The world of sports and copyright protection has received a significant blow. The activation of the ECH (Encrypted Client Hello) protocol by Cloudflare has once again undermined the web blocking systems implemented by telecommunications companies in Spain, especially affecting entities like LaLiga, which have been at the forefront of combating unauthorized broadcasts of sporting events.
The origin of the problem: SNI vulnerability
Since 2014, when Google stated that the use of HTTPS would be a ranking factor in search results, the adoption of this security protocol quickly spread, now covering 99% of websites. However, despite encrypting communication content, a critical detail remained unprotected: the Server Name Indication (SNI) field. This field reveals the domain name the user is trying to access, allowing telecommunications companies and other intermediaries to identify which websites their users are visiting and block them if desired.
This mechanism has been the basis for website blocking in Spain, where entities like LaLiga and Movistar Plus+ have used SNI analysis to prevent access to sites that facilitate unauthorized sports broadcasts. Users trying to access these sites would encounter error 451, an indication of blocking based on judicial decisions.
The arrival of the ECH protocol: a radical change
Cloudflare identified the SNI problem in 2018 as “one of the biggest internet bugs.” In response, the company announced its support for developing a new standard to encrypt this field, leading to the creation of the ECH protocol. This standard, still awaiting approval from the IETF (Internet Engineering Task Force), complements the TLS protocol by encrypting the SNI content, preventing intermediaries like telecommunications companies from knowing the specific domain being requested.
In October 2023, Cloudflare activated ECH across its network, making a significant portion of the internet effectively impossible to block. Given that one in five websites worldwide is hosted on Cloudflare’s distribution network, the impact was immediate.
However, Cloudflare temporarily deactivated the ECH protocol a few weeks later due to unspecified issues, causing uncertainty among those relying on this new layer of privacy.
The reactivation of ECH and its implications for LaLiga and telecommunications companies
Recently, Cloudflare reactivated the ECH protocol, complicating the blocking efforts of telecommunications companies and entities like LaLiga. Of the 78 websites originally blocked in Spain by court order, 28 have become available again thanks to their hosting on servers using ECH. This has allowed many of these sites to bypass the blocks and offer access to live streaming content without apparent restrictions as the sports season begins.
The key to this new scenario is that, with the active ECH protocol, both the user’s browser and the server must be configured to support it. Only under these conditions does blocking based on SNI analysis become completely disabled, leaving telecommunications companies without tools to interfere with their users’ web traffic.
An uncertain future for content protection on the internet
Starting in August 2024, Cloudflare plans to have ECH activated by default in all its free zones, with no option to deactivate it. This poses a significant challenge for telecommunications companies and rights management entities, facing a scenario where their blocking tools will be ineffective against encrypted traffic.
The use of ECH not only presents a technical challenge for web censorship but also opens a broader debate on internet privacy and users’ rights to access information without interference. While telecommunications companies and entities like LaLiga seek new solutions to enforce their blocking orders, it is clear that the battle for managing and controlling internet traffic is far from over.
Conclusion
The reactivation of ECH by Cloudflare is bad news for LaLiga and other entities that rely on website blocking to protect their rights. With this protocol in operation, telecommunications companies see their ability to intervene in user-generated traffic significantly reduced, marking a turning point in the fight for internet control.
Source: Redes Sociales and BandaAncha.