[evilmonkey19]

Personally, myself I have been greatly impacted by this measures. Several services of mine were unavailable because LaLiga said so. No notification, no justification, they block and that's all. It has been a shame since the beginning.

[thaumasiotes]

What would it look like if you sued La Liga for using their lawful blocking power in a way that injured you?

[bobthepanda]

I don’t know that this would work that well given Spain is civil law, not common law

[nhatcher]

(Disclaimer: I don't know the first word about law)

But I have been thinking about this quite a lot recently (mostly because I get angry at the power states sometimes have over individuals). Would the distinction really matter in this case?. I would think that in a "civil law" contry things could be even worse for the aggressor

[brendoelfrendo]

It depends on the law in question. Civil law typically requires that the plaintiff's cause of action and desired remedy be defined in the relevant code or statute. This doesn't mean the average person is powerless; every civil code I know of will let you file a lawsuit for breach of contract, for example. I have no knowledge at all of Spanish law, though, so I have no idea who has grounds to sue whom and under what code. If a similar situation happened the US, you'd probably file a lawsuit against Cloudflare, the ISPs, and the relevant sports league and sort it out in court.

[t0mas88]

You would do the same in a civil law country, sue the sports league and ISP. State that an "unlawful act" happened (blocking your service) and claim damages due to loss of traffic and the extra work it caused you.

[dcrazy]

But is it actually an unlawful act? A judge decreed that La Liga can demand the blockage of certain IPs. La Liga demanded the blockage of certain IPs. Does the fact that it had an unintended consequence on others somehow make it illegal?

[eggprices]

Do they not have a charge of "tortious interference with business" in civil law like in common law? It's where one company just goes out of their way to fuck up your business for no good reason.

[brendoelfrendo]

A very expensive lawsuit that, even if successful, will result in a difficult to enforce judgment?

[thaumasiotes]

What's difficult about enforcing a judgment against La Liga? They're as public as it's possible to be.

[ornornor]

They have deep pockets for dragging this on much longer than you can afford it.

[ndsipa_pomu]

I doubt that will work outside of the U.S.A.

[ornornor]

I think it’s a universal tactic. Maybe it’s even more extreme in the US (what isn’t), but you can drag court proceedings on pretty much anywhere there are courts and legal costs.

[brookst]

Might they appeal?

[PeterStuer]

The legal system in many countries is very, very different from that is the US (or UK).

[embedding-shape]

> No notification

What ISP? I'm using Vodafone and if I accept the insecure connection (because of mismatched certificate), I get served the notification. You don't get that?

[brian-armstrong]

Why would you ever accept a mismatched certificate? Even assuming that you think your ISP has no nefarious plans, are you going to be able to rigorously confirm it's their certificate? At that point you've bypassed all the mechanisms in your browser that do this heavy lifting for you.

[lukan]

Erm, where is the danger in a mismatched certificate, if all I want is to get some noncritical information from a blog or something?

[eggprices]

Local privilege escalation in your browser is a danger. They can also abuse any privileges you gave to the website, such as camera and microphone.

[lukan]

Why would I give a "random blog" access to my camera or microphon?

And how can a wrong certificate lead to local privilege escalation?

[embedding-shape]

Why wouldn't you? Your computer is not gonna be hijacked by it, and you want to see what shit your ISP is now up to.

Obviously I don't do my banking like that...

[tomnipotent]

Presumes you're using the ISP's DNS and not custom servers or DoH.

[embedding-shape]

Bit hard to get notified by the ISP if you effectively try to side-step the way they notify you, don't you think? Also bit weird to blame them for that.

If I recall correctly, if you try to access the IP directly you get the same notification. No football game on right now though so cannot check.

Edit: In fact, I'm not sure they do DNS filtering at all actually, it may be just based on IP, can't remember off-hand, considering the collateral damage, I'd say IP blocks mainly.

[mzajc]

ISPs have your contact information, and they can also put up notices on their own website. Hijacking somebody else's website with forged replies isn't "the way they notify you," it's a man-in-the-middle attack, and users shouldn't be trained or encouraged to accept it.

[embedding-shape]

> ISPs have your contact information, and they can also put up notices on their own website.

So whenever you see "Connection Refused" your instinct is to go to your ISPs website?

I also don't think it's "hijacking someone's website", then it'd be global, instead it is a man-in-the-middle attack, serving different traffic than the user intended.

[devmor]

Hijacking secured connections to inject a payload that doesn’t actually come from the source is not a legitimate form of notification - it’s a malicious infrastructure attack.