copyright battles, piracy and more.

In May 2024, the Paris Judicial Court ordered Google, Cloudflare, and Cisco to block access to several pirate sports streaming sites.

The move was a major enforcement escalation by French rightsholders, but in hindsight it was only the beginning.

In the months that followed, additional rightsholders such as DAZN and beIN joined in on the action with similar requests, while more DNS providers were added as targets, including Quad9 and Vercel . This pitted notably smaller players against these billion-dollar companies in court.

An Existential Threat

Quad9 was no stranger to site blocking requests, having previously dealt with a similar legal battle in Germany. That said, for the small Swiss non-profit organization, these proceedings are more than a legal disagreement. They present an existential threat.

For billion-dollar tech companies Google and Cloudflare, dealing with these legal challenges is a nuisance, but they have the means to fight back. In a recent blog post , Quad9 explains that its foundation doesn’t have this luxury.

“For large commercial players such as Google, Cloudflare, or Cisco, these costs — legal, lobbying, or engineering — are absorbed as part of their business overhead.

“For small, mission-driven nonprofits like Quad9, they represent an existential threat,” the DNS provider adds.

Ideally Quad9 would like to defend itself in these blocking cases, as Google and Cloudflare have done. However, since it doesn’t have the financial resources to do so, it chose not to make an appearance in one of the recent site-blocking cases.

Breaking the Internet’s Plumbing

Quad9 argues that copyright holders are increasingly trying to hold neutral intermediaries liable for piracy. Instead of going after the infringers directly, ISPs, VPNs, and DNS providers have to take on the enforcement burden.

This is particularly problematic for smaller operations that, according to Quad9, simply don’t have the means to do so indefinitely. Not only that, by going after DNS providers, these orders also directly affect key internet infrastructure providers.

“Instead of targeting the platforms that profit from infringement, IP owners are increasingly going after the neutral infrastructure providers that simply make the internet work,” Quad9 writes.

In response to the French blocking efforts, Cisco decided to leave France, so the effects of these measures are already being felt.

Other companies, such as Google and Cloudflare, have the technical means to restrict the blockades to France, but not all providers can do so easily. That includes Quad9, which had no other choice than to apply the French blocking request worldwide.

Big Questions

In France, the courts have clearly decided that these blocking orders are warranted, and while some are under appeal, there’s no indication that they will be reversed anytime soon. That said, Quad9 believes that a broader discussion is warranted, and it poses several questions that go to the heart of how the internet should function.

In its blog post, the foundation asks, among other things:

“Should neutral, technical infrastructure be held responsible for the actions of others?”

“How far should courts reach across jurisdictions to impose national laws on global networks?”

“Can small nonprofits survive under legal obligations designed for global corporations?”

“What happens to privacy and resiliency when only a handful of corporations can afford to comply?”

“At what point does legal compliance become de facto censorship?”

These are not just rhetorical questions for the Swiss non-profit. After fighting and winning a multi-year, costly legal battle against Sony in Germany , Quad9’s “existential threat” has reemerged in France.

Ultimately, Quad9 warns that these blocking battles may lead to a less open, less private, and more centralized internet, leaving the “plumbing” in the hands of a few corporate giants who can afford to pay the legal bills.

From: TF , for the latest news on copyright battles, piracy and more.

Filing lawsuits against internet users who allegedly shared copyrighted content online without permission, has led to countless cash settlements over the years and for some, a lucrative business model in its own right.

There’s also no shortage of cases going wrong for all kinds of reasons . A recent case in Canada, seeking “extraordinary equitable relief” upon which cases like this either live or die, collapsed in dramatic fashion at the very first hurdle, and went further downhill from there.

Background to a Familiar Claim

Hellboy Productions, Inc. filed its statement of claim at Federal Court in Toronto on March 4, 2025. The basis for the claim was very familiar, having made hundreds of appearances in cases previously filed at courts in Canada, the United States, United Kingdom, Scandinavia, and beyond.

The movie in question, Hellboy: The Crooked Man , fits the profile for an appearance in a settlement lawsuit. Hellboy movies have never performed well at the box office and after generating just $1.4m worldwide , the latest outing continued the trend.

While many fans of the Hellboy brand still wanted to watch The Crooked Man , average reviews of 4.5/10 most likely dampened enthusiasm for paying to do so. That can lead to activity on pirate sites for as long as it lasts and in this instance, long enough for the copyright holder to capture ~2,400 IP addresses linked to three Canadian ISPs – Telus, Cogeco, and Bell.

Turning IP Addresses into Names and Physical Addresses

In common with the UK, Ireland, and Australia, unmasking alleged pirates in Canada typically requires the plaintiffs to obtain a Norwich Pharmacal order , or simply Norwich order for short. Obtained from a court, Norwich orders compel a third party, who for various reasons have become unwittingly involved in someone else’s wrongdoing, to disclose information (usually documents/records) that can help a plaintiff identify an alleged infringer.

In this case, the claimant (Hellboy Productions, Inc.) alleges that infringers used internet connections provided by Telus, Cogeco, and Bell to pirate the movie. If served with a Norwich order, the ISPs would be required to match the IP addresses and timestamps provided by the plaintiffs, to activity logs that identify the corresponding account holders.

Once in the hands of the movie company, this information triggers a process to contact as many account holders as possible, on the assumption that they (or someone close) are infringers, and therefore liable to pay compensation for any damages caused. The amount tends to vary but whether the demand was CAD 1,000 or more, the potential revenue from 2,400 subscribers would easily exceed worldwide box office sales.

At least, if all went to plan.

Does the Claimant Have a Bona Fide Claim?

In an order and reasons issued last week, Case Management Judge John C. Cotter notes that Telus did not oppose the order requested by the movie company, while the positions of Cogeco and Bell are simply unknown. The absence of ISPs doesn’t mean that a claimant automatically wins, however.

“A lack of opposition from an ISP is not sufficient on its own to grant the motion. The Court must be satisfied that the applicable test has been met. This is important given the privacy interests of the unidentified alleged wrongdoers,” Judge Cotter explains.

Before those interests are weighed against those of the rightsholder, the plaintiff must show that it has a bone fide claim for copyright infringement and can show, on balance, that the alleged infringers used the ISPs’ services to infringe its rights.

According to the Judge, the plaintiffs failed to produce sufficient evidence to show either.

Insufficient Grounds for Asserting Copyright Ownership

“An analysis of the merits of the claim in this case includes some minimal analysis of whether copyright subsists in the Work, and whether the plaintiff has standing to assert a claim for copyright infringement. In the context of this case, the issue of standing is whether plaintiff is the owner of the copyright in the Work, which is asserted in paragraph 4 of the statement of claim,” Judge Cotter writes. (see screenshot above)

“The plaintiff’s evidence did not include a certificate of copyright registration. The plaintiff’s evidence on copyright subsistence and ownership is limited to the following in the Law Clerk Affidavit (which is the same for each of the three motions):”

Showing the company name in the credits above means that the plaintiff relied on presumptions available under Section 34.1 of the Copyright Act that a) copyright subsists in the work and b) since its name appears in the credits as the maker of the movie, it should be presumed that the plaintiff is indeed the maker.

According to Judge Cotter, those presumptions do not apply when the plaintiff has requested a Norwich order. Section 34.1(1) sets out a precondition for the engagement of the presumptions.

In this matter, the 2,400+ plus defendants are currently anonymous and without knowing who they are, it’s impossible to show that a defendant had “put the existence or title of the copyright in issue.”

Unable to trigger the precondition, no reliance could be placed on the presumptions available under Section 34.1. The Judge dismissed the evidence shown in the Law Clerk Affidavit as “at best, hearsay evidence for which the source is not specified,” and with no copyright certificate there was no way to prove ownership. Moreover, there was no evidence to show that copyright subsists in the movie.

With no bona fide copyright claim, the Judge dismissed all three motions for Norwich orders. He then addressed a few additional issues in need of an airing.

Evidence Should Be Organized, Easily Understood, Easy to Verify

In his order and reasons, Judge Cotter emphasizes that the Court is entitled to demand the “best available evidence” when granting the “extraordinary equitable relief of a Norwich order.”

While failure to establish copyright ownership proved fatal for all three motions, the image of the movie credits page also fell short of the expected standard. The Judge also criticized evidence presented in the affidavit of Thomas Nowak, the CEO of anti-piracy/BitTorrent monitoring company Maverickeye UG, the supplier of evidence in this case and scores of others in the past.

Showing that Telus, Cogeco, or Bell is the ISP for the alleged infringers was a requirement to obtain a Norwich order. Deficiencies in the example below and a series of issues detailed on pages 17-21 of Judge Cotter’s order, led to the conclusion that the plaintiff had failed to show that, while also failing to meet the evidence standard expected by the Court.

Deficiencies in the example above and a series of others detailed elsewhere, plus the failure to show ownership of the copyright it aimed to enforce, meant the plaintiff’s requests for Norwich orders were denied. As a result, the anonymous alleged infringers remain anonymous, but for how long is unknown.

Despite significant criticism, dismissal of the plaintiff’s motions, and denial of its request for an award of costs, Judge Cotter notes that his order does not preclude further motions by the plaintiff.

As sure as day follows night, those motions will arrive, only the timing is in doubt.

The original claim can be found here (pdf) , Judge Cotter’s order is available here ( pdf )

From: TF , for the latest news on copyright battles, piracy and more.

The most enduring questions in the online piracy debate loosely center on what causes it, who is to blame, who can be held liable for it, and what can be done to address it.

Depending on variables including who asks and who answers, answers to these questions can differ quite wildly and are often subject to change. The one constant is that rightsholders’ answers ultimately carry more weight.

They select targets for direct enforcement and identify third parties in a position to assist, or at least, who could be compelled to do so if necessary.

Having a lasting impact at the top end of the piracy supply chain is notoriously difficult. However, move a short distance downstream, placing continuous pressure on intermediaries can eventually pay off. Many can and should do more to fight piracy, the commentary goes, while the remainder are guilty of not doing enough.

Once content cascades down to the masses, ISPs face potential liability, and consumers are blamed for fueling an illegal market. In fact, anti-piracy challenges at this end of the supply chain are so numerous, one might conclude that problems exist almost nowhere else.

The Silent Crisis Costing Billions

For the past several years, site-blocking measures have attempted to build a barrier between pirate sites/services and pirate consumers. These are usually implemented by local ISPs, and in terms of location, could not be further away from the original pirate source.

The Herculean task of building the equivalent of anti-piracy firewalls around ISPs globally is considered necessary, especially in light of an ongoing “silent crisis” that reportedly costs the content industries billions of dollars.

Late August, cloud technology company Velocix cited an estimate from Parks Associates, which predicted cumulative revenue losses of $113 billion for streaming video providers by the end of 2027.

“What’s often overlooked is that a substantial portion of this pirated content is served using legitimate CDN infrastructure,” Velocix continued. “Some platforms report that up to 30% of their CDN traffic is being consumed by unauthorized users, draining network capacity, degrading service quality, and silently eating into service margins.”

The phenomenon is called ‘CDN Leeching’ and while some describe it as a new threat, for some time consumers have been reporting pirate streams of such great quality, they could even pass for the real deal. There’s a very good reason for that; they come from the same source, and only legality sets them apart.

From the rightsholders’ perspective, the situation could hardly be any worse. After producing or buying content, and building a distribution platform to deliver it to the masses, unauthenticated users escape with pristine content at close to zero cost, from an extremely reliable source, which also picks up the tab for the bandwidth consumed.

The Triple Threat

A report published late 2022 by content security company Viaccess-Orca was one of the first to publicly acknowledge what had been known privately for some time.

“Starting around the tail end of 2020, our experts started noticing a new technique being used for the first time: CDN Leeching. Due to its complexities, it has spread comparatively slowly throughout the pirate community since,” the company reported.

“But, as we start to approach the first in a new cycle of large, global sporting events, we are seeing more and more incidents of it occurring. What’s more, these are increasingly coupled with sophisticated front-end operations that, to all intents and purposes, look like legitimate streaming providers with subscriber offers, discounts, advertising, and more. The trend is concerning.”

These quotes are almost three years old, and they describe a problem that was already at least two years old at the time. In 2023, Viaccess-Orca described CDN Leeching as a ‘Triple Threat’ based on the following;

1) Subscriptions loss: Users choose pirate services instead of legitimate platforms.
2) Increased Expense: Pirates access streams from the CDN, but pay for nothing.
3) Service impacts: Pirates consume resources allocated to legitimate customers.

To a background of sports rightsholders warning of an existential threat, how is CDN Leeching carried out, and more importantly, why is it still possible in 2025?

Piracy-as-a-Service

Reports on why consumers need to stop financing criminal streaming services are as common as commentary explaining why intermediaries, including ISPs, DNS providers, and domain registrars, need to step up and take the piracy problem much more seriously. The lack of open discussion on what is clearly a major contributor to the piracy ecosystem is unusual, to say the least.

Anti-piracy companies promote their products and solutions as one might expect, but it’s beyond clear that as a topic for open discussion, rightsholders prefer to talk about other things. There’s no mention in public-facing anti-piracy campaigns, for example, and even when platforms that rely on CDN Leeching are discussed in public, the focus is the services they offer rather than the source of the content upon which they rely.

Under the umbrella term ‘Piracy-as-a-Service’, these platforms are very cheap or even free to access and are more functional and better looking than their legitimate counterparts. For those interested in making the transition from viewer to pirate site operator, a full platform package makes the switch worryingly easy.

Worryingly Easy vs. Regular Worry

With all content piped in (including via CDN Leeching) and the necessary admin/billing/support panels included, anyone can start their own subscription service and begin selling access to others. Verimatrix suggests the price is around ~$45,000 to get started with the potential to make 90% profit moving forward. Maybe other potential outcomes shouldn’t be immediately ruled out.

It’s not unreasonable to assume that a payment of ~$45,000 to an anonymous internet stranger will not always go according to plan. Even if the transaction did live up to expectations, generating $45,000 to break even in a year requires 375 customers paying $10 each per month from Day One.

According to Verimatrix, the going rate for lifetime access starts at $75, with regular access costing as little as $1 per month. That sounds like 1000 customers and a break even celebration almost four years later. Assuming that the ecosystem makes it that far, of course.

Recent comments by the MPA and ACE suggest this general area is considered a top priority. It certainly sounds serious enough to warrant special attention, not unsurprising either, given that the barrier to entry is so low.

“Your grandma’s dog could be trained to do it,” Maria Malinkowitschas at Verimatrix concludes.

Recent reports from various anti-piracy/cybersecurity companies reveal the basics of CDN Leeching, techniques/methods used, and the reasons why it can be difficult to stop. Details of particularly serious and persistent exploits published elsewhere have been excluded (Full original statements linked under the company names cited at the end of each quote)

[Pirates] typically reverse engineer video applications (e.g., browsers) to understand how to access and extract the CDN content, enabling them to distribute pirated material more efficiently. CDN access serves as an entry point for pirates to obtain copyrighted content. ( Irdeto )

Stolen tokens & keys: When authentication tokens or encryption keys are intercepted, they can be reused to access video streams. Open access points: Misconfigured CDN endpoints or caching policies can expose content to anyone who knows where to look. Referrer spoofing: Attackers disguise requests to appear as if they come from trusted domains. ( Velocix )

Device diversity and compatibility challenges: A wide array of devices for accessing video content, with its own specifications, security capabilities and operating systems, presents a significant challenge in terms of ensuring compatibility across the industry for streaming video providers. As users seek seamless access to content on their preferred devices, the pressure to address compatibility issues compounds, sometimes leading to unauthorized means of access when official support is lacking. ( Irdeto )

Pirates hijack legitimate CDNs by hotlinking or proxying origin URLs, piggybacking on bandwidth OTTs pay for, while degrading QoS, inflating bills, and muddying audience analytics. What allows this to happen? Static tokens, loose referrer settings, shared keys across events, and weak origin shielding. ( ICC )

DRM Exploitation: The media and entertainment industry is currently facing serious challenges with content protection and cybersecurity, the most pressing of which is the exploitation of software-native Digital Rights Management (DRM). This technical vulnerability allows pirates to bypass DRM protections, leading to unauthorized access and distribution of content. This not only undermines revenue streams but also the integrity of content distribution. ( Verimatrix )

Feature Exploitation: An example is where operators need to allow consumers to continue watching content across multiple devices that share an IP address. This consumer demand for content portability creates a loophole that pirates can exploit. Unsecure apps without solid code obfuscation expose valuable DRM license files that pirates will hack to extract the keys and then create their own license files for illicit distribution. ( Nagra )

From: TF , for the latest news on copyright battles, piracy and more.

After obtaining a court order that granted permission to block pirate streaming services, top-tier football league LaLiga faced a dilemma.

Many of its targets were using Cloudflare’s reverse proxy service, which in basic terms allows a webhost’s IP address to remain private while one of Cloudflare’s IP address is exposed to site users. Since hundreds of sites can share the same Cloudflare IP address, blocking one pirate site would end up blocking them all.

Since no compromise could be reached with Cloudflare, LaLiga went ahead with its blocking campaign, which included blocking Cloudflare’s shared IP addresses .

Courts Unsympathetic,

After the blocking campaign began in earnest, complaints calling for the courts to take action to prevent collateral damage were rejected on various grounds. In June, the Mixed Parliamentary Group, at the request of Néstor Rego Candamil, the deputy of the Galician Nationalist Bloc (BNG), presented a Non-Legislative Proposal (PNL) in an attempt to build momentum.

The proposal explained the shared-IP address situation at Cloudflare and went on to describe what can go wrong on match day.

“The BNG believes the State Government must take action on this issue in response to the repeated blocking of thousands of websites. Failure to do so would constitute a dereliction of duty, leaving them in private hands, which act solely for their own benefit and, without regard, hand them over to third parties,” the proposal continued.

A summary of the three main requests in the proposal:

1. Blocking must be performed precisely, targeting domain names and DNS only
2. Establish protocols for hosts to shut down sites and/or hand over operator details
3. Disallow IP address blocking to prevent blocking of innocent sites .

Proposal Put to the Vote on Wednesday

Presented by the Mixed Group at the request of BNG, the proposal to ensure accurate, collateral damage-free blocking of exclusively pirate sites, received 6 votes in favor, 17 against, and 12 abstentions.

Despite the Socialist Group’s ( Grupo Socialista ) abstention, a representative said that the blocking measures comply with requirements, ensure that the clubs and broadcasters can protect their rights, and have safeguards to protect legitimate access to the internet for citizens and companies.

The Popular Party and Vox groups rejected the proposal outright, stating that it disregards the damage suffered by football clubs and therefore puts the economy in jeopardy.

A spokesperson for Vox said the government doesn’t get involved when matters are under the eye of the judiciary, adding, “I don’t know if you’re defending piracy.”

Proposal Rejected

The Economy, Trade and Digital Transformation Committee of Congress rejected the non-legislative proposal. In a statement Thursday, LaLiga described that as support for its anti-piracy strategy, including IP address blocking.

In line with comments made by the Popular Party and Vox groups, LaLiga also expressed concern that the proposal failed to address “both the critical impact of audiovisual fraud on the country’s social and economic infrastructure and the origin of this issue, including the actors who profit from this illegal business.”

LaLiga’s statement makes no mention of the internet users the proposal aimed to protect. Instead, it restates its position that all blocking “is proportional, targeted, and time-limited, being enforced only during matches….in strict compliance with the relevant court order.”

Cloudflare Animosity Continues

LaLiga also had further sharp words for Cloudflare, mostly along the same lines as those made earlier in the year which appeared to mark the end of civil discussion, assuming that had ever been the case. There’s clearly a huge difference of opinion in respect of how Cloudflare views its obligations and what LaLiga believes they should be.

At an event in Italy last week , José Ignacio Carrillo de Albornoz, Global Content Protection Manager at LaLiga, said that collaboration is the key to success and that partnerships with other companies are proving effective.

Mentioning no company in particular, he noted that “Not all intermediaries are willing to cooperate,” before revealing a new angle to LaLiga’s strategy and a likely source of future friction.

“We’ve decided to seek legal injunctions globally,” he said.

With a direct reference to European Union Regulation 2015/2120 , de Albornoz said that ISPs can block ‘certain types of traffic’ in compliance with a court order.

“We have done so, and it’s proven very effective. Collaboration is the key.”

From: TF , for the latest news on copyright battles, piracy and more.

European football association UEFA was founded in 1954 to protect the interests of European football, particularly within the global FIFA body.

During the early years its powers were rather limited. UEFA was mostly an administrative union, consisting of three employees who issued non-binding recommendations to member associations.

In 1955, less than a year after UEFA was formed, journalists of the French newspaper L’Équipe proposed the launch of a European club championship. UEFA was initially hesitant to adopt the idea but eventually moved the project ahead.

The resulting European Cup was commercialized as the UEFA Champions League in 1992. This is widely recognized as the most prestigious club prize in football and with billions of euros in annual revenues, it’s also serious business.

UEFA Joins Anti-Piracy Coalition ACE

With this much money on the line, UEFA has a vested interest in protecting the competition from piracy. Many millions of fans who can’t afford paid access or prefer to use the money elsewhere, turn to free streams instead, contributing to what UEFA believes is a significant financial loss.

Over the past several years, UEFA has targeted pirate streams through site-blocking efforts and takedown requests. Yet despite these anti-piracy measures, the piracy problem only appears to have become worse. That’s likely one of the key reasons behind its partnership with anti-piracy coalition ACE announced this week.

UEFA itself is a not-for-profit operation, but UC3, a commercial joint venture with football clubs, exploits the multi-billion-euro broadcast rights contracts. By joining ACE, it can now rely on technological resources and law enforcement contacts around the globe.

The European football association is the first sports exclusive rights holder to join ACE and will play an active role in the ACE “Live Tier”. Other prominent members of the MPA-led alliance include the major Hollywood studios, Netflix, Amazon, and beIN.

“UEFA joining ACE represents a landmark moment in our global content protection strategy,” says UEFA’s Guy-Laurent Epstein, commenting on the new. “This partnership allows us to expand our enforcement capabilities, deepen our existing collaboration with industry leaders and leverage ACE’s proven capabilities to disrupt illegal services.”

Targets: Pirate IPTV and Hydra sites

As the name suggests, ACE’s ‘Live Tier’ focuses on sites and services that offer live streams. Speaking with TorrentFreak, MPA’s Deputy Chief of Content Protection Dani Bacsa notes that priority targets include pirate IPTV services and so-called hydra sites that offer live content.

These targets are typically selected in consultation with members. The potential enforcement actions are similar to those taken against other types of piracy.

“We use the same toolkit we use to tackle other forms of digital piracy, which has been tested and proven. These range from out-of-court settlements and voluntary initiatives to civil litigation and working with law enforcement agencies to dismantle major criminal networks,” Bacsa says.

“One thing that we are well aware of is that live content has a short shelf life, and we need to act expeditiously and time operations when they make the most impact. Any activity carried out by ACE is agreed upon and approved by its members.”

MPA and UEFA have previously filed their blocking requests separately in France, India, and elsewhere. In theory, MPA/ACE could take this up in the future as they do for other members. However, when we asked about this directly, we received a “no comment” instead of a more direct “no”.

Whether more sports leagues and football organizations will join ACE in the future is unknown, but the anti-piracy coalition is certainly open to it. It was always stressed that cooperation is key to defeating piracy, and a broader membership base serves this goal.

“ACE is cooperating and coordinating with multiple non-member partners, including leagues, to various extents and capacities. We would always welcome closer collaboration and partnerships to increase our collective force,” Bacsa tells us.

It’s Not Just Piracy That’s Grown

There is no denying that sports piracy is a serious and growing problem. According to EU data , 12% of EU citizens watch sports content through illegal online sources, which goes up to 27% for people between 15 and 24.

However, this doesn’t mean that the revenues from sports rights are dwindling. On the contrary, it has grown spectacularly over the past decades.

In the first Champions League season, income was a relatively modest €46 million . Roughly half of this flowed back to the clubs. By the end of the decade, as the tournament expanded from 8 to 32 teams, revenues had grown to hundreds of millions.

The 2006/2007 Champions League was a milestone, with revenues exceeding half a billion euros for the first time. For the 2013/2014 season, seven years later, revenues had doubled to a billion euros.

While these are healthy revenue numbers, growth exploded in recent years. UEFA’s men’s club competitions now bring in €4.4 billion, with UEFA already eyeing the €5 billion mark for the near future, with Netflix showing interest in the rights.

UEFA would likely argue that there could be even more potential income if piracy was defeated. However, one can also argue that the surge in revenues contributes to a key motivation to pirate. After all, the billions paid for broadcasting rights are in large part passed on to consumers whose TV subscription costs aren’t getting any cheaper.

From: TF , for the latest news on copyright battles, piracy and more.

In the past, rightsholders have frequently complained that takedown requests can be futile. Even if pirate sites take action, content can swiftly reappear.

Taking down entire websites has always been the weapon of choice, but that doesn’t always solve the problem either.

Pirate Site Operators On/Off the Radar

When public pirate sites first became popular at the beginning of the century, many operated as central hubs. Their operators communicated with users regularly, and many fostered a sense of community. There were competitions , merchandise , and the Pirate Bay took its early activism to the streets of Stockholm more than once.

After several prominent sites lost legal battles, the mood changed. Running a popular pirate site was much more than a public act of defiance: it was also a criminal offense with potential prison sentences attached. The Pirate Bay was a pioneer on this front too, and it wouldn’t be the last.

Legal pressure motivated public pirate site operators to stay in the shadows. If rightsholders can’t track you down, they can’t touch you, the theory went. While that is still true to a certain degree today, anti-piracy groups were busy adding site blocking to their arsenal.

The Pirate Bay was one of the prime targets of early site-blocking requests in various countries . This led to soaring popularity for Pirate Bay proxies, which facilitated access to the original site in blocked regions. Despite having no connections to the original team, many proxies adopted Pirate Bay branding, which didn’t bother users all that much.

From Pirate Sites to Pirate Brands

While proxies were often launched as a means to ‘unblock’ sites, they also provided an opportunity for outsiders to generate profit. And with more sites getting blocked, full-on copycats began to emerge. These sites typically had little to do with the originals they copied but used their branding to draw traffic and sell advertisements.

Eventually even the demise of popular sites became a potential goldmine for others, with popular brands living on and continuing to generate profit. Some of these copycats may have had more traditional pirate interests in mind, but others simply saw them as platforms for malicious ad campaigns. The problem for many users was telling them apart.

Today, the exploitation of pirate brands comes in many forms. Streaming sites are particularly popular but due to various enforcement measures, domains are increasingly seen as disposable. Since branding persists, recognized brands are valuable assets.

The Motion Picture Association’s latest enforcement effort highlights several examples.

MPA Hunts Ghosts of the Past

Earlier this week, the MPA requested two DMCA subpoenas at a California federal court on behalf of its anti-piracy arm, ACE . The requests ask Cloudflare and the .to domain registry ( Tonic ) to hand over all identifying information they hold on alleged pirate site domains.

The Cloudflare subpoena lists 46 domain names in total. This includes sites that the MPA recently flagged to the U.S. Government as “ notorious piracy markets “, such as Cineby.app and Nunflix.org, classified as major threats in the new “hydra site” category.

At the same time, the subpoena also lists names of pirate brands that the MPA and ACE targeted in the past, sometimes on more than one occasion.

Fmovies.co and Fmovies.ro, for example, are clearly inspired by the world’s largest piracy ring. ACE helped to shut this operation down in 2024 , and two Vietnamese operators received suspended prison sentences for their involvement with the massive piracy network. However, the brand lives on in many forms.

The same applies to Cuevana, a popular streaming portal in Latin America, of which ACE has helped to shut down several iterations previously. Despite these efforts and the related criminal investigations, the latest subpoena application targets Cuevana.is and cuevana3cc.me.

The same is true for other domain names such as aniwave.se and 123moviesfree.net. The piracy portals that popularized these brands are long gone , but they live on through various incarnations, giving prospective pirates a familiar brand to look for.

Identifying the Operators

Through the DMCA subpoenas, MPA hopes that Cloudflare and Tonic will provide information to accurately identify the operators of these and other sites. While many sites provide false data to avoid enforcement, these efforts have also proven fruitful in the past.

All the .to domain names are targeted through both companies, which will be helpful to compare the associated user data, including names, IP addresses, payment details, and other information.

At the time of writing, the DMCA subpoenas have yet to be signed off by a court clerk. Cloudflare and Tonic generally don’t oppose these requests, so that is merely a formality. The real challenge for MPA and ACE is to permanently bury these zombie brands. That’s not going to be as easy.

—

A list of all the targeted domain names is available below. The declarations linked to the two DMCA subpoenas can be found here (pdf) and here (pdf) .

– 123moviesfree.net
– 430hdd.com
– animedefenders.me
– animekai.ac
– animekai.cc
– animekai.to
– animeyy.com
– anigo.to
– aniwave.se
– baan-series.online
– bingewatch.to
– bronat.lat
– bstsrs.in
– cineby.app
– cinecalidad.rs
– comandoplay.com
– cuevana.is
– cuevana3cc.me
– doomovie-free.com
– dopebox.to
– flixhq.to
– fmovies.co
– fmovies.ro
– goyabu.to
– hdtodayz.to
– hianime.bz
– hianime.cx
– hianime.pe
– hianimez.is
– himovies.sx
– jkanime.net
– miruro.to
– movies2watch.tv
– moviesjoy.plus
– nunflix.org
– opmovies.tv
– peelink2.com
– pelisplushd.to
– pelispop.lat
– piratetv.pro
– portalultautv.biz
– streamingunity.co
– theflixertv.to
– topsrs.day
– westream.to
– yflix.to

From: TF , for the latest news on copyright battles, piracy and more.

During the past several years, sports rightsholders in Europe have made it clear that piracy of fleeting live events poses unique problems that require a strong response.

Existing site blocking measures were seen as insufficient. Standard takedown notices reportedly lacked the necessary teeth to ensure compliance, something that could be addressed under revised EU law, rightsholders said..

In 2022, requests for European Commission assistance escalated to outright demands for legal amendments, which were instantly dismissed by the Commission in favor of an extended consultation.

To what extent the EC’s response acted as a catalyst isn’t clear, but nothing has been quite the same since.

Canal+ Targets Public DNS Resolvers

Anti-piracy group AAPA was among the first to politely inform the EC that its members, including the Premier League, Sky, beIN, and Canal+, were really disappointed with the outcome. Yet, it transpired, no less motivated.

With permission from the High Court in London, Sky began targeting key IPTV providers, eventually blocking thousands upon thousands of fully qualified domains, at an unprecedented rate.

In France, Canal+ decided to close the alternative DNS loophole, reportedly undermining blocking at local ISPs. Seemingly undeterred by potential backlash, Canal+ sued Cloudflare , Google, and OpenDNS, and with the assistance of broadly crafted French law, won a first of its type injunction.

With significant fines on the table to ensure compliance, OpenDNS had seen enough and promptly shut down its services in France.

Why Stop at Public DNS? VPN Blocking Awaits

Attorney Richard Willemant is known for his work representing rightsholders in France. Recent cases include the police raids and civil lawsuit against UptoBox. By volume, lawsuits compelling intermediaries to block pirate sites and delete search results on behalf of Canal+ (and by extension, Premier League, UEFA, LFP, and Formula 1) are far more numerous.

Speaking at an event last week organized by Italian telecoms regulator AGCOM, Willamont spoke about his work with Canal+ and the importance of dynamic injunctions capable of tackling circumvention attempts more quickly. After obtaining an injunction to block pirate sites in France, post-judgment modification of blocking targets takes place with assistance from French telecoms regulator ARCOM.

“ARCOM allows us to update injunctions flexibly, adding new domains or mirror sites without having to refer to the courts each time. This system has made it possible to block thousands of illegal sites and services more quickly and effectively,” he explained.

Willemant’s more recent stand-out successes include the controversial action against Cloudflare, Google, and OpenDNS.

With that achievement already behind him, Willemant went on to successfully argue that VPN providers NordVPN, Proton, CyberGhost, ExpressVPN and Surfshark, should also be compelled to block pirate sites targeting France.

The move was certainly controversial, but more importantly, did it move the needle?

Success or Failure? Canal+ Attorney Reveals All

During his speech, which outlined experiences from the perspective of rightsholders, Willemant said that for the first time in his experience, piracy rates are now starting to come down. Citing research by regulator ARCOM, which he described as completely unbiased, Willemant reported the following results:

Piracy Reductions After Targeting Circumvention Tools (Richard Willemant/Canal+)
Method	Reduction	Details
3rd Party DNS Blocking	8%	Attributed to legal decisions against third-party DNS providers (Cloudflare/Google)
VPN Blocking	7%	Attributed to decisions targeting commercial VPNs (NordVPN/Proton/CyberGhost/ExpressVPN/Surfshark)
Total Reduction	15%	Attributed to combined effect of decisions against Third Party DNS and commercial VPNs

Which specific piracy statistic was reduced by 15% isn’t made clear.

The number of visits to the pirate websites listed in the order is one possibility, but for that figure to hold weight, traffic to other sites not yet subject to blocking would need to be measured too. Diverting traffic to another platform showing the same content has no effect on overall piracy rates.

Other VPN providers not subjected to blocking also factor into the equation. French users behind VPNs may appear to be geographically located outside France, but that’s not necessarily the case.

Nevertheless, Willemant says that when court-ordered and administrative blocking measures are both taken into account, they “clearly indicate that blocking is working” and “producing measurable results.”

Resistance Against Blocking, Enforcement Not Always Possible

After covering the successes, Willemant revealed several causes for concern. While rightsholder enthusiasm for blocking measures isn’t in doubt, opposition to blocking is being felt in the judicial, regulatory, and political arenas.

“We are facing strong resistance from intermediaries including Cloudflare. Despite being one of the respondents in blocking injunctions, Cloudflare independently decides which sites to block, and which not to block. Both the courts and ARCOM are perplexed by the company’s approach.”

For context, the injunction makes it clear that failure to comply with the court’s instructions carries a potential penalty of €30,000.

Willemant’s reference to issues at the judicial level received no elaboration. However, the issue of enforcement clearly came up at some point, hence his comment that enforcement hasn’t always been possible for “practical” reasons.

Penalties exist to incentivize compliance, but based on the comments, it’s possible that something isn’t functioning quite as intended.

Political Pushback at the Highest Level

There’s no question that President Trump’s return to the White House has unsettled United States trading partners, not to mention its long-standing strategic allies. Thus far, few if any have been spared.

The European Union’s efforts to regulate online services operating in Europe necessarily involve some of the largest online platforms; they’re mostly American companies such as X, Facebook, and Instagram, not forgetting Cloudflare and Google, of course.

“We are seeing lobbying pressure, including international pressure, in particular from the US government,” Willemant confirmed.

“The government has asked its diplomats in Europe to oppose certain provisions of the Digital Services Act (DSA), precisely those that strengthen intermediaries’ obligations to cooperate [with rightsholders].”

Willemant said that intermediaries have benefited from limited liability for many years under the E-Commerce Directive. The quid pro quo under the Digital Services Act, however, is substantially more involved. In exchange for limited liability, Willemant said, “[intermediaries] must actively collaborate in the fight against illegal activities.”

“Stop Censoring Free Speech”

In the United States, the EU’s sprawling legislation is viewed quite differently. Described by House Judiciary Committee Republicans as a ‘Foreign Censorship Threat’ that infringes on ‘American Free Speech’, the Committee produced non-public documents to show, according to their reading , “that European censors target core political speech that is neither harmful nor illegal, attempting to stifle debate on topics such as immigration and the environment.”

A diplomatic cable seen by Reuters, titled “Action Request” asked American diplomats across U.S. embassies in Europe to regularly engage with EU governments and authorities to convey U.S. concerns about the DSA.

The anti-piracy event at which Willemant made his presentation was centered around Articles 58, 59, and 60 of the Digital Services Act. The articles outline rules for cross-border cooperation, referral of issues to the European Commission, and procedures for joint investigations into suspected infringements of the DSA.

If the United States had its way, the cable suggests, there would be nothing to discuss.

“Repeal and/or Amend the DSA”

“Posts should focus efforts to build host government and other stakeholder support to repeal and/or amend the DSA or related EU or national laws restricting expression online.”

Blocking unfavorable, infringing, and illegal content is already deeply embedded across the EU. What that means for the site-blocking push currently underway in the United States is unclear. As a means to suppress foreign threats, President Trump might be persuaded to get onboard.

Admittedly, tomorrow he may see things quite differently. The fully-committed European Commission, on the other hand, will not.

From: TF , for the latest news on copyright battles, piracy and more.