Tag Archives: paramount

Kodi Addon Dev Says “Show of Force” Will Be Met With Defiance

Post Syndicated from Andy original https://torrentfreak.com/kodi-addon-dev-says-show-force-will-met-defiance-171119/

For many years, the members of the MPAA have flexed their muscles all around the globe, working to prevent people from engaging in online piracy. If the last 17 years ‘progress’ is anything to go by, it’s a war that will go on indefinitely.

With Columbia, Disney, Paramount, Twentieth Century Fox, Universal, and Warner on board, the MPAA has historically relied on sheer power to intimidate opponents. That has certainly worked in many large piracy cases but for many peripheral smaller-scale pirates, their presence is largely ignored.

This week, however, several players in the Kodi scene discovered that these giants – and more besides – have the ability to literally turn up at their front door. As reported Thursday, UK-based Kodi addon developer The_Alpha received a hand-delivered cease-and-desist letter from all of the above, accompanied by new faces Netflix, Amazon and Sky TV.

These companies are part of the Alliance for Creativity and Entertainment (ACE), a massive and recently-formed anti-piracy coalition comprised of 30 global entertainment brands. TorrentFreak reached out to The_Alpha for his thoughts on coming under such a dazzling spotlight but perhaps understandably he didn’t want to comment.

The leader of the Ares Project was willing to go on the record, however, after he too received a hand-delivered threat during the week. His decision was to immediately comply and shutdown but TF is informed that others might not be so willing to follow suit.

A Kodi addon developer living in the UK who spoke to us on condition of anonymity told us that most people operating in the scene expected some kind of trouble – just not on this scale.

“Did you see the [company logos] across the top of Alpha’s letter? That’s some serious shit right there. The film companies are no surprise but Amazon delivers my groceries so I don’t expect this shit from them,” he said.

When the ACE partnership was formed earlier this year, it seemed pretty clear that the main drive was towards the pooling of anti-piracy resources to be more effective and efficient. However, it can’t have escaped ACE that such a broad and powerful alliance could also have a profound psychological effect on its adversaries.

“There’s no doubt in my mind that they’re turning up mob-handed to put the shits up people like Alpha and the rest of us,” the developer said. “It’s hardly a fair dust-up is it? What have we got to fight back with, a giro [state benefits]? It’s a show of force, ‘look how important we are’!”

Interestingly, however, the dev told us that it isn’t necessarily the size of the coalition that has him most concerned. What caught his eye was the inclusion of two influential UK-based companies in the alliance.

“Having Sly [a local derogatory nickname for Sky TV] and the Premier League on the letter makes it much more serious to me than seeing Warner or whatever,” he commented.

“I don’t get involved in footie but Sly is everywhere round here and I think it’s something the Brit dev scene might take notice of, even if most say ‘fuck it’ and carry on anyway.”

When questioned whether that’s likely, our source said that while ACE might be able to tackle some of the bigger targets like Ares Project or Colossus, they fundamentally misunderstand how the Kodi scene works.

“If you want a good example of a scattered pirate scene, I give you Kodi. They can bomb the base or whatever but nobody lives there,” he explained.

“There’s some older blokes like me who can do without the stress but a lot of younger coders, builders and YouTubers who thrive on it. They’re used to running around council estates with real-life problems. A faffy letter from some toff in a suit means literally nothing. Like I said, all they have to lose is a giro.”

Whether this is just bravado will remain to be seen, but our earlier discussions with others in the scene indicate a particular weakness in the UK, with many players vulnerable to being found after failing to hide their identities in the past. To a point, our source agrees that this is a problem.

“People are saying that Alpha was found after trying to raise some charity money related to his disabled son but I don’t know for sure and nor does anybody else. What strikes me is that none of us really thought things would get this on top here because all you ever hear about is America this, Canada that, whatever. Does this means that more of us are getting done in England? You tell me,” he said.

Only time will tell but stamping out the pirate Kodi scene is going to be hard work.

Within hours of several projects disappearing Wednesday and Thursday, YouTube and myriad blogs were being flooded with guides detailing immediate replacements. This ad-hoc network of enthusiasts makes the exchange of information happen at an alarming rate and it’s hard to see how any company – no matter how powerful – will ever be able to keep up.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Ares Kodi Project Calls it Quits After Hollywood Cease & Desist

Post Syndicated from Andy original https://torrentfreak.com/ares-kodi-project-calls-it-quits-after-hollywood-cease-desist-171117/

This week has been particularly bad for those involved in the Kodi addon scene. Following cease-and-desist notices from the MPA-led anti-piracy coalition Alliance for Creativity and Entertainment, several addon developers and repositories shut down.

With Columbia, Disney, Paramount, Twentieth Century Fox, Universal, Warner, Netflix, Amazon and Sky TV all lined up for war, the third-party developers had little choice but to quit. One of those affected was the leader of the hugely popular Ares Project, which quietly disappeared mid-week.

The Ares Wizard was an extremely popular and important piece of software which allowed people to switch Kodi builds, install third-party addons, install popular repositories, change system settings, and carry out backups. It’s installed on huge numbers of machines worldwide but it will soon fall into disrepair.

The mighty Ares Wizard in action

“[This week] I was subject to a hand-delivered notice to cease-and-desist from MPA & ACE,” Ares Project leader Tekto informs TorrentFreak.

“Given the notice, we obviously shut down the repo and wizard as requested.”

The news that Ares Project is done and never coming back will be a huge blow to the community. The project just celebrated its second birthday and has grown exponentially since it first arrived on the scene.

“Ares Project started in Oct 2015. Originally it was to be a tool to setup up the video cache on Kodi correctly. However, many ideas were thrown into the pot and it became a wee bit more; such as a wizard to install community provided builds, common addons and few other tweaks and options,” Tekto says.

“For my own part I started blogging earlier that year as part of a longer-term goal to be self-funding. I always disliked seeing begging bowls out to support ‘server’ costs, many of which were cheap £5-10 per month servers that were used to gain £100s in donations.

“The blog, via affiliate links and ads, could and would provide the funds to cover our hosting costs without resorting to begging for money every weekend.”

Intrigued by this first wave of actions by ACE in Europe, TorrentFreak asked for a copy of the MPA/ACE cease-and-desist notice but unfortunately, Tekto flat-out refused. All he would tell us is that he’d agreed not to give out any copies or screenshots and that he was adhering to that 100%.

That only leaves speculation as to what grounds the MPA/ACE cited for closing the project but to be fair, it doesn’t take much thought to find a direct comparison. Earlier this year, in the BREIN v Filmspeler case, the European Court of Justice (ECJ) ruled that selling “fully-loaded” Kodi boxes amounted to illegally communicating copyrighted content to the public.

With that in mind, it doesn’t take much of a leap to see how this ruling could also apply to someone distributing “fully-loaded” Kodi software builds or addons via a website. It had previously been considered a legal gray area, of course, and it was in that space that the Ares team believed it operated. After all, it took ECJ clarification for local courts in the Netherlands to be satisfied with the legal position.

“There was never any question that what we were doing was illegal. We didn’t and never have hosted any content, we always prevented discussions about illegal paid services, and never sold any devices, pre-loaded or otherwise. That used to be enough to occupy the ‘gray’ area which meant we were safe to develop our applications. That changed in 2017 as we were to discover,” Tekto notes.

Up until this week and apparently oblivious to how the earlier ECJ ruling might affect their operation, things had been going extremely well for Ares. In mid-2016, the group moved to its own support forum that attracted 100,000 signed-up members and 300,000 visitors every month.

“This was quite an achievement in terms of viral marketing but ultimately this would become part of our downfall,” Tekto says.

“The recent innovation of the ‘basket driven’ Ares Portal system seems to have triggered the legal move to shut the project down completely. This simple system gave access to hundreds of add-ons. The system removed the need for builds, blogs and YouTubers – you just shopped on the site for addons and then installed them to your device with a simple 6 digit code.”

While Ares and Tekto still didn’t believe they were doing anything illegal (addons were linked, not hosted) it is now pretty clear to them that the previous gray area has been well and truly closed, at least as far as the MPA/ACE alliance is concerned. And with that in mind, the show is over. Done. Finished.

“We are not criminals or malicious hackers, we weren’t even careful about hiding our identities. You couldn’t meet a more ordinary bunch of folks in truth,” he says.

“There was never any question we would close our doors if what we were doing crossed any boundaries of legality. So with the notice served on us, we are closing our doors and removing all our websites and applications. It’s a sad day in many ways, but nobody wants to be facing court or a potential custodial sentence, for what is essentially a hobby.”

Finally, Tekto says that others like him might want to consider their positions carefully, before they too get a knock at the door. In the meantime, he gives thanks to the project’s supporters, who have remained loyal over the past two years.

“It just leaves me to thank our users for their support and step away from the Kodi scene,” he concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Hollywood Studios Force ISPs to Block Popcorn Time & Subtitle Sites

Post Syndicated from Andy original https://torrentfreak.com/court-orders-isps-to-block-popcorn-time-subtitle-websites-171113/

Early 2014, a new craze was sweeping the piracy world. Instead of relatively cumbersome text-heavy torrent sites, people were turning to a brand new application called Popcorn Time.

Dubbed the Netflix for Pirates due to its beautiful interface, Popcorn Time was soon a smash hit all over the planet. But with that fame came trouble, with anti-piracy outfits all over the world seeking to shut it down or at least pour cold water on its popularity.

In the meantime, however, the popularity of Kodi skyrocketed, something which pushed Popcorn Time out of the spotlight for a while. Nevertheless, the application in several different forms never went away and it still enjoys an impressive following today. This means that despite earlier action in several jurisdictions, Hollywood still has it on the radar.

The latest development comes out of Norway, where Disney Entertainment, Paramount Pictures Corporation, Columbia Pictures, Twentieth Century Fox Film Corporation, Universal City Studios and Warner Bros. have just taken 14 local Internet service providers to court.

The studios claimed that the ISPs (including Telenor, Nextgentel, Get, Altibox, Telia, Homenet, Ice Norge, Eidsiva Bredbånd and Lynet Internet) should undertake broad blocking action to ensure that three of the most popular Popcorn Time forks (located at popcorn-time.to, popcorntime.sh and popcorn-time.is) can no longer function in the region.

Since site-blocking necessarily covers the blocking of websites, there appears to have been much discussion over whether a software application can be considered a website. However, the court ultimately found that wasn’t really an issue, since each application requires websites to operate.

“Each of the three [Popcorn Time variants] must be considered a ‘site’, even though users access Popcorn Time in a way that is technically different from the way other pirate sites provide users with access to content, and although different components of the Popcorn Time service are retrieved from different domains,” the Oslo District Court’s ruling reads.

In respect of all three releases of Popcorn Time, the Court weighed the pros and cons of blocking, including whether blocking was needed at all. However, it ultimately decided that alternative methods for dealing with the sites do not exist since the rightsholders tried and ultimately failed to get cooperation from the sites’ operators.

“All sites have as their main purpose the purpose of facilitating infringement of protected works by giving the public unauthorized access to movies and TV shows. This happens without regard to the rights of others and imposes major losses on the licensees and the cultural industry in general,” the Court writes.

The Court also supported compelling ISPs to introduce the blocks, noting that they are “an appropriate and proportionate measure” that does not interfere with the Internet service providers’ freedom to operate nor anyone’s else’s right to freedom of expression.

But while the websites in question are located in three places (popcorn-time.to, popcorntime.sh and popcorn-time.is) the Court’s blocking order goes much further. Not only does it cover these key domains but also other third-party sites that Popcorn Time utilizes, such as platforms offering subtitles.

Popcorn-time.to related domains to be blocked: popcorn-time.to, popcorn-time.xyz, popcorn-time.se, iosinstaller.com, video4time.info, thepopcorntime.net, timepopcorn.info, time-popcorn.com, the-pop-corn-time.net, timepopcorn.net, time4videostream.com, ukfrnlge.xyz, opensubtitles.org, onlinesubtitles.com, popcorntime-update.xyz, plus subdomains.

Popcorntime.sh related domains to be blocked: Popcorntime.sh, api-fetch.website, yts.ag, opensubtitles.org, plus subdomains.

Popcorn-time.is related domains to be blocked: popcorn-time.is, yts.ag, yify.is, yts.ph, api-fetch.website, eztvapi.ml and opensubtitles.org, plus subdomains.

Separately, the Court ordered the ISPs to block torrent site YTS.ag and onlinesubtitles.com, opensubtitles.org, plus their subdomains.

Since no one appeared to represent the sites and the ISPs can’t be held responsible if they cooperate, the Court found that the studios had succeeding in their action and are entitled to compensation.

“The Court’s conclusions mean that the plaintiffs have won the case and, in principle, are entitled to compensation for their legal costs from the operators of the sites,” the Court notes. “This means that the operators of sites are ordered to pay the plaintiffs’ costs.”

Those costs amount to 570,000 kr (around US$70,000), an amount which the Court chose to split equally between the three Popcorn Time forks ($23,359 each). It seems unlikely the amounts will ever be recovered although there is still an opportunity for the parties to appeal.

In the meantime the ISPs have just days left to block the sites listed above. Once they’ve been put in place, the blocks will remain in place for five years.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Automating Security Group Updates with AWS Lambda

Post Syndicated from Ian Scofield original https://aws.amazon.com/blogs/compute/automating-security-group-updates-with-aws-lambda/

Customers often use public endpoints to perform cross-region replication or other application layer communication to remote regions. But a common problem is how do you protect these endpoints? It can be tempting to open up the security groups to the world due to the complexity of keeping security groups in sync across regions with a dynamically changing infrastructure.

Consider a situation where you are running large clusters of instances in different regions that all require internode connectivity. One approach would be to use a VPN tunnel between regions to provide a secure tunnel over which to send your traffic. A good example of this is the Transit VPC Solution, which is a published AWS solution to help customers quickly get up and running. However, this adds additional cost and complexity to your solution due to the newly required additional infrastructure.

Another approach, which I’ll explore in this post, is to restrict access to the nodes by whitelisting the public IP addresses of your hosts in the opposite region. Today, I’ll outline a solution that allows for cross-region security group updates, can handle remote region failures, and supports external actions such as manually terminating instances or adding instances to an existing Auto Scaling group.

Solution overview

The overview of this solution is diagrammed below. Although this post covers limiting access to your instances, you should still implement encryption to protect your data in transit.

If your entire infrastructure is running in a single region, you can reference a security group as the source, allowing your IP addresses to change without any updates required. However, if you’re going across the public internet between regions to perform things like application-level traffic or cross-region replication, this is no longer an option. Security groups are regional. When you go across regions it can be tempting to drop security to enable this communication.

Although using an Elastic IP address can provide you with a static IP address that you can define as a source for your security groups, this may not always be feasible, especially when automatic scaling is desired.

In this example scenario, you have a distributed database that requires full internode communication for replication. If you place a cluster in us-east-1 and us-west-2, you must provide a secure method of communication between the two. Because the database uses cloud best practices, you can add or remove nodes as the load varies.

To start the process of updating your security groups, you must know when an instance has come online to trigger your workflow. Auto Scaling groups have the concept of lifecycle hooks that enable you to perform custom actions as the group launches or terminates instances.

When Auto Scaling begins to launch or terminate an instance, it puts the instance into a wait state (Pending:Wait or Terminating:Wait). The instance remains in this state while you perform your various actions until either you tell Auto Scaling to Continue, Abandon, or the timeout period ends. A lifecycle hook can trigger a CloudWatch event, publish to an Amazon SNS topic, or send to an Amazon SQS queue. For this example, you use CloudWatch Events to trigger an AWS Lambda function that updates an Amazon DynamoDB table.

Component breakdown

Here’s a quick breakdown of the components involved in this solution:

• Lambda function
• CloudWatch event
• DynamoDB table

Lambda function

The Lambda function automatically updates your security groups, in the following way:

1. Determines whether a change was triggered by your Auto Scaling group lifecycle hook or manually invoked for a “true up” functionality, which I discuss later in this post.
2. Describes the instances in the Auto Scaling group and obtain public IP addresses for each instance.
3. Updates both local and remote DynamoDB tables.
4. Compares the list of public IP addresses for both local and remote clusters with what’s already in the local region security group. Update the security group.
5. Compares the list of public IP addresses for both local and remote clusters with what’s already in the remote region security group. Update the security group
6. Signals CONTINUE back to the lifecycle hook.

CloudWatch event

The CloudWatch event triggers when an instance passes through either the launching or terminating states. When the Lambda function gets invoked, it receives an event that looks like the following:

{
	"account": "123456789012",
	"region": "us-east-1",
	"detail": {
		"LifecycleHookName": "hook-launching",
		"AutoScalingGroupName": "",
		"LifecycleActionToken": "33965228-086a-4aeb-8c26-f82ed3bef495",
		"LifecycleTransition": "autoscaling:EC2_INSTANCE_LAUNCHING",
		"EC2InstanceId": "i-017425ec54f22f994"
	},
	"detail-type": "EC2 Instance-launch Lifecycle Action",
	"source": "aws.autoscaling",
	"version": "0",
	"time": "2017-05-03T02:20:59Z",
	"id": "cb930cf8-ce8b-4b6c-8011-af17966eb7e2",
	"resources": [
		"arn:aws:autoscaling:us-east-1:123456789012:autoScalingGroup:d3fe9d96-34d0-4c62-b9bb-293a41ba3765:autoScalingGroupName/"
	]
}

DynamoDB table

You use DynamoDB to store lists of remote IP addresses in a local table that is updated by the opposite region as a failsafe source of truth. Although you can describe your Auto Scaling group for the local region, you must maintain a list of IP addresses for the remote region.

To minimize the number of describe calls and prevent an issue in the remote region from blocking your local scaling actions, we keep a list of the remote IP addresses in a local DynamoDB table. Each Lambda function in each region is responsible for updating the public IP addresses of its Auto Scaling group for both the local and remote tables.

As with all the infrastructure in this solution, there is a DynamoDB table in both regions that mirror each other. For example, the following screenshot shows a sample DynamoDB table. The Lambda function in us-east-1 would update the DynamoDB entry for us-east-1 in both tables in both regions.

By updating a DynamoDB table in both regions, it allows the local region to gracefully handle issues with the remote region, which would otherwise prevent your ability to scale locally. If the remote region becomes inaccessible, you have a copy of the latest configuration from the table that you can use to continue to sync with your security groups. When the remote region comes back online, it pushes its updated public IP addresses to the DynamoDB table. The security group is updated to reflect the current status by the remote Lambda function.

 

Walkthrough

Note: All of the following steps are performed in both regions. The Launch Stack buttons will default to the us-east-1 region.

Here’s a quick overview of the steps involved in this process:

1. An instance is launched or terminated, which triggers an Auto Scaling group lifecycle hook, triggering the Lambda function via CloudWatch Events.
2. The Lambda function retrieves the list of public IP addresses for all instances in the local region Auto Scaling group.
3. The Lambda function updates the local and remote region DynamoDB tables with the public IP addresses just received for the local Auto Scaling group.
4. The Lambda function updates the local region security group with the public IP addresses, removing and adding to ensure that it mirrors what is present for the local and remote Auto Scaling groups.
5. The Lambda function updates the remote region security group with the public IP addresses, removing and adding to ensure that it mirrors what is present for the local and remote Auto Scaling groups.

Prerequisites

To deploy this solution, you need to have Auto Scaling groups, launch configurations, and a base security group in both regions. To expedite this process, this CloudFormation template can be launched in both regions.

Step 1: Launch the AWS SAM template in the first region

To make the deployment process easy, I’ve created an AWS Serverless Application Model (AWS SAM) template, which is a new specification that makes it easier to manage and deploy serverless applications on AWS. This template creates the following resources:

• A Lambda function, to perform the various security group actions
• A DynamoDB table, to track the state of the local and remote Auto Scaling groups
• Auto Scaling group lifecycle hooks for instance launching and terminating
• A CloudWatch event, to track the EC2 Instance-Launch Lifecycle-Action and EC2 Instance-terminate Lifecycle-Action events
• A pointer from the CloudWatch event to the Lambda function, and the necessary permissions

Download the template from here or click to launch.

Upon launching the template, you’ll be presented with a list of parameters which includes the remote/local names for your Auto Scaling Groups, AWS region, Security Group IDs, DynamoDB table names, as well as where the code for the Lambda function is located. Because this is the first region you’re launching the stack in, fill out all the parameters except for the RemoteTable parameter as it hasn’t been created yet (you fill this in later).

Step 2: Test the local region

After the stack has finished launching, you can test the local region. Open the EC2 console and find the Auto Scaling group that was created when launching the prerequisite stack. Change the desired number of instances from 0 to 1.

For both regions, check your security group to verify that the public IP address of the instance created is now in the security group.

Local region:

Remote region:

Now, change the desired number of instances for your group back to 0 and verify that the rules are properly removed.

Local region:

Remote region:

Step 3: Launch in the remote region

When you deploy a Lambda function using CloudFormation, the Lambda zip file needs to reside in the same region you are launching the template. Once you choose your remote region, create an Amazon S3 bucket and upload the Lambda zip file there. Next, go to the remote region and launch the same SAM template as before, but make sure you update the CodeBucket and CodeKey parameters. Also, because this is the second launch, you now have all the values and can fill out all the parameters, specifically the RemoteTable value.

 

Step 4: Update the local region Lambda environment variable

When you originally launched the template in the local region, you didn’t have the name of the DynamoDB table for the remote region, because you hadn’t created it yet. Now that you have launched the remote template, you can perform a CloudFormation stack update on the initial SAM template. This populates the remote DynamoDB table name into the initial Lambda function’s environment variables.

In the CloudFormation console in the initial region, select the stack. Under Actions, choose Update Stack, and select the SAM template used for both regions. Under Parameters, populate the remote DynamoDB table name, as shown below. Choose Next and let the stack update complete. This updates your Lambda function and completes the setup process.

 

Step 5: Final testing

You now have everything fully configured and in place to trigger security group changes based on instances being added or removed to your Auto Scaling groups in both regions. Test this by changing the desired capacity of your group in both regions.

True up functionality
If an instance is manually added or removed from the Auto Scaling group, the lifecycle hooks don’t get triggered. To account for this, the Lambda function supports a “true up” functionality in which the function can be manually invoked. If you paste in the following JSON text for your test event, it kicks off the entire workflow. For added peace of mind, you can also have this function fire via a CloudWatch event with a CRON expression for nearly continuous checking.

{
	"detail": {
		"AutoScalingGroupName": "<your ASG name>"
	},
	"trueup":true
}

Extra credit

Now that all the resources are created in both regions, go back and break down the policy to incorporate resource-level permissions for specific security groups, Auto Scaling groups, and the DynamoDB tables.

Although this post is centered around using public IP addresses for your instances, you could instead use a VPN between regions. In this case, you would still be able to use this solution to scope down the security groups to the cluster instances. However, the code would need to be modified to support private IP addresses.

 

Conclusion

At this point, you now have a mechanism in place that captures when a new instance is added to or removed from your cluster and updates the security groups in both regions. This ensures that you are locking down your infrastructure securely by allowing access only to other cluster members.

Keep in mind that this architecture (lifecycle hooks, CloudWatch event, Lambda function, and DynamoDB table) requires that the infrastructure to be deployed in both regions, to have synchronization going both ways.

Because this Lambda function is modifying security group rules, it’s important to have an audit log of what has been modified and who is modifying them. The out-of-the-box function provides logs in CloudWatch for what IP addresses are being added and removed for which ports. As these are all API calls being made, they are logged in CloudTrail and can be traced back to the IAM role that you created for your lifecycle hooks. This can provide historical data that can be used for troubleshooting or auditing purposes.

Security is paramount at AWS. We want to ensure that customers are protecting access to their resources. This solution helps you keep your security groups in both regions automatically in sync with your Auto Scaling group resources. Let us know if you have any questions or other solutions you’ve come up with!

Hollywood Giants Sue Kodi-powered ‘TickBox TV’ Over Piracy

Post Syndicated from Ernesto original https://torrentfreak.com/hollywood-giants-sue-kodi-powered-tickbox-tv-over-piracy-171014/

Online streaming piracy is booming and many people use dedicated media players to bring this content to their regular TVs.

The bare hardware is not illegal and neither is media player software such as Kodi. When these devices are loaded with copyright-infringing addons, however, they turn into an unprecedented piracy threat.

It becomes even more problematic when the sellers of these devices market their products as pirate tools. This is exactly what TickBox TV does, according to Hollywood’s major movie studios, Netflix, and Amazon.

TickBox is a Georgia-based provider of set-top boxes that allow users to stream a variety of popular media. The company’s devices use the Kodi media player and come with instructions on how to add various add-ons.

In a complaint filed in a California federal court yesterday, Universal, Columbia Pictures, Disney, 20th Century Fox, Paramount Pictures, Warner Bros, Amazon, and Netflix accuse Tickbox of inducing and contributing to copyright infringement.

“TickBox sells ‘TickBox TV,’ a computer hardware device that TickBox urges its customers to use as a tool for the mass infringement of Plaintiffs’ copyrighted motion pictures and television shows,” the complaint, picked up by THR, reads.

While the device itself does not host any infringing content, users are informed where they can find it.

The movie and TV studios stress that Tickbox’s marketing highlights its infringing uses with statements such as “if you’re tired of wasting money with online streaming services like Netflix, Hulu or Amazon Prime.”

Sick of paying high monthly fees?

“TickBox promotes the use of TickBox TV for overwhelmingly, if not exclusively, infringing purposes, and that is how its customers use TickBox TV. TickBox advertises TickBox TV as a substitute for authorized and legitimate distribution channels such as cable television or video-on-demand services like Amazon Prime and Netflix,” the studios’ lawyers write.

The complaint explains in detail how TickBox works. When users first boot up their device they are prompted to download the “TickBox TV Player” software. This comes with an instruction video guiding people to infringing streams.

“The TickBox TV instructional video urges the customer to use the ‘Select Your Theme’ button on the start-up menu for downloading addons. The ‘Themes’ are curated collections of popular addons that link to unauthorized streams of motion pictures and television shows.”

“Some of the most popular addons currently distributed — which are available through TickBox TV — are titled ‘Elysium,’ ‘Bob,’ and ‘Covenant’,” the complaint adds, showing screenshots of the interface.

Covenant

The movie and TV studios, which are the founding members of the recently launched ACE anti-piracy initiative, want TickBox to stop selling their devices. In addition, they demand compensation for the damages they’ve suffered. Requesting the maximum statutory damages of $150,000 per copyright infringement, this can run into the millions.

The involvement of Amazon, albeit the content division, is notable since the online store itself sells dozens of similar streaming devices, some of which even list “infringing” addons.

The TickBox lawsuit is the first case in the United States where a group of major Hollywood players is targeting a streaming device. Earlier this year various Hollywood insiders voiced concerns about the piracy streaming epidemic and if this case goes their way, it probably won’t be the last.

A copy of the full complaint is available here (pdf)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Inside the MPAA, Netflix & Amazon Global Anti-Piracy Alliance

Post Syndicated from Andy original https://torrentfreak.com/inside-the-mpaa-netflix-amazon-global-anti-piracy-alliance-170918/

The idea of collaboration in the anti-piracy arena isn’t new but an announcement this summer heralded what is destined to become the largest project the entertainment industry has ever seen.

The Alliance for Creativity and Entertainment (ACE) is a coalition of 30 companies that reads like a who’s who of the global entertainment market. In alphabetical order its members are:

Amazon, AMC Networks, BBC Worldwide, Bell Canada and Bell Media, Canal+ Group, CBS Corporation, Constantin Film, Foxtel, Grupo Globo, HBO, Hulu, Lionsgate, Metro-Goldwyn-Mayer (MGM), Millennium Media, NBCUniversal, Netflix, Paramount Pictures, SF Studios, Sky, Sony Pictures Entertainment, Star India, Studio Babelsberg, STX Entertainment, Telemundo, Televisa, Twentieth Century Fox, Univision Communications Inc., Village Roadshow, The Walt Disney Company, and Warner Bros. Entertainment Inc.

The aim of the project is clear. Instead of each company considering its anti-piracy operations as a distinct island, ACE will bring them all together while presenting a united front to decision and lawmakers. At the core of the Alliance will be the MPAA.

“ACE, with its broad coalition of creators from around the world, is designed, specifically, to leverage the best possible resources to reduce piracy,”
outgoing MPAA chief Chris Dodd said in June.

“For decades, the MPAA has been the gold standard for antipiracy enforcement. We are proud to provide the MPAA’s worldwide antipiracy resources and the deep expertise of our antipiracy unit to support ACE and all its initiatives.”

Since then, ACE and its members have been silent on the project. Today, however, TorrentFreak can pull back the curtain, revealing how the agreement between the companies will play out, who will be in control, and how much the scheme will cost.

Power structure: Founding Members & Executive Committee Members

Netflix, Inc., Amazon Studios LLC, Paramount Pictures Corporation, Sony Pictures Entertainment, Inc., Twentieth Century Fox Film Corporation, Universal City Studios LLC, Warner Bros. Entertainment Inc., and Walt Disney Studios Motion Pictures, are the ‘Founding Members’ (Governing Board) of ACE.

These companies are granted full voting rights on ACE business, including the approval of initiatives and public policy, anti-piracy strategy, budget-related matters, plus approval of legal action. Not least, they’ll have the power to admit or expel ACE members.

All actions taken by the Governing Board (never to exceed nine members) need to be approved by consensus, with each Founding Member able to vote for or against decisions. Members are also allowed to abstain but one persistent objection will be enough to stop any matter being approved.

The second tier – ‘Executive Committee Members’ – is comprised of all the other companies in the ACE project (as listed above, minus the Governing Board). These companies will not be allowed to vote on ACE initiatives but can present ideas and strategies. They’ll also be allowed to suggest targets for law enforcement action while utilizing the MPAA’s anti-piracy resources.

Rights of all members

While all members of ACE can utilize the alliance’s resources, none are barred from simultaneously ‘going it alone’ on separate anti-piracy initiatives. None of these strategies and actions need approval from the Founding Members, provided they’re carried out in a company’s own name and at its own expense.

Information obtained by TorrentFreak indicates that the MPAA also reserves the right to carry out anti-piracy actions in its own name or on behalf of its member studios. The pattern here is different, since the MPAA’s global anti-piracy resources are the same resources being made available to the ACE alliance and for which members have paid to share.

Expansion of ACE

While ACE membership is already broad, the alliance is prepared to take on additional members, providing certain criteria are met. Crucially, any prospective additions must be owners or producers of movies and/or TV shows. The Governing Board will then vet applicants to ensure that they meet the criteria for acceptance as a new Executive Committee Members.

ACE Operations

The nine Governing Board members will meet at least four times a year, with each nominating a senior executive to serve as its representative. The MPAA’s General Counsel will take up the position of non-voting member of the Governing Board and will chair its meetings.

Matters to be discussed include formulating and developing the alliance’s ‘Global Anti-Piracy Action Plan’ and approving and developing the budget. ACE will also form an Anti-Piracy Working Group, which is scheduled to meet at least once a month.

On a daily basis, the MPAA and its staff will attend to the business of the ACE alliance. The MPAA will carry out its own work too but when presenting to outside third parties, it will clearly state which “hat” it is currently wearing.

Much deliberation has taken place over who should be the official spokesperson for ACE. Documents obtained by TF suggest that the MPAA planned to hire a consulting firm to find a person for the role, seeking a professional with international experience who had never been previously been connected with the MPAA.

They appear to have settled on Zoe Thorogood, who previously worked for British Prime Minister David Cameron.

Money, money, money

Of course, the ACE program isn’t going to fund itself, so all members are required to contribute to the operation. The MPAA has opened a dedicated bank account under its control specifically for the purpose, with members contributing depending on status.

Founding/Governing Board Members will be required to commit $5m each annually. However, none of the studios that are MPAA members will have to hand over any cash, since they already fund the MPAA, whose anti-piracy resources ACE is built.

“Each Governing Board Member will contribute annual dues in an amount equal to $5 million USD. Payment of dues shall be made bi-annually in equal shares, payable at
the beginning of each six (6) month period,” the ACE agreement reads.

“The contribution of MPAA personnel, assets and resources…will constitute and be considered as full payment of each MPAA Member Studio’s Governing Board dues.”

That leaves just Netflix and Amazon paying the full amount of $5m in cash each.

From each company’s contribution, $1m will be paid into legal trust accounts allocated to each Governing Board member. If ACE-agreed litigation and legal expenses exceed that amount for the year, members will be required to top up their accounts to cover their share of the costs.

For the remaining 21 companies on the Executive Committee, annual dues are $200,000 each, to be paid in one installment at the start of the financial year – $4.2m all in. Of all dues paid by all members from both tiers, half will be used to boost anti-piracy resources, over and above what the MPAA will spend on the same during 2017.

“Fifty percent (50%) of all dues received from Global Alliance Members other than
the MPAA Member Studios…shall, as agreed by the Governing Board, be used (a) to increase the resources spent on online antipiracy over and above….the amount of MPAA’s 2017 Content Protection Department budget for online antipiracy initiatives/operations,” an internal ACE document reads.

Intellectual property

As the project moves forward, the Alliance expects to gain certain knowledge and experience. On the back of that, the MPAA hopes to grow its intellectual property portfolio.

“Absent written agreement providing otherwise, any and all data, intellectual property, copyrights, trademarks, or know-how owned and/or contributed to the Global Alliance by MPAA, or developed or created by the MPAA or the Global Alliance during the Term of this Charter, shall remain and/or become the exclusive property of the MPAA,” the ACE agreement reads.

That being said, all Governing Board Members will also be granted “perpetual, irrevocable, non-exclusive licenses” to use the same under certain rules, even in the event they leave the ACE initiative.

Terms and extensions

Any member may withdraw from the Alliance at any point, but there will be no refunds. Additionally, any financial commitment previously made to litigation will have to be honored by the member.

The ACE agreement has an initial term of two years but Governing Board Members will meet not less than three months before it is due to expire to vote on any extension.

To be continued……

With the internal structure of ACE now revealed, all that remains is to discover the contents of the initiative’s ‘Global Anti-Piracy Action Plan’. To date, that document has proven elusive but with an operation of such magnitude, future leaks are a distinct possibility.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

MPAA Wins Movie Piracy Case in China After Failed Anti-Piracy Deal

Post Syndicated from Andy original https://torrentfreak.com/mpaa-wins-movie-piracy-case-in-china-after-failed-anti-piracy-deal-170822/

As one of China’s top 10 Internet companies, Xunlei is a massive operation with hundreds of millions of monthly users.

Among other file-sharing ventures, Xunlei operates ‘Thunder’, the world’s most popular torrent client. This and other almost inevitable copyright-related issues put the company on the radar of the MPAA.

With Xunlei pursuing an IPO in the United States in 2014, relationships with the MPAA began to thaw, resulting in the breakthrough signing of a Content Protection Agreement (CPA) requiring Xunlei to protect MPAA studio content including movies and TV shows.

But in October 2014, with things clearly not going to plan, the MPAA reported Xunlei to the U.S. government, complaining of rampant piracy on the service. In January 2015, the MPAA stepped up a gear and sued Xunlei for copyright infringement.

“For too long we have witnessed valuable creative content being taken and monetized without the permission of the copyright owner. That has to stop and stop now,” said MPAA Asia-Pacific chief Mike Ellis.

Now, more than two-and-a-half years later, the case has come to a close. Yesterday, the Shenzhen Nanshan District People’s Court found Xunlei Networking Technologies Co. guilty of copyright infringement.

The Court found that Xunlei made 28 movie titles (belonging to companies including Paramount Pictures, Sony Pictures, 20th Century Fox, Universal Pictures, Disney and Warner Bros.) available to the public via its platforms without proper authorization, “in serious violation” of the movie group’s rights.

Xunlei was ordered to cease-and-desist and told to pay compensation of 1.4 million yuan ($210,368) plus the MPA’s litigation costs of $24,400. In its original complaint, the MPA demanded a public apology from Xunlei but it’s unclear whether that forms part of the ruling. The outcome was welcomed by the MPA.

“We are heartened that the court in Shenzhen has found in favor of strong copyright,” said MPAA Asia-Pacific chief Mike Ellis.

“The legitimate Chinese film and television industry has worked hard to provide audiences with a wide range of legal options for their audio-visual entertainment — a marketplace that has flourished because of the rights afforded to copyright owners under the law.”

How the MPAA and Xunlei move ahead from here is unclear. This case has taken more than two-and-a-half years to come to a conclusion so further litigation seems somewhat unlikely, if not unwieldy. Then there’s the question of the anti-piracy agreement signed in 2014 and whether that is still on the table.

As previously revealed, the agreement not only compelled Xunlei to use pre-emptive content filtering technology but also required the platform to terminate the accounts of people who attempt to infringe copyright in any way.

“[The] filter will identify each and every instance of a user attempting to infringe a studio work, by uploading or downloading,” an internal MPAA document revealed.

All that being said, the document also contained advice for the MPAA not to sue Xunlei, so at this point anything could happen.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Nazis, are bad

Post Syndicated from Eevee original https://eev.ee/blog/2017/08/13/nazis-are-bad/

Anonymous asks:

Could you talk about something related to the management/moderation and growth of online communities? IOW your thoughts on online community management, if any.

I think you’ve tweeted about this stuff in the past so I suspect you have thoughts on this, but if not, again, feel free to just blog about … anything 🙂

Oh, I think I have some stuff to say about community management, in light of recent events. None of it hasn’t already been said elsewhere, but I have to get this out.

Hopefully the content warning is implicit in the title.


I am frustrated.

I’ve gone on before about a particularly bothersome phenomenon that hurts a lot of small online communities: often, people are willing to tolerate the misery of others in a community, but then get up in arms when someone pushes back. Someone makes a lot of off-hand, off-color comments about women? Uses a lot of dog-whistle terms? Eh, they’re not bothering anyone, or at least not bothering me. Someone else gets tired of it and tells them to knock it off? Whoa there! Now we have the appearance of conflict, which is unacceptable, and people will turn on the person who’s pissed off — even though they’ve been at the butt end of an invisible conflict for who knows how long. The appearance of peace is paramount, even if it means a large chunk of the population is quietly miserable.

Okay, so now, imagine that on a vastly larger scale, and also those annoying people who know how to skirt the rules are Nazis.


The label “Nazi” gets thrown around a lot lately, probably far too easily. But when I see a group of people doing the Hitler salute, waving large Nazi flags, wearing Nazi armbands styled after the SS, well… if the shoe fits, right? I suppose they might have flown across the country to join a torch-bearing mob ironically, but if so, the joke is going way over my head. (Was the murder ironic, too?) Maybe they’re not Nazis in the sense that the original party doesn’t exist any more, but for ease of writing, let’s refer to “someone who espouses Nazi ideology and deliberately bears a number of Nazi symbols” as, well, “a Nazi”.

This isn’t a new thing, either; I’ve stumbled upon any number of Twitter accounts that are decorated in Nazi regalia. I suppose the trouble arises when perfectly innocent members of the alt-right get unfairly labelled as Nazis.

But hang on; this march was called “Unite the Right” and was intended to bring together various far right sub-groups. So what does their choice of aesthetic say about those sub-groups? I haven’t heard, say, alt-right coiner Richard Spencer denounce the use of Nazi symbology — extra notable since he was fucking there and apparently didn’t care to discourage it.


And so begins the rule-skirting. “Nazi” is definitely overused, but even using it to describe white supremacists who make not-so-subtle nods to Hitler is likely to earn you some sarcastic derailment. A Nazi? Oh, so is everyone you don’t like and who wants to establish a white ethno state a Nazi?

Calling someone a Nazi — or even a white supremacist — is an attack, you see. Merely expressing the desire that people of color not exist is perfectly peaceful, but identifying the sentiment for what it is causes visible discord, which is unacceptable.

These clowns even know this sort of thing and strategize around it. Or, try, at least. Maybe it wasn’t that successful this weekend — though flicking through Charlottesville headlines now, they seem to be relatively tame in how they refer to the ralliers.

I’m reminded of a group of furries — the alt-furries — who have been espousing white supremacy and wearing red armbands with a white circle containing a black… pawprint. Ah, yes, that’s completely different.


So, what to do about this?

Ignore them” is a popular option, often espoused to bullied children by parents who have never been bullied, shortly before they resume complaining about passive-aggressive office politics. The trouble with ignoring them is that, just like in smaller communitiest, they have a tendency to fester. They take over large chunks of influential Internet surface area like 4chan and Reddit; they help get an inept buffoon elected; and then they start to have torch-bearing rallies and run people over with cars.

4chan illustrates a kind of corollary here. Anyone who’s steeped in Internet Culture™ is surely familiar with 4chan; I was never a regular visitor, but it had enough influence that I was still aware of it and some of its culture. It was always thick with irony, which grew into a sort of ironic detachment — perhaps one of the major sources of the recurring online trope that having feelings is bad — which proceeded into ironic racism.

And now the ironic racism is indistinguishable from actual racism, as tends to be the case. Do they “actually” “mean it”, or are they just trying to get a rise out of people? What the hell is unironic racism if not trying to get a rise out of people? What difference is there to onlookers, especially as they move to become increasingly involved with politics?

It’s just a joke” and “it was just a thoughtless comment” are exceptionally common defenses made by people desperate to preserve the illusion of harmony, but the strain of overt white supremacy currently running rampant through the US was built on those excuses.


The other favored option is to debate them, to defeat their ideas with better ideas.

Well, hang on. What are their ideas, again? I hear they were chanting stuff like “go back to Africa” and “fuck you, faggots”. Given that this was an overtly political rally (and again, the Nazi fucking regalia), I don’t think it’s a far cry to describe their ideas as “let’s get rid of black people and queer folks”.

This is an underlying proposition: that white supremacy is inherently violent. After all, if the alt-right seized total political power, what would they do with it? If I asked the same question of Democrats or Republicans, I’d imagine answers like “universal health care” or “screw over poor people”. But people whose primary goal is to have a country full of only white folks? What are they going to do, politely ask everyone else to leave? They’re invoking the memory of people who committed genocide and also tried to take over the fucking world. They are outright saying, these are the people we look up to, this is who we think had a great idea.

How, precisely, does one defeat these ideas with rational debate?

Because the underlying core philosophy beneath all this is: “it would be good for me if everything were about me”. And that’s true! (Well, it probably wouldn’t work out how they imagine in practice, but it’s true enough.) Consider that slavery is probably fantastic if you’re the one with the slaves; the issue is that it’s reprehensible, not that the very notion contains some kind of 101-level logical fallacy. That’s probably why we had a fucking war over it instead of hashing it out over brunch.

…except we did hash it out over brunch once, and the result was that slavery was still allowed but slaves only counted as 60% of a person for the sake of counting how much political power states got. So that’s how rational debate worked out. I’m sure the slaves were thrilled with that progress.


That really only leaves pushing back, which raises the question of how to push back.

And, I don’t know. Pushing back is much harder in spaces you don’t control, spaces you’re already struggling to justify your own presence in. For most people, that’s most spaces. It’s made all the harder by that tendency to preserve illusory peace; even the tamest request that someone knock off some odious behavior can be met by pushback, even by third parties.

At the same time, I’m aware that white supremacists prey on disillusioned young white dudes who feel like they don’t fit in, who were promised the world and inherited kind of a mess. Does criticism drive them further away? The alt-right also opposes “political correctness”, i.e. “not being a fucking asshole”.

God knows we all suck at this kind of behavior correction, even within our own in-groups. Fandoms have become almost ridiculously vicious as platforms like Twitter and Tumblr amplify individual anger to deafening levels. It probably doesn’t help that we’re all just exhausted, that every new fuck-up feels like it bears the same weight as the last hundred combined.

This is the part where I admit I don’t know anything about people and don’t have any easy answers. Surprise!


The other alternative is, well, punching Nazis.

That meme kind of haunts me. It raises really fucking complicated questions about when violence is acceptable, in a culture that’s completely incapable of answering them.

America’s relationship to violence is so bizarre and two-faced as to be almost incomprehensible. We worship it. We have the biggest military in the world by an almost comical margin. It’s fairly mainstream to own deadly weapons for the express stated purpose of armed revolution against the government, should that become necessary, where “necessary” is left ominously undefined. Our movies are about explosions and beating up bad guys; our video games are about explosions and shooting bad guys. We fantasize about solving foreign policy problems by nuking someone — hell, our talking heads are currently in polite discussion about whether we should nuke North Korea and annihilate up to twenty-five million people, as punishment for daring to have the bomb that only we’re allowed to have.

But… violence is bad.

That’s about as far as the other side of the coin gets. It’s bad. We condemn it in the strongest possible terms. Also, guess who we bombed today?

I observe that the one time Nazis were a serious threat, America was happy to let them try to take over the world until their allies finally showed up on our back porch.

Maybe I don’t understand what “violence” means. In a quest to find out why people are talking about “leftist violence” lately, I found a National Review article from May that twice suggests blocking traffic is a form of violence. Anarchists have smashed some windows and set a couple fires at protests this year — and, hey, please knock that crap off? — which is called violence against, I guess, Starbucks. Black Lives Matter could be throwing a birthday party and Twitter would still be abuzz with people calling them thugs.

Meanwhile, there’s a trend of murderers with increasingly overt links to the alt-right, and everyone is still handling them with kid gloves. First it was murders by people repeating their talking points; now it’s the culmination of a torches-and-pitchforks mob. (Ah, sorry, not pitchforks; assault rifles.) And we still get this incredibly bizarre both-sides-ism, a White House that refers to the people who didn’t murder anyone as “just as violent if not more so“.


Should you punch Nazis? I don’t know. All I know is that I’m extremely dissatisfied with discourse that’s extremely alarmed by hypothetical punches — far more mundane than what you’d see after a sporting event — but treats a push for ethnic cleansing as a mere difference of opinion.

The equivalent to a punch in an online space is probably banning, which is almost laughable in comparison. It doesn’t cause physical harm, but it is a use of concrete force. Doesn’t pose quite the same moral quandary, though.

Somewhere in the middle is the currently popular pastime of doxxing (doxxxxxxing) people spotted at the rally in an attempt to get them fired or whatever. Frankly, that skeeves me out, though apparently not enough that I’m directly chastizing anyone for it.


We aren’t really equipped, as a society, to deal with memetic threats. We aren’t even equipped to determine what they are. We had a fucking world war over this, and now people are outright saying “hey I’m like those people we went and killed a lot in that world war” and we give them interviews and compliment their fashion sense.

A looming question is always, what if they then do it to you? What if people try to get you fired, to punch you for your beliefs?

I think about that a lot, and then I remember that it’s perfectly legal to fire someone for being gay in half the country. (Courts are currently wrangling whether Title VII forbids this, but with the current administration, I’m not optimistic.) I know people who’ve been fired for coming out as trans. I doubt I’d have to look very far to find someone who’s been punched for either reason.

And these aren’t even beliefs; they’re just properties of a person. You can stop being a white supremacist, one of those people yelling “fuck you, faggots”.

So I have to recuse myself from this asinine question, because I can’t fairly judge the risk of retaliation when it already happens to people I care about.

Meanwhile, if a white supremacist does get punched, I absolutely still want my tax dollars to pay for their universal healthcare.


The same wrinkle comes up with free speech, which is paramount.

The ACLU reminds us that the First Amendment “protects vile, hateful, and ignorant speech”. I think they’ve forgotten that that’s a side effect, not the goal. No one sat down and suggested that protecting vile speech was some kind of noble cause, yet that’s how we seem to be treating it.

The point was to avoid a situation where the government is arbitrarily deciding what qualifies as vile, hateful, and ignorant, and was using that power to eliminate ideas distasteful to politicians. You know, like, hypothetically, if they interrogated and jailed a bunch of people for supporting the wrong economic system. Or convicted someone under the Espionage Act for opposing the draft. (Hey, that’s where the “shouting fire in a crowded theater” line comes from.)

But these are ideas that are already in the government. Bannon, a man who was chair of a news organization he himself called “the platform for the alt-right”, has the President’s ear! How much more mainstream can you get?

So again I’m having a little trouble balancing “we need to defend the free speech of white supremacists or risk losing it for everyone” against “we fairly recently were ferreting out communists and the lingering public perception is that communists are scary, not that the government is”.


This isn’t to say that freedom of speech is bad, only that the way we talk about it has become fanatical to the point of absurdity. We love it so much that we turn around and try to apply it to corporations, to platforms, to communities, to interpersonal relationships.

Look at 4chan. It’s completely public and anonymous; you only get banned for putting the functioning of the site itself in jeopardy. Nothing is stopping a larger group of people from joining its politics board and tilting sentiment the other way — except that the current population is so odious that no one wants to be around them. Everyone else has evaporated away, as tends to happen.

Free speech is great for a government, to prevent quashing politics that threaten the status quo (except it’s a joke and they’ll do it anyway). People can’t very readily just bail when the government doesn’t like them, anyway. It’s also nice to keep in mind to some degree for ubiquitous platforms. But the smaller you go, the easier it is for people to evaporate away, and the faster pure free speech will turn the place to crap. You’ll be left only with people who care about nothing.


At the very least, it seems clear that the goal of white supremacists is some form of destabilization, of disruption to the fabric of a community for purely selfish purposes. And those are the kinds of people you want to get rid of as quickly as possible.

Usually this is hard, because they act just nicely enough to create some plausible deniability. But damn, if someone is outright telling you they love Hitler, maybe skip the principled hand-wringing and eject them.

Kim Dotcom Denied Access to Illegally Obtained Spy Recordings

Post Syndicated from Andy original https://torrentfreak.com/kim-dotcom-denied-access-to-illegally-obtained-spy-recordings-170720/

In the months leading up to the infamous raid on Kim Dotcom’s New Zealand mansion and his now defunct cloud storage site Megaupload, the entrepreneur was under surveillance.

Not only were the MPAA and RIAA amassing information, the governments of the United States and New Zealand were neck-deep in the investigation too, using the FBI and local police to gather information. What soon became evident, however, is that the authorities in New Zealand did so while breaking the rules.

Between 16 December 2011 to 22 March 2012, New Zealand used the Government Communications Security Bureau (GCSB) agency to spy on the private communications of Kim and Mona Dotcom, plus Megaupload co-defendant Bram van der Kolk. This was hugely problematic.

GCSB is an intelligence agency of the New Zealand government responsible for spying on external entities. It is forbidden by law from conducting surveillance on its own citizens or permanent residents in the country. His standing in the country meant that Dotcom should not have been spied on.

“Of course I apologize to Mr Dotcom, and I apologize to New Zealanders,” then New Zealand Prime Minister John Key later said.

Since it was established that New Zealand illegally spied on Dotcom, the Megaupload founder has been trying to find out what information the GCSB gathered about him, then wife Mona, and former colleague Bram van der Kolk. According to Dotcom, there was a total of 87 breaches, all of which the government wants to keep secret.

Since then, Dotcom has been fighting to gain access to the information GCSB illegally obtained, while seeking compensation for the damages caused.

In a ruling handed down this morning, the High Court details its findings in respect of a three-day hearing that took place early April 2017, during which GCSB said the raw, unredacted information should be withheld from Dotcom on national security grounds.

GCSB and the government argued that the public interest in the disclosure of the material is outweighed by the public interest in withholding it, adding that the security and defense of New Zealand would be compromised on the world stage.

For their part, the Dotcoms said that nondisclosure of the unredacted documents breaches their rights under the New Zealand Bill of Rights Act 1990. Given that any damages award is directly linked to the extent and nature of the illegal intrusions into their private lives, access to the documents is paramount.

That being the case, they argued that the public interest in disclosure outweighs any public interest in the information being withheld.

This morning, citing a 2013 Court of Appeal verdict that ruled the GCSB didn’t have to release the raw communications, Justice Murray Gilbert insisted that the recordings will not be released.

“A number of the redactions in the discovered documents are to protect the identity or contact details of personnel who were involved in or associated with the operation or copied into email communications concerning it,” Justice Gilbert wrote.

“It is hard to see how any of this information could be relevant to the relief that should be granted in this proceeding. Again, the public interest in withholding disclosure of this information far outweighs any public interest in its disclosure.”

In a statement, Kim Dotcom expressed his frustrations, noting that the government is doing everything it can to suppress details of the illegal surveillance.

“After being caught, the GCSB has fought to keep what it did, and how, a secret from me and from you, the New Zealand public. Worse, it seeks to hide behind ‘national security’ to keep the truth from us,” Dotcom said.

“To keep this secret, the GCSB applied to the High Court. It filed secret evidence and secret submissions. The GCSB’s lawyers were heard in a ‘closed’ court with the Judge, where they made secret submissions and secret witnesses gave secret evidence.”

Dotcom said neither his lawyers nor the public was allowed to be present during the hearing. And when his legal team could be heard, they were significantly hampered in their work.

“When my lawyers were heard, after that hearing, they had to make submissions as to why information they were not allowed to see, for reasons they were not allowed to know, should be disclosed. They were effectively shooting at a moving target, in the dark, with one hand tied behind their backs,” Dotcom said.

The Megaupload founder suggests there is there is a clear double-standard when he has to be tried in public for his alleged crimes, but when it comes to offenses carried out by the government, the process takes place behind closed doors.

“I will appeal this judgment and ask the Court of Appeal to shine some cleansing sunlight on what happened here. If there is transparency, there is accountability, and we can prevent this happening again,” he concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Movie Studios Wipe Pirate Site Homepages From Google Search

Post Syndicated from Ernesto original https://torrentfreak.com/movie-studios-wipe-pirate-site-homepages-from-google-search-170716/

Over the past two weeks several pirate streaming sites have seen their homepages disappear from Google’s search results.

Earlier this week we reported how GoMovies switched to a new domain name, for this very reason, but on closer inspection it appears that several other sites have suffered the same fate.

While homepages have been removed before, the takedown notices that triggered the recent removals seem to be a systematic effort. They are all sent by the prominent law firm Kilpatrick Townsend, which acts on behalf of a variety of Hollywood movie studios.

The notices, of which the first was sent roughly two weeks ago, all follow a similar pattern. They identify infringing content on pirate streaming sites and list the individual URLs for these movies. In addition, however, many also include the homepage, which often highlights the same movie as a “new” or popular title.

In the case of Gomovies.is, a request was sent on behalf of Warner Bros. to remove Wonder Woman’s streaming page from Google, as well as the homepage where the movie was listed in the popular section.

This worked, not only for the GoMovies domain name but also for dozens of other streaming sites including yesmovies.org, watchfree.ac, xmovies.is, watch29.com, vivo.to, tunemovie.com, putlockervip.com, playmovies.to, moviesub.is and fmovies.ac.

The takedown notice

The example above is just the tip of the iceberg. Over the past two weeks the law firm has targeted many pirate streaming sites, acting on behalf of Warner Bros, Walt Disney Studios, Paramount Pictures, NBC Universal and others. This effectively removed dozens of pirate site homepages from search results.

To outsiders, it may seem like a homepage is just another link but for site owners, it’s a crucial matter. Many of these streaming sites rely on their brand name to remain findable in search engines, and when the homepage is removed, it’s nearly impossible to rise to the top of search results.

Although Google removed many of the early requests, it’s not blindly removing all URLs.

In response to several recent notices the search engine decided to take “no action” for the homepages, which is why gomovies.sc, cmovieshd.com, ap551.com, and others remain indexed. It’s possible that the infringing content was no longer linked on these homepages when Google reviewed the DMCA notices in question.

As for GoMovies, they simply decided to move to a new URL and remove any infringing content from the homepage so they don’t face the same problem in the future.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Pirate Site Admin Must Pay 13 Million Euros – If Anyone Can Find Him

Post Syndicated from Andy original https://torrentfreak.com/pirate-site-admin-must-pay-13-million-euros-if-anyone-can-find-him-170708/

Founded in 2006 by Dimitri Mader, Wawa-Mania grew into a million member strong ‘warez’ forum specializing in a broad range of ‘pirate’ content. But just three years later things were already starting to go bad.

In 2009, the Frenchman was detained by the authorities after the Association Against Audiovisual Piracy (ALPA) identified more than 3,600 films being made available via the platform without permission. In the meantime the site continued, generating income from advertising and accepting donations via PayPal.

The case dragged on for years but reached its goal in 2015. Mader was found guilty, sentenced to a year in prison, and hit with a 20,000 euro fine. But by this time the Frenchman was long gone and living with his family in the Philippines. He didn’t even attend the hearing – but things weren’t over yet.

With Mader’s guilt established, the court had to determine the level of damages payable to the plaintiffs, which included Columbia Pictures, Disney, Paramount, Tristar, Universal, Twentieth Century Fox and Warner Bros. The amount eventually arrived at by the court was around $15m.

“I won’t think about the penalty, it is just beyond any common sense,” Mader told TF at the time.

“I will surely not [pay anything] and even if a new court makes the penalty lower, it won’t change anything. Five million, 15 million or 30 million. What’s the difference after all?”

Being outside the country with a jail sentence and huge fines hanging over his head was a big problem for Mader, who told us that returning home after years outside the country would be a complicated affair. But things still weren’t over.

In a ruling handed down last month and just made public, the Paris Court of Appeal upheld the decision of the lower court, affirming that Mader owes the plaintiffs 13 million euros ($14.85m).

According to a report from Numerama, the court said that “the likely harm [to rightsholders] must be assessed in light of the extent of visitors to this site [at the time of the investigation], the number of creative works involved, and the ‘views’ duly established.”

The court determined that every visit to the site wouldn’t necessarily have resulted in an illegal download, but it still placed a value of two euros on every work believed to have been downloaded by users.

Mader did not attend the appeal and was not represented, so things were never likely to go his way. His current whereabouts are not clear, but it seems likely that he remains in the Philippines with his family.

Correspondence sent by TF to his encrypted email account bounced. Only time will tell whether Hollywood will have equal difficulty contacting him.

The full decision can be found here.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Global Entertainment Giants Form Massive Anti-Piracy Coalition

Post Syndicated from Andy original https://torrentfreak.com/global-entertainment-giants-form-massive-anti-piracy-coalition-170613/

It’s not unusual for companies within the same area of business to collaborate in order to combat piracy. The studios and labels that form the MPAA and RIAA, for example, have doing just that for decades.

Today, however, an unprecedented number of global content creators and distribution platforms have announced the formation of a brand new coalition to collaboratively fight Internet piracy on a global scale.

The Alliance for Creativity and Entertainment (ACE) is a coalition of 30 companies that reads like a who’s who of the global entertainment market. In alphabetical order the members are:

Amazon, AMC Networks, BBC Worldwide, Bell Canada and Bell Media, Canal+ Group, CBS Corporation, Constantin Film, Foxtel, Grupo Globo, HBO, Hulu, Lionsgate, Metro-Goldwyn-Mayer (MGM), Millennium Media, NBCUniversal, Netflix, Paramount Pictures, SF Studios, Sky, Sony Pictures Entertainment, Star India, Studio Babelsberg, STX Entertainment, Telemundo, Televisa, Twentieth Century Fox, Univision Communications Inc., Village Roadshow, The Walt Disney Company, and Warner Bros. Entertainment Inc.

In a joint announcement today, ACE notes that there are now more than 480 services available for consumers to watch films and TV programs online. However, despite that abundance of content, piracy continues to pose a threat to creators and the economy.

“Films and television shows can often be found on pirate sites within days – and in many cases hours – of release,” ACE said in a statement.

“Last year, there were an estimated 5.4 billion downloads of pirated wide release films and primetime television and VOD shows using peer-to-peer protocols worldwide. There were also an estimated 21.4 billion total visits to streaming piracy sites worldwide across both desktops and mobile devices in 2016.”

Rather than the somewhat fragmented anti-piracy approach currently employed by ACE members separately, the coalition will present a united front of all major content creators and distributors, with a mission to cooperate and expand in order to minimize the threat.

At the center of the alliance appears to be the MPAA. ACE reports that the anti-piracy resources of the Hollywood group will be used “in concert” with the existing anti-piracy departments of the member companies.

Unprecedented scale aside, ACE’s modus operandi will be a familiar one.

The coalition says it will work closely with law enforcement to shut down pirate sites and services, file civil litigation, and forge new relationships with other content protection groups. It will also strive to reach voluntary anti-piracy agreements with other interested parties across the Internet.

MPAA chief Chris Dodd, whose group will play a major role in ACE, welcomed the birth of the alliance.

“ACE, with its broad coalition of creators from around the world, is designed, specifically, to leverage the best possible resources to reduce piracy,” Dodd said.

“For decades, the MPAA has been the gold standard for antipiracy enforcement. We are proud to provide the MPAA’s worldwide antipiracy resources and the deep expertise of our antipiracy unit to support ACE and all its initiatives.”

The traditionally non-aggressive BBC described ACE as “hugely important” in the fight against “theft and illegal distribution”, with Netflix noting that even its creative strategies for dealing with piracy are in need of assistance.

“While we’re focused on providing a great consumer experience that ultimately discourages piracy, there are still bad players around the world trying to profit off the hard work of others,” said Netflix General Counsel, David Hyman.

“By joining ACE, we will work together, share knowledge, and leverage the group’s combined anti-piracy resources to address the global online piracy problem.”

It’s likely that the creation of ACE will go down as a landmark moment in the fight against piracy. Never before has such a broad coalition promised to pool resources on such a grand and global scale. That being said, with great diversity comes the potential for greatly diverging opinions, so only time will tell if this coalition can really hold together.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Girl Busted For Pirating ‘Chicken Run’ Provides Food For Thought

Post Syndicated from Andy original https://torrentfreak.com/girl-busted-for-pirating-chicken-run-provides-food-for-thought-170521/

This past Thursday the BBC published an article about Gianna Mulville-Zanetta, a first year Social Policy student at Bristol University in the UK.

After getting caught downloading the stop-motion comedy-drama film Chicken Run using BitTorrent, the 18-year-old reportedly felt the wrath of the university’s IT department.

“I completely forgot I had downloaded it,” Gianna told the BBC.

“I got an email the day after I watched it on Netflix with my friend saying I had been removed from Eduroam – which is our wifi. It took about a day or more to download and that’s why I forgot I had it, it took forever.”

For her sins, Gianna was blocked from using the university’s wifi for 20 days, a period that coincided with her exams. With access to a 4G connection she says the ban didn’t affect her studies but of course, the potential for chaos was certainly there.

There appears to be no doubt that Gianna committed an infringement. However, that someone who prefers to watch something legally on Netflix gets caught up in something like this is pretty disappointing. But not a complete surprise.

Chicken Run was released in 2000 but only 12 years later did it appear on UK Netflix. According to New on Netflix, it was withdrawn from Netflix during November 2013, put back on two years later in 2015, removed a year later in 2016, and was only re-added on May 1 this year.

Considering the BBC states that the Chicken Run affair “has ruined much of May for Gianna”, the ban must’ve kicked in early this month. That means that Chicken Run was either not on UK Netflix when Gianna decided on her download, or had only been there for a day or two. Either way, if there had been less yo-yo’ing of its availability on Netflix, it’s possible this whole affair could’ve been completely avoided.

Moving on, the BBC article states that Gianna was “caught out by the university’s IT department.” Student newspaper The Tab makes a similar assumption, claiming that Gianna was “busted by an elite team of University IT technicians.”

However, those familiar with these issues will know that the ‘blame’ should be placed elsewhere, i.e., on rightsholders who are filing complaints directly with the university. The tactic is certainly an interesting one.

Despite there being dozens of residential ISPs the copyright holders could focus on, they choose not to do so outside the limited scope of the Get it Right campaign instead. Knowing that universities come down hard on students seems like a motivating factor here, one that students should be aware of.

The Tab went on to publish a screenshot of the complaint received by Gianna. It’s incomplete, but it contains information that allows us to investigate further.

The note that Gianna’s connection had been suspended to prevent the IT department from “receiving further complaints” is a dead giveaway of rightsholder involvement. But, further down is an even clearer clue that the complaint was made by someone outside the university.

The format used in the complaint is identical to that used by US and Australia-based anti-piracy outfit IP-Echelon. The company is known to work with Paramount Pictures who own the rights to Chicken Run.

In fact, if one searches the filesize referenced in the infringement notice (572,221,548), it’s possible to find an identical complaint processed by VPN service Proxy.sh.

Another Chicken Run complaint

Given the file size, we can further deduce that Gianna downloaded a 720p BrRip of Chicken Run that was placed online by now defunct release team/torrent site YIFY, which has also been referenced in a number of complaints sent to Google.

So what can we conclude from these series of events?

First of all, with less messing around by Paramount and/or Netflix, Gianna might have gone to Netflix first, having seen it previously in the listings on the platform. As it goes, it had been absent for months, having been pulled from the service at least twice before.

Second, we know that at least one person who chose to pirate Chicken Run avoided Gianna’s predicament by using a VPN service. While Gianna found herself disconnected, the VPN user walked away completely unscathed, with Paramount and IP-Echelon complaining to the VPN service and that being the end of the matter.

Third, allowing your real name and a copy of a copyright infringement complaint to be published alongside a confession is a risky business. While IP-Echelon isn’t known for pressuring people to pay settlements in the UK, the situation could have been very different if a copyright troll was involved.

Fourth, we can also conclude that while it’s believed that older content is safer to download, this story suggests otherwise. Chicken Run was released 17 years ago and is still being monitored by rightsholders.

Finally, stories of students getting banned from university Internet access are relatively commonplace in the United States, but the same out of the UK is extremely rare.

In fact, we’re not aware of such exclusions happening on a regular basis anywhere in the region, although Gianna told the BBC that she knows another person who is still being denied access to the Internet for downloading Shrek, another relatively ancient film.

That raises the possibility that some copyright holders have seriously begun targeting universities in the UK. If that’s the case, one has to question what has more value – uninterrupted Internet access while on campus or a movie download.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Foxtel Targets Pirate Streaming Sites in New ISP Blocking Case

Post Syndicated from Andy original https://torrentfreak.com/foxtel-targets-pirate-streaming-sites-in-new-isp-blocking-case-170508/

When the Australian government introduced new legislation to allow ‘pirate’ sites to be blocked Down Under, there was never any question that the law would go underused.

December last year following a lawsuit brought by Roadshow Films, Foxtel, Disney, Paramount, Columbia, and 20th Century Fox, the Federal Court ordered ISPs to block The Pirate Bay, Torrentz, TorrentHound, IsoHunt and streaming service SolarMovie.

This February the same rightsholders were back again, this time with even more targets in mind including ExtraTorrent, RarBG, Demonoid, LimeTorrents, YTS and EZTV, plus streaming portals 123Movies, CouchTuner, Icefilms, Movie4K, PrimeWire, Viooz, Putlocker and many more.

With blocking efforts gathering momentum, the fifth case seeking injunctions against pirate sites has just hit Australia’s Federal Court. It’s the second to be filed by Foxtel and again targets streaming sites including Yes Movies, Los Movies, Watch Series and Project Free TV.

In common with earlier cases, ISPs named in the latest application include TPG, Telstra, Optus and Vocus/M2. Once various subsidiaries are included, blocking becomes widespread across Australia, often encompassing dozens of smaller providers.

Speaking with ABC, a Foxtel spokesperson said the company has confidence that the Federal Court will ultimately order the sites to be blocked.

“Foxtel believes that the new site blocking regime is an effective measure in the fight to prevent international operators illegitimately profiting from the creative endeavours of others,” he said.

Indeed, the earlier cases brought by both the studios and record companies have pioneered a streamlined process that can be tackled relatively easily by rightsholders and presented to the court in a non-confrontational and easily understood format.

ISPs are not proving too much of a hindrance either, now that the issue of costs appears to be behind them. In Foxtel’s earlier case involving The Pirate Bay, the judge said that ISPs must be paid AUS$50 per domain blocked. That now appears to be the standard.

So what we have here is a quickly maturing process that has already developed into somewhat of a cookie-cutter site-blocking mechanism.

Applications are made against a particular batch of sites and after the court assesses the evidence, an injunction is handed down. If further similar and related sites (such as proxies and mirrors) need to be blocked, those are dealt with in a separate and simplified process.

That was highlighted last week when an application by Universal Music, Warner Music, Sony Music and J Albert & Son, resulted in a range of KickassTorrents spin-off sites being approved for blocking by the Federal Court. The ISPs in question, 20 in total, have been given two weeks to block the sites.

Whether this will have the desired effect will remain to be seen. Australians are well-versed in unblocking solutions such as VPNs. Ironically, most learned of their existence when trying to gain access to legal services such as Netflix, that were available overseas for years before hitting Aussie shores.

Since that has now been remedied with a local launch, rightsholders and companies such as Foxtel are hoping that pirate services will be less attractive options.

“We trust that Australians recognize that there are increasing numbers of ways to access content in a timely manner and at reasonable prices. [This] ensures that revenue goes back to the people who create and invest in original ideas,” a Foxtel spokesperson said.

If the United Kingdom is any template (and all signs suggest that it is), expect hundreds of similar ‘pirate’ sites to be blocked in Australia in the coming months.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Hollywood Demands Net Neutrality Exceptions to Tackle Piracy

Post Syndicated from Andy original https://torrentfreak.com/hollywood-demands-net-neutrality-exceptions-to-tackle-piracy-170502/

Net neutrality is the notion that ISPs should treat all data traveling via the Internet in the same manner. Providers shouldn’t discriminate based on user, content or platform type, nor devices attached to the network.

While there are plenty of entities who support these principles, the free-flow of information is sometimes perceived as a threat. The concept of so-called fast and slow lanes with variable pricing, for example, has the potential to cause many anti-competitive headaches.

But for the content industries, particularly those involved in movies, TV shows, and other video entertainment, the concept of net neutrality has the potential to complicate plans to block and otherwise restrict access to copyright-infringing material.

As a result, Hollywood is making its feelings known both locally and overseas, including in India where it’s just contributed to the country’s net neutrality debate.

Early 2017, the Telecom Regulatory Authority of India (TRAI) asked for input on its “Consultation Paper on Net Neutrality”, the fifth in the past two years aimed at introducing a legal framework for net neutrality.

Published by MediaNama in January, the 14-point questionnaire received responses from many stakeholders, including the Motion Picture Distribution Association, the local division of the MPA/MPAA representing Paramount, Sony, Twentieth Century Fox, Universal, Disney and Warner.

Exceptions to net neutrality principles for pirate content

In response to a question which asked whether there should be exceptions to net neutrality in order for ISPs to implement traffic management practices (TMP), Hollywood is clear. Net neutrality should only ever apply when Internet traffic is lawful, and ISPs should be able to take measures to deal with infringing content.

“For the Motion Picture Association’s members, as representatives of an industry that creates and distributes copyrighted content, it is critical that the Internet does not serve as a haven for illegal activity and that [service providers] should be permitted to take reasonable action to prevent the transfer of stolen copyrighted content,” the Hollywood group writes.

“It is commonly accepted that the requirements of [net neutrality] apply only in respect of access to lawful content. This implies that a [service provider] to, say, block content pursuant to a direction from authorities authorised by law to do so, and after following due process – will not be considered unreasonable.”

The studios say they’re in agreement that the Indian government should have the right to regulate content in “emergency situations” and also whenever content is deemed illegal, so in these instances, net neutrality rules would not apply.

Copyright-infringing content fits the latter category, but the MPA wants the government to include specific wording in any regulation that expressly denotes pirate material as exempt from the freedoms of net neutrality.

“We urge that a clear statement be included in any eventual net neutrality regulation that specifies that pirated and infringing content is unlawful and therefore not subject to the normal net neutrality policy of prohibiting content-based regulations,” the studios say.

Exemptions for blocking and throttling to counter piracy

The idea that infringing content should be blocked, throttled, or otherwise hindered is a cornerstone of Hollywood’s fight against infringing content worldwide, despite it being unable to achieve those things in its own backyard. In India, however, the studios see blocking as a fair response to the spread of infringing content and something that should be allowed under net neutrality rules.

“As a remedy to address the dissemination of, or unauthorized access to, unlawful content, blocking and throttling are necessary and appropriate measures,” the studios note.

“Blocking access to infringing sites is not inconsistent with net neutrality. In fact, blocking illegal sites, especially when they originate from outside the country, is often the only effective remedy to prevent access to illegal content in India.

“[Service providers] must be able to block sites that link, stream, make available, or otherwise communicate to the public unauthorized or illegal content.”

Rightsholders and ISPs should work together

In both the United States and Europe, Hollywood is an advocate of voluntary anti-piracy measures, with content owners and ISPs collaborating to hinder the spread of infringing content. According to its submission to the telecoms regulator, Hollywood would like to see something similar in India.

When forming its regulations, the studios would like to see service providers “encouraged” to work with rightsholders to “employ the best available tools and technologies” to fight piracy while affirming ISPs’ right to use traffic management practices (TMP) to deal with the spread of infringing content.

Furthermore, Hollywood would like a clear statement that the use of TMPs against infringing content “should not depend on an advance judicial or regulatory determination of ‘lawfulness’ prior to every use.” In other words, court oversight should not generally be required.

In conclusion, the MPA underlines that rightsholders and rightsholders alone should have the final say in respect of when, to whom, and under what circumstances they make content available. Should the Telecom Regulatory Authority of India interfere with that right, both domestic and international breaches of law could result.

The full submission can be found here (pdf)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Don’t Get Trapped in iCloud

Post Syndicated from Peter Cohen original https://www.backblaze.com/blog/dont-get-trapped-icloud/

Don't Get Trapped in iCloud

Let me preface this with a bit of history: I’ve been using Macs for more than 30 years. I’ve seen an enormous amount of changes at Apple, and I’ve been using their online services since the AppleLink days (it was a pre-Internet dial-up service for Apple dealers and service people).

Over the past few years Apple’s made a lot of changes to iCloud. They’ve added some great additions to make it a world-class cloud service. But there are drawbacks. In the course of selling, supporting and writing about these devices, I consistently see people make the same mistakes. So with that background let’s get to my central point: I think it’s a big mistake to trust Apple alone with your data. Let me tell you why.

Apple aggressively promotes iCloud to its customers as a way to securely store information, photos and other vital data, leading to a false sense of security that all of your data is safe from harm. It isn’t. Let’s talk about some of the biggest mistakes you can make with iCloud.

iCloud Sync Does Not = Backing Up

Even if the picture of your puppy’s first bath time is on your iPhone and your iPad, it isn’t backed up. One of the biggest mistakes you can make is to assume that since your photos, contacts, and calendar sync between devices, they’re backed up. There’s a big difference between syncing and backing up.

Repeat after me:
Syncing Is Not Backing Up
Syncing Is Not Backing Up
Syncing Is Not Backing Up

iCloud helps you sync content between devices. Add an event to the calendar app on your phone and iCloud pushes that change to the calendar on your Mac too. Take a photo with the iPhone and find it in your Mac’s Photos library without having to connect the phone to the computer. That’s convenient. I use that functionality all the time.

Syncing can be confusing, though. iCloud Photo Library is what Apple calls iCloud’s ability to sync photos between Apple devices seamlessly. But it’s a two-way street. If you delete a photo from your Mac, it gets removed from your iPhone too, because it’s all in iCloud, there is no backup copy anywhere else.

Recently my wife decided that she didn’t want to have the same photos on her Mac and iPhone. Extricating herself from that means shutting off iCloud Photo Library and manually syncing the iPhone and Mac. That adds extra steps to back everything up! Now the phone has to be connected to the Mac, and my wife has to remember to do it. Bottom line: Syncs between the computer and phone happen less frequently when they are manual, which means there’s more opportunity for pictures to get lost. But with Apple’s syncing enabled, my wife runs the risk of deleting photos that are important not just on one device but everywhere.

Relying on any of these features without having a solid backup strategy means you’re leaving it to Apple and iCloud to keep your pictures and other info safe. If the complex and intricate ecosystem that keeps that stuff working goes awry – and as Murphy’s Law demands, stuff always goes wrong – you can find yourself without pictures, music, and important files.

Better to be safe than sorry. Backing up your data is the way to make sure your memories are safe. Most of the people I’ve helped over the years haven’t realized that iCloud is not backing them up. Some of them have found out the hard way.

iCloud Doesn’t Back Up Your Computer

Apple does have something called “iCloud Backup.” iCloud Backup backs up critical info on the iPhone and iPad to iCloud. But it’s only for mobile devices. The “stuff” on your computer is not backed up by iCloud Backup.

Making matters worse, it’s a “space permitting” solution. Apple gives you a scant 5 GB of free space with an iCloud account. To put that in context, the smallest iPhone 7 ships with 32 GB of space. So right off the bat, you have to pay extra to back up a new device. Many of us who use the free account don’t want to pay for more, so we get messages telling us that our devices can’t be backed up.

More importantly, iCloud doesn’t back up your Mac. So while data may be synced between devices in iCloud, most of the content on your Mac isn’t getting backed up directly.

Be Wary of “Store In iCloud” and “Optimize Storage”

macOS X 10.12 “Sierra” introduced new remote storage functions for iCloud including “Store in iCloud” and “Optimize Storage.” Both of these features move information from your Mac to the cloud. The Mac leaves frequently accessed files locally, but files you don’t use regularly get moved to iCloud and purged from the hard drive.

Your data is yours.

Macs, with their high-performance hard drives, can run chronically short of local storage space. These new storage optimization features can offset that problem by moving what you’re not using to iCloud. As long as you stay connected to iCloud. If iCloud isn’t available, neither are your files.

Your data is yours. It should always be in your possession. Ideally, you’d have a local backup of your data (time machine, extra hard drive, etc) AND an offsite copy… not OR. We call that 3-2-1 Backup Strategy. That way you’re not dependent on Apple and a stable Internet connection to get your files when you want them.

iCloud Drive Isn’t a Backup Either

iCloud Drive is another iCloud feature that can lull you into a false sense of security. It’s a Dropbox-style sync repository – files put in iCloud Drive appear on the Mac, iPhone, and iPad. However, any files you don’t choose to add to iCloud Drive are only available locally and are not backed up.

iCloud Drive has limits, too. You can’t upload a file larger than 15 GB. And you can only store as much as you’ve paid for – hit your limit, and you’ll have to pay more. But only up to 2 TB, which will cost you $19.99/month.

Trust But Verify (and Back Up Yourself)

I’ve used iCloud from the start and I continue to do so. iCloud is an excellent sync service. It makes the Apple ecosystem of hardware and software easier to use. But it isn’t infallible. I’ve had problems with calendar syncing, contacts disappearing, and my music getting messed up by iTunes In the Cloud.

That was a real painful lesson for me. I synced thousands of tracks of music I’d had for many years, ripped from the original CDs I owned and had long since put in storage. iTunes In the Cloud synced my music library so I could share it with all my Apple devices. To save space and bandwidth, the service doesn’t upload your library when it can replace tracks with what it thinks are matches in iTunes’ own library. I didn’t want Apple’s versions – I wanted mine, because I’d customized them with album art and spent a lot of time crafting them. Apple’s versions sometimes looked and sounded differently than mine.

If I hadn’t kept a backup copy locally, I’d be stuck with Apple’s versions. That wasn’t what I wanted. My data is mine.

The prospect of downloading thousands of files, and all the time that would take is daunting. That’s why we created the Restore Return Refund program – you can get your backed up files delivered by FedEx on a USB thumbdrive or hard disk drive. You can’t do that with iCloud.

It’s experiences like that which explain why I think it’s so important to understand iCloud’s inherent shortcomings as a backup service. Having your data sync across your devices is a great feature and one I use all the time. However, as a sole backup solution, it’s a recipe for disaster.

Like all sync services if you accidently delete a file on one device it’s gone on all of your devices as soon as the next sync happens. Unfortunately “user error” is an all too common problem and when it comes to your data, it’s not one you want to take for granted.

Which brings us to the last point I want to make. It’s easy to get complacent with one company’s ecosystem, but circumstances change. What happens when you get rid of that Mac or that iPhone and get something that doesn’t integrate as easily with the Apple world? Extricating yourself from any company’s ecosystem can, quite frankly, be an intimidating experience, with lots of opportunities to overlook or lose important files. You can avoid such data insecurity by having your info backed up.

With a family that uses lots of Apple products, I pay for Apple’s iCloud and other Apple services. With a Mac and iPhone, iCloud’s ability to sync content means that my workflow is seamless from mobile to desktop and back. I spend less time fiddling with my devices and more time getting work done. The data on iCloud makes up my digital life. Like anything valuable, it’s common sense to keep my info close and well protected. That’s why I keep a local backup, with offsite backup through Backblaze, of course.

The safety, security, and integrity of your data are paramount. Do whatever you can to make sure it’s safe. Back up your files locally and offsite away from iCloud. Backblaze is here to help. If you need more advice for backing up your Mac, check out our complete Mac Backup Guide for details.

The post Don’t Get Trapped in iCloud appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

In Case You Missed These: AWS Security Blog Posts from January, February, and March

Post Syndicated from Craig Liebendorfer original https://aws.amazon.com/blogs/security/in-case-you-missed-these-aws-security-blog-posts-from-january-february-and-march/

Image of lock and key

In case you missed any AWS Security Blog posts published so far in 2017, they are summarized and linked to below. The posts are shown in reverse chronological order (most recent first), and the subject matter ranges from protecting dynamic web applications against DDoS attacks to monitoring AWS account configuration changes and API calls to Amazon EC2 security groups.

March

March 22: How to Help Protect Dynamic Web Applications Against DDoS Attacks by Using Amazon CloudFront and Amazon Route 53
Using a content delivery network (CDN) such as Amazon CloudFront to cache and serve static text and images or downloadable objects such as media files and documents is a common strategy to improve webpage load times, reduce network bandwidth costs, lessen the load on web servers, and mitigate distributed denial of service (DDoS) attacks. AWS WAF is a web application firewall that can be deployed on CloudFront to help protect your application against DDoS attacks by giving you control over which traffic to allow or block by defining security rules. When users access your application, the Domain Name System (DNS) translates human-readable domain names (for example, www.example.com) to machine-readable IP addresses (for example, 192.0.2.44). A DNS service, such as Amazon Route 53, can effectively connect users’ requests to a CloudFront distribution that proxies requests for dynamic content to the infrastructure hosting your application’s endpoints. In this blog post, I show you how to deploy CloudFront with AWS WAF and Route 53 to help protect dynamic web applications (with dynamic content such as a response to user input) against DDoS attacks. The steps shown in this post are key to implementing the overall approach described in AWS Best Practices for DDoS Resiliency and enable the built-in, managed DDoS protection service, AWS Shield.

March 21: New AWS Encryption SDK for Python Simplifies Multiple Master Key Encryption
The AWS Cryptography team is happy to announce a Python implementation of the AWS Encryption SDK. This new SDK helps manage data keys for you, and it simplifies the process of encrypting data under multiple master keys. As a result, this new SDK allows you to focus on the code that drives your business forward. It also provides a framework you can easily extend to ensure that you have a cryptographic library that is configured to match and enforce your standards. The SDK also includes ready-to-use examples. If you are a Java developer, you can refer to this blog post to see specific Java examples for the SDK. In this blog post, I show you how you can use the AWS Encryption SDK to simplify the process of encrypting data and how to protect your encryption keys in ways that help improve application availability by not tying you to a single region or key management solution.

March 21: Updated CJIS Workbook Now Available by Request
The need for guidance when implementing Criminal Justice Information Services (CJIS)–compliant solutions has become of paramount importance as more law enforcement customers and technology partners move to store and process criminal justice data in the cloud. AWS services allow these customers to easily and securely architect a CJIS-compliant solution when handling criminal justice data, creating a durable, cost-effective, and secure IT infrastructure that better supports local, state, and federal law enforcement in carrying out their public safety missions. AWS has created several documents (collectively referred to as the CJIS Workbook) to assist you in aligning with the FBI’s CJIS Security Policy. You can use the workbook as a framework for developing CJIS-compliant architecture in the AWS Cloud. The workbook helps you define and test the controls you operate, and document the dependence on the controls that AWS operates (compute, storage, database, networking, regions, Availability Zones, and edge locations).

March 9: New Cloud Directory API Makes It Easier to Query Data Along Multiple Dimensions
Today, we made available a new Cloud Directory API, ListObjectParentPaths, that enables you to retrieve all available parent paths for any directory object across multiple hierarchies. Use this API when you want to fetch all parent objects for a specific child object. The order of the paths and objects returned is consistent across iterative calls to the API, unless objects are moved or deleted. In case an object has multiple parents, the API allows you to control the number of paths returned by using a paginated call pattern. In this blog post, I use an example directory to demonstrate how this new API enables you to retrieve data across multiple dimensions to implement powerful applications quickly.

March 8: How to Access the AWS Management Console Using AWS Microsoft AD and Your On-Premises Credentials
AWS Directory Service for Microsoft Active Directory, also known as AWS Microsoft AD, is a managed Microsoft Active Directory (AD) hosted in the AWS Cloud. Now, AWS Microsoft AD makes it easy for you to give your users permission to manage AWS resources by using on-premises AD administrative tools. With AWS Microsoft AD, you can grant your on-premises users permissions to resources such as the AWS Management Console instead of adding AWS Identity and Access Management (IAM) user accounts or configuring AD Federation Services (AD FS) with Security Assertion Markup Language (SAML). In this blog post, I show how to use AWS Microsoft AD to enable your on-premises AD users to sign in to the AWS Management Console with their on-premises AD user credentials to access and manage AWS resources through IAM roles.

March 7: How to Protect Your Web Application Against DDoS Attacks by Using Amazon Route 53 and an External Content Delivery Network
Distributed Denial of Service (DDoS) attacks are attempts by a malicious actor to flood a network, system, or application with more traffic, connections, or requests than it is able to handle. To protect your web application against DDoS attacks, you can use AWS Shield, a DDoS protection service that AWS provides automatically to all AWS customers at no additional charge. You can use AWS Shield in conjunction with DDoS-resilient web services such as Amazon CloudFront and Amazon Route 53 to improve your ability to defend against DDoS attacks. Learn more about architecting for DDoS resiliency by reading the AWS Best Practices for DDoS Resiliency whitepaper. You also have the option of using Route 53 with an externally hosted content delivery network (CDN). In this blog post, I show how you can help protect the zone apex (also known as the root domain) of your web application by using Route 53 to perform a secure redirect to prevent discovery of your application origin.

Image of lock and key

February

February 27: Now Generally Available – AWS Organizations: Policy-Based Management for Multiple AWS Accounts
Today, AWS Organizations moves from Preview to General Availability. You can use Organizations to centrally manage multiple AWS accounts, with the ability to create a hierarchy of organizational units (OUs). You can assign each account to an OU, define policies, and then apply those policies to an entire hierarchy, specific OUs, or specific accounts. You can invite existing AWS accounts to join your organization, and you can also create new accounts. All of these functions are available from the AWS Management Console, the AWS Command Line Interface (CLI), and through the AWS Organizations API.To read the full AWS Blog post about today’s launch, see AWS Organizations – Policy-Based Management for Multiple AWS Accounts.

February 23: s2n Is Now Handling 100 Percent of SSL Traffic for Amazon S3
Today, we’ve achieved another important milestone for securing customer data: we have replaced OpenSSL with s2n for all internal and external SSL traffic in Amazon Simple Storage Service (Amazon S3) commercial regions. This was implemented with minimal impact to customers, and multiple means of error checking were used to ensure a smooth transition, including client integration tests, catching potential interoperability conflicts, and identifying memory leaks through fuzz testing.

February 22: Easily Replace or Attach an IAM Role to an Existing EC2 Instance by Using the EC2 Console
AWS Identity and Access Management (IAM) roles enable your applications running on Amazon EC2 to use temporary security credentials. IAM roles for EC2 make it easier for your applications to make API requests securely from an instance because they do not require you to manage AWS security credentials that the applications use. Recently, we enabled you to use temporary security credentials for your applications by attaching an IAM role to an existing EC2 instance by using the AWS CLI and SDK. To learn more, see New! Attach an AWS IAM Role to an Existing Amazon EC2 Instance by Using the AWS CLI. Starting today, you can attach an IAM role to an existing EC2 instance from the EC2 console. You can also use the EC2 console to replace an IAM role attached to an existing instance. In this blog post, I will show how to attach an IAM role to an existing EC2 instance from the EC2 console.

February 22: How to Audit Your AWS Resources for Security Compliance by Using Custom AWS Config Rules
AWS Config Rules enables you to implement security policies as code for your organization and evaluate configuration changes to AWS resources against these policies. You can use Config rules to audit your use of AWS resources for compliance with external compliance frameworks such as CIS AWS Foundations Benchmark and with your internal security policies related to the US Health Insurance Portability and Accountability Act (HIPAA), the Federal Risk and Authorization Management Program (FedRAMP), and other regimes. AWS provides some predefined, managed Config rules. You also can create custom Config rules based on criteria you define within an AWS Lambda function. In this post, I show how to create a custom rule that audits AWS resources for security compliance by enabling VPC Flow Logs for an Amazon Virtual Private Cloud (VPC). The custom rule meets requirement 4.3 of the CIS AWS Foundations Benchmark: “Ensure VPC flow logging is enabled in all VPCs.”

February 13: AWS Announces CISPE Membership and Compliance with First-Ever Code of Conduct for Data Protection in the Cloud
I have two exciting announcements today, both showing AWS’s continued commitment to ensuring that customers can comply with EU Data Protection requirements when using our services.

February 13: How to Enable Multi-Factor Authentication for AWS Services by Using AWS Microsoft AD and On-Premises Credentials
You can now enable multi-factor authentication (MFA) for users of AWS services such as Amazon WorkSpaces and Amazon QuickSight and their on-premises credentials by using your AWS Directory Service for Microsoft Active Directory (Enterprise Edition) directory, also known as AWS Microsoft AD. MFA adds an extra layer of protection to a user name and password (the first “factor”) by requiring users to enter an authentication code (the second factor), which has been provided by your virtual or hardware MFA solution. These factors together provide additional security by preventing access to AWS services, unless users supply a valid MFA code.

February 13: How to Create an Organizational Chart with Separate Hierarchies by Using Amazon Cloud Directory
Amazon Cloud Directory enables you to create directories for a variety of use cases, such as organizational charts, course catalogs, and device registries. Cloud Directory offers you the flexibility to create directories with hierarchies that span multiple dimensions. For example, you can create an organizational chart that you can navigate through separate hierarchies for reporting structure, location, and cost center. In this blog post, I show how to use Cloud Directory APIs to create an organizational chart with two separate hierarchies in a single directory. I also show how to navigate the hierarchies and retrieve data. I use the Java SDK for all the sample code in this post, but you can use other language SDKs or the AWS CLI.

February 10: How to Easily Log On to AWS Services by Using Your On-Premises Active Directory
AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also known as Microsoft AD, now enables your users to log on with just their on-premises Active Directory (AD) user name—no domain name is required. This new domainless logon feature makes it easier to set up connections to your on-premises AD for use with applications such as Amazon WorkSpaces and Amazon QuickSight, and it keeps the user logon experience free from network naming. This new interforest trusts capability is now available when using Microsoft AD with Amazon WorkSpaces and Amazon QuickSight Enterprise Edition. In this blog post, I explain how Microsoft AD domainless logon works with AD interforest trusts, and I show an example of setting up Amazon WorkSpaces to use this capability.

February 9: New! Attach an AWS IAM Role to an Existing Amazon EC2 Instance by Using the AWS CLI
AWS Identity and Access Management (IAM) roles enable your applications running on Amazon EC2 to use temporary security credentials that AWS creates, distributes, and rotates automatically. Using temporary credentials is an IAM best practice because you do not need to maintain long-term keys on your instance. Using IAM roles for EC2 also eliminates the need to use long-term AWS access keys that you have to manage manually or programmatically. Starting today, you can enable your applications to use temporary security credentials provided by AWS by attaching an IAM role to an existing EC2 instance. You can also replace the IAM role attached to an existing EC2 instance. In this blog post, I show how you can attach an IAM role to an existing EC2 instance by using the AWS CLI.

February 8: How to Remediate Amazon Inspector Security Findings Automatically
The Amazon Inspector security assessment service can evaluate the operating environments and applications you have deployed on AWS for common and emerging security vulnerabilities automatically. As an AWS-built service, Amazon Inspector is designed to exchange data and interact with other core AWS services not only to identify potential security findings but also to automate addressing those findings. Previous related blog posts showed how you can deliver Amazon Inspector security findings automatically to third-party ticketing systems and automate the installation of the Amazon Inspector agent on new Amazon EC2 instances. In this post, I show how you can automatically remediate findings generated by Amazon Inspector. To get started, you must first run an assessment and publish any security findings to an Amazon Simple Notification Service (SNS) topic. Then, you create an AWS Lambda function that is triggered by those notifications. Finally, the Lambda function examines the findings and then implements the appropriate remediation based on the type of issue.

February 6: How to Simplify Security Assessment Setup Using Amazon EC2 Systems Manager and Amazon Inspector
In a July 2016 AWS Blog post, I discussed how to integrate Amazon Inspector with third-party ticketing systems by using Amazon Simple Notification Service (SNS) and AWS Lambda. This AWS Security Blog post continues in the same vein, describing how to use Amazon Inspector to automate various aspects of security management. In this post, I show you how to install the Amazon Inspector agent automatically through the Amazon EC2 Systems Manager when a new Amazon EC2 instance is launched. In a subsequent post, I will show you how to update EC2 instances automatically that run Linux when Amazon Inspector discovers a missing security patch.

Image of lock and key

January

January 30: How to Protect Data at Rest with Amazon EC2 Instance Store Encryption
Encrypting data at rest is vital for regulatory compliance to ensure that sensitive data saved on disks is not readable by any user or application without a valid key. Some compliance regulations such as PCI DSS and HIPAA require that data at rest be encrypted throughout the data lifecycle. To this end, AWS provides data-at-rest options and key management to support the encryption process. For example, you can encrypt Amazon EBS volumes and configure Amazon S3 buckets for server-side encryption (SSE) using AES-256 encryption. Additionally, Amazon RDS supports Transparent Data Encryption (TDE). Instance storage provides temporary block-level storage for Amazon EC2 instances. This storage is located on disks attached physically to a host computer. Instance storage is ideal for temporary storage of information that frequently changes, such as buffers, caches, and scratch data. By default, files stored on these disks are not encrypted. In this blog post, I show a method for encrypting data on Linux EC2 instance stores by using Linux built-in libraries. This method encrypts files transparently, which protects confidential data. As a result, applications that process the data are unaware of the disk-level encryption.

January 27: How to Detect and Automatically Remediate Unintended Permissions in Amazon S3 Object ACLs with CloudWatch Events
Amazon S3 Access Control Lists (ACLs) enable you to specify permissions that grant access to S3 buckets and objects. When S3 receives a request for an object, it verifies whether the requester has the necessary access permissions in the associated ACL. For example, you could set up an ACL for an object so that only the users in your account can access it, or you could make an object public so that it can be accessed by anyone. If the number of objects and users in your AWS account is large, ensuring that you have attached correctly configured ACLs to your objects can be a challenge. For example, what if a user were to call the PutObjectAcl API call on an object that is supposed to be private and make it public? Or, what if a user were to call the PutObject with the optional Acl parameter set to public-read, therefore uploading a confidential file as publicly readable? In this blog post, I show a solution that uses Amazon CloudWatch Events to detect PutObject and PutObjectAcl API calls in near-real time and helps ensure that the objects remain private by making automatic PutObjectAcl calls, when necessary.

January 26: Now Available: Amazon Cloud Directory—A Cloud-Native Directory for Hierarchical Data
Today we are launching Amazon Cloud Directory. This service is purpose-built for storing large amounts of strongly typed hierarchical data. With the ability to scale to hundreds of millions of objects while remaining cost-effective, Cloud Directory is a great fit for all sorts of cloud and mobile applications.

January 24: New SOC 2 Report Available: Confidentiality
As with everything at Amazon, the success of our security and compliance program is primarily measured by one thing: our customers’ success. Our customers drive our portfolio of compliance reports, attestations, and certifications that support their efforts in running a secure and compliant cloud environment. As a result of our engagement with key customers across the globe, we are happy to announce the publication of our new SOC 2 Confidentiality report. This report is available now through AWS Artifact in the AWS Management Console.

January 18: Compliance in the Cloud for New Financial Services Cybersecurity Regulations
Financial regulatory agencies are focused more than ever on ensuring responsible innovation. Consequently, if you want to achieve compliance with financial services regulations, you must be increasingly agile and employ dynamic security capabilities. AWS enables you to achieve this by providing you with the tools you need to scale your security and compliance capabilities on AWS. The following breakdown of the most recent cybersecurity regulations, NY DFS Rule 23 NYCRR 500, demonstrates how AWS continues to focus on your regulatory needs in the financial services sector.

January 9: New Amazon GameDev Blog Post: Protect Multiplayer Game Servers from DDoS Attacks by Using Amazon GameLift
In online gaming, distributed denial of service (DDoS) attacks target a game’s network layer, flooding servers with requests until performance degrades considerably. These attacks can limit a game’s availability to players and limit the player experience for those who can connect. Today’s new Amazon GameDev Blog post uses a typical game server architecture to highlight DDoS attack vulnerabilities and discusses how to stay protected by using built-in AWS Cloud security, AWS security best practices, and the security features of Amazon GameLift. Read the post to learn more.

January 6: The Top 10 Most Downloaded AWS Security and Compliance Documents in 2016
The following list includes the 10 most downloaded AWS security and compliance documents in 2016. Using this list, you can learn about what other people found most interesting about security and compliance last year.

January 6: FedRAMP Compliance Update: AWS GovCloud (US) Region Receives a JAB-Issued FedRAMP High Baseline P-ATO for Three New Services
Three new services in the AWS GovCloud (US) region have received a Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) under the Federal Risk and Authorization Management Program (FedRAMP). JAB issued the authorization at the High baseline, which enables US government agencies and their service providers the capability to use these services to process the government’s most sensitive unclassified data, including Personal Identifiable Information (PII), Protected Health Information (PHI), Controlled Unclassified Information (CUI), criminal justice information (CJI), and financial data.

January 4: The Top 20 Most Viewed AWS IAM Documentation Pages in 2016
The following 20 pages were the most viewed AWS Identity and Access Management (IAM) documentation pages in 2016. I have included a brief description with each link to give you a clearer idea of what each page covers. Use this list to see what other people have been viewing and perhaps to pique your own interest about a topic you’ve been meaning to research.

January 3: The Most Viewed AWS Security Blog Posts in 2016
The following 10 posts were the most viewed AWS Security Blog posts that we published during 2016. You can use this list as a guide to catch up on your blog reading or even read a post again that you found particularly useful.

January 3: How to Monitor AWS Account Configuration Changes and API Calls to Amazon EC2 Security Groups
You can use AWS security controls to detect and mitigate risks to your AWS resources. The purpose of each security control is defined by its control objective. For example, the control objective of an Amazon VPC security group is to permit only designated traffic to enter or leave a network interface. Let’s say you have an Internet-facing e-commerce website, and your security administrator has determined that only HTTP (TCP port 80) and HTTPS (TCP 443) traffic should be allowed access to the public subnet. As a result, your administrator configures a security group to meet this control objective. What if, though, someone were to inadvertently change this security group’s rules and enable FTP or other protocols to access the public subnet from any location on the Internet? That expanded access could weaken the security posture of your assets. Consequently, your administrator might need to monitor the integrity of your company’s security controls so that the controls maintain their desired effectiveness. In this blog post, I explore two methods for detecting unintended changes to VPC security groups. The two methods address not only control objectives but also control failures.

If you have questions about or issues with implementing the solutions in any of these posts, please start a new thread on the forum identified near the end of each post.

– Craig

Updated CJIS Workbook Now Available by Request

Post Syndicated from Chris Gile original https://aws.amazon.com/blogs/security/updated-cjis-workbook-now-available-by-request/

CJIS logo

The need for guidance when implementing Criminal Justice Information Services (CJIS)–compliant solutions has become of paramount importance as more law enforcement customers and technology partners move to store and process criminal justice data in the cloud. AWS services allow these customers to easily and securely architect a CJIS-compliant solution when handling criminal justice data, creating a durable, cost-effective, and secure IT infrastructure that better supports local, state, and federal law enforcement in carrying out their public safety missions.

AWS has created several documents (collectively referred to as the CJIS Workbook) to assist you in aligning with the FBI’s CJIS Security Policy. You can use the workbook as a framework for developing CJIS-compliant architecture in the AWS Cloud. The workbook helps you define and test the controls you operate, and document the dependence on the controls that AWS operates (compute, storage, database, networking, regions, Availability Zones, and edge locations).

Our most recent updates to the CJIS Workbook include:

AWS’s commitment to facilitating CJIS processes with customers is exemplified by the recent CJIS Agreements put in place with the states of California, Colorado, Louisiana, Minnesota, Oregon, Utah and Washington (to name but a few). As we continue to sign CJIS agreements across the country, law enforcement agencies are able to implement innovations to improve communities’ and officers’ safety, including body cameras, real-time gunshot notifications, and data analytics. With the release of our updated CJIS Workbook, AWS remains dedicated to enabling cloud usage for the law enforcement market.

Please reach out to AWS Compliance if you have additional questions about CJIS or any other set of compliance standards.

– Chris Gile, AWS Risk and Compliance