Tag Archives: Opinion

Can a New Anti-Piracy System Really Defeat Cinema “Camming”?

Post Syndicated from Andy original https://torrentfreak.com/can-a-new-anti-piracy-system-really-defeat-cinema-camming190519/

During February, China’s National Copyright Administration (NCAC) announced that it would be upping efforts to deal with copyright infringement.

On top of a promise to “dig deep” into the sources of piracy and “sternly investigate” online platforms that help to distribute pirated content, the NCAC said it would also target unauthorized “camming”.

Camming, the act of recording movies in theaters with video cameras, has been a major headache for the entertainment industries for decades. Illegal copies often hit the Internet within hours of a movie’s premiere, as was the case last month with Avengers: Endgame.

While the NCAC clearly couldn’t do anything about that serious event, the question remains whether physical deterrents (such as bag searches and action against complicit theater owners) can also be augmented by technical measures.

Before Endgame dramatically hit the web, the China-based partnership of Ogilvy and Focus Film Media, part of Focus Media Group, announced that they had developed a new system to prevent camming taking in place in cinemas.

“Originality is the soul of the film industry and the foundation from which it thrives upon; it is our job to protect this originality,” said Jason Jiang, Founder and Chairman of Focus Media Group.

“We are delighted to have gone beyond a conventional approach and develop the ‘Piracy Blockr,’ which allows us to address the problem in a discrete but effective way, ensuring that the film industry is protected for years to come.”

Piracy Blockr in action? (Credit: Ogilvy/Focus Film Media)

The image above, although clearly mocked up, provides an idea of how the system is supposed to work. A watermark, invisible to the viewer, is captured by camcorders when an attempt is made to record the screen.

So how does it work? TorrentFreak spoke with Ogilvy to find out.

“There is a lot more to light than what mere human eyes can detect, but a device in your pocket can help you see beyond your biological limits. Our eyes can only detect colors of light that we see as a rainbow, primarily shades of red, orange, yellow, green, blue, indigo, and violet,” says Silvia Zhang, Ogilvy Marketing & Communications Manager.

“So while our naked eyes can’t pick up on the wavelength of infrared light, the sensors in your phones and cameras can – essentially making the invisible visible.”

Image: Supplied by Ogilvy

Anyone with a smartphone can easily see what the system is about. Simply press a button on an infrared remote control and point it at the camera lens and the image on the screen will display the infrared light emitted by the device. The camera can ‘see’ the infrared light, we can’t.

“We used this to our advantage to combat the multi-billion dollar illegal cam recording industry by embedding panels of infrared light powered watermarks, which we call the ‘Piracy Blockr’, behind cinema screens in China,” Zhang adds.

The idea of using infrared light to foil pirates isn’t new. A report dating back almost 10 years reveals that Japan’s National Institute of Informatics had teamed up with Sharp to pulse infrared light through cinema screens to disturb digital recording devices.

Since we haven’t heard of any such devices actually being deployed in cinemas, we asked Ogilvy how many screens its system currently ‘protects’ in China. The company didn’t respond to our question, despite repeated attempts.

We also asked how the Piracy Blockr system is able to defeat determined cammers who attach infrared filters to their devices. The company didn’t respond to that question either. A request for a real-life image or video clip of Piracy Blockr in action received the same response.

Some research appears to have been carried out in India (pdf) which considered the challenges presented by pirates who deploy infrared filtering but the problem clearly isn’t straightforward. If it was, someone would be making millions by now while resigning ‘camming’ to history.

As for Piracy Blockr, we won’t be holding our breath while waiting for a live demo.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

The Pirate Bay’s Oldest Torrents Survived 15 Years of Turmoil

Post Syndicated from Ernesto original https://torrentfreak.com/pirate-bays-oldest-torrents-survived-15-years-of-turmoil-190519/

When The Pirate Bay launched in the second half of 2003, the World Wide Web looked nothing like it does today.

Mark Zuckerberg was still preoccupied with “Facemash,” the “hot or not” site he launched before Facebook was invented. YouTube wasn’t around yet either, nor were Twitter and Instagram, which launched years later.

At the time nearly everyone used regular computers to access the web. Smartphones and tablets didn’t exist, and high-quality online video streaming was unthinkable on most residential Internet connections. If there was anything to stream at all.

People interested in watching a movie could use the Internet to buy a DVD at one of the early webshops or sign up with Netflix, which shipped DVDs through the mail. There were no download stores yet.

Given this context, imagine the appeal of a website that offered a high-quality archive of digital movies and tv-series to download, for free.

That site was The Pirate Bay.

TPB in 2014

Remarkably, many of the videos that were posted on the site during the early days remain available today. In fact, quite a few torrents on The Pirate Bay have been around longer than some of the site’s users.

This is quite an achievement, as torrents require at least one person with a full copy of the file to keep it alive. This prompted us to take a look at the oldest Pirate Bay torrents that are still being shared today.

During the early months of the site, it appears that some torrents were purged or otherwise lost. The oldest ones we can find data back to March 2004, which means that they are well over 15 years old today. 

An episode of “The High Chaparral” has the honor of being the oldest torrent. The file was originally uploaded on March 25, 2004, and although it lists zero seeders in search results, there are still several people actively sharing the torrent.

Many of the other torrents in the list above need some help. However, the Top Secret Recipes E-Books and a copy of the documentary Revolution OS, which covers the history of Linux, GNU, and the free software movement, are doing very well.

While these torrents have survived one-and-a-half decades of turmoil, including two raids, they’re still going strong. In part, perhaps, because some people want to keep history alive.

“To maintain history, I will gladly put this on my seedbox forever,” one commenter writes below the High Chaparral torrent, with another one adding “I will save this torrent for history!!!”

History indeed, as it is clear that things have changed over the past 15 years. In the early days, The Pirate Bay wasn’t just popular because people didn’t have to pay. It was often the only option to get a digital copy of a movie, TV-show, or even a music album. It was a revolution in a way.

This is still the case to a certain degree in some countries, but to many, the magical appeal has gone now that there are so many legal alternatives online.

It’s worth keeping in mind, though, that these legal alternatives were in part a direct answer to sites such as The Pirate Bay.

In fact, if piracy hadn’t existed the world might have looked entirely different today. Piracy showed the entertainment industries that people wanted instant online access to media, a demand that was later fulfilled by iTunes, Netflix streaming, Spotify, and many others.

Today The Pirate Bay remains online. Despite several raids, criminal prosecutions, dozens of website blockades, and other anti-piracy measures, the site continues to thrive. And so do its torrents.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Rightscorp Done Anti-Pirating? Stock Worthless, Website Gone

Post Syndicated from Andy original https://torrentfreak.com/rightscorp-done-stock-worthless-website-gone-190518/

For many years, anti-piracy outfit Rightscorp has been on a mission to turn piracy into profit.

The company monitors BitTorrent networks, captures IP addresses, then asks ISPs to forward cash settlement demands to its subscribers.

While some companies in the same niche have “gone big” by demanding hundreds or even thousands of dollars for each alleged infringement, Rightscorp deployed a “speeding fine” model. To make Rightscorp go away, the company regularly demanded settlements of between $20 and $30, shared with rightsholders 50/50.

These, of course, mounted up. According to a set of financial results covering the three months ended September 30, 2017, Rightscorp had closed more than 230,000 alleged cases of infringement.

What happened after that is unclear, as the company opted not to report any further financial details in public. If it had, they probably wouldn’t have made pretty reading.

During the nine months ended September 30, 2017, Rightscorp recorded a net loss of $1,448,899. During the same period a year earlier, it lost $1,380,698. As a result, the company had just $3,147 left in cash at the end of September 2017.

Against the odds, however, Rightscorp appears to have kept going, although what that means on an operational level is anyone’s guess. Now, however, the writing appears to be on the wall.

A cursory visit to Rightscorp’s website today doesn’t yield any detailed information. Or, indeed, any information at all.

Most pages are completely blank apart from a solitary line of text on its investor page. An ironic one too given how Rightscorp frequently demanded that ISPs should suspend the accounts of subscribers who refuse to pay up.

Those who called for those to be suspended, have been suspended

We’re not aware of any public explanations being made by Rightscorp but things don’t look bright and sunny on the investor front either.

In January 2012, Rightscorp shares (RIHT) reached the dizzy heights of $0.80 each. At the beginning of 2015, they were worth $0.074, falling to $0.017 in January 2017.

From there, things only got worse. At the time of writing Rightscorp stock is currently worth just $0.0025.

So what next for Rightscorp? It seems unlikely the company is still sending out settlement demands, without a working website it can’t handle any payments. But even if it could, the amounts probably wouldn’t amount to much.

During its last reporting period covering the three months to September 2017, it collected just $45,848 from BitTorrent users but paid out $22,924 of that amount to copyright holders.

Finally (and whatever happens to the company next), it’s important to note that Rightscorp data is still being utilized in various copyright infringement lawsuits filed by music companies against ISPs in the United States, including against Cox Communications and Grande Communications.

Indeed, the data collated for use against Grande customers cost the RIAA $700,000. That was considerably better value for Rightscorp than scraping $20 from each infringer and then having to pay $10 straight back out. That last big deal might’ve been the last throw of the dice but only time will tell.

Meanwhile, Rightscorp founder and former CEO Christopher Sabec is currently advising “cannabis cultivators, manufacturers and other licensees” over at Fox Rothschild LLP, an appointment that was announced this March.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Former “Copyright Alert System” Portal Now Links to Mattress Review Site

Post Syndicated from Ernesto original https://torrentfreak.com/former-copyright-alert-system-portal-now-links-to-mattress-review-site-190512/

In 2011, the MPAA and RIAA teamed up with several major U.S. Internet providers, announcing their plan to shift the norms and behavior of BitTorrent pirates.

The parties launched the Center for Copyright Information and agreed on a system through which Internet account holders would be warned if their connections were used to download pirated content.

The program allowed ISPs to take a variety of repressive measures, including bandwidth throttling and temporary Internet disconnections. The “voluntary” agreement was praised by the US Government and seen as a prime example for other countries.

However, it didn’t last. 

Early 2017 the MPAA, RIAA, and several major US ISPs pulled the plug. The parties never explained in detail why the effort was halted but it was clearly not the ideal solution for all involved. 

This was good news for the people who were on the brink of being ‘punished’ by their ISPs after repeated notices. They could finally sleep easy again. That’s actually something the now-defunct Copyright Alert System website can help them with today. 

After the scheme was stopped, the ‘copyrightinformation.org’ website remained online for months, offering the public information on how to avoid copyright infringement notices and where to obtain legal content.

That stopped eventually, and it now seems that the official domain has been taken over by a mattress review site.

People who try to access the former Copyright Alert System website are now redirected to buymattress.net. Apparently, none of the parties involved was interested in renewing the domain registration.

Mattress anyone?

The mattress site gladly picked up this valuable domain which has thousands of backlinks all over the web, including some from reputable news sites. That’s generally good for search engine optimization purposes.

Of course, a mattress site is not much of a problem for the RIAA and MPAA, but it seems like the anti-piracy groups dodged a bullet here. 

Imagine if the domain was picked up the likes of The Pirate Bay, a prominent pirate streaming site, or even a stream-ripping service? That would have been quite an embarrassment, to say the least.

The MPAA is not completely unaware of this risk. After all, it still owns the TorrentSpy.com domain name, even though the website was shut down over a decade ago. Similarly, Isohunt.com and Hotfile.com are still under control of the Hollywood group, redirecting to MPAA.org.

That said, it’s not completely unprecedented for piracy or anti-piracy related domain names to fall into the hands of third parties. The Department of Justice, for example, let go of several Megaupload related domains a few years ago.

Most famously, back in 2007 The Pirate Bay took over IFPI.com, a domain name that was previously owned by the prominent music industry organization IFPI. The torrent site kept the acronym, but changed the meaning to “International Federation of Pirate Interests.”

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Vader & the Truth About Pirate IPTV Services

Post Syndicated from Andy original https://torrentfreak.com/vader-the-truth-about-pirate-iptv-services-100512/

Netflix, Amazon Video, Hulu, CBS All Access, fuboTV, DAZN, NowTV, the forthcoming Disney+, cable TV, terrestrial TV, satellite, cinema.

How long is this list? Nowhere near long enough if you want to come close to matching what’s currently being offered by premium pirate IPTV services.

If any of the important ‘pirate’ IPTV providers flicked a magic switch and suddenly became legal overnight, all of the above would struggle to keep their heads above water. Add another dozen legal services to the list, and the statement would still stand.

The range of content offered by ‘pirate’ IPTV services demolishes that offered by all of the world’s key providers combined. And many do it for between $5 and $25 per month – because they don’t have to worry about the costs of making it.

It usually takes a couple of minutes to sign up and that content is available on a wide range of devices, from phones through to smart TVs. Almost any device, wherever people like. How it should be.

The public wants what the public gets, at least when they sail the IPTV high seas. Until it all goes to shit in an instant, of course.

This week, Vader – one of the most recognized ‘pirate’ IPTV services – suddenly disappeared, taking not only the subscriptions of users with them but also money handed over by resellers of the service. Communication with what are effectively creditors was scrappy at best, quite incredible at worst.

After declaring that there had been “no choice but to close down Vader”, supposed facts about the closure were widely circulated by various parties, sometimes accompanied by documents and quotes to back up often-conflicting claims.

Depending on which version one believes, if any, Vader was raided, sued, told to enter into a settlement agreement with ACE (the huge anti-piracy coalition founded by the MPAA, Netflix and Amazon), or had simply taken everyone’s money and headed for the hills. Or perhaps a combination of the above. Or none.

The ‘running’ theory gained traction following a statement from Vader which asked people to “take the financial losses we are all going to take, as resellers and direct sellers”, i.e please don’t ask for your money back. That was further compounded by another statement in which the service asked for donations to fund its legal defense and to help pay back people who doggedly asked for a refund.

Now, if Vader was “raided” as some pretty detailed missives have claimed this week, would it still have control over its customer list and bank accounts, in order to make these refunds happen? That doesn’t seem likely, but stranger things have happened. If it was being sued it probably would, but there’s no evidence of that either.

While there appears to be no public record of Vader getting served, that doesn’t mean that it isn’t the subject of legal action, won’t be in the future, or doesn’t need a big cash injection. For example, if ACE has really offered the service the opportunity to settle, Vader will be given a set of demands. If they do not comply, then legal action might follow.

We have proof that ACE, among other things, demanded cooperation as part of previous settlement agreements with other entities. That meant promising to hand over information on others in the ecosystem. But would ACE really offer such a giant service the opportunity to take the easy route when it has chosen to sue the likes of TickBox, Dragon Box, and SETTV?

To find out, within hours of Vader’s shutdown TorrentFreak contacted ACE directly and asked them to confirm or deny that the MPAA (which now conducts its anti-piracy activities through ACE) was involved in the shutdown of Vader. We were told that the ACE coalition was working on a statement. Perfect.

Four days later we had received nothing, so we prompted the anti-piracy group for a response. We were told that our request hadn’t been forgotten and that it was hoped it could get a statement to us this week.

Perhaps needless to say, we haven’t received anything.

This is, of course, interesting in itself. If ACE wasn’t involved in the closure of Vader, then a simple response to clarify that fact would have been simple and could have been done in two letters – NO. However, if ACE was involved, that would make any statement much more complex.

If some kind of deal is indeed being thrashed out, we know that previous agreements sent out by ACE contained clauses that recipients can’t talk about the settlement to anyone but their lawyers. Vader clearly doesn’t want to talk about much in public and, at least for now, neither does ACE. Draw your own conclusions.

However, the fact that ACE hasn’t made a statement to confirm or deny might also be advantageous, intentional or otherwise, from an anti-piracy perspective.

Whether ACE is involved in this debacle or not, the complete lack of clarity surrounding this entire situation only serves to undermine trust in pirate IPTV providers. Granted, a public lawsuit would achieve similar goals, but right now the lack of information looks bad on Vader, not on ACE. In fact, if they aren’t involved, this is a free lunch for ACE and a big minus for Vader and by extension, pirate IPTV.

And this brings us to the point. Pirate IPTV services do not operate like legitimate companies such as Netflix. When people give Netflix their hard earned cash they can be pretty sure that they’ll get what they pay for but should the company be unable to fulfill its obligations, a very clear public statement will be made.

It certainly won’t shut down with zero notice, with no proper explanation, and begin asking for donations to dig it out of a hole. But come on, does anyone really expect an entity in this niche to operate any differently?

The main reason why anyone chooses to do business with a pirate IPTV provider (whether that’s Vader or any other) is because they don’t play by “the rules”. It’s because they thumb their noses at authority. It’s because they solve the problems of having dozens of subscription packages. It’s because they offer great value for money.

People want all this with no drawbacks? Think again.

Fulfilling all of these demands flat-out requires them to be unorthodox. It requires them to be ambiguous. It requires them to act illegally and it requires them to save their own asses when the sheriff comes to town.

Anyone who thinks it should play out differently should stick to buying bridges.

The truth about ‘pirate’ TV services is simple. You pay your money, you take a chance. People should approach IPTV subscriptions expecting to lose their money – that’s why month-to-month packages are often recommended to those with an aversion to losing cash.

People should not be surprised when such services go down temporarily or indeed permanently without notice. And they should presume that they’ll buffer at times but be happy when they don’t. Expectations should be set low by default to avoid disappointment.

‘Pirate’ IPTV services are a gamble, pure and simple. The odds are usually stacked in the user’s favor so their popularity is unlikely to wane in the near future. That says a lot about the service they mostly deliver. But make no mistake, there are no guarantees in this game.

There’s a whole new generation of pirates entering this market on both sides, supply and demand, whose motivations – one way or another – is to either make or save money. In the end, it is that balancing act that will tip the scales of success for providers and users alike.

Vader may be gone for now but there are still plenty of options around. As soon as its demise was announced, many suppliers went into overdrive to pick up the slack. How many customers will now choose to stay away is anyone’s guess but with bargains on offer, there probably won’t be any shortage of money changing hands.

Just don’t expect anyone to be particularly upfront about what’s really going on, whether that’s the providers, resellers, or anti-piracy groups. There’s way too much at stake to unmuddy the waters just because some people want answers.

The truth is always the first casualty of any war and this one is no different.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

‘YouTube Content-ID Abusers Could Face Millions of Dollars in Damages’

Post Syndicated from Ernesto original https://torrentfreak.com/youtube-content-id-abusers-could-face-millions-of-dollars-in-damages-190509/

With over 20 million subscribers of its main channel and over 30 million over its entire network, WatchMojo is one of the largest players on YouTube.

The Montreal-based video production company has been around for well over a decade and continues to expand its viewership, despite fierce competition.

While WatchMojo owes a lot of its success to YouTube, the company is also growing increasingly frustrated with rampant copyright abuse on the platform. We’re not talking about people who steal their content, but about companies that unlawfully claim their videos.

These complaints are far from new and we have highlighted these issues repeatedly over the years. However, when a channel the size of WatchMojo sounds the alarm bell, people should pay attention. This includes abusive rightsholders, which could be liable for millions of dollars in damages.

But let’s start with the basis for the recent uproar. Last weekend WatchMojo’s CEO Ashkan Karbasfrooshan published a video in which he exposed some of the worst Content-ID abusers. The video provides several examples of companies that claimed WatchMojo content which, according to the channel, is protected under fair use.

For example, when WatchMojo published a video commenting on an Avengers movie trailer, an outfit called Hexacorp (which does business as Orfium) claimed it, arguing that the trailer’s music was used without permission. Hexacorp represented Ramen Music, which licensed the track to Marvel, but apparently, WatchMojo wasn’t allowed to show it.

WatchMojo disagreed and protested the claim citing fair use. After all, the trailer and music were clearly used for commentary purposes. This worked and Hexacorp eventually let the claim go, but many other channels with less legal knowledge simply accepted the claim, allowing Hexacorp to monetize their videos.

What plays a major role here is that protesting Content-ID claims may eventually lead to copyright notices. These notices can result in “strikes” which can then cause people to lose all content in their YouTube channels. That’s not a risk many channels want to take.

TorrentFreak spoke to WatchMojo’s CEO who informed us that this is just one of the many examples. Every month they receive hundreds of Content-ID claims across their channels. However, WatchMojo vigorously fights back and prevails on nearly every occasion.

Karbasfrooshan notes that Content-ID abusers come in all shapes and sizes. Some stand out in terms of volume but are quick to let go of claims once a channel protests. Others send only a few complaints but protest when channels push back.

While there’s no doubt that rightsholders should be able to pursue legitimate claims, WatchMojo believes that many see the system as a revenue-generating opportunity. They simply issue thousands of frivolous claims, knowing that many won’t be protested, even though there are clear arguments for fair use.

This means that the rightsholders will scoop up extra revenue with very little expense. After all, most Content-ID claims are automated.

In addition, WatchMojo also signals a possible anti-competitive angle. The channel receives a lot of strikes for content from the music company BMG.  These, again, often target fair use videos and are sometimes issued globally, even though the rights can only be enforced in certain countries.

The full expose is explained in detail in WatchMojo’s video, where Karbasfrooshan highlights that BMG’s parent company, Bertelsmann, also has a stake in ZergNet, which happens to be a direct competitor of WatchMojo on YouTube.

“Bertelsmann, through their investment arm BMDI, has invested in our direct competitor ZergNet, whose assets Looper, Nicky Swift and a bunch of others compete with us for the same audience, fighting for the same ad dollars, competing for the same eyeballs,” WatchMojo’s CEO notes.

WatchMojo’s CEO Ash Karbasfrooshan

Whether the behavior is anti-competitive or not, the overarching problem is that many rightsholders ‘abuse’ the Content-ID system, willingly or not. According to US case law, they are required to consider fair use when issuing takedown requests, something that doesn’t happen very often it seems.

Content-ID is a voluntary system that’s not rooted in law. However, WatchMojo believes that abusive rightsholders are opening themselves up to millions of dollars in potential damages from YouTube channels. One way this could happen is through a class action lawsuit.

Karbasfrooshan floated this idea in his initial video which triggered a lot of response from fellow channel operators. The basic idea is that a group of affected channels files a class action suit against an abusive rightsholder, with the goal of obtaining a settlement for unlawfully claimed and monetized videos.

In a follow-up video, WatchMojo explains in detail how this would work. What is clear, is that the potential damages are massive. According to a calculation made by the channel, rightsholders earned over $2 billion through unlawfully claimed videos over the past several years.

YouTube revenue and potential damages (red) (credit: WatchMojo)

Whether the calculations hold up or not, it is clear that companies that send out a lot of claims against fair use content could theoretically face substantial damages. This, of course, has to be backed up in court, but according to WatchMojo’s CEO, who has plenty of legal experience, it’s a viable option.

“We are now actively exploring taking legal action against a couple of targets where we have built up a lot of evidence of wrongdoing, abuse, and received additional evidence from other channels too,” Karbasfrooshan tells TorrentFreak.

For now, WatchMojo is not ready to serve as a representative plaintiff in a class action suit. It hopes that by highlighting the potential risks for copyright holders, the associated companies will do the right thing and properly consider fair use.

WatchMojo has complained about Content-ID abuse for quite a while and it believes that some type of legal action against an abuser is inevitable. Whether that’s through a class action suit or not.

“It’s a matter of time, if not us, someone will come along and sue and win big,” Karbasfrooshan tells us.

WatchMojo’s CEO has spoken to lawyers who, once they were informed about what was going on, were also convinced that some type of legal action is inevitable.

“I assure you that once I explained how Content-ID worked vs. copyright law, and then how rightsholders abused it, the general consensus was: ok, these rightsholders are going to get sued,” Karbasfrooshan says.

“Now, whether that’s done via a class action suit or a direct lawsuit is a different matter. I think the former is interesting but the latter is practically more likely,” he adds.

Still, Karbasfrooshan hopes that lawsuits are not needed to address this. Ideally, copyright holders should change the way they operate and respect fair use, he says.

And there’s also a major role for YouTube here. They can make a simple change and whitelist channels that have good standing, so these are not harmed by frivolous claims.

“The answer is simple: it’s time for a separate class of channels for those who use the platform in a professional manner,” Karbasfrooshan notes.

The latter angle will be discussed in the third episode of WatchMojo’s four-part series on Content-ID abuse. In addition, the channel will also launch “The FU Show”, where it will break down and discuss fair use (FU) issues in regards to content claims. 

Needless to say, these videos are very informative, and there’s something in there for channel operators as well as copyright holders. 

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Flight Sim Company Threatens Reddit Mods Over “Libelous” DRM Posts

Post Syndicated from Andy original https://torrentfreak.com/flight-sim-company-threatens-reddit-mods-over-libellous-drm-posts-180604/

Earlier this year, in an effort to deal with piracy of their products, flight simulator company FlightSimLabs took drastic action by installing malware on customers’ machines.

The story began when a Reddit user reported something unusual in his download of FlightSimLabs’ A320X module. A file – test.exe – was being flagged up as a ‘Chrome Password Dump’ tool, something which rang alarm bells among flight sim fans.

As additional information was made available, the story became even more sensational. After first dodging the issue with carefully worded statements, FlightSimLabs admitted that it had installed a password dumper onto ALL users’ machines – whether they were pirates or not – in an effort to catch a particular software cracker and launch legal action.

It was an incredible story that no doubt did damage to FlightSimLabs’ reputation. But the now the company is at the center of a new storm, again centered around anti-piracy measures and again focused on Reddit.

Just before the weekend, Reddit user /u/walkday reported finding something unusual in his A320X module, the same module that caused the earlier controversy.

“The latest installer of FSLabs’ A320X puts two cmdhost.exe files under ‘system32\’ and ‘SysWOW64\’ of my Windows directory. Despite the name, they don’t open a command-line window,” he reported.

“They’re a part of the authentication because, if you remove them, the A320X won’t get loaded. Does someone here know more about cmdhost.exe? Why does FSLabs give them such a deceptive name and put them in the system folders? I hate them for polluting my system folder unless, of course, it is a dll used by different applications.”

Needless to say, the news that FSLabs were putting files into system folders named to make them look like system files was not well received.

“Hiding something named to resemble Window’s “Console Window Host” process in system folders is a huge red flag,” one user wrote.

“It’s a malware tactic used to deceive users into thinking the executable is a part of the OS, thus being trusted and not deleted. Really dodgy tactic, don’t trust it and don’t trust them,” opined another.

With a disenchanted Reddit userbase simmering away in the background, FSLabs took to Facebook with a statement to quieten down the masses.

“Over the past few hours we have become aware of rumors circulating on social media about the cmdhost file installed by the A320-X and wanted to clear up any confusion or misunderstanding,” the company wrote.

“cmdhost is part of our eSellerate infrastructure – which communicates between the eSellerate server and our product activation interface. It was designed to reduce the number of product activation issues people were having after the FSX release – which have since been resolved.”

The company noted that the file had been checked by all major anti-virus companies and everything had come back clean, which does indeed appear to be the case. Nevertheless, the critical Reddit thread remained, bemoaning the actions of a company which probably should have known better than to irritate fans after February’s debacle. In response, however, FSLabs did just that once again.

In private messages to the moderators of the /r/flightsim sub-Reddit, FSLabs’ Marketing and PR Manager Simon Kelsey suggested that the mods should do something about the thread in question or face possible legal action.

“Just a gentle reminder of Reddit’s obligations as a publisher in order to ensure that any libelous content is taken down as soon as you become aware of it,” Kelsey wrote.

Noting that FSLabs welcomes “robust fair comment and opinion”, Kelsey gave the following advice.

“The ‘cmdhost.exe’ file in question is an entirely above board part of our anti-piracy protection and has been submitted to numerous anti-virus providers in order to verify that it poses no threat. Therefore, ANY suggestion that current or future products pose any threat to users is absolutely false and libelous,” he wrote, adding:

“As we have already outlined in the past, ANY suggestion that any user’s data was compromised during the events of February is entirely false and therefore libelous.”

Noting that FSLabs would “hate for lawyers to have to get involved in this”, Kelsey advised the /r/flightsim mods to ensure that no such claims were allowed to remain on the sub-Reddit.

But after not receiving the response he would’ve liked, Kelsey wrote once again to the mods. He noted that “a number of unsubstantiated and highly defamatory comments” remained online and warned that if something wasn’t done to clean them up, he would have “no option” than to pass the matter to FSLabs’ legal team.

Like the first message, this second effort also failed to have the desired effect. In fact, the moderators’ response was to post an open letter to Kelsey and FSLabs instead.

“We sincerely disagree that you ‘welcome robust fair comment and opinion’, demonstrated by the censorship on your forums and the attempted censorship on our subreddit,” the mods wrote.

“While what you do on your forum is certainly your prerogative, your rules do not extend to Reddit nor the r/flightsim subreddit. Removing content you disagree with is simply not within our purview.”

The letter, which is worth reading in full, refutes Kelsey’s claims and also suggests that critics of FSLabs may have been subjected to Reddit vote manipulation and coordinated efforts to discredit them.

What will happen next is unclear but the matter has now been placed in the hands of Reddit’s administrators who have agreed to deal with Kelsey and FSLabs’ personally.

It’s a little early to say for sure but it seems unlikely that this will end in a net positive for FSLabs, no matter what decision Reddit’s admins take.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

When Joe Public Becomes a Commercial Pirate, a Little Knowledge is Dangerous

Post Syndicated from Andy original https://torrentfreak.com/joe-public-becomes-commercial-pirate-little-knowledge-dangerous-180603/

Back in March and just a few hours before the Anthony Joshua v Joseph Parker fight, I got chatting with some fellow fans in the local pub. While some were intending to pay for the fight, others were going down the Kodi route.

Soon after the conversation switched to IPTV. One of the guys had a subscription and he said that his supplier would be along shortly if anyone wanted a package to watch the fight at home. Of course, I was curious to hear what he had to say since it’s not often this kind of thing is offered ‘offline’.

The guy revealed that he sold more or less exclusively on eBay and called up the page on his phone to show me. The listing made interesting reading.

In common with hundreds of similar IPTV subscription offers easily findable on eBay, the listing offered “All the sports and films you need plus VOD and main UK channels” for the sum of just under £60 per year, which is fairly cheap in the current market. With a non-committal “hmmm” I asked a bit more about the guy’s business and surprisingly he was happy to provide some details.

Like many people offering such packages, the guy was a reseller of someone else’s product. He also insisted that selling access to copyrighted content is OK because it sits in a “gray area”. It’s also easy to keep listings up on eBay, he assured me, as long as a few simple rules are adhered to. Right, this should be interesting.

First of all, sellers shouldn’t be “too obvious” he advised, noting that individual channels or channel lists shouldn’t be listed on the site. Fair enough, but then he said the most important thing of all is to have a disclaimer like his in any listing, written as follows:

“PLEASE NOTE EBAY: THIS IS NOT A DE SCRAMBLER SERVICE, I AM NOT SELLING ANY ILLEGAL CHANNELS OR CHANNEL LISTS NOR DO I REPRESENT ANY MEDIA COMPANY NOR HAVE ACCESS TO ANY OF THEIR CONTENTS. NO TRADEMARK HAS BEEN INFRINGED. DO NOT REMOVE LISTING AS IT IS IN ACCORDANCE WITH EBAY POLICIES.”

Apparently, this paragraph is crucial to keeping listings up on eBay and is the equivalent of kryptonite when it comes to deflecting copyright holders, police, and Trading Standards. Sure enough, a few seconds with Google reveals the same wording on dozens of eBay listings and those offering IPTV subscriptions on external platforms.

It is, of course, absolutely worthless but the IPTV seller insisted otherwise, noting he’d sold “thousands” of subscriptions through eBay without any problems. While a similar logic can be applied to garlic and vampires, a second disclaimer found on many other illicit IPTV subscription listings treads an even more bizarre path.

“THE PRODUCTS OFFERED CAN NOT BE USED TO DESCRAMBLE OR OTHERWISE ENABLE ACCESS TO CABLE OR SATELLITE TELEVISION PROGRAMS THAT BYPASSES PAYMENT TO THE SERVICE PROVIDER. RECEIVING SUBSCRIPTION/BASED TV AIRTIME IS ILLEGAL WITHOUT PAYING FOR IT.”

This disclaimer (which apparently no sellers displaying it have ever read) seems to be have been culled from the Zgemma site, which advertises a receiving device which can technically receive pirate IPTV services but wasn’t designed for the purpose. In that context, the disclaimer makes sense but when applied to dedicated pirate IPTV subscriptions, it’s absolutely ridiculous.

It’s unclear why so many sellers on eBay, Gumtree, Craigslist and other platforms think that these disclaimers are useful. It leads one to the likely conclusion that these aren’t hardcore pirates at all but regular people simply out to make a bit of extra cash who have received bad advice.

What is clear, however, is that selling access to thousands of otherwise subscription channels without permission from copyright owners is definitely illegal in the EU. The European Court of Justice says so (1,2) and it’s been backed up by subsequent cases in the Netherlands.

While the odds of getting criminally prosecuted or sued for reselling such a service are relatively slim, it’s worrying that in 2018 people still believe that doing so is made legal by the inclusion of a paragraph of text. It’s even more worrying that these individuals apparently have no idea of the serious consequences should they become singled out for legal action.

Even more surprisingly, TorrentFreak spoke with a handful of IPTV suppliers higher up the chain who also told us that what they are doing is legal. A couple claimed to be protected by communication intermediary laws, others didn’t want to go into details. Most stopped responding to emails on the topic. Perhaps most tellingly, none wanted to go on the record.

The big take-home here is that following some important EU rulings, knowingly linking to copyrighted content for profit is nearly always illegal in Europe and leaves people open for targeting by copyright holders and the authorities. People really should be aware of that, especially the little guy making a little extra pocket money on eBay.

Of course, people are perfectly entitled to carry on regardless and test the limits of the law when things go wrong. At this point, however, it’s probably worth noting that IPTV provider Ace Hosting recently handed over £600,000 rather than fight the Premier League (1,2) when they clearly had the money to put up a defense.

Given their effectiveness, perhaps they should’ve put up a disclaimer instead?

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Ray Ozzie’s Encryption Backdoor

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/05/ray_ozzies_encr.html

Last month, Wired published a long article about Ray Ozzie and his supposed new scheme for adding a backdoor in encrypted devices. It’s a weird article. It paints Ozzie’s proposal as something that “attains the impossible” and “satisfies both law enforcement and privacy purists,” when (1) it’s barely a proposal, and (2) it’s essentially the same key escrow scheme we’ve been hearing about for decades.

Basically, each device has a unique public/private key pair and a secure processor. The public key goes into the processor and the device, and is used to encrypt whatever user key encrypts the data. The private key is stored in a secure database, available to law enforcement on demand. The only other trick is that for law enforcement to use that key, they have to put the device in some sort of irreversible recovery mode, which means it can never be used again. That’s basically it.

I have no idea why anyone is talking as if this were anything new. Several cryptographers have already explained why this key escrow scheme is no better than any other key escrow scheme. The short answer is (1) we won’t be able to secure that database of backdoor keys, (2) we don’t know how to build the secure coprocessor the scheme requires, and (3) it solves none of the policy problems around the whole system. This is the typical mistake non-cryptographers make when they approach this problem: they think that the hard part is the cryptography to create the backdoor. That’s actually the easy part. The hard part is ensuring that it’s only used by the good guys, and there’s nothing in Ozzie’s proposal that addresses any of that.

I worry that this kind of thing is damaging in the long run. There should be some rule that any backdoor or key escrow proposal be a fully specified proposal, not just some cryptography and hand-waving notions about how it will be used in practice. And before it is analyzed and debated, it should have to satisfy some sort of basic security analysis. Otherwise, we’ll be swatting pseudo-proposals like this one, while those on the other side of this debate become increasingly convinced that it’s possible to design one of these things securely.

Already people are using the National Academies report on backdoors for law enforcement as evidence that engineers are developing workable and secure backdoors. Writing in Lawfare, Alan Z. Rozenshtein claims that the report — and a related New York Times story — “undermine the argument that secure third-party access systems are so implausible that it’s not even worth trying to develop them.” Susan Landau effectively corrects this misconception, but the damage is done.

Here’s the thing: it’s not hard to design and build a backdoor. What’s hard is building the systems — both technical and procedural — around them. Here’s Rob Graham:

He’s only solving the part we already know how to solve. He’s deliberately ignoring the stuff we don’t know how to solve. We know how to make backdoors, we just don’t know how to secure them.

A bunch of us cryptographers have already explained why we don’t think this sort of thing will work in the foreseeable future. We write:

Exceptional access would force Internet system developers to reverse “forward secrecy” design practices that seek to minimize the impact on user privacy when systems are breached. The complexity of today’s Internet environment, with millions of apps and globally connected services, means that new law enforcement requirements are likely to introduce unanticipated, hard to detect security flaws. Beyond these and other technical vulnerabilities, the prospect of globally deployed exceptional access systems raises difficult problems about how such an environment would be governed and how to ensure that such systems would respect human rights and the rule of law.

Finally, Matthew Green:

The reason so few of us are willing to bet on massive-scale key escrow systems is that we’ve thought about it and we don’t think it will work. We’ve looked at the threat model, the usage model, and the quality of hardware and software that exists today. Our informed opinion is that there’s no detection system for key theft, there’s no renewability system, HSMs are terrifically vulnerable (and the companies largely staffed with ex-intelligence employees), and insiders can be suborned. We’re not going to put the data of a few billion people on the line an environment where we believe with high probability that the system will fail.

EDITED TO ADD (5/14): An analysis of the proposal.

YouTube Won’t Put Up With Blatant Piracy Tutorials Forever

Post Syndicated from Andy original https://torrentfreak.com/youtube-wont-put-up-with-blatant-piracy-tutorials-forever-180506/

Once upon a time, Internet users’ voices would be heard in limited circles, on platforms such as Usenet or other niche platforms.

Then, with the rise of forum platforms such as phpBB in 2000 and Invision Power Board in 2002, thriving communities could gather in public to discuss endless specialist topics, including file-sharing of course.

When dedicated piracy forums began to gain traction, it was pretty much a free-for-all. People discussed obtaining free content absolutely openly. Nothing was taboo and no one considered that there would be any repercussions. As such, moderation was limited to keeping troublemakers in check.

As the years progressed and lawsuits against both sites and services became more commonplace, most sites that weren’t actually serving illegal content began to consider their positions. Run by hobbyists, most didn’t want the hassle of a multi-million dollar lawsuit, so links to pirate content began to diminish and the more overt piracy tutorials began to disappear underground.

Those that remained in plain sight became much more considered. Tutorials on how to pirate specific Hollywood blockbusters were no longer needed, a plain general tutorial would suffice. And, as communities matured and took time to understand the implications of their actions, those without political motivations realized that drawing attention to potential criminality was neither required nor necessary.

Then YouTube and social media happened and almost overnight, no one was in charge and anyone could say whatever they liked.

In this new reality, there were no irritating moderator-type figures removing links to this and that, and nobody warning people against breaking rules that suddenly didn’t exist anymore. In essence, previously tight-knit and street-wise file-sharing and piracy communities not only became fragmented, but also chaotic.

This meant that anyone could become a leader and in some cases, this was the utopia that many had hoped for. Not only couldn’t the record labels or Hollywood tell people what to do anymore, discussion site operators couldn’t either. For those who didn’t abuse the power and for those who knew no better, this was a much-needed breath of fresh air. But, like all good things, it was unlikely to last forever.

Where most file-sharing of yesterday was carried out by hobbyist enthusiasts, many of today’s pirates are far more casual. They’re just as thirsty for content, but they don’t want to spend hours hunting for it. They want it all on a plate, at the flick of a switch, delivered to their TV with a minimum of hassle.

With online discussions increasingly seen as laborious and old-fashioned, many mainstream pirates have turned to easy-to-consume videos. In support of their Kodi media player habits, YouTube has become the educational platform of choice for millions.

As a result, there is now a long line of self-declared Kodi piracy specialists scooping up millions of views on YouTube. Their videos – which in many cases are thinly veiled advertisements for third party addons, Kodi ‘builds’, illegal IPTV services, and obscure Android APKs – are now the main way for a new generation to obtain direct advice on pirating.

Many of the videos are incredibly blatant, like the past 15 years of litigation never happened. All the lessons learned by the phpBB board operators of yesteryear, of how to achieve their goals of sharing information without getting shut down, have been long forgotten. In their place, a barrage of daily videos designed to generate clicks and affiliate revenue, no matter what the cost, no matter what the risk.

It’s pretty clear that these videos are at least partly responsible for the phenomenal uptick in Kodi and Android-based piracy over the past few years. In that respect, many lovers of free content will be eternally grateful for the service they’ve provided. But like many piracy movements over the years, people shouldn’t get too attached to them, at least in their current form.

Thanks to the devil-may-care approach of many influential YouTubers, it won’t be long before a whole new set of moderators begin flexing their muscles. While your average phpBB moderator could be reasoned with in order to get a second chance, a determined and largely faceless YouTube will eject offenders without so much as a clear explanation.

When this happens (and it’s only a question of time given the growing blatancy of many tutorials) YouTubers will not only lose their voices but their revenue streams too. While YouTube’s partner programs bring in some welcome cash, the profitable affiliate schemes touted on these channels for external products will also be under threat.

Perhaps the most surprising thing in this drama-waiting-to-happen is that many of the most popular YouTubers can hardly be considered young and naive. While some are of more tender years, most – with their undoubted skill, knowledge and work ethic – should know better for their 30 or 40 years on this planet. Yet not only do they make their names public, they feature their faces heavily in their videos too.

Still, it’s likely that it will take some big YouTube accounts to fall before YouTubers respond by shaving the sharp edges off their blatant promotion of illegal activity. And there’s little doubt that those advertising products (which is most of them) will have to do so sooner rather than later.

Just this week, YouTube made it clear that it won’t tolerate people making money from the promotion of illegal activities.

“YouTube creators may include paid endorsements as part of their content only if the product or service they are endorsing complies with our advertising policies,” YouTube told the BBC.

“We will be working with creators going forward so they better understand that in video promotions [they] must not promote dishonest activity.”

That being said, like many other players in the piracy and file-sharing space over the past 18 years, YouTubers will eventually begin to learn that not only can the smart survive, they can flourish too.

Sure, there will be people out there who’ll protest that free speech allows citizens to express themselves in a manner of their choosing. But try PM’ing that to YouTube in response to a strike, and see how that fares.

When they say you’re done, the road back is a long one.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Video Deters People From Pirate Sites…Or Encourages Them to Start One?

Post Syndicated from Andy original https://torrentfreak.com/video-deters-people-from-pirate-sites-or-encourages-them-to-start-one-180505/

There are almost as many anti-piracy strategies as there are techniques for downloading.

Litigation and education are probably the two most likely to be seen by the public, who are often directly targeted by the entertainment industries.

Over the years this has led to many campaigns, one of which famously stated that piracy is a crime while equating it to the physical theft of a car, a handbag, a television, or a regular movie DVD. It’s debatable whether these campaigns have made much difference but they have raised awareness and some of the responses have been hilarious.

While success remains hard to measure, it hasn’t stopped these PSAs from being made. The latest efforts come out of Sweden, where the country’s Patent and Registration Office (PRV) was commissioned by the government to increase public awareness of copyright and help change attitudes surrounding streaming and illegal downloading.

“The purpose is, among other things, to reduce the use of illegal streaming sites and make it easier and safer to find and choose legal options,” PRV says.

“Every year, criminal networks earn millions of dollars from illegal streaming. This money comes from advertising on illegal sites and is used for other criminal activities. The purpose of our film is to inform about this.”

The series of videos show pirates in their supposed natural habitats of beautiful mansions, packed with luxurious items such as indoor pools, fancy staircases, and stacks of money. For some reason (perhaps to depict anonymity, perhaps to suggest something more sinister) the pirates are all dressed in animal masks, such as this one enjoying his Dodge Viper.

The clear suggestion here is that people who visit pirate sites and stream unlicensed content are helping to pay for this guy’s bright green car. The same holds true for his indoor swimming pool, jet bike, and gold chains in the next clip.

While some might have a problem with pirates getting rich from their clicks, it can’t have escaped the targets of these videos that they too are benefiting from the scheme. Granted, hyena-man gets the pool and the Viper, but they get the latest movies. It seems unlikely that pirate streamers refused to watch the copy of Black Panther that leaked onto the web this week (a month before its retail release) on the basis that someone else was getting rich from it.

That being said, most people will probably balk at elements of the full PSA, which suggests that revenue from illegal streaming goes on to fuel other crimes, such as prescription drug offenses.

After reporting piracy cases for more than twelve years, no one at TF has ever seen evidence of this happening with any torrent or streaming site operators. Still, it makes good drama for the full video, embedded below.

“In the film we follow a fictional occupational criminal who gives us a tour of his beautiful villa. He proudly shows up his multi-criminal activity, which was made possible by means of advertising money from his illegal streaming services,” PRV explains.

The dark tone and creepy masks are bound to put some people off but one has to question the effect this kind of video could have on younger people. Do pirates really make mountains of money so huge that they can only be counted by machine? If they do, then it’s a lot less risky than almost any other crime that yields this claimed level of profit.

With that in mind, will this video deter the public or simply encourage people to get involved for some of that big money? We sent a link to the operator of a large pirate site for his considered opinion.

“WTF,” he responded.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Stream to Twitch with the push of a button

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/tinkernut-twitch-streaming/

Stream your video gaming exploits to the internet at the touch of a button with the Twitch-O-Matic. Everyone else is doing it, so you should too.

Twitch-O-Matic: Raspberry Pi Twitch Streaming Device – Weekend Hacker #1804

Some gaming consoles make it easy to stream to Twitch, some gaming consoles don’t (come on, Nintendo). So for those that don’t, I’ve made this beta version of the “Twitch-O-Matic”. No it doesn’t chop onions or fold your laundry, but what it DOES do is stream anything with HDMI output to your Twitch channel with the simple push of a button!

eSports and online game streaming

Interest in eSports has skyrocketed over the last few years, with viewership numbers in the hundreds of millions, sponsorship deals increasing in value and prestige, and tournament prize funds reaching millions of dollars. So it’s no wonder that more and more gamers are starting to stream live to online platforms in order to boost their fanbase and try to cash in on this growing industry.

Streaming to Twitch

Launched in 2011, Twitch.tv is an online live-streaming platform with a primary focus on video gaming. Users can create accounts to contribute their comments and content to the site, as well as watching live-streamed gaming competitions and broadcasts. With a staggering fifteen million daily users, Twitch is accessible via smartphone and gaming console apps, smart TVs, computers, and tablets. But if you want to stream to Twitch, you may find yourself using third-party software in order to do so. And with more buttons to click and more wires to plug in for older, app-less consoles, streaming can get confusing.

Enter Tinkernut.

Side note: we ❤ Tinkernut

We’ve featured Tinkernut a few times on the Raspberry Pi blog – his tutorials are clear, his projects are interesting and useful, and his live-streamed comment videos for every build are a nice touch to sharing homebrew builds on the internet.

Tinkernut Raspberry Pi Zero W Twitch-O-Matic

So, yes, we love him. [This is true. Alex never shuts up about him. – Ed.] And since he has over 500K subscribers on YouTube, we’re obviously not the only ones. We wave our Tinkernut flags with pride.

Twitch-O-Matic

With a Raspberry Pi Zero W, an HDMI to CSI adapter, and a case to fit it all in, Tinkernut’s Twitch-O-Matic allows easy connection to the Twitch streaming service. You’ll also need a button – the bigger, the better in our opinion, though Tinkernut has opted for the Adafruit 16mm Illuminated Pushbutton for his build, and not the 100mm Massive Arcade Button that, sadly, we still haven’t found a reason to use yet.

Adafruit massive button

“I’m sorry, Dave…”

For added frills and pizzazz, Tinketnut has also incorporated Adafruit’s White LED Backlight Module into the case, though you don’t have to do so unless you’re feeling super fancy.

The setup

The Raspberry Pi Zero W is connected to the HDMI to CSI adapter via the camera connector, in the same way you’d attach the camera ribbon. Tinkernut uses a standard Raspbian image on an 8GB SD card, with SSH enabled for remote access from his laptop. He uses the simple command Raspivid to test the HDMI connection by recording ten seconds of video footage from his console.

Tinkernut Raspberry Pi Zero W Twitch-O-Matic

One lead is all you need

Once you have the Pi receiving video from your console, you can connect to Twitch using your Twitch stream key, which you can find by logging in to your account at Twitch.tv. Tinkernut’s tutorial gives you all the commands you need to stream from your Pi.

The frills

To up the aesthetic impact of your project, adding buttons and backlights is fairly straightforward.

Tinkernut Raspberry Pi Zero W Twitch-O-Matic

Pretty LED frills

To run the stream command, Tinketnut uses a button: press once to start the stream, press again to stop. Pressing the button also turns on the LED backlight, so it’s obvious when streaming is in progress.

The tutorial

For the full code and 3D-printable case STL file, head to Tinketnut’s hackster.io project page. And if you’re already using a Raspberry Pi for Twitch streaming, share your build setup with us. Cheers!

The post Stream to Twitch with the push of a button appeared first on Raspberry Pi.

Vetter: Linux Kernel Maintainer Statistics

Post Syndicated from corbet original https://lwn.net/Articles/752563/rss

Daniel Vetter looks at
some kernel-development statistics
, with a focus on patches written by
the maintainers who commit them. “Naively extrapolating the relative trend predicts that around the year 2025 large numbers of kernel maintainers will do nothing else than be the bottleneck, preventing everyone else from getting their work merged and not contributing anything of their own. The kernel community imploding under its own bureaucratic weight being the likely outcome of that.

This is a huge contrast to the ‘everything is getting better, bigger, and
the kernel community is very healthy’ fanfare touted at keynotes and the
yearly kernel report. In my opinion, the kernel community is very much not
looking like it is coping with its growth well and an overall healthy
community.”

OMG The Stupid It Burns

Post Syndicated from Robert Graham original https://blog.erratasec.com/2018/04/omg-stupid-it-burns.html

This article, pointed out by @TheGrugq, is stupid enough that it’s worth rebutting.

The article starts with the question “Why did the lessons of Stuxnet, Wannacry, Heartbleed and Shamoon go unheeded?“. It then proceeds to ignore the lessons of those things.
Some of the actual lessons should be things like how Stuxnet crossed air gaps, how Wannacry spread through flat Windows networking, how Heartbleed comes from technical debt, and how Shamoon furthers state aims by causing damage.
But this article doesn’t cover the technical lessons. Instead, it thinks the lesson should be the moral lesson, that we should take these things more seriously. But that’s stupid. It’s the sort of lesson people teach you that know nothing about the topic. When you have nothing of value to contribute to a topic you can always take the moral high road and criticize everyone for being morally weak for not taking it more seriously. Obviously, since doctors haven’t cured cancer yet, it’s because they don’t take the problem seriously.
The article continues to ignore the lesson of these cyber attacks and instead regales us with a list of military lessons from WW I and WW II. This makes the same flaw that many in the military make, trying to understand cyber through analogies with the real world. It’s not that such lessons could have no value, it’s that this article contains a poor list of them. It seems to consist of a random list of events that appeal to the author rather than events that have bearing on cybersecurity.
Then, in case we don’t get the point, the article bullies us with hyperbole, cliches, buzzwords, bombastic language, famous quotes, and citations. It’s hard to see how most of them actually apply to the text. Rather, it seems like they are included simply because he really really likes them.
The article invests much effort in discussing the buzzword “OODA loop”. Most attacks in cyberspace don’t have one. Instead, attackers flail around, trying lots of random things, overcoming defense with brute-force rather than an understanding of what’s going on. That’s obviously the case with Wannacry: it was an accident, with the perpetrator experimenting with what would happen if they added the ETERNALBLUE exploit to their existing ransomware code. The consequence was beyond anybody’s ability to predict.
You might claim that this is just the first stage, that they’ll loop around, observe Wannacry’s effects, orient themselves, decide, then act upon what they learned. Nope. Wannacry burned the exploit. It’s essentially removed any vulnerable systems from the public Internet, thereby making it impossible to use what they learned. It’s still active a year later, with infected systems behind firewalls busily scanning the Internet so that if you put a new system online that’s vulnerable, it’ll be taken offline within a few hours, before any other evildoer can take advantage of it.
See what I’m doing here? Learning the actual lessons of things like Wannacry? The thing the above article fails to do??
The article has a humorous paragraph on “defense in depth”, misunderstanding the term. To be fair, it’s the cybersecurity industry’s fault: they adopted then redefined the term. That’s why there’s two separate articles on Wikipedia: one for the old military term (as used in this article) and one for the new cybersecurity term.
As used in the cybersecurity industry, “defense in depth” means having multiple layers of security. Many organizations put all their defensive efforts on the perimeter, and none inside a network. The idea of “defense in depth” is to put more defenses inside the network. For example, instead of just one firewall at the edge of the network, put firewalls inside the network to segment different subnetworks from each other, so that a ransomware infection in the customer support computers doesn’t spread to sales and marketing computers.
The article talks about exploiting WiFi chips to bypass the defense in depth measures like browser sandboxes. This is conflating different types of attacks. A WiFi attack is usually considered a local attack, from somebody next to you in bar, rather than a remote attack from a server in Russia. Moreover, far from disproving “defense in depth” such WiFi attacks highlight the need for it. Namely, phones need to be designed so that successful exploitation of other microprocessors (namely, the WiFi, Bluetooth, and cellular baseband chips) can’t directly compromise the host system. In other words, once exploited with “Broadpwn”, a hacker would need to extend the exploit chain with another vulnerability in the hosts Broadcom WiFi driver rather than immediately exploiting a DMA attack across PCIe. This suggests that if PCIe is used to interface to peripherals in the phone that an IOMMU be used, for “defense in depth”.
Cybersecurity is a young field. There are lots of useful things that outsider non-techies can teach us. Lessons from military history would be well-received.
But that’s not this story. Instead, this story is by an outsider telling us we don’t know what we are doing, that they do, and then proceeds to prove they don’t know what they are doing. Their argument is based on a moral suasion and bullying us with what appears on the surface to be intellectual rigor, but which is in fact devoid of anything smart.
My fear, here, is that I’m going to be in a meeting where somebody has read this pretentious garbage, explaining to me why “defense in depth” is wrong and how we need to OODA faster. I’d rather nip this in the bud, pointing out if you found anything interesting from that article, you are wrong.

How Many Piracy Warnings Would Get You to Stop?

Post Syndicated from Andy original https://torrentfreak.com/how-many-piracy-warnings-would-get-you-to-stop-180422/

For the past several years, copyright holders in the US and Europe have been trying to reach out to file-sharers in an effort to change their habits.

Whether via high-profile publicity lawsuits or a simple email, it’s hoped that by letting people know they aren’t anonymous, they’ll stop pirating and buy more content instead.

Traditionally, most ISPs haven’t been that keen on passing infringement notices on. However, the BMG v Cox lawsuit seems to have made a big difference, with a growing number of ISPs now visibly warning their users that they operate a repeat infringer policy.

But perhaps the big question is how seriously users take these warnings because – let’s face it – that’s the entire point of their existence.

There can be little doubt that a few recipients will be scurrying away at the slightest hint of trouble, intimidated by the mere suggestion that they’re being watched.

Indeed, a father in the UK – who received a warning last year as part of the Get it Right From a Genuine Site campaign – confidently and forcefully assured TF that there would be no more illegal file-sharing taking place on his ten-year-old son’s computer again – ever.

In France, where the HADOPI anti-piracy scheme received much publicity, people receiving an initial notice are most unlikely to receive additional ones in future. A December 2017 report indicated that of nine million first warning notices sent to alleged pirates since 2012, ‘just’ 800,000 received a follow-up warning on top.

The suggestion is that people either stop their piracy after getting a notice or two, or choose to “go dark” instead, using streaming sites for example or perhaps torrenting behind a decent VPN.

But for some people, the message simply doesn’t sink in early on.

A post on Reddit this week by a TWC Spectrum customer revealed that despite a wealth of readily available information (including masses in the specialist subreddit where the post was made), even several warnings fail to have an effect.

“Was just hit with my 5th copyright violation. They halted my internet and all,” the self-confessed pirate wrote.

There are at least three important things to note from this opening sentence.

Firstly, the first four warnings did nothing to change the user’s piracy habits. Secondly, Spectrum presumably had enough at five warnings and kicked in a repeat-infringer suspension, presumably to avoid the same fate as Cox in the BMG case. Third, the account suspension seems to have changed the game.

Notably, rather than some huge blockbuster movie, that fifth warning came due to something rather less prominent.

“Thought I could sneak in a random episode of Rosanne. The new one that aired LOL. That fast. Under 24 hours I got shut off. Which makes me feel like [ISPs] do monitor your traffic and its not just the people sending them notices,” the post read.

Again, some interesting points here.

Any content can be monitored by rightsholders but if it’s popular in the US then a warning delivered via an ISP seems to be more likely than elsewhere. However, the misconception that the monitoring is done by ISPs persists, despite that not being the case.

ISPs do not monitor users’ file-sharing activity, anti-piracy companies do. They can grab an IP address the second someone enters a torrent swarm, or even connects to a tracker. It happens in an instant, at a time of their choosing. Quickly jumping in and out of a torrent is no guarantee and the fallacy of not getting caught due to a failure to seed is just that – a fallacy.

But perhaps the most important thing is that after five warnings and a disconnection, the Reddit user decided to take action. Sadly for the people behind Rosanne, it’s not exactly the reaction they’d have hoped for.

“I do not want to push it but I am curious to what happens 6th time, and if I would even be safe behind a VPN,” he wrote.

“Just want to learn how to use a VPN and Sonarr and have a guilt free stress free torrent watching.”

Of course, there was no shortage of advice.

“If you have gotten 5 notices, you really should of learnt [sic] how to use a VPN before now,” one poster noted, perhaps inevitably.

But curiously, or perhaps obviously given the number of previous warnings, the fifth warning didn’t come as a surprise to the user.

“I knew they were going to hit me for it. I just didn’t think a 195mb file would do it. They were getting me for Disney movies in the past,” he added.

So how do you grab the attention of a persistent infringer like this? Five warnings and a suspension apparently. But clearly, not even that is a guarantee of success. Perhaps this is why most ‘strike’ schemes tend to give up on people who can’t be rehabilitated.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

WG29: Насоки относно съгласието според GDPR

Post Syndicated from nellyo original https://nellyo.wordpress.com/2018/04/19/wp29-edpr/

През тази седмица работната група WG29 издаде Насоки относно съгласието според Общия регламент за защита на данните.

Те са изготвени в продължение на Opinion 15/2011 на WG29  относно съгласието и имат за цел да предоставят практическа помощ за прилагане на Общия регламент за защита на данните. Opinion 15/2011 запазва валидност, доколкото е в съответствие с новия регламент.

Artefacts in the classroom with Museum in a Box

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/museum-in-a-box/

Museum in a Box bridges the gap between museums and schools by creating a more hands-on approach to conservation education through 3D printing and digital making.

Artefacts in the classroom with Museum in a Box || Raspberry Pi Stories

Learn more: http://rpf.io/ Subscribe to our YouTube channel: http://rpf.io/ytsub Help us reach a wider audience by translating our video content: http://rpf.io/yttranslate Buy a Raspberry Pi from one of our Approved Resellers: http://rpf.io/ytproducts Find out more about the Raspberry Pi Foundation: Raspberry Pi http://rpf.io/ytrpi Code Club UK http://rpf.io/ytccuk Code Club International http://rpf.io/ytcci CoderDojo http://rpf.io/ytcd Check out our free online training courses: http://rpf.io/ytfl Find your local Raspberry Jam event: http://rpf.io/ytjam Work through our free online projects: http://rpf.io/ytprojects Do you have a question about your Raspberry Pi?

Fantastic collections and where to find them

Large, impressive statues are truly a sight to be seen. Take for example the 2.4m Hoa Hakananai’a at the British Museum. Its tall stature looms over you as you read its plaque to learn of the statue’s journey from Easter Island to the UK under the care of Captain Cook in 1774, and you can’t help but wonder at how it made it here in one piece.

Hoa Hakananai’a Captain Cook British Museum
Hoa Hakananai’a Captain Cook British Museum

But unless you live near a big city where museums are plentiful, you’re unlikely to see the likes of Hoa Hakananai’a in person. Instead, you have to content yourself with online photos or videos of world-famous artefacts.

And that only accounts for the objects that are on display: conservators estimate that only approximately 5 to 10% of museums’ overall collections are actually on show across the globe. The rest is boxed up in storage, inaccessible to the public due to risk of damage, or simply due to lack of space.

Museum in a Box

Museum in a Box aims to “put museum collections and expert knowledge into your hand, wherever you are in the world,” through modern maker practices such as 3D printing and digital making. With the help of the ‘Scan the World’ movement, an “ambitious initiative whose mission is to archive objects of cultural significance using 3D scanning technologies”, the Museum in a Box team has been able to print small, handheld replicas of some of the world’s most recognisable statues and sculptures.

Museum in a Box Raspberry Pi

Each 3D print gets NFC tags so it can initiate audio playback from a Raspberry Pi that sits snugly within the laser-cut housing of a ‘brain box’. Thus the print can talk directly to us through the magic of wireless technology, replacing the dense, dry text of a museum plaque with engaging speech.

Museum in a Box Raspberry Pi

The Museum in a Box team headed by CEO George Oates (featured in the video above) makes use of these 3D-printed figures alongside original artefacts, postcards, and more to bridge the gap between large, crowded, distant museums and local schools. Modeled after the museum handling collections that used to be sent to schools, Museum in a Box is a cheaper, more accessible alternative. Moreover, it not only allows for hands-on learning, but also encourages children to get directly involved by hacking its technology! With NFC technology readily available to the public, students can curate their own collections about their local area, record their own messages, and send their own box-sized museums on to schools in other towns or countries. In this way, Museum in a Box enables students to explore, and expand the reach of, their own histories.

Moving forward

With the technology perfected and interest in the project ever-growing, Museum in a Box has a busy year ahead. Supporting the new ‘Unstacked’ learning initiative, the team will soon be delivering ten boxes to the Smithsonian Libraries. The team has curated two collections specifically for this: an exploration into Asia-Pacific America experiences of migration to the USA throughout the 20th century, and a look into the history of science.

Smithsonian Library Museum in a Box Raspberry Pi

The team will also be making a box for the British Museum to support their Iraq Scheme initiative, and another box will be heading to the V&A to support their See Red programme. While primarily installed in the Lansbury Micro Museum, the box will also take to the road to visit the local Spotlight high school.

Museum in a Box at Raspberry Fields

Lastly, by far the most exciting thing the Museum in a Box team will be doing this year — in our opinion at least — is showcasing at Raspberry Fields! This is our brand-new festival of digital making that’s taking place on 30 June and 1 July 2018 here in Cambridge, UK. Find more information about it and get your ticket here.

The post Artefacts in the classroom with Museum in a Box appeared first on Raspberry Pi.

Why the crypto-backdoor side is morally corrupt

Post Syndicated from Robert Graham original https://blog.erratasec.com/2018/04/why-crypto-backdoor-side-is-morally.html

Crypto-backdoors for law enforcement is a reasonable position, but the side that argues for it adds things that are either outright lies or morally corrupt. Every year, the amount of digital evidence law enforcement has to solve crimes increases, yet they outrageously lie, claiming they are “going dark”, losing access to evidence. A weirder claim is that  those who oppose crypto-backdoors are nonetheless ethically required to make them work. This is morally corrupt.

That’s the point of this Lawfare post, which claims:

What I am saying is that those arguing that we should reject third-party access out of hand haven’t carried their research burden. … There are two reasons why I think there hasn’t been enough research to establish the no-third-party access position. First, research in this area is “taboo” among security researchers. … the second reason why I believe more research needs to be done: the fact that prominent non-government experts are publicly willing to try to build secure third-party-access solutions should make the information-security community question the consensus view. 

This is nonsense. It’s like claiming we haven’t cured the common cold because researchers haven’t spent enough effort at it. When researchers claim they’ve tried 10,000 ways to make something work, it’s like insisting they haven’t done enough because they haven’t tried 10,001 times.
Certainly, half the community doesn’t want to make such things work. Any solution for the “legitimate” law enforcement of the United States means a solution for illegitimate states like China and Russia which would use the feature to oppress their own people. Even if I believe it’s a net benefit to the United States, I would never attempt such research because of China and Russia.
But computer scientists notoriously ignore ethics in pursuit of developing technology. That describes the other half of the crypto community who would gladly work on the problem. The reason they haven’t come up with solutions is because the problem is hard, really hard.
The second reason the above argument is wrong: it says we should believe a solution is possible because some outsiders are willing to try. But as Yoda says, do or do not, there is no try. Our opinions on the difficulty of the problem don’t change simply because people are trying. Our opinions change when people are succeeding. People are always trying the impossible, that’s not evidence it’s possible.
The paper cherry picks things, like Intel CPU features, to make it seem like they are making forward progress. No. Intel’s SGX extensions are there for other reasons. Sure, it’s a new development, and new developments may change our opinion on the feasibility of law enforcement backdoors. But nowhere in talking about this new development have they actually proposes a solution to the backdoor problem. New developments happen all the time, and the pro-backdoor side is going to seize upon each and every one to claim that this, finally, solves the backdoor problem, without showing exactly how it solves the problem.

The Lawfare post does make one good argument, that there is no such thing as “absolute security”, and thus the argument is stupid that “crypto-backdoors would be less than absolute security”. Too often in the cybersecurity community we reject solutions that don’t provide “absolute security” while failing to acknowledge that “absolute security” is impossible.
But that’s not really what’s going on here. Cryptographers aren’t certain we’ve achieved even “adequate security” with current crypto regimes like SSL/TLS/HTTPS. Every few years we find horrible flaws in the old versions and have to develop new versions. If you steal somebody’s iPhone today, it’s so secure you can’t decrypt anything on it. But then if you hold it for 5 years, somebody will eventually figure out a hole and then you’ll be able to decrypt it — a hole that won’t affect Apple’s newer phones.
The reason we think we can’t get crypto-backdoors correct is simply because we can’t get crypto completely correct. It’s implausible that we can get the backdoors working securely when we still have so much trouble getting encryption working correctly in the first place.
Thus, we aren’t talking about “insignificantly less security”, we are talking about going from “barely adequate security” to “inadequate security”. Negotiating keys between you and a website is hard enough without simultaneously having to juggle keys with law enforcement organizations.

And finally, even if cryptographers do everything correctly law enforcement themselves haven’t proven themselves reliable. The NSA exposed its exploits (like the infamous ETERNALBLUE), and OPM lost all its security clearance records. If they can’t keep those secrets, it’s unreasonable to believe they can hold onto backdoor secrets. One of the problems cryptographers are expected to solve is partly this, to make it work in a such way that makes it unlikely law enforcement will lose its secrets.

Summary

This argument by the pro-backdoor side, that we in the crypto-community should do more to solve backdoors, it simply wrong. We’ve spent a lot of effort at this already. Many continue to work on this problem — the reason you haven’t heard much from them is because they haven’t had much success. It’s like blaming doctors for not doing more to work on interrogation drugs (truth serums). Sure, a lot of doctors won’t work on this because it’s distasteful, but at the same time, there are many drug companies who would love to profit by them. The reason they don’t exist is not because they aren’t spending enough money researching them, it’s because there is no plausible solution in sight.
Crypto-backdoors designed for law-enforcement will significantly harm your security. This may change in the future, but that’s the state of crypto today. You should trust the crypto experts on this, not lawyers.

Setting up bug bounties for success

Post Syndicated from Michal Zalewski original https://lcamtuf.blogspot.com/2018/03/setting-up-bug-bounties-for-success.html

Bug bounties end up in the news with some regularity, usually for the wrong reasons. I’ve been itching to write
about that for a while – but instead of dwelling on the mistakes of the bygone days, I figured it may be better to
talk about some of the ways to get vulnerability rewards right.

What do you get out of bug bounties?

There’s plenty of differing views, but I like to think of such programs
simply as a bid on researchers’ time. In the most basic sense, you get three benefits:

  • Improved ability to detect bugs in production before they become major incidents.
  • A comparatively unbiased feedback loop to help you prioritize and measure other security work.
  • A robust talent pipeline for when you need to hire.

What bug bounties don’t offer?

You don’t get anything resembling a comprehensive security program or a systematic assessment of your platforms.
Researchers end up looking for bugs that offer favorable effort-to-payoff ratios for their skills and given the
very imperfect information they have about your enterprise. In other words, you may end up with a hundred
people looking for XSS and just one person looking for RCE.

Your reward structure can steer them toward the targets and bugs you care about, but it’s difficult to fully
eliminate this inherent skew. There’s only so far you can jack up your top-tier rewards, and only so far you can
go lowering the bottom-tier ones.

Don’t you have to outcompete the black market to get all the “good” bugs?

There is a free market price discovery component to it all: if you’re not getting the engagement you
were hoping for, you should probably consider paying more.

That said, there are going to be researchers who’d rather hurt you than work for you, no matter how much you pay;
you don’t have to win them over, and you don’t have to outspend every authoritarian government or
every crime syndicate. A bug bounty is effective simply if it attracts enough eyeballs to make bugs statistically
harder to find, and reduces the useful lifespan of any zero-days in black market trade. Plus, most
researchers don’t want their work to be used to crack down on dissidents in Egypt or Vietnam.

Another factor is that you’re paying for different things: a black market buyer probably wants a reliable exploit
capable of delivering payloads, and then demands silence for months or years to come; a vendor-run
bug bounty program is usually perfectly happy with a reproducible crash and doesn’t mind a researcher blogging
about their work.

In fact, while money is important, you will probably find out that it’s not enough to retain your top talent;
many folks want bug bounties to be more than a business transaction, and find a lot of value in having a close
relationship with your security team, comparing notes, and growing together. Fostering that partnership can
be more important than adding another $10,000 to your top reward.

How do I prevent it all from going horribly wrong?

Bug bounties are an unfamiliar beast to most lawyers and PR folks, so it’s a natural to be wary and try to plan
for every eventuality with pages and pages of impenetrable rules and fine-print legalese.

This is generally unnecessary: there is a strong self-selection bias, and almost every participant in a
vulnerability reward program will be coming to you in good faith. The more friendly, forthcoming, and
approachable you seem, and the more you treat them like peers, the more likely it is for your relationship to stay
positive. On the flip side, there is no faster way to make enemies than to make a security researcher feel that they
are now talking to a lawyer or to the PR dept.

Most people have strong opinions on disclosure policies; instead of imposing your own views, strive to patch reported bugs
reasonably quickly, and almost every reporter will play along. Demand researchers to cancel conference appearances,
take down blog posts, or sign NDAs, and you will sooner or later end up in the news.

But what if that’s not enough?

As with any business endeavor, mistakes will happen; total risk avoidance is seldom the answer. Learn to sincerely
apologize for mishaps; it’s not a sign of weakness to say “sorry, we messed up”. And you will almost certainly not end
up in the courtroom for doing so.

It’s good to foster a healthy and productive relationship with the community, so that they come to your defense when
something goes wrong. Encouraging people to disclose bugs and talk about their experiences is one way of accomplishing that.

What about extortion?

You should structure your program to naturally discourage bad behavior and make it stand out like a sore thumb.
Require bona fide reports with complete technical details before any reward decision is made by a panel of named peers;
and make it clear that you never demand non-disclosure as a condition of getting a reward.

To avoid researchers accidentally putting themselves in awkward situations, have clear rules around data exfiltration
and lateral movement: assure them that you will always pay based on the worst-case impact of their findings; in exchange,
ask them to stop as soon as they get a shell and never access any data that isn’t their own.

So… are there any downsides?

Yep. Other than souring up your relationship with the community if you implement your program wrong, the other consideration
is that bug bounties tend to generate a lot of noise from well-meaning but less-skilled researchers.

When this happens, do not get frustrated and do not penalize such participants; instead, help them grow. Consider
publishing educational articles, giving advice on how to investigate and structure reports, or
offering free workshops every now and then.

The other downside is cost; although bug bounties tend to offer far more bang for your buck than your average penetration
test, they are more random. The annual expenses tend to be fairly predictable, but there is always
some possibility of having to pay multiple top-tier rewards in rapid succession. This is the kind of uncertainty that
many mid-level budget planners react badly to.

Finally, you need to be able to fix the bugs you receive. It would be nuts to prefer to not know about the
vulnerabilities in the first place – but once you invite the research, the clock starts ticking and you need to
ship fixes reasonably fast.

So… should I try it?

There are folks who enthusiastically advocate for bug bounties in every conceivable situation, and people who dislike them
with fierce passion; both sentiments are usually strongly correlated with the line of business they are in.

In reality, bug bounties are not a cure-all, and there are some ways to make them ineffectual or even dangerous.
But they are not as risky or expensive as most people suspect, and when done right, they can actually be fun for your
team, too. You won’t know for sure until you try.

OTON GLASS: turning text to speech

Post Syndicated from Alex Bate original https://www.raspberrypi.org/blog/oton-glass/

With OTON GLASS, users are able to capture text with a blink and have it read back to them in their chosen language. It’s wonderful tool for people with dyslexia or poor vision, or for travellers abroad.

OTON GLASS

A wearable device for people who have difficulty reading.

OTON GLASS

Inspired by his father’s dyslexia, Keisuke Shimakage of the Media Creation Research Department at the Institute of Advanced Media Arts and Sciences, Japan, began to develop OTON GLASS:

I was determined to develop OTON GLASS because of my father’s dyslexia experience. In 2012, my father had a brain tumor, and developed dyslexia after his operation — the catalyst for OTON GLASS. Fortunately, he recovered fully after rehabilitation. However, many people have congenital dyslexia regardless of their health.

Assembling a team of engineers and designers, Keisuke got to work.

A collage images illustrating the history of developing OTON GLASS — OTON GLASS RASPBERRY PI GLASSES FOR DYSLEXIC USERS

The OTON GLASS device includes a Raspberry Pi 3, two cameras, and an earphone. One camera on the inside of the frame tracks the user’s eyes, and when it detects the blinked trigger, the outward-facing camera captures an image of what the user is looking at. This image is then processed by the Raspberry Pi via a program that performs optical character recognition. If the Pi detects written words, it converts them to speech, which the earphone plays back for the user.

A collage of images and text explaining how OTON GLASS works — OTON GLASS RASPBERRY PI GLASSES FOR DYSLEXIC USERS

The initial prototype of OTON GLASS had a 15-second delay between capturing text and replaying audio. This was cut down to three seconds in the team’s second prototype, designed in CAD software and housed within a 3D-printed case. The makers were then able to do real-world testing of the prototype to collect feedback from dyslexic users, and continued to upgrade the device based on user opinions.

Awards buzz

OTON GLASS is on its way to public distribution this year, and is currently doing the rounds at various trade and tech shows throughout Japan. Models are also available for trial at the Japan Blind Party Association, Kobe Eye Centre, and Nippon Keihan Library. In 2016, the device was runner-up for the James Dyson Award, and it has also garnered attention at various other awards shows and in the media. We’re looking forward to getting out hands on OTON GLASS, and we can’t wait to find out where team will take this device in the future.

The post OTON GLASS: turning text to speech appeared first on Raspberry Pi.