Hidden Content
A new whitepaper released by brand protection company Corsearch shows that half of all the pirate sites it flagged use Cloudflare's services. The Internet infrastructure company clearly stands out and should do more to address the issue, the report suggests. Banning domains that are removed or demoted by Google could be a good start, Corsearch notes.

Popular Internet infrastructure service Cloudflare has come under a lot of pressure from copyright holders in recent years.

The company offers its services to millions of sites. This includes multinationals, governments, but also some of the world’s leading pirate sites.

These sites have proven to be quite a headache for the San Francisco-based tech company. Ideally, however, the company prefers not to be the arbiter of what content is allowed and what is not.

The Curation Conundrum
The company reiterated its position a few months ago. To shield itself from escalating removal demands, including plain censorship, Cloudflare said it would no longer terminate customers without a court order.

Just days after taking this hardened approach, Cloudflare reversed its position. Citing an immediate threat to human life, CEO Matthew Prince justified blocking access to the controversial Kiwi Farms site.

There’s no question that death threats are in a league of their own, but copyright holders would also like to see more cooperation from Cloudflare. This call is backed by a recent report from brand protection company Corsearch.

Corsearch is no stranger to copyright issues. The company works with several of the largest rightsholders and its subsidiary Incopro has produced a wealth of piracy research, some in collaboration with governments. In this case, the research focuses on Cloudflare.

Whirepaper: Cloudflare & Pirate Sites
The overall tenor of the whitepaper is that when compared to other intermediaries, Cloudflare appears to be linked to a relatively high percentage of torrent sites. Of all the sites flagged by Corsearch, which are all demoted by Google as well, half use Cloudflare’s CDN service.

“Cloudflare is not the host of these websites. However, the host is not readily identifiable and Cloudflare is most closely associated with 49% of websites notified for delisting by Corsearch,” the report notes.

There’s no denying that Cloudflare stands out but it should be noted that the company is not a hosting provider, like the others on the list. In addition to Cloudflare, these pirate sites may use Amazon or Google’s services as well, even though that’s not immediately visible.

Besides pirate sites, the report also links Cloudflare to trademarking. Again, it is the most common online intermediary for these outlets.

Technically, Cloudflare can’t take these sites offline, as they are hosted elsewhere. However, Corsearch believes that the company could and should do more to tackle the piracy problem. And it has some ideas on where to start.

“Cloudflare is uniquely positioned to do more to protect rights holders and substantially to suppress the scourge of online piracy and counterfeiting,” the report reads.

“We are asking Cloudflare to do more to support rights owners by voluntarily implementing certain measures. These measures are reasonable, proportionate and if adopted by Cloudflare will have a significant impact.”

Recommendations
Corsearch doesn’t have just one, but a whole list of suggestions for the CDN provider. Most of these boil down to terminating services to sites that others deem to be infringing. Those include the following;

– Cloudflare should terminate accounts of sites that are demoted or deindexed by Google search.

– Cloudflare should withdraw services to any site that’s deemed unlawful by a recognized law enforcement body or the ‘Infringing Website List’ (IWL).

– Cloudflare should ban sites that are on the US Trade Representative’s annual notorious markets list.

– Cloudflare should stop working with sites that are added to the European Union’s Counterfeit and Piracy Watchlist.

What Can Go Wrong?
While it’s understandable that rightsholders want Cloudflare to do more, these suggestions are not without issues of their own. The IWL, for example, is private and can’t be scrutinized by the public. As reported recently, this includes domains of organizations such as GitHub, Blogspot, and a Portuguese University.

The USTR’s Notorious Market lists and the EU’s Piracy Watchlist also have various entries that deserve some nuance. These include the Chinese Wechat, which has over a billion users, as well as Russia’s largest social media platform VK.

Up until recently, USTR even listed Amazon’s foreign online stores as “notorious markets”. Does that mean that these shouldn’t be allowed to operate?

Given Cloudflare’s previous comments, it seems unlikely that the company will start banning accounts left and right. That being said, Corsearch also has some other suggestions that may be more realistic.

The report proposes a robust “Know-Your-Client” policy, for example. In addition, it calls for a comprehensive transparency report where Cloudflare would disclose which domain names are flagged by rightsholders and how often.