Tag Archives: paypal

Pirate Site Operators Caught By Money Trail, Landmark Trial Hears

Post Syndicated from Andy original https://torrentfreak.com/pirate-site-operators-caught-by-money-trail-landmark-trial-hears-170411/

Founded half a decade ago, Swefilmer grew to become Sweden’s most popular movie and TV show streaming site. At one stage, Swefilmer and fellow streaming site Dreamfilm were said to account for 25% of all web TV viewing in Sweden.

In 2015, local man Ola Johansson took to the Internet to reveal that he’d been raided by the police under suspicion of being involved in running the site. In March 2016, a Turkish national was arrested in Germany on a secret European arrest warrant.

After a couple of false starts, one last June and another this January, the case finally got underway yesterday in Sweden.

The pair stand accused of the unlawful distribution of around 1,400 movies, owned by a dozen studios including Warner, Disney and Fox. Investigators tested 67 of the titles and ten had been made available online before their DVD release.

Anti-piracy group Rights Alliance claims that the site generated a lot of money from advertising without paying for the appropriate licenses. On the table are potential convictions for copyright infringement and money laundering.

Follow the money

In common with so many file-sharing related cases, it’s clear that the men in this case were tracked down from traces left online. Those included IP address evidence and money trails from both advertising revenues and site donations.

According to Sveriges Radio who were in court yesterday, police were able to trace two IP addresses used to operate Swefilmer back to Turkey.

In an effort to trace the bank account used by the site to hold funds, the prosecutor then sought assistance from Turkish authorities. After obtaining the name of the 26-year-old, the prosecutor was then able to link that with advertising revenue generated by the site.

Swefilmer also had a PayPal account used to receive donations and payments for VIP memberships. That account was targeted by an investigator from Rights Alliance who donated money via the same method. That allowed the group to launch an investigation with the payment processor.

The PayPal inquiry appears to have been quite fruitful. The receipt from the donation revealed the account name and from there PayPal apparently gave up the email and bank account details connected to the account. These were linked to the 26-year-old by the prosecutor.


The site’s connections with its advertisers also proved useful to investigators. The prosecution claimed that Swefilmer received its first payment in 2013 and its last in 2015. The money generated, some $1.5m (14m kronor), was deposited in a bank account operated by the 26-year-old by a Stockholm-based ad company.

The court heard that while the CEO of the advertising company had been questioned in connection with the case, he is not suspected of crimes.

Connecting the site’s operators

While the exact mechanism is unclear, investigators from Rights Alliance managed to find an IP address used by the 22-year-old. This IP was then traced back to his parents’ home in Kungsbacka, Sweden. The same IP address was used to access the man’s Facebook page.

In court, the prosecution read out chat conversations between both men. They revealed that the men knew each other only through chat and that the younger man believed the older was from Russia.

The prosecution’s case is that the 26-year-old was the ring-leader and that his colleague was a minor player. With that in mind, the latter is required to pay back around $4,000, which is the money he earned from the site.

For the older man, the situation is much more serious. The prosecution is seeking all of the money the site made from advertising, a cool $1.5m.

The case was initially set to go ahead last year but was postponed pending a ruling from the European Court of Justice. Last September, the Court determined that it was illegal to link to copyrighted material if profit was being made.

Claes Kennedy, the lawyer for the 22-year-old, insists that his client did nothing wrong. His actions took place before the ECJ’s ruling so should be determined legal, he says.

The case continues.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Court Orders PayPal to Identify Pirate Site Owner

Post Syndicated from Ernesto original https://torrentfreak.com/court-orders-paypal-to-identify-pirate-site-owner-170408/

For several years PayPal has been trying to limit how much business it does with sites and services linked to copyright infringement.

The payment provider previously banned several BitTorrent sites, Usenet providers and file-hosting services to avoid any associations with piracy.

The disconnections are often the result of complaints from copyright holders who want to limit the financial resources of these platforms. In addition, the same companies are also interested in finding out who the operators are.

This puts PayPal in a more tricky position. Handing over personal details of clients is not something most financial companies would do voluntarily. In Germany, this prompted Sony Music to take the matter to court.

This week, the Hamburg District Court ruled that PayPal must hand over the information they have on the operator of an unnamed pirate site. In this case, Luxemburg’s banking secrecy provisions do not shield the website operator.

Internet and copyright lawyer Clemens Rasch, whose law firm handled the case, is happy with the outcome. He says that the ruling allows music producers, film companies and other copyright holders to identify pirates more easily, something they can use to enforce their rights.

“The decision makes it easier to identify offenders and make them liable,” the lawyer comments. The present ruling sets a precedent that could also be applied to other pirates and payment providers.

“According to the ‘follow-the-money’ approach, PayPal and any other payment service, including credit card providers, are obliged to provide information in the event of an infringement. This is the case, for example, if the web server on which the infringements occur is financed through the payment service,” Rasch adds.

In recent years copyright holders have started to rely more heavily on this “follow-the-money” approach. One of the goals is to dry up the resources of alleged copyright infringers. With the German ruling, they now have an ulterior motive to go after sites’ payment providers, at least in Germany.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

EFF Criticizes PIPCU’s New Domain Name Policing Effort

Post Syndicated from Andy original https://torrentfreak.com/eff-criticizes-pipcus-new-domain-name-policing-effort-170406/

The City of London Police Intellectual Property Crime Unit (PIPCU) is a specialist unit dedicated to the reduction of all IP-related crime, including actions against pirate sites and their operators, sellers of Kodi-type devices, and those who counterfeit luxury goods.

While at times the unit is able to take down infrastructure, it appears to have a broader strategy of disruption, making life difficult for those committing infringement in the hope that they give up or move on.

In recent years, PIPCU has been putting a lot of effort into having domains taken down or suspended. Sometimes it achieves this after applying pressure to pirate site operators, for example, but the majority of takedowns are actioned via voluntary agreements with industry players.

This week, PIPCU announced that it will begin collaborating with the International Anti Counterfeiting Coalition (IACC) to take down websites in association with the IACC’s ‘RogueBlock‘ program.

RogueBlock was launched in January 2012 following rights-holder negotiations with the payment industry to develop a strategy for dealing with so-called ‘rogue’ websites. It began by focusing on sites selling counterfeits but in 2015 was expanded to deal with cyberlocker-type sites.

With MasterCard, Visa, PayPal, MoneyGram, American Express, Discover, PULSE, Diners Club and Western Union as members, the program focuses on disrupting revenue streams, such as payments for fake items or subscriptions to file-hosting sites that fail to comply with the requirements of the DMCA.

Since the program began, it claims to have terminated more than 5,300 accounts connected to a claimed 200,000 websites. Now it has a new ally in PIPCU, which will augment the program with its own Operation Ashiko, an initiative aimed at seizing allegedly infringing website domains.

“Since its inception Operation Ashiko has suspended in excess of 20,000 websites by working with our industry partners,” PIPCU says.

“This creates a safer environment for consumers to purchase genuine goods and disrupts the funding of criminals committing intellectual property crime.”

This partnership is an extension of similar industry and voluntary agreements currently gathering momentum in both Europe and the United States. Freed from the shackles of expensive and formal legal action, industry players and police now work together in order to disrupt piracy in all its forms, hitting website infrastructure and revenue collection mechanisms.

While supporters in the creative industries see such programs as nimble and effective in the fight against IP crime, critics such as the EFF are concerned by the lack of transparency and accountability.

“If a website is wrongly listed by the IACC in its RogueBlock program, thereby becoming a target for blocking by the City of London Police and the payment processors, there is no readily accessible pathway to have its inclusion reviewed and, if necessary, reversed,” the EFF says.

“This opens up much scope for websites to be wrongly listed for anti-competitive or political reasons, or simply by mistake.”

The EFF says that it would prefer that action against sites was backed up by enforcement through legal channels. However, as the group points out, that could prove complex due to the multi-jurisdictional nature of the Internet.

“The latest expansion of the program to facilitate the takedown of domains threatens to compound these problems, particularly if the City of London Police apply it against websites that are not globally infringing, or if private domain registries or registrars join the program and begin to act on claims of infringement directly,” it concludes.

While PIPCU will certainly bring something to the table, domain suspensions in the UK don’t always go smoothly. Registrars have previously declined to work with the unit to suspend torrent site domains and in 2014 it was revealed that out of 70 similar requests, just five were granted.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Dreamhack Organizer Arrested in Torrent Site Crackdown

Post Syndicated from Ernesto original https://torrentfreak.com/dreamhack-organizer-arrested-in-torrent-site-crackdown-161121/

raratWhile Rarat.org is relatively unknown in most countries, it gained local fame in Sweden as one of the top private trackers.

This ended abruptly a few weeks ago when the site’s homepage was replaced with a worrying message, indicating the site’s operators were in trouble.

“The week Rarat was subject to a search, seizure, and arrest. This follows a 2013 complaint from a film company that tracked down our PayPal payments. Damages in the millions of krona are feared. The site will now be closed.”

This weekend, Rights Alliance lawyer Henrik Pontén, who represents several copyright holders, informed DN that Nordisk Film, SF, and Disney filed a criminal complaint back in 2013.

Initially, there wasn’t much progress in the case. However, a breakthrough came when PayPal, with help from Rights Alliance, identified the person who received Rarat’s donations.

With this information in hand a special unit of Sweden’s Department of National Police Operations, NOA, managed track down one of the alleged operators of the torrent site.

Interestingly, this prime suspect is also one of the organizers of the winter edition of Dreamhack, the largest computer festival in the world. The upcoming Dreamhack event, which takes place in Jönköping, is expected to draw 50,000 computer and gaming fanatics.

Earlier this month the Dreamhack organizer was arrested and taken in for questioning on suspicion of copyright infringement. In addition, several computers were seized as evidence during a house search.

“The investigation is still at an early stage, and there could be more people involved. We will now carry out a cyber forensic investigation. The suspect has been released pending a possible prosecution,” a representative of Stockholm’s Public Prosecution Office told DN.

The alleged torrent site operator denies his involvement with the site but has been put on leave from work by Dreamhack, pending the investigation.

“I’m not worried. The police have the wrong person,” the man commented, noting that the Rarat site shut down while the police were interrogating him.

Rights Alliance lawyer Henrik Pontén says that the complaint lists five films. As a result, the total scale of the damages could reach 10 million Swedish krona, which is well over a million dollars.


Header photo via Dreamhack.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Regulation of the Internet of Things

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/11/regulation_of_t.html

Late last month, popular websites like Twitter, Pinterest, Reddit and PayPal went down for most of a day. The distributed denial-of-service attack that caused the outages, and the vulnerabilities that made the attack possible, was as much a failure of market and policy as it was of technology. If we want to secure our increasingly computerized and connected world, we need more government involvement in the security of the “Internet of Things” and increased regulation of what are now critical and life-threatening technologies. It’s no longer a question of if, it’s a question of when.

First, the facts. Those websites went down because their domain name provider — a company named Dyn —­ was forced offline. We don’t know who perpetrated that attack, but it could have easily been a lone hacker. Whoever it was launched a distributed denial-of-service attack against Dyn by exploiting a vulnerability in large numbers ­— possibly millions — of Internet-of-Things devices like webcams and digital video recorders, then recruiting them all into a single botnet. The botnet bombarded Dyn with traffic, so much that it went down. And when it went down, so did dozens of websites.

Your security on the Internet depends on the security of millions of Internet-enabled devices, designed and sold by companies you’ve never heard of to consumers who don’t care about your security.

The technical reason these devices are insecure is complicated, but there is a market failure at work. The Internet of Things is bringing computerization and connectivity to many tens of millions of devices worldwide. These devices will affect every aspect of our lives, because they’re things like cars, home appliances, thermostats, light bulbs, fitness trackers, medical devices, smart streetlights and sidewalk squares. Many of these devices are low-cost, designed and built offshore, then rebranded and resold. The teams building these devices don’t have the security expertise we’ve come to expect from the major computer and smartphone manufacturers, simply because the market won’t stand for the additional costs that would require. These devices don’t get security updates like our more expensive computers, and many don’t even have a way to be patched. And, unlike our computers and phones, they stay around for years and decades.

An additional market failure illustrated by the Dyn attack is that neither the seller nor the buyer of those devices cares about fixing the vulnerability. The owners of those devices don’t care. They wanted a webcam —­ or thermostat, or refrigerator ­— with nice features at a good price. Even after they were recruited into this botnet, they still work fine ­— you can’t even tell they were used in the attack. The sellers of those devices don’t care: They’ve already moved on to selling newer and better models. There is no market solution because the insecurity primarily affects other people. It’s a form of invisible pollution.

And, like pollution, the only solution is to regulate. The government could impose minimum security standards on IoT manufacturers, forcing them to make their devices secure even though their customers don’t care. They could impose liabilities on manufacturers, allowing companies like Dyn to sue them if their devices are used in DDoS attacks. The details would need to be carefully scoped, but either of these options would raise the cost of insecurity and give companies incentives to spend money making their devices secure.

It’s true that this is a domestic solution to an international problem and that there’s no U.S. regulation that will affect, say, an Asian-made product sold in South America, even though that product could still be used to take down U.S. websites. But the main costs in making software come from development. If the United States and perhaps a few other major markets implement strong Internet-security regulations on IoT devices, manufacturers will be forced to upgrade their security if they want to sell to those markets. And any improvements they make in their software will be available in their products wherever they are sold, simply because it makes no sense to maintain two different versions of the software. This is truly an area where the actions of a few countries can drive worldwide change.

Regardless of what you think about regulation vs. market solutions, I believe there is no choice. Governments will get involved in the IoT, because the risks are too great and the stakes are too high. Computers are now able to affect our world in a direct and physical manner.

Security researchers have demonstrated the ability to remotely take control of Internet-enabled cars. They’ve demonstrated ransomware against home thermostats and exposed vulnerabilities in implanted medical devices. They’ve hacked voting machines and power plants. In one recent paper, researchers showed how a vulnerability in smart light bulbs could be used to start a chain reaction, resulting in them all being controlled by the attackers ­— that’s every one in a city. Security flaws in these things could mean people dying and property being destroyed.

Nothing motivates the U.S. government like fear. Remember 2001? A small-government Republican president created the Department of Homeland Security in the wake of the 9/11 terrorist attacks: a rushed and ill-thought-out decision that we’ve been trying to fix for more than a decade. A fatal IoT disaster will similarly spur our government into action, and it’s unlikely to be well-considered and thoughtful action. Our choice isn’t between government involvement and no government involvement. Our choice is between smarter government involvement and stupider government involvement. We have to start thinking about this now. Regulations are necessary, important and complex ­— and they’re coming. We can’t afford to ignore these issues until it’s too late.

In general, the software market demands that products be fast and cheap and that security be a secondary consideration. That was okay when software didn’t matter —­ it was okay that your spreadsheet crashed once in a while. But a software bug that literally crashes your car is another thing altogether. The security vulnerabilities in the Internet of Things are deep and pervasive, and they won’t get fixed if the market is left to sort it out for itself. We need to proactively discuss good regulatory solutions; otherwise, a disaster will impose bad ones on us.

This essay previously appeared in the Washington Post.

Police Confirm Arrests of BlackCats-Games Operators

Post Syndicated from Andy original https://torrentfreak.com/police-confirm-arrests-blackcats-games-operators-161020/

After being down for several hours, yesterday the domain of private tracker BlackCats-Games was seized by the UK’s Police Intellectual Property Crime Unit.

The domain used to point to an IP address in Canada, but was later switched to a server known to be under the control of PIPCU, the UK’s leading anti-piracy force.

Following several hours of rumors, last evening sources close to the site began to confirm that the situation was serious. Reddit user Farow went public with specific details, noting that the owner of BlackCats-Games had been arrested and the site would be closing down.

Former site staff member SteWieH added that there had in fact been two arrests and it was the site’s sysops that had been taken into custody.

While both are credible sources, there was no formal confirmation from PIPCU. That came a few moments ago and it’s pretty bad news for fans of the site and its operators.

“Officers from the City of London Police Intellectual Property Crime Unit (PIPCU) have arrested two men in connection with an ongoing investigation into the illegal distribution of copyright protected video games,” the unit said in a statement.

Police say that the raids took place on Tuesday, with officers arresting two men aged 47 and 44 years at their homes in Birmingham, West Midlands and Blyth, Northumberland. Both were arrested on suspicion of copyright infringement and money laundering offenses.

Detectives say they also seized digital media and computer hardware.

PIPCU report that the investigation into the site was launched in cooperation with UK Interactive Entertainment (UKIE) and the Entertainment Software Association (ESA). Former staff member SteWieH says that a PayPal account operated by the site in 2013 appears to have played an important role in the arrests.

Detective Sergeant Gary Brownfrom the City of London Police Intellectual Property Unit said that their goal was to disrupt the work of “content thieves.”

“With the ever-growing consumer appetite for gaming driving the threat of piracy to the industry, our action today is essential in disrupting criminal activity and the money which drives it,” Brownfrom said.

“Those who steal copyrighted content exploit the highly skilled work and jobs supported by the gaming industry. We are working hard to tackle digital intellectual property crime and we will continue to target our enforcement activity towards those identified as content thieves whatever scale they are operating at.”

UK Interactive Entertainment welcomed the arrests.

“UKIE applauds the action taken by PIPCU against the operators of the site. Sites like this are harmful to the hard work of game creators around the world. PIPCU’s actions confirm that these sites will not be tolerated, and are subject to criminal enforcement,” a spokesman said.

Stanley Pierre-Louis, general counsel for the Entertainment Software Association, thanked PIPCU for its work.

“ESA commends PIPCU for its commitment to taking action against sites that facilitate the illegal copying and distribution of incredibly advanced works of digital art. We are grateful for PIPCU’s leadership in this area and their support of creative industries.”

Both men have been released on police bail.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Who Are The Alleged Top Men Behind KickassTorrents?

Post Syndicated from Andy original https://torrentfreak.com/the-alleged-top-men-behind-kickasstorrents-160826/

katThe sudden shutdown last month of KickassTorrents left a sizeable hole in the torrent landscape. KAT was the largest torrent index on the planet and much-loved by those who frequented it.

On day one of the shutdown, the United States government revealed that they had one prime suspect in their sights. Ukrainian Artem Vaulin was said to be the mastermind of KickassTorrents, coordinating an international operation through Cryptoneat, a front company in Kharkiv, Ukraine.

Yesterday the United States officially indicted Vaulin (aka ‘tirm’) along with two of his alleged KickassTorrents co-conspirators – Oleksandr Radostin (aka ‘pioneer’) and Ievgen Kutsenko (aka ‘chill’). All are said to have worked at Cryptoneat but little else is known about them. Today we can put some meat on the bones.

Artem Vaulin

Artem Vaulin is a 30-year-old man from Ukraine. Born in 1985, he is married with a young son. According to an investigation carried out by Vesti, his business life had simple roots.

After graduating from school, Vaulin went on to set up a vending machine business focusing on chewing gum and soft toys.

“My parents gave me $3000. They said: ‘Cool, you do not have to count on us. Now you have your own money’,” Vaulin told reporters in 2004.

Since then, Vaulin’s business empire seems to have taken off but despite reportedly having interests in several local companies (three with registered capital of more than $8.5m total), Vaulin appears to have been able to keep a reasonably low profile.

However, it is Vaulin’s love of squash that leads us to the only images available of him online. Ukrainian squash portal Squashtime.com.ua has a full profile, indicating his date and place of birth, and even his racquet preference.


Vesti approached the club where Vaulin trained but due to data protection issues it would not share any information on the businessman. However, local news resource Segodnya tracked down Vaulin’s squash coach, Evgeny Ponomarenko.

“I know it only from the positive side. Artem is a good man and a family man with a growing son,” Ponomarenko said.

Vaulin is also said to have signed petitions on the Ukranian president’s website, one requesting that the country join NATO and another seeking to allow Ukranians to receive money from abroad via PayPal.

Oleksandr (Alexander) Radostin

Alexander Radostin appears to have been a software architect and/or lead engineer at Cryptoneat but other than that, very little is known about him.

There are several references to him online in Ukraine in relation to the shutdown of KickassTorrents, but most merely speculate that as an employee of Cryptoneat, Radostin might be best placed to confirm Vaulin’s current arrest status.

Many former Cryptoneat employees have purged their social networking presence but some of Radostin’s details are still available via Ukranian-based searches, including the Linkedin image below.


While almost nothing is known about the third indicted KickassTorrents operator, Ievgen Kutsenko, images of the offices from where he and his colleagues allegedly ran the site can be hunted down.

The image below shows a screenshot from a Ukranian job seeking site where Cryptoneat had a page. It lists both Vaulin and Radostin to the right of some tiny thumbnails of photographs apparently taken inside the Kickass/Cryptoneat offices.


TF managed to track down a full-size version of the third image from the left and the environment looks very nice indeed.


While Vaulin is currently being held in a Polish jail, the whereabouts of his alleged co-conspirators is unknown. However, if they are still in Ukraine it might not be straightforward to have them extradited to the United States.

“Ukraine and the United States do not have an extradition treaty,” the U.S. Embassy confirms on its Ukraine website.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

KickassTorrents Crew Ask For Donations to Rebuild The Site

Post Syndicated from Ernesto original https://torrentfreak.com/kickasstorrents-crew-ask-for-donations-to-rebuild-the-site-160811/

kickasstorrents_500x500With an active community and millions of regular visitors, KickassTorrents (KAT) was much more than a site to leech the latest torrents from.

Many considered it to be their virtual home where they gathered with friends on a daily basis.

This ended abruptly last month. When the site’s alleged operator was arrested following a criminal investigation of the U.S. Government, the official site went down with him.

While it’s unlikely that the original site will return anytime soon, a group of KAT-crew members have been working hard to keep the community together.

Within a few days a new forum was launched at Katcr.to, supported by several high ranking moderators of the original site. In the weeks that followed thousands of members returned to the community, which now has plans to expand.

The site started a fundraising campaign asking for money to repair and rebuild the “authentic KAT site code.” The team is accepting donations through PayPal and a Gofundme campaign, hoping to collect several thousands dollars.

“This site we now inhabit is costing money: Money that a few individuals put up to ensure the survival of this Community. This is still not the Kat we all remember but on a daily basis it is getting closer,” Johnno23 says.

Katcr.to fundraiser


The big question is whether this means that the torrent download and upload functionality will be returned to its former glory. For the time being, this appears to be one of the long-term goals.

To find out more TorrentFreak spoke with Mr.Gooner aka the President, a long time KAT-crew member and one of the top admins at the original site.

Mr. Gooner explains that many of the original site staffers have returned to the community, but that funds are needed to develop and maintain it during the months to come.

While the initial focus will be on the community element, torrents are expected to return as well in the future.

“At this stage, it very much depends on pending legal action and rulings in regards to the legality of torrents in the US. However the community can be reassured that in one way or another, KAT will return to its former glory,” Mr. Gooner says.

That said, fully restoring the old site with the original database is not an option at this moment.

The site administrators and crew, all regular users at one point, were clearly separated from the people who technically and financially ran the site. This means that the people in charge of Katcr.to don’t have access to the original code and data.

“It is our understanding that the databases have been secured in such a way that the information inside would become useless if an unauthorised attempt was made to access them,” Mr. Gooner says.

So, if torrent sharing is added to the current community site, it has to be coded by new people. This will take time and money, obviously, and the current crew is not certain if that will happen anytime soon.

Fundraisers are always welcomed with a healthy dose of scepticism, which is no different this time around.

From the information we have gathered so far, it’s safe to say that people shouldn’t expect the original KAT functionality to be restored fully in the near future.

In that regard, Mr. Gooner and others still encourage people to continue uploading in the meantime, even when that’s on other torrent sites.

“Run those seedboxes and torrent clients 24/7 where possible. Just because uploading stopped at KAT we are all still pirates and we will always encourage uploading,” he says.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Russia Plans Social Media Piracy Crackdown

Post Syndicated from Andy original https://torrentfreak.com/russia-plans-social-media-piracy-crackdown-160810/

peopleDespite a reputation for not doing enough to thwart online piracy, Russian authorities have become unusually keen to make amends in recent years.

Site-blocking, for example, is now a common occurrence, with sites that infringe multiple times now being subjected to a permanent lifetime injunction, actioned by local ISPs.

But while users continue to flock to torrent sites and streaming portals, copyright holders and local authorities are concerned that social networking platforms are a potentially more serious threat.

In many cases, users are allowed to upload content at will, thereby creating huge libraries of infringing material, a serious headache for copyright holders.

To tackle this problem, authorities and entertainment industry groups are now in the process of drafting fresh legislation aimed at those social media platforms that allow users to upload content.

According to Izvestia, the Ministry of Culture and groups including the National Federation of the Music Industry (NFMI) and the Association of Producers of Cinema and Television (APKIT), believe that a change in the law will make it harder for social platforms to evade liability.

Under Article 1253.1 of the Civil Code, social media sites are considered “information brokers”, meaning that sites like vKontakte (Russia’s Facebook) can avoid being held liable for infringing content uploaded by their users.

Rightsholders would like that legislation to be removed or rewritten in a way that would provide them with more useful options to enforce their intellectual property rights.

Also under consideration are changes to the law that would further punish sites that have already been ordered to be blocked by the Moscow City Court. Currently, local ISPs currently put Internet blockades in place but rightsholders foresee a situation where the finances of infringing sites are put under pressure too.

On the table are proposals to ban those sites from carrying advertising. In the West, advertisers are working on voluntary schemes that aim to keep their funding away from ‘pirate’ sites but it appears that Russia is considering enshrining those principles into law.

Additionally, rightsholders are asking for sites that run on a subscription basis to be forbidden from accepting payments from their users. Again, voluntary agreements with companies such as Visa, MasterCard and PayPal are already in place in the United States and Europe, but legislation could compel Russian companies to comply.

Also continuing its path through the system is another bill designed to tackle the rise of so-called mirrors, sites that crop up after a site is blocked in order to facilitate access to the same content.

The draft bill, which also proposes an obligation to have search engines strip content from results and measures to tackle VPNs and proxies, has already been sent to the Ministry of Communications.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

UK Government Expands Crackdown on Online Piracy

Post Syndicated from Andy original https://torrentfreak.com/uk-government-expands-crackdown-on-online-piracy-160510/

In various publications and reports in recent months, the UK has been described as a world leader in intellectual property enforcement. Indeed, news of various operations and dozens of arrests carried out by the Police Intellectual Property Crime Unit (PIPCU) have regularly appeared in the media.

This morning the UK Government has announced that it intends to build on this reputation with the publication of a new strategy titled Protecting Creativity, Supporting Innovation: IP Enforcement 2020.

The document outlines a four-year strategy which aims to provide an environment in which UK rightsholders have access to “proportionate and effective mechanisms to resolve disputes and tackle IP infringement” both at home and overseas.

The strategy has six key points, with reducing the level of illegal online content placed at the top of the list and strengthening the law closely after. The government also wants to increase its educational programs with the aim of building respect for intellectual property.

A significant emphasis on dealing with online infringement sees the government focus on a number of key areas, from those sharing files online to the sites facilitating infringement. Search engines also come under the spotlight.

Interestingly, the main points are all framed at helping the consumer to both recognize and then avoid copyright infringing websites.

Notice and takedown, notice and trackdown

Given the Copyright Office DMCA review currently underway in the United States, it’s no surprise to find a review of notice and takedown procedures heading the list in the UK. The government says that it wants to “improve and streamline the process” while considering the scope for introducing a Code of Practice for intermediaries.

More controversially, the four-year strategy also includes the possibility of introducing a system of “notice and trackdown” which would enable rightsholders to not only send notices but also take action directly against identified infringers.

Safe harbor (or platform liability as its referred to in the report) will come under the spotlight as well, with the government seeking clarification from the EU on current rules.

Dealing with pirating Internet users

On top of the “notice and trackdown” elements detailed above (presumably for the minority who post infringing links on websites etc), the report envisions effort being placed on encouraging consumers to buy from legitimate sources. Mainly, this will be achieved through the long-delayed warning notice system under development at ISPs.

“This government will also build on progress made under our voluntary anti-piracy projects to warn internet users when they are breaching copyright and work to ensure that search engines do not link to the worst-offending sites. This is in recognition of the fact that the clear majority of consumers want to do the right thing, to abide by the law and support our creative industries,” says Minister for Intellectual Property Baroness Neville-Rolfe.

“Helping those consumers to understand what is, and is not, allowed online, and helping guide them to legal content when they search, will help ensure that the vast appetite that exists for new and creative content benefits the legitimate creators, and not those criminals who cynically exploit the hard work of others.”

To help users make the right choice, the government is promising to give more support to industry initiatives such as FindanyFilm.com and the GetitRight campaign while encouraging education campaigns focused on children and students.

“We will work with intermediaries, rights holders and trade bodies to highlight all the UK’s legal sources of content,” the government says.

Targeting pirate sites, services, and their operators

In addition to honing the existing Infringing Website List (IWL), emphasis will be placed on depriving sites of their income via the “Follow the Money” approach and reducing the numbers of visitors they currently enjoy.

“We will continue to work with brand advertisers, advertising intermediaries and
law enforcement partners to highlight the value of the IWL and will support groups
such as the Digital Trading Standards group (DTSG) in promoting their UK good
practice principles,” the report notes.

Existing efforts to deprive sites of the ability to process funds will be maintained, with the government promising to seek commitments from payment processors such as PayPal, MasterCard and VISA to make it more easy for service to be declined following complaints from law enforcement.

Of course, no “pirate site” strategy would be complete without the inclusion of a blocking regime and as expected the UK government leaves no stone unturned.

“This government has also pledged to protect intellectual property by continuing to require internet service providers to block sites that carry large amounts of illegal content, including their proxies,” Baroness Neville-Rolfe explains.

“The UK has a good track record in the development of injunctive relief for online infringement, but this is something that must be preserved, and even enhanced to cope with the sheer numbers of infringing websites that spring up every month, and the new business models they employ.”

The government further sees an opportunity to make the blocking process easier to access for smaller businesses.

“We will continue our work to support businesses of any size to navigate and utilize the civil court system by improving the guidance that is currently available, including guidance on the minimum levels of evidence required for website blocking orders, and by ensuring that court judgments and cases are published on a regular and consistent basis,” the report reads.

The UK also sees potential for cooperation with the EU on injunctions, more on that in a moment.

Interestingly, it appears that ‘pirate’ set-top streaming boxes have rightsholders and by extension the government pretty rattled. They get a special mention in the report with the government noting that a greater understanding of the challenges they present is required. Furthermore, the report says that the government will consider what kind of new legislation might be needed to tackle them.

Search engines and social media

According to the report, the government will work with search engines and social media platforms to reduce the availability of infringing content. This will include a review of their current “notice and takedown” procedures and see the government considering the options for rightsholders to challenge infringers under “notice and trackdown” as detailed above.

The review process will also determine whether Codes of Practice are required for platforms including Google, Facebook and Twitter.

Overseas cooperation

While there are issues locally, the government sees the piracy problem as one to be solved cooperatively on an international basis. To this end there will be requests to partners overseas to carry out “domain and hosting enforcement action” when UK interests are at stake.

“This will include exploring with European colleagues the options for mutual recognition of the evidence required for injunctions and court orders in various member states,” the report reads.

This item is of particular interest since around 1,000 ‘pirate’ sites are already blocked by injunction in the UK. Streamlining the process EU-wide would be a major bonus for rightsholders.

The UK Government’s four-year IP enforcement strategy can be found here (pdf)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Portugal Blocks 330 Pirate Sites in Just Six Months

Post Syndicated from Andy original https://torrentfreak.com/portugal-blocks-330-pirate-sites-in-just-six-months-160430/

One of copyright holders’ most-favored anti-piracy mechanisms in place today involves site-blocking. Censoring sites at the ISP level is effective, rightsholders insist, not to mention cheaper than direct legal action against pirate sites.

In most countries where site-blocking is already in place, authorities have previously determined that the legal system must be involved. In the UK, for example, existing legislation was deemed to offer rightsholders the tools they need. Australia, on the other hand, decided to introduce legal amendments to keep things on the straight and narrow.

Portugal decided to take a different approach, one that simply involved an agreement between rightsholders, ISPs and the government. Now, if a site is considered to be illegal by these parties, it can be blocked without stepping into a courtroom.

For copyright holders it’s the Holy Grail and they’re taking full advantage of the new system. This week during a conference in the capital, Lisbon, the Portuguese Association for the Protection of Audiovisual Works revealed the extent of the program and it’s as critics feared.

Executive Director Antonio Paulo Santos reported that Portugal is now blocking a vast range of file-sharing and related sites, offering movies, TV, shows and music to streaming sports and books. In total more than 330 sites are now being blocked by local Internet service providers.

The rate of blocking is unprecedented. In October 2015 more than 50 sites were blocked by ISPs, including KickassTorrents, ExtraTorrent, Isohunt and RARBG. The following month another 40 were added, including BitSnoop, YourBitorrent, SeedPeer, Torlock and Torrentfunk.

Since then another 240 sites have been quietly added to the list. This rapid growth means that along with the United Kingdom and Italy, Portugal is already a world leader in pirate site blockades. All this has been achieved without ever going near a court room.

It is this kind of voluntary agreement that Hollywood and the major record labels are pushing for internationally, whether they’re with Internet service providers, domain registries or companies such as PayPal, Visa and Mastercard. The process in Portugal ticks all the right boxes for the entertainment companies so expect it to be championed elsewhere.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Kim Dotcom Warns Mega Users to Backup Their Files

Post Syndicated from Andy original http://feedproxy.google.com/~r/Torrentfreak/~3/X3Fpj-PkE74/

In 2012, a combined effort by the United States and New Zealand governments brought Kim Dotcom’s Megaupload empire to its knees. Coordinated raids in multiple locations carried out by heavily armed officers ensured that a clear message was sent to copyright infringers.

But despite the overwhelming show of force, Dotcom refused to lie down and just a year later he launched a brand new file-hosting service. Known simply as ‘Mega’, the platform launched to great fanfare in 2013.

Mega quickly became a force to be reckoned with in the hosting market, with Dotcom promoting the platform at every turn. Nevertheless, controversy was never far away.

In September 2014, Mega was branded a “piracy haven” in a Digital Citizens Alliance report into the activities of “shadowy cyberlockers.”

As a direct consequence and under pressure from the U.S. government, in early 2015 PayPal stopped processing payments for Mega. There can be little doubt that hurt the site.

But behind the scenes other matters were becoming a distraction. In May 2015, Mega’s bid for a stock listing fell through and just two months later Dotcom’s earlier praise for the company turned sour.

“Mega has experienced a hostile takeover and is no longer in the control of people who care about Internet Freedom. The New Zealand Government and Hollywood have seized a significant share of the company,” Dotcom told TorrentFreak.

“The combined shares seized by the NZ government and Hollywood were significant enough to stop our listing on the New Zealand stock exchange.”

Dotcom had already resigned as a director of Mega in September 2013 but now he was publicly warning people against using the site.

Today Dotcom repeated those calls, warning users of Mega over what he sees as the precarious position of the company.

“Mega had to survive without a credit card payment processor for almost 2 years now. The air is getting thin. Backup your Mega files,” he told users via Twitter.

But while a lack of payment processing options certainly won’t be helping Mega, Dotcom sees more danger in the reported controller of Mega, Chinese national and New Zealand citizen Bill Liu.

Back in 2009, Liu made headlines when it was revealed that despite being wanted for fraud in China, he was granted citizenship in New Zealand. Now it’s been revealed by kiwi Prime Minister John Key that Liu is ranked number five on China’s “Top 100” extradition list.

“I haven’t seen the list, but there is a list,” Key said.

“They’ve also put out a list worldwide of the Top 100. Bill Liu is number five on it,” he said of the Chinese government.

New Zealand police have already seized millions of dollars of assets that are believed to belong to Liu, including some held in Mega, although Liu denies all wrong doing. Dotcom, however, remains unconvinced.

“The 5th most wanted criminal in China is in control of Mega and he wants to float the business in HK? Good luck,” he said this morning.

As these situations go, the short history of Mega is utterly unique. Never before has a platform in the file-sharing space had two entrepreneurs each worth millions of dollars being pursued for extradition by two of the world’s most powerful governments for entirely different reasons.

It’s currently very late evening in New Zealand so we’re not expecting an immediate response from Mega to our requests for comment. We’ll add them here as soon as they arrive.

Update: Statement from Mega chairman Stephen Hall

“Mega has significant funding and strong support from shareholders so its financial position is certainly not precarious. Dotcom’s comment is factually incorrect and the motive is unknown,” Hall informs TF.

“Mega continues to experience strong growth which illustrates the global appreciation of the quality of its services. Mr Liu has a shareholding interest but has no management or board position so he certainly doesn’t control Mega.”

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

MPA: We’ve Reached a Turning Point on Piracy

Post Syndicated from Andy original http://feedproxy.google.com/~r/Torrentfreak/~3/8GNVhbvQArs/

mpaAfter many years of litigation aimed at forcing the world’s largest pirate sites to their knees, the situation on the ground hasn’t changed very much for Hollywood.

Despite having many important legal wins under their belts, almost every single movie is available for immediate download within a few mouse clicks. In fact in some respects the position today is much worse than it was five or even ten years ago.

But while the sites themselves continue largely as before, progress is being made with other players in the Internet ecosystem, a fact recognized by MPA Europe president Stan McCoy as he addressed colleagues in France last week.

“Protecting creativity takes commitment from a whole ecosystem of people and organizations, from theater owners and operators, to technology companies and online service providers, to retailers both large and small, to Internet intermediaries, to law enforcement authorities,” he said.

While relationships with Hollywood are somewhat fragile, Google has indeed made many gestures towards the entertainment industries by helping to make copyright-infringing content harder to find. Payment processors are also doing their part, with Visa, MasterCard and PayPal all trying to stop pirate operations from using their services.

Nevertheless, the overarching message is that Google can always do more and indeed isn’t doing enough. One only has to look at the war of words taking place over the recent Copyright Office DMCA submission process to see that the battle is far from over and more blood is yet to be spilled.

But McCoy appears optimistic and notes that those engaged indirectly in the piracy ecosystem are beginning to come round to Hollywood’s way of thinking that they must together share responsibility to solve the problem.

“I put it to the audience that we may have come to a turning point in our fight against piracy, a point where intermediaries begin to understand that the creative industry does not seek to shy away from its duties and responsibilities – and it really has not – but that instead all players in the ecosystem, which of course includes not only access providers, but also search engines and payment processors amongst others – have a role to play,” said.

If that is the case then Hollywood has probably come a long way. It certainly isn’t going to solve this problem on its own and having powerful allies on board will certainly help its cause. The emphasis these days is indeed on voluntary cooperation such as warning notices schemes but it’s unclear how much further ISPs are prepared to go and whether the notices even have much effect.

But of course one shouldn’t forget the consumers so it’s no surprise that McCoy had something to say about the European Union Intellectual Property Office (EUIPO) study published last week which found that 38% of young people see nothing morally wrong in piracy.

“What is more staggering is that nearly one in four believed that they were doing nothing wrong in accessing digital content from illegal sources for personal use,” McCoy said.

“Clearly it is important that young people understand that making a film, writing a book or recording a song, the amount of time, effort and investment is more than a passion – it is also someone’s livelihood. Let’s remember that 7 million people work in the creative industry in Europe.”

But what that very same survey also found is that the number one reason (58%) for young people to stop using illegal sources would be the availability of affordable content from legal sources. The MPAA is campaigning heavily at the moment claiming it is doing just that, but there are also clear signs that the EU’s plans to outlaw geo-blocking and open up content EU-wide aren’t sitting well with the studios.

In a posting to his LinkedIn page, McCoy likens Europeans’ distrust of genetically modified food to the EU’s plan to tweak copyright law.

“Many Europeans are skeptical of genetic modification when it comes to foods. Should they also be skeptical of genetic modification of … copyright laws?” he asks.

“With its efforts to institute the Digital Single Market and the recent Proposal for a Regulation on Portability, the European Commission seems intent on tinkering with the DNA of the current copyright law. This could have uncertain results for the 7 million people in Europe’s core creative industries, whose livelihoods depend on the copyright system.”

Pointing to a study financed by the EU Commission itself, McCoy suggests there is no need to outlaw geo-blocking, since all but 10% of people are available to find everything they want online.

“The European Commission should rigorously apply its own better regulation guidelines to all copyright proposals, including ensuring that they are backed by strong evidence,” he adds.

“In cases where the evidence isn’t there, then maybe we should stay away from genetically modified rights … and stick with organic.”

Needless to say, not everyone agrees with his stance.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Encrypt all the things!

Post Syndicated from Mark Henderson original http://blog.serverfault.com/2016/02/09/encrypt-all-the-things/

Let’s talk about encryption. Specifically, HTTPS encryption. If you’ve been following any of the U.S. election debates, encryption is a topic that the politicians want to talk about – but not in the way that most of us would like. And it’s not just exclusive to the U.S. – the U.K. is proposing banning encrypted services, Australia is similar. If you’re really into it, you can get information about most countries cryptography laws.

But one thing is very clear – if your traffic is not encrypted, it’s almost certainly being watched and monitored by someone in a government somewhere – this is the well publicised reason behind governments opposing widespread encryption. The NSA’s PRISM program is the most well known, which is also contributed to by the British and Australian intelligence agencies.

Which is why when the EFF announced their Let’s Encrypt project (in conjunction with Mozilla, Cisco, Akamai and others), we thought it sounded like a great idea.

The premise is simple:

Provide free encryption certificates
Make renewing certificates and installing them on your systems easy
Keep the certificates secure by installing them properly and issuing them best practices
Be transparent. Issued and revoked certificates are publically auditable
Be open. Make a platform and a standard that anyone can use and build on.
Benefit the internet through cooperation – don’t let one body control access to the service

Let’s Encrypt explain this elegantly themselves:

The objective of Let’s Encrypt and the ACME protocol is to make it possible to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention.

The process goes a bit like this:

Get your web server up and running, as per normal, on HTTP.
Install the appropriate Let’s Encrypt tool for your platform. Currently there is ACME protocol support for:

Apache (Let’s Encrypt)
Nginx (Let’s Encrypt — experimental)
HAProxy (janeczku)

Run the tool. It will generate a Certificate Signing Request for your domain, submit it to Let’s Encrypt, and then give you options for validating the ownership of your domain. The easiest method of validating ownership is one that the tool can do automatically, which is creating a file with a pre-determined, random file name, that the Let’s Encrypt server can then validate
The tool then receives the valid certificate from the Let’s Encrypt Certificate Authority and installs it onto your systems, and configures your web server to use the certificate
You need to renew the certificate in fewer than 90 days – so you then need to set up a scheduled task (cron job for Linux, scheduled task for Windows) to execute the renewal command for your platform (see your tool’s documentation for this).

And that’s it. No copy/pasting your CSR into poorly built web interfaces, or waiting for the email to confirm the certificate to come through, or hand-building PEM files with certificate chains. No faxing documents to numbers in foreign countries. No panicking at the last minute because you forgot to renew your certificate. Free, unencumbered, automatically renewed, SSL certificates for life.

Who Let’s Encrypt is for

People running their own web servers.

You could be small businesses running Windows SBS server
You could be a startup offering a Software as a Service platform
You could be a local hackerspace running a forum
You could be a highschool student with a website about making clocks

People with a registered, publically accessible domain name

Let’s Encrypt requires some form of domain name validation, whether it be a file it can probe over HTTP to verify your ownership of the domain name, or creating a DNS record it can verify
Certificate Authorities no longer issue certificates for “made-up” internal domain names or reserved IP addresses

Who Let’s Encrypt is not for

Anyone on shared web hosting

Let’s Encrypt requires the input of the server operator. If you are not running your own web server, then this isn’t for you.

Anyone who wants to keep the existence of their certificates a secret

Every certificate issued by Let’s Encrypt is publically auditable, which means that if you don’t want anyone to know that you have a server on a given domain, then don’t use Let’s Encrypt
If you have sensitive server names (such as finance.corp.example.com), even though it’s firewalled, you might not want to use Let’s Encrypt

Anyone who needs a wildcard certificate

Let’s Encrypt does not issue wildcard certificates. They don’t need to – they offer unlimited certificates, and you can even specify multiple Subject Alternative Names on your certificate signing request
However, you may still need a wildcard if:

You have a lot of domains and can’t use SNI (I’m looking at you, Android 2.x, of which there is still a non-trivial number of users)
You have systems that require a wildcard certificate (some unified communications systems do this)

Anyone who needs a long-lived certificate

Let’s Encrypt certificates are only valid for 90 days, and must be renewed prior to then. If you need a long-lived certificate, then Let’s Encrypt is not for you

Anyone who wants Extended Validation

Let’s Encrypt only validates that you have control over a given domain. It does not validate your identity or business or anything of that nature. As such you cannot get the green security bar that displays in the browser for places like banks or PayPal.

Anyone who needs their certificate to be trusted by really old things

If you have devices from 1997 that only trust 1997’s list of CA’s, then you’re going to have a bad time
However, this is likely the least of your troubles
Let’s Encrypt is trusted by:

Android version 2.3.6 and above, released 2011-09-02
FireFox version 2.0 and above, released 2006-10-24
Internet Explorer on Windows Vista or above (For Windows XP, see this issue), released 2007-01-30
Google Chrome on Windows Vista or above (For Windows XP, see this issue), released 2008-08-02
Safari on OSX v4.0 or above (Mac OSX 10.4 or newer), released 2005-04-29
Safari on iOS v3.1 or above, released 2010-02-02

However, these are mostly edge cases, and if you’re reading this blog post, then you will know if they apply to you or not.

So let’s get out there and encrypt!

The elephant in the room

“But hang on!”, I hear the eagle-eyed reader say. “Stack Overflow is not using SSL/TLS!” you say. And you would be partly correct.

We do offer SSL on all our main sites. Go ahead, try it:


However, we have some slightly more complicated issues at hand. For details about our issues, see the great blog post by Nick Craver. It’s from 2013 and we have fixed many of the issues that we were facing back then, but there is still some way to go.

However, all our signup and login pages however are delivered over HTTPS, and you can switch to HTTPS manually if you would prefer – for most sites.

Let’s get started

So how do you get started? If you have a debian-based Apache server, then grab the Let’s Encrypt tool and go!

If you’re on a different platform, then check the list of pre-build clients above, or take a look at a recent comparison of the most common *nix scripts.


Addendum: Michael Hampton pointed out to me that Fedora ships with the Let’s Encrypt package as a part of their distribution and is also in EPEL if you’re on RedHat, CentOS or another distribution that can make use of EPEL packages.

Фонд ЗДОИ, справката в ГРАО, Търговския регистър и Kiva

Post Syndicated from Боян Юруков original http://feedproxy.google.com/~r/yurukov-blog/~3/dEwcoG1tkzw/

Това е една много закъсняла статия. Миналия август изпратих запитване до ГРАО за това колко български граждани са родени в чужбина за последните 10 години по държави. Отговориха ми, че тази справка се заплаща по установена тарифа и ще струва 108 лв. Съвсем нормално е да има такса, но нямам отделен бюджет за такива неща. Писах в Twitter, че справката би била наистина интересна и е жалко, че няма да я видим.
Веднага ме питаха за сметка/Paypal и в рамките на час-два сумата беше събрана. След 24 часа събраните пари вече бяха 250 лв. заедно с моя принос. Платих на ГРАО и три дни по-късно публикувах оригиналната справка. Разпитах дарителите какво да правим с остатъка и общото мнение беше да останат при мен за бъдещи такива справки. Направих таблица, за да се следят нещата. Нарекохме го „Фонд ЗДОИ“.
От тогава насам се случиха няколко интересни неща. Първо пуснах две статии с извадки от данните – за българите в Германия и идея как механично да се увеличи статистиката за родените българи. На няколко пъти се опитах да направя карта на света показваща родените по държави, но не ми остана време да я завърша. Основният проблем беше, че срещах трудности с CartoDB, но най-вече, че доста от имената на държавите не бяха стандартни. Навярно някой друг би могъл да направи такава карта. (Допълнение: пуснах карта)

Забелязах обаче неточности в справката на ГРАО. Включваха данни за деца родени в Чехословакия и „Сърбия и Черна гора“ доста след като такива държави са спрели да съществуват. Имаше грешки за поне 100-тина деца. Първата ми идея беше, че може би справката не е по година на раждане, а по дата на регистрация в общината. Т.е. някое дете е родено в Чехословакия през 1990, но е регистрирано като български гражданин едва през 2006-та. Попитах ГРАО и се оказа, че не е така – в ЕСРАГОН наистина е имало грешки. Месец по-късно получих благодарствен мейл, че съм отбелязал тези несъответствия. Изглежда служителите в общините са избирали грешно страните във формуляра. Последвалата проверка е поправила мястото на раждане в актовете на всички такива деца. Изпратиха ми обновена справка. Двете справки ще намерите в по-удобен вид тук.
Този случай е добър пример защо данните трябва да са отворени и публични. Ако не бях седнал да се занимавам, ако хора не бяха дарили за каузата и не бяхме разгледали данните, нямаше да разберем, че доста деца са със сгрешени актове за раждане. Това можеше да е сериозен проблем по-нататък в живота им. Замислете се какви други грешки има в базите данни на администрацията, които могат да се хванат по същия начин. Какъв ефект може да има от тези грешки?
Цялата комуникация с ГРАО беше по мейл – заявката, бележката за превода, получаването на справка и дискусията след това. Затова бях учуден, когато получих писмо по пощата. Snailmail. Всъщност не е толкова странно – за почти всички запитвания по ЗДОИ съм получавал писма, защото „такава била процедурата“. Това трябва да ви говори колко напред сме с електронния документооборот. Интересното в писмото беше, че съдържаше договор, който се предполагаше, че трябва да подпиша, за да ми дадат справката. Получих го доста след като платих и взех данните, така че не съм подписвал и връщал нищо на ГРАО. Притеснителното в договора беше една клауза, че нямам право да споделям информацията получена по тази заявка. Това беше странно, още повече, че я бях споделил седмици по-рано.
Следващата идея за „фонда“ е да се плати таксата за цялата база данни на Търговския регистър. Както писах преди, промените на новия кабинет свалиха значително таксата. Агенцията по вписванията обаче продължава да упорства държейки базата данни като бащиния. В началото на януари са направили промени в стандартния договор, които силно ограничават отвореността на данните и усложняват получаването им. Когато тези проблеми бъдат изчистени, ще платя таксата и ще получим една от най-важните бази данни в държава ни. Доколкото знам, Министерски съвет работи в тази насока.
Междувременно, в края на миналата година реших, че няма смисъл парите да седят просто така и ги обърнах в Kiva кредит. Kiva e система за микрокредитиране, чрез която може да заемете 25 долара или повече на хора по цял свят. Няма лихви или такси по преводите. Парите се връщат в 98.79% то случаите. Рискът идва от природни бедствия, болести или икономически катастрофи. Ползата от тези микрокредити е, че не са дарения – тоест получателите трябва да предоставят план за връщане и имат стимул да подобряват бизнеса или средата си. Когато трябва да платим за справка, ще възстановя от Kiva и ще покрия евентуални загуби. Просто мисля, че има много повече смисъл парите да помагат за пречиствателна станция в училище в Уганда, където отиде последният заем, отколкото да стоят в Paypal.

Lapni.bg – лапни го ти

Post Syndicated from Илия Горанов original http://9ini.babailiica.com/lapni-bg-2/

Човек и добре да живее, все някой ден се сблъсква с on-line търговията.
Горното може да обобщи най-кратко и ясно тъжната картинка на българската on-line търговия, ако изобщо може да се нарече on-line и ако изобщо може да се нарече търговия. Историята започва с това, че решавам, да си закупя ваучер за нещо (тук се абстрахираме за какво точно, защото няма връзка с историята) от някой сайт… например от Lapni.bg. Всичко е прекрасно, избрал съм офертата и съм готов да пазарувам:
1. Проверявам как може да се плати. Разбира се – информация на сайта няма, той се състои от купчина оферти. А може и да има, ама е скрита някъде на тайно място. Обаче виждам на началната страница, че има големи лога на различни платежни инструменти. И сред тях се мъдри логото на PayPal – явно приемат плащания и с PayPal. Супер – продължаваме.
Явно приемат PayPal
2. Откривам с изненада, че имам регистрация в сайта, естествено не си помня паролата… кликвам, че е забравена и след известна стандартна процедура получавам нова парола. Дотук всичко ОК. Решавам да си сменя новогенерираната парола с нещо, което се надявам, че ще запомня по-лесно и започва едно търсене… Оказва се, 10 минути по-късно, че паролата се сменя от менюто “Моите ваучери”. Супер, как не се сетих по-рано, а? Добре, в “Моите ваучери” има подменю “Настройки”… А там – има смяна на парола… и паролата се въвежда в? Не познахте – не в поле за парола, а в обикновено текстово поле. Признавам – много е удобно – виждаш си паролата!
3. Дотук – бели кахъри. Смених си паролата и се отправих към тайната страница за поръчване на оферта. И какво имам там – голям бутон “Направи подарък”… ОК, няма да се правя на ударен, сетих се, че се поръчва с големия червен плюс, ама не беше чак толкова очевидно.
Червения плюс
Кликваш на червения плюс и след няколко екрана за приключване на поръчката се озоваваш при един бутон “Плати сега”. Кликваш го и се зарежда следната форма:
Формата за плащане
Не знам, дали на вас ви прави впечатление, но на мен ми прави впечатление, че в изброените опции за плащане няма PayPal – доста разочароващо. След известен размисъл решавам, че ще избера опцията “Кредитна / Дебитна карта – Плащане директно с Вашата кредитна/дебитна карта”. Въпреки, че по-принцип съм доста мнителен, да не кажа параноичен по отношение на всевъзможни платежни системи със съмнително качество, произход и функционалност. Продължаваме нанатък и – изненада! Попадаме на някакъв зловещ сайт на БОРИКА, който изглежда приблизително така:
Да започнем с това, че логото на търговеца не се зарежда… в едни браузъри се изписва мъдрият надпис “Merchant Logo”, в други стои дупка с очертание. Първото ми подозрение беше, че логото не е по https и затова не се зарежда, при по-обстойната проверка установих, че просто не работи – сървърът просто връща празен отговор, на всичкото отгоре с header Content-Typе: text/plain. Е не че нещо ме учудва – това е БОРИКА все пак.
След това – отдолу се мъдри следната забележка: “Ако Вашата карта поддържа 3D автентификация, може да се наложи да се идентифицирате след натискане на бутона “Плащане”.” И понеже моята карта не е беше с 3D автентикация, продължих най-спокойно нататък. Излезе съобщение, че всъщност моята карта поддържа 3D сигурност и въпреки, че аз съм отказал в банката да използвам тази опция – ако желая да платя през системата на БОРИКА, ще се наложи да се съглася да използвам въпросната 3D сигурност. Но затова по-късно…
4. Попълних всички полета и кликнах заветния бутон “Плащане”. Замърдаха някакви progress bar-ове… и “Системата каза не” – изписа ми, че е възникнала грешка… някаква грешка, никой не знае каква точно, да опитам отново по-късно. Обаче не става ясно, минало ли е плащане или не? Голяма работа – опитайте пак, ако платите два пъти – здраве да е.
Тук правя неочаквано отклонение, което не беше планирано в целия процес на on-line търговията. Вадя си електрическия подпис, пускам другия лаптоп, защото там е инсталирано всичок за него… и влизам в on-line банкерането на банката, която е издала картата, за да проверя, дали имам някакви картови авторизации през последния час. Барем, ако е минало плащане – да ходя да се разправям с някого. Да де, ама не е минало, сакън.
5. Понеже на сайта на БОРИКА има голям надпис, да не се използва BACK бутон или REFRESH (това е от грамотност на програмистите, от опит го знам) – решавам, да се върна ръчно на Lapni.bg и да опитам втори път да платя. Връщам се, обаче там няма опция да направиш плащане за поръчка, която първия път не е била платена по някаква причина. Добре – ще пуснем нова поръчка… Техниката вече е отработена – цък, цък, цък… готово, вече сме на сайта на БОРИКА… попълвам пак данните, “Плащане”… progress bar… ура – няма грешка… излиза надпис, че тази карта поддържа 3D сигурност и трябва да посоча някаква парола, която аз естествено нямам, понеже нямам 3D сигурност. След четене на някакъв help, който между другото е настроен да се отваря по подразбиране, като натиснеш Enter в някое поле на формата става ясно, че въпреки, че аз не ползвам 3D сигурност, ако искам да платя през тази система, ще трябва да си регистрирам картата за 3D сигурност в банката, която я е издала…
Следва една друга част, която може да разкажа някой друг път… но да речем, че след около 20 – 30 минути вече имам 3D сигурност на картата и си знам въпросната парола… Естествено – сесията в БОРИКА вече е изтекла и всичок започва отначало.
Тук трябав да отбележим, че бройт на ваучерите в Lapni.bg е ограничен и това изрично е посочено в офертата. Прави ми впечатление, че всеки път, като поръчам ваучер и не успея да го платя – бройката на “продадените” се увеличава. И ако си мислите, че причината е, че някой друг също си купува в момента – аз не мисля така, защото действието се развива в малките часове на нощта и просто по-вероятният сценарий е, системата да е малоумна.
6. Минавам през целия сценарий, пускам нова поръчка, вече знам всички подводни камъни, стигам до плащането на БОРИКА, няма грешка и няма да трябва да опитам пак по-късно… пита ме за тайната парола за 3D сигурност… въвеждам я (буквално преди минути съм я получил от банката)… и “Системата каза не” – паролата била грешна. Въвеждам я втори път… “Системата каза не“… трети път, много внимателно, въвеждам я извън полето за парола, за да виждам точно какво се изписва (тук иронично си припомних, колко е удобна формата на Lapni.bg където за паролата не се използва поле за пароли), копирам 100% сигурно правилната парола, поставям я и “Системата каза не“… На третия опит вече ми каза, че съм лош хакер и не мога да платя и ме изхвърли… Егаси!
7. Върнах се до on-line банкерането, да проверя, да не би да съм въвел грешно паролата при регистрацията за 3D сигурност… въпреки, че имаше поле за повторно въвеждане на паролата, но уви – оказа се, че няма как да го проверя. Единствената опция е, да си сменя паролата срещу скромната сума от 10 стотинки. Теглих им една майна на всичките (за пореден път)… и реших, че преди да сменям паролата (въпросът е принципен, не в 10-те стотинки) ще се опитам още веднъж да мина по цялата пътечка отначало – докрай. Барем нещо стане най-накрая… Междувременно след всеки неуспешен опит ходя да проверя дали имам картова авторизация, щото вече на никого и на никоя система вяра нямам.
И така – започнах за пореден, не знам кой подрес път, да попълвам всички полета и поленца отначало… намерих офертата, поръчах я още веднъж, избрах метод на плащане, отидох на сайта на БОРИКА, въведох данните, попита ме за паролата за 3D сигурност… и О!Чудо – същата парола, която използвах преди малко и беше грешна, без да я сменям – сега вече не е грешна.
8. Надпис – успешно плащане, проверявам в банката – имаме успешна картова авторизация, пристига SMS за плащането, фамфари, конфети… радост, едночасова битка е на път да приключи с победа на човека над on-line търговията. Връщам се в Lapni.bg и там няма нищо… Когато използваш on-line инструменти за плащане и търговия очакваш, че нещата се случват в реално време – уви, оказва се, че се случвали до няколко минути… След няколко минути всичко се появи.
9. Междувременно други проблеми които възникнаха, но не са описани по-горе:
9.1. На сайта на Lapni.bg няма контактен телефон, на окйто да се обадиш, ако имаш проблеми като горе описаните.
9.2. На сайта на БОРИКА пише, да се свържа с администратора, но естествено също няма нито телефон, нито e-mail.
9.3. На Lapni.bg има едни тайни линкове, до които успях да се докопам чак на другия ден, защото някой титан на техническата мисъл е сложил JavaScript за infinite scroll и в момента в който скролнеш най-долу, да да видиш линковете във footer-а, динамично се зареждат още оферти и footer-а изчезва надолу… и така може да си го гониш до умопомрачаване.
9.4. Търсачката на Lapni.bg бърза да търси, докато пишеш… че пишеш разбира по това, че се натискат клавиши. Да обаче няма сложен timeout и колкото и бързо да пишеш – на всеки клавиш се опитва да презареди резултатите. В резултат на това става мазало. На всичкото отгоре – ако натискаш стрелките в полето за търсене (т.е. нищо не пишеш) – резултатите от търсенето отново се презареждат.
И така, някои биха заключили, че опитът ми за on-line търговия е бил успешен, защото всичко е добре, когато завършва добре. Аз обаче ще кажа – НЕ, ОПИТЪТ БЕШЕ НЕУСПЕШЕН, защото не вярвам, че енормално елементарна покупка от Интернет да отнеме в крайна сметка почти два астрономически часа! Това е дейност, която се очаква да бъде бърза, достъпна и лесна.
P.S. докато пишех този пост и правех screenshots в сайтовете на Lapni.bg и БОРИКА, ненадейно установих, че всъщност има опция за плащане с PayPal… просто я има в други оферти. От никъде и от нищо не става ясно, защо едни оферти могат да бъдат платени с PayPal, а други не. Може би цената е определяща, а може би нещо друго. Това обаче не се споменава в сайта… в “Често задавани въпроси” пише: “PayPal.com е международна система за електронни плащания. Поддържа всички видове кредитни карти, както и дебитни карти Visa Electron, които поддържат електронни плащания. За да платите от PayPal.com, трябва предварително да имате регистриран акаунт, както и добавена и потвърдена банкова карта. Ако нямате акаунт в PayPal.com, разгледайте останалите начини за плащане.“.

Using Perl PayPal API on Debian wheezy

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2013/10/07/paypal-perl.html

I recently upgraded
to Debian wheezy.
On, Debian squeeze, I
had no problem using the stock Perl module Business::PayPal::API
to import PayPal transactions for Software Freedom Conservancy, via the
Debian package libbusiness-paypal-api-perl.

After the wheezy upgrade, something goes wrong and it doesn’t work.
I reviewed
some similar complaints
, that seem to relate
to this
resolved bug
, but that wasn’t my problem, I don’t think.

I ran strace to dig around and see what was going on. The working
squeeeze install did this:

select(8, [3], [3], NULL, {0, 0}) = 1 (out [3], left {0, 0})
write(3, “SOMEDATA”…, 1365) = 1365
rt_sigprocmask(SIG_BLOCK, [ALRM], [], 8) = 0
rt_sigaction(SIGALRM, {SIG_DFL, [], 0}, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [ALRM], [], 8) = 0
rt_sigaction(SIGALRM, {0xxxxxx, [], 0}, {SIG_DFL, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
alarm(60) = 0
read(3, “SOMEDATA”, 5) = 5

But the same script on wheezy did this at the same point:

select(8, [3], [3], NULL, {0, 0}) = 1 (out [3], left {0, 0})
write(3, “SOMEDATA”…, 1373) = 1373
read(3, 0xxxxxxxx, 5) = -1 EAGAIN (Resource temporarily unavailable)
select(0, NULL, NULL, NULL, {0, 100000}) = 0 (Timeout)
read(3, 0xxxxxxxx, 5) = -1 EAGAIN (Resource temporarily unavailable)
select(0, NULL, NULL, NULL, {0, 100000}) = 0 (Timeout)
read(3, 0xxxxxxxx, 5) = -1 EAGAIN (Resource temporarily unavailable)
select(0, NULL, NULL, NULL, {0, 100000}) = 0 (Timeout)
read(3, 0xxxxxxxx, 5) = -1 EAGAIN (Resource temporarily unavailable)

I was pretty confused, and basically I still am, but then I
noticed this
in the documentation for Business::PayPal::API
regarding SOAP::Lite:

if you have already loaded Net::SSLeay (or IO::Socket::SSL), then Net::HTTPS
will prefer to use IO::Socket::SSL. I don’t know how to get SOAP::Lite to
work with IO::Socket::SSL (e.g., Crypt::SSLeay uses HTTPS_* environment
variables), so until then, you can use this hack:
local $IO::Socket::SSL::VERSION = undef;

That hack didn’t work, but I did confirm via strace that on
wheezy, IO::Socket::SSL was getting loaded instead
of Net::SSL. So, I did this, which was a complete and much worse

use Net::SSL;
use Net::SSLeay;
# Then:
use Business::PayPal::API qw(GetTransactionDetails TransactionSearch);

… And this incantation worked. This isn’t the right fix, but I
figured I should publish this, as this ate up three hours, and it’s worth
the 15 minutes to write this post, just in case someone else tries to use
Business::PayPal::API on wheezy.

I used to be a Perl expert once upon a time. This situation convinced me
that I’m not. In the old days, I would’ve actually figured out what was