LALIGA is trending again, so it's worth giving an update. We previously wrote about how this soccer league in Spain was granted broad internet censorship powers[1]. 1️⃣ Vercel's customers have been unaffected We've taken drastic measures to ensure the uptime of our customers. While we rejected LALIGA's broad approach, our goal at Vercel is to protect and maximize our customers' and developers' freedoms within the limits of the law. We gave them a dedicated email inbox and an incident response automation. We have instructed our on-call SRE to expedite the review of these reports, because they can result in the loss of availability of entire sections of other, law-abiding customers. This is what their email reports look like: 2️⃣ LALIGA's reports have been accurate For every report we've received, we were able to verify that the URLs were hosting illegal streams of their copyrighted material. I have condemned LALIGA's unprecedented and indiscriminate blocks[2], and have warned of the potential for this power to be misused. So far, their reports have so far been valid. We expediently acted on them, in order to minimize the collateral damage. 3️⃣ Blocking hostnames vs blocking networks If you look at their email report above, you'll notice they single out an IP address. The crux of the issue is that in modern CDN networks, that IP address can represent hundreds or thousands of legitimate customers. The appropriate response would be to block *only the infringing hostname* by using the SNI fragment of the TLS handshake (e.g.: imagine blocking "𝚏𝚛𝚎𝚎𝚕𝚊𝚕𝚒𝚐𝚊𝚜𝚝𝚛𝚎𝚊𝚖.𝚝𝚟"). Since some CDNs don't offer this "granular blocking" possibility (given they encrypt SNI via a TLS protocol extension called "Encrypted Client Hello"), and ostensibly due to them not acting on the copyright reports, they're seeing significant collateral damage[3] With over 150,000 paying teams and thousands of Enterprise accounts hosting critical services in areas like health care, emergency response, banking, government, and more, we're always working to protect our uptime, security, and availability. [1] https://t.co/ufFVNUyfOE [2] https://t.co/6MRSA8TedI [3] https://t.co/JcSvRlx8Cf
