Piracy Crisis: Cloudflare Says LaLiga Knew Dangers, Blocked IP Address Anyway

Unexplained chaos at ISPs Movistar and DIGI has prevented some customers from accessing many sites using Cloudflare for over a week. Simultaneously, football league LaLiga stated they are working to shut down pirate streaming platforms, warning Cloudflare and others that they consider them responsible for profiting from piracy. Since statements now link these two events, Spain has a crisis on its hands.

Site-blocking is controversial and has been right from the beginning. The idea that powerful companies could gain authority from the courts to interfere in residential access to the internet, was initially dismissed as insane.

In time, those who protested the loudest were the ones dismissed as deluded. Their warnings, that handing internet blocking powers to rightsholders would eventually end in disaster, were subsequently dismissed by governments and national courts all around Europe. Politicians often dismissed these concerns, citing safeguards and suggesting such problems were impossible.

If the events of the past week are connected, as the evidence suggests, Spain faces a significant problem. While some may call for intervention to de-escalate the situation, this could be a missed opportunity to address the underlying issues.

A Week of Disruption at ISPs

To prevent piracy, Spain’s top football league LaLiga has permission from the courts to compel ISPs, including Movistar and DIGI, to block access to pirate sites. For roughly a week, customers of Movistar and DIGI have been complaining that seemingly random sites were refusing to load for no obvious reason. Tests conducted on mobile phones, however, showed no problems.

Some pointed out that Cloudflare might be the root of the problem, since the platform had been identified as the common denominator in all instances of sites refusing to load. That claim also faced challenges. Cloudflare was working just fine for some sites, but not for others. A growing consensus suggested that the problems only affected a specific Cloudflare IP address or addresses.

The situation was worsened by the ISPs’ apparent lack of information; they provided no useful responses about the cause of the problems or when they might be resolved. These telecommunications companies depend on their ability to provide communication services. The suggestion that they were unaware of the cause is highly unlikely.

Unconfirmed reports indicate that some complaining customers were given additional mobile data to access the blocked sites. As compensation for a technical issue, that might work. In reality, the ISPs likely knew more than they were giving away.

Cloudflare Customers Also Affected

In parallel, Cloudflare customers were reporting similar issues; more specifically, Cloudflare customers who are also customers of Movistar, or Cloudflare customers who run websites that customers of Movistar could no longer visit.

With no (initial) official response or announcement from Cloudflare, sysadmin @jaumepons posted a link on X showing how a tracert (or traceroute) launched from over 200 locations in Spain, from different operators, revealing significant issues with two specific ISPs.

“I leave you here a tracert to a Cloudflare IP launched from 230 different points in the country, from different operators. Then you go to “Results”, sort by operator “ASN” and you will see what those from @movistar are doing, and also @digimobil_es,” @jaumepons wrote.

Those interested are invited to check for themselves but the stream of red crosses in the ‘SUCCESS’ column shows that AS3352, registered to Movistar parent company Telefonica, had major connectivity problems. The fact that these issues did not affect all Cloudflare IP addresses complicated the situation but also strengthened suspicions of IP address blocking.

LaLiga ‘Deactivates’ DuckVision

When enforcement action shuts down pirate sites in the physical world, press releases tend to reference towns, cities, the number of officers involved, potentially the arrests of those who operate them, plus any evidence seized in the operation. When less typical words are used to describe a site’s demise, it’s worth considering whether ambiguity serves any purpose.

In an announcement published on the LaLiga website late Sunday, the country’s top football league led with the headline below.

Image credit: LaLiga

“LALIGA remains committed to fighting against audiovisual fraud and the consumption of illegal content through various initiatives and legal actions,” the announcement began.

“Now, thanks to the coordination of a specialized team, LALIGA has managed to deactivate DuckVision with immediate effect. This is a pirate platform that offered illegal access to live sports content, including the Spanish competition, to more than 200,000 people in Spain alone.”

Deactivate

The decision to use the word ‘deactivate’ rather than ‘shut down’ gains relevance when, seemingly out of nowhere, Cloudflare finds itself mentioned in the same breath.

“DuckVision consisted of a web application that invited people to download an Android app that had more than 200,000 active users in Spain during the month of January 2025, according to data.ai, and was covered by the service of the American technology company Cloudflare, which intentionally protects criminal organizations in order to make a profit.”

In the absence of ISPs making a clear statement, and previous comments that Cloudflare’s protection can’t be beaten, we can assume that DuckVision was dealt with differently. It wasn’t shut down, clearly, but it was ‘deactivated’ which sounds like a euphemism for blocking measures.

A less ambiguous statement wouldn’t have been difficult to put together. However, a reasonable person might get the impression that, since Cloudflare is considered part of the problem, and DuckVision’s IP addresses were successfully protected by Cloudflare, the only way to “deactivate” DuckVision was to block Cloudflare IP addresses.

While offering a potential explanation for the woes at Movistar, this theory still lacks confirmation that the two events are connected in any way. Or at least that was the case; not any more.

Telefonica, Movistar, and Cloudflare Break Silence

After declining Xataka’s request to explain connectivity problems at Movistar, Telefonica and Movistar have provided statements of sorts; hardly detailed but clearly enough to answer the big question.

“[A]s an operator we comply with any type of court order received regarding illegal content,” Telefonica said.

“[A]s an operator we comply with any type of court order received regarding illegal content,” Movistar said.

“As we have pointed out on previous occasions in this regard, DIGI respects and complies with court orders,” DIGI explained.

Cloudflare had much more to say and its testimony couldn’t be any more damning.

Cloudflare: LaLiga Understood Dangers, Went Ahead Anyway

Cloudflare’s statement in full (emphasis added):

Cloudflare provides security and reliability services to millions of websites, helping to prevent cyberattacks and make the Internet safer. Like virtually all major cloud service providers, Cloudflare uses shared IP addresses to manage its network, meaning that thousands of domains can be accessed with a single IP address.

 

Cloudflare has repeatedly warned about the consequences of IP blocking that fundamentally ignores the way the Internet works. Indeed, other governments in Europe have acknowledged these concerns and concluded that IP blocking violates net neutrality. Although LaLiga clearly understood that blocking shared IP addresses would affect the rights of millions of consumers to access hundreds of thousands of websites that do not break the law, LaLiga went ahead with the blocking. This appears to reflect a mistaken belief that its commercial interests should take precedence over the rights of millions of consumers to access the open Internet.

 

At the same time, Cloudflare regularly speaks with rights holders and policy makers about better ways to combat illegal piracy and online abuse. While Cloudflare cannot remove content from the Internet that it does not host, we have well-developed abuse processes in place to help by connecting rights holders with service providers who can take effective action. We will continue to push for rational solutions to combat illegal piracy that do not impact the rights of millions of Europeans to browse the Internet.

Cloudflare’s statement needs no explanation, but two issues deserve highlighting.

Massively Disproportionate, Deliberate Action

According to LaLiga’s statement, its target behind Cloudflare was a webpage with instructions on how to download an Android app. If that app was the means of accessing the content, that raises an important question;

When Cloudflare’s IP address was blocked, did that ‘deactivate’ both the app and the pirated content available through it? If not, blocking many innocent websites appears to have been weighed against the benefit of blocking an instructional web page.

Cloudflare’s suggestion this was done deliberately could make this a matter for the European Commission, at minimum.

Perhaps even more remarkable is the unwillingness of the ISPs to do anything, despite having the power to do so. The complication, of course, is that Telefonica and Movistar have licenses to distribute LaLiga content, and very little incentive to step in.

Ultimately, customers of Movistar have suffered the most as individuals. This means that a decision was made to block Cloudflare, in the knowledge that Movistar subscribers would face the most disruption, and then Movistar was instructed to carry out the blocking against its own customers.

As the court envisioned, apparently.

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of January): 487

RIP Matrix | Farewell my friend