LALIGA in Spain has blocked over 500,000 websites.
For much of this year, Spanish internet users have experienced a loss of access to extensive sections of the web on match days. These aren't pirate streams, but instead include human rights organizations, climate charities, and business tools. A new report quantifies the impact, revealing staggering figures.
The responsible party is Spain’s football league, LALIGA, which has been engaging in a court-backed campaign against illegal streams. To eliminate pirate broadcasts, it has instructed internet providers to block the IP addresses associated with those streams. However, the downside is that many legitimate websites share these addresses. Blocking one can inadvertently disable thousands of innocent sites.
The Open Observatory of Network Interference (OONI), a nonprofit that monitors internet censorship, spent six months tracking the consequences. Their findings show that the blocks affected over 500,000 legitimate domains from January to June.
Half a million sites disrupted, just a few addresses
The statistics are harsh. On match days, blocking as few as 4 to 20 IP addresses resulted in the shutdown of more than 400,000 unrelated domains. The disruption lasted for the duration of the game.
Over the six-month period, the blocks impacted 7,441 addresses across 36 hosting providers, including Cloudflare, Amazon, Akamai, Meta, and Microsoft.
Cloudflare suffered the most severely, with OONI identifying 501,305 affected domains on its network, accounting for more than 90 percent of the total. These were linked to only 2,218 blocked addresses.
One blocked address on Squarespace alone resulted in 18,592 affected sites. The outages began when games started and ended when they concluded, directly correlating to the broadcasts.
Amnesty, Greenpeace, and a cybersecurity twist
The list of affected sites resembles a directory of causes that LALIGA does not oppose. Human rights websites like Amnesty International went offline, alongside climate and conservation organizations such as Greenpeace Argentina, Cool Earth, and the scientific nonprofit Berkeley Earth.
Additionally, OONI discovered something more alarming than a broad outage. On one operator, Digi Mobil, it detected a TLS man-in-the-middle interception, wherein a fake security certificate was issued instead of the legitimate one.
This approach allows the operator to position itself between users and the websites they visit. OONI recorded this affecting 7,334 addresses and 10,759 domains, many hosted on Amazon and Cloudflare, turning a piracy block into a privacy threat.
The internet continues to falter
This issue is not new in nature, only in magnitude. Courts across Europe have long mandated that providers block pirate sites. Spain has one of the continent’s most aggressive enforcement systems. What has shifted is the underlying infrastructure; the web now operates on shared resources, making a blunt IP block more than just excessive—it is indiscriminate.
Companies impacted by this fallout have begun to respond. Vercel reported its own services going offline, and European provider associations now contend that it should be the responsibility of rightsholders, not networks, to bear the consequences of collateral damage. These strategies echo the perilous precedent established by opaque website bans in other contexts.
OONI acknowledges that its statistics may actually underrepresent the issue. Meanwhile, LALIGA continues to pursue the pirate streams that resurface as quickly as they are shut down. After half a million disrupted websites, the solution appears to be worse than the problem itself.
Other articles
LALIGA in Spain has blocked over 500,000 websites.
A study by OONI reveals that the anti-piracy IP blocks implemented by Spain's LALIGA affected over 500,000 legitimate websites, including those of Amnesty and Greenpeace, and disrupted traffic.
