Site-blocking is controversial and has been right from the beginning. The idea that powerful companies could gain authority from the courts to interfere in residential access to the internet, was initially dismissed as insane.
In time, those who protested the loudest were the ones dismissed as deluded. Their warnings, that handing internet blocking powers to rightsholders would eventually end in disaster, were subsequently dismissed by governments and national courts all around Europe. Politicians often dismissed these concerns, citing safeguards and suggesting such problems were impossible.
If the events of the past week are connected, as the evidence suggests, Spain faces a significant problem. While some may call for intervention to de-escalate the situation, this could be a missed opportunity to address the underlying issues.
A Week of Disruption at ISPs
To prevent piracy, Spain’s top football league LaLiga has permission from the courts to compel ISPs, including Movistar and DIGI, to block access to pirate sites. For roughly a week, customers of Movistar and DIGI have been complaining that seemingly random sites were refusing to load for no obvious reason. Tests conducted on mobile phones, however, showed no problems.
Some pointed out that Cloudflare might be the root of the problem, since the platform had been identified as the common denominator in all instances of sites refusing to load. That claim also faced challenges. Cloudflare was working just fine for some sites, but not for others. A growing consensus suggested that the problems only affected a specific Cloudflare IP address or addresses.
The situation was worsened by the ISPs’ apparent lack of information; they provided no useful responses about the cause of the problems or when they might be resolved. These telecommunications companies depend on their ability to provide communication services. The suggestion that they were unaware of the cause is highly unlikely.
Unconfirmed reports indicate that some complaining customers were given additional mobile data to access the blocked sites. As compensation for a technical issue, that might work. In reality, the ISPs likely knew more than they were giving away.
Cloudflare Customers Also Affected
In parallel, Cloudflare customers were reporting similar issues; more specifically, Cloudflare customers who are also customers of Movistar, or Cloudflare customers who run websites that customers of Movistar could no longer visit.
With no (initial) official response or announcement from Cloudflare, sysadmin @jaumepons posted a link on X showing how a tracert (or traceroute) launched from over 200 locations in Spain, from different operators, revealing significant issues with two specific ISPs.
“I leave you here a tracert to a Cloudflare IP launched from 230 different points in the country, from different operators. Then you go to “Results”, sort by operator “ASN” and you will see what those from @movistar are doing, and also @digimobil_es,” @jaumepons wrote.
Those interested are invited to check for themselves but the stream of red crosses in the ‘SUCCESS’ column shows that AS3352, registered to Movistar parent company Telefonica, had major connectivity problems. The fact that these issues did not affect all Cloudflare IP addresses complicated the situation but also strengthened suspicions of IP address blocking.
LaLiga ‘Deactivates’ DuckVision
When enforcement action shuts down pirate sites in the physical world, press releases tend to reference towns, cities, the number of officers involved, potentially the arrests of those who operate them, plus any evidence seized in the operation. When less typical words are used to describe a site’s demise, it’s worth considering whether ambiguity serves any purpose.
In an announcement published on the LaLiga website late Sunday, the country’s top football league led with the headline below.
Image credit: LaLiga
“LALIGA remains committed to fighting against audiovisual fraud and the consumption of illegal content through various initiatives and legal actions,” the announcement began.
“Now, thanks to the coordination of a specialized team, LALIGA has managed to deactivate DuckVision with immediate effect. This is a pirate platform that offered illegal access to live sports content, including the Spanish competition, to more than 200,000 people in Spain alone.”
Deactivate
The decision to use the word ‘deactivate’ rather than ‘shut down’ gains relevance when, seemingly out of nowhere, Cloudflare finds itself mentioned in the same breath.
“DuckVision consisted of a web application that invited people to download an Android app that had more than 200,000 active users in Spain during the month of January 2025, according to data.ai, and was covered by the service of the American technology company Cloudflare, which intentionally protects criminal organizations in order to make a profit.”
In the absence of ISPs making a clear statement, and previous comments that Cloudflare’s protection can’t be beaten, we can assume that DuckVision was dealt with differently. It wasn’t shut down, clearly, but it was ‘deactivated’ which sounds like a euphemism for blocking measures.
A less ambiguous statement wouldn’t have been difficult to put together. However, a reasonable person might get the impression that, since Cloudflare is considered part of the problem, and DuckVision’s IP addresses were successfully protected by Cloudflare, the only way to “deactivate” DuckVision was to block Cloudflare IP addresses.
While offering a potential explanation for the woes at Movistar, this theory still lacks confirmation that the two events are connected in any way. Or at least that was the case; not any more.
Telefonica, Movistar, and Cloudflare Break Silence
After declining Xataka’s request to explain connectivity problems at Movistar, Telefonica and Movistar have provided statements of sorts; hardly detailed but clearly enough to answer the big question.
“[A]s an operator we comply with any type of court order received regarding illegal content,” Telefonica said.
“[A]s an operator we comply with any type of court order received regarding illegal content,” Movistar said.
“As we have pointed out on previous occasions in this regard, DIGI respects and complies with court orders,” DIGI explained.
Cloudflare had much more to say and its testimony couldn’t be any more damning.
Cloudflare: LaLiga Understood Dangers, Went Ahead Anyway
Cloudflare’s statement in full (emphasis added):
Cloudflare provides security and reliability services to millions of websites, helping to prevent cyberattacks and make the Internet safer. Like virtually all major cloud service providers, Cloudflare uses shared IP addresses to manage its network, meaning that thousands of domains can be accessed with a single IP address.
Cloudflare has repeatedly warned about the consequences of IP blocking that fundamentally ignores the way the Internet works. Indeed, other governments in Europe have acknowledged these concerns and concluded that IP blocking violates net neutrality. Although LaLiga clearly understood that blocking shared IP addresses would affect the rights of millions of consumers to access hundreds of thousands of websites that do not break the law, LaLiga went ahead with the blocking. This appears to reflect a mistaken belief that its commercial interests should take precedence over the rights of millions of consumers to access the open Internet.
At the same time, Cloudflare regularly speaks with rights holders and policy makers about better ways to combat illegal piracy and online abuse. While Cloudflare cannot remove content from the Internet that it does not host, we have well-developed abuse processes in place to help by connecting rights holders with service providers who can take effective action. We will continue to push for rational solutions to combat illegal piracy that do not impact the rights of millions of Europeans to browse the Internet.
Cloudflare’s statement needs no explanation, but two issues deserve highlighting.
Massively Disproportionate, Deliberate Action
According to LaLiga’s statement, its target behind Cloudflare was a webpage with instructions on how to download an Android app. If that app was the means of accessing the content, that raises an important question;
When Cloudflare’s IP address was blocked, did that ‘deactivate’ both the app and the pirated content available through it? If not, blocking many innocent websites appears to have been weighed against the benefit of blocking an instructional web page.
Cloudflare’s suggestion this was done deliberately could make this a matter for the European Commission, at minimum.
Perhaps even more remarkable is the unwillingness of the ISPs to do anything, despite having the power to do so. The complication, of course, is that Telefonica and Movistar have licenses to distribute LaLiga content, and very little incentive to step in.
Ultimately, customers of Movistar have suffered the most as individuals. This means that a decision was made to block Cloudflare, in the knowledge that Movistar subscribers would face the most disruption, and then Movistar was instructed to carry out the blocking against its own customers.
As the court envisioned, apparently.
From: TF, for the latest news on copyright battles, piracy and more.
Readly gehört mit seinem großen Portfolio zu den beliebtesten Flatrate-Apps. Den Zugriff auf über 8.000 Magazine und Zeitungen gibt es jetzt zum Sonderpreis. (Unterhaltung & Hobby) 
Das HP Chromebook x360 mit Touchscreen und ChromeOS vereint Tablet- und Laptop-Funktionalität und ist für nur 229 Euro im Angebot. (
Trade Republic wirbt mit ungewöhnlich hohen Zinsen, der Bank werden irreführende Angaben vorgeworfen. Verluste sind möglich. (
Der Workshop der Golem Karrierewelt bereitet IT-Sicherheitsprofis gezielt auf die Rolle als BSI-Vorfall-Experte im Cyber-Sicherheitsnetzwerk vor - inklusive praxisnaher Übungen und Fallstudien. Jetzt zum Aktionspreis. (
You must be logged in to post a comment.