Fuck off Italy with your shitty piracy shield

No matter what your opinion is on that matter, Cloudflare is a curse rather than a merit imo.

As we know, Cloudflare’s roots go back to 2004 when Matthew Prince and Cloudflare co-founder Lee Holloway were working on a computer industry project they called Honey Pot. They wanted to close-down the project already, but then, as the BBC reported in 2016,

[Mr. Prince] got an unexpected phone call from the US Department of Homeland Security asking him about the information he had gathered on attacks.

Mr Prince recalls: "They said ‘do you have any idea how valuable the data you have is? Is there any way you would sell us that data?’.

"I added up the cost of running it, multiplied it by ten, and said ‘how about $20,000 (£15,000)?’.

“It felt like a lot of money. That cheque showed up so fast.”

Mr Prince, who has a degree in computer science, adds: “I was telling the story to Michelle Zatlyn, one of my classmates, and she said, ‘if they’ll pay for it, other people will pay for it’.” …

In 2017, Cloudflare also provided services to neo-Nazi sites like The Daily Stormer, including giving them personal information on people who complain about their content.

There are more similar stories about this company than these.

How are we in @europe@feddit.org and people don’t know about https://dns.sb/ ?

Thank you cloudflare, i don’t use their DNS but it’s a good thing they don’t respect piracy “”“shield”“”

The Cloudflare CEO also just paid tribute to JD Vance and Musk.

Yesterday a quasi-judicial body in Italy fined @Cloudflare $17 million for failing to go along with their scheme to censor the Internet. The scheme, which even the EU has called concerning, required us within a mere 30 minutes of notification to fully censor from the Internet any sites a shadowy cabal of European media elites deemed against their interests. No judicial oversight. No due process. No appeal. No transparency. It required us to not just remove customers, but also censor our 1.1.1.1 DNS resolver meaning it risked blacking out any site on the Internet. And it required us not just to censor the content in Italy but globally. In other words, Italy insists a shadowy, European media cabal should be able to dictate what is and is not allowed online.

That, of course, is DISGUSTING and even before yesterday’s fine we had multiple legal challenges pending against the underlying scheme. We, of course, will now fight the unjust fine. Not just because it’s wrong for us but because it is wrong for democratic values.

In addition, we are considering the following actions: 1) discontinuing the millions of dollars in pro bono cyber security services we are providing the upcoming Milano-Cortina Olympics; 2) discontinuing Cloudflare’s Free cyber security services for any Italy-based users; 3) removing all servers from Italian cities; and 4) terminating all plans to build an Italian Cloudflare office or make any investments in the country.

Play stupid games, win stupid prizes. While there are things I would handle differently than the current U.S. administration, I appreciate @JDVance taking a leadership role in recognizing this type of regulation is a fundamental unfair trade issue that also threatens democratic values. And in this case @ElonMusk is right: #FreeSpeech is critical and under attack from an out-of-touch cabal of very disturbed European policy makers.

I will be in DC first thing next week to discuss this with U.S. administration officials and I’ll be meeting with the IOC in Lausanne shortly after to outline the risk to the Olympic Games if @Cloudflare withdraws our cyber security protection.

In the meantime, we remain happy to discuss this with Italian government officials who, so far, have been unwilling to engage beyond issuing fines. We believe Italy, like all countries, has a right to regulate the content on networks inside its borders. But they must do so following the Rule of Law and principles of Due Process. And Italy certainly has no right to regulate what is and is not allowed on the Internet in the United States, the United Kingdom, Canada, China, Brazil, India or anywhere outside its borders.

THIS IS AN IMPORTANT FIGHT AND WE WILL WIN!!!

Piracy… let the courts deal with it. It’s no business of a government.

If companies want less piracy, they can choose to provide a better and more affordable product.

Honestly, I’d just spit off their 1.1.1.1 service into some sort of separate company so that Italy doesn’t have jurisdiction and leave their servers where they are so that the CDN stuff keeps working, unless they think that Italy is gonna pass some kind of legislation that goes after the CDN stuff.

I don’t know if 1.1.1.1 is all over. If it is, I imagine that it’d need some kind of BGP black magic to make a single IP address exist at many places on the Internet. If so, and if they have a 1.1.1.1 server in Italy, have to pull that out of Italy.

investigates

Yeah, looks like it’s all over.

For me, the next-to-last-hop is 172.68.188.80:

$ mtr -r 1.1.1.1|tail -n2
 12.|-- 172.68.188.80              0.0%    10   17.8  26.3  17.8  33.6   4.5
 13.|-- one.one.one.one            0.0%    10   21.7  23.2  17.5  28.7   4.0

That’s a North American address, something managed by ARIN, NET-172-64-0-0-1.

This does traceroutes from around Europe:

https://perfops.net/traceroute-from-europe

From Manchester, it’s 141.101.71.91, somewhere in Europe. From Amsterdam, 141.101.65.161. From London, 141.101.71.63 or 141.101.71.47. From Reykjavik, 37.235.49.2. All in Europe, netblocks managed by RIPE and mostly owned by CloudFlare.

Interesting. I don’t think I’ve ever seen that before, but I suppose that handing back different content keyed off the person requesting it is kinda CloudFlare’s forte, albeit normally done via DNS responses dependent upon the IP address doing the querying, rather than routing rules depending on it.

EDIT: I think that a bigger problem for Italy is that it’s really easy for someone else to just set up a public DNS server that isn’t in Italy and have it forward queries to 1.1.1.1, and the vast majority of public DNS servers aren’t in Italy and aren’t going to care about Italian law, so Italy would be looking at blocking DNS queries out of Italy, which might be doable, if a stupendous pain in the ass for network admins, as well as blocking DNS-over-HTTP out of Italy, which I suspect is going to be a lot more difficult.

https://globalping.io/network-tools/dns-from-italy

It also looks like all three of the Italian DNS servers this website queries can resolve thepiratebay.org, which I’d think that Italy would have blocked if they block anything on piracy grounds, so I dunno how much compliance there is even from Italian operators of DNS servers.

EDIT2: Apparently some Italian website will let you check if a domain name is blocked by Italy’s PiracyShield:

https://piracyshield.iperv.it/

It looks like they don’t block thepiratebay.org, oddly-enough.

https://piracyshield.iperv.it/ticket_items/4911

That has a partial list of what appears to be blocked FQDNs, but they’re partially-censored, so maybe Italy doesn’t permit people to actually release a list of what they’re blocking (which…I guess would make sense, since it’d basically be a list of places to get pirated content).

EDIT3: And they do apparently disallow release, but I bet that someone would leak it, and sure enough:

https://walledculture.org/academic-research-finds-economic-technical-and-operational-harms-from-italys-piracy-shield/

As the paper notes, one of the major concerns about the system is the lack of transparency: AGCOM does not publish a list of IP addresses or domain names that are subject to its blocking. That not only makes it extremely difficult to correct mistakes, it also – conveniently – hides those mistakes, as well as the scope and impact of Piracy Shield. To get around this lack of transparency, the researchers had to resort to a dataset leaked on GitHub, which contained 10,918 IPv4 addresses and 42,664 domain names (more precisely, the latter were “fully qualified domain names” – FQDN) that had been blocked.

They don’t link to it, but a search later, I think that this might be it:

https://github.com/PiracyShield/RoutingTable

For domains:

https://raw.githubusercontent.com/PiracyShield/RoutingTable/refs/heads/main/fqdns.txt

And sure enough, thepiratebay.org isn’t in there.