Jump to content

Search the Community

Showing results for tags 'cloudflare'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

  1. The Court of Rome has confirmed that Cloudflare must block three torrent sites through its public 1.1.1.1 DNS resolver. The blockade was requested by several major record labels and arrives after Italy's telecoms regulator ordered local ISPs to block the sites. Cloudflare is not pleased with the order and previously noted that such broad measures set a dangerous precedent. Website blocking has become an increasingly common anti-piracy tool around the globe. In dozens of countries, ISPs have been ordered by courts to block pirate sites, usually on copyright grounds. More recently, neutral DNS providers have been targeted as well. Earlier this year, an Italian court ordered Cloudflare to block three torrent sites on its public 1.1.1.1 DNS resolver. The order applies to kickasstorrents.to, limetorrents.pro, and ilcorsaronero.pro, three domains that are already blocked by ISPs in Italy following an order from local regulator AGCOM. Cloudflare Appeals DNS Blocking Order Disappointed by the ruling, Cloudflare filed an appeal at the Court of Milan. The internet infrastructure company doesn’t object to blocking requests that target its customers’ websites but believes that interfering with its DNS resolver is problematic, as those measures are not easy to restrict geographically. “Because such a block would apply globally to all users of the resolver, regardless of where they are located, it would affect end users outside of the blocking government’s jurisdiction,” Cloudflare recently said. “We therefore evaluate any government requests or court orders to block content through a globally available public recursive resolver as requests or orders to block content globally.” At the court of appeal, Cloudflare argued that DNS blocking is an ineffective measure that can be easily bypassed, with a VPN for example. In addition, it contested that it is subject to the jurisdiction of an Italian court. Court Dismisses Appeal Cloudflare’s defenses failed to gain traction in court and its appeal was dismissed. DNS blocking may not be a perfect solution, but that doesn’t mean that Cloudflare can’t be compelled to intervene. The dismissal is a win for Sony Music, Warner Music, and Universal, the companies behind the complaint. It’s also seen as a clear victory by Enzo Mazza, CEO of the Italian music industry group FIMI. “This is an important decision for Italy and beyond. Cloudflare, as well as other intermediaries providing similar services, should step up their efforts in preventing users access to illegal websites which were ordered to be blocked,” Mazza says. Global music industry group IFPI agrees. According to Chief Executive Frances Moore, the order sets an important precedent. “By upholding the original order against CloudFlare, the Court of Milan has set an important precedent that online intermediaries can be required to take effective action if their services are used for music piracy,” Moore notes. A Precedent This is the first time that Cloudflare has been ordered to make pirate sites unavailable through its public DNS resolver 1.1.1.1. This is an important expansion since many Italians switched to public DNS resolvers to bypass ISP blocking measures. With the court order, rightsholders can remove this shortcut. While this type of order is new in Italy, a similar blocking injunction was requested in Germany last year. A local court ordered DNS provider Quad9 to block a pirate site but the decision is still under appeal. Cloudflare believes that these types of orders set a dangerous precedent. The company previously said that it hadn’t actually blocked content through the 1.1.1.1 Public DNS Resolver. Instead, it implemented an “alternative remedy” to comply with the Italian court order. TorrentFreak reached out to Cloudflare for a comment on the dismissal but we received no immediate response. — A copy of the court of appeal’s decision is available here Court Upholds Piracy Blocking Order Against Cloudflare’s 1.1.1.1 DNS Resolver
  2. Cloudflare has announced the open beta of Turnstile, an invisible alternative to CAPTCHAs that anyone can use on their website by calling a simple API. It hopes that Turnstile will allow you to get onto websites quicker and in a less frustrating way than solving a CAPTCHA puzzle or entering a bunch of letters and numbers. Instead of the user having to interact with a simple puzzle, the Turnstile system uses non-intrusive challenges based on telemetry and client behaviour during a session. Cloudflare said that as Turnstile challenges become less effective, they will be rotated out for new ones, keeping malicious actors at bay. Explaining how it works in a bit more detail, Cloudflare said: “With Turnstile, we adapt the actual challenge outcome to the individual visitor/browser. First we run a series of small non-interactive JavaScript challenges gathering more signals about the visitor/browser environment. Those challenges include proof-of-work, proof-of-space, probing for web APIs, and various other challenges for detecting browser-quirks and human behavior. As a result, we can fine-tune the difficulty of the challenge to the specific request. Turnstile also includes machine learning models that detect common features of end visitors who were able to pass a challenge before. The computational hardness of those initial challenges may vary by visitor, but is targeted to run fast.” Setting up Turnstile on your website is very easy, just create a Cloudflare account and go to the Turnstile tab on the navigation bar. Here you can get a sitekey and secret key. You’ll then need to copy some JavaScript code from the dashboard and use it to replace your existing CAPTCHA JavaScript. Cloudflare then says you need to update the server-side integration by replacing the old siteverify URL with Cloudflare's. Cloudflare announces invisible alternative to CAPTCHAs
  3. Popular reading app AnyStories has filed a complaint against Cloudflare at the Copyright Claims Board. According to the Singaporean company, Cloudflare should be required to take action against customers who operate pirate sites, even if it doesn't host the content. In June, the US Copyright Claims Board was launched. Through this venue, hosted at the US Copyright Office, rightsholders can try to recoup alleged damages outside the federal court system. More than one hundred and fifty cases have been filed thus far. Some of these have been dismissed for administrative reasons or opt-outs, but the board has yet to issue its first verdict. A few days ago a new case was added to the growing pile of claims. It features popular reading app AnyStories, which allows independent authors to share their writings in public and earn revenue from them, going up against Cloudflare. Like any type of content that’s published online, AnyStories’ content is easily copied. This is a thorn in the side of the app’s creators, Singapore company READ ASAP LTD, which has taken action in response. From Google to Cloudflare The company sent DMCA takedown notices to Google which removed hundreds of infringing links from its search results in response. The pirate sites themselves typically remained online, so further action was needed. Hoping for a breakthrough, AnyStories also sent DMCA notices to Cloudflare, calling out Infobagh.com as a pirate site. While Cloudflare provides CDN services for that site, it’s not the hosting company. This means that Cloudflare generally doesn’t intervene. Instead, Cloudflare shared the name and contact information of the site’s hosting company (24xservice) and asked ‘READ ASAP’ to follow the issue up with them. AnyStories tried, but says that the email address provided for the hosting company didn’t work. The company wasn’t pleased with Cloudflare’s handling of the case and, on several occasions, asked the company to do more. “As a network service provider, you have the obligation to provide us with information to help us defend our rights. You have not provided us with valid information. Our infringement is ongoing and if you do not take any action now, we will take action to protect our rights.” Copyright Claims Board Threats The app’s creators asked Cloudflare to contact the host on its behalf to ensure the infringing content was removed. “Pls deal with this matter immediately, pls contact the hosting provider immediately and ask them to remove the infringing web!!!!” READ ASAP wrote. “If you do not deal with this matter now, based on the DMCA, we have informed you several times, but you did not do your duty of care, we will directly file a claim against you at Copyright Claims Board.” Cloudflare has no legal obligation under the DMCA to contact its customers’ hosting companies but it does forward takedown notices. However, that wasn’t enough for AnyStories, which followed up on its threats by filing a complaint at the Copyright Claims Board. Apology Please The claim lists one infobagh.com URL where a copy of a story titled “The Silver Hope” by David Travilla Tacadena is made available. However, READ ASAP stresses that infringements are causing a decline in revenues for other authors too. With its complaint the company hopes to stop the piracy. In addition, an apology would be appreciated as well. “We hope that the pirated websites will apologize to us and immediately remove our exclusive works. We tried many ways to leave messages often without contacting the infringing website. Finally, we tried to find the service provider, but they cannot give the invalid message and don’t deal with it,” the claim reads. Interestingly, there is no request for monetary damages. Also, the literary work that’s listed is not yet registered at the U.S. Copyright Office, which is required before the Copyright Claims Board can take on the case. The above means that AnyStories still has some work to do before the case can continue and Cloudflare can still choose to opt out of the proceeding. If that’s the case, the app’s creators will need to hire an attorney and go to federal court to pursue their claim. AnyStories Drags Cloudflare to the Copyright Claims Board Over Pirate Site
  4. Copyright holders are expanding their web-blocking horizons by going after DNS resolvers. Cloudflare is one of the key players that's being targeted. While the Internet infrastructure company complies with targeted blocking orders related to the websites of its CDN customers, it believes that blocking domains on its 1.1.1.1 DNS resolver goes a step too far. Website blocking has become an increasingly common anti-piracy tool around the globe. In dozens of countries, ISPs have been ordered by courts to block pirate sites. In some cases, these blocking efforts are part of voluntary agreements. Cloudflare ‘Pirate’ Blocking Orders In the United States, these types of injunctions are rare. However, since the Internet has no clear borders, the effects sometimes spill over. The American Internet infrastructure company Cloudflare, for example, has been ordered to block pirate sites in Germany and Italy. This week, Cloudflare published its latest transparency report covering the second half of 2021. The company explains that after weighing the potential impact on freedom of expression, it generally complies with blocking orders that target websites operated by its CDN customers. These blocking efforts are not global. Instead, Cloudflare only blocks access to the location from where an order originates. These sites include DDL-Music in Germany and nearly two dozen sites in Italy. “If we determine that the order is valid and requires Cloudflare action, we may limit blocking of access to the content to those areas where it violates local law, a practice known as ‘geo-blocking’,” Cloudflare explains in its transparency report. Target: DNS The aforementioned blocking orders apply to the websites of Cloudflare customers. However, Cloudflare also operates a DNS revolver that is the target of a newer anti-piracy campaign. DNS resolvers are the address books of the web. They link domain names to the correct IP addresses to make these accessible through a web browser. They are a key component of a well-functioning Internet. Interestingly, these DNS servers are often used by ISPs to comply with site-blocking orders. By removing a domain from the address book, users are unable to load the site in question. This is a relatively simple blocking method that’s easy to circumvent by using an external DNS resolver, such as the ones provided by Google, OpenDNS, Quad9, or Cloudflare. For this reason, DNS resolvers have become the target of blocking requests as well. In Germany, Quad9 was previously ordered to block a pirate site through its DNS resolver following a complaint from Sony. Similarly, in Italy, a court ordered Cloudflare to block several pirate site domains on the DNS level. Cloudflare Opposes 1.1.1.1 Blocking In its transparency report, Cloudflare makes a clear distinction between blocking requests that target its customers’ websites and those that apply to DNS functionality. DNS blocks can target any website on the web and are not easy to restrict geographically, the company writes. “Because such a block would apply globally to all users of the resolver, regardless of where they are located, it would affect end users outside of the blocking government’s jurisdiction. “We therefore evaluate any government requests or court orders to block content through a globally available public recursive resolver as requests or orders to block content globally,” Cloudflare adds. Cloudflare doesn’t want to meddle with its DNS resolver, which puts the company in a tough spot that requires a creative solution. The company says that, thus far, it hasn’t actually blocked content through the 1.1.1.1 Public DNS Resolver. Instead, it relies on an “alternative remedy” to comply with the Italian court order. “Given the broad extraterritorial effect, as well as the different global approaches to DNS-based blocking, Cloudflare has pursued legal remedies before complying with requests to block access to domains or content through the 1.1.1.1 Public DNS Resolver or identified alternate mechanisms to comply with relevant court orders.” The above clearly shows that the company is determined to fight DNS blocking orders in court. And even if it loses, Cloudflare will seek alternative solutions. What these alternatives entail is not clear, but Cloudflare likely has the know-how to find a technical ‘circumvention’ mechanism. — A copy of Cloudflare’s H2 2021 Transparency Report is available here (pdf) Cloudflare Vows to Fight Global 1.1.1.1 DNS Blocking Orders
  5. Cloudflare suggests that it made a mistake by terminating the accounts of The Daily Stormer and 8Chan. These decisions made it harder for the company to defend itself against overbroad termination requests and invited a wave of follow-up demends, from activists to copyright holders. This isn't a position Cloudflare wants to be in. In 2017, Cloudflare CEO Matthew Prince decided to terminate the account of the controversial neo-Nazi site Daily Stormer. “I woke up this morning in a bad mood and decided to kick them off the Internet,” he wrote at the time. The company’s lawyers later explained that the move was meant as an “intellectual exercise” to start a conversation regarding censorship and free speech on the internet. However, external parties took this discussion in a different direction than the one Prince had planned. For years, Cloudflare had a policy not to remove any accounts without a court order, so when it kicked out Daily Stormer and later 8Chan as well, eyebrows were raised. For example, copyright holders wondered why the company could terminate these accounts but not those of the most notorious pirate sites. Cloudflare’s seemingly arbitrary termination choices were repeatedly cited in policy discussions and copyright litigation. In addition, it triggered an ongoing wave of termination requests. Over the past few days, Cloudflare found itself in the midst of a ‘cancel’ discussion again, with people calling on the company to disconnect the harassment-linked forum Kiwi Farms. This prompted Matthew Prince to clarify the company’s stance on offensive, abhorrent, and copyright-infringing content. No More Voluntary Terminations The company makes a clear distinction between the various services it offers. When Cloudflare is the primary hosting platform it leaves plenty of room for voluntary terminations. For its CDN, security, and core Internet infrastructure services, voluntary actions will no longer happen. This strict line in the sand is the result of discussions with policymakers worldwide. Cloudflare sees itself as an Internet utility that should remain as neutral as possible, even when its customers do despicable things. “Just as the telephone company doesn’t terminate your line if you say awful, racist, bigoted things, we have concluded in consultation with politicians, policy makers, and experts that turning off security services because we think what you publish is despicable is the wrong policy. “To be clear, just because we did it in a limited set of cases before doesn’t mean we were right when we did. Or that we will ever do it again,” Prince adds, referring to the earlier terminations. Wave of Requests While many people applauded Cloudflare for booting out The Daily Stormer and 8Chan, these decisions were actively used against the company. Not just by copyright holders, but also by authoritarian regimes. “In a deeply troubling response, after both terminations we saw a dramatic increase in authoritarian regimes attempting to have us terminate security services for human rights organizations — often citing the language from our own justification back to us.” As we suggested back in 2017, Cloudflare essentially handed out free ammunition to adversaries, who could use the voluntary terminations as an argument to request more restrictions. That includes kicking out pirate sites. Cloudflare is clearly uncomfortable with this position. The company stresses that voluntary terminations will no longer happen for sites that use its CDN or security services. Instead, those demanding action will need to get a court order. Slippery Termiation Slope In recent years various courts have already ordered Cloudflare to block pirate sites. The company has complied with these orders. However, it vows to fight cases where core infrastructure is at play with tooth and nail. This includes a recent order in Italy, that required the company to block pirate sites on its public DNS resolver 1.1.1.1. “Unfortunately, these cases are becoming more common where largely copyright holders are attempting to get a ruling in one jurisdiction and have it apply worldwide to terminate core Internet technology services and effectively wipe content offline,” Prince writes. These global injunctions would set a dangerous precedent, Cloudflare’s CEO says, as it would allow the most restrictive regimes to control what content should be available online. Preventing bad precedents is the prime reason why Cloudflare believes it is important not to intervene voluntarily in the future. “Holding this line we believe is fundamental for the healthy operation of the global Internet. But each showing of discretion across our security or core Internet technology services weakens our argument in these important cases.” In other words, Prince doesn’t want another Daily Stormer or 8Chan that can come back to haunt the company in the future. This means that The Pirate Bay and other pirate customers have little to worry about, at least for the time being. Cloudflare Rejects Role as Internet or Piracy Police
  6. After obtaining the broadest injunction ever seen in a US streaming piracy lawsuit, several media companies argued that Cloudflare should be held in contempt of court for non-compliance. Negotiations are now underway to end this dispute but it appears that can only be achieved if the court agrees to modify the injunction, which was previously described as a "power grab". When United King Film Distribution, DBS Satellite Services, and Hot Communication won copyright lawsuits against three pirate streaming sites in April, the court gave them everything they asked for. In addition to millions in damages against pirate streaming/IPTV platforms Israel-tv.com, Israel.tv and Sdarot.tv, the court handed down the broadest injunction ever seen in a US piracy case. The injunction banned every online service provider from doing any business with the pirate platforms and ordered residential ISPs to block their current domains and any that appear in the future. In hindsight, it was a case of being careful what you wish for, because you may just get it. With extraordinary power at hand, the media companies (all members of anti-piracy group Zira) began seizing domains but mysteriously asked the court not to enforce the requirement for residential ISPs to block the sites. It appeared that someone may have started to push back and after issuing all kinds of orders to a range of online entities, the situation began to deteriorate. After the plaintiffs asked the court to hold Cloudflare in contempt for not following their instructions, Cloudflare fired back with amicus curiae support from Google, EFF and CCIA. ‘Power Grab’ Injunction is Invalid The briefs submitted to the court are detailed but all agree that the injunction is impermissibly broad, lacking in detail, and contrary to Federal Rule of Civil Procedure 65 and the DMCA. Perhaps surprisingly, the plaintiffs continued to insist that they knew better. Last week they submitted documents to further support their expedited motion for a contempt ruling against Cloudflare. The filing included exhibits claiming to show that Cloudflare’s DNS servers were servicing four new domains allegedly deployed by one of the pirate sites after its other domains were seized. None of these domains were specifically listed in the injunction and as Cloudflare previously pointed out, any reading of the injunction that attempted to stretch it to cover new domains would violate fundamental limitations on the scope of available injunctive relief. Acting on the unsupported claims of the media companies with no judicial oversight is not an option, Cloudflare added. Then this week, a sudden and unexpected light appeared on the horizon. Broadest Piracy Injunction in the US Needs Adjustment In a joint status letter filed Tuesday and addressed to Judge Katherine Polk Failla, whose signature authorized the original injunction, the media companies and Cloudflare say that progress is being made. Following negotiations the parties say they have reached an agreement in principle to solve their differences. This will be achieved by addressing the core issues that led to the plaintiffs’ attempting to hold Cloudflare in contempt while addressing concerns raised by Cloudflare during a recent conference. The specific details are not being made available at this stage but as soon as the agreement is formalized, the plaintiffs say they will file a motion to amend the default judgment and permanent injunction handed down by the court on April 26. An amended order will be presented for the court’s approval. The plaintiffs say they will then withdraw with prejudice the pending motion for contempt against Cloudflare while reserving the right to file future motions to enforce the court’s original order or amended order, as appropriate. In turn, Cloudflare has agreed to withdraw its request for attorneys’ fees and costs incurred in responding to the plaintiffs’ motion for contempt. It will be of great interest to see how the amended injunction balances the interests of the plaintiffs with those of Cloudflare and, by extension, every other service provider affected by the original injunction. Update: The docket shows no indication that the agreement in principle is now a done deal but Judge Failla responded Wednesday as follows: “In light of the above status update, the Court hereby deems both Plaintiffs’ contempt motion and Cloudflare’s request for attorneys’ fees and costs to be withdrawn.” The plaintiffs’ declaration can be found here and the joint status report here (both pdf) Cloudflare & Media Companies Agree to Modify “Power Grab” Piracy Injunction
  7. After obtaining broad injunctions to take down pirate sites, Israel-based media companies accused Cloudflare of failing to take action, in contempt of court. Cloudflare has now fired back, describing the move as a legally unstable "power grab," but that's just the beginning. Overnight, Google, EFF, and industry group CCIA intervened to express concern over the scale of the injunctions. This April, United King Film Distribution, DBS Satellite Services, and Hot Communication (all members of Israel-based anti-piracy group Zira) won three copyright lawsuits against three pirate streaming sites. The operators of Israel-tv.com, Israel.tv and Sdarot.tv failed to appear, so the court held them liable for millions in statutory damages and signed off on an extremely broad injunction requiring every ISP in the country to block subscriber access to the sites. While that element was later suspended, the injunction also prohibits any company (ISPs, webhosts, CDN providers, DNS providers, domain companies, advertising services, financial institutions, payment processors) from doing any business with the sites, now or in the future. Early June, after seizing several ‘pirate’ domains, the plaintiffs’ informed the New York court that since Cloudflare had continued to service Israel.tv, it had failed to comply with the injunction and should be held in contempt of court. A timeline reported in our earlier article indicated that the plaintiffs’ allegations were likely incorrect, since they themselves had seized the domain around May 26. According to a 24-page response just filed by Cloudflare, the company appears to agree, but its opposition goes much further. Broad injunctions that attempt to deal with future ‘pirate’ countermeasures (such as domain changes) may seem reasonable to the plaintiffs, but this case shows that rightsholders can issue powerful orders without any due process or judicial oversight. Cloudflare: We Can’t Discontinue Service That Doesn’t Exist Our timeline linked above indicates that the Israel.tv domain was likely seized by the plaintiffs on May 26, meaning that it was no longer linked to the infringing activity mentioned in the injunction. In its response, Cloudflare confirms that on that same date, Israel.tv stopped using its services, meaning that there was no action it could take, i.e it’s impossible to withdraw services that aren’t being used. “Cloudflare cannot possibly be ‘in active concert or participation’ with Defendants [Israel.tv] with respect to copyright infringement or other prohibited acts on the Website, when no such acts are occurring. The Court should deny Plaintiffs’ Motion as moot on that basis alone,” Cloudflare writes. New Domains Aren’t Covered By The Injunction In addition to their complaints relating to Israel.tv, the media company plaintiffs go even further in their motion for contempt. They allege that five additional domains “associated with the infringing Website” were created and new accounts were opened with Cloudflare around May 22. Since the injunction covers “any domain address known today…or to be used in the future by the Defendants”, they believe that Cloudflare should take action when notified of these “Add-On Domains”. Cloudflare’s response states that none of the advised domains are plausibly covered by the injunction, and the unsupported bare claims of the media companies fail to convince otherwise. “Plaintiffs fail to provide a shred of evidence, or even any argument, that any of the Add-On Domains are connected to Israel.tv, or that they are owned or operated by Defendants or their agents. Any reading of the Injunction that attempted to stretch it to cover the Add-On Domains would violate fundamental limitations on the scope of available injunctive relief..,” the company’s opposition reads. Cloudflare says that under Federal Rule of Civil Procedure 65(d) and Section 512(j) of the DMCA, injunctive relief must be narrowly targeted to specific, identified defendants and their agents, and/or third parties in active concert or participation with such defendants. “None of those conditions are satisfied here,” Cloudflare notes. Describing the contempt motion as a “blatant attempt at a power grab” by media companies seeking to enforce an overbroad injunction, solely on their say-so, and without any due process or judicial oversight, Cloudflare says the motion “flies in the face of the law” and should be denied for violating basic legal principles. For clarity, Cloudflare says it reviewed its records for the new ‘Add-On Domains” and found that none match the subscriber information associated with Israel.tv. Big Tech Gets Involved After Cloudflare Was Singled Out Cloudflare’s opposition questions why the plaintiffs singled out Cloudflare for a motion of contempt, especially on an “emergency” basis when it was obvious the company hadn’t been servicing the domain for some time (due to the plaintiffs’ domain seizure), so was in effect already complying with the injunction. Those questions remain unanswered but new developments overnight indicate that, by obtaining such a broad injunction and then wrongly attempting to hold Cloudflare in contempt, plaintiffs United King Film Distribution, DBS Satellite Services, and Hot Communication have managed to stir up a Big Tech hornets’ nest in the United States. In a letter to Judge Katherine Polk Failla at the US District Court for the Southern District of New York, Google LLC says that it was identified in the injunction as a “vendor providing services” to Israel.tv and also as an ISP in the form of Google Fiber Inc. The big news is that Google is in talks with the media companies’ counsel in advance of a potential motion to either modify or dissolve the injunction. Google says that it does not want its services to be used to violate an injunction but, as they stand, the injunctions covering the three pirate sites are problematic in both scope and terms. “Google is not in active concert or participation with the activities of the Defendants, and for that reason cannot properly be bound by an injunction in these cases,” the company informs the Court. Google also holds the same position as Cloudflare, noting that under Federal Rule of Civil Procedure, injunctions need to “describe in reasonable detail…the act or acts restrained or required.” In this case the injunctions do not name the defendants (all were defaulting ‘Does’) so Google says it has no idea who it shouldn’t be doing business with. The ‘Add-On Domains’ are also a problem, since the injunctions “appear to contemplate additional domains being added simply based on the unsupervised say-so of counsel for Plaintiff.” Finally, the injunctions only describe general categories of behavior rather than specific activities with respect to specific, identified copyrighted works, a requirement under copyright law. “Google is discussing with Plaintiffs what voluntary action Google is willing to take to assist in effectuating this Court’s remedies against the Defendants, while taking into account Google’s concerns regarding both the proper scope of injunctive relief in this matter and the parties against whom such relief may be granted,” Google informs the court. EFF and CCIA Request Permission to File Amicus Curiae Brief Shortly after Google filed its letter, the Electronic Frontier Foundation (EFF) and Computer and Communications Industry Association (CCIA) requested permission to file an amicus curae brief. CCIA is a large tech advocacy group counting the likes of Amazon, Apple, eBay, Facebook, Mozilla, Nord Security, and Twitter among its members. Both EFF and CCIA are troubled by the injunction, noting that the plaintiffs requested a sweeping injunction that purports to bind “hundreds, perhaps thousands” of non-party internet communications businesses. “The injunction is impermissibly broad. It is contrary to both Federal Rule of Civil Procedure 65 and the Digital Millennium Copyright Act,” EFF and CCIA inform the Court. “It will cause collateral harm to numerous Internet services and their users by imposing unnecessary costs and compliance burdens. Plaintiffs’ motion for contempt against Cloudflare is likewise improper. It illustrates the harm that Plaintiffs can cause, and appear ready to cause, through the injunction.” Noting that an injunction cannot be a “blank check to fill in” with the details of any business that touches a defendant’s infringing materials, EFF and CCIA say that the plaintiffs have provided no “clear and convincing proof” that any non-party service provider, including Cloudflare, is “substantially intertwined” with the defendants and actively working with them to bypass the injunction. The proposed amicus brief broadly aligns with the concerns raised by Cloudflare/Google and highlights how injunctions that aim to be proactive (by covering new domains, for example) can have a chilling effect due to a lack of specificity. “Requiring service providers to actively detect and block websites that are not explicitly named in an order, on pain of contempt sanctions, would create a strong incentive for those service providers to preemptively block sites that show any appearance of being affiliated with an enjoined defendant, but in fact are not,” the brief adds. EFF and CCIA conclude by asking the Court to deny the motion of contempt against Cloudflare and “treat with skepticism” any future attempts by the plaintiffs to enforce the injunction against nonparty service providers. Cloudflare’s Opposition to Plaintiffs’ Motion for Contempt can be found here, Google’s letter here, and the EFF/CCIA proposed amicus brief here (all pdf) Big Tech Protests US Pirate Site Injunction “Power Grab” Against Cloudflare
  8. Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service (DDoS) attack, the largest HTTPS DDoS attack detected to date. The record-breaking attack occurred last week and targeted one of Cloudflare's customers using the Free plan. The threat actor behind it likely used hijacked servers and virtual machines seeing that the attack originated from Cloud Service Providers instead of weaker Internet of Things (IoT) devices from compromised Residential Internet Service Providers. According to Cloudflare, the attacker also used a rather small yet very powerful botnet of 5,067 devices, each capable of generating roughly 5,200 rps when peaking. "To contrast the size of this botnet, we've been tracking another much larger but less powerful botnet of over 730,000 devices," revealed Cloudflare Product Manager Omer Yoachimik. "The latter, larger botnet wasn't able to generate more than one million requests per second, i.e., roughly 1.3 requests per second on average per device. Putting it plainly, this botnet was, on average, 4,000 times stronger due to its use of virtual machines and servers. Record DDoS attack (Cloudflare) This is one of several massive volumetric attacks detected by Cloudflare throughout the last several years, with the company recording a short-lived HTTP DDoS attack that peaked at 17.2 million requests per second (rps) in August 2021. The company also mitigated a 15.3 million rps attack in April 2022 that used approximately 6,000 bots to target a Cloudflare customer operating a crypto launchpad. Also noteworthy is that the June and April attacks were volumetric attacks that used gigantic junk requests to exhaust the targeted server's resources (CPU and RAM) and were both carried out over HTTPS. "HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of establishing a secure TLS encrypted connection," Yoachimik explained. "Therefore, it costs the attacker more to launch the attack, and for the victim to mitigate it. We've seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale." The botnet used in this month's record-high 26 million rps DDoS attack generated over 212 million HTTPS requests within 30 seconds via requests from more than 1,500 networks in 121 countries worldwide. Microsoft also disclosed that it mitigated in November another massive and record-breaking 3.47 terabits per second (Tbps) DDoS attack that flooded servers used by an Azure customer from Asia with malicious packets. Cloudflare mitigates record-breaking HTTPS DDoS attack
  9. Successful lawsuits filed by several Israel-based media companies against three pirate streaming sites are proving tricky to wrap up. A US court previously issued orders for all ISPs to block the sites and instructed third-party service providers to cease doing business with them. The plaintiffs say that since Cloudflare is refusing to comply, the company should be held in contempt of court. Late April, three copyright lawsuits filed by United King Film Distribution, DBS Satellite Services, and Hot Communication ended in victory for the plaintiffs, all members of Israel-based anti-piracy group Zira. After failing to appear, default judgments were entered against pirate streaming sites Israel-tv.com, Israel.tv and Sdarot.tv, with each held liable for $7,650,000 in damages. United States District Judge Katherine Polk Failla also signed an extraordinary permanent injunction that in part required every ISP in the country to block subscriber access to the sites, including any new domains that might be deployed. While that element was later suspended following a surprise request from the plaintiffs, third-party service providers including Google, Facebook, Mastercard, Visa, PayPal, Namecheap, Apple, Amazon and Cloudflare were ordered to stop doing business with the sites, hand over documentation and, where applicable, freeze the defendants’ assets. Domain Seizures and Third Party Action We can confirm that several domains previously owned by the sites have been seized, including some that have never been used in connection with the infringing sites and others that were only used as information resources. Many display a message referencing the blocking injunctions while driving traffic to Screen IL, the official streaming portal connected to the plaintiffs. The extent to which all third-party service operators are complying with the injunction is unknown but in new filings at a New York court this week, the plaintiffs single out Cloudflare as especially problematic. Cloudflare is “Facilitating The Pirating Activities” of Israel.tv The plaintiffs say that in response to a subpoena dated February 1, 2022, Cloudflare provided information on March 28, 2022, revealing that a user related to the domain Israel.tv had opened an account on August 24, 2016. After the injunction was handed down, a copy was served on Cloudflare instructing it to stop providing services to the site. Follow-up emails on May 11 and 19 advised Cloudflare of its alleged non-compliance with the order but according to the plaintiffs, no responses were received. Then the situation began to escalate. On or around May 22, the plaintiffs say that five additional domains “associated with the infringing Website” were created and new accounts were opened with Cloudflare. “Thus, despite being served with the Order over a month ago, Cloudflare failed to comply therewith. Cloudflare is still providing services that enable Defendants’ infringing Website to operate, and permitted a user (or users) to establish at least five new accounts that configured the Website to use CloudFlare’s services through new domains,” the plaintiffs inform the court. “Connecting internet users to Israel.tv in this manner benefits Defendants and quite fundamentally assists them in violating the injunction because, without it, users would not be able to connect to Defendants’ site unless they knew the specific IP address for the site.” “Cloudflare Should Be Held in Contempt of Court” Describing their motion against Cloudflare as an emergency, the plaintiffs accuse the CDN company of facilitating Israel.tv’s streaming of pirated movies, TV shows, and sports programming, by turning a blind eye to illegal conduct. In summary they request an order holding Cloudflare in contempt of court for failing to comply with the injunction, an order compelling Cloudflare to comply, plus an award of attorneys’ fees and costs to cover the costs of the motion which, including declarations and other information, runs to dozens of pages. Cloudflare is yet to appear in the matter to present its case but information and documents obtained by TorrentFreak show that the situation is less than straightforward. Israel.tv, Cloudflare, and Domain Seizures Early May, Cloudflare advised the account associated with Israel.tv that in response to a subpoena, it had provided the data requested by the plaintiffs. That correspondence came with a note indicating that Cloudflare would not be shutting down the site. Before that, however, another event may have muddied the waters. On May 26, the domain registrar of Israel.tv advised that a Court order had been served on domain registry Verisign with instructions to move the domain to GoDaddy. Verisign complied with the order and shortly after a new website with the title ** Zira – This site is monitored by the FBI ** greeted visitors. Given that the legal processes against Israel.tv and the other sites are being conducted under civil law, the appearance of the official FBI seal on the plaintiffs’ landing page was surprising. Announcing the existence of an FBI investigation seems a little odd and the injunction made no mention of including the FBI seal on Zira’s landing page either. In any event, Israel.tv was transferred away from its former owner to GoDaddy on May 26 and later displayed the same ‘seized’ banner highlighted previously, i.e one without the FBI seal present. (Side note: Falsely representing FBI endorsement/authorization is a crime carrying up to a year in prison) This presumably means that the Israel.tv domain at the center of the complaint has been under the plaintiffs’ control since May 26, exactly one month after the April 26 order was issued and several weeks before this week’s motion to hold Cloudflare in contempt of court. Cloudflare’s position on the new domains that weren’t specifically mentioned in the injunction (but appear to be covered by it) is currently unknown. Documents in support of the plaintiffs’ contempt motion can be found here (1,2,3,4,5) Pirate Streaming Lawsuit Plaintiffs Want Cloudflare Held in Contempt of Court
  10. Cloudflare has announced a new technology called Private Access Tokens that allow you to validate visitors to your site are real, in a private manner. Operating systems will add support for this new technology including the upcoming versions of macOS and iOS and will eliminate the need to complete annoying CAPTCHAs. This should make mobile browsing more pleasant. Cloudflare outlined several benefits to PATs, for users it makes accessing sites less cumbersome, for web and app developers it lets you know the user is on an authentic device and signed application, and for Cloudflare customers, it’s simple to get started using PATs as there’s no setup required. Apple is one of the first major vendors to announce support for Private Access Tokens in iOS 16, iPadOS 16, and macOS 13. Luckily, other vendors are also expected to announce support in the near future so more people will be able to avoid CAPTCHAs in the future. On Cloudflare’s side, PATs have already been incorporated into its Managed Challenge platform so customers using this feature already support PATs on their website. Cloudflare said 65% of its customers already use Managed Challenge rather than the Legacy CAPTCHA as a response option in their Firewall rule. The next version of macOS was released as a beta for developers on Monday and a public beta is due in July. The upgrade will begin being offered to everybody in the fall. Cloudflare announces Private Access Tokens - verification without CAPTCHAs
  11. Cloudflare is urging the EU Commission not to turn its bi-annual piracy watchlist into a summary of copyright holder grievances and extralegal demands. The CDN provider's letter is a response to various rightsholder groups that called out the company for not doing enough to stop online piracy on its network. Following the example set by United States, the EU started publishing its very own piracy watchlist in 2018. The biannual ‘Counterfeit and Piracy Watch List’ is put together by the European Commission. As in the US, it is based on submissions from copyright holder groups that report on problematic sites and services. Rightsholders are happy to contribute. In addition to pointing out sites and services that blatantly engage in copyright-infringing activities, they also use the opportunity to request broader cooperation from third-party services. In some cases, this leads to concrete suggestions that go beyond what the law requires. Listing Anti-Piracy Demands For example, in their latest submission, music industry group IFPI suggested that third-party services should implement robust “know your customer” policies. This also applies to the popular CDN and proxy service Cloudflare. “CloudFlare should exercise due diligence in confirming who its customers are and establishing their proposed and actual activities,” IFPI wrote. Other rightsholder groups made similar suggestions. For example, the movie industry’s MPA stressed that online intermediaries such as CDNs, domain registrars and hosting companies, should stop offering their services to customers who are not properly verified. These are understandable requests from rightsholders, who can use every bit of information to track down the operators of problematic sites. However, these verification demands are not cemented in EU legislation, so services are not legally required to vet all customers. Cloudflare Asks the EU to Focus on ‘Illegal’ Acts That last point was also highlighted by Cloudflare, which sent a rebuttal to the EU commission after it was flagged by several rightsholders as a potential candidate for the piracy watchlist. The San Francisco company has millions of customers all over the world. These include governments and copyright holders but also many smaller sites that take advantage of the platform’s CDN and security features. In its rebuttal, Cloudflare supports the watchlist initiative. However, it urges the EU to keep the listed sites and services limited to those that actually appear to act against the law, not those who fail to comply with all copyright holders’ wishes. “The Commission should not issue a report – even an informal one – that is simply a mechanism for particular stakeholders to air their grievances that entities are not taking particular voluntary action to meet their concerns or to advocate for new policies.” Listing companies such as Cloudflare solely based on complaints from copyright holders could give the impression that the EU supports these allegations, the company argues. That could potentially impact ongoing legal discussions and policy debates. “Our view is that the Commission’s staff document and Watch List should be limited to Commission-verified allegations of illegal behaviour, based on principled and fair legal standards,” Cloudflare notes. ‘Verification is an Indirect Security Threat’ In addition to this broader criticism, the company also argues that some of the demands from rightsholders could prove to be problematic. For example, an extensive verification process would involve significant costs which could mean that the company is unable to maintain its free tier. As a result, smaller sites may lose the benefit of the free protection that’s offered, because they can’t afford to pay for the service. “Altering this online sign up process, which is consistent with existing law, to require manual review of new accounts would make it impossible to offer these free services at scale, degrading the Internet experience for all users and making much of the web more vulnerable to cyber attack,” Cloudflare writes. The CDN provider also stresses that it already goes beyond what the law requires to help rightsholders. For example, it works with “trusted notifiers” who can request the origin IP addresses of problematic sites, when these are flagged. These and other voluntary measures were previously highlighted in a separate submission to the US Government as well. According to Cloudflare, the company is showing its good will while operating in line with all applicable laws. Several of the rightsholder groups complaining about Cloudflare are also “trusted notifiers”. While this indeed helps to find out where sites and services are hosted, they believe it’s not enough. IFPI, for example, mentions that Cloudflare apparently does very little to address customers for which it receives a large volume of complaints. “[N]otices or requests for information under the ‘trusted flagger’ program should result in meaningful action vis-à-vis the customer. The program needs to feed into a repeat infringer policy, yet in the case of CloudFlare, there is no evidence that it does.” It is clear that copyright holders and Cloudflare have different takes on how to tackle the piracy problem. Whether the EU believes that this warrants a mention on the piracy watchlist has yet to be seen. Cloudflare was mentioned in the EU’s first watchlist in 2018, but was taken off the next version. If it’s up to the San Francisco CDN provider, it will stay off the list in future. “The Watch List is not the appropriate place for advocacy on new policies as to what online service providers should collect on their users,” the company writes. Cloudflare: EU’s Piracy Watchlist Should Focus on Illegal Acts, Not Copyright Advocacy
  12. The Pale Moon web browser runs into an infinite "checking your browser" loop on sites that use Cloudflare's browser integrity check feature. I confirmed the issue in the latest release versions of the Pale Moon browser. Some sites display the "checking your browser before accessing" page over and over again. There does not appear to be a way around this at the time of writing, and the issue is discussed in various places, including the official Pale Moon forum but also the Cloudflare support forum. The message that is displayed on the page that is reloading infinitely may differ, depending on how the site has implemented the functionality. SteamDB, a popular database site for the gaming platform Steam, displays the current message during browser integrity checks. It is unclear why the infinite loop is happening, as Cloudflare has not published an official statement. One user suggested that it could have something to do with the user agent that is revealed to sites when pages are loaded. Pale Moon includes reference to Firefox 68.0 in the user agent for compatibility purposes. Firefox 68.0 is an old version of Firefox, which was released in June 2019. The lead developer of the Pale Moon browser published a comment on Cloudflare's community website, stating that the browser was also identifying itself as Pale Moon all the time. Indeed, the latest version of Pale Moon identifies as such in the user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Goanna/5.0 Firefox/68.0 PaleMoon/30.0.1 Cloudflare's parser may object to the Firefox part, as that version is old and no longer maintained by Mozilla. It appears, from the discussion on the official site, that this issue may not get fixed. If that is the case, it would impact Pale Moon's compatibility on the Internet significantly. Pale Moon users could try and spoof the user agent to see if this gets them passed the check. Here is how that is done: Install the User Agent Status extension for Pale Moon and restart the browser. Click on the icon of the extension in the Status Bar, and replace the Useragent string with Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0. Note that you may need to adjust the string to follow the latest Firefox releases. Activate the "Set UA" button. The browser should pass Cloudflare's integrity check and the actual site should load fine. Fix Pale Moon browser not passing Cloudflare's "Checking Your Browser" verification
  13. Microsoft Edge could soon receive an integrated VPN service called the “Microsoft Edge Secure Network”. The VPN (Virtual Private Network) service would work very similar to commercial VPN services, but it could be deeply integrated within the Microsoft Edge browser. Microsoft seems ready to deploy the Microsoft Edge Secure Network service. The VPN service will be powered by Cloudflare. The company assures it permanently deletes the diagnostic and support data collected, every 25 hours. Some of the salient features of Microsoft Edge Secure Network Service: Encrypts connection: Encrypts internet connection to help protect user data from online threats like hackers. When using Microsoft Edge Secure network, user data is routed from Edge through an encrypted tunnel to create a secure connection, even when using a non-secure URL that starts with HTTP. This makes it harder for hackers to access browsing data on a shared public Wi-Fi network. Helps prevent online tracking: By encrypting web traffic directly from Microsoft Edge, Microsoft helps prevent users’ internet service provider from collecting browsing data like details about the websites users visit. Keeps user location private: Online entities can use user location and IP address for profiling and serving targeted ads. Microsoft Edge Secure Network lets users browse with a virtual IP address that masks users’ IP and replaces their geolocation with a similar regional address to make it more difficult for online trackers to follow users as they browse. Is free to use: Microsoft offers 1 gigabyte of free data every month when users sign into Microsoft Edge with their Microsoft Account. Microsoft Edge Secure Network Service isn’t available to all users yet. The Microsoft VPN service should be available in an upcoming version of the Edge browser. Once Microsoft rolls it out, a new menu entry will be available in the Hamburger menu located in the upper right-hand corner of the browser. It is important to note that users will need to sign in to their Microsoft account to use the VPN service. The feature will turn off automatically when the user closes the Edge window. Users will need to turn on Microsoft Edge Secure Network again for their next browsing session if they wish to use it. A shield icon will indicate if the service is active. As mentioned above, Microsoft is limiting the VPN service to 1GB data. The company hasn't mentioned any subscription model that could allow users to extend the service beyond the free data cap. Microsoft testing integrated VPN ‘Secure Network' in Edge powered by Cloudflare
  14. Cloudflare has revealed that it stopped dead in its tracks one of the largest HTTPS DDoS attacks on record originating from multiple countries. The firm said that the botnet was making 15.3 million requests-per-second (rps), making it the largest HTTPS DDoS attack it has witnessed against one of its customers. Cloudflare said that the target of the attack was a crypto launchpad company which aims to connect crypto projects with investors. The customer is on Cloudflare’s Professional plan and was defended by Cloudflare for the less than 15 seconds that the attack was going on. Other Cloudflare customers are automatically protected from this botnet too and no action needs to be taken. The largest attack that Cloudflare has ever run into was reported last August when a botnet performed a 17.2 million rps DDoS attack but this was carried out with HTTP traffic rather than HTTPS traffic which was used in the latest attack. Cloudflare said the use of HTTPS makes the attack more expensive for the attacker and the victim attempting to mitigate it. Cloudflare noted that this attack mostly came from data centres and that it’s noticing more attacks coming from cloud compute ISPs overall rather than residential network ISPs. This botnet involved 6,000 unique bots and originated from 112 countries around the world. The countries which hosted the most bots included Indonesia, Russia, Brazil, India, Colombia, and the United States. The attack came from over 1,300 networks with top ones including Hetzner Online GmbH, Azteca Comunicaciones Colombia, and OVH. Cloudflare reports that it has blocked one of the largest HTTPS DDoS attacks ever seen
  15. Cloudflare's Speed Test promises better performance insights Cloudflare launched Speed Test some time ago; it is an online service that tests various networking related parameters such as the download speed, latency, or jitter. Speed tests are a dime a dozen on the Internet, and it is probably a good idea to start with Cloudflare's explanation as to why it launched its own Speed Test on the Internet. According to Cloudflare, it is all about the insights that its Internet speed test provides. Although there are a slew of speed testing tools out there, none of them give you precise insights into how they came to those measurements and how they map to real-world performance. With speed.cloudflare.com, we give you insights into what we’re measuring and how exactly we calculate the scores for your network connection. Best of all, you can easily download the measurements from right inside the tool if you’d like to perform your own analysis. Note: Performance data is collected and anonymized according to Cloudflare, but it is not sold. The company uses the data to improve its network. The code that Cloudflare uses is available on GitHub. Cloudflare Speed Test The speed test works similarly to other speed tests, e.g. Netflix Fast, in that it runs the measurements automatically when you connect to the site. The test takes a moment to complete as it will perform a number of operations including multiple file downloads. Cloudflare's announcement hints that Speed Test measures upload speed as well but disabled it because it received reports of incorrect measurements on "very fast connections". Speed Test displays the average download speed as well as the average latency and jitter at the top. There is also a graph that highlights performance over time. Below that is the device's IP address, and a map that displays the server location. The latency measurements and download measurements are provided as bar graphs and tabular data. Multiple tests are performed by Speed Test, and tables highlight each attempt and the measured performance. You may hover over i-icons and bars for additional information. The i-icons provide descriptions of the conducted tests for the most part while the bar overlays values such as min and max speeds. Interested users may download the speed data to the local system. A click on the download icon near the top downloads the data as a CSV file to the local system. You may open it in a compatible program, e.g. Microsoft Excel, afterwards. Closing Words Speed Test is a straightforward Internet performance testing service by Cloudflare that provides a good amount of information. Users may download the data to their systems and check out the code that Cloudflare uses. Some may have reservations against using Cloudflare's service because of the data collecting that is going on. Then again, most Speed Test sites appear to collect data, and some may even sell the data that they gather. Cloudflare's Speed Test promises better performance insights
  16. Cloudflare launches 1.1.1.1 For Families with filter support Cloudflare launched its DNS service back in 2018 (on April 1) to the public promising a fast, private, and secure service. The company promised that 1.1.1.1 would be privacy-friendly, that it would not sell user data or use it for targeted advertising, and revealed that the service would never log full user IP addresses and erase logs every 24 hours. A recently published audit by independent auditing companyKPMG uncovered some minor issues but backed up Cloudflare's claims. Yesterday, on April 1, Cloudflare announced an expansion of its DNS service called 1.1.1.1 for Families which adds new DNS Server IP addresses and filters to the service to block certain requests automatically. Users who used OpenDNS and some other DNS providers in the past may recall that these providers offered something very similar for quite some time already. Filtering functionality was the number one request from home users according to Cloudflare and the main reason why 1.1.1.1 for Families was created. 1.1.1.1 For Families 1.1.1.1 for Families comes in two different versions: the first blocks known malware requests, the second malware and adult requests. Here is the information required to use the new DNS servers on your devices: Malware Blocking Only Primary DNS: 1.1.1.2 Secondary DNS: 1.0.0.2 IPv6: 2606:4700:4700::1112 IPv6: 2606:4700:4700::1002 Malware and Adult Content Primary DNS: 1.1.1.3 Secondary DNS: 1.0.0.3 IPv6: 2606:4700:4700::1113 IPv6: 2606:4700:4700::1003 Cloudflare DNS without Filtering Primary DNS: 1.1.1.1 Secondary DNS: 1.0.0.1 IPv6: 2606:4700:4700::1111 IPv6: 2606:4700:4700::1001 The filtering is automated at this point in time; Cloudflare plans to introduce management options in the coming months to whitelist or blacklist sites, schedule filters for certain times of the day, and more. For now, the only option that you have to bypass filters, e,g. when a non-malware or non-adult site is blocked, is to switch the DNS service. How to set up 1.1.1.1 for Families Windows users may do the following to replace the current DNS provider with Cloudflare's: Use the keyboard shortcut Windows-R to open the run box. Type netcpl.cpl to open the Network and Sharing Center (note that this may not be available in the newest builds of Windows 10) If it is not available, right-click on the network icon in the System Tray and select Open Network and Internet settings. On the page that opens, click on "change adapter options". Right-click on the active connection and select properties from the menu. Double-click on "Internet Protocol Version 4 (TCP/IPv4) Switch to "Use the following DNS server addresses". Enter the primary and secondary DNS server in the respective fields. Close the configuration window. Pro Tip: You may also change DNS servers using PowerShell. Here is how that is done: Use Windows-X to display the "secret" menu. Select Windows PowerShell (Admin) from the menu to open an elevated PowerShell console. Confirm the UAC prompt. Run the command Get-NetIPConfiguration and note the value of InterfaceIndex of the Network Adapter that you are using (use other information, e.g. the InterfaceAlias value to identify the right interface if multiple are available). Modify the command Set-DnsClientServerAddress -InterfaceIndex 10 -ServerAddresses 1.1.1.2, 1.0.0.2 and run it afterward. Change the value after -InterfaceIndex to the right one on your device, and the IP addresses behind ServerAddresses to the desired DNS servers (first primary then secondary) Installation guides are available here for routers, Linux, Windows, and Mac. Cloudflare has created applications for Android and iOS that users may download to use the DNS service on their devices. You may use a program like Gibson's DNS Bechmark to test the performance of the servers. Source: Cloudflare launches 1.1.1.1 For Families with filter support (gHacks - Martin Brinkmann)
  17. Cloudflare’s WARP VPN is launching in beta for macOS and Windows It will be available to WARP+ subscribers first Cloudflare’s WARP VPN service began its life last year as a free add-on to the company’s 1.1.1.1 app — which itself is a DNS resolver application that promises faster internet — and was immediately popular. (There were, at one point in time, approximately 2 million people on its waiting list.) Today, the company announced in a blog post that it’s bringing WARP to macOS and Windows in beta. “While we announced the beta of 1.1.1.1 with WARP on April 1, 2019 it took us until late September before we were able to open it up to general availability,” writes Matthew Prince, the company’s CEO. “We don’t expect the wait for macOS and Windows WARP to be nearly as long.” The beta will be available first to WARP+ subscribers — who pay to use Cloudflare’s Argo network, which makes their internet speeds even faster — with invites sent out sometime in the next few weeks. “The WARP client for macOS and Windows relies on the same fast, efficient Wireguard protocol to secure Internet connections and keep them safe from being spied on by your ISP,” Prince writes. “Also, just like WARP on the 1.1.1.1 mobile app, the basic service will be free on macOS and Windows.” Linux support, he says, is coming soon. Source: Cloudflare’s WARP VPN is launching in beta for macOS and Windows (The Verge)
  18. Cloudflare Page Shield: Early warning system for malicious scripts Cloudflare has released a new feature that aims to protect websites from Magecart and other malicious JavaScript-based attacks. A typical cyberattack is introducing malicious JavaScript onto a website to redirect visitors to malicious sites, display phishing forms, exploit vulnerabilities, and steal submitted payment information. To introduce malicious scripts on a website, threat actors will commonly add the malicious inline JavaScript to the web page, add an external malicious JavaScript dependency file under their control, or compromise an existing third-party script in a supply-chain attack. When JavaScript is loaded from an external location as a dependency, in many cases, they go unnoticed for a long time, especially when there is no outward change in a site's user experience. For example, Magecart attacks are conducted by introducing malicious JavaScript that steals credit card information submitted on a website. As this data is quietly transmitted to a remote location and purchases continue, as usual, users will not notice anything strange that they should report to the site. Due to this, Magecart attacks can quietly steal credit cards from visitors for many months, if not years, before they are detected and resolved. Page Shield to protect against malicious scripts Today, Cloudflare announced a new security feature called Page Shield that will detect attacks in end-user browsers caused by malicious JavaScript dependencies. "Our mission is to help build a better Internet. This extends to end-user browsers, where we’ve seen an alarming increase in attacks over the past several years. With Page Shield, we will help applications detect and mitigate these elusive attacks to keep their user’s sensitive information safe," Cloudflare announced today. With today's unveiling of Page Shield, Cloudflare is starting with a 'Script Monitor' tool that will report to Cloudflare every time a visitor on a protected site executes a JavaScript dependency file in their browser. Using these reports, Cloudflare will build a history of known scripts utilized on the site. When a new one is detected, alert the website administrator so they can investigate further. Script monitor detecting new JavaScript dependencies Using the Script Monitor, web admins can spot suspicious JavaScript files being loaded by visitors on their sites and quickly investigate whether they are malicious. While a good start, this does not protect visitors from existing JavaScript dependencies that have been modified in a supply-chain attack. For example, if a site has historically loaded a JavaScript file from https://www.example.com/js/harmless.js and a threat actor modified that file on example.com, Script Monitor would not detect the change, and the malicious code would be allowed to execute in a supply-chain attack. In the future, Cloudflare states that they plan on adding additional features that will issue alerts when the content of a script has changed of contains malicious signatures. Overall, this is an exciting tool for Cloudflare users to help detect if your site has been hacked to load malicious JavaScript files. However, this feature is only coming to Business and Enterprise subscriptions, and those in the Pro or Free services levels will not be able to benefit from the service. If you are interested in testing the new Page Shield feature, you can signup to join Cloudflare's beta test. Source: Cloudflare Page Shield: Early warning system for malicious scripts
  19. Cloudflare Doubts DMCA Takedown Company’s Fake Employee and Special Bots Cloudflare has faced quite a few copyright challenges in courts already, but a case filed by two wedding dress manufacturers is taking an unforeseen turn. At a Pennsylvania federal court, the CDN provider filed a motion to demand evidence from the companies' DMCA takedown partner, to find out more about a fake employee profile and its speedy takedown bots. Popular CDN and DDoS protection service Cloudflare has come under a lot of pressure from copyright holders in recent years. The company offers its services to millions of sites, some of which offer access to copyright-infringing material. Cloudflare prefers to remain a neutral service provider and doesn’t terminate clients based on DMCA notices. Instead, it forwards these to its customers, only taking action when it receives a court order. Repeat Infringer Lawsuit This stance is not appreciated by all rightsholders and in 2018 the service was taken to court over the issue. The case wasn’t filed by major entertainment companies, but by two manufacturers and wholesalers of wedding dresses. Not a typical “piracy” lawsuit, but it’s a copyright case that could have broad implications. In a complaint filed at a federal court in California, Mon Cheri Bridals and Maggie Sottero Designs argued that even after multiple warnings, Cloudflare fails to terminate sites operated by counterfeit vendors. This makes Cloudflare liable for the associated copyright infringements, they said. Cloudflare disagreed and both sides are now conducting discovery to collect evidence for an eventual trial. Among other things, the wedding dress manufacturers were asked to hand over detailed sales records. In addition, the CDN provider is also interested in the companies’ DMCA takedown partner XMLShop LLC. Cloudflare Wants DMCA Takedown Evidence Over the past few months, Cloudflare has tried to get further information on how XMLShop, which is also known as Counterfeit Technology, collects evidence for its takedown notices. These takedowns play a central role in the lawsuit and XMLShop and its employees could provide crucial information. Thus far, however, Cloudflare hasn’t been able to get what it wants. To resolve this issue, Cloudflare submitted a motion asking the court to compel the DMCA takedown company to comply with its requests for information. According to their filing, the company may be holding back important evidence. “Plaintiffs and XMLShop, who use the same counsel, appear to be using XMLShop’s status strategically as a ‘non-party’ to conceal relevant documents from Cloudflare. The Court should reject their gamesmanship,” Cloudflare informed the court. After serving two subpoenas, the takedown company only produced one document, Cloudflare notes. Meanwhile, the publicly available information on the company is highly confusing or even misleading. Who Works at XMLShop? For example, Cloudflare would like to question XMLShop’s employees, but the company hasn’t handed over an employee directory or payroll log that would reveal who works at the company. “XMLShop has not been forthright about its operations, leaving Cloudflare in the dark as to who else may be a witness with relevant knowledge,” Cloudflare writes. According to XMLShop’s attorney, the company only has one employee named Suren Ter-Saakov, but this claim is contradicted by its own website and Linkedin. “XMLShop’s own public statements contradict its counsel’s statement. Its website boasts ‘a big team of professionals working in three offices, located in Ukraine, the United States, and Dominican Republic. “And a LinkedIn profile for an individual named Blair Hearnsberger represents that she or he is the CEO at Counterfeit Technology,” Cloudflare adds. Fake Profile According to the takedown company’s attorney, this profile is fake and Blair Hearnsberger does not actually exist, but Cloudflare is not convinced. Therefore, it hopes that the court will compel XMLShop to verify who works at the company and in what roles. In addition to finding information on possible employees, Cloudflare also requests further information on the software that Counterfeit Technology used to find infringing content. Special Takedown Bots? The wedding dress manufacturers claimed that their takedown partner “scours the internet with special bots designed to locate and identify the unauthorized use” but it’s unclear how this technology works. Cloudflare would like to assess the software to see how accurate it is, especially since the company states that it spends only 10 seconds sending notifications of claimed infringement to all traffic sources. “Its use — and the reliability — of that technology is at least relevant to the predicate allegations of direct infringement it asserts. It is also relevant to Cloudflare’s contention that it never received any notifications of claimed infringement from Counterfeit Technology that were valid,” Cloudflare writes. The CDN provider asked the court to compel XMLShop to produce the subpoenaed documents. In addition, XMLShop should be held in contempt for failing to obey the subpoena and ordered to pay the legal costs Cloudflare incurred to submit the motion. This week, XMLShop responded to the request stating that it has already produced everything it could. It views the remaining requests as incredibly broad, since these ask for “sensitive” trade secret information. It is now up to the court to make a final decision. — A copy of Cloudflare’s memorandum in support of its motion to compel XLMshop to comply with the subpoena is available here (pdf).. XMLShop’s response can be found here (pdf). Cloudflare Doubts DMCA Takedown Company’s Fake Employee and Special Bots
  20. Jime234

    Changing Mobile Data DNS

    Hi, I wanted to change the DNS of the Mobile Data of my Android Smart Phone. Its a simple process to Change DNS of WiFi but Mobile Data is just something else.. I've searched and tried some apps to change DNS but then I don't know it worked or not, there is no way to check ! Has anyone here tried it ?
  21. The internet infrastructure company wants to protect your inbox from targeted threats, starting with the launch of two new tools. Cloudflare, The internet infrastructure company, already has its fingers in a lot of customer security pots, from DDoS protection to browser isolation to a mobile VPN. Now the company is taking on a classic web foe: email. On Monday, Cloudflare is announcing a pair of email safety and security offerings that it views as a first step toward catching more targeted phishing attacks, reducing the effectiveness of address spoofing, and mitigating the fallout if a user does click a malicious link. The features, which the company will offer for free, are mainly geared toward small business and corporate customers. And they’re made for use on top of any email hosting a customer already has, whether it’s provided by Google’s Gmail, Microsoft 365, Yahoo, or even relics like AOL. Cloudflare CEO Matthew Prince says that from its founding in 2009, the company very intentionally avoided going anywhere near the thorny problem of email. But he adds that email security issues are unrelenting, so it has become necessary. “I think what I had assumed is that hosting providers like Google and Microsoft and Yahoo were going to solve this issue, so we weren’t sure there was anything for us to do in the space,” Prince says. “But what’s become clear over the course of the last two years is that email security is still not a solved issue.” Prince says that Cloudflare employees have been “astonished by how many targeted threats were getting through Google Workspace,” the company's email provider. That's not for lack of progress by Google or the other big providers on anti-spam and anti-malware efforts, he adds. But with so many types of email threats to deal with at once, strategically crafted phishing messages still slip through. So Cloudflare decided to build additional defense tools that both the company itself as well as its customers could use. On Monday, the company is launching two products: Cloudflare Email Routing and Email Security DNS Wizard. The tools let customers place Cloudflare in front of their email hosting provider, essentially allowing Cloudflare to receive and process emails before sending them through to the Microsofts and Googles of the world. This is somewhat similar to Cloudflare's long-standing role as a “content delivery network” for websites, in which the company is a proxy that can serve data or catch malicious activity as web traffic passes through. Cloudflare Email Routing makes it possible for individuals or organizations to manage an entire custom email domain, like @coolbusiness.com, from a single consumer email account, such as a personal Gmail address. The tool even lets you consolidate many addresses—[email protected], [email protected]—so they all forward to a single inbox. This way, small businesses in particular can get the benefits of a dedicated, custom email domain without having to manage a whole separate platform. The second tool, Security DNS Wizard, aims to make two email security features accessible for Cloudflare customers and easy to use. Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are two tools that are essentially a combination of caller ID and screening schemes for email: They aim to reduce email address spoofing by setting up public records that must match an email's sender information for the message to go through. This significantly reduces how easy it is for attackers to, say, send an email to employees that really looks like it comes from "Cool Business CEO." SPF and DKIM have been around for more than a decade, but they aren't ubiquitous, because they are difficult to set up without mistakes that can result in problems like legitimate emails getting lost. Cloudflare's goal with Email Security DNS Wizard is to make it easy for users to set up one or the other protection without any flubs. “These are both technologies that have been around for a long time, but the problem is they don’t get a lot of use, because they're extremely complicated and in some cases dangerous to set up,” Prince says. “We're hopeful that implementing this tech, making it easy, and making it free will dramatically expand the usage and decrease the amount of targeted phishing and domain abuse." Ultimately, Cloudflare plans to roll out a more comprehensive suite of services, called Advanced Email Security Suite, that will incorporate these two tools plus others. These initial offerings allow the company to get email flowing through its network, Prince says, so that it can study threats and patterns on a large scale. He adds that all Cloudflare email security products are carefully designed to leave crucial indicators intact for providers like Google and Microsoft. This way the tools aren't disrupting the important anti-spam and anti-abuse features that those services already have in place. And the goal is for existing Cloudflare offerings like browser isolation to work in tandem with the new email security features even when customers do click a bad link. As with many Cloudflare offerings, though, one byproduct of turning on these email security features is that customers will need to trust the company with their messages on top of all the other web data they already have flowing through Cloudflare. When asked whether there are privacy implications of this, Prince repeats what he has often said about Cloudflare's approach. “We think of customer data as a toxic asset. We don’t have a business around advertising, we don’t sell customer data,” he says. “We have privacy certifications and do external audits of our systems. But, yeah, we have to earn our customers' trust everyday." In a way, email is one of the last web security frontiers for Cloudflare. Whether customers are willing to share this final piece of themselves with the company will likely depend on how successful Cloudflare can be at making a dent in the very real, and maddening, risks that come with corporate email. Cloudflare Is Taking a Shot at Email Security (May require free registration to view)
  22. Copyright Holders Hold Cloudflare Liable for Failing to Terminate Repeat Infringers In a California court case, Cloudflare stands accused of failing to terminate customers repeatedly called out as copyright infringers. The case wasn't filed by Hollywood or the major record labels, but by two manufacturers of wedding dresses. They have now filed a motion for summary judgment, stating that the CDN provider could and should have done more to prevent copyright infringement. Popular CDN and Internet security service Cloudflare has come under a lot of pressure from copyright holders in recent years. The company offers its services to millions of sites. This includes multinationals, governments, but also some of the world’s leading pirate sites. Many rightsholders are not happy with the latter category. They repeatedly accuse Cloudflare of facilitating copyright infringement by continuing to provide access to these platforms. At the same time, they call out the CDN service for masking the true hosting locations of these ‘bad actors’. Cloudflare sees things differently. The company positions itself as a neutral service provider that doesn’t ‘host’ any infringing content and says it passes on information temporarily cached on its services. This means that if copyright holders report problematic URLs to Cloudflare, the company forwards the DMCA takedown notices to its customer. By doing so, Cloudflare is convinced that it operates in accordance with the law. Repeat Infringer Lawsuit That stance is not appreciated by all rightsholders and in 2018 the service was taken to court over the issue. The case wasn’t filed by major entertainment companies, but by two manufacturers and wholesalers of wedding dresses. Not a typical “piracy” lawsuit, but it’s a copyright case that could have broad implications. In a complaint filed at a federal court in California, Mon Cheri Bridals and Maggie Sottero Designs argued that, despite multiple warnings, Cloudflare failed to terminate sites operated by counterfeit vendors. This makes Cloudflare liable for the associated copyright infringements, they said. Cloudflare disagreed and filed a motion to dismiss. The company said that the rightsholders failed to state a proper claim, as the takedown notices were not proof of infringement, among other things. The California Federal Court disagreed, however, and allowed the case to move forward. Rightsholders Request Summary Judgment This ruling was good news for Mon Cheri Bridals and Maggie Sottero, which have now filed a motion for summary judgment. The companies argue that Cloudflare is liable for both direct and contributory copyright infringement, hoping to establish this as fact before trial. The wedding dress manufacturers explain that they sent Cloudflare numerous takedown notices. These notices identified allegedly infringing images that were hosted by Cloudflare’s subscribers and requested the company to take action to prevent further infringements. In response, Cloudflare forwarded these notices to its clients and their hosting providers, as is common policy. However, according to the rightsholders, this is not enough. “Cloudflare did not investigate the alleged infringement, did not request any information from its customers, did not remind its customers of Cloudflare’s infringement policy or threaten any type of disciplinary action […] and did not do anything to evaluate whether its customer was indeed engaged in infringing activities. “It did not matter whether Cloudflare received 1, 101, 10,000, or 1,000,000 infringement notices concerning a domain client – its response and handling of the complaints was always the same,” the dress manufacturers add. Cloudflare believes that it’s following the law. In the past, the company stressed that it doesn’t store any infringing material on its servers, so forwarding the notices is sufficient. “Cloudflare Can and Should Take Action” The wedding dress manufacturers clearly disagree and claim that the CDN provider could and should have taken simple steps to prevent infringements “[A]fter receiving numerous notices of infringement implicating a website client, Cloudflare could have taken simple measures to prevent further infringement, including evicting the infringing content from its cache servers and terminating caching services until the website proves compliance with Cloudflare’s anti infringement policies,” the companies write. “And while Cloudflare may not have control over the infringing content on a website’s origin host servers, it can and should do its part to curb infringement by not permitting repeat infringers to use its services to more effectively and quickly distribute infringing material to consumers in the United States.” With the motion for summary judgment, the copyright holders ask the court to rule that, because it failed to act, Cloudflare indeed is liable for the repeat infringements of its customers. If that is the case, the only remaining issue will be the scale of the damages claim. Potential for Broad Implications Cloudflare will likely disagree with these allegations but, at the time of writing, it has yet to respond in court. Previously, Cloudflare scrutinized the practices of the wedding dress manufacturers’ DMCA takedown partner, while describing the notices as invalid. This isn’t the first time that the repeat infringer issue has come up in US courts. Several movie companies successfully sued ISPs that failed to take action against repeat infringers. These ISPs didn’t host any copyrighted material either. While the present case doesn’t directly involve any pirate sites, it could have potentially far-reaching consequences. If the court rules that Cloudflare’s current policy is insufficient, it could be required to take stricter action against other sites as well. — A copy of the motion for summary judgment, submitted at a California Court by Mon Cheri Bridals and Maggie Sottero Designs, is available here (pdf) Copyright Holders Hold Cloudflare Liable for Failing to Terminate Repeat Infringers
  23. Cloudflare DNS’s service has had an important impact on the internet. Here is why it is such a major contributor in the fight for privacy and freedom. On the day when people like to make a fool of each other, Cloudflare launched a service which seemed unbelievable at first. Not because of the features it offered, but because it was launched on a day when most companies would announce fake products in a humorous intention. Cloudflare announcement too, frankly speaking, seemed like one, but it wasn’t so. On 1st April 2018, Cloudflare announced its own DNS service called 1.1.1.1. At first, it seemed just like another DNS service. But Cloudflare made huge improvements to make it among the top DNS services out there. What is DNS? DNS, meaning Domain Name System, is like an address book of the internet. Simply put, all sites on the internet run on a server. Those sites running on individual servers are allotted a specific IP address. That IP address is like a house number on a road. You can read it, but you do not know which road or the area house is located at. This is where an address book comes. It tells you where the house is, so that you can reach. Similarly, when one types an internet site’s address inside their browser, like this site ourdigitech.com for example. A DNS service is contacted by your computer or a mobile and it is asked where this site is. It tells your browser the IP address of the site and leads you to it. All this is done in a fraction of the seconds. Milliseconds to be precise. This makes it very important that the DNS server is not only near you but also fast, so that your browsing is done quickly. Cloudflare plays a very important role here. Cloudflare’s importance Cloudflare’s server locations. Cloudflare’s main product is its CDN, that is, content delivery network service. What a CDN service does is that it makes copies of the sites on the internet and stores it locally near you and on many servers worldwide. Cloudflare is among the top CDN services out there. It has its servers situated in almost every part of the world. This allows Cloudflare to leverage its CDN network to provide DNS services. Allowing it to be quick to contact and deliver. Enter 1.1.1.1 and WARP When Cloudflare originally announced it’s DNS service, the DNS requests were mainly served by two players. One, whatever DNS service your internet service provider (ISP) chose and second, Google DNS. While at start 1.1.1.1 was just like Google DNS – bare-bones. It was not much quick either. But that soon change. A year later, on the same day, Cloudflare announced a VPN service called WARP. It’s a type of VPN service which basically encrypts your traffic on the internet. The problem with DNS protocol was that it was designed decades ago without encryption in mind and that is why normally it is not encrypted, allowing to anyone to spy on you – that is, look at which sites you are opening and also prevent you from accessing that site. This is especially the case with the ISPs which actively stops you from accessing some sites. WARP intended to circumvent that by encrypting the information between you and the DNS provider. Allowing not only privacy, but also freedom of browsing a free uncensored internet. While it is true that WARP is known to have some problems starting up, as mentioned by the reviewers on it’s Android app page, it’s still a great service when it works correctly. More improvements Since then, Cloudflare has come up with many upgrades to it’s service. Like offering DNS over HTTPS (DoH) and DNS over TLS (DoT) – both of which are intended to encrypt the connection between you and the Cloudflare’s DNS service, to collaborating with various browsers to include build-in support for the DoH inside them. It is important to mention that Google’s DNS service started offering DNS over TLS only a year after Cloudflare. Cloudflare has also started a special version of it’s DNS service which allows people to prevent either adult content or malware or both from being accessed. Allowing a secure internet for everyone. Other DNS providers and alternatives Meanwhile, since the launch of Cloudflare’s 1.1.1.1, a lot of DNS providers have appeared or upgraded themselves. Google DNS remains the top DNS provider out there, simply because it is the fastest one out there and not many can match the power of Google’s network. There is also another DNS provider around called NextDNS, which offers a lot of features like DoH, DoT, extensive security options, privacy and tracking protection, parental control, deny and allow list, logs and many other things, possibly unmatched by any other provider out there. The problem is that it’s free plan’s extra features are limited to 300,000 queries per month. This is unlike Google DNS and Cloudflare’s DNS, which are by and large completely free, albeit without many features While it’s true that there are many good DNS providers out there. But Cloudflare remains our favorite of them all. Cloudflare’s DNS Service 1.1.1.1 Turns 4: How It Changed The Internet
  24. Cloudflare has defeated a lawsuit from two wedding dress manufacturers that accused the company of failing to terminate the accounts of repeat copyright infringers. According to a California federal court, neither Cloudflare's CDN service nor its IP-address obfuscation system materially contribute to the alleged copyright infringements of its customers. Popular CDN and DDoS protection service Cloudflare has come under a lot of pressure from copyright holders in recent years. The company offers its services to millions of sites, some of which provide access to copyright-infringing material. Cloudflare prefers to remain a neutral service provider and doesn’t terminate clients based on DMCA notices. Instead, it forwards these to the hosting providers of its customers, only taking action when it receives a court order. Repeat Infringer Lawsuit This stance is not appreciated by all rightsholders and in 2018 the service was taken to court over the issue. The case wasn’t filed by major entertainment companies but by two manufacturers and wholesalers of wedding dresses. Not a typical “piracy” lawsuit, but it’s a copyright case that could have broad implications. In a complaint filed at a federal court in California, Mon Cheri Bridals and Maggie Sottero Designs argued that even after multiple warnings, Cloudflare failed to terminate sites operated by counterfeit vendors. This makes Cloudflare liable for the associated copyright infringements, they said. After a thorough discovery process, both sides submitted motions for summary judgment at a California federal court a few weeks ago. The wedding dress manufacturers argued that Cloudflare should have done more to stop pirates, while the CDN provider positioned itself as a neutral service provider that simply passes on traffic. Court sides with Cloudflare This week, United States District Judge Vince Chhabria ruled on the motions, resulting in a clear win for Cloudflare. The Judge only needed three pages for a combined ruling on the motions from both sides. The ruling clarifies that, in order to establish that a defendant is liable for contributory copyright infringement, several boxes must be ticked. This includes a finding that Cloudflare materially contributed to infringing activities. While there is no disagreement that some of Cloudflare’s customers may have used copyright-infringing material, the court doesn’t believe that the CDN provider can be blamed for this. Caching is Not Infringement With regard to Cloudflare’s CDN service, where the company cached infringing material on its servers, Judge Chhabria concludes that mere copying is not sufficient to prove material contribution. “For example, the plaintiffs have not offered any evidence that faster load times (assuming they were faster) would be likely to lead to significantly more infringement than would occur without Cloudflare. “Without such evidence, no reasonable jury could find that Cloudflare ‘significantly magnif[ies]’ the underlying infringement,” Judge Chhabria adds. The court further points out that even if Cloudflare did remove the infringing material from its servers, it would remain available on the original sites. This means that the infringement wouldn’t stop. IP-Address Shielding is Fine In addition to the catching feature of Cloudflare, the wedding dress manufacturers also argued that the CDN provider makes it harder to police copyright-infringing material as it shields the IP-address of copyright-infringing sites. Again, the court was not convinced, noting that IP-address obfuscation doesn’t make a difference to people who visit the infringing sites. Furthermore, Cloudflare forwards all infringing notices it receives to the appropriate hosting provider. As such, Judge Chhabria sees no evidence that Cloudflare makes it harder to go after pirate sites. “If Cloudflare’s provision of these services made it more difficult for a third party to report incidents of infringement to the web host as part of an effort to get the underlying content taken down, perhaps it could be liable for contributory infringement. “But here, the parties agree that Cloudflare informs complainants of the identity of the host in response to receiving a copyright complaint, in addition to forwarding the complaint along to the host provider,” the Judge notes. The ruling is an important victory for Cloudflare. Although wedding dresses are a relatively niche topic, many of the arguments in this lawsuit also apply to traditional pirate sites, which Cloudflare serves as well. — A copy of United States District Judge Vince Chhabria’s ruling on the motions for summary judgment is available here (pdf) Cloudflare Defeats “Repeat Infringer” Copyright Lawsuit in US Court
  25. Cloudflare has booked a partial victory in a piracy lawsuit filed by several models whose photos leaked online. The CDN provider previously offered its proxying service to the now-defunct website 'Thothub'. The court agreed with Cloudflare that there's no evidence for direct infringement, but the contributory copyright infringement claim remains intact. Earlier this year Texas-based model Deniece Waidhofer sued Thothub for copyright infringement after the site’s users posted many of her ‘exclusive’ photos. While Cloudflare isn’t new to copyright infringement allegations, this case has proven to be more than a nuisance. The company previously countered the claims with a motion to dismiss but Waidhofer and her legal team didn’t back off. In an amended complaint some of the most egregious allegations against Cloudflare, including the RICO conspiracy, were dropped. However, the copyright infringement claims remained and with two new cosplay models joining the action, the list of defendants expanded. Cloudflare denied these new allegations and submitted a motion to dismiss the copyright infringement claims. In addition, the company filed a separate motion for sanctions, accusing the defendants of fabricating a fatally flawed ‘infringement’ theory. Court Hands Down Mixed Order This week, US District Court Judge Fernando M. Olguin reviewed Cloudflare’s motion and released a mixed order. Judge Olguin dismissed the direct copyright infringement claims against Cloudflare but denied the motion to dismiss the contributory copyright infringement allegations. The three models argued that Cloudflare directly infringed their rights by making copies of the copyrighted works on its servers and deliberately marketing its service to pirate sites. After reviewing the arguments from both sides, Judge Olguin concluded that the direct copyright infringement claim is ungrounded. Even if Cloudflare temporarily stored the infringing material, the models don’t allege any “volitional” conduct. In a copyright infringement context, volitional conduct refers to a causal link. This means that Cloudflare’s actions should be the cause of infringing activity. That didn’t become apparent from the models’ complaints. No Direct Infringement (for now) This failure to include a causal link also applies to other direct copyright infringement allegations. This includes the suggestion that Cloudflare marketed its service to pirate sites. Again, this claim wasn’t backed up properly. “In short, plaintiffs have failed to sufficiently allege that Cloudflare engaged in volitional conduct. The court will thus dismiss plaintiffs’ direct infringement claim with leave to amend,” the court rules. This means that Cloudflare has defeated the direct copyright infringement claims, for now. The models are allowed, however, to file an amended complaint to fix the shortcomings that were highlighted by the court. Contributory Infringement Remains Cloudflare further asked the court to dismiss the contributory copyright infringement claims. According to the models, the CDN provider knew that infringing material was being made available using its system but failed to “take simple measures” to prevent further damage. These allegations were heavily contested by Cloudflare but, for now, the court believes that the facts presented in the complaint are sufficient to move the case forward. “Although Cloudflare challenges the veracity of the allegations in the [first amended complaint], on a motion to dismiss, the court must accept the factual allegations of the complaint as true,” the court concludes. There were more setbacks for Cloudflare, as the court also denied its request to sanction the models and their legal team. The company accused the rightsholders of including unsubstantiated and false claims. However, the court believes that this type of request can be considered at a later stage. Thothub Operators and Advertisers The piracy claims are limited to Cloudflare. The advertising company MultiMedia, also known as Chaturbate, is also listed as a defendant. The court granted MultiMedia’s motions to dismiss the contributory copyright claims, also with the option to amend. The RICO claims against the advertiser are dismissed with prejudice, but unfair competition claims remain intact. Finally, the models failed to identify the “Does” behind the Thothub site, so all claims related to the site’s alleged operators have been dropped from the lawsuit. — A copy of Judge Olguin’s order on the motions to dismiss and the motion for sanctions is available here (pdf) Cloudflare Books Partial Victory in ‘Thothub’ Piracy Lawsuit
×
×
  • Create New...