Home / Channel / General Tech / CloudFlare faces lawsuit for helping protect piracy sites

CloudFlare faces lawsuit for helping protect piracy sites

CloudFlare is well-known for its anti-DDOS and website security services. The company has done business with plenty of legitimate sites but it also provides its services to some piracy sites, something it has been criticised over before. Now, CloudFlare is facing a lawsuit, as it continues to provide CDN and anti-DDOS to sites that infringe on copyright.

Rather than stemming from some Hollywood rights group, this lawsuit was actually filed by ALS Scan, a producer of adult entertainment. It turns out that the company is mad at CloudFlare for offering security to sites that may host their content for free. In its complaint against CloudFlare, the company said: “This case involves repetitive infringement of ALS's copyrighted works on ‘pirate' internet sites, those with no apparent function other than to display infringing adult content. This piracy is supported by third-party service providers who continue doing business with such pirate sites, even after they receive repeated actual notice of infringement on the pirate sites.”

cloudflare

The lawsuit goes on to accuse CloudFlare of knowingly doing business with piracy sites and profiting from copyright infringement by refusing to sever ties with these companies. This isn't an uncommon tactic for ALS Scan, The Inquirer points out that the company has been known to relentlessly pursue those it believes to be infringing on its Intellectual Property ever since DMCA laws came into place.

According to TorrentFreak, this lawsuit could also spell bad news for The Pirate Bay, being one of CloudFlare's big customers. If the lawsuit is successful, CloudFlare may be forced to regulate the sites it works with.

KitGuru Says: CloudFlare doesn't directly infringe on copyright, but it does provide security to sites that do. I am obviously not a lawyer, so I don't know how much of a leg this lawsuit has to stand on but going after a third-party instead of the infringing sites themselves seems like a bit of a misstep. 

Become a Patron!

Check Also

Leo Says 77 – Intel ‘fesses up about Arrow Lake Core Ultra 200S

The launch of the new Intel Core Ultra 200S family of CPUs along with Z890 motherboards was a thorny process. KitGuru suffered along with pretty much every other review site on the planet and you may have noticed we held off from reviewing of the Core Ultra 9 285K, Core Ultra 7 265K and Core Ultra 5 245K as it is clear to us that Intel has some work to do before this platform is ready for action.

12 comments

  1. This is stupid

    What next taking HP dell or someone else for a lawsuit for providing server’s to company’s to host pirate sites?

  2. I get paid about six to eight thousand bucks /month for freelancing at home. So if you are willing to work simple freelance work for few h a day at your house and get good profit in the same time… This is perfect for you… SELF21.COM fg5654hfgh

  3. At a push, they’ve got them on the CDN part. Since, technically, they could be hosting content on the CDN that is infringing. However, they’d have to prove that.

    If they aren’t hosting copyrighted content on their CDN then this company doesn’t have a leg to stand on. If these sites are using HTTPS then the content passthrough served via Cloudflare is encrypted and unknown to them. Cloudflare doesn’t need to do anything. Even if they’re told the content is copyrighted, they have no way of checking.

    Cloudflare should not have to police the sites they accommodate, that should be up to those in charge of such things, IE police and government agencies.

  4. CloudFlare does not “pass-through” HTTPS content, they decrypt it and then re-encrypt it with their own key.
    In fact it has been revealed that TPB doesn’t even use HTTPS themselves, only faking it through CloudFlare, as ISP Airtel can MITM them – https://medium.com/@karthikb351/airtel-is-sniffing-and-censoring-cloudflares-traffic-in-india-and-they-don-t-even-know-it-90935f7f6d98#.smfmwtnsg
    As for determining if abuse is occurring, they still have the ability to open up the offending URL with a regular web browser and check, if it is a public URL.

  5. DMCA might just be a buzzword to you, but it’s a law that governs specifically making systems that are designed to circumvent copyright. If people being able to rip off your work means nothing to you then that is probably because you don’t have any copyright protected items.

    I think it’s more than legitimate to expect that a service provider sticks to the law and doesn’t provide services to people thats sole job is to steal content than to expect people to stop sharing pirated content. That is why this law is in place.

    TLDR, go and read what the DMCA is

  6. They certainly do.

    A CDN could be directly piping copyright protecting assets to peoples applications, however i do not think that is any different to providing a service to stop sites getting DDOS’d (i.e keep them online)
    to sites that’s sole purpose is to distribute this copyright.

    Not to mention, the complaints are regarding the fact that Cloudflare have been informed of this and have taken no steps to stop providing those services.

    The service is still accomodating copyright infringement so therefore the service shouldn’t be provided.

    I do not see how this is any different to a hosting/server provider recieving a DMCA notice that they are hosting content infringing on copyright on their servers on behalf of a customer and being legally required to take it down.

  7. At best Cloudflare just need to take down links that are infringing, when notified. There’s no reason to stop providing a service to the site as a customer.

  8. Unfortunately that is where you are wrong.

    A domain has potentially several servers running it.Cloudflare provide services that act as Round robin DNS etc to these servers that provide a layer of anonymity to the servers holding the offending content.

    For this reason if they know that a whole domain being run is just solely there for the reason of copyright infringement then it’s totally a reason to stop providing this to them. Entirely.

  9. Not really. Under the DMCA they’re not obligated to stop providing a service to them because some of their content infringes on copyright. They only have a duty, under the DMCA, to remove infringing content from their own servers when alerted to it, in a timely manner. If that’s what they’re currently doing then there’s nothing illegal going on.

    What you’re suggesting is wrong and places like Facebook and YouTube would be effectively shutdown.

  10. No unfortunately mate, this is where you are incredibly misguided and i will give you a long indepth reason why. I work for and manage a hosting company and this is the kind of legalities that we deal with on a regular basis.

    A domain name is simply a human readable version of a An IP address.

    If a domain name is hosted by 10 servers (for stability sake) But the sole purpose of the DOMAIN is provide copyrighted content, how does that get dealt with legally?

    How does that fit into service providers and how they should deal with copyright infringers? Let me explain

    A Hosting provider can recieve a DMCA notice due to the fact they are providing the server, however can also recieve the notice if they are providing DNS services to a domain name that is providing copyrighted content.

    Now then if My company recieves one of these notifications, we are legally obliged to stop providing my domain name servers to them. The reason for this is simple.
    “What if they just have the offending CONTENT elsewhere?, How as i service can my company actually STOP THIS” and if we don’t take that stance we ourselves are in voilation of the DMCA

    Say my company has a domain name for a company called “We Steal Graphics Ltd.”. If there domain name is “buymyhandwash.co.uk” then why would be stop providing that domain name service unless that website had copyright material on it that infringes?

    Say though they then decide to order a new domain “copyrightedgraphicsforfree.co.uk” and start sticking up copyrighted material that they have no right to then of course we would stop providing services to this company entirely as they are in voilation of our terms of service.

    We cannot nessicarily monitor every domain name and server how it is used on our service 24/7 but i can assure you that if we recieved a notice of a domain OR a server of ours having copyrighted content on it. It would be dealt with in the same way in both cases.Goodbye company, why? because as a company we cannot be seen to profit from copyright thefts but it’s IMPOSSIBLE to monitor every graphic, video, link, etc on every website we host.

    Your point on youtube etc is invalid as they cannot at runtime (when a video is uploaded) tell if it has copyrighted video content in it, so for that reason their servers are technically immediately containing copyrighted content (infact their are millions of songs etc on youtube that are copyrighted) But they also do remove offending content at the request of the copyright holder (so they are not in voilation of DMCA)

    Hope this helps understand the legalities of it.

    When applied to cloudflare it’s pretty simple, if they are providing DNS services to TPB etc then YES they should stop providing services to them and if they are told about it and choose not to then YES they are PROFITING off of the back of copyright infringement because they are getting payed to provide them a service.

  11. But, TPB also offers non-copyrighted content as well as the usual stuff we know about. Should cloudflare be the arbiter of what is and is not illegal content? Nope, that’s what the DMCA is there fore.

    Google’s DNS providers (probably actually themselves, but lets suppose they are using someone else’s DNS services) aren’t obligated to stop providing DNS for YouTube simply because some copyrighted content is hosted on YouTube’s servers without permission. The onus is on YouTube to respond to DMCA takedowns, not Google’s DNS provider.

    Now, as a CDN, amongst others, Cloudflare’s only legal obligation is to respond to DMCA takedowns for content on their own hardware.

    I obviously disagree with you on the onus of responsibility. Cloudflare offer an agnostic service and at that point I think they should be allowed to continue, lest we all feel the impact even though we host legitimate content.

    It comes back to encryption. Not all encrypted content is illegal and there’s no way to reasonably tell. We can’t blanket ban encryption, despite how much governments think we should, because there are some bad apples.

    However, I think in this case it would be easier if Cloudflare just stopped providing services to these adult sites

  12. Thanks for the comments Matt

    I agree with you on allot of things, however it all boils down to legality at the end of the day, The DMCA states that whilst providing links to copyrighted content is not reasonably enforced with a reasonable proccess, it does state that the law covers this and so in cases where a site has had a DMCA notice for linking content and then site stays up, they are in breach of DMCA as a domain.

    The article states that cloudflare have been warned repeatedly and they do not take the offending content down. As a service provider they are providing a level of anonymity to their servers via their DNS and encryption CDN which means that if the domain stop’s being serviced by them they would need to find an alternative, which would not be cost effective in comparison (provisioning DNS servers etc for themselves) to emulate this. It does not mean that the servers that hold the offending content would no longer be there, they would need to just re-provision DNS services for the Domain name.

    On that basis, cloudflare have been made AWARE that they are providing this service and will not stop it, so therefore are profiting outright out of providing a service to a copyright infringement domain.

    That being said as a service they are from that point on in breach of the DMCA themselves as their service is almost designed by default to allow people (if they are providing them money) to continue this level of anonymity and they will not shut it down.

    Let’s be real if TBP didn’t have cloudflare, it would still exist, they have the money to support moving to provisioning their own DNS, but they would surely have more problems with it being taken down (unless they served it “in-house” in which case the DMCA case against them would need to warrant further intervention. )

    Basically at the end of it, TBP is providing links (if not the content itself) and knowingly, to infringing content, and Cloudflare, are aware of this and do nothing about it.