Internet infrastructure company Cloudflare provides a range of connectivity and security services to customers around the globe.

This includes millions of organizations, including 30% of Fortune 500 companies, as well as various government agencies. These customers are generally pleased with the service they receive but Cloudflare has also faced criticism over the years.

Copyright holders, for example, have pointed out that the San Francisco-based company is offering its services to pirates. Many of the world’s largest pirate platforms use Cloudflare as a shield against attacks and to save bandwidth in the process. According to the complaints, this complicates piracy enforcement.

EU Piracy Watch List

A few weeks ago, various rightsholders shared their Cloudflare concerns with the European Commission. The EU requested input for its biannual ‘Counterfeit and Piracy Watch List’, allowing stakeholders to nominate piracy-affiliated sites and services for inclusion.

In addition to traditional pirate sites, many rightsholders mentioned Cloudflare as a key problem. They accuse the company of indirectly facilitating piracy and shielding the identities of pirate site operators.

For example, music group IFPI complained that while Cloudflare discloses the hosting locations of pirate sites in response to abuse reports, it doesn’t voluntarily share the identity of these pirate customers with rightsholders.

“Where IFPI needs to obtain the customer’s contact information, Cloudflare will only disclose these details following a subpoena or court order – i.e. these disclosures are mandated by law and are not an example of the service’s goodwill or a policy or measures intended to assist IP rights holders,” IFPI wrote.

Video Games Europe offered similar criticism, informing the EU that Cloudflare continues to act as an important intermediary in the delivery of pirated content, without voluntarily sharing private customer details.

“Cloudflare does provide injured parties/trusted partners with the IP-address and name of the host ISP of an infringing website, but does not provide the contact details of the website operators nor cease to render services to these customers,” the group noted.

Cloudflare Responds to EU Commission

Cloudflare is aware of the critique. However, the company doesn’t believe that it should assume the role of anti-piracy arbiter or judge whether rightsholders complaints are valid. Aside from the legal complications, it believes that privacy rights deserve some level of protection.

Rightsholders have increasingly used the EU and US piracy watch list consultations to argue for greater cooperation from online intermediaries. That applies to sharing of customer details, as well as more advanced “know your customer” policies.

The MPA also made a point of this in its submission to the EU Commission, where it listed several key piracy enforcement points.

Cloudflare, however, believes that the EU’s Piracy Watch list should solely focus on bad actors; pirate sites and services. It should not be used as a platform to demand policy change.

“The Commission should not issue a report – even an informal one – that is simply a mechanism for particular stakeholders to air their grievances that entities are not taking particular voluntary action to meet their concerns or to advocate for new policies.”

“Our view is that the Commission’s staff document and Watch List should be limited to Commission-verified allegations of illegal behavior, based on principled and fair legal standards,” Cloudflare adds.

Cloudflare is worried that if concerns about intermediaries are mentioned in the Watch List, even when the Commission doesn’t support them, it will be seen it as an endorsement. This could be used by rightsholders to influence policy discussions elsewhere.

Piracy vs. privacy

Cloudflare warns the EU against copyright holders’ broad generalizations that only focus on the downsides of technology. Those fail to recognize the value of innovative technologies that aim to increase privacy and security for the broader public.

The video game industry, for example, complained that enabling privacy feature Encrypted Client Hello (‘ECH’) makes it hard to block pirate sites . The same technology, on the other hand, greatly benefits user privacy.

“Restricting progress and adoption of new technology tools that help protect the privacy and security of citizens operating online in order to continue the use of outdated means to combat piracy is short-sighted, and bad for Europe’s long term economic development,” Cloudflare notes.

The EU should be exceedingly wary of proposals that limit user privacy and security, to combat piracy. There’s an important trade-off to make either way, one that should not be taken lightly.

Problems still exist without Cloudflare

Concerns aside, Cloudflare stresses that it is open to collaboration with rightsholders and law enforcement. The company has a trusted reporter program, for example, which currently counts roughly 200 organizations.

When these trusted parties report copyright infringements that take place though its reverse proxy and CDN service, Cloudflare shares additional information on the targets, including the origin IP-address of sites in question.

The company doesn’t terminate customer accounts for which it receives multiple complaints. It is not legally obliged to do so and disconnecting customers wouldn’t make much of a difference, the company argues.

Ultimately, pirate sites and services are hosted by third party providers. Taking away the Cloudflare service doesn’t change that.

All in all, Cloudflare believes that sharing hosting provider details in response to piracy complaints is sufficient. It puts rightsholders in the same position they are with any other site or service that doesn’t use its service.

“We believe it is time for rightsholders to shift their comments away from policy advocacy to focus instead on the physical and online markets and websites that are the intended subject of the Watch List report,” Cloudflare concludes.

—

A copy of Cloudflare’s letter to the European Commission, responding to the critique from rightsholders, is available here (pdf)

From: TF , for the latest news on copyright battles, piracy and more.

Internet infrastructure company Cloudflare provides a range of connectivity and security services to customers around the globe.

This includes millions of organizations, including 30% of Fortune 500 companies, as well as various government agencies. These customers are generally pleased with the service they receive but Cloudflare has also faced criticism over the years.

Copyright holders, for example, have pointed out that the San Francisco-based company is offering its services to pirates. Many of the world’s largest pirate platforms use Cloudflare as a shield against attacks and to save bandwidth in the process. According to the complaints, this complicates piracy enforcement.

EU Piracy Watch List

A few weeks ago, various rightsholders shared their Cloudflare concerns with the European Commission. The EU requested input for its biannual ‘Counterfeit and Piracy Watch List’, allowing stakeholders to nominate piracy-affiliated sites and services for inclusion.

In addition to traditional pirate sites, many rightsholders mentioned Cloudflare as a key problem. They accuse the company of indirectly facilitating piracy and shielding the identities of pirate site operators.

For example, music group IFPI complained that while Cloudflare discloses the hosting locations of pirate sites in response to abuse reports, it doesn’t voluntarily share the identity of these pirate customers with rightsholders.

“Where IFPI needs to obtain the customer’s contact information, Cloudflare will only disclose these details following a subpoena or court order – i.e. these disclosures are mandated by law and are not an example of the service’s goodwill or a policy or measures intended to assist IP rights holders,” IFPI wrote.

Video Games Europe offered similar criticism, informing the EU that Cloudflare continues to act as an important intermediary in the delivery of pirated content, without voluntarily sharing private customer details.

“Cloudflare does provide injured parties/trusted partners with the IP-address and name of the host ISP of an infringing website, but does not provide the contact details of the website operators nor cease to render services to these customers,” the group noted.

Cloudflare Responds to EU Commission

Cloudflare is aware of the critique. However, the company doesn’t believe that it should assume the role of anti-piracy arbiter or judge whether rightsholders complaints are valid. Aside from the legal complications, it believes that privacy rights deserve some level of protection.

Rightsholders have increasingly used the EU and US piracy watch list consultations to argue for greater cooperation from online intermediaries. That applies to sharing of customer details, as well as more advanced “know your customer” policies.

The MPA also made a point of this in its submission to the EU Commission, where it listed several key piracy enforcement points.

Cloudflare, however, believes that the EU’s Piracy Watch list should solely focus on bad actors; pirate sites and services. It should not be used as a platform to demand policy change.

“The Commission should not issue a report – even an informal one – that is simply a mechanism for particular stakeholders to air their grievances that entities are not taking particular voluntary action to meet their concerns or to advocate for new policies.”

“Our view is that the Commission’s staff document and Watch List should be limited to Commission-verified allegations of illegal behavior, based on principled and fair legal standards,” Cloudflare adds.

Cloudflare is worried that if concerns about intermediaries are mentioned in the Watch List, even when the Commission doesn’t support them, it will be seen it as an endorsement. This could be used by rightsholders to influence policy discussions elsewhere.

Piracy vs. privacy

Cloudflare warns the EU against copyright holders’ broad generalizations that only focus on the downsides of technology. Those fail to recognize the value of innovative technologies that aim to increase privacy and security for the broader public.

The video game industry, for example, complained that enabling privacy feature Encrypted Client Hello (‘ECH’) makes it hard to block pirate sites . The same technology, on the other hand, greatly benefits user privacy.

“Restricting progress and adoption of new technology tools that help protect the privacy and security of citizens operating online in order to continue the use of outdated means to combat piracy is short-sighted, and bad for Europe’s long term economic development,” Cloudflare notes.

The EU should be exceedingly wary of proposals that limit user privacy and security, to combat piracy. There’s an important trade-off to make either way, one that should not be taken lightly.

Problems still exist without Cloudflare

Concerns aside, Cloudflare stresses that it is open to collaboration with rightsholders and law enforcement. The company has a trusted reporter program, for example, which currently counts roughly 200 organizations.

When these trusted parties report copyright infringements that take place though its reverse proxy and CDN service, Cloudflare shares additional information on the targets, including the origin IP-address of sites in question.

The company doesn’t terminate customer accounts for which it receives multiple complaints. It is not legally obliged to do so and disconnecting customers wouldn’t make much of a difference, the company argues.

Ultimately, pirate sites and services are hosted by third party providers. Taking away the Cloudflare service doesn’t change that.

All in all, Cloudflare believes that sharing hosting provider details in response to piracy complaints is sufficient. It puts rightsholders in the same position they are with any other site or service that doesn’t use its service.

“We believe it is time for rightsholders to shift their comments away from policy advocacy to focus instead on the physical and online markets and websites that are the intended subject of the Watch List report,” Cloudflare concludes.

—

A copy of Cloudflare’s letter to the European Commission, responding to the critique from rightsholders, is available here (pdf)

From: TF , for the latest news on copyright battles, piracy and more.

Internet infrastructure company Cloudflare provides a range of connectivity and security services to customers around the globe.

This includes millions of organizations, including 30% of Fortune 500 companies, as well as various government agencies. These customers are generally pleased with the service they receive but Cloudflare has also faced criticism over the years.

Copyright holders, for example, have pointed out that the San Francisco-based company is offering its services to pirates. Many of the world’s largest pirate platforms use Cloudflare as a shield against attacks and to save bandwidth in the process. According to the complaints, this complicates piracy enforcement.

EU Piracy Watch List

A few weeks ago, various rightsholders shared their Cloudflare concerns with the European Commission. The EU requested input for its biannual ‘Counterfeit and Piracy Watch List’, allowing stakeholders to nominate piracy-affiliated sites and services for inclusion.

In addition to traditional pirate sites, many rightsholders mentioned Cloudflare as a key problem. They accuse the company of indirectly facilitating piracy and shielding the identities of pirate site operators.

For example, music group IFPI complained that while Cloudflare discloses the hosting locations of pirate sites in response to abuse reports, it doesn’t voluntarily share the identity of these pirate customers with rightsholders.

“Where IFPI needs to obtain the customer’s contact information, Cloudflare will only disclose these details following a subpoena or court order – i.e. these disclosures are mandated by law and are not an example of the service’s goodwill or a policy or measures intended to assist IP rights holders,” IFPI wrote.

Video Games Europe offered similar criticism, informing the EU that Cloudflare continues to act as an important intermediary in the delivery of pirated content, without voluntarily sharing private customer details.

“Cloudflare does provide injured parties/trusted partners with the IP-address and name of the host ISP of an infringing website, but does not provide the contact details of the website operators nor cease to render services to these customers,” the group noted.

Cloudflare Responds to EU Commission

Cloudflare is aware of the critique. However, the company doesn’t believe that it should assume the role of anti-piracy arbiter or judge whether rightsholders complaints are valid. Aside from the legal complications, it believes that privacy rights deserve some level of protection.

Rightsholders have increasingly used the EU and US piracy watch list consultations to argue for greater cooperation from online intermediaries. That applies to sharing of customer details, as well as more advanced “know your customer” policies.

The MPA also made a point of this in its submission to the EU Commission, where it listed several key piracy enforcement points.

Cloudflare, however, believes that the EU’s Piracy Watch list should solely focus on bad actors; pirate sites and services. It should not be used as a platform to demand policy change.

“The Commission should not issue a report – even an informal one – that is simply a mechanism for particular stakeholders to air their grievances that entities are not taking particular voluntary action to meet their concerns or to advocate for new policies.”

“Our view is that the Commission’s staff document and Watch List should be limited to Commission-verified allegations of illegal behavior, based on principled and fair legal standards,” Cloudflare adds.

Cloudflare is worried that if concerns about intermediaries are mentioned in the Watch List, even when the Commission doesn’t support them, it will be seen it as an endorsement. This could be used by rightsholders to influence policy discussions elsewhere.

Piracy vs. privacy

Cloudflare warns the EU against copyright holders’ broad generalizations that only focus on the downsides of technology. Those fail to recognize the value of innovative technologies that aim to increase privacy and security for the broader public.

The video game industry, for example, complained that enabling privacy feature Encrypted Client Hello (‘ECH’) makes it hard to block pirate sites . The same technology, on the other hand, greatly benefits user privacy.

“Restricting progress and adoption of new technology tools that help protect the privacy and security of citizens operating online in order to continue the use of outdated means to combat piracy is short-sighted, and bad for Europe’s long term economic development,” Cloudflare notes.

The EU should be exceedingly wary of proposals that limit user privacy and security, to combat piracy. There’s an important trade-off to make either way, one that should not be taken lightly.

Problems still exist without Cloudflare

Concerns aside, Cloudflare stresses that it is open to collaboration with rightsholders and law enforcement. The company has a trusted reporter program, for example, which currently counts roughly 200 organizations.

When these trusted parties report copyright infringements that take place though its reverse proxy and CDN service, Cloudflare shares additional information on the targets, including the origin IP-address of sites in question.

The company doesn’t terminate customer accounts for which it receives multiple complaints. It is not legally obliged to do so and disconnecting customers wouldn’t make much of a difference, the company argues.

Ultimately, pirate sites and services are hosted by third party providers. Taking away the Cloudflare service doesn’t change that.

All in all, Cloudflare believes that sharing hosting provider details in response to piracy complaints is sufficient. It puts rightsholders in the same position they are with any other site or service that doesn’t use its service.

“We believe it is time for rightsholders to shift their comments away from policy advocacy to focus instead on the physical and online markets and websites that are the intended subject of the Watch List report,” Cloudflare concludes.

—

A copy of Cloudflare’s letter to the European Commission, responding to the critique from rightsholders, is available here (pdf)

From: TF , for the latest news on copyright battles, piracy and more.

During 2010/2011, opportunity arose for Hollywood to convince the High Court in London that site-blocking would be a proportionate response to tackle a single Usenet indexing site called Newzbin.

As rightsholders offered assurances that the action would be carefully targeted and strictly limited in scope, the requested injunction was granted in October 2011. Within 14 days, ISP BT would implement blocking to prevent six million customers from accessing the site in the UK. That was a landmark win for the studios; it also laid the foundations for something bigger.

Whether the High Court would’ve acted any differently is unclear, but it certainly wasn’t informed in advance that its decision would effectively seed site-blocking on a global scale, while acting as an official seal of approval.

Not only did the injunction eventually lead to the blocking of tens of thousands of domains locally, the High Court’s decision was used to convince courts all around the world to do the same. Even in countries where blocking already assists mass censorship, governments are routinely encouraged to block more than they do already.

Of course, it’s never enough. Blocking is easily circumvented, which prompts calls for even more blocking. When faster blocking fails to produce results, preemptive and in some cases perpetual blocking is now accepted as normal. News that testing is underway, to block pirate IPTV devices by meddling with the internet’s core routers, is certainly depressing. What it definitely is not, however, is any kind of surprise.

Brazil Embraces Blocking

When Elon Musk and a Brazilian judge became embroiled in a bitter dispute over what can (and cannot) be said online, Brazil’s Supreme Court ordered local ISPs to take action. Using tools developed in recent years to block pirate sites and piracy-configured set-top boxes, the entire X platform was rendered inaccessible in Brazil. When a blocking mechanism is so readily available, the likelihood of it being used to stifle dissent is just a button press away.

Urged on by movie studios in the United States and the global recording industry, Brazil has now fully embraced site-blocking as a convenient anti-piracy solution. Courts have been issuing orders with such frequency it’s now almost impossible to keep up. Details of the entities subjected to blocking aren’t for public consumption, a common trait of site-blocking systems which prevents accountability.

Yet, those who somehow gain access to the blocklist will discover it currently contains around 11,800 domains. The majority are related to piracy and at some others concern outlawed gambling platforms that don’t appear on Brazil’s official whitelist .

The whitelist approach also applies to Android-style set-top boxes. All such devices are now illegal by default, pending state certification authorizing their use.

Building/Blocking Communications Infrastructure

Ensuring that only authorized platforms and devices are accessible in Brazil falls to telecoms regulator Anatel.

In an interview with Tele.Sintese , outgoing Anatel board member Artur Coimbra recalls the lack of internet infrastructure in Brazil as recently as 2010. As head of the National Broadband Plan under the Ministry of Communications, that’s something he personally addressed. For Anatel today, blocking access to pirate websites and preventing unauthorized devices from communicating online is all in a day’s work.

“The topic of combating piracy has evolved significantly. We can already see the impact of this work on customer satisfaction indicators for IPTV boxes. Pirate box brands are receiving worse reviews as time goes by,” Coimbra says.

“This means that the service is getting worse, users are becoming more dissatisfied, and as a result, one day they will no longer use that pirated service. This is a great indicator of the work that Anatel has been doing.”

Automated Site-Blocking Incoming

While blocking a few sites, services, or devices can be managed manually, Coimbra says that automation is the preferred option.

“Today, orders to block pirate boxes are issued manually. We work on call and send the orders to the operators. The operators receive this and implement the IP blocking,” he explains.

“What we are going to do at this point is that these orders will no longer be manual, they will have a common system in which everyone [operators and providers] will have access to the system at the same time.”

While it can be argued that manual systems are prone to errors, automated systems are designed to need much less oversight. Whether that means fewer checks and balances remains to be seen. In general, however, limited oversight is considered a plus in the world of site-blocking.

Oversight Makes Blocking Less Efficient

After many years of putting Brazil under enormous pressure to block pirate sites, the current system involving the courts now blocks thousands of them. Yet in a typical display of incremental demands for improvement, rightsholders now want more.

In a January report to the USTR ( pdf ) , major rightsholders urged ANATEL to “implement an effective system to tackle online piracy within Internet applications and sites based on Bill of Law #3696/2023, which was signed by the President on January 15, 2024, and sets forth an administrative site-blocking provision.”

When a country’s ISPs receive their first request to block a single pirate site, using carefully targeted, strictly limited measures under the supervision of the courts , administrative blocking of tens of thousands of sites is the long-term goal.

This often means blocking measures discussed behind closed doors between mostly commercial entities, with limited or even no oversight from local courts. This is the system preferred by major rightsholders but having inspired Brazil to do more, why should it stop there?

Targeting the Internet’s Backbone

In broad terms, the ‘internet backbone’ is the core infrastructure that combines to form the foundations of the global internet. It is comprised of the fastest, most capable networks, and data travels via high capacity fiber-optics and advanced ‘core’ routers. Operated by commercial companies, government, military and educational institutions, effective backbone networks are critical to the functioning of the wider internet.

Considering the ongoing crisis in Italy where the Piracy Shield system has already caused considerable damage with nothing like the same level of access, the idea of messing with the backbone of the internet seems like a bad dream; now it’s wake-up time.

“The second step, which we still need to evaluate because some companies want it, and others are more hesitant, is to allow Anatel to have access to the core routers to place a direct order on the router,” Coimbra reveals, referencing IPTV blocking.

“In these cases, these companies do not need to have someone on call to receive the [blocking] order and then implement it.”

Already Targeting the Internet’s Backbone

Thanks to the interviewer at Tele.Sintese pressing Coimbra after his initial response, what initially sounds like a plan for the future is suddenly revealed as already underway. Will Anatel really access core routers to block IP addresses used for piracy?

“Companies that deem it convenient can give us limited access, not full access, so that we can perform these blocks directly for non-certified and non-approved equipment. Limited access so that we can only perform these blocks remotely. It would be a kind of virtual seal,” Coimbra adds.

Recall, all devices (mostly Android devices) are illegal without certification, regardless of whether they’re configured for piracy or not. So how long before something like this is actually implemented?

“Participation is voluntary. We are still testing with some companies. So, it will take some time until it actually happens,” Coimbra says. “I can’t say [how long]. Our inspection team is carrying out tests with some operators, I can’t say which ones.”

Limited to Brazil? Or Not…

Most likely quite surprised at the revelation, the interviewer inquires whether this is also happening in other countries.

“I don’t know. Maybe in Spain and Portugal, which are more advanced countries in this fight. But I don’t have that information,” Coimbra responds, randomly naming two countries with which Brazil has consulted extensively on blocking matters.

“It’s critical infrastructure, so it has to be done with great care, with a limited scope. That’s why it has to have the support of the company that feels comfortable,” he concludes.

Blocking with great care and with limited scope are the same arguments presented in London during 2010/11. Due to a lack of transparency, how many domains and IP addresses are currently blocked around the world is impossible to say. That means that it’s impossible to say whether it’s carried out with great care or not.

As for limited scope, Brazil doesn’t appear to be targeting all core routers at the moment. Spain and Portugal, of which nothing is known, may or may not have tested anything at all. By definition, then, the scope is indeed limited and arguing otherwise risks being portrayed as an alarmist who lacks respect for the creative industries.

From: TF , for the latest news on copyright battles, piracy and more.

During 2010/2011, opportunity arose for Hollywood to convince the High Court in London that site-blocking would be a proportionate response to tackle a single Usenet indexing site called Newzbin.

As rightsholders offered assurances that the action would be carefully targeted and strictly limited in scope, the requested injunction was granted in October 2011. Within 14 days, ISP BT would implement blocking to prevent six million customers from accessing the site in the UK. That was a landmark win for the studios; it also laid the foundations for something bigger.

Whether the High Court would’ve acted any differently is unclear, but it certainly wasn’t informed in advance that its decision would effectively seed site-blocking on a global scale, while acting as an official seal of approval.

Not only did the injunction eventually lead to the blocking of tens of thousands of domains locally, the High Court’s decision was used to convince courts all around the world to do the same. Even in countries where blocking already assists mass censorship, governments are routinely encouraged to block more than they do already.

Of course, it’s never enough. Blocking is easily circumvented, which prompts calls for even more blocking. When faster blocking fails to produce results, preemptive and in some cases perpetual blocking is now accepted as normal. News that testing is underway, to block pirate IPTV devices by meddling with the internet’s core routers, is certainly depressing. What it definitely is not, however, is any kind of surprise.

Brazil Embraces Blocking

When Elon Musk and a Brazilian judge became embroiled in a bitter dispute over what can (and cannot) be said online, Brazil’s Supreme Court ordered local ISPs to take action. Using tools developed in recent years to block pirate sites and piracy-configured set-top boxes, the entire X platform was rendered inaccessible in Brazil. When a blocking mechanism is so readily available, the likelihood of it being used to stifle dissent is just a button press away.

Urged on by movie studios in the United States and the global recording industry, Brazil has now fully embraced site-blocking as a convenient anti-piracy solution. Courts have been issuing orders with such frequency it’s now almost impossible to keep up. Details of the entities subjected to blocking aren’t for public consumption, a common trait of site-blocking systems which prevents accountability.

Yet, those who somehow gain access to the blocklist will discover it currently contains around 11,800 domains. The majority are related to piracy and at some others concern outlawed gambling platforms that don’t appear on Brazil’s official whitelist .

The whitelist approach also applies to Android-style set-top boxes. All such devices are now illegal by default, pending state certification authorizing their use.

Building/Blocking Communications Infrastructure

Ensuring that only authorized platforms and devices are accessible in Brazil falls to telecoms regulator Anatel.

In an interview with Tele.Sintese , outgoing Anatel board member Artur Coimbra recalls the lack of internet infrastructure in Brazil as recently as 2010. As head of the National Broadband Plan under the Ministry of Communications, that’s something he personally addressed. For Anatel today, blocking access to pirate websites and preventing unauthorized devices from communicating online is all in a day’s work.

“The topic of combating piracy has evolved significantly. We can already see the impact of this work on customer satisfaction indicators for IPTV boxes. Pirate box brands are receiving worse reviews as time goes by,” Coimbra says.

“This means that the service is getting worse, users are becoming more dissatisfied, and as a result, one day they will no longer use that pirated service. This is a great indicator of the work that Anatel has been doing.”

Automated Site-Blocking Incoming

While blocking a few sites, services, or devices can be managed manually, Coimbra says that automation is the preferred option.

“Today, orders to block pirate boxes are issued manually. We work on call and send the orders to the operators. The operators receive this and implement the IP blocking,” he explains.

“What we are going to do at this point is that these orders will no longer be manual, they will have a common system in which everyone [operators and providers] will have access to the system at the same time.”

While it can be argued that manual systems are prone to errors, automated systems are designed to need much less oversight. Whether that means fewer checks and balances remains to be seen. In general, however, limited oversight is considered a plus in the world of site-blocking.

Oversight Makes Blocking Less Efficient

After many years of putting Brazil under enormous pressure to block pirate sites, the current system involving the courts now blocks thousands of them. Yet in a typical display of incremental demands for improvement, rightsholders now want more.

In a January report to the USTR ( pdf ) , major rightsholders urged ANATEL to “implement an effective system to tackle online piracy within Internet applications and sites based on Bill of Law #3696/2023, which was signed by the President on January 15, 2024, and sets forth an administrative site-blocking provision.”

When a country’s ISPs receive their first request to block a single pirate site, using carefully targeted, strictly limited measures under the supervision of the courts , administrative blocking of tens of thousands of sites is the long-term goal.

This often means blocking measures discussed behind closed doors between mostly commercial entities, with limited or even no oversight from local courts. This is the system preferred by major rightsholders but having inspired Brazil to do more, why should it stop there?

Targeting the Internet’s Backbone

In broad terms, the ‘internet backbone’ is the core infrastructure that combines to form the foundations of the global internet. It is comprised of the fastest, most capable networks, and data travels via high capacity fiber-optics and advanced ‘core’ routers. Operated by commercial companies, government, military and educational institutions, effective backbone networks are critical to the functioning of the wider internet.

Considering the ongoing crisis in Italy where the Piracy Shield system has already caused considerable damage with nothing like the same level of access, the idea of messing with the backbone of the internet seems like a bad dream; now it’s wake-up time.

“The second step, which we still need to evaluate because some companies want it, and others are more hesitant, is to allow Anatel to have access to the core routers to place a direct order on the router,” Coimbra reveals, referencing IPTV blocking.

“In these cases, these companies do not need to have someone on call to receive the [blocking] order and then implement it.”

Already Targeting the Internet’s Backbone

Thanks to the interviewer at Tele.Sintese pressing Coimbra after his initial response, what initially sounds like a plan for the future is suddenly revealed as already underway. Will Anatel really access core routers to block IP addresses used for piracy?

“Companies that deem it convenient can give us limited access, not full access, so that we can perform these blocks directly for non-certified and non-approved equipment. Limited access so that we can only perform these blocks remotely. It would be a kind of virtual seal,” Coimbra adds.

Recall, all devices (mostly Android devices) are illegal without certification, regardless of whether they’re configured for piracy or not. So how long before something like this is actually implemented?

“Participation is voluntary. We are still testing with some companies. So, it will take some time until it actually happens,” Coimbra says. “I can’t say [how long]. Our inspection team is carrying out tests with some operators, I can’t say which ones.”

Limited to Brazil? Or Not…

Most likely quite surprised at the revelation, the interviewer inquires whether this is also happening in other countries.

“I don’t know. Maybe in Spain and Portugal, which are more advanced countries in this fight. But I don’t have that information,” Coimbra responds, randomly naming two countries with which Brazil has consulted extensively on blocking matters.

“It’s critical infrastructure, so it has to be done with great care, with a limited scope. That’s why it has to have the support of the company that feels comfortable,” he concludes.

Blocking with great care and with limited scope are the same arguments presented in London during 2010/11. Due to a lack of transparency, how many domains and IP addresses are currently blocked around the world is impossible to say. That means that it’s impossible to say whether it’s carried out with great care or not.

As for limited scope, Brazil doesn’t appear to be targeting all core routers at the moment. Spain and Portugal, of which nothing is known, may or may not have tested anything at all. By definition, then, the scope is indeed limited and arguing otherwise risks being portrayed as an alarmist who lacks respect for the creative industries.

From: TF , for the latest news on copyright battles, piracy and more.

During 2010/2011, opportunity arose for Hollywood to convince the High Court in London that site-blocking would be a proportionate response to tackle a single Usenet indexing site called Newzbin.

As rightsholders offered assurances that the action would be carefully targeted and strictly limited in scope, the requested injunction was granted in October 2011. Within 14 days, ISP BT would implement blocking to prevent six million customers from accessing the site in the UK. That was a landmark win for the studios; it also laid the foundations for something bigger.

Whether the High Court would’ve acted any differently is unclear, but it certainly wasn’t informed in advance that its decision would effectively seed site-blocking on a global scale, while acting as an official seal of approval.

Not only did the injunction eventually lead to the blocking of tens of thousands of domains locally, the High Court’s decision was used to convince courts all around the world to do the same. Even in countries where blocking already assists mass censorship, governments are routinely encouraged to block more than they do already.

Of course, it’s never enough. Blocking is easily circumvented, which prompts calls for even more blocking. When faster blocking fails to produce results, preemptive and in some cases perpetual blocking is now accepted as normal. News that testing is underway, to block pirate IPTV devices by meddling with the internet’s core routers, is certainly depressing. What it definitely is not, however, is any kind of surprise.

Brazil Embraces Blocking

When Elon Musk and a Brazilian judge became embroiled in a bitter dispute over what can (and cannot) be said online, Brazil’s Supreme Court ordered local ISPs to take action. Using tools developed in recent years to block pirate sites and piracy-configured set-top boxes, the entire X platform was rendered inaccessible in Brazil. When a blocking mechanism is so readily available, the likelihood of it being used to stifle dissent is just a button press away.

Urged on by movie studios in the United States and the global recording industry, Brazil has now fully embraced site-blocking as a convenient anti-piracy solution. Courts have been issuing orders with such frequency it’s now almost impossible to keep up. Details of the entities subjected to blocking aren’t for public consumption, a common trait of site-blocking systems which prevents accountability.

Yet, those who somehow gain access to the blocklist will discover it currently contains around 11,800 domains. The majority are related to piracy and at some others concern outlawed gambling platforms that don’t appear on Brazil’s official whitelist .

The whitelist approach also applies to Android-style set-top boxes. All such devices are now illegal by default, pending state certification authorizing their use.

Building/Blocking Communications Infrastructure

Ensuring that only authorized platforms and devices are accessible in Brazil falls to telecoms regulator Anatel.

In an interview with Tele.Sintese , outgoing Anatel board member Artur Coimbra recalls the lack of internet infrastructure in Brazil as recently as 2010. As head of the National Broadband Plan under the Ministry of Communications, that’s something he personally addressed. For Anatel today, blocking access to pirate websites and preventing unauthorized devices from communicating online is all in a day’s work.

“The topic of combating piracy has evolved significantly. We can already see the impact of this work on customer satisfaction indicators for IPTV boxes. Pirate box brands are receiving worse reviews as time goes by,” Coimbra says.

“This means that the service is getting worse, users are becoming more dissatisfied, and as a result, one day they will no longer use that pirated service. This is a great indicator of the work that Anatel has been doing.”

Automated Site-Blocking Incoming

While blocking a few sites, services, or devices can be managed manually, Coimbra says that automation is the preferred option.

“Today, orders to block pirate boxes are issued manually. We work on call and send the orders to the operators. The operators receive this and implement the IP blocking,” he explains.

“What we are going to do at this point is that these orders will no longer be manual, they will have a common system in which everyone [operators and providers] will have access to the system at the same time.”

While it can be argued that manual systems are prone to errors, automated systems are designed to need much less oversight. Whether that means fewer checks and balances remains to be seen. In general, however, limited oversight is considered a plus in the world of site-blocking.

Oversight Makes Blocking Less Efficient

After many years of putting Brazil under enormous pressure to block pirate sites, the current system involving the courts now blocks thousands of them. Yet in a typical display of incremental demands for improvement, rightsholders now want more.

In a January report to the USTR ( pdf ) , major rightsholders urged ANATEL to “implement an effective system to tackle online piracy within Internet applications and sites based on Bill of Law #3696/2023, which was signed by the President on January 15, 2024, and sets forth an administrative site-blocking provision.”

When a country’s ISPs receive their first request to block a single pirate site, using carefully targeted, strictly limited measures under the supervision of the courts , administrative blocking of tens of thousands of sites is the long-term goal.

This often means blocking measures discussed behind closed doors between mostly commercial entities, with limited or even no oversight from local courts. This is the system preferred by major rightsholders but having inspired Brazil to do more, why should it stop there?

Targeting the Internet’s Backbone

In broad terms, the ‘internet backbone’ is the core infrastructure that combines to form the foundations of the global internet. It is comprised of the fastest, most capable networks, and data travels via high capacity fiber-optics and advanced ‘core’ routers. Operated by commercial companies, government, military and educational institutions, effective backbone networks are critical to the functioning of the wider internet.

Considering the ongoing crisis in Italy where the Piracy Shield system has already caused considerable damage with nothing like the same level of access, the idea of messing with the backbone of the internet seems like a bad dream; now it’s wake-up time.

“The second step, which we still need to evaluate because some companies want it, and others are more hesitant, is to allow Anatel to have access to the core routers to place a direct order on the router,” Coimbra reveals, referencing IPTV blocking.

“In these cases, these companies do not need to have someone on call to receive the [blocking] order and then implement it.”

Already Targeting the Internet’s Backbone

Thanks to the interviewer at Tele.Sintese pressing Coimbra after his initial response, what initially sounds like a plan for the future is suddenly revealed as already underway. Will Anatel really access core routers to block IP addresses used for piracy?

“Companies that deem it convenient can give us limited access, not full access, so that we can perform these blocks directly for non-certified and non-approved equipment. Limited access so that we can only perform these blocks remotely. It would be a kind of virtual seal,” Coimbra adds.

Recall, all devices (mostly Android devices) are illegal without certification, regardless of whether they’re configured for piracy or not. So how long before something like this is actually implemented?

“Participation is voluntary. We are still testing with some companies. So, it will take some time until it actually happens,” Coimbra says. “I can’t say [how long]. Our inspection team is carrying out tests with some operators, I can’t say which ones.”

Limited to Brazil? Or Not…

Most likely quite surprised at the revelation, the interviewer inquires whether this is also happening in other countries.

“I don’t know. Maybe in Spain and Portugal, which are more advanced countries in this fight. But I don’t have that information,” Coimbra responds, randomly naming two countries with which Brazil has consulted extensively on blocking matters.

“It’s critical infrastructure, so it has to be done with great care, with a limited scope. That’s why it has to have the support of the company that feels comfortable,” he concludes.

Blocking with great care and with limited scope are the same arguments presented in London during 2010/11. Due to a lack of transparency, how many domains and IP addresses are currently blocked around the world is impossible to say. That means that it’s impossible to say whether it’s carried out with great care or not.

As for limited scope, Brazil doesn’t appear to be targeting all core routers at the moment. Spain and Portugal, of which nothing is known, may or may not have tested anything at all. By definition, then, the scope is indeed limited and arguing otherwise risks being portrayed as an alarmist who lacks respect for the creative industries.

From: TF , for the latest news on copyright battles, piracy and more.

Last year, Braflix was added to the ever-growing list of flix-inspired pirate streaming sites.

Reportedly operating from Brazil, the site offered a clean interface, relying on third-party sources to provide a gateway to pirated movies and TV shows.

The site had no obvious connections to other large streaming cabals, such as the massive Fmovies operation. This worked to its advantage initially, as most anti-piracy resources typically go into shutting down the largest threats.

Target: Braflix

When Fmovies was shut down this summer, these priorities changed. In June Braflix was targeted in a DMCA subpoena obtained by the MPA and ACE and in August, the MPA flagged Braflix as a severe piracy threat in an EU consultation.

“Braflix.video is a popular streaming site operated from Brazil that offers a large library of titles, including movies, TV shows, live channels, anime, and K-dramas subtitled in several different languages,” MPA informed the EU .

These and other enforcement efforts didn’t go unnoticed. The site, which had amassed over a million monthly visits by then, moved from its braflix.video domain to several new domain names in recent months.

In addition, Braflix was taken offline by its hosting provider following a series of DMCA complaints. The operator was able to host the site elsewhere, but the pressure didn’t fade. Switching to more new domains including braflix.ru and most recently braflix.is, didn’t help either.

Braflix Shuts Down

Early this morning, Braflix announced that it will throw in the towel. In its Discord channel, the site mentions that it received cease and desist notices from City of London Police and the MPA. No further details were mentioned.

“Braflix is ​​officially closed. Thank you to everyone who participated in this incredible story, who helped us build a strong community,” the site writes.

At the time of writing the site remains online but, according to the Discord message, it is expected to shut down in a matter of hours. The operators say the domain transfer keys have been sent to the complaining parties, and they expect that it will soon redirect to ACE’s “ watch legally ” page. (update: it’s now redirecting to ACE)

“We are sorry that we can no longer continue fighting for our cause of free entertainment for everyone, but we have too much to lose, so the best option is to stop,” Braflix adds.

Braflix notes, under pressure, that producers and the broader movie industry should be supported. It remains to be seen whether the site’s users agree with this sentiment, as many are currently actively discussing alternative options.

Whack-a-Flix?

This is not the first time that a pirate streaming site has shut down voluntarily in the face of legal pressure. While this team is not likely to use the same brand in the future, others might still hijack it to lure former users.

While Braflix’s demise is a victory for rightsholders, it’s also exemplary of the seemingly unending pirate site whack-a-mole. There always appears to be new ‘teams’ eager to fill the void.

At the same time, not everything is always what it seems. While Braflix has promised to shut down, there are other sites that look near identical, using similar code, that remain online. We don’t want to draw any conclusions based on these observations, but the ‘Whack-a-Flix’ isn’t over yet.

Users of these sites are familiar with ‘the drill’ too. Where shutdowns of pirate sites used to be a big deal, they are a common occurrence today. Most pirates simply shrug their shoulders and movee on to the next streaming portal.

“Braflix has been my go to for months now! Damn, RIP – on to the next one,” one Redditor illustratively writes.

From: TF , for the latest news on copyright battles, piracy and more.

Last year, Braflix was added to the ever-growing list of flix-inspired pirate streaming sites.

Reportedly operating from Brazil, the site offered a clean interface, relying on third-party sources to provide a gateway to pirated movies and TV shows.

The site had no obvious connections to other large streaming cabals, such as the massive Fmovies operation. This worked to its advantage initially, as most anti-piracy resources typically go into shutting down the largest threats.

Target: Braflix

When Fmovies was shut down this summer, these priorities changed. In June Braflix was targeted in a DMCA subpoena obtained by the MPA and ACE and in August, the MPA flagged Braflix as a severe piracy threat in an EU consultation.

“Braflix.video is a popular streaming site operated from Brazil that offers a large library of titles, including movies, TV shows, live channels, anime, and K-dramas subtitled in several different languages,” MPA informed the EU .

These and other enforcement efforts didn’t go unnoticed. The site, which had amassed over a million monthly visits by then, moved from its braflix.video domain to several new domain names in recent months.

In addition, Braflix was taken offline by its hosting provider following a series of DMCA complaints. The operator was able to host the site elsewhere, but the pressure didn’t fade. Switching to more new domains including braflix.ru and most recently braflix.is, didn’t help either.

Braflix Shuts Down

Early this morning, Braflix announced that it will throw in the towel. In its Discord channel, the site mentions that it received cease and desist notices from City of London Police and the MPA. No further details were mentioned.

“Braflix is ​​officially closed. Thank you to everyone who participated in this incredible story, who helped us build a strong community,” the site writes.

At the time of writing the site remains online but, according to the Discord message, it is expected to shut down in a matter of hours. The operators say the domain transfer keys have been sent to the complaining parties, and they expect that it will soon redirect to ACE’s “ watch legally ” page. (update: it’s now redirecting to ACE)

“We are sorry that we can no longer continue fighting for our cause of free entertainment for everyone, but we have too much to lose, so the best option is to stop,” Braflix adds.

Braflix notes, under pressure, that producers and the broader movie industry should be supported. It remains to be seen whether the site’s users agree with this sentiment, as many are currently actively discussing alternative options.

Whack-a-Flix?

This is not the first time that a pirate streaming site has shut down voluntarily in the face of legal pressure. While this team is not likely to use the same brand in the future, others might still hijack it to lure former users.

While Braflix’s demise is a victory for rightsholders, it’s also exemplary of the seemingly unending pirate site whack-a-mole. There always appears to be new ‘teams’ eager to fill the void.

At the same time, not everything is always what it seems. While Braflix has promised to shut down, there are other sites that look near identical, using similar code, that remain online. We don’t want to draw any conclusions based on these observations, but the ‘Whack-a-Flix’ isn’t over yet.

Users of these sites are familiar with ‘the drill’ too. Where shutdowns of pirate sites used to be a big deal, they are a common occurrence today. Most pirates simply shrug their shoulders and movee on to the next streaming portal.

“Braflix has been my go to for months now! Damn, RIP – on to the next one,” one Redditor illustratively writes.

From: TF , for the latest news on copyright battles, piracy and more.

Last year, Braflix was added to the ever-growing list of flix-inspired pirate streaming sites.

Reportedly operating from Brazil, the site offered a clean interface, relying on third-party sources to provide a gateway to pirated movies and TV shows.

The site had no obvious connections to other large streaming cabals, such as the massive Fmovies operation. This worked to its advantage initially, as most anti-piracy resources typically go into shutting down the largest threats.

Target: Braflix

When Fmovies was shut down this summer, these priorities changed. In June Braflix was targeted in a DMCA subpoena obtained by the MPA and ACE and in August, the MPA flagged Braflix as a severe piracy threat in an EU consultation.

“Braflix.video is a popular streaming site operated from Brazil that offers a large library of titles, including movies, TV shows, live channels, anime, and K-dramas subtitled in several different languages,” MPA informed the EU .

These and other enforcement efforts didn’t go unnoticed. The site, which had amassed over a million monthly visits by then, moved from its braflix.video domain to several new domain names in recent months.

In addition, Braflix was taken offline by its hosting provider following a series of DMCA complaints. The operator was able to host the site elsewhere, but the pressure didn’t fade. Switching to more new domains including braflix.ru and most recently braflix.is, didn’t help either.

Braflix Shuts Down

Early this morning, Braflix announced that it will throw in the towel. In its Discord channel, the site mentions that it received cease and desist notices from City of London Police and the MPA. No further details were mentioned.

“Braflix is ​​officially closed. Thank you to everyone who participated in this incredible story, who helped us build a strong community,” the site writes.

At the time of writing the site remains online but, according to the Discord message, it is expected to shut down in a matter of hours. The operators say the domain transfer keys have been sent to the complaining parties, and they expect that it will soon redirect to ACE’s “ watch legally ” page. (update: it’s now redirecting to ACE)

“We are sorry that we can no longer continue fighting for our cause of free entertainment for everyone, but we have too much to lose, so the best option is to stop,” Braflix adds.

Braflix notes, under pressure, that producers and the broader movie industry should be supported. It remains to be seen whether the site’s users agree with this sentiment, as many are currently actively discussing alternative options.

Whack-a-Flix?

This is not the first time that a pirate streaming site has shut down voluntarily in the face of legal pressure. While this team is not likely to use the same brand in the future, others might still hijack it to lure former users.

While Braflix’s demise is a victory for rightsholders, it’s also exemplary of the seemingly unending pirate site whack-a-mole. There always appears to be new ‘teams’ eager to fill the void.

At the same time, not everything is always what it seems. While Braflix has promised to shut down, there are other sites that look near identical, using similar code, that remain online. We don’t want to draw any conclusions based on these observations, but the ‘Whack-a-Flix’ isn’t over yet.

Users of these sites are familiar with ‘the drill’ too. Where shutdowns of pirate sites used to be a big deal, they are a common occurrence today. Most pirates simply shrug their shoulders and movee on to the next streaming portal.

“Braflix has been my go to for months now! Damn, RIP – on to the next one,” one Redditor illustratively writes.

From: TF , for the latest news on copyright battles, piracy and more.