Tag Archives: google

Google Search Apparently Indexes Over 80 Million Torrent Hashes

Post Syndicated from Ernesto original https://torrentfreak.com/google-search-apparently-indexes-over-80-million-torrent-hashes-190908/

Like every general search engine on the web, Google indexes every page it can find. That’s what it’s for, after all.

Torrent meta-search engines do things quite differently. These sites are only interested in torrent links found on external sites.

This includes Torrentz2, which is without a doubt the most popular torrent meta-search engine on the Internet. The site took over from the original Torrentz site, which after it surprisingly closed its doors during the summer of 2016.

Over the past three years, the site has rolled out some updates, most of which have gone unnoticed. However, recently our interest was piqued by a rather unusual addition to the Torrent2’s indexed sites.

Starting a few weeks ago, Torrentz3 began listing “Google” as a ‘source’ in its search results. Not somewhere down the bottom, but as the top result for every piece of content. Here’s what shows up on the “Ubuntu desktop 19.04” page.

The Google link on top leads to a Google search for the associated torrent hash, which finds dozens of pages where the Ubuntu torrent is available as well. This works the same for all other results. Usually, Google returns plenty of options, including several sites that Torrentz2 doesn’t search.

What’s also interesting to note is the number of hashes Google has listed in its search engine. According to Torrentz2, Google is currently able to find 82,085,976 unique torrent hashes.

While that’s already an impressive amount, the number of torrent pages indexed by Google is actually much higher, as it often has dozens of pages for each torrent hash. After all, the same torrents generally appear on several torrent sites.

Google, like any other search engine, has always indexed torrent sites. In fact, it even has a dedicated filetype:torrent command. This allows users to search for .torrent files directly on Google, but it isn’t as effective as the hash-based method.

Also, in recent years the site took several measures to make copyright-infringing content harder to find. Nowadays it can be quite a challenge to find something in Google by simply assing “torrent” to a search query.

With Torrentz2 + Google, however, that doesn’t appear to be an issue.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Adult Site Calls For Google Action Against DMCA Notice ‘Carpet Bombing’

Post Syndicated from Andy original https://torrentfreak.com/adult-site-calls-for-google-action-against-dmca-notice-carpet-bombing-190907/

Back in June we reported on massive waves of what appeared to be bogus DMCA notices targeting various adult-focused sites.

Some of the sites hit hard in these earlier waves were so-called ‘hentai’ sites which focus on adult-orientated comics and cartoons.

They complained that a ‘company’ called Copyright Legal Services Inc. (there’s no obvious record of such an entity online) was the author of many notices which attempted to delist thousands of URLs and in some cases homepages and even entire sites from Google. It claimed to be working on behalf of DLSite.com, a platform operated by Japan’s EYSIS, Inc.

Since the initial reports, the same kind of activity has continued, with force. However, notices similar to the ones originally sent by Copyright Legal Services are now being sent by a new entity, Right Protection Corporation, which not only target the main domain pages of various sites but also their entire web structures.

In common with Copyright Legal Services before them, Right Protection Corporation (RPC) doesn’t appear to exist on the web, even though their notices claim they have bases in at least three countries – United States, Japan and China. They are sending volume requests to delete countless thousands of URLs from Google, even though they appear to have no right to do so.

One takedown notice pointed out to TF reveals a notice that has been sent in the form of a PDF, meaning that it can’t easily be searched for using the tools offered by DMCA transparency portal Lumen Database.

However, looking inside proved useful as it reveals that the ‘RPC’ is attempting to have thousands of URLs delisted from a single site – rule34.paheal.net – including its main page which displays nothing but a warning that it carries adult material and a note about cookies. There are many other examples, such as this one, which attempt to do the same thing.

TorrentFreak is informed that some operators of the affected sites, including the operator of Konachan.com, have filed counter-notices with Google and have achieved some success in having their URLs reinstated.

However, the operator of Gelbooru.com, which was hit hard in the first wave, says he’s had huge difficulties in getting touch with Google’s legal team for them to take restorative action, as required when a proper DMCA counter-notice is filed.

“Their [Standard Operating Procedure] is ignore until sued, so we are moving forward with trying to get anyone who runs a website that was affected by this whole situation to contact us directly if they’d be interested in joining a class action that will be filed,” he informs TF.

“We require at least three others to be a class action, and Google must have ignored or denied any counter DMCA notices sent to them to be able to join. Message me, ‘lozertuser’, directly on our Discord.”

The overall aim appears to have Google either respond to the counter-notices or preferably get in touch with Gelbooru’s lawyers, in order to sort out the issue without either company having to waste any more time on the problem. Hopefully, no class action will be required but it remains a possibility.

In the meantime, it’s worth highlighting that DLSite.com, the platform which the notices claim to protect, has categorically denied it is behind the mass notices sent in its name.

A statement sent to the OneAngryGamer site, which covered our earlier report, has the company stating that it had reviewed our article and noted that “EISYS, Inc. / DLsite is not involved in this matter. When we send a DMCA request it will be via: Eisys, Inc. We do not know anything about the company: ‘Copyright Legal Services INC’.”

Them and everyone else, then…

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

‘Google Blocked TorrentFreak From Appearing in Search Feature’

Post Syndicated from Ernesto original https://torrentfreak.com/google-blocked-torrentfreak-from-appearing-in-search-feature-190815/

At TorrentFreak, we have written hundreds of articles about website blocking and censorship. Today, we’re featured in one ourselves.

Leaked Google documents reveal that TorrentFreak.com shows up in one of Google’s previously unknown blocklists, which actively hides our domain from the Google Now service.

Google Now was a Google search feature that presented users with informational cards, to provide users with more details on subjects of interest to them. While the brand no longer exists, the feature is still present in the Google Android app and its feed.

The controversial blocklist is part of a treasure trove of files that were leaked by whistleblower Zachary Vorhies, who shared them with Project Veritas. The entire collection of files uncovers many previously unknown policies and actions from Google.

“These documents were available to every single employee within the company that was full-time. And so as a fulltime employee at the company, I just searched for some keywords and these documents started to pop up,” Vorhies said.

The Google Now blocklist, which is available here, contains nearly 500 domain names. The file starts with APKMirror, eBay and some Google sites, and then continues with several torrent related sites including The Pirate Bay, RARBG and EZTV, as well as some that no longer exist.

TorrentFreak.com is grouped in with the torrent sites. While the list doesn’t give a reason for the block, it appears that it’s related to the subject of piracy.

Torrent blocks

The list then continues with sites that are tagged due to having a “high user block rate.” These include quite a few conservative websites. As the description suggests, they may have been filtered because a lot of users block these sites.

Further down the list, there are also a dozen sites that are supposedly “flagged for peddling hoax stories.”

High user block rate

This isn’t the first Google leak story by Project Veritas. The outlet previously published internal Google documents about what it described as “algorithmic unfairness.”

Google obviously wasn’t happy with the leaks. The company reportedly sent a threatening letter to Vorhies after it uncovered his identity, and the San Fransisco police later visited the Google insider for a “mental health” check.

The turn of events triggered Vorhies to release the documents in public and step out of the shadows. In addition to sharing the information publicly, he also sent the data dump to the US Department of Justice’s antitrust division.

TorrentFreak is not able to independently verify the authenticity of the blocklist or any of the other materials that were leaked. It’s also not clear whether the list is up-to-date and still actively used.

We reached out to a Google spokesperson to find out more. including why our site appears on this list, but at the time of writing, we have yet to hear back.

A full copy of all the leaked files, which also contains other documents about censorship, hiring practices, and psychological research, is accessible via Project Veritas. The site also published a detailed video interview with the whistleblower.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Rightsholders Remove Google Results of Legal Search Engine ‘JustWatch’

Post Syndicated from Ernesto original https://torrentfreak.com/rightsholders-remove-google-results-of-legal-search-engine-justwatch/

The entertainment industries have gone head to head with Google over the past years, demanding tougher anti-piracy measures from the search engine.

Ideally, several industry groups would like Google to completely remove pirate sites from its search results. In addition, they argue that the search engine should boost the rankings of legal services and sites that allow the public to find legal content.

JustWatch is one of these legal options. While it doesn’t offer any content itself, it provides a great search tool for people who want to find legal entertainment on dozens of services. As such, it is widely recommended by industry insiders.

When Fox alerts ISPs and hosting companies of alleged pirates, for example, it specifically recommends JustWatch as a good starting point.

“We encourage you to refer your account holder to the website justwatch.com where they will find an array of legal choices,” Fox notes.

Given this reputation, it’s rather unfortunate that copyright holders repeatedly ask Google to remove JustWatch URLs from its search engine. While these requests are likely made in error, the result is that these companies make it harder for people to find legal alternatives.

Take this copyright infringement notice from anime producer Korean Broadcasting System (KBS) for example. The takedown request, directed at Google, lists dozens of infringing URLs, as well as two from JustWatch.

Takedown notice

While KBS probably identified these URLs by mistake, thinking that JustWatch is a pirate site, Google did in fact take action. As a result, the site’s official page of “The King’s Face” is no longer showing up in the search results.

“In response to a complaint that we received under the US Digital Millennium Copyright Act, we have removed 1 result(s) from this page. If you wish, you may read the DMCA complaint that caused the removal(s) at LumenDatabase.org,” Google explains.

JustWatch removed…

This isn’t an isolated incident either. Since the start of this year, Google has been asked to remove more than a hundred JustWatch URLs. These notices are attributed to a variety of rightsholders, including KBS, CJ, AMC Networks, Zee Entertainment, and Toei Animation.

In the example given earlier, as well as several other instances, the links have been removed. However, Google also managed to prevent some takedowns, including this one AMC sent for “Fear The Walking Dead.”

What’s clear, however, is that many JustWatch links are no longer appearing in Google’s search results. While this is unlikely to be intentional, it is rather unfortunate, especially since rightsholders themselves have asked Google to promote such services.

Perhaps it’s a good idea to prevent these clear errors, before demanding Google to “do more”?

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Phone Pharming for Ad Fraud

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/08/phone_farming_f.html

Interesting article on people using banks of smartphones to commit ad fraud for profit.

No one knows how prevalent ad fraud is on the Internet. I believe it is surprisingly high — here’s an article that places losses between $6.5 and $19 billion annually — and something companies like Google and Facebook would prefer remain unresearched.

Google Fined Again For Not Removing Banned Sites From Search Results

Post Syndicated from Andy original https://torrentfreak.com/google-fined-again-for-not-removing-banned-sites-from-search-results-190720/

In order to control what kind of information its citizens have access to online, Russia operates an Internet ‘blacklist’.

Known locally as FGIS (Unified Register of Prohibited Information), the database contains the domains of thousands of sites containing anything from extremist material to pirated copies of movies and TV shows.

Major online technology platforms are expected to interface with FGIS to ensure they receive up-to-date information on which sites are forbidden in Russia. In the case of search engines, the database provides details on which sites should be removed from search results.

After failing to connect its systems to the FGIS and deindexing sites as required, last December Google was fined by Russian authorities. That was followed by threats from local telecoms watch Roscomnadzor early 2019 that the US-based company could be fined again for non-compliance, as well as facing a potential block itself.

In February 2019 it was reported that Google was finally playing ball and everything was running more smoothly. However, that appears not have been the case. According to an announcement published this week by Roscomnadzor, Google has been fined again.

“The company has not complied with the requirements of the law..[..]..by excluding from search results links to Internet resources with illegal information, access to which is restricted in Russia,” Roscomndazor said.

“The control event recorded that Google carries out selective filtering of search results – more than a third of the links from a single registry of prohibited information are still preserved in its search results.”

Explaining that Google has been told repeatedly of the legal requirements in Russia, the watchdog revealed that the fine handed down was 700,000 rubles – just US$11,098 – a drop in the ocean as far as Google is concerned.

Digital rights group Roscomsvoboda reports that in April 2019, Google had removed 80% of the specified banned content from its search results. However, data covering the period ending May, for which the fine was levied, showed that removal levels had fallen to 67.5%.

Last month, when Google learned that it was in line for another fine after a warning from Roscomnadzor, the company expressed surprise.

“We have not changed anything. A couple of months ago we agreed that we will not connect to the registry of banned sites and will not blindly delete anything, but consider requests to delete content, and where it meets the requirements, we remove content from the Russian service,” a spokesperson said.

“We do not understand why Roscomnadzor is talking about a new case or where they get these figures from.”

Whether Google will eventually connect to the FGIS isn’t clear. It currently receives a daily list of sites to be blocked and acts on those as it sees fit. Only time will tell whether that will be enough for Roscomndazor moving forward.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Fake MPAA Asks Google to Remove Thousands of URLs, Including MPAA.org

Post Syndicated from Ernesto original https://torrentfreak.com/fake-mpaa-asks-google-to-remove-thousands-of-urls-including-mpaa-org-190714/

In 2012, Google first published a Transparency Report for search-related copyright takedown notices.

This rather enlightening database allows outsiders to check what URLs copyright holders want removed from the search engine.

In recent years Google has processed more than four billion URLs. While most of these requests are legitimate, there have also been plenty of errors, mistakes, and in some instances; clear abuse.

Most of the cases we covered in the past dealt with rightsholders targeting perfectly legal content, ranging from news articles, through open-source software, to Facebook’s homepage. Over the past year, however, we’ve noticed a different but equally disturbing trend.

Among the millions of notices Google receives on a weekly basis, there are now quite a few ‘fake’ submissions. Fake, in this case, means that the submitter pretends to be or represent someone else. Someone who it clearly isn’t.

We first spotted this late last year when imposters targeted many pirate sites with suspicious takedown requests. These were presumably sent by competing pirate sites, trying to remove the competition from Google’s search results. More recently, imposters even tried to remove a Netflix listing.

Today we have another example that’s perhaps even more blatant. It involves the name of Hollywood’s very own anti-piracy group, the MPAA.

In recent weeks Google received a flood of notices claiming to be from the Hollywood group. While the MPAA is based in the U.S., the notices in question are sent on behalf of “MPAA UK” and “MPAA Member Studios DE”. 

However, none of the listings below, including “MPAA Member Studios US,” are legitimate. It appears that someone is pretending to be the MPAA, sending takedown requests for tens of thousands of URLs. 

Fake MPAA’s

Looking more closely at the takedown requests, we see a familar pattern emerge. The notices mainly target a small group of ‘pirate’ sites. For example, over 10,000 URLs of the Turkish movie streaming site Filmifullizle.tv were targeted in just one week, with most notices coming from fake MPAA’s.

Filmmodu.com, and other Turkish streaming portals such as Yabancidizi.org, Fullhdfilmizleten.org, and Filmionlineizle.tv, get the same treatment, either by a fake MPAA or another scammer.

Interestingly, these imposters are rather sloppy at times. On several occasions they put the infringing URLs in the “original works” box, labeling the MPAA’s homepage as the infringing content. Luckily for the real MPAA, Google didn’t remove it.  

Pirate MPAA?

As we have highlighted in the past, these imposters are likely to be competing pirate sites, who want to take out the competition by making their opponents’ sites unfindable in Google’s search results. A clear case of abuse. 

At the time of writing, Google has complied with several of the fake takedown requests, removing the allegedly-infringing URLs. However, the search engine does appear to be aware of the problem, and has labeled some submissions as being fake. 

The imposter situation definitely doesn’t help the credibility of the takedown process. Google has its hands full and we imagine that the MPAA isn’t happy with the misuse of its name either. 

That said, the Hollywood group certainly isn’t alone in this. Several other rightsholders and anti-piracy organizations have imposters as well, including Marvel, Warner Bros., MarkMonitor, DigiGuardians, Marketly, and many others.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Google Releases Basic Homomorphic Encryption Tool

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/07/google_releases_1.html

Google has released an open-source cryptographic tool: Private Join and Compute. From a Wired article:

Private Join and Compute uses a 1970s methodology known as “commutative encryption” to allow data in the data sets to be encrypted with multiple keys, without it mattering which order the keys are used in. This is helpful for multiparty computation, where you need to apply and later peel away multiple layers of encryption without affecting the computations performed on the encrypted data. Crucially, Private Join and Compute also uses methods first developed in the ’90s that enable a system to combine two encrypted data sets, determine what they have in common, and then perform mathematical computations directly on this encrypted, unreadable data through a technique called homomorphic encryption.

True homomorphic encryption isn’t possible, and my guess is that it will never be feasible for most applications. But limited application tricks like this have been around for decades, and sometimes they’re useful.

Boing Boing article.

Google Flags Hundreds of Pirate Sites for ‘Abusive Experiences’

Post Syndicated from Ernesto original https://torrentfreak.com/google-flags-hundreds-of-pirate-sites-for-abusive-experiences-190629/

Online advertising can be quite a nuisance. Flashy and noisy banners, or intrusive pop-ups, are a thorn in the side of many Internet users.

These type of ads are particularly popular on pirate sites. Many users tackle this by installing an ad-blocker. People who don’t, often have to navigate through a maze of fake download buttons and other misleading ads.

Increasingly, Google is trying to hide such ads from the public. Not just on pirate sites, but everywhere they pop up. The company, which derives most of its income from adverts, is generally not a fan of ad-blocking. However, it does employ various blocking initiatives that target third-party advertisers.

Two years ago the company announced that its Chrome browser would start to automatically block ads that don’t adhere to the  Better Ads Standards, for example. This was implemented early last year in several locations, including the US and Europe.

In a separate effort, Google has also started to banish abusive experiences. In Chrome its begun warning users about various deceptive practices, such as fake download and play buttons, while blocking unwanted redirects which are prevalent on some pirate streaming sites.

This wasn’t enough though. Last December, Google upped the ante when it decided to block all ads on a curated selection of sites with persistent abusive experiences. This includes the aforementioned fake download buttons, but also ads that promote or link to unwanted software.

This is a big step, as sites that have all ads blocked will certainly notice a significant dip in revenue. Thus far, however, little was known about what sites are targeted by Google, or how many there are. That changed recently. 

The latest release of the Vivaldi browser, which is based on Chrome, also implemented this blocklist. This was announced in a blog post by its CEO  Jon von Tetzchner.

“We’ve improved security by blocking advertisements on sites with abusive ad practices,” he writes. “We want you to be safe while on the web, and worry less about who’s abusing you with dangerous ads.”

Google’s list of abusive sites is available through an API, but not accessible to the public. However, Vivaldi has access to it and maintains a copy on its servers, as highlighted by Techdows which highlighted it in a recent report.

We should stress that this list of “abusive” sites is separate from the list of sites that violate the “better ads” standard, which Chrome’s built-in ad-blocker uses.

A quick review of the list reveals that it’s dominated by pirate and porn sites. At the time of writing, there are a total of 7,059 sites on the list including hundreds of pirate sites such as thepiratebay.rocks, eztvtorrent.net, filmytorrents.com, gostream.nu, songsmp3.org, and watchonlinemovies.net.

The targeted pirate sites are mostly smaller proxy sites or copycats, often designed to generate revenue. Interestingly, there are also several Blogspot sites on the list, such as the pirate release blog 4howcracked.blogspot.com.  Blogspot is, of course, a blogging platform maintained by Google.

In addition, we noticed that many domains are no longer operational, such as tehmoviez.download, and various others redirect to new URLs, as 0123movies.io does. 

When we first saw the list the relatively popular torrent site TorrentDownloads.me was listed as an ‘abusive’ site as well. The operator confirmed this and told TorrentFreak that he noticed a decline in revenue when that happened.

“Revenue dropped a few months ago when they put us on the abusive list. That’s why we are thinking to move our domain to new TLDs. I will also send a request for Google to review the site again and hope they will unblock it now,” the operator said. 

Apparently, this worked, as the site was unlisted a few hours later. No surprise perhaps, as the site doesn’t display any ads at the moment, so we must wait and see if this holds when the ads are put back.

Another site owner, who prefers to remain anonymous, informed TorrentFreak that his site was listed previously, but that the issue was resolved after he removed what Google flagged as ‘abusive’ code.

With billions of sites on the Internet and just a few thousand on this list of abusive sites, the impact of this measure is relatively minimal. And even on sites that are listed, some ads are still coming through, such as on the adult site 007zeed.com and pirate site Stream-Island.su. 

While the measure may not be perfect, Google sees it as an attempt to keep the web safe. While that’s an honorable motive, there may be a self-serving element to it as well. 

As said before, Google doesn’t want people to install ad-blockers. So, if its own browser blocks flashy ads on sites by default and bans ads on abusive sites completely, fewer people may see the need for a separate ad-blocker.

As a result, Google’s revenues increase. 

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Rightsholders Want to Completely Delist ‘Pirate’ Domains From Search Results

Post Syndicated from Andy original https://torrentfreak.com/rightsholders-want-to-completely-delist-pirate-domains-from-search-results-190621/

The anti-piracy wars are fought on many fronts, from plugging leaks to issuing millions of takedown notices to both sites and search engines.

Despite no deliberate role in piracy, the latter are often described as facilitators of piracy who could do more, by making pirate sites less visible in search results, for example.

While companies like Google have taken such steps both voluntarily (UK) and in response to legal requirements (Australia 1,2), rightsholders would like more. In Russia, where new anti-piracy legislation is currently being debated, there’s an opportunity to set the standard.

Last year, several rightsholders and Internet platforms signed a memorandum of understanding which set out a basic framework for cooperation moving forward. The terms of that agreement are now the subject of negotiations before being turned into law sometime in the next few months.

During a closed-door meeting this week, held at telecoms watchdog Roscomnadzor and reported by a Kommersant source, rightsholders set out new tough demands. In order to limit traffic being sent to pirate sites by search engines, they want companies like Yandex (and ultimately Google) to completely delist ‘pirate’ domains from search results.

Under the current terms of the memorandum, signatory companies delist search results (typically URLs) when they appear in a centralized database populated with links provided by content companies and their anti-piracy partners. The new proposals demand that sites considered as repeat infringers should disappear altogether.

Alexei Byrdin, General Director of the Internet Video Association, said that his group had identified a number of measures taken by pirate sites to limit the effectiveness of current measures. This means a more aggressive approach is needed.

“Our response is a draft rule on the removal of the entire domain of a site that systematically violates copyrights [from search results],” he told Kommersant.

While not all sites that receive multiple complaints will be affected (social networks and video hosting platforms would be excluded, for example), Internet companies are said to be opposed to the proposals. Among them Yandex, Russia’s largest search engine.

“It is necessary that any measures that entail inaccessibility to users of entire sites are based on a court decision. We are sure that such a solution will be found,” the company’s press office commented.

Channel One, the National Media Group, Gazprom-Media, the Internet Video Association, the Association of Film and Television Producers, Yandex, Rambler Group, Mail.Ru Group, vKontakte, and RuTube, are all signatories of the current memorandum.

The framework is set to expire on September 1, 2019, but could be extended if consensus isn’t reached by that date. However, aside from the deletion of entire domains from search results, it’s reported that the parties are largely in agreement, meaning that Russia is on course to expand its anti-piracy laws significantly, once again.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Backdoor Built into Android Firmware

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/06/backdoor_built_.html

In 2017, some Android phones came with a backdoor pre-installed:

Criminals in 2017 managed to get an advanced backdoor preinstalled on Android devices before they left the factories of manufacturers, Google researchers confirmed on Thursday.

Triada first came to light in 2016 in articles published by Kaspersky here and here, the first of which said the malware was “one of the most advanced mobile Trojans” the security firm’s analysts had ever encountered. Once installed, Triada’s chief purpose was to install apps that could be used to send spam and display ads. It employed an impressive kit of tools, including rooting exploits that bypassed security protections built into Android and the means to modify the Android OS’ all-powerful Zygote process. That meant the malware could directly tamper with every installed app. Triada also connected to no fewer than 17 command and control servers.

In July 2017, security firm Dr. Web reported that its researchers had found Triada built into the firmware of several Android devices, including the Leagoo M5 Plus, Leagoo M8, Nomu S10, and Nomu S20. The attackers used the backdoor to surreptitiously download and install modules. Because the backdoor was embedded into one of the OS libraries and located in the system section, it couldn’t be deleted using standard methods, the report said.

On Thursday, Google confirmed the Dr. Web report, although it stopped short of naming the manufacturers. Thursday’s report also said the supply chain attack was pulled off by one or more partners the manufacturers used in preparing the final firmware image used in the affected devices.

This is a supply chain attack. It seems to be the work of criminals, but it could just as easily have been a nation-state.

DMCA Takedowns Try to Delist Dozens of Adult Homepages from Google

Post Syndicated from Andy original https://torrentfreak.com/dmca-takedowns-try-to-delist-dozens-of-adult-homepages-from-google-190608/

Google receives millions of notices requesting the removal of allegedly-infringing links from its search results every month.

The load is truly huge, as is the flood of pirated content the DMCA notices attempt to address. It’s a huge task on all sides, so it’s not a surprise some dubious takedowns slip through the net. Over the past couple of weeks, more than usual appear to have done just that.

Without going into too much detail and annoying the purists, hentai can loosely be defined as adult-focused comics and cartoons. Hailing from Japan, hentai has a huge following worldwide and, of course, is widely pirated.

Several companies and organizations attempt to take infringing content down but this week a new one stepped up to cause waves across hundreds of sites.

It isn’t clear who is behind ‘Copyright Legal Services INC’ (CLS). A specific Google search yields nothing and its takedown notices offer no additional information either. However, several of its DMCA notices indicate that the original works it tries to protect can be bought from DLSite.com, a platform operated by Japan’s EYSIS, Inc.

At first view, the notices filed by CLS seem unremarkable. They list original works and then allegedly-infringing URLs. However, what these notices then try to do is purge from Google entire adult-site homepages, full sections, plus pages that clearly aren’t infringing.

Due to their inherent NSFW nature, we won’t quote them directly here but anyone interested can click the links provided.

For instance, this notice attempts to remove ‘xhamster.com/hd’ and the ‘subbed’ and ‘english’ tag archives on YouPorn.com.. Many other sites are listed too, with the notice even trying to take down their contact pages. Around two dozen homepages are among the 331 targeted URLs.

Another notice targets 198 URLs, six of them site homepages. In common with the other notices, some have been removed from Google search, others have not. It’s hard to make a clear determination but Google seems to delist some smaller sites while giving sites like YouPorn and xHamster a pass.

The list of notices goes on, and on, and on, and on, with the same general theme of some accurate reports, many massively overbroad ones, and notices that nearly always target some sites’ homepages, some of which were acted upon by Google.

A site operator affected by the wave of takedowns sent TorrentFreak a list of the homepages that were requested for removal from Google. They numbered 294, which is a lot by any measurement.

Of course, there are a number of other factors that also need to be highlighted.

While it’s impractical to check them all, a cursory view of a few dozen domain URLs shows that most of the sites are probably infringing someone’s copyrights, so these types of notices (when accurate) shouldn’t come as a surprise.

It’s also possible that some of the sites carried the content in question on their homepages when the notices were sent to Google. However, given the volume of sites and the limited range of content, it seems likely this would be the exception and not the rule.

The operator of one site – Gelbooru.com – which had its homepage delisted from Google despite containing no infringing content, told TorrentFreak that complaining to Google proved fruitless.

Homepage delisted

“Thanks for reaching out to us,” Google responded.

“At this time, Google has decided not to take action. We encourage you to review https://library.educause.edu/topics/policy-and-law/digital-millennium-copyright-act-dmca for more information about the DMCA. If you have legal questions about this notification, you should retain your own legal counsel.”

The full list of notices referenced above can be found here but may require registration to view in detail, as reported here.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

‘Netflix’ Flags Netflix.com As a Pirate Site, Or Does It?

Post Syndicated from Ernesto original https://torrentfreak.com/netflix-flags-netflix-com-as-a-pirate-site-or-does-it-190602/

Netflix, like many other rightsholders, keeps a close eye on pirate sites.

The company has its own in-house anti-piracy team and also works with third-party companies, to issue takedown requests.

Over the past two years, the streaming giant has sent more than five million of these to Google alone. Many of them ask the search engine to remove links to pirate sites, but this week our eye was drawn to a more unusual request.

The notice in question was sent by the anti-piracy outfit Marketly, on behalf of Netflix, and identifies 250 URLs which presumably link to pirated copies of the movie “Triple Frontier.” However, on closer inspection, many of the reported links are not infringing at all.

The most obvious mistake is that the notice reports Netflix’s own listing of “Triple Frontier” as a pirate copy, requesting Google to remove it from its search index.

Google spotted the mistake and didn’t comply. However, that’s not the only error. The same takedown request also includes a variety of links to other legitimate websites. This article from The Wrap about Netflix’s streaming numbers for example, which mentions Triple Frontier, but isn’t piracy related.

The same is true for several other reported URLs. This includes a Hollywood Reporter story, this top ten list from Variety, this article from The Daily Dot, a Business Insider report, and IMDb’s news page for Triple Frontier. We could go on and on.

These findings could easily be used to once again argue that automated DMCA takedown processes are highly inaccurate. After all, if Google wasn’t sharp enough to spot these errors, legitimate content would have disappeared from the search results.

However, since we have seen our fair share of imposters over the past year, we’re not sure that this notice was sent by Marketly at all, or if Netflix has anything to do with it.

Marketly indeed works for Netflix and the streaming service does own the distribution rights to Triple Frontier. However, neither company is known for its negligence when it comes to these types of takedown efforts, although Marketly took down one of our tweets recently.

Upon closer inspection, our doubts started to grow. For one, the Marketly that sent this takedown requests has a separate listing in Google’s transparency report.

In addition, there have been other Marketly imposters recently. For example, Google has flagged this copycat as being fraudulent.

We’re more than happy and are inclined to chalk this clearly erroneous notice up as another scam attempt. Likely in an effort of a pirate site to punish competitors, as we’ve seen before.

However, that doesn’t make this less of a problem. In fact, if scammers continue to make claims like this, it will likely lead to overbroad takedowns. And with millions of URLs being submitted per day, Google will have a hard time catching them all.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Google+ is Shutting Down: Save Your Content By March 31

Post Syndicated from Roderick Bauer original https://www.backblaze.com/blog/google-is-shutting-down-save-your-content-by-march-31/

Farewell Google+

If you’re a user of Google+, the internet-based social network, you recently received a notice that the service is shutting down on April 2. If you have any content on Google+ that you’d like to save, you need to get it out by Sunday, March 31.

If the already have copies of that content, you’re OK, but if any of that content exists only on Google+, you’ll want to make sure you retrieve it prior to the deadline

No other Google products (such as Gmail, Google Photos, Google Drive, YouTube) are affected. Any photos and videos already backed up in Google Photos will not be deleted.

A Reminder to Keep Your Data Safe and Secure

This action by Google, as well as the recent Myspace content deletion accident, are good reminders that you never want to be in the situation where the only copy of your data is in one place if that one place isn’t expressly designed for long-term secure archiving. Any data you have that you value — whether on your local computer, on an external disk, on backup media, or in the cloud — shouldn’t exist only in one place.

If you Have Data in Google+, Here’s How To Retrieve It

How to download your data.

Google dialog to download your data
Google dialog to download your data

More Information from Google on Google+ Closure

For more information, see the full Google+ shutdown FAQ.

The post Google+ is Shutting Down: Save Your Content By March 31 appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

The Latest in Creepy Spyware

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/03/the_latest_in_c.html

The Nest home alarm system shipped with a secret microphone, which — according to the company — was only an accidental secret:

On Tuesday, a Google spokesperson told Business Insider the company had made an “error.”

“The on-device microphone was never intended to be a secret and should have been listed in the tech specs,” the spokesperson said. “That was an error on our part.”

Where are the consumer protection agencies? They should be all over this.

And while they’re figuring out which laws Google broke, they should also look at American Airlines. Turns out that some of their seats have built-in cameras:

American Airlines spokesperson Ross Feinstein confirmed to BuzzFeed News that cameras are present on some of the airlines’ in-flight entertainment systems, but said “they have never been activated, and American is not considering using them.” Feinstein added, “Cameras are a standard feature on many in-flight entertainment systems used by multiple airlines. Manufacturers of those systems have included cameras for possible future uses, such as hand gestures to control in-flight entertainment.”

That makes it all okay, doesn’t it?

Actually, I kind of understand the airline seat camera thing. My guess is that whoever designed the in-flight entertainment system just specced a standard tablet computer, and they all came with unnecessary features like cameras. This is how we end up with refrigerators with Internet connectivity and Roombas with microphones. It’s cheaper to leave the functionality in than it is to remove it.

Still, we need better disclosure laws.

Clever Smartphone Malware Concealment Technique

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2019/01/clever_smartpho.html

This is clever:

Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection — they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn’t load on emulators researchers use to detect attacks.

The thinking behind the monitoring is that sensors in real end-user devices will record motion as people use them. By contrast, emulators used by security researchers­ — and possibly Google employees screening apps submitted to Play­ — are less likely to use sensors. Two Google Play apps recently caught dropping the Anubis banking malware on infected devices would activate the payload only when motion was detected first. Otherwise, the trojan would remain dormant.

Съд на ЕС: правата на издателите

Post Syndicated from nellyo original https://nellyo.wordpress.com/2019/01/01/vgmedia/

Стана известно заключението на Генералния адвокат по дело C299/17 VG Media Gesellschaft  срещу GoogleLLC.

Спорът

Преюдициалното запитване е отправено в рамките на спор пред Landgericht Berlin (Областен съд Берлин, Германия) между VG Media Gesellschaft zur Verwertung der Urheber- und Leistungsschutzrechte von Medienunternehmen mbH — организация за колективно управление, оправомощена съгласно германското право да управлява авторското право и сродните му права по-специално от името на издатели на периодични издания, и дружеството Google LLC, което управлява интернет търсачката Google search в домейните http://www.google.de и http://www.google.com, както и услугата Google News, която в Германия е достъпна отделно като news.google.de или news.google.com.

От името на своите членове VG Media предявява срещу Google иск за обезщетение във връзка с това, че считано от 1 август 2013 г., Google използва за собствените си услуги откъси от текст, изображения и видеоматериали от пресата и медийно съдържание, произведени от членове на VG Media, без да плаща възнаграждение за това.

Основанието: на 1 август 2013 г. Федерална република Германия въвежда за издателите на периодичен печат право, сродно на авторското право, съгласно членове 87f и 87h от Urheberrechtsgesetz (Закон за авторското право и сродните му права, наричан по-нататък „UrhG“). Германия e първата страна в Европа, която въведе сродно право в полза на издателите – с цел да им даде контрол върху нелицензираното използване на съдържанието на съответните издания от трети страни. Последва я Испания.

Въпросите

Като се има предвид, че въпросният законодателен проект не е бил нотифициран на Комисията в съответствие с член 8, параграф 1 от Директива 98/34 — а санкцията за неизпълнение на това задължение е неприложимостта на националните правни разпоредби, така че, ако не са били нотифицирани, те не могат да бъдат противопоставени на частноправните субекти — Landgericht Berlin (Областен съд Берлин) отправя два въпроса до Съда-

„1)      Национална разпоредба, която забранява единствено на търговците, управляващи интернет търсачки, и на търговците — доставчици на услуги за обработване на съдържание, но не и на други потребители, в това число търговци, да разгласяват публично периодични издания или части от тях (с изключение на отделни думи или съвсем кратки откъси от текст), представлява ли по смисъла на член 1, точки 2 и 5 от Директива [98/34] правило, което не е специално насочено към услугите, определени в тази точка,

и ако отговорът е отрицателен,

2)      национална разпоредба, която забранява единствено на търговците, управляващи интернет търсачки, и на търговците — доставчици на услуги за обработване на съдържание, но не и на други потребители, в това число търговци, да разгласяват публично периодични издания или части от тях (с изключение на отделни думи или съвсем кратки откъси от текст), представлява ли технически регламент по смисъла на член 1, точка 11 от Директива [98/34], и по-конкретно задължително правило, свързано с предоставянето на услуга?“.

Google  твърди, че германското право няма да бъде приложимо, тъй като германското правителство не е уведомило Комисията на ЕС за тази уредба.

Генералният адвокат:

Въпреки че защитата на авторското право попада в приложното поле на член 17, параграф 2 от Хартата на основните права на ЕС и законодателството на ЕС има за цел да установи „високо ниво на защита“, това не е абсолютно право.   Съдът на ЕС е изяснил, че  трябва да се вземат предвид и основните права на другите, включително свободата за извършване на бизнес (член 16 от Хартата). Всичко това изисква постигане на справедлив баланс между различните права.

29.      От практиката на Съда обаче е видно, че правата върху интелектуалната собственост не са абсолютни. Съдът подчертава, че такива изключителни права, и по-специално възможността да се търси правна защита — каквато е искът да се преустанови неправомерното използване или да се забрани извършването на дейност — за да се осигури закрилата им, може да засегне основните права на други субекти, като например свободата на стопанската инициатива, защитена в член 16 от Хартата, и правото на свобода на информация, защитено в член 11 от Хартата. Ако са нарушени няколко основни права, защитени от правото на Съюза, трябва да се осигури справедлив баланс между тях.

 

34.      В становището си испанското правителство посочва, че целта на разглежданите национални разпоредби е да се защитят сродните на авторското право права на издателите на вестници и списания, а не да се регулират по какъвто и да е начин услугите на информационното общество. Според мен фактът, че разглежданите национални законови разпоредби предоставят на такива издатели права върху интелектуална собственост, не показва сам по себе си, че тези разпоредби нямат за цел да регулират по какъвто и да е начин или дори само инцидентно услуги на информационното общество. Действително в становището си Комисията посочва, че според нея интелектуалната собственост не е изключена от приложното поле на Директива 98/34.

 

38.      По отношение на обхвата и въздействието на законодателството трябва, разбира се, да се подхожда реалистично, като се имат предвид актуалните обстоятелства. Според мен е ясно, че основната цел и предмет на тези законодателни промени е да се уреди въпросът с ефекта от интернет търсачките, като се има предвид, че медийното съдържание все повече се чете и разглежда онлайн, както и да се предвиди специално правило в областта на авторското право относно доставяните от операторите на такива интернет търсачки онлайн услуги, свързани с периодични издания. Следователно, дори ако все още има оператори, предоставящи такива търговски услуги офлайн, те едва ли са основният фокус на германския законодател. Макар че по този въпрос в крайна сметка ще се произнесе запитващата юрисдикция, това следва поне имплицитно от тълкуването ѝ на UrhG.

 

За тази цел германското правителство има задължението да уведоми Европейската комисия:

Би било глупаво и наивно да не признаваме, че традиционният търговски модел на вестниците в целия Съюз – продажби и реклама – е   подкопан през последните 20 години чрез онлайн четене на вестници от потребителите, чиято практика от своя страна е улеснена от появата на мощни търсачки като тази, която се управлява от ответника. Все пак, обаче, „нищо от това не означава, че държава-членка има право да заобиколи изискванията за уведомяване от Директива 98/34.”

 

45.      Следователно, тъй като тези национални разпоредби не са били нотифицирани на Комисията по изисквания от член 8, параграф 1 от Директива 98/34 начин, в съответствие с установената практика на Съда Landgericht Berlin (Областен съд Берлин) трябва да откаже да приложи член 87f, параграф 1 и член 87g, параграф 4 от UrhG в разглежданото от него производство между страните пред този съд.

 

В по-широк план, ако Съдът приеме тезата на ГА,   последици биха могли да възникнат

  • за испанското право – в Испания (макар и с различен механизъм) беше приета законодателна инициатива, насочена към постигане на същите цели като на германското право, и  правителството не е уведомило Европейската комисия. Ако Съдът на ЕС постанови в VG Media по начина, предложен от AG Hogan, то и испанското законодателство може да се счита за неприложимо.
  • за чл.11 от проекта за Директива за авторското право – макар формулировката на чл.11 да не изглежда насочена към определени субекти, което според ГА е поразително в случая с Германия (т.26).

 

 

 

 

Android Ad-Fraud Scheme

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/10/android_ad-frau.html

BuzzFeed is reporting on a scheme where fraudsters buy legitimate Android apps, track users’ behavior in order to mimic it in a way that evades bot detectors, and then uses bots to perpetuate an ad-fraud scheme.

After being provided with a list of the apps and websites connected to the scheme, Google investigated and found that dozens of the apps used its mobile advertising network. Its independent analysis confirmed the presence of a botnet driving traffic to websites and apps in the scheme. Google has removed more than 30 apps from the Play store, and terminated multiple publisher accounts with its ad networks. Google said that prior to being contacted by BuzzFeed News it had previously removed 10 apps in the scheme and blocked many of the websites. It continues to investigate, and published a blog post to detail its findings.

The company estimates this operation stole close to $10 million from advertisers who used Google’s ad network to place ads in the affected websites and apps. It said the vast majority of ads being placed in these apps and websites came via other major ad networks.

Lots of details in both the BuzzFeed and the Google links.

The Internet advertising industry is rife with fraud, at all levels. This is just one scheme among many.

Google Tracks its Users Even if They Opt-Out of Tracking

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/08/google_tracks_i.html

Google is tracking you, even if you turn off tracking:

Google says that will prevent the company from remembering where you’ve been. Google’s support page on the subject states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.”

That isn’t true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking.

For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones pinpoint roughly where you are. And some searches that have nothing to do with location, like “chocolate chip cookies,” or “kids science kits,” pinpoint your precise latitude and longitude ­- accurate to the square foot -­ and save it to your Google account.

On the one hand, this isn’t surprising to technologists. Lots of applications use location data. On the other hand, it’s very surprising — and counterintuitive — to everyone else. And that’s why this is a problem.

I don’t think we should pick on Google too much, though. Google is a symptom of the bigger problem: surveillance capitalism in general. As long as surveillance is the business model of the Internet, things like this are inevitable.

BoingBoing story.

Good commentary.