Spain's LALIGA has shut down over 500,000 websites.
Throughout much of this year, Spanish internet users have faced significant access issues to large portions of the web on match days. The affected sites are not illegal streams but rather legitimate human rights organizations, climate charities, and business tools. A recent report has quantified the extent of this damage, revealing staggering figures.
The responsible party is Spain's football league, LALIGA, which is pursuing a court-backed campaign against illegal streaming. To eliminate pirate broadcasts, it instructs internet service providers to block the IP addresses associated with these streams. The downside is that many legitimate websites share those addresses. Therefore, blocking one address can unintentionally take down thousands of innocent sites.
The Open Observatory of Network Interference (OONI), a nonprofit that assesses internet censorship, spent six months tracking the repercussions. Their conclusion: over 500,000 legitimate domains were affected between January and June.
The numbers are harsh. On match days, blocking just 4 to 20 IP addresses resulted in the shutdown of more than 400,000 unrelated domains, with outages persisting for the duration of the games. Over the six months, the blocks affected 7,441 addresses across 36 hosting providers, including Cloudflare, Amazon, Akamai, Meta, and Microsoft.
Cloudflare was hit the hardest. OONI identified 501,305 domains on its network that were affected, making up more than 90 percent of the total impact, from just 2,218 blocked addresses. A single blocked address on Squarespace was responsible for 18,592 sites by itself. The outages occurred in sync with match times, activating when games started and deactivating when they finished, directly linking them to the broadcasts.
The list of impacted sites includes organizations that LALIGA has no conflict with, such as human rights entities like Amnesty International, and environmental groups including Greenpeace Argentina, Cool Earth, and the science nonprofit Berkeley Earth.
Furthermore, OONI discovered an alarming issue: on one provider, Digi Mobil, it detected a TLS man-in-the-middle interception, where a fake security certificate was served instead of the legitimate one. This manipulation allows the operator to intercept communications between users and the websites they visit. OONI noted this interception affected 7,334 addresses and 10,759 domains, many hosted on Amazon and Cloudflare, transforming a piracy enforcement measure into a privacy concern.
This situation isn’t new in essence, but rather in its scale. European courts have historically ordered providers to block pirate sites, and Spain has one of the most aggressive stances on this issue. The change lies in the infrastructure; the web operates on shared systems now, making a blunt IP block akin to using a shotgun rather than a precise tool.
Companies affected are starting to fight back. Vercel documented instances of its services going offline, and European provider groups now contend that the responsibility for collateral damage should fall on rightsholders instead of networks. These methods reflect a troubling precedent set by opaque site bans in other contexts.
OONI acknowledges that its numbers may actually underrepresent the severity of the situation. Meanwhile, LALIGA continues its pursuit of pirate streams that rapidly resurface after being taken down. After half a million disrupted websites, it seems that the remedy is proving to be worse than the original issue.
Other articles
Spain's LALIGA has shut down over 500,000 websites.
A study by OONI reveals that the anti-piracy IP blocks from Spain's LALIGA have resulted in the shutdown of over 500,000 legitimate websites, including organizations like Amnesty and Greenpeace, as well as disrupted traffic.
