Italy Fines Cloudflare 14 Million Euros For Refusing To Filter Pirate Sites On Public 1.1.1.1 DNS (torrentfreak.com) 39
An anonymous reader quotes a report from TorrentFreak: Italy's communications regulator AGCOM imposed a record-breaking 14.2 million-euro fine on Cloudflare after the company failed to implement the required piracy blocking measures. Cloudflare argued that filtering its global 1.1.1.1 DNS resolver would be "impossible" without hurting overall performance. AGCOM disagreed, noting that Cloudflare is not necessarily a neutral intermediary either.
[...] "The measure, in addition to being one of the first financial penalties imposed in the copyright sector, is particularly significant given the role played by Cloudflare" AGCOM notes, adding that Cloudflare is linked to roughly 70% of the pirate sites targeted under its regime. In its detailed analysis, the regulator further highlighted that Cloudflare's cooperation is "essential" for the enforcement of Italian anti-piracy laws, as its services allow pirate sites to evade standard blocking measures.
Cloudflare has strongly contested the accusations throughout AGCOM's proceedings and previously criticized the Piracy Shield system for lacking transparency and due process. While the company did not immediately respond to our request for comment, it will almost certainly appeal the fine. This appeal may also draw the interest of other public DNS resolvers, such as Google and OpenDNS. AGCOM, meanwhile, says that it remains fully committed to enforcing the local piracy law. The regulator notes that since the Piracy Shield started in February 2024, 65,000 domain names and 14,000 IP addresses were blocked.
[...] "The measure, in addition to being one of the first financial penalties imposed in the copyright sector, is particularly significant given the role played by Cloudflare" AGCOM notes, adding that Cloudflare is linked to roughly 70% of the pirate sites targeted under its regime. In its detailed analysis, the regulator further highlighted that Cloudflare's cooperation is "essential" for the enforcement of Italian anti-piracy laws, as its services allow pirate sites to evade standard blocking measures.
Cloudflare has strongly contested the accusations throughout AGCOM's proceedings and previously criticized the Piracy Shield system for lacking transparency and due process. While the company did not immediately respond to our request for comment, it will almost certainly appeal the fine. This appeal may also draw the interest of other public DNS resolvers, such as Google and OpenDNS. AGCOM, meanwhile, says that it remains fully committed to enforcing the local piracy law. The regulator notes that since the Piracy Shield started in February 2024, 65,000 domain names and 14,000 IP addresses were blocked.
Re: (Score:2)
Filtering results from a DNS resolver is not a serious hindrance to performance.
But it is a serious hindrance to marketing yourself as the one-stop service point for Internet access. Block name resolution for a few pirate sites and people will switch to another DNS service. And then in all probability never switch back. So that's one less tool that CloudFlare can use to redirect traffic.
CloudFlare itself never planned to do this job. They mitigate attacks on their clients. As I seriously doubt that pirate sites are clients of CF, the copyright enforcement falls outside of their purvie
Re: (Score:3)
Pirate sites go to cloudflare first, and only after they get enough bad press for it, does cloudflare cease doing it.
Pretty much every single comic/manga/software/music/games piracy site is being shielded by cloudflare.
Re: (Score:2)
Grumpycat: "Good"
Cloudflare should be held responsible for piracy for any DNS it is operating on behalf of. And I agree, it's not a performance issue. It's fricken anycast, they could just have France/Euro 1.1.1.1 go to machines that have removed the the DNS entries.
Re:Hurting overall performance (Score:5, Informative)
The problem here is that cloudflare is asked to remove the pirate DNS not only from Italy, but from all world!
and it is not a court order, is a half ass rule that some groups can make the request just because they want to... think in to the DMCA USA requests, but with even less oversight and trying to apply to all world, not just the country
cloudflare contest the DMCA, of course they would also contest this Italian version
Re: (Score:2)
(Cue the claims of "The US will do the same" that have some credibility now. Due to the US's recent international actions.)
Re: (Score:2)
correct, thank for clarifying this!
Re: (Score:2)
Just no.
You're misrepresenting the case. Whether that’s due to ignorance or bad faith remains to be seen—but you're making claims that only a pirate (or someone who benefits from piracy) would seriously push.
The problem here is that cloudflare is asked to remove the pirate DNS not only from Italy, but from all world!
Not even close. AGCOM isn’t claiming global jurisdiction—though they are stretching the concept of national enforcement to the edge of legality. What they’re actually doing is asserting a narrow, if deeply flawed, principle: if you provide services to Italian users, you mus
Re: (Score:2)
i just said what i read about the issue, your version seems more clear and logic, IMHO!!
I also may have wrongly expressed too strong that Italian was trying to censor the world, but i was trying to show that the problem wasn't a pure Italian problem.
Anyway, what i read was that Italian requests were requesting the DNS entry to be removed from all cloudflare servers because of the risk of "vpn" usage to bypass the order. Cloudflare CEO was one of the sources for that... if they are lying and/or exaggerating
Re: Hurting overall performance (Score:2)
Explain to me how they would implement reliable geo-filtering in an architecture where they likely want to process a request in under 5 ms.
CloudFlare should just make it an example of Italy by redirecting any Italian requests to the Wikipedia article on fascism.
Block At The ISP (Score:3)
A better solution would be to just require the ISPs to block Cloudflare.
They're not a problem if you wall them off.
Re:Block At The ISP (Score:4, Interesting)
One wonders when you're forced to accept that you're creating your own Great Firewall of China.
Re: (Score:3)
Does Italy have a law that can require ISPs to block access to a particular IP?
One wonders when you're forced to accept that you're creating your own Great Firewall of China.
Just have everyone route all traffic through China - problem solved. Well... that one anyway. /s
Re: (Score:3)
They have an utterly drastic anti-piracy law plus an organization called "piracy shield" to enforce it. Primarily meant to fight illegal sports streaming sites, it is notorious for overblocking and lack of oversight.
Re:Block At The ISP (Score:5, Insightful)
A better solution would be to just require the ISPs to block Cloudflare.
They're not a problem if you wall them off.
Also probably easier and more accurate for Cloudflare to block Italy than to block pirates.
Re: (Score:2)
Their Italian revenue is probably a lot more than the fine.
Re: (Score:2)
Re: (Score:2)
Statistical data, improves the response of their CDN, and they have a commercial service for business users.
Re:Block At The ISP (Score:4, Informative)
the CEO actually posted in twitter that leaving Italy is one of the options (as stopping all free services for Italy and stop offering support and free service to the Italian Winter Olympics)... other option is complaining to Trump, so he "talks" with the Italian Government
Notice that a full court order is not the problem, that they would accept, they are refusing a DMCA like request that some groups (usually football related) do, that were allowed to do by a half-ass law, without any court order or verification... So those groups can say slashdot.org is bad, everyone have to block slashdot all over the world, without any fallback, challenge, approved by any judge, anything at all. The law may have been pressured to stop football IPTV, but can be applied to anything
Re: (Score:2)
Thanks, lots of useful information there.
Re: (Score:2)
Also probably easier and more accurate for Cloudflare to block Italy than to block pirates.
I think you'll find a country with a population of 60million westerners is not easy to block. Not when you need to stand in front of an angry crowd at your next shareholder meeting.
Now maybe making an empty threat (these companies always capitulate in the end) is an option.
Re: (Score:2)
China is hard to block too, but still easier than pirates.
Re: (Score:2)
https://digitalcontentnext.org... [digitalcontentnext.org]
Re: (Score:2)
Re: (Score:2)
An even better solution is to wall off the internet to European countries that want to censor everything. US companies should leave and let the European tech giants....lol.....take control. Who do they have? Spotify? Lmao. Imagine a search engine run by SAP. Lol.
An even better solution is malicious compliance. Tell them that you will do it, but you have to fill out a form. On that form, one of the fields says, "Please individually list all IP addresses in Italy from which this DNS record must be blocked. IP addresses not in this list will not receive any filtering."
By doing so, technically, they would be complying with the law by providing a way for these companies to make their requests. But the process would be so onerous that none of them would use it. Prob
Re: (Score:2)
An even better solution is malicious compliance. Tell them that you will do it, but you have to fill out a form. On that form, one of the fields says, "Please individually list all IP addresses in Italy from which this DNS record must be blocked. IP addresses not in this list will not receive any filtering."
Answer: 0.0.0.0/0
AFAICT, that's what Italy is actually requesting already, and it's quite easy to fill that in said form but does not address the problem.
IMO, they should only hold individual ISP's responsible - Those providing the direct service to users. They can EASILY filter DNS. ISP DHCP provides their own DNS servers; ISP DNS catches queries for the domains in question and returns NXDOMAIN. Other situations should fall outside of their purview (VPN routing around it, DoH (DNS Over HTTPS), HTTPS proxie
Re: (Score:2)
An even better solution is malicious compliance. Tell them that you will do it, but you have to fill out a form. On that form, one of the fields says, "Please individually list all IP addresses in Italy from which this DNS record must be blocked. IP addresses not in this list will not receive any filtering."
Answer: 0.0.0.0/0
Reply: Okay. We will block requests from the IP address 0.0.0.0. Additional characters ignored.
Re: (Score:2)
It is not DNS, stupid (Score:2)
Cloudflare, like all companies, most follow the rules and regulations (no matter how stupid) of the countries they operate in, or expect to be sanctioned/fined/banned.
But blocking DNS does nothing (as there are alternative providers). If Italy wants to block piracy (as they define it), require Cloudflare to document the source (IP) servers for the content being served and let the government go after those providers (which if the pirates are smart, are served from countries which do not give a frack about I
Re: (Score:2)
Cloudflare, like all companies, most follow the rules and regulations (no matter how stupid) of the countries they operate in, or expect to be sanctioned/fined/banned.
But blocking DNS does nothing (as there are alternative providers). If Italy wants to block piracy (as they define it), require Cloudflare to document the source (IP) servers for the content being served and let the government go after those providers (which if the pirates are smart, are served from countries which do not give a frack about Italy's regulations).
You can't block IP addresses without blocking the entire content delivery network [bytebytego.com].
Read the message to which you replied (emphasis/bold added to make it easier for you). IE: their CDN gets its content from an actual source, and they can go after that source rather than the middleman.
Cloudflare is lying (Score:2)
Yes, the idea to block on DNS level is entirely stupid and does not help at all.
But blocking fixed patterns in a DNS resolver is not a performance issue. You just do negative caching. Which you do anyways. The only time pattern matching crops up is when you do recursive lookups and these are slow enough that some pattern matching effort really does not slow them down to any relevant degree.
rediculous (Score:2)
Geofencing Meets Legislative Lunacy (Score:3)
What we’re really witnessing is the clash between sovereign legal overreach and the cold, scalable reality of global internet infrastructure.
Cloudflare already geo-routes DNS traffic. They already maintain regionally isolated PoPs. Spinning up a DNS resolver farm to handle just Italian DNS queries—and poison those results to comply with AGCOM’s blocklists—is not some Herculean task. It’s annoying, yes. But it’s well within the operational wheelhouse of a company that routes 10% of all HTTP traffic on Earth. And the beauty of such a solution? It would contain the blast radius. Italian users would get filtered DNS. Everyone else gets normal service. And Cloudflare could even win PR points:
“Sorry for the slowness, Italy. We’re trying to follow your government’s censorship orders as responsibly as we can.”
But Cloudflare didn’t take that route. Instead, they escalated—because this isn’t about can’t. It’s about won’t. Cloudflare clearly wants to fight this in the open and let AGCOM defend this legislative overreach in public. I think Cloudflare will win, actually, for a couple of reasons.
First, this case can (and probably will) be escalated to the European Court of Justice. Italy's Piracy Shield law is already on shaky ground, legally speaking. Its 30-minute takedown mandates and six-month mandatory IP blocking provisions violate both the EU’s Digital Services Act and the EU Charter of Fundamental Rights. Those two conflicts alone give the European Commission plenty of reason to scrutinize Piracy Shield—and back Cloudflare if it goes to court.
Second—and for my money, what ultimately kills the law—is the EU’s Technical Regulation Information System (TRIS), the transparency mechanism under Directive (EU) 2015/1535. EU member states are required to notify the Commission of any draft technical regulations affecting the internal market, particularly when they concern information society services. Italy did not notify the Commission before implementing Piracy Shield, even though it obviously impacts CDNs, DNS providers, and ISPs. That omission renders the law unenforceable under EU law. Any measure passed in breach of TRIS cannot be enforced against third parties.
And not to put too fine a point on it, but there’s a reason Italy skipped the notification. Piracy Shield is a transparent attempt to conscript infrastructure providers as low-rent copyright cops. AGCOM knew it would get flagged or killed by the Commission before it ever left Parliament. So they pushed it through fast—and hoped nobody would call their bluff.
Don't misconstrue me, here. I'm not defending piracy. Copyright enforcement matters. But so do proportionality, redress mechanisms, and rule-of-law protections. Piracy Shield is legislative thuggery, not justice.
I'm tired of countries doing this (Score:2)
It just seems ludicrous, on the face of it, for a single country's government to demand changes that affect the global internet. It was ridiculous when Britain tried it, it's ridiculous when Italy does it, it's ridiculous if Russia or Iran or the US tries it.
It would make more sense to do the following (although I'd still find it silly - and smart people could certainly work around it):
1. Italy gives Cloudflare one (or more) of the IP addresses the country controls.
2. Cloudflare sets up an alternative DNS r