GL.iNet hasn't released all sources to the firmware of their Brume 3 security gateway device, because it claims that code "heavily relies on Realtek's proprietary SDK" which is "under a strict NDA".
The community claims that this code is now covered by GPL.
You might find it better to read the case rather than a BBC News article. It contains the legal details and should help answer your questions. Be sure to click into the attachments.
The OM-3 is fine ergonomically, for me at least. The thumb pad on the back is very comfortable and balances the body very well. I held off buying one for a while because of ergonomic concerns but in practice it’s been great.
I was merely citing use of Cloudflare as evidentiary, not determinative.
I am not so sure about the relevance of billing entity. I suspect that how Cloudflare chooses to bill is as much driven by tax (especially transfer pricing) as anything else. I also think there are as-yet-unanswered questions about the role of CDNs and similar “global” infrastructure providers, and the impact of using their services as subcontractors (cf intermediaries), in interpreting jurisdiction. These services are obviously different to the “traditional” autonomous systems (routed networks). I am not sure that the law has caught up with this yet. But that is a tangent.
MLAT applies only to a narrow set of legal procedures, essentially around criminal activity. I’m a lawyer but this is very specialist stuff. I’m not expert enough to opine on whether MLAT applies here but - simply judging by the quality of their respective legal work on display - I’m minded to believe that Ofcom knows what they are doing. OTOH 4chan’s rhetoric reeks of FUD.
Relevant here is that 4Chan appears to explicitly target the UK users for commercial purposes, and potentially (via subcontract to Cloudflare) serves to UK customers from equipment located on UK soil.
Whether one agrees with the policy aims of the OSA or not, there are some complex jurisdictional and enforceability issues at play here. Unfortunately it’s not as simple as you make out.
GDPR does not have specific exemptions for fraud. It is often possible to process personal data for anti fraud purposes but it requires a full legal assessment in the same way as any other processing activity would.
The community claims that this code is now covered by GPL.
We await a response from GL.iNet.