To be a bit more specific, some Cloudflare IPs are unavailable for a few hours a week as Cloudflare, compared to other CDNs, aren't responding or acting on legal requests from Spanish judges.
Correct, to be even more specific. Cloudlfare uses a reputation pooling technique to provide anonimities to their clients (providers, through reverse proxies, in this case). Since cloudflare does not comply with requests to selectively stop distributing the banned content in Spain, and since ISPs cannot perform that filter due to header encryption like encrypted HELO, then the Spanish courts opt to perform the least destructive block which is to block based on time.
"Least destructive"? I can't access many sites and services during matches, but my colleagues tell me their pirate sources have barely been affected. This "least destructive" path is not working but is definitely destroying.
Ok, besides avoiding the blocks altogether, you seem to know of a less destructive approach, please do share it, I'll share whatever you come up with to my representative as I've managed to have a dialogue about this with them before.
But it has to be something, and cannot be "Don't do the blocks" obviously since it's already ruled it should be blocked, but since you've managed to come up with a block so it doesn't have to affect even those Cloudflare IPs, could you please share the method you've come up with?
Why does the end justify the means here? Revising the ruling should be an option: The blocks clearly aren't working, everyone I know who pirates matches tells me their sources have barely been affected, and others share the same here. Meanwhile I, that don't care about football but pay for my ISP, can't visit during matches most of the sites I regularly visit. Why am I an acceptable casualty in the piracy wars?
> But it has to be something
I think you're falling for the politician's syllogism. Pressure to do "something" doesn't mean we should do anything, specially if this "something" has already proven worse than even doing nothing.
Just to clarify your position, Spain should allow US companies to not comply with court orders for US company operations within Spain jurisdiction? So Spain should just allow another country to do whatever, or to use some extra-legal judgment criteria to discern whether something is worth following the law for and what is not worth the hassle?
Please point out where in my comment it says that's my position.
If the courts decided Cloudflare has to be banned, let it be banned. But so far they haven't had a trial, much less a sentence. We're just enabling a private company to interfere with the services of another, which represents a huge part of the internet even if we don't like it, simply because the former claims the trade-off is necessary and acceptable.
And since the only actual evidence I can access (weak as it is) points to these blocks barely working, I claim that this trade-off is not worth it and we're just inflicting pain on people not watching the matches for a very slim benefit to LaLiga. Bring Cloudflare to the courts if you must, but leave us alone until they figure it out.
I apologize if this sounds rude, but it just sounds like you aren't familiar with the case or the subject matter at all, please perform some research if you want to make claims about what ought to be.
Bullshit, that sentence just enables LaLiga and Telefonica to interfere with hosts like Cloudflare, which I claim is an excessive measure before a trial against them. It does not claim that Cloudflare is breaking the law, and Ctrl+F "Cloudflare" just shows one hit about Encrypted Client Hello.
Here's the list of companies that actually were sued here, to let them block:
I apologize if this sounds rude, but it just sounds like you aren't familiar with the case or the subject matter at all, please perform some research if you want to make claims about what ought to be.
And now more seriously, I've got a right to think the court's decision is wrong even if it's legal, get over it.
>And now more seriously, I've got a right to think the court's decision is wrong even if it's legal, get over it.
I just feel my personal opinions on the subject matter almost zero, especially since I'm not involved in the dispute, nor a citizen of either country. If you are american you are somewhat compelled, but I think that jurisdictionally, they have sovereignity, which is much harder to deny. Like even if you think the case itself and the sentence are wrong, ok, I get it. But I think we should compartimentalize and respect the venue, I don't think even cloudflare is arguing against the venue, claiming somehow that the US courts are proper for the case. But I could be wrong.
> It does not claim that Cloudflare is breaking the law
Right, I read that there was no trial or sentence at all. The linked trial was not claimed against Cloudflare at all, but the sentence does compel CloudFlare and refers to other several summons for CloudFlare (I read somewhere that it totals more than 100).
Here's a recent story I found on the CEO being personally sued on criminal charges:
Can't speak a lot on this specific case, but I personally wouldn't want to step into a country that sues me criminally. This is somewhat permissible for CloudFlare since it is a security company, so it probably isn't the first time they have had such an issue. But still, this is definitely not nothing.
What seems correct is that Cloudflare itself has not yet been the defendant of a civil suit for damages yet. But to be fair, they went straight for criminal charges, which to my estimation is way more decisive (and appropriate).
EDIT: Cloudflare is a defendant along with the CEO. With some nuances on terminology due to the common/civil, but I believe defendant is an accurate translation of "investigado"
Because society at large has to be pragmatic, you and I aren't the only people living here, and generally we (Spaniards) all agree that laws are generally made to be followed, in most instances, hence if a judge/the courts order something, we generally feel like that should be followed. You don't like it? Fight it legally, like the system is setup to work.
> The blocks clearly aren't working, everyone I know who pirates matches tells me their sources have barely been affected, and others share the same here.
Based on anecdotes, which I too have plenty of it working/not working, or based on actual data? Not sure it is the most trustworthy data, I personally don't trust La Liga so much, but last they said was that it was reduced by 60%, and if the blocks weren't actually working, I think they'd say as much, as they'd want to find a "better" way to actually fight it. But unless you have some more trustworthy data to share, I think this is as close as we get to actual evidence and concrete proof: https://www.laliga.com/noticias/fastly-y-laliga-se-unen-para...
> Meanwhile I, that don't care about football but pay for my ISP, can't visit during matches most of the sites I regularly visit.
What exact websites and services can you not visit during the games? I'm with Vodafone, and nowadays during the games Docker Hub is the only service that isn't available, everything else seems to continue working as normal. A year ago the situation was very different.
Did you report the websites you rely on to be victims of the blocks via the forms that are available for precisely this? Seems to eventually unblock the sites you report, give that a try if you haven't already.
> I think you're falling for the politician's syllogism. Pressure to do "something" doesn't mean we should do anything, specially if this "something" has already proven worse than even doing nothing.
I'm not, me as a private individual, before even speaking with anyone, also think it's stupid that Cloudflare chose to do business in Spain yet aren't willing to follow the law.
The ones who feel like you are an acceptable casualty in these piracy wars is Cloudflare, everyone else is following the law, that's why you're not seeing Bunny CDN or Fastly being blocked in the same way as Cloudflare, as they actually respond to legal requests.
Tired of Cloudflare grouping in providing services to clearly illegal services with clearly legal services? Well, maybe ask them to consider following the laws in the countries they operate, or use the actual service meant for reporting "unintended casualties".
I'm shocked that someone would write a blog post like this in which they openly admit to something that is widely understood to be fraud. Even if I'm sympathetic to why this individual chose to do this, and the technical side is interesting, I think the decision to just publicly tell a story in which you criminally defraud the villain is not a choice I'd ever make.
It appears that this company already does fraud so they're most likely comfortable with fraud. It seems normal in isolation, but from an outside lense it's crazy.
Sorry, but what you’re saying goes beyond the kind of free expression I would respect. Can you tell us what fraud you believe we’re committing, under what law, and based on what evidence?
This blog post clearly shows that Deepwalker can break SynthID, which is a closed-source watermarking system.
I mean it's on your own page: https://deepwalker.xyz/use-cases, while not particulary 'fraud', it's definitely in the grey area of what is allowed and definitely breaks ToS.
I guess it would be more accurate to say that it enables fraud. It's the same way proxy companies advertise themselves as "validation and data gathering" when in real-world use they're used for botting, ad farms, spamming engagement etc.
And yet you regularly promote you own commercial product using submarine adverts on HN. Hmm... I can think of few other behaviours that HN commenters like less.
That’s part of our value proposition. It’s same as when you go to a bank and ask where the yield comes for your account or asking OpenAI where they get data to train their models.
> or asking OpenAI where they get data to train their models
Yes I know it comes from pirating/torrenting/scrapping. Are you saying you acknowledge your IPs come from malware, and that is OK because OpenAI is shady too?
For the context, I have the right not to tell you anything about how we operate our business but we're not shady, we don't take any action without user consent. The other thing is that we don't use "source" keyword in our business context. I think when you use that essentially you inherently accept some part of your business is shady as hell. Instead, we use "providers". That's a lot better.
No, but you weren’t upfront about it either. I’ve suspected it looked like your own project but checked your comments in the profile and didn’t see any other, so I didn’t dig any deeper.
> I’m not here to promote anything just wanted to share a valid use case in the right context.
There’s a small difference: if one of your users did this it would be totally fair, but when a founder does this I think it’s a polite thing to disclose it. That’s what I’ve been doing when talking about my own project on HN [1], and I think in most cases other legit founders just say that upfront, too. I’m not sure if that breaks any rules, but it feels juuuuust a bit shady not to :-)
Yeah I also have to fight the URL parameters on Algolia from time to time, the JS front-end seems to have some syncing bugs
Makes me think I should probably have reported it, even if I found a quick-for-me workaround. Looking at the repo, though, it was discontinued several months ago. https://github.com/algolia/hn-search Wonder how much longer it'll be online for
Actually should have clarified, I meant submissions not general posts. I just searched their profile's submissions and found seven mentioning proxybase. I actually didn't check their comments.
To me, that is even worse that comments. That violates my internal rule about submarine adverts. At least they can be honest about it and add their business to their profile, and mention it when they submit.
I like the API-centric nature of it. $10/GB seems a bit steep though, especially compared to Mullvad’s 5 €/mo.
Search for “mobile proxy” – those are usually cheap-ish monthly subscriptions, with unlimited traffic, and often an API to rotate the IP programmatically if you need it. No KYC, but you usually do have to sign up with an email.
yes, it's a bit more expensive because it's for different use cases. You can't use VPNs or Mullvad for anything mission critical. Just try to log in to your bank in US, it will increase your risk score on their end because VPNs by nature are very easy to detect whereas "residential proxies" much harder.
> You can't use VPNs or Mullvad for anything mission critical. Just try to log in to your bank in US, it will increase your risk score on their end because VPNs by nature is very easy to detect whereas "residential proxies" much harder.
Naturally! I’m just saying there’s residential proxy providers that are a LOT cheaper than that.
(IIRC, you can usually reply to fresh comments if you click on the “n minutes ago” – the reply link should be visible there even if it isn’t shown in the main comments tree)
I think when it comes to privacy or XMR, money is not really that important. Just give me a few names that support XMR payments + no KYC and providing mostly non-flagged residential IPs that you can use them for mission critical stuff.
That’s a good question! I haven’t been in this scene for a long long time now, so can’t say for sure.
I’ve been implementing an Instagram liker service back in... 2018 was it? So a stable pool of non-flagged residential proxies was important here, and it was my client who introduced me to the concept of “mobile proxies”. Basically, they use regular 3G/4G/5G modems with regular SIM cards, and expose that as a SOCKS proxy. You get a normal-looking IP from a pool of mobile operator’s IPs. Since mobile devices reconnect all the time (and are behind a CGNAT mostly nowadays), you can’t really flag an IP like that – and if it is flagged, you can get a fresh one in a moment.
I’m not using this mostly because I’m too lazy to research. Here’s a random one I found (so not an endorsement!) which is $1/GB, seems to only require email to sign up, and takes crypto (including XMR): https://floppydata.com/
reply