Tag Archives: search engines

Netflix Expands Content Protection Team to Reduce Piracy

Post Syndicated from Ernesto original https://torrentfreak.com/netflix-expands-content-protection-team-to-reduce-piracy-171015/

There is little doubt that, in the United States and many other countries, Netflix has become the standard for watching movies on the Internet.

Despite the widespread availability, however, Netflix originals are widely pirated. Episodes from House of Cards, Narcos, and Orange is the New Black are downloaded and streamed millions of times through unauthorized platforms.

The streaming giant is obviously not happy with this situation and has ramped up its anti-piracy efforts in recent years. Since last year the company has sent out over a million takedown requests to Google alone and this volume continues to expand.

This growth coincides with an expansion of the company’s internal anti-piracy division. A new job posting shows that Netflix is expanding this team with a Copyright and Content Protection Coordinator. The ultimate goal is to reduce piracy to a fringe activity.

“The growing Global Copyright & Content Protection Group is looking to expand its team with the addition of a coordinator,” the job listing reads.

“He or she will be tasked with supporting the Netflix Global Copyright & Content Protection Group in its internal tactical take down efforts with the goal of reducing online piracy to a socially unacceptable fringe activity.”

Among other things, the new coordinator will evaluate new technological solutions to tackle piracy online.

More old-fashioned takedown efforts are also part of the job. This includes monitoring well-known content platforms, search engines and social network sites for pirated content.

“Day to day scanning of Facebook, YouTube, Twitter, Periscope, Google Search, Bing Search, VK, DailyMotion and all other platforms (including live platforms) used for piracy,” is listed as one of the main responsibilities.

Netflix’ Copyright and Content Protection Coordinator Job

The coordinator is further tasked with managing Facebook’s Rights Manager and YouTube’s Content-ID system, to prevent circumvention of these piracy filters. Experience with fingerprinting technologies and other anti-piracy tools will be helpful in this regard.

Netflix doesn’t do all the copyright enforcement on its own though. The company works together with other media giants in the recently launched “Alliance for Creativity and Entertainment” that is spearheaded by the MPAA.

In addition, the company also uses the takedown services of external anti-piracy outfits to target more traditional infringement sources, such as cyberlockers and piracy streaming sites. The coordinator has to keep an eye on these as well.

“Liaise with our vendors on manual takedown requests on linking sites and hosting sites and gathering data on pirate streaming sites, cyberlockers and usenet platforms.”

The above shows that Netflix is doing its best to prevent piracy from getting out of hand. It’s definitely taking the issue more seriously than a few years ago when the company didn’t have much original content.

The switch from being merely a distribution platform to becoming a major content producer and copyright holder has changed the stakes. Netflix hasn’t won the war on piracy, it’s just getting started.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Tech Giants Protest Looming US Pirate Site Blocking Order

Post Syndicated from Ernesto original https://torrentfreak.com/tech-giants-protest-looming-us-pirate-site-blocking-order-171013/

While domain seizures against pirate sites are relatively common in the United states, ISP and search engine blocking is not. This could change soon though.

In an ongoing case against Sci-Hub, regularly referred to as the “Pirate Bay of Science,” a magistrate judge in Virginia recently recommended a broad order which would require search engines and Internet providers to block the site.

The recommendation followed a request from the academic publisher American Chemical Society (ACS) that wants these third-party services to make the site in question inaccessible. While Sci-Hub has chosen not to defend itself, a group of tech giants has now stepped in to prevent the broad injunction from being issued.

This week the Computer & Communications Industry Association (CCIA), which includes members such as Cloudflare, Facebook, and Google, asked the court to limit the proposed measures. In an amicus curiae brief submitted to the Virginia District Court, they share their concerns.

“Here, Plaintiff is seeking—and the Magistrate Judge has recommended—a permanent injunction that would sweep in various Neutral Service Providers, despite their having violated no laws and having no connection to this case,” CCIA writes.

According to the tech companies, neutral service providers are not “in active concert or participation” with the defendant, and should, therefore, be excluded from the proposed order.

While search engines may index Sci-Hub and ISPs pass on packets from this site, they can’t be seen as “confederates” that are working together with them to violate the law, CCIA stresses.

“Plaintiff has failed to make a showing that any such provider had a contract with these Defendants or any direct contact with their activities—much less that all of the providers who would be swept up by the proposed injunction had such a connection.”

Even if one of the third party services could be found liable the matter should be resolved under the DMCA, which expressly prohibits such broad injunctions, the CCIA claims.

“The DMCA thus puts bedrock limits on the injunctions that can be imposed on qualifying providers if they are named as defendants and are held liable as infringers. Plaintiff here ignores that.

“What ACS seeks, in the posture of a permanent injunction against nonparties, goes beyond what Congress was willing to permit, even against service providers against whom an actual judgment of infringement has been entered.That request must be rejected.”

The tech companies hope the court will realize that the injunction recommended by the magistrate judge will set a dangerous precedent, which goes beyond what the law is intended for, so will impose limits in response to their concerns.

It will be interesting to see whether any copyright holder groups will also chime in, to argue the opposite.

CCIA’s full amicus curiae brief is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

SOPA Ghosts Hinder U.S. Pirate Site Blocking Efforts

Post Syndicated from Ernesto original https://torrentfreak.com/sopa-ghosts-hinder-u-s-pirate-site-blocking-efforts-171008/

Website blocking has become one of the entertainment industries’ favorite anti-piracy tools.

All over the world, major movie and music industry players have gone to court demanding that ISPs take action, often with great success.

Internal MPAA research showed that website blockades help to deter piracy and former boss Chris Dodd said that they are one of the most effective anti-tools available.

While not everyone is in agreement on this, the numbers are used to lobby politicians and convince courts. Interestingly, however, nothing is happening in the United States, which is where most pirate site visitors come from.

This is baffling to many people. Why would US-based companies go out of their way to demand ISP blocking in the most exotic locations, but fail to do the same at home?

We posed this question to Neil Turkewitz, RIAA’s former Executive Vice President International, who currently runs his own consulting group.

The main reason why pirate site blocking requests have not yet been made in the United States is down to SOPA. When the proposed SOPA legislation made headlines five years ago there was a massive backlash against website blocking, which isn’t something copyright groups want to reignite.

“The legacy of SOPA is that copyright industries want to avoid resurrecting the ghosts of SOPA past, and principally focus on ways to creatively encourage cooperation with platforms, and to use existing remedies,” Turkewitz tells us.

Instead of taking the likes of Comcast and Verizon to court, the entertainment industries focused on voluntary agreements, such as the now-defunct Copyright Alerts System. However, that doesn’t mean that website blocking and domain seizures are not an option.

“SOPA made ‘website blocking’ as such a four-letter word. But this is actually fairly misleading,” Turkewitz says.

“There have been a variety of civil and criminal actions addressing the conduct of entities subject to US jurisdiction facilitating piracy, regardless of the source, including hundreds of domain seizures by DHS/ICE.”

Indeed, there are plenty of legal options already available to do much of what SOPA promised. ABS-CBN has taken over dozens of pirate site domain names through the US court system. Most recently even through an ex-parte order, meaning that the site owners had no option to defend themselves before they lost their domains.

ISP and search engine blocking is also around the corner. As we reported earlier this week, a Virginia magistrate judge recently recommended an injunction which would require search engines and Internet providers to prevent users from accessing Sci-Hub.

Still, the major movie and music companies are not yet using these tools to take on The Pirate Bay or other major pirate sites. If it’s so easy, then why not? Apparently, SOPA may still be in the back of their minds.

Interestingly, the RIAA’s former top executive wasn’t a fan of SOPA when it was first announced, as it wouldn’t do much to extend the legal remedies that were already available.

“I actually didn’t like SOPA very much since it mostly reflected existing law and maintained a paradigm that didn’t involve ISP’s in creative interdiction, and simply preserved passivity. To see it characterized as ‘copyright gone wild’ was certainly jarring and incongruous,” Turkewitz says.

Ironically, it looks like a bill that failed to pass, and didn’t impress some copyright holders to begin with, is still holding them back after five years. They’re certainly not using all the legal options available to avoid SOPA comparison. The question is, for how long?

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Judge Recommends ISP and Search Engine Blocking of Sci-Hub in the US

Post Syndicated from Ernesto original https://torrentfreak.com/judge-recommends-isp-search-engine-blocking-sci-hub-us-171003/

Earlier this year the American Chemical Society (ACS), a leading source of academic publications in the field of chemistry, filed a lawsuit against Sci-Hub and its operator Alexandra Elbakyan.

The non-profit organization publishes tens of thousands of articles a year in its peer-reviewed journals. Because many of these are available for free on Sci-Hub, ACS wants to be compensated.

Sci-Hub was made aware of the legal proceedings but did not appear in court. As a result, a default was entered against the site. In addition to millions of dollars in damages, ACS also requested third-party Internet intermediaries to take action against the site.

While the request is rather unprecedented for the US, as it includes search engine and ISP blocking, Magistrate Judge John Anderson has included these measures in his recommendations.

Judge Anderson agrees that Sci-Hub is guilty of copyright and trademark infringement. In addition to $4,800,000 in statutory damages, he recommends a broad injunction that would require search engines, ISPs, domain registrars and other services to block Sci-Hub’s domain names.

“… the undersigned recommends that it be ordered that any person or entity in privity with Sci-Hub and with notice of the injunction, including any Internet search engines, web hosting and Internet service providers, domain name registrars, and domain name registries, cease facilitating access to any or all domain names and websites through which Sci-Hub engages in unlawful access to, use, reproduction, and distribution of ACS’s trademarks or copyrighted works.”

The recommendation

In addition to the above, domain registries and registrars will also be required to suspend Sci-Hub’s domain names. This also happened previously in a different lawsuit, but Sci-Hub swiftly moved to a new domain at the time.

“Finally, the undersigned recommends that it be ordered that the domain name registries and/or registrars for Sci-Hub’s domain names and websites, or their technical administrators, shall place the domain names on registryHold/serverHold or such other status to render the names/sites non-resolving,” the recommendation adds.”

If the U.S. District Court Judge adopts this recommendation, it would mean that Internet providers such as Comcast could be ordered to block users from accessing Sci-Hub. That’s a big deal since pirate site blockades are not common in the United States.

This would likely trigger a response from affected Internet services, who generally want to avoid being dragged into these cases. They would certainly don’t want such far-reaching measure to be introduced through a default order.

Sci-Hub itself doesn’t seem to be too bothered by the blocking prospect or the millions in damages it faces. The site has a Tor version which can’t be blocked by Internet providers, so determined scientists will still be able to access the site if they want.

Magistrate Judge John Anderson’s full findings of fact and recommendations are available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

20th Century Fox is Looking for Anti-Piracy Interns

Post Syndicated from Ernesto original https://torrentfreak.com/20th-century-fox-is-looking-for-anti-piracy-interns-170930/

Piracy remains one of the key threats for most Hollywood movie studios.

Most companies have entire departments dedicated to spotting infringing content, understanding the changing landscape, and figuring out how to respond.

20th Century Fox, for example, has its own Content Protection group, headed by Ron Wheeler. The group keeps an eye on emerging piracy threats and is currently looking for fresh blood.

The company has listed two new internships. The first is for a Graduate JD Law Student, who will be tasked with analyzing fair use cases and finding new targets for lawsuits, among other things.

“Interns will participate in the monitoring of and enforcement against such piracy, including conducting detailed copyright infringement and fair use analyses; identifying and researching litigation targets, and searching the internet for infringing copies of Fox content.”

Fox notes that basic knowledge of the principles of Copyright Law is a plus, but apparently not required. Students who take this internship will learn how film and television piracy affects the media industry and consumers, preparing them for future work in this field.

“This is a great opportunity for students interested in pursuing practice in the fields of Intellectual Property, Entertainment, or Media Law,” the job application explains.

A second anti-piracy internship that was posted recently is a search and analytics position. This includes organizing online copyright infringement intelligence and compiling this in analytical piracy reports for Fox executives.

Undergraduate – Research & Analytics

The research job posting shows that Fox keeps an eye on a wide range of piracy avenues including search engines, forums, eBay and pirate sites.

“Anti-Piracy Internet Investigations and Analysis including, but not limited to, internet research, forum site investigation, eBay searches, video forensics analysis review, database entry, general internet searches for Fox video content, review and summarize pirate websites, piracy trend analysis, and more.”

Those who complete the internship will have a thorough understanding of how widespread piracy issues are. It will provide insight into how this affects the movie industry and consumers alike, Fox explains.

While the average torrenter and streaming pirate might not be very eager to work for ‘the other side,’ these internships are ideal positions for students who have aspirations of working in the anti-piracy field. If any TorrentFreak readers plan to apply and get the job, we’ll be eager to hear what you’ve learned in a few months.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Russia Blocks 4,000 Pirate Sites Plus 41,000 Innocent as Collateral Damage

Post Syndicated from Andy original https://torrentfreak.com/russia-blocks-4000-pirate-sites-plus-41000-innocent-as-collateral-damage-170905/

After years of criticism from both international and local rightsholders, in 2013 the Russian government decided to get tough on Internet piracy.

Under new legislation, sites engaged in Internet piracy could find themselves blocked by ISPs, rendering them inaccessible to local citizens and solving the piracy problem. Well, that was the theory, at least.

More than four years on, Russia is still grappling with a huge piracy problem that refuses to go away. It has been blocking thousands of sites at a steady rate, including RuTracker, the country’s largest torrent platform, but still the problem persists.

Now, a new report produced by Roskomsvoboda, the Center for the Protection of Digital Rights, and the Pirate Party of Russia, reveals a system that has not only failed to reach its stated aims but is also having a negative effect on the broader Internet.

“It’s already been four years since the creation of this ‘anti-piracy machine’ in Russia. The first amendments related to the fight against ‘piracy’ in the network came into force on August 1, 2013, and since then this mechanism has been twice revised,” Roskomsvoboda said in a statement.

“[These include] the emergence of additional responsibilities to restrict access to network resources and increase the number of subjects who are responsible for removing and blocking content. Since that time, several ‘purely Russian’ trends in ‘anti-piracy’ and trade in rights have also emerged.”

These revisions, which include the permanent blocking of persistently infringing sites and the planned blocking of mirror sites and anonymizers, have been widely documented. However, the researchers say that they want to shine a light on the effects of blocking procedures and subsequent actions that are causing significant issues for third-parties.

As part of the study, the authors collected data on the cases presented to the Moscow City Court by the most active plaintiffs in anti-piracy actions (mainly TV show distributors and music outfits including Sony Music Entertainment and Universal Music). They describe the court process and system overall as lacking.

“The court does not conduct a ‘triple test’ and ignores the position, rights and interests of respondents and third parties. It does not check the availability of illegal information on sites and appeals against decisions of the Moscow City Court do not bring any results,” the researchers write.

“Furthermore, the cancellation of the unlimited blocking of a site is simply impossible and in respect of hosting providers and security services, those web services are charged with all the legal costs of the case.”

The main reason behind this situation is that ‘pirate’ site operators rarely (if ever) turn up to defend themselves. If at some point they are found liable for infringement under the Criminal Code, they can be liable for up to six years in prison, hardly an incentive to enter into a copyright process voluntarily. As a result, hosts and other providers act as respondents.

This means that these third-party companies appear as defendants in the majority of cases, a position they find both “unfair and illogical.” They’re also said to be confused about how they are supposed to fulfill the blocking demands placed upon them by the Court.

“About 90% of court cases take place without the involvement of the site owner, since the requirements are imposed on the hosting provider, who is not responsible for the content of the site,” the report says.

Nevertheless, hosts and other providers have been ordered to block huge numbers of pirate sites.

According to the researchers, the total has now gone beyond 4,000 domains, but the knock on effect is much more expansive. Due to the legal requirement to block sites by both IP address and other means, third-party sites with shared IP addresses get caught up as collateral damage. The report states that more than 41,000 innocent sites have been blocked as the result of supposedly targeted court orders.

But with collateral damage mounting, the main issue as far as copyright holders are concerned is whether piracy is decreasing as a result. The report draws few conclusions on that front but notes that blocks are a blunt instrument. While they may succeed in stopping some people from accessing ‘pirate’ domains, the underlying infringement carries on regardless.

“Blocks create restrictions only for Internet users who are denied access to sites, but do not lead to the removal of illegal information or prevent intellectual property violations,” the researchers add.

With no sign of the system being overhauled to tackle the issues raised in the study (pdf, Russian), Russia is now set to introduce yet new anti-piracy measures.

As recently reported, new laws requiring search engines to remove listings for ‘pirate’ mirror sites comes into effect October 1. Exactly a month later on November 1, VPNs and anonymization tools will have to be removed too, if they fail to meet the standards required under state regulation.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Sci-Hub Faces $4,8 Million Piracy Damages and ISP Blocking

Post Syndicated from Ernesto original https://torrentfreak.com/sci-hub-faces-48-million-piracy-damages-and-isp-blocking-170905/

In June, a New York District Court handed down a default judgment against Sci-Hub.

The pirate site, operated by Alexandra Elbakyan, was ordered to pay $15 million in piracy damages to academic publisher Elsevier.

With the ink on this order barely dry, another publisher soon tagged on with a fresh complaint. The American Chemical Society (ACS), a leading source of academic publications in the field of chemistry, also accused Sci-Hub of mass copyright infringement.

Founded more than 140 years ago, the non-profit organization has around 157,000 members and researchers who publish tens of thousands of articles a year in its peer-reviewed journals. Because many of its works are available for free on Sci-Hub, ACS wants to be compensated.

Sci-Hub was made aware of the legal proceedings but did not appear in court. As a result, a default was entered against the site, and a few days ago ACS specified its demands, which include $4.8 million in piracy damages.

“Here, ACS seeks a judgment against Sci-Hub in the amount of $4,800,000—which is based on infringement of a representative sample of publications containing the ACS Copyrighted Works multiplied by the maximum statutory damages of $150,000 for each publication,” they write.

The publisher notes that the maximum statutory damages are only requested for 32 of its 9,000 registered works. This still adds up to a significant sum of money, of course, but that is needed as a deterrent, ACS claims.

“Sci-Hub’s unabashed flouting of U.S. Copyright laws merits a strong deterrent. This Court has awarded a copyright holder maximum statutory damages where the defendant’s actions were ‘clearly willful’ and maximum damages were necessary to ‘deter similar actors in the future’,” they write.

Although the deterrent effect may sound plausible in most cases, another $4.8 million in debt is unlikely to worry Sci-Hub’s owner, as she can’t pay it off anyway. However, there’s also a broad injunction on the table that may be more of a concern.

The requested injunction prohibits Sci-Hub’s owner to continue her work on the site. In addition, it also bars a wide range of other service providers from assisting others to access it.

Specifically, it restrains “any Internet search engines, web hosting and Internet service providers, domain name registrars, and domain name registries, to cease facilitating access to any or all domain names and websites through which Defendant Sci-Hub engages in unlawful access to [ACS’s works].”

The above suggests that search engines may have to remove the site from their indexes while ISPs could be required to block their users’ access to the site as well, which goes quite far.

Since Sci-Hub is in default, ACS is likely to get what it wants. However, if the organization intends to enforce the order in full, it’s likely that some of these third-party services, including Internet providers, will have to spring into action.

While domain name registries are regularly ordered to suspend domains, search engine removals and ISP blocking are not common in the United States. It would, therefore, be no surprise if this case lingers a little while longer.

A copy of ACS’s proposed default judgment, obtained by TorrentFreak, is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Search Engines Will Open Systems to Prove Piracy & VPN Blocking

Post Syndicated from Andy original https://torrentfreak.com/search-engines-will-open-systems-to-prove-piracy-vpn-blocking-170901/

Over the past several years, Russia has become something of a world leader when it comes to website blocking. Tens of thousands of websites are now blocked in the country on copyright infringement and a wide range of other grounds.

With circumvention technologies such as VPNs, however, Russian citizens are able to access blocked sites, a position that has irritated Russian authorities who are determined to control what information citizens are allowed to access.

After working on new legislation for some time, late July President Vladimir Putin signed a new law which requires local telecoms watchdog Rozcomnadzor to maintain a list of banned domains while identifying sites, services, and software that provide access to them.

Rozcomnadzor is required to contact the operators of such services with a request for them to block banned resources. If they do not, then they themselves will become blocked. In addition, search engines are also required to remove blocked resources from their search results, in order to discourage people from accessing them.

With compliance now a matter of law, attention has turned to how search engines can implement the required mechanisms. This week Roskomnadzor hosted a meeting with representatives of the largest Russian search engines including Yandex, Sputnik, Search Mail.ru, where this topic was top of the agenda.

Since failure to comply can result in a fine of around $12,000 per breach, search companies have a vested interest in the systems working well against not only pirate sites, but also mirrors and anonymization tools that provide access to them.

“During the meeting, a consolidated position on the implementation of new legislative requirements was developed,” Rozcomnadzor reports.

“It was determined that the list of blocked resources to be removed from search results will be transferred to the operators of search engines in an automated process.”

While sending over lists of domains directly to search engines probably isn’t that groundbreaking, Rozcomnadzor wants to ensure that companies like Yandex are also responding to the removal requests properly.

So, instead of simply carrying out test searches itself, it’s been agreed that the watchdog will gain direct access to the search engines’ systems, so that direct verification can take place.

“In addition, preliminary agreements have been reached that the verification of the enforcement of the law by the search engines will be carried out through the interaction of the information systems of Roskomnadzor and the operators of search engines,” Rozcomnadzor reports.

Time for search engines to come into full compliance is ticking away. The law requiring them to remove listings for ‘pirate’ mirror sites comes into effect October 1. Exactly a month later on November 1, VPNs and anonymization tools will have to be removed too, if they fail to meet the standards required under state regulation.

Part of that regulation requires anonymization services to disclose the identities of their owners to the government.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Torrent Sites Suffer DDoS Attacks and Other Trouble

Post Syndicated from Ernesto original https://torrentfreak.com/torrent-sites-suffer-ddos-attacks-and-other-trouble-170901/

It’s not uncommon for torrent sites to suffer downtime due to technical issues. That happens pretty much every day.

But when close to a dozen large sites go offline, people start to ask questions.

This is exactly what happened this week. As reported previously, The Pirate Bay was hard to reach earlier, after a surge of traffic and a subsequent DDoS attack overloaded its servers. And they were not alone.

TorrentFreak spoke to several torrent site admins who noticed an increase of suspicious traffic which slowed down or toppled their sites, at least temporarily. While most have recovered, some sites remain offline today.

TorrentProject.se, one of the most used torrent search engines, has been down for nearly three days now. The site currently shows a “403 Forbidden” error message. Whether this is a harmless technical issue, the result of a DDoS attack, or worse, is unknown.

TorrentFreak reached out to the owner of the site but we have yet to hear back.

403 error

Another site that appears to be in trouble is WorldWideTorrents. This site, which was started after the KAT shutdown last year, is a home to many comic book fans. However, over the past few days the site has become unresponsive.

Based on WHOIS data, the site’s domain name has been suspended. The name servers were changed to “suspended-domain.com,” which means that it’s unlikely to be reinstated. WorldWideTorrents will reportedly return with a new domain but which one is currently unknown.

Popular uploaders on the site such as Nemesis43, meanwhile, are still active on other sites.

WorldWireTorrents Whois

Then there’s also Isohunt.to, which has been unresponsive for over a week. The search engine, which launched in 2013 less than two weeks after isoHunt.com shut down, has now vanished itself.

With no word from the operators, we can only speculate what happened. The site has seen a sharp decline in traffic over the past year, so it could be that they simply lost interest.

Isohunt.to is not responding

Those who now search for IsoHunt on Google are instead pointed to isohunts.to, which is a scam site advising users to download a “binary client,” which is little more than an ad.

The above shows that the torrent ecosystem remains vulnerable. DDoS attacks and domain issues are nothing new, but after the shutdown of KAT, Torrentz, Extratorrent, and other giants, the remaining sites have to carry a larger burden.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Showtime Seeks Injunction to Stop Mayweather v McGregor Piracy

Post Syndicated from Andy original https://torrentfreak.com/showtime-seeks-injunction-to-stop-mayweather-v-mcgregor-piracy-170816/

It’s the fight that few believed would become reality but on August 26, at the T-Mobile Arena in Las Vegas, Floyd Mayweather Jr. will duke it out with UFC lightweight champion Conor McGregor.

Despite being labeled a freak show by boxing purists, it is set to become the biggest combat sports event of all time. Mayweather, undefeated in his professional career, will face brash Irishman McGregor, who has gained a reputation for accepting fights with anyone – as long as there’s a lot of money involved. Big money is definitely the theme of the Mayweather bout.

Dubbed “The Money Fight”, some predict it could pull in a billion dollars, with McGregor pocketing $100m and Mayweather almost certainly more. Many of those lucky enough to gain entrance on the night will have spent thousands on their tickets but for the millions watching around the world….iiiiiiiit’s Showtimmme….with hefty PPV prices attached.

Of course, not everyone will be handing over $89.95 to $99.99 to watch the event officially on Showtime. Large numbers will turn to the many hundreds of websites set to stream the fight for free online, which has the potential to reduce revenues for all involved. With that in mind, Showtime Networks has filed a lawsuit in California which attempts to preemptively tackle this piracy threat.

The suit targets a number of John Does said to be behind a network of dozens of sites planning to stream the fight online for free. Defendant 1, using the alias “Kopa Mayweather”, is allegedly the operator of LiveStreamHDQ, a site that Showtime has grappled with previously.

“Plaintiff has had extensive experience trying to prevent live streaming websites from engaging in the unauthorized reproduction and distribution of Plaintiff’s copyrighted works in the past,” the lawsuit reads.

“In addition to bringing litigation, this experience includes sending cease and desist demands to LiveStreamHDQ in response to its unauthorized live streaming of the record-breaking fight between Floyd Mayweather, Jr. and Manny Pacquiao.”

Showtime says that LiveStreamHDQ is involved in the operations of at least 41 other sites that have been set up to specifically target people seeking to watch the fight without paying. Each site uses a .US ccTLD domain name.

Sample of the sites targeted by the lawsuit

Showtime informs the court that the registrant email and IP addresses of the domains overlap, which provides further proof that they’re all part of the same operation. The TV network also highlights various statements on the sites in question which demonstrate intent to show the fight without permission, including the highly dubious “Watch From Here Mayweather vs Mcgregor Live with 4k Display.”

In addition, the lawsuit is highly critical of efforts by the sites’ operator(s) to stuff the pages with fight-related keywords in order to draw in as much search engine traffic as they can.

“Plaintiff alleges that Defendants have engaged in such keyword stuffing as a form of search engine optimization in an effort to attract as much web traffic as possible in the form of Internet users searching for a way to access a live stream of the Fight,” it reads.

While site operators are expected to engage in such behavior, Showtime says that these SEO efforts have been particularly successful, obtaining high-ranking positions in major search engines for the would-be pirate sites.

For instance, Showtime says that a Google search for “Mayweather McGregor Live” results in four of the target websites appearing in the first 100 results, i.e the first 10 pages. Interestingly, however, to get that result searchers would need to put the search in quotes as shown above, since a plain search fails to turn anything up in hundreds of results.

At this stage, the important thing to note is that none of the sites are currently carrying links to the fight, because the fight is yet to happen. Nevertheless, Showtime is convinced that come fight night, all of the target websites will be populated with pirate links, accessible for free or after paying a fee. This needs to be stopped, it argues.

“Defendants’ anticipated unlawful distribution will impair the marketability and profitability of the Coverage, and interfere with Plaintiff’s own authorized distribution of the Coverage, because Defendants will provide consumers with an opportunity to view the Coverage in its entirety for free, rather than paying for the Coverage provided through Plaintiff’s authorized channels.

“This is especially true where, as here, the work at issue is live coverage of a one-time live sporting event whose outcome is unknown,” the network writes.

Showtime informs the court that it made efforts to contact the sites in question but had just a single response from an individual who claimed to be sports blogger who doesn’t offer streaming services. The undertone is one of disbelief.

In closing, Showtime demands a temporary restraining order, preliminary injunction, and permanent injunction, prohibiting the defendants from making the fight available in any way, and/or “forming new entities” in order to circumvent any subsequent court order. Compensation for suspected damages is also requested.

Showtime previously applied for and obtained a similar injunction to cover the (hugely disappointing) Mayweather v Pacquiao fight in 2015. In that case, websites were ordered to be taken down on the day before the fight.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Court Won’t Drop Case Against Alleged KickassTorrents Owner

Post Syndicated from Ernesto original https://torrentfreak.com/court-wont-drop-case-against-alleged-kickasstorrents-owner-170804/

kickasstorrents_500x500Last summer, Polish law enforcement officers arrested Artem Vaulin, the alleged founder of KickassTorrents.

Polish authorities acted on a criminal complaint from the US Government, which accused Vaulin of criminal copyright infringement and money laundering.

While Vaulin is still awaiting the final decision in his extradition process in Poland, his US counsel tried to have the entire case thrown out with a motion to dismiss submitted to the Illinois District Court late last year.

One of the fundamental flaws of the case, according to the defense, is that torrent files themselves are not copyrighted content. In addition, they argued that any secondary copyright infringement claims would fail as these are non-existent under criminal law.

After a series of hearings and a long wait afterwards, US District Judge John Z. Lee has now issued his verdict (pdf).

In a 28-page memorandum and order, the motion to dismiss was denied on various grounds.

The court doesn’t contest that torrent files themselves are not protected content under copyright law. However, this argument ignores the fact that the files are used to download copyrighted material, the order reads.

“This argument, however, misunderstands the indictment. The indictment is not concerned with the mere downloading or distribution of torrent files,” Judge Lee writes.

“Granted, the indictment describes these files and charges Vaulin with operating a website dedicated to hosting and distributing them. But the protected content alleged to have been infringed in the indictment is a number of movies and other copyright protected media that users of Vaulin’s network purportedly downloaded and distributed..,” he adds.

In addition, the defense’s argument that secondary copyright infringement claims are non-existent under criminal law doesn’t hold either, according to the Judge’s decision.

Vaulin’s defense noted that the Government’s theory could expose other search engines, such as Google, to criminal liability. While this is theoretically possible, the court sees distinct differences and doesn’t aim to rule on all search engines in general.

“For present purposes, though, the Court need not decide whether and when a search engine operator might engage in conduct sufficient to constitute aiding and abetting criminal copyright infringement. The issue here is whether 18 U.S.C. § 2 applies to 17 U.S.C. § 506. The Court is persuaded that it does,” Judge Lee writes.

Based on these and other conclusions, the motion to dismiss was denied. This means that the case will move forward. The next step will be to see how the Polish court rules on the extradition request.

Vaulin’s lead counsel Ira Rothken is disappointed with the outcome. He stresses that while courts commonly construe indictments in a light most favorable to the government, it went too far in this case.

“Currently a person merely ‘making available’ a file on a network in California wouldn’t even be committing a civil copyright infringement under the ruling in Napster but under today’s ruling that same person doing it in Illinois could be criminally prosecuted by the United States,” Rothken informs TorrentFreak.

“If federal judges disagree on the state of the federal copyright law then people shouldn’t be criminally prosecuted absent clarification by Congress,” he adds.

The defense team is still considering the best options for appeal, and whether they want to go down that road. However, Rothken hopes that the Seventh Circuit Court of Appeals will address the issue in the future.

“We hope one day that the Seventh Circuit Court of Appeals will undo this ruling and the chilling effect it will have on internet search engines, user generated content sites, and millions of netizens globally,” Rothken notes.

For now, however, Vaulin’s legal team will likely shift its focus to preventing his extradition to the United States.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Top 10 Most Obvious Hacks of All Time (v0.9)

Post Syndicated from Robert Graham original http://blog.erratasec.com/2017/07/top-10-most-obvious-hacks-of-all-time.html

For teaching hacking/cybersecurity, I thought I’d create of the most obvious hacks of all time. Not the best hacks, the most sophisticated hacks, or the hacks with the biggest impact, but the most obvious hacks — ones that even the least knowledgeable among us should be able to understand. Below I propose some hacks that fit this bill, though in no particular order.

The reason I’m writing this is that my niece wants me to teach her some hacking. I thought I’d start with the obvious stuff first.

Shared Passwords

If you use the same password for every website, and one of those websites gets hacked, then the hacker has your password for all your websites. The reason your Facebook account got hacked wasn’t because of anything Facebook did, but because you used the same email-address and password when creating an account on “beagleforums.com”, which got hacked last year.

I’ve heard people say “I’m sure, because I choose a complex password and use it everywhere”. No, this is the very worst thing you can do. Sure, you can the use the same password on all sites you don’t care much about, but for Facebook, your email account, and your bank, you should have a unique password, so that when other sites get hacked, your important sites are secure.

And yes, it’s okay to write down your passwords on paper.

Tools: HaveIBeenPwned.com

PIN encrypted PDFs

My accountant emails PDF statements encrypted with the last 4 digits of my Social Security Number. This is not encryption — a 4 digit number has only 10,000 combinations, and a hacker can guess all of them in seconds.
PIN numbers for ATM cards work because ATM machines are online, and the machine can reject your card after four guesses. PIN numbers don’t work for documents, because they are offline — the hacker has a copy of the document on their own machine, disconnected from the Internet, and can continue making bad guesses with no restrictions.
Passwords protecting documents must be long enough that even trillion upon trillion guesses are insufficient to guess.

Tools: Hashcat, John the Ripper

SQL and other injection

The lazy way of combining websites with databases is to combine user input with an SQL statement. This combines code with data, so the obvious consequence is that hackers can craft data to mess with the code.
No, this isn’t obvious to the general public, but it should be obvious to programmers. The moment you write code that adds unfiltered user-input to an SQL statement, the consequence should be obvious. Yet, “SQL injection” has remained one of the most effective hacks for the last 15 years because somehow programmers don’t understand the consequence.
CGI shell injection is a similar issue. Back in early days, when “CGI scripts” were a thing, it was really important, but these days, not so much, so I just included it with SQL. The consequence of executing shell code should’ve been obvious, but weirdly, it wasn’t. The IT guy at the company I worked for back in the late 1990s came to me and asked “this guy says we have a vulnerability, is he full of shit?”, and I had to answer “no, he’s right — obviously so”.

XSS (“Cross Site Scripting”) [*] is another injection issue, but this time at somebody’s web browser rather than a server. It works because websites will echo back what is sent to them. For example, if you search for Cross Site Scripting with the URL https://www.google.com/search?q=cross+site+scripting, then you’ll get a page back from the server that contains that string. If the string is JavaScript code rather than text, then some servers (thought not Google) send back the code in the page in a way that it’ll be executed. This is most often used to hack somebody’s account: you send them an email or tweet a link, and when they click on it, the JavaScript gives control of the account to the hacker.

Cross site injection issues like this should probably be their own category, but I’m including it here for now.

More: Wikipedia on SQL injection, Wikipedia on cross site scripting.
Tools: Burpsuite, SQLmap

Buffer overflows

In the C programming language, programmers first create a buffer, then read input into it. If input is long than the buffer, then it overflows. The extra bytes overwrite other parts of the program, letting the hacker run code.
Again, it’s not a thing the general public is expected to know about, but is instead something C programmers should be expected to understand. They should know that it’s up to them to check the length and stop reading input before it overflows the buffer, that there’s no language feature that takes care of this for them.
We are three decades after the first major buffer overflow exploits, so there is no excuse for C programmers not to understand this issue.

What makes particular obvious is the way they are wrapped in exploits, like in Metasploit. While the bug itself is obvious that it’s a bug, actually exploiting it can take some very non-obvious skill. However, once that exploit is written, any trained monkey can press a button and run the exploit. That’s where we get the insult “script kiddie” from — referring to wannabe-hackers who never learn enough to write their own exploits, but who spend a lot of time running the exploit scripts written by better hackers than they.

More: Wikipedia on buffer overflow, Wikipedia on script kiddie,  “Smashing The Stack For Fun And Profit” — Phrack (1996)
Tools: bash, Metasploit

SendMail DEBUG command (historical)

The first popular email server in the 1980s was called “SendMail”. It had a feature whereby if you send a “DEBUG” command to it, it would execute any code following the command. The consequence of this was obvious — hackers could (and did) upload code to take control of the server. This was used in the Morris Worm of 1988. Most Internet machines of the day ran SendMail, so the worm spread fast infecting most machines.
This bug was mostly ignored at the time. It was thought of as a theoretical problem, that might only rarely be used to hack a system. Part of the motivation of the Morris Worm was to demonstrate that such problems was to demonstrate the consequences — consequences that should’ve been obvious but somehow were rejected by everyone.

More: Wikipedia on Morris Worm

Email Attachments/Links

I’m conflicted whether I should add this or not, because here’s the deal: you are supposed to click on attachments and links within emails. That’s what they are there for. The difference between good and bad attachments/links is not obvious. Indeed, easy-to-use email systems makes detecting the difference harder.
On the other hand, the consequences of bad attachments/links is obvious. That worms like ILOVEYOU spread so easily is because people trusted attachments coming from their friends, and ran them.
We have no solution to the problem of bad email attachments and links. Viruses and phishing are pervasive problems. Yet, we know why they exist.

Default and backdoor passwords

The Mirai botnet was caused by surveillance-cameras having default and backdoor passwords, and being exposed to the Internet without a firewall. The consequence should be obvious: people will discover the passwords and use them to take control of the bots.
Surveillance-cameras have the problem that they are usually exposed to the public, and can’t be reached without a ladder — often a really tall ladder. Therefore, you don’t want a button consumers can press to reset to factory defaults. You want a remote way to reset them. Therefore, they put backdoor passwords to do the reset. Such passwords are easy for hackers to reverse-engineer, and hence, take control of millions of cameras across the Internet.
The same reasoning applies to “default” passwords. Many users will not change the defaults, leaving a ton of devices hackers can hack.

Masscan and background radiation of the Internet

I’ve written a tool that can easily scan the entire Internet in a short period of time. It surprises people that this possible, but it obvious from the numbers. Internet addresses are only 32-bits long, or roughly 4 billion combinations. A fast Internet link can easily handle 1 million packets-per-second, so the entire Internet can be scanned in 4000 seconds, little more than an hour. It’s basic math.
Because it’s so easy, many people do it. If you monitor your Internet link, you’ll see a steady trickle of packets coming in from all over the Internet, especially Russia and China, from hackers scanning the Internet for things they can hack.
People’s reaction to this scanning is weirdly emotional, taking is personally, such as:
  1. Why are they hacking me? What did I do to them?
  2. Great! They are hacking me! That must mean I’m important!
  3. Grrr! How dare they?! How can I hack them back for some retribution!?

I find this odd, because obviously such scanning isn’t personal, the hackers have no idea who you are.

Tools: masscan, firewalls

Packet-sniffing, sidejacking

If you connect to the Starbucks WiFi, a hacker nearby can easily eavesdrop on your network traffic, because it’s not encrypted. Windows even warns you about this, in case you weren’t sure.

At DefCon, they have a “Wall of Sheep”, where they show passwords from people who logged onto stuff using the insecure “DefCon-Open” network. Calling them “sheep” for not grasping this basic fact that unencrypted traffic is unencrypted.

To be fair, it’s actually non-obvious to many people. Even if the WiFi itself is not encrypted, SSL traffic is. They expect their services to be encrypted, without them having to worry about it. And in fact, most are, especially Google, Facebook, Twitter, Apple, and other major services that won’t allow you to log in anymore without encryption.

But many services (especially old ones) may not be encrypted. Unless users check and verify them carefully, they’ll happily expose passwords.

What’s interesting about this was 10 years ago, when most services which only used SSL to encrypt the passwords, but then used unencrypted connections after that, using “cookies”. This allowed the cookies to be sniffed and stolen, allowing other people to share the login session. I used this on stage at BlackHat to connect to somebody’s GMail session. Google, and other major websites, fixed this soon after. But it should never have been a problem — because the sidejacking of cookies should have been obvious.

Tools: Wireshark, dsniff

Stuxnet LNK vulnerability

Again, this issue isn’t obvious to the public, but it should’ve been obvious to anybody who knew how Windows works.
When Windows loads a .dll, it first calls the function DllMain(). A Windows link file (.lnk) can load icons/graphics from the resources in a .dll file. It does this by loading the .dll file, thus calling DllMain. Thus, a hacker could put on a USB drive a .lnk file pointing to a .dll file, and thus, cause arbitrary code execution as soon as a user inserted a drive.
I say this is obvious because I did this, created .lnks that pointed to .dlls, but without hostile DllMain code. The consequence should’ve been obvious to me, but I totally missed the connection. We all missed the connection, for decades.

Social Engineering and Tech Support [* * *]

After posting this, many people have pointed out “social engineering”, especially of “tech support”. This probably should be up near #1 in terms of obviousness.

The classic example of social engineering is when you call tech support and tell them you’ve lost your password, and they reset it for you with minimum of questions proving who you are. For example, you set the volume on your computer really loud and play the sound of a crying baby in the background and appear to be a bit frazzled and incoherent, which explains why you aren’t answering the questions they are asking. They, understanding your predicament as a new parent, will go the extra mile in helping you, resetting “your” password.

One of the interesting consequences is how it affects domain names (DNS). It’s quite easy in many cases to call up the registrar and convince them to transfer a domain name. This has been used in lots of hacks. It’s really hard to defend against. If a registrar charges only $9/year for a domain name, then it really can’t afford to provide very good tech support — or very secure tech support — to prevent this sort of hack.

Social engineering is such a huge problem, and obvious problem, that it’s outside the scope of this document. Just google it to find example after example.

A related issue that perhaps deserves it’s own section is OSINT [*], or “open-source intelligence”, where you gather public information about a target. For example, on the day the bank manager is out on vacation (which you got from their Facebook post) you show up and claim to be a bank auditor, and are shown into their office where you grab their backup tapes. (We’ve actually done this).

More: Wikipedia on Social Engineering, Wikipedia on OSINT, “How I Won the Defcon Social Engineering CTF” — blogpost (2011), “Questioning 42: Where’s the Engineering in Social Engineering of Namespace Compromises” — BSidesLV talk (2016)

Blue-boxes (historical) [*]

Telephones historically used what we call “in-band signaling”. That’s why when you dial on an old phone, it makes sounds — those sounds are sent no differently than the way your voice is sent. Thus, it was possible to make tone generators to do things other than simply dial calls. Early hackers (in the 1970s) would make tone-generators called “blue-boxes” and “black-boxes” to make free long distance calls, for example.

These days, “signaling” and “voice” are digitized, then sent as separate channels or “bands”. This is call “out-of-band signaling”. You can’t trick the phone system by generating tones. When your iPhone makes sounds when you dial, it’s entirely for you benefit and has nothing to do with how it signals the cell tower to make a call.

Early hackers, like the founders of Apple, are famous for having started their careers making such “boxes” for tricking the phone system. The problem was obvious back in the day, which is why as the phone system moves from analog to digital, the problem was fixed.

More: Wikipedia on blue box, Wikipedia article on Steve Wozniak.

Thumb drives in parking lots [*]

A simple trick is to put a virus on a USB flash drive, and drop it in a parking lot. Somebody is bound to notice it, stick it in their computer, and open the file.

This can be extended with tricks. For example, you can put a file labeled “third-quarter-salaries.xlsx” on the drive that required macros to be run in order to open. It’s irresistible to other employees who want to know what their peers are being paid, so they’ll bypass any warning prompts in order to see the data.

Another example is to go online and get custom USB sticks made printed with the logo of the target company, making them seem more trustworthy.

We also did a trick of taking an Adobe Flash game “Punch the Monkey” and replaced the monkey with a logo of a competitor of our target. They now only played the game (infecting themselves with our virus), but gave to others inside the company to play, infecting others, including the CEO.

Thumb drives like this have been used in many incidents, such as Russians hacking military headquarters in Afghanistan. It’s really hard to defend against.

More: “Computer Virus Hits U.S. Military Base in Afghanistan” — USNews (2008), “The Return of the Worm That Ate The Pentagon” — Wired (2011), DoD Bans Flash Drives — Stripes (2008)

Googling [*]

Search engines like Google will index your website — your entire website. Frequently companies put things on their website without much protection because they are nearly impossible for users to find. But Google finds them, then indexes them, causing them to pop up with innocent searches.
There are books written on “Google hacking” explaining what search terms to look for, like “not for public release”, in order to find such documents.

More: Wikipedia entry on Google Hacking, “Google Hacking” book.

URL editing [*]

At the top of every browser is what’s called the “URL”. You can change it. Thus, if you see a URL that looks like this:

http://www.example.com/documents?id=138493

Then you can edit it to see the next document on the server:

http://www.example.com/documents?id=138494

The owner of the website may think they are secure, because nothing points to this document, so the Google search won’t find it. But that doesn’t stop a user from manually editing the URL.
An example of this is a big Fortune 500 company that posts the quarterly results to the website an hour before the official announcement. Simply editing the URL from previous financial announcements allows hackers to find the document, then buy/sell the stock as appropriate in order to make a lot of money.
Another example is the classic case of Andrew “Weev” Auernheimer who did this trick in order to download the account email addresses of early owners of the iPad, including movie stars and members of the Obama administration. It’s an interesting legal case because on one hand, techies consider this so obvious as to not be “hacking”. On the other hand, non-techies, especially judges and prosecutors, believe this to be obviously “hacking”.

DDoS, spoofing, and amplification [*]

For decades now, online gamers have figured out an easy way to win: just flood the opponent with Internet traffic, slowing their network connection. This is called a DoS, which stands for “Denial of Service”. DoSing game competitors is often a teenager’s first foray into hacking.
A variant of this is when you hack a bunch of other machines on the Internet, then command them to flood your target. (The hacked machines are often called a “botnet”, a network of robot computers). This is called DDoS, or “Distributed DoS”. At this point, it gets quite serious, as instead of competitive gamers hackers can take down entire businesses. Extortion scams, DDoSing websites then demanding payment to stop, is a common way hackers earn money.
Another form of DDoS is “amplification”. Sometimes when you send a packet to a machine on the Internet it’ll respond with a much larger response, either a very large packet or many packets. The hacker can then send a packet to many of these sites, “spoofing” or forging the IP address of the victim. This causes all those sites to then flood the victim with traffic. Thus, with a small amount of outbound traffic, the hacker can flood the inbound traffic of the victim.
This is one of those things that has worked for 20 years, because it’s so obvious teenagers can do it, yet there is no obvious solution. President Trump’s executive order of cyberspace specifically demanded that his government come up with a report on how to address this, but it’s unlikely that they’ll come up with any useful strategy.

More: Wikipedia on DDoS, Wikipedia on Spoofing

Conclusion

Tweet me (@ErrataRob) your obvious hacks, so I can add them to the list.

Russia Bans ‘Uncensored’ VPNs, Proxies and TOR

Post Syndicated from Ernesto original https://torrentfreak.com/russia-bans-unrestricted-vpns-proxies-and-tor-in-russia-170731/

Russia has swiftly become a world leader when it comes to website blocking. Tens of thousands of websites are blocked in the country on copyright infringement and a wide range of other grounds.

However, as is often the case, not all citizens willingly subject themselves to these type of restrictions. On the contrary, many use proxies or anonymizing services such as VPNs and TOR to gain access.

In recent months, the Russian Government has worked on legislation to crack down on these circumvention tools as well, and local media report that President Vladimir Putin has now signed the proposed bill into law.

Under the new law, local telecoms watchdog Rozcomnadzor will keep a list of banned domains while identifying sites, services, and software that provide access to them. Rozcomnadzor will then try to contact the operators of the services, urging them to ban the blocked websites, or face the same fate.

The FSB and the Ministry of Internal Affairs will be tasked with monitoring offenses, which they will then refer to the telecoms watchdog.

In addition to targeting the circumvention sites, services, and their hosts, the bill targets search engines as well.

Search engines will be required to remove links to blocked resources from their results, as these would encourage people to access prohibited material. Search engines that fail to comply with the new requirements face a $12,400 penalty per breach.

Local search giant Yandex previously spoke out against the far-reaching requirements, describing them as unnecessary.

“We believe that the laying of responsibilities on search engines is superfluous,” a Yandex spokesperson said.

“Even if the reference to a [banned] resource does appear in search results, it does not mean that by clicking on it the user will get access, if it was already blocked by ISPs or in any other ways,” the company added.

The new legislation has not been without controversy. Earlier this month many Russians protested the plans, but this had little effect on the final vote. In the Duma, the bill was approved by 373 deputies. Only two voted against the plans, and another and two abstained.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Concerns About The Blockchain Technology

Post Syndicated from Bozho original https://techblog.bozho.net/concerns-blockchain-technology/

The so-called (and marketing-branded) “blockchain technology” is promised to revolutionize every industry. Anything, they say, will become decentralized, free from middle men or government control. Services will thrive on various installments of the blockchain, and smart contracts will automatically enforce any logic that is related to the particular domain.

I don’t mind having another technological leap (after the internet), and given that I’m technically familiar with the blockchain, I may even be part of it. But I’m not convinced it will happen, and I’m not convinced it’s going to be the next internet.

If we strip the hype, the technology behind Bitcoin is indeed a technical masterpiece. It combines existing techniques (likes hash chains and merkle trees) with a very good proof-of-work based consensus algorithm. And it creates a digital currency, which ontop of being worth billions now, is simply cool.

But will this technology be mass-adopted, and will mass adoption allow it to retain the technological benefits it has?

First, I’d like to nitpick a little bit – if anyone is speaking about “decentralized software” when referring to “the blockchain”, be suspicious. Bitcon and other peer-to-peer overlay networks are in fact “distributed” (see the pictures here). “Decentralized” means having multiple providers, but doesn’t mean each user will be full-featured nodes on the network. This nitpicking is actually part of another argument, but we’ll get to that.

If blockchain-based applications want to reach mass adoption, they have to be user-friendly. I know I’m being captain obvious here (and fortunately some of the people in the area have realized that), but with the current state of the technology, it’s impossible for end users to even get it, let alone use it.

My first serious concern is usability. To begin with, you need to download the whole blockchain on your machine. When I got my first bitcoin several years ago (when it was still 10 euro), the blockchain was kind of small and I didn’t notice that problem. Nowadays both the Bitcoin and Ethereum blockchains take ages to download. I still haven’t managed to download the ethereum one – after several bugs and reinstalls of the client, I’m still at 15%. And we are just at the beginning. A user just will not wait for days to download something in order to be able to start using a piece of technology.

I recently proposed downloading snapshots of the blockchain via bittorrent to be included in the Ethereum protocol itself. I know that snapshots of the Bitcoin blockchain have been distributed that way, but it has been a manual process. If a client can quickly download the huge file up to a recent point, and then only donwload the latest ones in the the traditional way, starting up may be easier. Of course, the whole chain would have to be verified, but maybe that can be a background process that doesn’t stop you from using whatever is built ontop of the particular blockchain. (I’m not sure if that will be secure enough, and that, say potential Sybil attacks on the bittorrent part won’t make it undesirable, it’s just an idea).

But even if such an approach works and is adopted, that would still mean that for every service you’d have to download a separate blockchain. Of course, projects like Ethereum may seem like the “one stop shop” for cool blockchain-based applications, but fragmentation is already happening – there are alt-coins bundled with various services like file storage, DNS, etc. That will not be workable for end-users. And it’s certainly not an option for mobile, which is the dominant client now. If instead of downloading the entire chain, something like consistent hashing is used to distribute the content in small portions among clients, it might be workable. But how will trust work in that case, I don’t know. Maybe it’s possible, maybe not.

And yes, I know that you don’t necessarily have to install a wallet/client in order to make use of a given blockchain – you can just have a cloud-based wallet. Which is fairly convenient, but that gets me to my nitpicking from a few paragraphs above and to may second concern – this effectively turns a distributed system into a decentralized one – a limited number of cloud providers hold most of the data (just as a limited number of miners hold most of the processing power). And then, even though the underlying technology allows for a distributed deployment, we’ll end-up again with simply decentralized or even de-facto cenetralized, if mergers and acquisitions lead us there (and they probably will). And in order to be able to access our wallets/accounts from multiple devices, we’d use a convenient cloud service where we’d login with our username and password (because the private key is just too technical and hard for regular users). And that seems to defeat the whole idea.

Not only that, but there is an inevitable centralization of decisions (who decides on the size of the block, who has commit rights to the client repository) as well as a hidden centralization of power – how much GPU power does the Chinese mining “farms” control and can they influence the network significantly? And will the average user ever know that or care (as they don’t care that Google is centralized). I think that overall, distributed technologies will follow the power law, and the majority of data/processing power/decision power will be controller by a minority of actors. And so our distributed utopia will not happen in its purest form we dream of.

My third concern is incentive. Distributed technologies that have been successful so far have a pretty narrow set of incentives. The internet was promoted by large public institutions, including government agencies and big universitives. Bittorrent was successful mainly because it allowed free movies and songs with 2 clicks of the mouse. And Bitcoin was successful because it offered financial benefits. I’m oversimplifying of course, but “government effort”, “free & easy” and “source of more money” seem to have been the successful incentives. On the other side of the fence there are dozens of failed distributed technologies. I’ve tried many of them – alternative search engines, alternative file storage, alternative ride-sharings, alternative social networks, alternative “internets” even. None have gained traction. Because they are not easier to use than their free competitors and you can’t make money out of them (and no government bothers promoting them).

Will blockchain-based services have sufficient incentives to drive customers? Will centralized competitors just easily crush the distributed alternatives by being cheaper, more-user friendly, having sales departments that can target more than hardcore geeks who have no problem syncing their blockchain via the command line? The utopian slogans seem very cool to idealists and futurists, but don’t sell. “Free from centralized control, full control over your data” – we’d have to go through a long process of cultural change before these things make sense to more than a handful of people.

Speaking of services, often examples include “the sharing economy”, where one stranger offers a service to another stranger. Blockchain technology seems like a good fit here indeed – the services are by nature distributed, why should the technology be centralized? Here comes my fourth concern – identity. While for the cryptocurrencies it’s actually beneficial to be anonymous, for most of the real-world services (i.e. the industries that ought to be revolutionized) this is not an option. You can’t just go in the car of publicKey=5389BC989A342…. “But there are already distributed reputation systems”, you may say. Yes, and they are based on technical, not real-world identities. That doesn’t build trust. I don’t trust that publicKey=5389BC989A342… is the same person that got the high reputation. There may be five people behind that private key. The private key may have been stolen (e.g. in a cloud-provider breach).

The values of companies like Uber and AirBNB is that they serve as trust brokers. They verify and vouch for their drivers and hosts (and passengers and guests). They verify their identity through government-issued documents, skype calls, selfies, compare pictures to documents, get access to government databases, credit records, etc. Can a fully distributed service do that? No. You’d need a centralized provider to do it. And how would the blockchain make any difference then? Well, I may not be entirely correct here. I’ve actually been thinking quite a lot about decentralized identity. E.g. a way to predictably generate a private key based on, say biometrics+password+government-issued-documents, and use the corresponding public key as your identifier, which is then fed into reputation schemes and ultimately – real-world services. But we’re not there yet.

And that is part of my fifth concern – the technology itself. We are not there yet. There are bugs, there are thefts and leaks. There are hard-forks. There isn’t sufficient understanding of the technology (I confess I don’t fully grasp all the implementation details, and they are always the key). Often the technology is advertised as “just working”, but it isn’t. The other day I read an article (lost the link) that clarifies a common misconception about smart contracts – they cannot interact with the outside world – they can’t call APIs (e.g. stock market prices, bank APIs), they can’t push or fetch data from anywhere but the blockchain. That mandates the need, again, for a centralized service that pushes the relevant information before smart contracts can pick it up. I’m pretty sure that all cool-sounding applications are not possible without extensive research. And even if/when they are, writing distributed code is hard. Debugging a smart contract is hard. Yes, hard is cool, but that doesn’t drive economic value.

I have mostly been referring to public blockchains so far. Private blockchains may have their practical application, but there’s one catch – they are not exactly the cool distributed technology that the Bitcoin uses. They may be called “blockchains” because they…chain blocks, but they usually centralize trust. For example the Hyperledger project uses PKI, with all its benefits and risks. In these cases, a centralized authority issues the identity “tokens”, and then nodes communicate and form a shared ledger. That’s a bit easier problem to solve, and the nodes would usually be on actual servers in real datacenters, and not on your uncle’s Windows XP.

That said, hash chaining has been around for quite a long time. I did research on the matter because of a side-project of mine and it seems providing a tamper-proof/tamper-evident log/database on semi-trusted machines has been discussed in many computer science papers since the 90s. That alone is not “the magic blockchain” that will solve all of our problems, no matter what gossip protocols you sprinkle ontop. I’m not saying that’s bad, on the contrary – any variation and combinations of the building blocks of the blockchain (the hash chain, the consensus algorithm, the proof-of-work (or stake), possibly smart contracts), has potential for making useful products.

I know I sound like the a naysayer here, but I hope I’ve pointed out particular issues, rather than aimlessly ranting at the hype (though that’s tempting as well). I’m confident that blockchain-like technologies will have their practical applications, and we will see some successful, widely-adopted services and solutions based on that, just as pointed out in this detailed report. But I’m not convinced it will be revolutionizing.

I hope I’m proven wrong, though, because watching a revolutionizing technology closely and even being part of it would be quite cool.

The post Concerns About The Blockchain Technology appeared first on Bozho's tech blog.

Google Challenges Canada’s Global Blocking Injunction in the US

Post Syndicated from Andy original https://torrentfreak.com/google-challenges-canadas-global-blocking-injunction-in-the-us-170726/

Despite being what courts have described as an “innocent bystander”, Google has found itself at the heart of a potentially damaging intellectual property case. Running since 2014, Equustek Solutions Inc. v. Jack saw Canadian entities battle over stolen intellectual property.

Equustek Solutions claimed that Google’s search results helped to send visitors to Datalink websites operated by the defendants (former Equustek employees) who were selling unlawful products. Google voluntarily removed links to the sites from its Google.ca (Canada) results but Equustek wanted more, and soon got it.

A court in British Columbia, the Court of Appeal, and then the Supreme Court of Canada all agreed that Google should remove links to the sites on a global basis, by definition beyond Canada’s borders.

When court rulings encroach on potentially opposing legal systems overseas, difficulties are bound to arise. Google raised concerns that the decision would conflict with U.S. law, but the Supreme Court described the issues as “theoretical” and left it up to the U.S. to solve the problem.

In response, Google filed for an injunction at the US District Court for Northern California this week, arguing that the Canadian decision violates important U.S. legislation.

“Google now turns to this Court, asking it to declare that the rights established by the First Amendment and the Communications Decency Act are not merely theoretical,” Google wrote.

“The Canadian order is repugnant to those rights, and the order violates principles of international comity, particularly since the Canadian plaintiffs never established any violation of their rights under U.S. law.

“Pursuant to well-established United States law, Google seeks a declaratory judgment that the Canadian court’s order cannot be enforced in the United States and an order enjoining that enforcement.”

According to Google, Internet search results are fully protected speech under the First Amendment, and because the Canadian decision is directed to a specific speaker (Google) and is content-specific, it must come under scrutiny.

Google insists that the websites to be censored are already a matter of public record and Equustek has not shown that it has no alternative remedies to hand other than to censor Google’s results outside of Canada.

“Equustek has not sought similar delisting injunctions against the world’s other search engines, such as Bing or Yahoo,” Google writes, noting that action hasn’t been taken against regular websites carrying links either.

Google also suggests that Equustek could have taken action against Datalink’s registrars and webhosts, which have the ability to delete the actual sites in question. With the websites gone the search de-indexing battle would be moot, but for reasons unknown, Equustek has chosen a different battle.

Describing the Canadian order as one of “convenience,” Google criticizes the effort to deal with a Canadian legal problem on a global basis, adding that “no one country should purport to control the global internet.”

In closing, Google asks the court to declare the Canadian Order unenforceable in the United States on the basis it violates the the First Amendment, the Communications Decency Act, and public policy surrounding enforceability of foreign judgments.

“The Canadian Order purports to place the Canadian court in the position of
supervising the law enforcement activities of a foreign sovereign nation (the United States) against the United States’ own citizens on American soil. Because the Canadian courts ignored principles of international comity, corrective action by this Court is required,” Google concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Movie Studios Wipe Pirate Site Homepages From Google Search

Post Syndicated from Ernesto original https://torrentfreak.com/movie-studios-wipe-pirate-site-homepages-from-google-search-170716/

Over the past two weeks several pirate streaming sites have seen their homepages disappear from Google’s search results.

Earlier this week we reported how GoMovies switched to a new domain name, for this very reason, but on closer inspection it appears that several other sites have suffered the same fate.

While homepages have been removed before, the takedown notices that triggered the recent removals seem to be a systematic effort. They are all sent by the prominent law firm Kilpatrick Townsend, which acts on behalf of a variety of Hollywood movie studios.

The notices, of which the first was sent roughly two weeks ago, all follow a similar pattern. They identify infringing content on pirate streaming sites and list the individual URLs for these movies. In addition, however, many also include the homepage, which often highlights the same movie as a “new” or popular title.

In the case of Gomovies.is, a request was sent on behalf of Warner Bros. to remove Wonder Woman’s streaming page from Google, as well as the homepage where the movie was listed in the popular section.

This worked, not only for the GoMovies domain name but also for dozens of other streaming sites including yesmovies.org, watchfree.ac, xmovies.is, watch29.com, vivo.to, tunemovie.com, putlockervip.com, playmovies.to, moviesub.is and fmovies.ac.

The takedown notice

The example above is just the tip of the iceberg. Over the past two weeks the law firm has targeted many pirate streaming sites, acting on behalf of Warner Bros, Walt Disney Studios, Paramount Pictures, NBC Universal and others. This effectively removed dozens of pirate site homepages from search results.

To outsiders, it may seem like a homepage is just another link but for site owners, it’s a crucial matter. Many of these streaming sites rely on their brand name to remain findable in search engines, and when the homepage is removed, it’s nearly impossible to rise to the top of search results.

Although Google removed many of the early requests, it’s not blindly removing all URLs.

In response to several recent notices the search engine decided to take “no action” for the homepages, which is why gomovies.sc, cmovieshd.com, ap551.com, and others remain indexed. It’s possible that the infringing content was no longer linked on these homepages when Google reviewed the DMCA notices in question.

As for GoMovies, they simply decided to move to a new URL and remove any infringing content from the homepage so they don’t face the same problem in the future.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Just How Risky is Internet Piracy in 2017?

Post Syndicated from Andy original https://torrentfreak.com/just-how-risky-is-internet-piracy-in-2017-170715/

The world’s largest entertainment companies in the spheres of music, movies, and gaming would jump for joy if the Internet piracy phenomenon came to a crashing halt tomorrow. (Spoiler: it won’t)

As a result, large sums of money are expended every day in an effort to keep unlawful distribution under control. Over the years there have been many strategies and several of these have involved targeting end users.

The world is a very big place and the tackling of piracy differs from region to region, but what most consumers of unauthorized media want to know is whether they’re putting themselves at risk.

The short answer is that no matter where people are, there is always some level of risk attached to obtaining and using pirate content. The long answer is more nuanced.

BitTorrent and other P2P protocols

By its very nature, using BitTorrent to access copyrighted content comes with a risk. Since downloaders are also distributors and their IP addresses are necessarily public, torrent users are extremely easy to track. In fact, with a minimum of equipment, any determined rightsholder is able spot and potentially uncover the identity of a file-sharer.

But while basic BitTorrent sharing gets a 0/10 for privacy, that’s a bit like saying that a speeding car gets 0/10 for stealth. Like the speeding car, anyone can see the pirating torrent user, but the big question is whether there’s anyone around who intends to do anything about it.

The big surprise in 2017 is that users are still statistically unlikely to face any consequences.

In the United States, for example, where copyright trolling can be a serious issue for those who get caught up in the net, the problem still only affects a tiny, tiny proportion of pirates. A one percent risk of getting snared would be overstating the risk but these are still odds that any gambler would be happy to take.

Surprisingly, pirates are also less likely to encounter a simple friendly warning than they were last year too. The “Six Strikes” Copyright Alerts System operated by the MPAA and RIAA, that set out to advise large volumes of pirates using notices sent via their ISPs, was discontinued in January. Those behind it gave in, for reasons unknown.

This means that millions of torrent users – despite exposing their IP addresses in public while sharing copyrighted content – are doing so without significant problems. Nevertheless, large numbers are also taking precautions, by using anonymization technologies including VPNs.

That’s not to say that their actions are legal – they’re not – but outside the few thousand people caught up in trolls’ nets each year, the vast and overwhelming majority of torrent users (which number well over 100 million) are pirating with impunity.

In the UK, not even trolling is a problem anymore. After a few flurries that seemed to drag on longer than they should, copyright trolls appear to have left the country for more lucrative shores. No cases have gone through the courts in recent times which means that UK users are torrenting pretty much whatever they like, with no legal problems whatsoever.

It’s important to note though, that their actions aren’t going unnoticed. Unlike the United States, the UK has a warning system in place. This means that a few thousand customers of a handful of ISPs are receiving notices each month informing them that their piratey behavior has been monitored by an entertainment company.

Currently, however, there are no punishments for those who are ‘caught’, even when they’re accused of pirating on a number of occasions. At least so far, it seems that the plan is to worry pirates into submission and in some cases that will probably work. Nevertheless, things can easily change when records are being kept on this scale.

Germany aside (which is overrun with copyright trolling activity), a handful of other European countries have also endured relatively small troll problems (Finland, Sweden, Denmark) but overall, file-sharers go about their business as usual across the continent. There are no big projects in any country aiming to punish large numbers of BitTorrent users and only France has an active warning notice program.

Canada and Australia have also had relatively small problems with copyright trolls (the former also has a fairly toothless ISP warning system) but neither country is considered a particularly ‘dangerous’ place to share files using BitTorrent. Like the United States, UK, and Europe, the chances of getting prosecuted for infringement are very small indeed.

Why such little enforcement?

There are a number of reasons for the apparent lack of interest in BitTorrent users but a few bubble up to the top. Firstly, there’s the question of resources required to tackle millions of users. Obviously, some scare tactics could be deployed by hitting a few people hard, but it feels like most companies have moved beyond that thinking.

That’s partly due to the more recent tendency of entertainment groups and governments to take a broader view of infringement, hitting it at its source by strangling funds to pirate sites, hitting their advertisers, blocking their websites, and attempting to forge voluntary anti-piracy schemes with search engines.

It’s also worth noting that huge numbers of people are routinely protecting themselves with VPN-like technology, which allows them to move around the Internet with much improved levels of privacy. Just recently, anti-piracy outfit Rightscorp partly blamed this for falling revenues.

Importantly, however, the nature of infringement has been changing for some time too.

A few years ago, most people were getting their movies and music from torrent sites but now they’re more likely to be obtaining their fix from a streaming source. Accessing the top blockbusters via a streaming site (perhaps via Kodi) is for the most part untraceable, as is grabbing music from one of the hundreds of MP3 portals around today.

But as recent news revealed, why bother with ‘pirate’ sites when people can simply rip music from sites like YouTube?

So-called stream-ripping is now blamed for huge swathes of piracy and as a result, torrent sites get far fewer mentions from anti-piracy groups than they did before.

While still a thorn in their side, it wouldn’t be a stretch to presume that torrent sites are no longer considered the primary problem they once were, at least in respect of music. Now, the ‘Value Gap‘ is more of a headache.

So, in a nutshell, the millions of people obtaining and sharing copyrighted content using BitTorrent are still taking some risks in every major country, and those need to be carefully weighed.

The activity is illegal almost everywhere, punishable in both civil and criminal courts, and has the potential to land people with big fines and even a jail sentence, if the scale of sharing is big enough.

In truth, however, the chances of the man in the street getting caught are so slim that many people don’t give the risks a second thought. That said, even people who drive 10mph over the limit get caught once in a while, so those that want to keep a clean sheet online often get a VPN and reduce the risks to almost 0%.

For people who stream, life is much less complicated. Streaming movies, TV shows or music from an illicit source is untraceable by any regular means, which up to now has made it almost 100% safe. Notably, there hasn’t been a single prosecution of a user who streamed infringing content anywhere in the world. In the EU it is illegal though, so something might happen in future, potentially…..possibly…..at some point….maybe.

And here’s the thing. While this is the general position today, the ‘market’ is volatile and has the ability to change quickly. A case could get filed in the US or UK next week, each targeting 50,000 BitTorrent users for downloading something that came out months ago. Nobody knows for sure so perhaps the best analogy is the one drummed into kids during high-school sex education classes.

People shouldn’t put themselves at risk at all but if they really must, they should take precautions. If they don’t, they could easily be the unlucky one and that is nearly always miserable.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Hollywood Wants Governments to Push Voluntary Anti-Piracy Deals

Post Syndicated from Ernesto original https://torrentfreak.com/hollywood-wants-governments-to-push-voluntary-anti-piracy-deals-170704/

The ever-present threat of online piracy remains a hot topic in Hollywood.

A lot has changed over the years. Piracy is arguably more mainstream now with easy to use streaming sites and tools, and site owners have become more skilled at evading various enforcement efforts.

Most sites have multiple domain names at their disposal, for example, as well as access to hosting facilities that are more responsive to complaints from rightsholders.

According to Hollywood’s MPAA, cross-border cooperation with various third-party intermediaries is required to curb piracy. The group has promoted this agenda for a while and is now reemphasizing the need for governments to facilitate these kinds of deals.

In a statement prepared for an upcoming meeting of WIPO’s Advisory Committee on Enforcement, MPAA’s Global Content Protection chief Dean Marks states that voluntary agreements are essential in their fight against piracy.

These agreements will help to adapt to the evolving piracy landscape, much quicker than copyright legislation can.

“Unlike laws and regulations, voluntary measures can quickly be adapted to address changing forms of online piracy. Such measures benefit not only rightsholders, but also internet intermediaries, service providers, governments and individual users of the internet,” Marks notes.

“Voluntary measures should therefore be encouraged by governments as an important means of addressing online copyright piracy,” he adds (pdf).

One of the problems, according to the Hollywood group, is that piracy sites are spreading their infrastructure all over the world. They may use a domain name in one country, hosting in a few others, and a CDN on top of all that.

This cross-border threat can often not be dealt with in a single country or by a single company. It requires cooperation from a wide variety of third-party intermediaries, including search engines and hosting providers.

“Clearly this new paradigm of infringement strains the foundational notion of territoriality of copyright law and increases the difficulty of effectively enforcing copyrights,” Marks writes.

“Hosting providers, domain name registries and registrars, CDNs, cloud storage services and even internet access providers and search engines all can serve a constructive role by adopting measures to prevent their platforms and services from being abused for copyright infringement.”

The MPAA has thus far struck two voluntary deals with the domain name registries Donuts and Radix. This allows the anti-piracy group to report infringing domain names, which may then be removed. Thus far this has resulted in 25 domain name suspensions, but the MPAA would like to broaden its scope and partner with more registries.

Hosting companies, CDNs such as Cloudflare, and search engines can also do more to curb copyright infringements. Ultimately this will be in their own interest, the MPAA says. These companies do not want to be associated with piracy or face tougher legislation when governments step in.

“…many companies do not wish to be associated with those engaged in illegal activities, including copyright pirates. Moreover, turning a blind eye to doing business with pirate websites can result in damaging repercussions.

“In the United States of America (USA), for example, intermediaries have been named as unindicted co-conspirators in criminal copyright prosecutions,” Marks notes.

MPAA’s Global Content Protection chief suggests a few ways governments can intervene. They could host hearings to facilitate cooperation, for example. Another option is to adopt laws or regulations that foster cooperation.

Finally, Marks notes that authorities can instruct law enforcement agencies to “work with” internet intermediaries and service providers to adopt voluntary anti-piracy measures, similar to the ones in place with City of London Police and its piracy watch list for advertisers.

Previously the MPAA has offered similar suggestions to the US Government. While this may have had some effect, many companies are still reluctant to jump on board.

Companies such as Google, CloudFlare and ICANN don’t believe they are required to proactively enforce against piracy on a broad scale, and it likely requires a massive push to change their perspective.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Putin Signs Law to Remove Pirate Proxies From Search Engines

Post Syndicated from Andy original https://torrentfreak.com/putin-signs-law-remove-pirate-proxies-search-engines-170703/

In its battle control the flow of copyrighted content on the Internet, Russia is creating new legislation at a faster rate than almost any other country today.

Not only is the country becoming a leader when it comes to blocking, but it’s also positioning itself to handle future threats.

Part of that is dealing with the endless game of whac-a-mole that emerges when a site or service is blocked following the orders of the Moscow Court. Very quickly new domains appear, that either provide proxy access, mirror the contents of the original, or present that same content in a new format.

These techniques have allowed pirates to quickly recover from most legal action. However, a new law just signed by the Russian president aims to throw a significant wrench in the works.

After being adopted by the State Duma on June 23 and approved by the Federation Council June 28, on Saturday July 1 Vladimir Putin signed a new law enabling the country to quickly crack down on sites designed to present content in new ways, in order to circumvent blockades.

The legislation deals with all kinds of derivative sites, including those that are “confusingly similar to a site on the Intenet, to which access is restricted by a decision of the Moscow City Court in connection with the repeated and improper placement of information containing objects of copyright or related rights, or the information needed to obtain them using the Internet.”

As usual, copyright holders will play an important role in identifying such sites, but the final categorization as a derivative, mirror, or reverse proxy will be the responsibility of the Ministry of Communications. That government department will be given 24 hours to make the determination following a complaint.

From there, the Ministry will send a notification in both Russian and English to the operator of the suspected pirate site. Telecoms watchdog Roskomnadzor will also receive a copy before ordering ISPs to block the sites within 24 hours.

In an effort to make the system even more robust, both original pirate sites and any subsequent derivatives are also being made harder to find.

In addition to ISP blockades, the law requires search engines to remove all blocked sites from search results, so Googling for ‘pirate bay mirror’ probably won’t be as successful in future. All advertising that informs Internet users of where a blocked site can be found must also be removed.

The new law comes into force on October 1, 2017.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

New Lawsuit Demands ISP Blockades Against ‘Pirate’ Site Sci-Hub

Post Syndicated from Ernesto original https://torrentfreak.com/new-lawsuit-demands-isp-blockades-against-pirate-site-sci-hub-170629/

Founded more than 140 years ago, the American Chemical Society (ACS) is a leading source of academic publications in the field of chemistry.

The non-profit organization has around 157,000 members and researchers publish tens of thousands of articles a year in its peer-reviewed journals.

ACS derives a significant portion of its revenue from its publishing work, which is in large part behind a paywall. As such, it is not happy with websites that offer their copyrighted articles for free, such as Sci-Hub.

The deviant ‘pirate site’ believes that all scientific articles should be open to the public, as that’s in the best interest of science. While some academics are sympathetic to the goal, publishers share a different view.

Just last week Sci-Hub lost its copyright infringement case against Elsevier, and now ACS is following suit with a separate case. In a complaint filed in a Virginia District Court, the scientific society demands damages for Sci-Hub’s copyright and trademark infringements.

According to the filing, Sci-Hub has “stolen Plaintiff’s copyright-protected scientific articles and reproduced and distributed them on the Internet without permission.”

ACS points out that Sci-Hub is operating two websites that are nearly identical to the organization’s official site, located at pubs.acs.org.sci-hub.cc and acs.org.secure.sci-hub.cc. These are confusing to the public, they claim, and also an infringement of its copyrights and trademarks.

“The Pirated/Spoofed Site appears to almost completely replicate the content of Plaintiff’s website. For example, the Pirated/Spoofed Site replicates webpages on ACS’s history, purpose, news, scholarship opportunities, and budget,” the complaint (pdf) reads.

“Each of these pages on the Pirated/Spoofed Site contains ACS’s Copyrighted Works and the ACS Marks, creating the impression that the Pirated/Spoofed Site is associated with ACS.”

From the ACS complaint

By offering its articles for free and mimicking the ACS website, Sci-Hub is in direct competition with the scientific society. As a result, ACS claims to lose revenue.

“Defendants are attempting to divert users and revenues away from ACS by replicating and distributing ACS’s Copyrighted Works without authorization,” the complaint reads.

With the lawsuit, ACS hopes to recoup the money it claims to have lost. It’s likely that the total damages amount will run in the millions. However, if the defendants stay out of reach, this might be hard to collect.

Perhaps this is why the current lawsuit has included a request for a broader injunction against Sci-Hub. Not only does it ask for domain name seizures, but the scientific society also wants search engines, web hosting companies and general Internet providers to block access to the site.

“That those in privity with Defendants and those with notice of the injunction, including any Internet search engines, web hosting and Internet service providers, domain name registrars, and domain name registries cease facilitating access to any or all domain names and websites through which Defendants engage in unlawful access to, use, reproduction, and distribution of the ACS Marks or ACS’s Copyrighted Works,” it reads.

If granted, it would mean that Internet providers such as Comcast would have to block users from accessing Sci-Hub. That’s a big deal since pirate site blockades are not common in the United States.

It might very well be that ACS is not expecting any compensation for the alleged copyright and trademark infringements, but that the broad injunction is their main goal. If that is the case, this case could turn out to be more crucial than it looks at first sight.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.