Internet service providers BT, Virgin Media, Sky, TalkTalk, EE, and Plusnet account for the majority of the UK’s residential internet market and as a result, blocking injunctions previously obtained at the High Court often list these companies as respondents.
These so-called “no fault’ injunctions stopped being adversarial a long time ago; ISPs indicate in advance they won’t contest a blocking order against various pirate sites, and typically that’s good enough for the Court to issue an order with which they subsequently comply.
For more than 15 years, this has led to blocking being carried out as close to users as possible, with ISPs’ individual blocking measures doing the heavy lifting. A new wave of blocking targeting around 200 pirate site domains came into force yesterday but with the unexpected involvement of a significant new player.
Cloudflare Blocks Pirate Sites “For Legal Reasons”
If piracy is rampant, in the UK pirate site blocking must qualify as rampant too. In the latest wave of blocking that seems to have come into force yesterday, close to 200 pirate domains requested by the Motion Picture Association were added to one of the longest pirate site blocking lists in the world.
The big change is the unexpected involvement of Cloudflare, which for some users attempting to access the domains added yesterday, displays the following notice:
As stated in the notice, Error 451 is returned when a domain is blocked for legal reasons, in this case reasons specific to the UK.
In response to a legal order, Cloudflare has taken steps to limit access to this website through Cloudflare’s pass-through security and CDN services within the United Kingdom.
Background: Cloudflare’s Blocking Policy
Before we take a look at the ‘legal order’ that prompted Cloudflare to take this action, Cloudflare’s blocking policy for copyright claims concerning its CDN and security services provides useful background information.
Because Cloudflare cannot remove content it does not host, other service providers are better positioned to address these issues. Among other things, any blocking by Cloudflare is of limited effectiveness, as a website will be accessible if it stops using Cloudflare’s network. Cloudflare therefore regularly pushes back against attempts to seek blocking orders.
Cloudflare notes that it may take steps to comply with valid orders if, among other things, “principles relating to proportionality, due process, and transparency” are upheld.
Whether Cloudflare pushed back here isn’t clear, but the information made available falls well short of that promised in the Error 451 notice.
Semi-Transparent and Still Lacking
With no central repository of blocking orders and no legal requirement to share details of injunctions with the public, transparency in the UK is mostly left to chance. Some orders make their way online, but there is no guarantee.
For those interested in finding out more about the order affecting Cloudflare, the company provides a link which promises to reveal “the party that requested it, and the authority that issued it.” The link directs to the Lumen Database, which publishes information effectively donated by companies such as Google and Cloudflare, for the purpose of improving transparency.
In this case there’s no indication of who requested the blocking order, or the authority that issued it. However, from experience we know that the request was made by the studios of the Motion Picture Association and for the same reason the High Court in London was the issuing authority.
To the general public, the information is just a short list of domains. If it wasn’t for the efforts of Lumen, Google and Cloudflare, the situation would be significantly less clear than that.
Look more closely and further issues become apparent. According to the sender of the original notice (a law firm representing the studios), an explanation of the court order can be found in “paragraph 1, paragraph 2, and Schedule 1 of the Order” but where that can be found isn’t made any more clear than the name of the issuing court.
Then there’s the date of the notice – February 22, 2024, well over a year ago – for blocking that we believe started just yesterday.
Dynamic Blocking=Limited Transparency
The list of 14 domains probably relates to a High Court blocking injunction obtained by the MPA pre-February 2024, but exactly when is more difficult to say.
The issue lies with dynamic injunctions; while a list of domains will appear in the original order (which may or may not be made available), when the MPA concludes that other domains that appear subsequently are linked to the same order, those can be blocked too, but the details are only rarely made public.
From information obtained independently, one candidate is an original order obtained in December 2022 which requested blocking of domains with well known pirate brands including 123movies, fmovies, soap2day, hurawatch, sflix, and onionplay. This leads directly to another unusual issue.
The notice linked from Cloudflare doesn’t directly concern Cloudflare. The studios sent the notice to Google after Google agreed to voluntarily remove those domains from its search indexes, if it was provided with a copy of relevant court orders. Notices like these were supplied and the domains were deindexed, and the practice has continued ever since.
That raises questions about the nature of Cloudflare’s involvement here and why it links to the order sent to Google; notices sent to Cloudflare are usually submitted to Lumen by Cloudflare itself. That doesn’t appear to be the case here.
Partially Effective at Blocking VPNs
When blocking measures are required, Cloudflare digs in when requests concern its public DNS resolver (1.1.1.1). To achieve a similar effect, Cloudflare uses another technique instead.
“In countries with laws that provide for blocking access to online content, Cloudflare may geoblock websites to limit access in the relevant jurisdiction to those websites through Cloudflare’s pass-through security and CDN services.”
Cloudflare appears to be using geo-blocking in the UK, as some VPN users will soon find out. In normal circumstances a VPN using a server in the UK will bypass ISP blocking no differently than a server located anywhere else in the world. Users attempting to gain access to domains currently blocked by Cloudflare, using a VPN server in the UK, will be greeted by Cloudflare’s Error 451 blocking notice instead.
Scale of Blocking Potentially Significant
Checking through the new domains blocked yesterday, something else becomes apparent; they appear in multiple blocking orders, not just the one highlighted above. We’re unable to check ~200 domains immediately but at least potentially, hundreds or even thousands of domains could be involved. And that may actually be a very good thing.
Domains blocked by Sky, BPI and others, don’t appear to be affected, at least as far as we can determine. All relate to sites targeted by the MPA, and the majority if not all trigger malware warnings of a very serious kind, either immediately upon visiting the sites, or shortly after.
At least in the short term, if Cloudflare is blocking a domain in the UK, moving on is strongly advised.
From: TF, for the latest news on copyright battles, piracy and more.
Es ist wohl aus zwei schwarzen Löchern entstanden, die miteinander verschmolzen sind. In der Theorie dürfte es das nicht geben. (Gravitationswellen, Wissenschaft) 
Bei Amazon gibt es derzeit einen gebogenen Gaming-Monitor mit 280 Hz zum Tiefstpreis und damit genauso günstig wie am Prime Day. (
Die USA steuern über den Luftwaffenstützpunkt bewaffnete Drohnen im Nahen Osten. Über die Duldung der Angriffe hat nun das Bundesverfassungsgericht entschieden. (
Der X-37B-Raumgleiter ist schon siebenmal im Weltraum gewesen. Seine Aufgaben sind streng geheim. Nun bekommt das Projekt eine Finanzspritze. (
Zumindest manchmal und mit der Strömung. Dann genügt die Leistung eines Solarfeldes an Deck für den Antrieb des Frachters. (
Bei Amazon gibt es derzeit ein interessantes Angebot zu einer gut ausgestatteten Taschenlampe von Blukar. Sie ist um 40 Prozent reduziert. (
You must be logged in to post a comment.