from the stop-believing-the-copyright-industry’s-lies dept

Afew weeks ago, Walled Culture wrote about Hadopi, France’s infamous copyright enforcement mechanism. The so-called “graduated response” – aka “three strikes and you are out” – has been around for over 15 years now, has cost French taxpayers a fortune, and has never achieved any of its aims. As the Walled Culture post suggested, the latest court ruling might finally put the benighted scheme out of its misery.

But even if it does, there is already another disproportionately heavy-handed attempt to enforce copyright up and running in the shape of Italy’s Piracy Shield. It works by blocking access to unauthorized material using court orders against Internet Service Providers (ISPs). That would clearly be problematic, even if it were implemented properly, and well run. It is neither, as academic research from the end of last year underlined. Since the massive extension of its powers a year ago, things have gone relatively quiet on the Piracy Shield front in terms of new developments, and there are no signs that the Italian government has taken the many criticisms to heart.

That’s depressing enough, but even more worrying is that alongside France’s Hadopi fiasco, and Italy’s troubling Piracy Shield, Spain too seems intent on letting the copyright industry attack the Internet’s basic plumbing and thereby disrupt other sites, as well as downgrading the experience of thousands of innocent users. It’s increasingly clear that what’s happening in Spain is now a serious a threat to the operation of the online world there, but one that is still little-known. That makes a post from the Disruptive Competition Project (DisCo), which comes from the Computer & Communications Industry Association (CCIA), particularly useful. Its title picks up on the similarities with Italy’s approach: “Repeating Failure: How Spanish Overblocking Ignores the Lessons of Italy’s Broken Piracy Shield”. Here’s what has been happening in Spain for over a year now:

Since early 2025, LaLiga (Spain’s top-tier football league) has been operating an aggressive and largely unchecked IP-address blocking regime in an attempt to tackle sports piracy. In 2024, LaLiga and several Spanish internet service providers (ISPs), some of whom have direct commercial interests in LaLiga broadcasting, sought a court order authorising the blocking of specific domain names.

They succeeded in this particular endeavour. However, LaLiga has thereafter continued to interpret this order as a green light to unilaterally select Internet Protocol (IP) addresses and domains to block, without ongoing court oversight or accountability.

Advertisement

It turns out that the legal basis of the current action is flimsy in the extreme:

The legal foundation of LaLiga’s anti-piracy enforcement model rests on a single, seven-page judgment issued by a Commercial Court in Barcelona on 18 December 2024. This ruling should have never been treated as setting a strong precedent, as it was not the result of a rigorous legal battle and didn’t seriously examine whether the blocking approach is lawful or proportionate under EU law.

As has happened so often in the world of copyright, the companies involved have taken a very narrow, and possibly flawed legal judgment and applied it as widely and broadly as possible, without asking further permission from the courts:

LaLiga now compiles and updates lists of IP addresses and domain names that it wants to see blocked. This process is completely opaque: these lists are not publicly disclosed, there is no independent technical or judicial validation before new addresses are added, and the court does not appear to continuously review any additions.

Once someone gets blocked, there is no redress mechanism to remove addresses from the list, even when they are no longer associated with infringing content, nor any appeal process for mistakenly blocked services.

It will come as no surprise to readers of this blog that this cavalier approach has already led to the overblocking of sites, just as has happened in Italy because of Piracy Shield’s poor implementation:

LaLiga’s approach has caused widespread disruption, preventing access to tens of thousands of legitimate websites in recent years – including critical services such as payment providers and a national health operator. This disproportionate cost is borne by innocent third parties and small businesses, reflecting a mistaken belief that the commercial interests of one dominant party should trump Spanish consumers’ rights to a functioning internet.

The second of those overblocking incidents is particularly serious, since it involves a healthcare provider, which potentially puts people’s lives at risk. According to an article on La Razón (via Google Translate):

During the weekend of December 13-14, access to the Madrid Health website was blocked. While the duration of the access interruption and the message displayed upon entering the website varied depending on the internet service provider blocking access at LaLiga’s request.

Despite the serious nature of this overblocking, which effectively places the enforcement of copyright above protecting people’s health, the Spanish government is trying to wash its hands of the problem:

The situation has become so severe that members of the Spanish Parliament have sought explanations from the government. While acknowledging that the blocks have significantly impacted legitimate websites, the Spanish Government maintains that this is a judicial matter falling under the jurisdiction of the courts.

However, the courts seem to be entirely on the side of LaLiga, since they didn’t even give Internet companies a chance to present their side of the story earlier this year.

In February 2026, the Commercial Court of Córdoba even granted [LaLiga] an ex-parte preliminary injunction against NordVPN and ProtonVPN. This means the court issued a binding order, based solely on LaLiga’s arguments, without notifying those virtual private networks (VPNs) or allowing them to present a defence beforehand. The VPNs only discovered the judgment through the media and are now obliged to implement the blocks enforced by LaLiga.

It’s true that the same court has just rejected LaLiga’s request for coercive fines, and accepted that there was a technical dispute over whether the blocking could be implemented. But the refusal to allow the VPN companies to present a defense remains a deeply troubling precedent, and runs contrary to basic principles of justice. Moreover, as TorrentFreak reports, this latest ruling may be only a temporary reprieve for the VPN providers:

The league confirms that the decision merely sets aside the coercive fines while the proceedings continue, stressing that it does not exempt NordVPN from implementing IP blocks where LaLiga can prove piracy is taking place.

It is the usual one-sided justice that is typical when copyright is involved. It seems that LaLiga is being given carte blanche to do whatever it likes here, and never mind the consequences for Internet companies and their users. As Hadopi fades, and Italy’s Piracy Shield carries on as before, the fear has to be that Spain’s unconstrained approach to copyright enforcement could end up being worse than both.

There is currently a rare opportunity to comment on the issue of EU copyright enforcement in the realm of sports and other live events. There is an open Call for Evidence from the European Commission, which:

aims to collect the information necessary to support the review of the 2019 Copyright in the Digital Single Market Directive, and to seek feedback on the challenges linked in particular to the exercise of copyright and related rights in the context of technological developments and potential ways to address them.

As well as that general review of the main EU Copyright Directive, discussed at length in Walled Culture the book (free digital versions available), and the issue of live streaming, the Commission is seeking people’s views on an important upcoming legislative proposal aimed at strengthening copyright (yet again) in the light of AI, which is planned for the first quarter of 2027. The Call for Evidence closes on 25 June, so you have a couple of weeks to hone your thoughts and submit them. Based on previous experience, we can probably expect the European Commission to ignore what anyone except the copyright industry thinks, but it’s worth a try.

Follow me @glynmoody on Mastodon and on Bluesky. Republished from WalledCulture.

Filed Under: copyright, france, hadopi, ip blocks, italy, piracy shield, spain

Companies: laliga, nordvpn, proton

Alibaba has taken the US Department of Defense to court over a label the company insists it does not deserve. In a complaint filed on Tuesday in the federal court in San Jose, California, the Hangzhou group asked a judge to strike its name from the Pentagon’s list of “Chinese military companies” and declared the designation, in its own words, to have “no basis in fact or law.”

The list in question is the one maintained under Section 1260H of the 2021 National Defense Authorization Act, which requires the Pentagon to name Chinese firms it judges to have direct or indirect ties to the People’s Liberation Army.

Alibaba was added on June 8, alongside Baidu, BYD, the robotics maker Unitree, and others, in an update that pushed the roster to 188 entities, up from 134 the year before.

In its filing, Alibaba argued that it is governed by an independent board, none of whom has any military affiliation, and that its products and services are built “for retail, logistics, and enterprise information technology, not weapons, defense, or intelligence.”

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

The Pentagon’s justification, set out in a June statement, was that the company is “a military-civil fusion contributor to the Chinese defense industrial base” through its affiliation with China’s Ministry of Industry and Information Technology, with an indirect link to the state asset regulator known as SASAC.

The designation does not, by itself, ban anyone from doing business with Alibaba. What it does is layer on consequences.

Under the relevant law, the Defense Department cannot enter into or renew contracts directly with listed entities from June 30, and from 2027 it cannot buy their goods or services through third parties either.

Government contracts are prized by technology firms, and the company told the court that the listing creates barriers to financing, sourcing, and partnerships with American counterparties, reducing its access to capital and raising its risk profile. It also claimed the move violates its constitutional rights to due process and free speech.

Alibaba had signalled it would fight. When the June update appeared, a company spokesperson said it was “not a Chinese military company nor part of any military-civil fusion strategy” and promised to “take all available legal action.” China’s embassy in Washington called the designations “discriminatory.”

It is not the only listed firm to reach for a lawyer. WuXi AppTec, the biotech contract research group added in the same round, filed a similar suit on June 11.

Earlier rounds drew the same complaint without the litigation: when Tencent was added in January 2025, it called its inclusion “a mistake.” The Pentagon is not required to publish evidence. The criteria turn on military-civil fusion, broad enough to sweep in companies whose main business is consumer technology.

That breadth is part of why the list has become a recurring headache for the Chinese tech sector. It sits alongside export controls on chipmaking equipment, tariffs, and the Entity List run by the Commerce Department’s Bureau of Industry and Security, the same bureau now at the centre of a separate fight over access to advanced AI models.

For Alibaba, whose cloud division underpins much of China’s AI infrastructure and whose US footprint spans cloud, advertising, and research, the designation turns every American business relationship into a compliance calculation.

The timing did Beijing no favours. The June update landed during a fragile trade truce, and a day before Alibaba sued, China added 10 US firms to its own export control list. The two governments keep escalating in parallel while insisting they are talking.

What happens next is a matter for the court in San Jose, where Alibaba and WuXi will press their cases. The Defense Department has not commented.

The contracting bans take effect at the end of the month regardless, which means the practical clock and the legal one are running at different speeds. Alibaba is asking a judge to stop both.

The Google-owned platform has thousands of similar lawsuits pending.

The Eero Pro 6E mesh system is an older Wi-Fi 6E mesh, but it’s every bit as easy to use and stable as the rest of Amazon’s Eero lineup. Eero makes some of my favorite mesh systems, ideal for busy families seeking a set-and-forget mesh. The Pro 6E is a tri-band system with a 6-GHz band for fast Wi-Fi at close range. But you need an Eero Plus subscription at $10 per month or $100 per year to unlock some features, including parental controls, advanced security, and ad blocking.

The most effective way to get Wi-Fi in your backyard is to snag an outdoor router like this one. Anyone with a TP-Link Deco system can add this to their existing mesh network and extend Wi-Fi into the their outdoor space. It’s waterproof and dustproof, with an IP65 rating, and can cover up to 2,800 square feet.

Best Prime Day Router Deals

This Wi-Fi 7 router offers 2.4-GHz, 5-GHz, and 6-GHz bands in a basic affordable package. There are six adjustable antennas, and TP-Link has been very generous with the ports (one 10 Gbps, four 2.5 Gbps, and a USB 3.0), though it’s a little annoying that the USB is on the side. This model also offers excellent close-range speeds on the 6-GHz band, though it was a little disappointing on both the 5-GHz and 2.4-GHz bands.

The latest Apple Invites update brings some long-requested features, like co-hosting an event. There are also some other great quality-of-life changes to the party planning app.

Back in February 2025, the Apple Invites app made its way to the App Store. With it, iOS users can create party or event invitations, manage RSVPs, share links, and more.

On Tuesday, Apple released version 1.9 of its event invitation app, which includes a new co-hosting capability. This lets two or more Apple Invites users plan and organize an event within the app.

Previously, with version 1.2, Apple Invites gained support for link sharing, letting event hosts send web links to all attendees. Apple is always improving the app even if it isn’t its most popular.

With the new-and-improved Apple Invites, hosts can now also choose to make guest lists visible to all attendees. Bug fixes and quality-of-life improvements are also included with the 1.9 update of the Apple Invites app.

Additionally, the app has received new event backgrounds. Its release notes say these new backgrounds will “help set the mood for your next coffee catch-up, boba run, ice cream social, and more.”

Even so, none of the requirements for Apple Invites have changed. Hosts will still need an iCloud+ subscription to organize events and send invitations via the application. Guests, meanwhile, don’t even need an iPhone or iPad to RSVP to an event.

Apple Invites can come in handy if you already have an iCloud+ subscription and you want to put together a party. The app itself is quite easy to use once you get the hang of it.

Robin Shute already owns four Pikes Peak International Hill Climb wins. His latest machine, the SendyCar, started life as a ground-up project meant to push even harder. A central tub from a Formula 4 car forms the safety cell. A motorcycle-derived V8 with turbos sits behind the driver and should deliver around 850 horsepower while the whole car stays near 1,300 pounds. The layout mixes exposed front wheels with more enclosed rear sections, a deliberate choice for the unique demands of the mountain course.

Professional shops had offered the crew a rough estimate of roughly $200,000 for a standard composite body…and, honestly, they didn’t have quite that much time to devote to it. So, when two large-format Bambu printers arrived, the solution was already in place: break the entire upper body into 34 individual pieces. They chose high-temperature nylon because it contains carbon fiber, making it heat resistant, which is exactly what we needed near the turbo piping and exhaust, without sacrificing toughness, as it can withstand the rare rock strike. What he really needed was a design that could be broken down into manageable bits and fit into a 12 inch build area. That is why the side pods, engine cover sections, and nose were separated into tiny enough pieces to print without the need for large support systems.

Sale

Bambu Lab A1 mini 3D Printer + LED Lamp Kit, Set Up in 20 Mins, High Speed & Precision, Full-Auto…

• A1 mini + LED Lamp Kit for Creative Light Projects: Bring your ideas to life with the included LED Lamp Kit. Simply print compatible lamp models and…
• The Perfect 3D Printer for Beginners: A1 mini 3D Printer is designed to make 3D printing easy from day one with automatic calibration, simple setup…
• Experience the Bambu Lab Ecosystem: Access MakerWorld’s huge library of ready-to-print models, manage prints through the Bambu Handy app, and enjoy…

The printers were put through their paces, with two machines working nonstop for two weeks. Print time per panel was roughly 12 hours, and they used 10 full rolls of filament, totaling nearly 2 miles of material. The prints were going well, with one or two outliers. The trouble was that the tall, slender portions warped as they cooled, a classic problem. To address this, they went to a true engineering build plate, slapped on some glue for a good first layer grip, and inserted some tiny blocks at the base of those vulnerable sections. The success rate was relatively high, with most parts completed on the first or second try. They had plenty of spares on standby in case anything went wrong.

Once the plastic had cooled, they could try to put the pieces onto the real chassis, which isn’t as simple as slapping them together like a giant 3D jigsaw puzzle. First, they had to align all of the dowel pins correctly. Once they were satisfied with the fit, the team used structural adhesive to secure them all together. Now, nylon is infamous for being difficult to glue, so they had to make sure we sanded the parts down perfectly and used the proper adhesive. That wasn’t the only problem; printing always causes some shrinkage, which created a few headaches, as some of the pins needed some tweaking to get them to sit straight, and one of the portions was left out entirely, necessitating a hasty reprint on the spot. Then there were some holes that required a little glue to cover.

The printed plastic would never leave the garage on its own, that was for sure. So the group went ahead and improved the design with some good old-fashioned carbon fiber wrapping. Before immersing the item in epoxy, they applied a layer of dry fabric to both the inside and the outside. There is no need for pricey vacuforming or tooling; all you need is some elbow grease and common sense.A layer of peel-ply fabric helped to remove the extra resin, leaving them with a lovely usable surface; but, the end result was a reinforced 3D print rather than a properly moulded composite. After applying fairing compound and sanding, she looked fairly decent. The team was under pressure to finish her before the first public presentation, so they applied a final vinyl wrap to add color and graphics.

The Google Home Speaker hasn’t even started shipping yet, but one lucky buyer managed to grab one early and share their first impressions. While most of the news is positive, there’s one detail that won’t sit well with anyone who cares about repairability.

For the unaware, Google announced the speaker back in October 2025, and pre-orders went live last week. Priced at $99, it’s the company’s first new speaker in six years, so people have plenty of questions. 

A Reddit user spotted one sitting on the shelves at Walmart and bought it before the official release.

What’s the big catch?

The power cable is permanently attached to the speaker, and it’s pretty short at just under 5 feet. This is a big departure from Google’s older speakers, which let you remove and swap the cable. The buyer called this the biggest downside, and I have to agree. A fixed cable is a nightmare if you ever need to replace it down the line.

Advertisement

To be fair, Google didn’t hide this. As reported by 9to5Google, the Google Store lists a 30W USB-C adapter in the box and even mentions the “captive cable” in the specs. It just slipped under the radar for most of us.

Is the speaker any good?

The Reddit user said the sound quality is good, with decent volume and handling of mid and low frequencies well for a speaker of this size. They even admitted they were judging it fresh off an expensive sound system, so it had a tough act to follow, yet it still came out swinging.

The interface sounds neat, too. It uses hidden lights on the top mesh to display volume controls, and you tap the speaker to control it, much like other Home speakers. Setup was a breeze and took under 10 minutes on a hotspot with an existing Home account.

For $99, this speaker is shaping up to be a solid little package, captive cable aside, and is a welcome HomePod mini alternative for non-Apple users.

Advertisement

If you’ve ever submitted a support ticket to LastPass, that exchange may now be in the hands of hackers. According to TechCrunch, the password manager has confirmed that customer names, contact details, and support case records were exposed in a recent breach at one of its third-party vendors.

What the hackers got, and what they didn’t

LastPass said its own systems were not compromised and that users’ password vaults remain secure. The exposed data was instead accessed through Klue, a market research company LastPass works with.

While no passwords were stolen, the hackers used their access to Klue’s network to pull customer records, including phone numbers, email addresses, physical addresses, and contents of support tickets.

In a blog post about the incident, the company stressed that the breach did not affect encrypted password vaults, master passwords, or any credentials stored within LastPass itself. Even so, the exposed information could still prove useful to attackers, who could leverage it for phishing or social engineering campaigns.

A years-old credential opened the door

The LastPass exposure stems from a wider security breach at Klue, which revealed that attackers gained access using a credential linked to a pilot project dating back to 2022. TechCrunch reports that the credential remained active and provided a way into the company’s systems.

Klue said the attackers were able to access customer data connected to its services, affecting multiple organizations that relied on the platform. Along with LastPass, Gong, Jamf, HackerOne, Insurity, OneTrust, Recorded Future, Snyk, Huntress, Sprout Social, and Tanium were affected.

For LastPass, this marks the second time its users have had data caught up in a breach. A 2022 breach exposed encrypted password vaults that were later linked to cryptocurrency theft. This latest exposure did not involve vault data or passwords, but it highlights how a security lapse at a third-party vendor can still affect customers who never interacted with the vendor directly.

OFFBEAT

A time when Windows 7 was Microsoft’s latest and greatest

BORK!BORK!BORK! A blast from the past greets customers at a coastal McDonald’s, or is it just that the kiosk is seeking a return to the happier and simpler times of 2009?

An eagle-eyed Register reader spotted a very unhappy terminal at a branch of the McDonald’s fast-food chain in Worthing, England. Where a customer might normally smear a finger over suggestions for ways to sate their desire for grease, the display instead reveals the kiosk’s clearly PC origins: a BIOS utility.

It’s not clear what has befallen the kiosk, though something has happened to the hardware that has sent it to the utility screen, which is normally accessible by holding down a key or combination of keys during the boot process. Although the BIOS is dated 2016, the system date is currently set to 2009.

Worthing is a town on the south coast of England, occasionally unfairly and unkindly referred to as “God’s waiting room” due to the large retiree population it once had. While the town has long since shed that sobriquet (although it still lacks the hip and trendy traits of neighboring Brighton), it seems that there is one place that would very much like to turn back the clock.

McDonald’s.

Cast your mind back to 2009. Bitcoin was launched, an Airbus A320 ditched onto the Hudson River with no fatalities, and US President Barack Obama was sworn in.

Best not to think about how much a Bitcoin acquired then might be worth now.

2009 was also the year Microsoft released Windows 7, the successor to Windows Vista and the precursor to the widely derided Windows 8. Microsoft might not have realized it at the time, but this was arguably peak Windows. Sure, Windows 95 was arguably more of a cultural “moment,” and XP was an undeniable milestone, but 7 reached heights Microsoft has not matched since.

2009 was also a few years before McDonald’s began rolling out touchscreen kiosks to replace the experience of peering over the shoulder of the person behind the counter to see which foodstuffs were ready to go.

Today, the person behind the counter is far less visible, obscured by a line of delivery riders collecting app orders. The BIOS utility screen, however, looks back to an earlier time.

Or, possibly, Worthing is simply 17 years behind the rest of the world. ®