Cloudflare has become the first internet intermediary beyond local residential ISPs, to block access to pirate sites in the UK. Users attempting to access certain pirate sites are greeted with 'Error 451 - Unavailable for Legal Reasons'. In theory, ISP blocking should prevent UK users from even seeing this notice, but a combination of Cloudflare's blocking mechanism and choices made by some VPN users results in a piracy dead end.
Internet service
Internet service providers BT, Virgin Media, Sky, TalkTalk, EE, and Plusnet account for the majority of the UK’s residential internet market and as a result, blocking injunctions previously obtained at the High Court often list these companies as respondents.
These so-called “no fault’ injunctions stopped being adversarial a long time ago; ISPs indicate in advance they won’t contest a blocking order against various pirate sites, and typically that’s good enough for the Court to issue an order with which they subsequently comply.
For more than 15 years, this has led to blocking being carried out as close to users as possible, with ISPs’ individual blocking measures doing the heavy lifting. A new wave of blocking targeting around 200 pirate site domains came into force yesterday but with the unexpected involvement of a significant new player.
The big change is the unexpected involvement of Cloudflare, which for some users attempting to access the domains added yesterday, displays the following notice:
As stated in the notice, Error 451 is returned when a domain is blocked for legal reasons, in this case reasons specific to the UK.
In response to a legal order, Cloudflare has taken steps to limit access to this website through Cloudflare’s pass-through security and CDN services within the United Kingdom.
Background: Cloudflare’s Blocking Policy
Before we take a look at the ‘legal order’ that prompted Cloudflare to take this action, Cloudflare’s blocking policy for copyright claims concerning its CDN and security services provides useful background information.
Because Cloudflare cannot remove content it does not host, other service providers are better positioned to address these issues. Among other things, any blocking by Cloudflare is of limited effectiveness, as a website will be accessible if it stops using Cloudflare’s network. Cloudflare therefore regularly pushes back against attempts to seek blocking orders.
Cloudflare notes that it may take steps to comply with valid orders if, among other things, “principles relating to proportionality, due process, and transparency” are upheld.
Whether Cloudflare pushed back here isn’t clear, but the information made available falls well short of that promised in the Error 451 notice.
Semi-Transparent and Still Lacking
With no central repository of blocking orders and no legal requirement to share details of injunctions with the public, transparency in the UK is mostly left to chance. Some orders make their way online, but there is no guarantee.
For those interested in finding out more about the order affecting Cloudflare, the company provides a link which promises to reveal “the party that requested it, and the authority that issued it.” The link directs to the Lumen Database, which publishes information effectively donated by companies such as Google and Cloudflare, for the purpose of improving transparency.
In this case there’s no indication of who requested the blocking order, or the authority that issued it. However, from experience we know that the request was made by the studios of the Motion Picture Association and for the same reason the High Court in London was the issuing authority.
To the general public, the information is just a short list of domains. If it wasn’t for the efforts of Lumen, Google and Cloudflare, the situation would be significantly less clear than that.
Scale of Blocking Potentially Significant
Checking through the new domains blocked yesterday, something else becomes apparent; they appear in multiple blocking orders, not just the one highlighted above. We’re unable to check ~200 domains immediately but at least potentially, hundreds or even thousands of domains could be involved. And that may actually be a very good thing.
Domains blocked by Sky, BPI and others, don’t appear to be affected, at least as far as we can determine. All relate to sites targeted by the MPA, and the majority if not all trigger malware warnings of a very serious kind, either immediately upon visiting the sites, or shortly after.
At least in the short term, if Cloudflare is blocking a domain in the UK, moving on is strongly advised.
Internet service
Internet service providers BT, Virgin Media, Sky, TalkTalk, EE, and Plusnet account for the majority of the UK’s residential internet market and as a result, blocking injunctions previously obtained at the High Court often list these companies as respondents.
These so-called “no fault’ injunctions stopped being adversarial a long time ago; ISPs indicate in advance they won’t contest a blocking order against various pirate sites, and typically that’s good enough for the Court to issue an order with which they subsequently comply.
For more than 15 years, this has led to blocking being carried out as close to users as possible, with ISPs’ individual blocking measures doing the heavy lifting. A new wave of blocking targeting around 200 pirate site domains came into force yesterday but with the unexpected involvement of a significant new player.
Cloudflare Blocks Pirate Sites “For Legal Reasons”
If piracy is rampant, in the UK pirate site blocking must qualify as rampant too. In the latest wave of blocking that seems to have come into force yesterday, close to 200 pirate domains requested by the Motion Picture Association were added to one of the longest pirate site blocking lists in the world.The big change is the unexpected involvement of Cloudflare, which for some users attempting to access the domains added yesterday, displays the following notice:
As stated in the notice, Error 451 is returned when a domain is blocked for legal reasons, in this case reasons specific to the UK.
In response to a legal order, Cloudflare has taken steps to limit access to this website through Cloudflare’s pass-through security and CDN services within the United Kingdom.
Background: Cloudflare’s Blocking Policy
Before we take a look at the ‘legal order’ that prompted Cloudflare to take this action, Cloudflare’s blocking policy for copyright claims concerning its CDN and security services provides useful background information.
Because Cloudflare cannot remove content it does not host, other service providers are better positioned to address these issues. Among other things, any blocking by Cloudflare is of limited effectiveness, as a website will be accessible if it stops using Cloudflare’s network. Cloudflare therefore regularly pushes back against attempts to seek blocking orders.
Cloudflare notes that it may take steps to comply with valid orders if, among other things, “principles relating to proportionality, due process, and transparency” are upheld.
Whether Cloudflare pushed back here isn’t clear, but the information made available falls well short of that promised in the Error 451 notice.
Semi-Transparent and Still Lacking
With no central repository of blocking orders and no legal requirement to share details of injunctions with the public, transparency in the UK is mostly left to chance. Some orders make their way online, but there is no guarantee.
For those interested in finding out more about the order affecting Cloudflare, the company provides a link which promises to reveal “the party that requested it, and the authority that issued it.” The link directs to the Lumen Database, which publishes information effectively donated by companies such as Google and Cloudflare, for the purpose of improving transparency.
In this case there’s no indication of who requested the blocking order, or the authority that issued it. However, from experience we know that the request was made by the studios of the Motion Picture Association and for the same reason the High Court in London was the issuing authority.
To the general public, the information is just a short list of domains. If it wasn’t for the efforts of Lumen, Google and Cloudflare, the situation would be significantly less clear than that.
Scale of Blocking Potentially Significant
Checking through the new domains blocked yesterday, something else becomes apparent; they appear in multiple blocking orders, not just the one highlighted above. We’re unable to check ~200 domains immediately but at least potentially, hundreds or even thousands of domains could be involved. And that may actually be a very good thing.
Domains blocked by Sky, BPI and others, don’t appear to be affected, at least as far as we can determine. All relate to sites targeted by the MPA, and the majority if not all trigger malware warnings of a very serious kind, either immediately upon visiting the sites, or shortly after.
At least in the short term, if Cloudflare is blocking a domain in the UK, moving on is strongly advised.
