
For much of this year, Spanish internet users have lost access to huge parts of the web on match days. Not pirate streams, but human rights groups, climate charities and business tools. A new report puts hard numbers on the damage, and they are staggering.
The culprit is Spain’s football league, LALIGA, and its court-backed war on illegal streams. To kill pirate broadcasts, it has internet providers block the IP addresses serving them. The catch is that modern websites share those addresses. Block one, and you can take thousands of innocent sites down with it.
The Open Observatory of Network Interference (OONI), a nonprofit that measures internet censorship, spent six months tracking the fallout. Its verdict: the blocks hit more than 500,000 legitimate domains between January and June.
Half a million sites, a handful of addresses
The maths is brutal. On a match day, blocking just 4 to 20 IP addresses knocked out more than 400,000 unrelated domains. The outage lasted as long as the game.
Across the six months, the blocks touched 7,441 addresses across 36 hosting providers. Among them: Cloudflare, Amazon, Akamai, Meta and Microsoft.
Cloudflare took by far the worst of it. OONI counted 501,305 affected domains on its network, more than 90 per cent of the total. They sat on just 2,218 blocked addresses.
A single blocked address on Squarespace accounted for 18,592 sites on its own. The outages switched on when matches kicked off and switched off when they ended. That timing tied them to the broadcasts.
Amnesty, Greenpeace and a security twist
The casualty list reads like a directory of causes LALIGA has no quarrel with. Human rights sites including Amnesty International went dark. So did climate and conservation groups such as Greenpeace Argentina, Cool Earth and the science nonprofit Berkeley Earth.
Then OONI found something worse than a blunt outage. On one operator, Digi Mobil, it detected a TLS man-in-the-middle interception. The network served a fake security certificate in place of the real one.
That technique lets whoever runs it sit between users and the sites they visit. OONI logged it affecting 7,334 addresses and 10,759 domains, many hosted on Amazon and Cloudflare. It turns a piracy block into a privacy risk.
The internet keeps breaking
None of this is new in kind, only in scale. Courts across Europe have long ordered providers to block pirate sites. Spain runs one of the continent’s most aggressive regimes. What has changed is the plumbing. The web now runs on shared infrastructure, so a crude IP block is a shotgun, not a scalpel.
Companies caught in the blast have started to push back. Vercel documented its own services going down, and European provider groups now argue that rightsholders, not networks, should carry the liability for collateral damage. The tactics echo the dangerous precedent set by opaque site bans elsewhere.
OONI admits its figures, if anything, understate the problem. LALIGA, for its part, keeps chasing the pirate streams that pop back up as fast as they fall. Half a million broken websites later, the cure looks worse than the disease.
View original source — The Next Web ↗

