Hi, I’m thinking about writing a media piracy tutorial for absolute beginners (think my mother - people who can use browsers and office but that’s about it).
Does anybody know what’s the legislation for that? I’m in the Czech Republic (EU), and the site is hosted on Codeberg pages (Germany). Nameservers for my domain are managed by CloudFlare (USA). So I’m curious about both EU and US laws.
If it’s illegal, can I make it legal by not including any direct links, or stating some “educational purposes only” bullshit?
I feel like the internet is full of that stuff and even GitHub READMEs usually get away with “we don’t condone piracy”, but I also vaguely remember some lawsuit against redditors discussing piracy?
Thanks for advice.
DNS is the most important foundational stone. Whoever controls your DNS can redirect all of your users to any address they want AND present a valid TLS cert through a DNS challenge. They can also redirect all E-Mails of the associates domain, and if any address was used to register an account, they can reset that accounts password. Trusting someone to handle your DNS is the highest trust you can put on someone on the internet. And that is both for a website povider trusting the registrar of their domain and for a end user with their DNS resolver.
That seems way beyond my threat model, but maybe I don’t fully understand the risks.
Cloudflare cannot track visitors of my website, the only malicious thing they can do is to tamper with my DNS record. While they are almost surely an intelligence asset, that would greatly damage their reputation for negligible gain (my website is a static site with like 2 visitors including me).
Am I correct, or did I miss something? I don’t have an email address on my domain, so that’s ok.
Yes, cloudflare will not tamper with your record because you are not important enough to be worth the reputation loss. Realistically, no harm will come to you from cloudflare.
However! They are still the party that could theoretically cause the largest amount of damage to both you and your users.
They “cannot” only because they say so. Changing your DNS record allows them to read 100% of all incoming traffic even if it is TLS encrypted (because they can acquire a valid TLS certificate for your domain through a DNS challenge).
Thanks. I’m aware of the theoretical risks and how bad cloudflare is for the internet as a whole. Sadly, I use Cloudflare tunnels for a different subdomain. While I would like to move to some alternative in the long term, it just works™ right now and I don’t really have the energy to touch it.