In recent years, many copyright holders have complained that Cloudflare does little to nothing to stop pirate sites from using its services.
The US-based company receives numerous DMCA notices but aside from forwarding these to the affected customers, it takes no action.
Cloudflare sees itself as a neutral intermediary that mostly passes on bits. If it doesn’t ‘host’ any infringing content, it just passes on information that is cached on its services temporarily.
Identifying ‘Infringing’ Customers
Not all rightsholders agree with this approach and some have filed lawsuits to hold Cloudflare liable. Others have gone to court to obtain DMCA subpoenas, which require the CDN provider to hand over all personal details it has on allegedly infringing customers.
We regularly report on these requests, which target torrent sites, streaming sites, and many other pirate portals. In its latest transparency report, Cloudflare reveals how many times it was asked to comply and what information was shared in response.
Over the past 12 months, Cloudflare received 58 DMCA subpoenas and the company answered all but one. Together, these affected more than 1,000 domains and close to 500 Cloudflare customers.
Previously it wasn’t clear what type of records the company could hand over, but the transparency report provides more information on that as well.
What Information is Shared?
To comply with the subpoenas, Cloudflare can share the IP-addresses that were used to login to the site as well as the login times. In addition, it can hand over so-called ‘basic subscriber info.’
“This basic subscriber data would include the information our customers provide at the time they sign up for our service, like name; email address; physical address; phone number; the means or source of payment of service,” Cloudflare writes.
Whether copyright holders can do anything with this information remains a question. Many larger pirate sites are quite skilled at hiding the tracks that lead to their true operators. For smaller sites that may be different.
The transparency report also touches on website blocking, which is another high-profile topic. While Cloudflare is very cautious with blocking, it may in some cases comply with law enforcement requests and foreign court orders.
“If we determine that the order is valid and requires Cloudflare action, we may limit blocking of access to the content to those areas where it violates local law, a practice known as ‘geo-blocking’. We will attempt to clarify and narrow overbroad requests when possible,” Cloudflare writes.
Cloudflare says it’s cautious because of “the significant potential impact on freedom of expression.” How many domains are blocked is not mentioned, but it does occasionally take action.
For example, earlier this year the pirate site DDL-Music.to was blocked in Germany following a court order.
Finally, we have to note that Cloudflare also offers hosting services to some clients. If that’s the case, it will remove content when appropriate. That happened three times over the past year, affecting one or two domain names.
Cloudflare’s latest transparency report is available here.