
The Open Observatory of Network Interference (OONI) reports that Spain's IP-based anti-piracy blocking campaign against unauthorized LaLiga streams caused widespread collateral damage.
Specifically, the actions have temporarily disrupted access to more than half a million legitimate websites during football match broadcasts.
The nonprofit's measurements also identified TLS man-in-the-middle (MitM) interception on one Spanish ISP, raising additional privacy and security concerns.
The findings are based on network measurements collected from Spain between January and June 2026, along with DNS scans covering 9.2 million of the internet's most popular domains. The report is the first large-scale empirical analysis quantifying the unintended consequences of LaLiga's court-authorized IP blocking campaign, which has been in place since early 2025.
OONI is a nonprofit organization specializing in measuring internet censorship worldwide through crowdsourced network testing. Its open dataset contains billions of measurements collected across thousands of networks, allowing researchers to identify cases of internet filtering, blocking, and traffic manipulation.
According to the report, blocking as few as four to 20 IP addresses during a typical one-hour LaLiga broadcast window was sufficient to make more than 400,000 unrelated domains inaccessible because the targeted IPs belonged to shared cloud and content delivery infrastructure. Across the entire observation period, OONI found that 554,507 domains, approximately 5.8% of the 9.2 million domains examined, were blocked at least once during match broadcasts. The enforcement also affected 7,441 unique IP addresses across 36 infrastructure providers.
Cloudflare accounted for the overwhelming majority of affected domains due to its shared reverse-proxy architecture. OONI found more than 501,000 impacted domains hosted behind just 2,218 blocked Cloudflare IP addresses. Other affected providers included Amazon Web Services, Alibaba Cloud, Akamai, Microsoft, Meta, Squarespace, Hostinger, and several university networks.

Among the affected websites were Amnesty International chapters, Greenpeace Argentina, UNICEF and UNHCR national sites, the Australian Senate, Italy's Bergamo Court, the Ukrainian Crisis Media Center, Caritas humanitarian organizations, Terraform's package registry, Linux Mint, Goodreads, WeChat, Session Messenger, and various university publications. OONI says these services were unrelated to football streaming but happened to share infrastructure with IP addresses targeted under the anti-piracy measures.

Beyond simple IP blocking, OONI observed TLS man-in-the-middle interception on Digi Mobil (AS57269). Researchers detected a self-signed certificate impersonating websites, affecting 7,334 unique IP addresses hosting more than 10,700 domains. While the report does not attribute responsibility for the interception, it notes that the findings raise additional privacy and security concerns beyond the blocking campaign's availability impact.
Telefónica was identified as one of the most consistent operators in enforcing the court-authorized blocks, with filtering typically beginning shortly before kick-off and ending soon after matches concluded. Similar time-correlated enforcement patterns were observed on Orange Espagne, MásMóvil, Vodafone España, Vodafone ONO, Euskaltel, and other networks. OONI notes that blocking generally remained confined to match windows rather than becoming a permanent restriction.

Although OONI acknowledges several limitations in its methodology, including incomplete visibility into all blocked IP addresses and domains, it argues that its estimates are conservative and likely understate the true scale of the collateral impact.
The report arrives amid ongoing controversy over LaLiga's increasingly aggressive anti-piracy strategy. Since 2025, internet users and developers have reported repeated outages affecting services hosted on Cloudflare, Vercel, GitHub, Docker, and other shared platforms during football broadcasts.
Earlier this year, LaLiga expanded its enforcement campaign beyond internet service providers by obtaining court orders requiring NordVPN and Proton VPN to block access from Spain to 16 streaming websites accused of copyright infringement. The Córdoba commercial court ruled that VPN providers qualify as intermediaries under the EU Digital Services Act and therefore must implement technical restrictions on specified IP addresses.
Last month, NordVPN secured an early procedural victory after another Spanish court rejected LaLiga's request to impose financial penalties for allegedly failing to comply with those orders. The court accepted that rapidly changing IP address lists created legitimate technical implementation challenges and found insufficient evidence that NordVPN had deliberately violated the injunction.







Leave a Reply