Honestly, I’d just spit off their 1.1.1.1 service into some sort of separate company so that Italy doesn’t have jurisdiction and leave their servers where they are so that the CDN stuff keeps working, unless they think that Italy is gonna pass some kind of legislation that goes after the CDN stuff.

I don’t know if 1.1.1.1 is all over. If it is, I imagine that it’d need some kind of BGP black magic to make a single IP address exist at many places on the Internet. If so, and if they have a 1.1.1.1 server in Italy, have to pull that out of Italy.

investigates

Yeah, looks like it’s all over.

For me, the next-to-last-hop is 172.68.188.80:

$ mtr -r 1.1.1.1|tail -n2
 12.|-- 172.68.188.80              0.0%    10   17.8  26.3  17.8  33.6   4.5
 13.|-- one.one.one.one            0.0%    10   21.7  23.2  17.5  28.7   4.0

That’s a North American address, something managed by ARIN, NET-172-64-0-0-1.

This does traceroutes from around Europe:

https://perfops.net/traceroute-from-europe

From Manchester, it’s 141.101.71.91, somewhere in Europe. From Amsterdam, 141.101.65.161. From London, 141.101.71.63 or 141.101.71.47. From Reykjavik, 37.235.49.2. All in Europe, netblocks managed by RIPE and mostly owned by CloudFlare.

Interesting. I don’t think I’ve ever seen that before, but I suppose that handing back different content keyed off the person requesting it is kinda CloudFlare’s forte, albeit normally done via DNS responses dependent upon the IP address doing the querying, rather than routing rules depending on it.

EDIT: I think that a bigger problem for Italy is that it’s really easy for someone else to just set up a public DNS server that isn’t in Italy and have it forward queries to 1.1.1.1, and the vast majority of public DNS servers aren’t in Italy and aren’t going to care about Italian law, so Italy would be looking at blocking DNS queries out of Italy, which might be doable, if a stupendous pain in the ass for network admins, as well as blocking DNS-over-HTTP out of Italy, which I suspect is going to be a lot more difficult.

https://globalping.io/network-tools/dns-from-italy

It also looks like all three of the Italian DNS servers this website queries can resolve thepiratebay.org, which I’d think that Italy would have blocked if they block anything on piracy grounds, so I dunno how much compliance there is even from Italian operators of DNS servers.

EDIT2: Apparently some Italian website will let you check if a domain name is blocked by Italy’s PiracyShield:

https://piracyshield.iperv.it/

It looks like they don’t block thepiratebay.org, oddly-enough.

https://piracyshield.iperv.it/ticket_items/4911

That has a partial list of what appears to be blocked FQDNs, but they’re partially-censored, so maybe Italy doesn’t permit people to actually release a list of what they’re blocking (which…I guess would make sense, since it’d basically be a list of places to get pirated content).

EDIT3: And they do apparently disallow release, but I bet that someone would leak it, and sure enough:

https://walledculture.org/academic-research-finds-economic-technical-and-operational-harms-from-italys-piracy-shield/

As the paper notes, one of the major concerns about the system is the lack of transparency: AGCOM does not publish a list of IP addresses or domain names that are subject to its blocking. That not only makes it extremely difficult to correct mistakes, it also – conveniently – hides those mistakes, as well as the scope and impact of Piracy Shield. To get around this lack of transparency, the researchers had to resort to a dataset leaked on GitHub, which contained 10,918 IPv4 addresses and 42,664 domain names (more precisely, the latter were “fully qualified domain names” – FQDN) that had been blocked.

They don’t link to it, but a search later, I think that this might be it:

https://github.com/PiracyShield/RoutingTable

For domains:

https://raw.githubusercontent.com/PiracyShield/RoutingTable/refs/heads/main/fqdns.txt

And sure enough, thepiratebay.org isn’t in there.