Author: Andy Maxwell

A report published by the European Commission last month assessed whether its Recommendation of May 2023 had made a difference in the fight against pirated streams.

No significant improvement” was the downbeat conclusion.

From the perspective of top-tier Spanish football league, LaLiga, new legislation is the only workable solution, and it needs to be implemented in Europe, sooner rather than later.

LaLiga Claims to Have Slashed Piracy in Half, Give or Take

At the same time as urgently calling for new legislation, LaLiga claims to have reduced piracy of its content in Spain by as much as 60%. This was achieved under existing legislation for the season that concluded at the end of the summer. A 40% reduction, the lower figure previously cited by LaLiga, would still be unprecedented.

Yet, in the context of LaLiga’s court-ordered authority, which permits aggressive blocking of almost any site or service facilitating access to pirate streams of its premium content, such results are not absolutely impossible, at least in measured short bursts. LaLiga regularly laments Cloudflare’s refusal to prevent piracy platforms from using its services and for every week that remains the case, Cloudflare IP addresses – utilized by pirates and regular customers alike – are blocked by Spanish ISPs.

LaLiga reports that in May 2025, 38% of piracy involving LaLiga content “was distributed through Cloudflare’s infrastructure.” So at least on paper and without considering circumvention and other factors, aggressive yet effective blocking of Cloudflare would in theory be sufficient to claim a ~40% reduction in piracy rates.

The problem, which has thus far proven impossible to solve, is how blanket denial of service to piracy platforms can be executed without subjecting innocent parties to the same fate.

Internet Private Security Guard

As Head of Web Application Protection at DDoS-Guard, a Russian Internet company providing protective online services, Dmitry Nikonov understands the importance of connectivity. Operating in broadly the same market as Cloudflare, DDoS-Guard has been paying close attention to the events playing out in Spain.

LaLiga’s legal authority allows it to block Cloudflare and in the event that DDoS-Guard’s services also become a concern, there would be no legal barrier to prevent it from being treated in much the same way. The consequences of non-compliance seem to have alarmed Nikonov.

“This is happening right now, in the fall of 2025, and the scale of this phenomenon is astonishing. It seems LaLiga is beyond control,” Nikonov writes in a column for Forbes Russia.

“LaLiga can essentially apply a ‘piracy’ mask to entire ranges of addresses, often affecting endpoints that are not directly related to illegal broadcasts.”

‘Private Regulation’ of the Internet

Nikonov believes the authority delegated to LaLiga should serve as a wake-up call for the global internet. He says that the authority to interfere with internet functioning has elevated the company to a powerful position; the big question is whether anyone can do anything about it.

“LaLiga is becoming a private regulator: not a state or an independent regulator, but a commercial organization that has delegated authority to interfere with network infrastructure. Football matches have become the pretext for a large-scale experiment on the internet, testing whether there is anyone to protect its freedom,” Nikonov says.

“If the football league has such powers today, then nothing will stop other major players from acquiring them tomorrow. We’re talking about media holdings, streaming companies, and corporations for whom content is not entertainment, but a source of profit.”

Trade Barriers, No Legal Recourse

In a late October submission to the 2026 National Trade Assessment Report, Cloudflare warned the Trump administration that Spanish courts allow rightsholders to request “overbroad court orders” that cause collateral damage affecting tens of thousands of legitimate websites.

Since the Spanish government has chosen not to intervene, and “no judicial opportunity for remedy” currently exists, Cloudflare said that creates “significant trade barriers between the countries.”

Nikonov uses similar terms to those used in a Cloudflare-commissioned report released in the summer. “The internet will become fragmented,” he says, before reminding readers that state institutions won’t be responsible, but commercial organizations shielded by government.

“This scheme avoids public debate (the Spanish parliament refused to consider the issue, citing a court ruling) and instead considers the proportionality of the measures. Under the guise of copyright protection, a tool is emerging that allows commercial players to directly influence the accessibility of parts of the internet, bypassing legal proceedings.

“Access to resources will be determined not by technical standards, but by the interests of private corporations with administrative resources,” he warns.

More Powerful Tools Than Previously Reported?

Nikonov suggests that more powerful tools are being deployed in Spain, beyond simple DNS blocking. He claims that a key role belongs to the National Telecommunications Market Commission (CNMC), which, at the behest of LaLiga issues “mandatory directives” to all Spanish ISPs, urging “the fastest possible compliance.”

“[This] effectively forces them to implement DNS and BGP filtering. Border Gateway Protocol is the primary dynamic routing protocol on the internet,” he continues.

A phrase often used to convey the importance of BGP is simple but effective: BGP is the glue that holds the internet together. That’s not overblown or alarmist; but some would argue that meddling with it is.

“As a result, telecom operators are becoming the enforcers of state anti-piracy policies. What we’re facing is no longer an isolated failure, but a testing of a model that sets a precedent for new internet governance — a private corporation, through the regulator, gains de facto access to leverage over network infrastructure.”

Regulation and Using the Same System For ‘Something Else’

It’s possible that at some point there will be calls for site blocking to be regulated, but according to Nikonov, some may welcome that with open arms.

“[M]odern digital ecosystems are structured in such a way that anyone who gains access to regulatory levers automatically gains power over the infrastructure used by millions of people. In other words, the internet today is no longer a distributed network, but a set of control points, each of which becomes a juicy target,” he notes.

“And if today this point is used to protect football broadcasts, tomorrow it will be used for something entirely different.”

From: TF, for the latest news on copyright battles, piracy and more.

After years of uncontrolled piracy, in 2019 authorities in Brazil teamed up with ICE and the US Department of Justice to launch Operation 404.

Described as a “milestone” for Brazil’s momentum in the fight against piracy, it was revealed that with assistance from overseas, 136 websites and 100 apps had been put out of action, either by domain suspension or site blocking measures.

Local agencies and anti-piracy groups including ANCINE (National Film Agency) and the National Council for the Fight Against Piracy (CNCP), were pleased with their work, although it was far from done.

Operation 404.1 Was Only the Beginning

Named after the well-known HTTP error indicating a currently unavailable website, Operation 404 would need to build on its early momentum. To understand the scale of the challenge, one only has to look at one of the earliest targets, Futemax, which remains active today despite years of blocks.

More domains would be needed to remain online

For the past six years, authorities and rightsholders in Brazil have continued to add Futemax-branded domains to Brazil’s secretive blocklist.

Whether Futemax, FutemaxHD, FutemaxBR or FutemaxTV variants, the domain-blocking Whac-A-Mole has seen commitment from both sides. At the time of writing, over 360 of these domains appear on the list, presumably at least some in connection with subsequent waves of Operation 404, which have generally taken place on an annual basis since 2019.

Ministry of Justice Announces 404.8

Brazil’s Ministry of Justice and Public Security (MJSP) announced that phase Operation 404.8 was ‘carried out’ November 27, without clarifying that only a relatively small number of events and achievements presented to the media actually took place on that day. This approach to presentation has persisted from 404.1 to the present day but the volume of work as reported only really makes sense as part of a longer timeline.

In common with 404.5 (March 2023), 404.6 (November 2023) and 404.7 (September 2024), this year the Ministry reported an international effort in which local authorities collaborated with partners from Argentina, Ecuador, Paraguay, Peru, and the United Kingdom.

Operation 404 (Phase 8)

This was Ecuador’s first direct appearance within Operation 404 but for the United States government, which has provided significant support right from the very beginning, there was no direct involvement.

The Ministry says that along with representatives from Mexico, the role of the U.S. Department of Justice and Department of Commerce was to observe, in order to “learn about the methodology used in combating digital piracy.”

Much to Observe

The MJSP said a total of 44 search and seizure warrants were executed, which includes four preventive arrest warrants and three arrests in flagrante delicto in various Brazilian states. The Ministry says the aim was to identify and hold accountable the operators and various individuals behind an unspecified number of “pirate platforms.”

“Audio and video content, such as games and music, were removed,” the Ministry continued. “There was also the blocking and suspension of 535 websites and one illegal streaming application, in addition to the removal of thousands of pirated materials from repositories and social networks. In this phase, the focus broadened to reach the financing and monetization structures of these illegal services.”

Operation 404.8

In common with previous phases, the Ministry reported collaboration with local federal agencies. They include the National Telecommunications Agency (Anatel) and the National Film Agency (Ancine), both of which are actively involved in having pirate websites blocked by local ISPs.

That raises questions over Brazil’s broader site-blocking regime that receives very little attention.

Operation 404 Blocking is a Fraction of Overall Blocking

On face value, the number of pirate domains blocked under Operation 404 is publicly reported. Given tendencies seen in the past, that include conflating the number of sites blocked with the number of domains, the overall figures may or may not provide a reasonable account of events on the ground.

Refusal to reveal exactly which platforms have been targeted are compounded by the secrecy surrounding Brazil’s primary blocklist, which is restricted and certainly not open for scrutiny. The same applies to the many orders handed down by judges that provide it with constant fuel.

The table below covering Operation 404.1 to 404.8 inclusive, suggests that since 2019, just over 3,000 ‘pirate’ domains have been blocked on copyright grounds as part of Operation 404.

Yet the country’s master blocklist currently contains over 30,000 entries. Since it also contains gambling site domains, the full list can’t be attributed purely to pirate sites.

Nevertheless, the number of sites/domains publicly declared as blocked is clearly just a drop in the ocean. Or, rather, it appears to be; for the last six years no domains have been mentioned in connection with Operation 404 blocking, which effectively rules out fact checking.

Even access to the list of blocked domains is quickly of limited use. Without all-important context, it’s ultimately just a big list of domains.

—————–

Operation 404 receives cooperation from the following agencies, organizations, rightsholders, and anti-piracy partners:

[UK] City of London Police – Police Intellectual Property Crime Unit (PIPCU)
[UK] Intellectual Property Office (IPO),
[USA] U.S. Department of Justice
[USA] Department of Commerce
[Peru] National Institute for the Defense of Competition and the Protection of Intellectual Property (INDECOPI)
[UK] English Premier League
[Spain] LaLiga
[International] Alliance for Creativity and Entertainment (ACE)
[Brazil] Brazilian Association of Pay Television (ABTA)
[LATAM] Alliance against Audiovisual Piracy (ALIANZA)
[Brazil] National Council to Combat Piracy (CNCP)
[Brazil] Association for the Protection of Intellectual and Phonographic Rights (APDIF)
[International] International Federation of the Phonographic Industry (IFPI)
[International] Entertainment Software Association (ESA)
[USA] Motion Picture Association (MPA)
[Paraguay] National Directorate of Intellectual Property (DINAPI)
[Japan] Content Overseas Distribution Association (CODA)
[S.Korea] Copyright Overseas Promotion Association (COA)
[Ecuador] National Intellectual Rights Service (SENDI)
[Ecuador] National Police
[Argentina] Specialized Fiscal Unit for Cybercrime Investigation (UFEIC)
[Argentina] Federal Police of Argentina (PFA)
[Paraguay] Specialized Unit for Punishable Acts Against Intellectual Property
[EU] European Union Intellectual Property Office (EUIPO)

From: TF, for the latest news on copyright battles, piracy and more.

Described by the MPA, Premier League and other rightsholders as a priority piracy threat, a set-top box available to buy right now on popular markets, initially sounds like an attractive buy.

Manufactured in China, EVPAD TV boxes look fairly unremarkable, and with an Android 7.0 operating system under the hood, they are. When purchased with a cheap ‘lifetime’ subscription, with installable apps providing access to all the content most people will ever need, looks become less important.

However, a look under the hood reveals that the trade-off between content and privacy cannot be ignored.

Researchers Investigate EVPAD

Android-based EVPAD devices provide access to a huge library of infringing movies, TV shows, and live TV, sourced from countries including Canada, Taiwan, the UK, and the United States, among others. As a result, major rightsholders have regularly reported EVPAD and similar devices to the USTR’s Notorious Markets review.

A team of researchers at Korea University took an interest in the EVPAD ‘3p’ and ’10p’ devices when considering what type of anti-piracy measures might be effective against device-specific apps, operating within closed, subscription-based networks.

In this case, the EVPAD website advises buyers of the ‘3p’ device to download two apps from a third party website. ‘StarLive’ and ‘StarVod’ provide access to live TV broadcasts and VOD content, respectively. For the ’10p’ device, a single app called ‘StarV10’ is sufficient and in all cases, installation is simplicity itself.

“Interestingly, during the installation process from such unknown sources, the service applications are installed seamlessly without requiring any additional user interaction or explicit permissions,” the researchers report.

“Upon further inspection, we found that the global system setting for package installation from non-market sources (install_non_market_apps) was set to 1, indicating that side-loading from unknown sources is universally permitted on this Android 7-based device.”

For regular buyers, zero control over permissions should’ve been an immediate red flag. For the researchers, the secrets of obfuscated source code were still to be discovered.

“Streaming is Safer Than Torrents”

Since regular streaming is a process of consumption and the law tends to view supply more seriously, the theory that streaming is safer than torrents usually finds solid ground.

That doesn’t necessarily mean that streaming pirated content is legal, but in a client/server streaming scenario, obtaining evidence of downloading meets technical challenges that aren’t easily overcome. In contrast, BitTorrent users upload by default, which makes evidence of a more serious offense comparatively easy to obtain.

When people buy an EVPAD TV box, many will expect to ‘stream’ pirated content to the device. While that may be a part of the process, the reality is less straightforward.

A Hybrid Network

The researchers at Korea University found that EVPAD devices initially communicate with centralized servers, which manage authentication, various updates, and the all-important content lists. Once obtained, EVPAD devices use that information to join a BitTorrent-like peer-to-peer (P2P) network, in which unwitting downloaders become simultaneous uploaders, or as they say in court, unlicensed distributors of infringing content.

StarLive uses the ‘libtvcore‘ library to establish connections with other EVPAD devices, enabling real-time data sharing among peers, including the distribution of live TV broadcasts.

Under the Hood

When a user of StarVod selects a video to watch, the system identifies a corresponding .torrent file and HTTP file server. Encrypted using XOR, the .torrent file is decrypted by the libp2ptrans library then used to perform standard BitTorrent functions, with a tracker providing a list of available peers.

“Simultaneously, the user engages in both P2P communication with other peers and HTTP communication with the file server delivering the selected VoD title. This dual approach ensures both downloading and streaming, but in practice, HTTP streaming via a dedicated file server significantly enhances service availability and playback speed, often playing a major role in video streaming,” the researchers note.

Hybrid Network Complicates Blocking

This hybrid approach to networking complicates blocking efforts. While blocking certain domains would prevent service updates, that may not necessarily disrupt the P2P network.

In the event that the source of content becomes unavailable, the researchers say that data broadcasting nodes in the P2P network provide a fallback mechanism by acting as servers within the ‘swarm’. For video-on-demand (VoD) content, the system utilizes P2P but when necessary, HTTP is used to reach servers operating as Content Delivery Networks.

“[These servers] distribute torrent files and video content, and the presence of multiple similar domains suggests that they are designed to quickly circumvent domain blocks. Additionally, there are domains and IP addresses for Trackers to facilitate torrent-based communication,” the researchers add.

After manipulating IDs used to identify content categories, the researchers obtained all VOD lists from the servers above, which together identified 24,934 pieces of video content. That included 1,052 movies and TV shows in the ‘Nflix’ category alone.

Building Resilience Introduced Weakness

No system is completely bulletproof, and this one is no exception. In theory, the decentralized nature of the P2P network makes the system more difficult to shut down. In practice, it also introduces vulnerabilities that can be exploited to disrupt the service.

The researchers discovered two vulnerabilities. Using the Android emulator NoxPlayer to mimic an authenticated EVPAD device, the first allowed them to bypass authentication. This enabled content to be viewed from around the world, without a subscription, with the potential for “unlimited replication.”

While the first vulnerability granted access to the network, the second vulnerability instantly denied it.

“Given the critical nature of this vulnerability, we determined that even a single, carefully crafted TCP packet is sufficient for an individual to trigger service termination on a remote peer device. This drastically lowers the bar for potential abuse, as no significant bandwidth or coordinated effort is required,” the team note.

Blocking Measures Disrupt the EVPAD Network

When combined, these vulnerabilities form the basis of a theoretical anti-piracy strategy. Once a node is deployed in every available TV channel, the data normally used to connect peers can be leveraged for a different purpose. It allows an attacker to identify specific users and hit them with a TCP packet, causing an instant disconnection.

There’s no suggestion that such an attack has ever been used outside a lab environment. However, the researchers mention an injunction obtained in India by the Premier League that granted authority to block certain domains, which caused network disruptions lasting four days.

While service was restored, the researchers say that would’ve been more difficult if additional capability had been deployed alongside.

Implications For End Users

Beyond the inherent risks of sharing copyrighted content, the implications for users of EVPAD devices are significant. Often distributed in a pre-rooted state with no package installation restrictions, EVPAD devices are highly vulnerable to abuse. The researchers found that the device update process lacks any mechanism to verify integrity or authenticity.

The device also operates with SELinux in permissive mode, where policy violations occur without enforcement. These factors and others lead to the conclusion that attackers could secure a global network of “zombie” devices through which they could execute further attacks by remote control.

“At its peak, [the Mirai botnet] generated about 1TB of attack traffic using 145,000 devices,” the researchers note, adding that 17,000 compromised EVPAD devices could “potentially generate up to 0.12TB of malicious traffic at peak.”

The study identified 131,175 devices across 116 countries and 78 operational servers located in the United States, Japan, Singapore, Hong Kong, and other countries

“Even if malicious intent is not the primary motive, the lack of commitment to user security by such illegal operators places users in a vulnerable position, making them susceptible to attacks.”

Watch Out Your TV Box: Reversing and Blocking a P2P-based Illegal Streaming Ecosystem, is available here (pdf)

From: TF, for the latest news on copyright battles, piracy and more.

Despite a stream of news reports that seem to suggest the opposite, there are more examples of pirate site operators surviving unscathed than there are public catastrophes.

That’s to be expected when facing finite anti-piracy resources, yet some individuals do seem to fly under the radar with very little effort. Others prefer to weigh the likelihood of enforcement against available resources and confidence in their personal skill set. For some, the strategy has proven successful, but thanks to a volatile mix of unpredictable variables, some suddenly find things going in the opposite direction.

The warning signs are often glaringly obvious to those viewing from the periphery, but for those involved, up close they may be almost invisible.

The Rise and Fall of NunuTV

Operating from July 2021 to April 2023, NunuTV (NooNoo TV) quickly gained a reputation for illegally streaming domestic and international titles to the pirating masses.

Reportedly servicing tens of millions of visitors every month, the site’s popularity was never in doubt. Neither did it go unnoticed by those increasingly concerned by its meteoric growth. Rightsholders claimed that the site facilitated over 1.5 billion views of pirated movies and TV shows, with damage to the entertainment industries estimated at five trillion Korean won (US$3.7 billion).

Whether that figure was wildly overblown or about right wasn’t the main concern. South Korean media companies and groups clearly felt strongly enough to join forces under the Video Copyright Protection Council (VCPC) to put an end to it. Facing a “stronger together” strategy in respect of legal action and the aggressive pursuit of site-blocking measures, NunuTV’s response to the latter was predictable and extremely persistent.

Blocked / Unblocked / Arrested

Every time a NunuTV domain was blocked, the site would reappear on an almost identical domain, usually with a number tagged on the end that increased incrementally; noonootv1 became noonootv2, noonootv24 became noonootv25, a pattern that continued to noonootv30 and several beyond.

Blocked / Unblocked

In the background, few if any other sites were mentioned in public as potential targets. The profile of the site meant that if rightsholders and the authorities saw value in sending a deterrent message, one option stood out above all others.

When the government announced the formation of a dedicated piracy investigation unit and VCPC became even more vocal, momentum seemed to shift. NunuTV shut down in April 2023, suggesting that the “outrageous” cost of bandwidth and anti-piracy measures had detracted from keeping the site alive. A successor site, NunuTV Season 2, enthusiastically emerged soon after, but it didn’t last.

In November 2024, a notice posted to GitHub revealed that Korean authorities had shut down TVWiki, a streaming piracy site with millions of monthly users. The site’s alleged operator who, according to reports, was also behind streaming platform OK Toon, was arrested by a special unit operating under the Ministry of Culture, Sports and Tourism.

The Shutdown Notice (translated)

A takedown notice hosted on GitHub revealed that the individual behind TVWiki and OKToon was also the operator of NunuTV. Identified in court records only as ‘Person A’, he had conveniently used the new sites to fill the void left by the original shutdown.

All three websites generated revenue from illegal gambling platform banner ads, a known aggravating factor but still quite lucrative. Authorities went on to seize assets worth 2.6 billion won (US$1.9 million), a haul that included luxury vehicles and 14 bitcoin.

Initial Sentence and a Roll of the Dice

At sentencing, the Daejeon District Court commented on the severity of the crime, and the negative impact it had on copyright holders’ revenues. Five trillion Korean won wasn’t realistic or representative of the actual damages suffered and the length of the sentence reflected that.

Initially sentenced to serve three years in prison, with the Court recognizing the 31-year-old’s admission of guilt as a positive factor, the outcome could’ve been significantly worse. Nevertheless, Person A lodged an appeal and even enjoyed partial success.

Earlier this month, the original sentence was overturned at the Daejeon District Court. Judge Park Eun-jin reduced the confiscation amount, detailed in the original sentence, from 700 million Korean won (~US$478,000) to 374.7 million Korean won (~US$256,000), accepting a claim by the defendant that some of the alleged profits may have been attributable to third parties operating separate sites, as Chosun Daily reports.

However, while the court was willing to reduce the financial penalty, it took a very different view on the prison term.

Gamble Fails to Pay Off

While the operator succeeded in saving some money, the appeal process drew attention to his history of recidivism. The court pointed to Person A’s prior convictions, indicating a pattern of criminal behavior.

“A had previously received actual prison sentences for crimes related to sports gambling sites and aiding the distribution of obscene materials, yet committed this crime,” the appellate court noted.

“When the investigation began, A closed the site and opened another, showing that the methods, means, and duration of the crime have escalated. Considering the need for strict punishment to prevent recidivism and the fact that the victimized broadcasters have petitioned for severe punishment, the original sentence was excessively lenient and unjust.”

With that, the original sentence was extended by 50%, from three years in prison to four years and six months.

Rightsholders will likely be satisfied that a clear message has been sent. Whether it will be received and acknowledged remains to be seen, but if there are gaps unfilled by locals in a national market, it’s usually just a matter of time before more elusive targets take up the slack.

From: TF, for the latest news on copyright battles, piracy and more.

A new legal framework to tackle online infringement in Greece went live just a couple of months ago, and reports of prosecutions are already coming in.

Early September, it was reported that a man from Sparta faces prosecution and a fine of up to 6,000 euros for two IPTV piracy offenses.

The suspect, reportedly a café owner, was targeted at his workplace on a Saturday, allegedly in front of customers. One told local media that they believed that complaints of the café engaging in “unfair competition” preceded the untimely visit.

New Operation Much Larger in Scale

The Cybercrime Prosecution Directorate launched their operation in the early hours of November 19. The Athens-based unit targeted a network that sold illicit access to premium pay-TV via IPTV subscriptions.

The raid, conducted on Santorini, one of the Cyclades islands, resulted in the arrest of a 48-year-old, who, from police reports, appears to be a reseller for a larger network. Customers were reportedly charged €50 for 3 months subscription or €100 for 6 months. Sales and management were handled by the 48-year-old via an online platform known as a ‘panel’, while remote and in-person support were available as part of the service.

The impact of the raid was visible on the islands, locals said. According to a local report, hundreds of users in hotels, cafes, and residences on Santorini and beyond, found themselves suddenly without access to cheap TV. Apparently few areas were untouched by the disruption, such was local reliance on illegal streams.

Arrest and Seizure of Evidence

The identity of the main suspect has not been released but as the focus of an early prominent case, facing charges of commercial exploitation of illegal IPTV subscriptions, the outcome is unlikely to be especially pleasant.

During a search of the suspect’s home, police seized a modified IPTV device configured to illegally receive subscription channels from at least two unnamed companies, a laptop computer, a mobile phone, and €4,820 in cash. The seized digital evidence has been sent to the Criminal Investigations Directorate for laboratory analysis.

End Users Face an Uncertain Wait

The most significant tactical aspect of the operation may have been the choice of target and in particular, their customer base. If the reports are true, many may have operated from various commercial premises, such as hotels and cafes. This means they too could face significant fines of up to 5,000 euros, way above the 750 euro penalties reserved for individual users.

Almost 70 targets is significant too, a number exceeded only in Italy, where people are fined by the state before their details are shared with DAZN and Serie A who request damages on top.

From: TF, for the latest news on copyright battles, piracy and more.

A new legal framework to tackle online infringement in Greece went live just a couple of months ago, and reports of prosecutions are already coming in.

Early September, it was reported that a man from Sparta faces prosecution and a fine of up to 6,000 euros for two IPTV piracy offenses.

The suspect, reportedly a café owner, was targeted at his workplace on a Saturday, allegedly in front of customers. One told local media that they believed that complaints of the café engaging in “unfair competition” preceded the untimely visit.

New Operation Much Larger in Scale

The Cybercrime Prosecution Directorate launched their operation in the early hours of November 19. The Athens-based unit targeted a network that sold illicit access to premium pay-TV via IPTV subscriptions.

The raid, conducted on Santorini, one of the Cyclades islands, resulted in the arrest of a 48-year-old, who, from police reports, appears to be a reseller for a larger network. Customers were reportedly charged €50 for 3 months subscription or €100 for 6 months. Sales and management were handled by the 48-year-old via an online platform known as a ‘panel’, while remote and in-person support were available as part of the service.

The impact of the raid was visible on the islands, locals said. According to a local report, hundreds of users in hotels, cafes, and residences on Santorini and beyond, found themselves suddenly without access to cheap TV. Apparently few areas were untouched by the disruption, such was local reliance on illegal streams.

Arrest and Seizure of Evidence

The identity of the main suspect has not been released but as the focus of an early prominent case, facing charges of commercial exploitation of illegal IPTV subscriptions, the outcome is unlikely to be especially pleasant.

During a search of the suspect’s home, police seized a modified IPTV device configured to illegally receive subscription channels from at least two unnamed companies, a laptop computer, a mobile phone, and €4,820 in cash. The seized digital evidence has been sent to the Criminal Investigations Directorate for laboratory analysis.

End Users Face an Uncertain Wait

The most significant tactical aspect of the operation may have been the choice of target and in particular, their customer base. If the reports are true, many may have operated from various commercial premises, such as hotels and cafes. This means they too could face significant fines of up to 5,000 euros, way above the 750 euro penalties reserved for individual users.

Almost 70 targets is significant too, a number exceeded only in Italy, where people are fined by the state before their details are shared with DAZN and Serie A who request damages on top.

From: TF, for the latest news on copyright battles, piracy and more.

For years, powerful rightsholders and media groups have demanded urgent and decisive action from the European Commission to tackle IPTV piracy of live sports and events.

From the MPA, to the Premier League, Sky, LaLiga and Serie A, the message couldn’t have been clearer or more consistent. It didn’t change after the EC’s rejection of their call for urgent legislative measures in 2022, and remained intact following a consultation and advice early 2023 on a ‘toolbox’ of existing measures.

EC Publishes Assessment of the Effects of Recommendation

In May 2023, the European Commission (EC) issued a Recommendation aimed at tackling online piracy of sports and other live events. It encouraged measures concerning the processing of takedown notices, dynamic injunctions, cooperation between stakeholders, and increasing the availability of legal alternatives.

Aiming to build upon existing legal frameworks such as the InfoSoc Directive, IPRED, and the Digital Services Act (DSA), it was detailed and comprehensive, without being especially urgent.

Some two-and-a-half years later, an assessment of the effects of the Recommendation were published by the EC last week. The report evaluates the progress made by Member States, national authorities, and stakeholders in implementing the various measures outlined in May 2023. Monitoring was carried out by the EUIPO Observatory using Key Performance Indicators (KPIs) concerning piracy volume, processing of takedown notices, use of blocking injunctions, and availability of legal offers.

Ensuring Prompt Execution of Takedown Notices

Recommendation: Hosting services should process takedown notices sent by rightsholders as quickly as possible, to help protect vulnerable live events which have most of their value built into the event itself.

Assessment: Only limited progress was reported. ‘Online platforms’ including social media, online marketplaces, and search engines, were generally more responsive due to their obligations under the DSA. Responses from other intermediaries such as Dedicated Server Providers (DSPs) and Content Delivery Networks (CDNs) were much slower, highlighting a significant gap in response times when compared to online platforms.

Further Action: According to the report, there’s a need for increased cooperation with intermediaries, including working towards technical solutions to automate processing of takedown notices. The Commission says it will examine the role of intermediaries within the DSA Board discussions.

Rightsholders’ Use of Blocking Injunctions in Member States

Recommendation: Authorized under Article 8(3) of the InfoSoc Directive and Article 11 of IPRED, Members States should facilitate use of dynamic/live blocking injunctions, with appropriate safeguards, against infringers and intermediaries whose services are used to infringe copyrights.

Assessment: The Commission notes that while injunctions are useful, implementation across Member States shows significant variation. At the extremes, some countries have very robust systems in place while others have no system at all. The Commission says there’s not only a need for much broader adoption across the EU, but also more consistent application.

Further Recommendation on Injunctions: Member States are ‘encouraged’ to provide for injunctions against intermediaries, who, regardless of their lack of liability, offer services that are misused for illegal streaming of live sports.

Assessment: Noting efforts in France and Belgium that have blocked CDNs, VPNs and DNS providers, and work in Italy to facilitate the same, the EC also highlights LaLiga’s work in Spain “against ISPs and CDNs“. Under the DSA, some intermediaries may be exempted from liability, the EC adds, but the DSA does not preclude them from being blocked regardless.

Since these are recent developments, “there is not yet sufficient data to assess the efficiency of dynamic injunctions addressed to those intermediaries,” the report concedes, adding that “a number of end-users, have complained about a few instances of over-blocking.”

The Recommendation appears to have prompted some Member States to reassess their legal frameworks or engage in policy discussions to strengthen enforcement measures. Some Member States have clarified legal standing for sports event organizers, allowing them to pursue injunctions in their own right. Some rightsholders are demanding that blocking injunctions are recognized across borders.

Discussions about the possible introduction of dynamic injunctions have been discussed in a few Member States, but not have not yet materialized. In others, there are no developments to report “prompting concerns” from certain stakeholders, the EC reports.

Further action: The Commission will consider whether new measures are needed to ensure a wider and more consistent use of dynamic injunctions across Member States.

Cooperation between Rightsholders and Intermediaries / Public Authorities

Recommendation: Encourage cooperation between rightsholders and intermediaries to identify the source of unauthorized retransmissions and take measures to prevent repeat misuse.

Assessment: Cooperation agreements to fight piracy exist across Member States, some concluded directly between the parties and others with assistance from public authorities. Agreements between rightsholders and ISPs on blocking measures and issues related to content blocking/removal appear to be most common.

In 2024, participating rightsholders reported 49 voluntary cooperation agreements with intermediaries, rising to 62 in 2025. Cooperation with Dedicated Server Providers (DSPs) account for around two-thirds of agreements (42), with online platforms (18) quite a distance behind. Perhaps unsurprisingly, agreements to identify the source of infringement are far less common; just two were reported.

In general, cooperation has improved, with voluntary agreements becoming more common. The majority of infringement notices resulting in suspension of access to infringing streams were issued in the context of cooperation agreements, with 55% of those proving successful. However, some rightsholders complained that most cooperation agreements still rely on manual processing of infringement notices, which limits effectiveness when applied to live sports.

The Recommendation encourages Member States to actively engage in the exchange of information when sites and services are blocked as part of an injunction. Under the DSA, orders issued by authorities to act against illegal content must be shared by a Member State’s Digital Services Coordinator (DSC) with their counterparts in other Member States.

This system is considered directly relevant to tackling piracy of live events but is not yet fully operational. However, the network is described as a “crucial initiative” through which valuable information is exchanged between participating authorities.

Raising Awareness and Improving Availability of Legal Offers

Recommendation: Increase users’ awareness of legal content, increase the availability, affordability, and attractiveness of live event commercial offers.

Assessment: The report notes that submissions focused solely on live sports events. Several rightholders and sports event organizers have reportedly made efforts to make their offers more accessible, including “setting up a website which allows users to obtain information on where a specific sporting competition is available.”

Yet in noting the following, it seems that readily available information proved elusive enough to prevent an assessment.

“[T]he data submitted by sports event organisers and rightholders to the EUIPO does not allow to fully assess the progress made in terms of the availability of sports events or the affordability and attractiveness of commercial offers,” the report notes.

“Consumers responding to the call for evidence consider that this remains an area of concern, arguing that the availability of affordable legal offers remains low and legal offers are fragmented,” the report notes.

Some national authorities identified pricing of legal offers, fragmentation, and territorial availability, as “possible obstacles” faced by users attempting to access legal live content, “which often requires users to obtain multiple paid subscriptions.”

Overall Conclusions

The European Commission’s assessment concludes that while the Recommendation has encouraged positive developments, its overall impact is limited.

Despite signs of increased awareness and cooperation, piracy by volume has not reduced and remains a problem. While online platforms are seen as effective when processing takedown notices, DSPs reportedly lag far behind when it comes to suspension of pirate streams. Notices sent to CDNs and reverse proxies are increasing but are not effective.

“In addition, an increasing number of notices are being addressed to other intermediaries, including CDNs and reverse proxies, which are not subject to the DSA rules on notices. In this context, the assessment underlines that cooperation agreements have led to a better and quicker response by the relevant intermediaries.”

The assessment also highlights tension between protection from liability for intermediaries and the demand for more effective responses to piracy. Intermediaries are not required by law to proactively police illegal content, but the assessment nevertheless implies that even within existing legal frameworks, going beyond current obligations would make a significant difference.

From: TF, for the latest news on copyright battles, piracy and more.

Services offered by U.S tech giant Cloudflare improve the performance and security of millions of websites, amounting to a significant contribution towards the health of today’s internet.

Those hoping to benefit from Cloudflare’s services find few, if any, barriers to entry. Typically a working email address is sufficient to gain access, meaning new users can protect their websites in a matter of minutes.

Cloudflare Held Liable For Anonymous Users

Frictionless onboarding is popular with users and good for Cloudflare’s overall business. For Japanese manga publishers Shueisha, Kodansha, Kadokawa, and Shogakukan, the absence of identity verification is a gift to pirate site operators. Not only are they allowed to remain personally anonymous, their websites’ IP addresses can be hidden and exchanged for Cloudflare’s, making enforcement more difficult.

A decision handed down this week by Judge Aya Takahashi at the Tokyo District Court, holding Cloudflare liable for infringement carried out by its customers, concerns a lawsuit filed by the publishers in 2022.

The companies said that the anonymity afforded by Cloudflare to site operators and their websites, provides an attractive environment for piracy of their content to thrive. When the publishers’ repeatedly complained, Cloudflare should’ve taken the strongest of action against such abuse, including terminating the accounts of known pirate sites.

Liability and Future Growth

Judge Takahashi agreed that the lack of identity verification was a piracy-enabling factor but Cloudflare’s inaction amounted to a failure to acknowledge responsibility.

“(Cloudflare) failed in its duty to stop providing the service,” Judge Takahashi said.

Liability in this instance led to a damages award against Cloudflare of 500 million yen, around US$3.2 million. In the bigger picture, the money is less important to Cloudflare than new liability and what that might mean for the growth of its business.

In this instance, the court did not issue an injunction to restrain Cloudflare moving forward. However, the finding of liability is unacceptable to Cloudflare so it intends to file an appeal and continue the fight.

“We appreciate the efforts of the Tokyo District Court, which spent a great deal of time and effort reviewing and ruling on this complex case. While we respectfully disagree with the court’s decision, we also express our dissent,” the company said in a statement sent to legal news outlet Bengo4.

Cloudflare maintains its long-held position that as a CDN, it delivers data and doesn’t host anything. Since the pirated content is hosted elsewhere, that’s where it will remain, regardless of any action at Cloudflare.

Cloudflare Ups the Stakes, Warns of Global Implications

Cloudflare’s pursuit of a decision aligned with its own interests, will see the publishers defend their hard-won position with similar determination. For the former, the decision in Japan isn’t just a local storm, it’s a threat to intermediaries and sets a global precedent with far-reaching implications.

“Holding CDNs like Cloudflare legally liable for content they do not host removes the limitations on liability that have underpinned the growth of the global internet. This ruling is the first of its kind in the world and could have serious implications for the efficiency, security, and reliability of the internet not only in Japan but around the world,” the company says.

While a robust defense of its position is to be expected, Cloudflare seems to be especially vocal – and critical – not just of the decision, but how it will hurt Japan’s progress moving forward.

Describing the ruling as “undermining transparency, fairness and due process,” Cloudflare said the trial questioned whether Japan’s judicial system supports its aspirations for growth in tech.

“This ruling is contrary to the legislative intent of promoting Japan’s technological growth and risks stifling technological innovation among Japan’s emerging technology companies,” Cloudflare added.

If the decision stands, to avoid liability Cloudflare says it would need to terminate CDN services based on takedown notices, rather than under the formal instructions of a competent court.

The Publishers’ View the Decision in a Different Light

Yuki Hirai is an attorney at Sakurazaka Law Office, where he leads the case on behalf of the publishers.

In recent comments to the USTR, Cloudflare suggested that a negative outcome against the publishers would “necessitate U.S. CDN providers to limit the provision of global services.”

In comments to TorrentFreak, Attorney Hirai disputes that, noting that Cloudflare’s argument “distorts the essence” of the case.

“This ruling concerns responsibility for providing high anonymity and ignoring infringement notices, not the provision of the service itself nor other CDN service provider,” he explains.

“Cloudflare also argues that to avoid their legal liability, it would need to suspend CDN services for a website based on a notice rather than a formal order from an independent court, significantly increasing the potential for abuse. However, this judgment states, citing several reasons, that our infringement notice properly shows the URLs to the infringing content, and that upon viewing those URLs, it was immediately obvious they were pirate sites.”

Attorney Hirai says Cloudflare’s arguments are “highly self-defensive and contain numerous errors.” The publishers true aims are actually quite straightforward.

A Decision That Aligns With Cloudflare Policy

“What we are demanding is a very general act of ceasing to aid such crimes. Restricting the provision of global services is not the solution we seek, nor is it aligned to this judgement,” Hirai explains.

“What we are seeking is for Cloudflare to promptly cease providing services once the sites are notified as pirate sites, and to implement appropriate measures such as identity verification to prevent repeat infringers.

“These requests from us also align with Cloudflare’s policy in its statement to media outlets, of ‘not hesitating to cooperate in combating piracy’”

From: TF, for the latest news on copyright battles, piracy and more.

Offering a wide range of services useful for the majority of websites, including many provided completely free of charge, Cloudflare continues on an upward trajectory.

While its popularity isn’t in question, Cloudflare’s stance on copyright issues has placed it at odds with copyright holders who believe that the company should do more to fight against piracy.

For its part, Cloudflare counters that its policies are in line or exceed legal requirements, including those established in the United States where, under appropriate circumstances, the company cannot be held liable for infringement carried out by its customers.

Complaint and Settlement (2018/2019)

Disappointed by Cloudflare’s stance in response to their allegations concerning several manga piracy sites, in 2018 major publishers Shueisha, Kodansha, Kadokawa, and Shogakukan filed a motion at the Tokyo District Court.

They argued that since Cloudflare was in a position to curtail infringement, the company should stop providing services to the pirate sites. Caching and replicating the sites’ content was described as especially problematic, with the publishers arguing that this amounted to Cloudflare delivering infringing content to the public.

A 2019 settlement with Cloudflare wasn’t revealed until 2020 but the premise was fairly straightforward. If the Tokyo District Court ruled that the sites in question were illegal, Cloudflare would “stop the replication of the sites to Cloudflare’s servers in Japan,” the publishers said.

Publishers File a Copyright Lawsuit in Tokyo

Late January 2022, it was reported that the same publishers were again preparing to sue Cloudflare in Japan over its provision of services to known pirate sites.

The publishers said that they requested Cloudflare to bring the infringements to a halt and Cloudflare advised that they had “taken the necessary measures.” When technical analysis revealed that the pirate sites were still using Cloudflare’s services and cache, legal action was inevitable.

Within days the publishers revealed a “partial claim” against Cloudflare, concerning just four copyrighted works, one for each of the manga publishers. Their claim for damages was a relatively modest US$4m but arguably more important was the request for an injunction. That would not only restrain the company in the current action, it would also establish ground rules for similar disputes moving forward.

“With regard to the infringing content illegally stored on the sites, we asked Cloudflare to stop the temporary reproduction (cache) on the company’s servers in Japan [and] terminate their contracts with pirate sites that are clearly illegal,” the companies said.

Cloudflare said that it had gone “above and beyond its obligations” to assist rightsholders in Japan, including by adopting an abuse process to connect rightsholders with hosting providers “actually able to remove infringing content from the Internet.”

Tokyo Court Declares Cloudflare Liable

After a wait of more than three and a half years, the Tokyo District Court rendered its decision this morning. In a statement provided to TorrentFreak by the publishers, they declare “Victory Against Cloudflare” after the Court determined that Cloudflare is indeed liable for the pirate sites’ activities.

In a statement provided to TorrentFreak, the publishers explain that they alerted Cloudflare to the massive scale of the infringement, involving over 4,000 works and 300 million monthly visits, but their requests to stop distribution were ignored.

“We requested that the company take measures such as stopping the distribution of pirated content from servers under its management. However, Cloudflare continued to provide services to the manga piracy sites even after receiving notices from the plaintiffs,” the group says.

The publishers add that Cloudflare continued to provide services even after receiving information disclosure orders from U.S. courts, leaving them with “no choice but to file this lawsuit.”

Factors Considered in Determining Liability

Decisions in favor of Cloudflare in the United States have proven valuable over the past several years. Yet while the Tokyo District Court considered many of the same key issues, various factors led to a finding of liability instead, the publishers note.

“The judgment recognized that Cloudflare’s failure to take timely and appropriate action despite receiving infringement notices from the plaintiffs, and its negligent continuation of pirated content distribution, constituted aiding and abetting copyright infringement, and that Cloudflare bears liability for damages to the plaintiffs,” they write.

“The judgment, in that regard, attached importance to the fact that Cloudflare, without conducting any identity verification procedures, had enabled a massive manga piracy site to operate ‘under circumstances where strong anonymity was secured,’ as a basis for recognizing the company’s liability.”

The publishers confirm that the litigation involved one protected work per company and that the overall damages recognized in the judgment total approximately 3.6 billion yen (US$24 million). However, since their claim sought to recover less than the damages suffered, the judgment against Cloudflare of 500 million yen, around US$3.2 million, isn’t as punishing as it could’ve been.

Moving Forward

The publishers believe that the judgment clarifies the conditions under which a company such as Cloudflare incurs liability for copyright infringement. Failure to carry out identity verification appears at the top of the publishers’ list, followed by a lack of timely and appropriate action in response to infringement notices sent by rightsholders.

“We believe this is an important decision given the current situation where piracy site operators often hide their identities and repeatedly conduct large-scale distribution using CDN services from overseas. We hope that this judgment will be a step toward ensuring proper use of CDN services. We will continue our efforts to protect the rights of works, creators, and related parties, while aiming for further expansion of legitimate content,” the publishers conclude.

Cloudflare May Have Already Signaled its Response

According to Japanese media, Cloudflare plans to appeal the verdict, which was expected. In comments to the USTR last month, Cloudflare referred to a long-running dispute in Japan with the potential to negatively affect future business.

“One particular dispute reflects years of effort by Japan’s government and its publishing industry to impose additional obligations on intermediaries like CDNs,” the company’s submission reads (pdf).

“A fully adjudicated ruling that finds CDNs liable for monetary damages for infringing material would set a dangerous global precedent and necessitate U.S. CDN providers to limit the provision of global services to avoid liability, severely restricting market growth and expansion into Asian Pacific markets.”

Whether that heralds Cloudflare’s exit from the region is unclear. The statement to the USTR seems to suggest that the company knew that a decision was coming and probably wouldn’t reflect the protections available to it in the United States.

From: TF, for the latest news on copyright battles, piracy and more.

Brazil’s Special Task Force to Combat Organized Crime (Gaeco), part of the Public Prosecutor’s Office of Ceará (MPCE), carried out a large operation on Tuesday targeting individuals and companies believed to be behind several pirate streaming platforms.

With assistance from the Civil Police of Ceará (PCCE), Operation Endpoint saw the execution of 19 search and seizure warrants and five arrest warrants in Alagoas (AL), Ceará (CE) and Santa Catarina. Three people were arrested. Two individuals with outstanding warrants are reportedly still at large.

Investigation

Based on a combination of reports from the Ministry of Justice and Public Security, the Prosecutor’s Office, law enforcement bodies, and local TV news, the investigation began following claims made against the operators of popular pirate streaming services.

Sold under brands including DezPila, Tyflex, and Onlyflix, it was alleged that the operators of the IPTV services were not only committing large scale copyright infringement, but are also involved in wider criminality, including money laundering as part of an organized criminal group.

The authorities claim that the pirate services presented as legitimate subscription TV providers, offering live TV, movies, and TV shows to customers. While they may have appeared legitimate, countless videos posted to YouTube suggest that many customers were aware that authorization from rightsholders was unlikely to be part of the equation.

Asset Seizures, Blocked Sites, Search Engine Delisting

The Prosecutor’s Office says that those higher up in the group used “front men” to facilitate the movement of funds generated by the services, in an effort to conceal the true owners of various assets. To counter the group’s obfuscation efforts, investigators were authorized to obtain information normally protected under Brazil’s banking, tax, and digital secrecy laws.

Social media platforms including WhatsApp and Telegram were reportedly used to attract customers to the streaming services, and via websites hosted by companies including Wix and Hostinger, new customers were signed up.

Online payments were reportedly processed through specialist checkout services, with payments received by various means but predominantly via Pix, an instant payment platform operated by the Central Bank of Brazil.

“As the investigations progressed, it became necessary to request the seizure of assets and valuables from the Judiciary, totaling R$ 12 million (US$2.25m),” the Ministry of Justice reports.

“Simultaneously, 118 websites and social media profiles were blocked, search engines results were de-indexed, and cryptocurrencies were seized.”

Domains Down

TorrentFreak has been unable to find any sites displaying an official seizure banner. However, by matching registered domains to the three brands, and then using alleged use of Wix and Hostinger as a crude filter, hundreds of domains were reduced to a few registered in Brazil.

None are currently functional and some appear to have ‘clientHold’ status, a sign that things aren’t going according to plan. Surprisingly, WHOIS records don’t appear to be consistently redacted, leading to ostensibly real names making repeat appearances.

Maybe they’re bogus, maybe they’re not, but at least one matches a person that has attracted significant interest from the authorities in the past.

Keeping Things Cool

Items of equipment seized by the authorities include what appear to be high-powered fans/blowers or at least according to some searches, vacuum-type devices or even air conditioners. Whether they blow or suck, they presumably exist to prevent electronic equipment from overheating.

Fans of IPTV?

In the event that the equipment gets warm enough to catch fire, the spherical object in the image below (top right) will come in handy. Suspended above most fans, it’s actually a self-contained fire extinguisher. In the image top center, a car engine appears to be generating electricity. Bottom left features some quartz watches and a presentation box containing prop money.

An unusual collection

Further Investigations, Unanswered Questions

The Ministry of Justice says that investigators identified a number of legal entities linked to the group, used for the ‘transit and distribution’ of illicit funds.

“The investigation also identified partnerships between members of the scheme, who shared shell companies and irregularly traded machinery used for cryptocurrency mining.”

Whether that explains the images above is up for debate, but it’s certainly plausible.

Brazil’s Ciberlab also receives a mention for its technical and scientific support to track and dismantle digital infrastructures “that transcend geographical boundaries.”

The name ‘Operation Endpoint’ was apparently a strategic choice; instead of focusing on arresting individuals, the reported goal was to “target the access points — such as servers, domains, and monetization channels.”

Yet while domains and monetization channels can’t be photographed, the same can’t be said about servers. At least thus far, no images of servers have been released.

Whether the theory holds any weight is unclear, but some IPTV resellers in Brazil appear to be linking recent events in Argentina with the disappearance of DezPila, Tyflex, and Onlyflix, apparently thanks to their “reliance on a central server.”

That was eventually shut down but in line with tradition, others have already taken its place.

From: TF, for the latest news on copyright battles, piracy and more.