Tag Archives: VK

Telegram Founder Pledges Millions in Bitcoin For VPNs and “Digital Resistance”

Post Syndicated from Andy original https://torrentfreak.com/telegram-founder-pledges-millions-in-bitcoin-for-vpns-and-digital-resistance-180418/

Starting yesterday, Russia went to war with free cross-platform messaging app Telegram. Authorities including the FSB wanted access to Telegram’s encryption keys, but the service refused to hand them over.

As a result, the service – which serviced 200,000,000 people in March alone – came under massive attack. Supported by a court ruling obtained last Friday, authorities ordered ISPs to block huge numbers of IP addresses in an effort to shut Telegram down.

Amazon and Google, whose services Telegram uses, were both hit with censorship measures, with around 1.8 million IP addresses belonging to the Internet giants blocked in an initial wave of action. But the government was just getting warmed up.

In an updated posted by Pavel Durov to Twitter from Switzerland late last night, the Telegram founder confirmed that Russia had massively stepped up the fight against his encrypted messaging platform.

Of course, 15 million IP addresses is a huge volume, particularly since ‘just’ 14 million of Telegram’s users are located in Russia – that’s more than one IP address for each of them. As a result, there are reports of completed unrelated services being affected by the ban, which is to be expected given its widespread nature. But Russia doesn’t want to stop there.

According to Reuters, local telecoms watchdog Rozcomnadzor asked both Google and Apple [Update: and APKMirror] to remove Telegram from their app stores, to prevent local citizens from gaining access to the software itself. It is unclear whether either company intends to comply but as yet, neither has responded publicly nor taken any noticeable action.

An announcement from Durov last night thanked the companies for not complying with the Russian government’s demands, noting that the efforts so far had proven mostly futile.

“Despite the ban, we haven’t seen a significant drop in user engagement so far, since Russians tend to bypass the ban with VPNs and proxies. We also have been relying on third-party cloud services to remain partly available for our users there,” Durov wrote on Telegram.

“Thank you for your support and loyalty, Russian users of Telegram. Thank you, Apple, Google, Amazon, Microsoft – for not taking part in political censorship.”

Durov noted that Russia accounts for around 7% of Telegram’s userbase, a figure that could be compensated for with organic growth in just a couple of months, even if Telegram lost access to the entire market. However, the action only appears to have lit a fire under the serial entrepreneur, who now has declared a war of his own against censorship.

“To support internet freedoms in Russia and elsewhere I started giving out bitcoin grants to individuals and companies who run socks5 proxies and VPN,” Durov said.

“I am happy to donate millions of dollars this year to this cause, and hope that other people will follow. I called this Digital Resistance – a decentralized movement standing for digital freedoms and progress globally.”

As founder of not only Telegram but also vKontakte, Russia’s answer to Facebook, Durov is a force to be reckoned with. As such, his promises are unlikely to be hollow ones. While Russia has drawn a line in the sand on encryption, it appears to have energized Durov to take a stand, one that could have a positive effect on anti-censorship measures both in Russia and further afield.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Russia’s Encryption War: 1.8m Google & Amazon IPs Blocked to Silence Telegram

Post Syndicated from Andy original https://torrentfreak.com/russias-encryption-war-1-8m-google-amazon-ips-blocked-to-silence-telegram-180417/

The rules in Russia are clear. Entities operating an encrypted messaging service need to register with the authorities. They also need to hand over their encryption keys so that if law enforcement sees fit, users can be spied on.

Free cross-platform messaging app Telegram isn’t playing ball. An impressive 200,000,000 people used the software in March (including a growing number for piracy purposes) and founder Pavel Durov says he will not compromise their security, despite losing a lawsuit against the Federal Security Service which compels him to do so.

“Telegram doesn’t have shareholders or advertisers to report to. We don’t do deals with marketers, data miners or government agencies. Since the day we launched in August 2013 we haven’t disclosed a single byte of our users’ private data to third parties,” Durov said.

“Above all, we at Telegram believe in people. We believe that humans are inherently intelligent and benevolent beings that deserve to be trusted; trusted with freedom to share their thoughts, freedom to communicate privately, freedom to create tools. This philosophy defines everything we do.”

But by not handing over its keys, Telegram is in trouble with Russia. The FSB says it needs access to Telegram messages to combat terrorism so, in response to its non-compliance, telecoms watchdog Rozcomnadzor filed a lawsuit to degrade Telegram via web-blocking. Last Friday, that process ended in the state’s favor.

After an 18-minute hearing, a Moscow court gave the go-ahead for Telegram to be banned in Russia. The hearing was scheduled just the day before, giving Telegram little time to prepare. In protest, its lawyers didn’t even turn up to argue the company’s position.

Instead, Durov took to his VKontakte account to announce that Telegram would take counter-measures.

“Telegram will use built-in methods to bypass blocks, which do not require actions from users, but 100% availability of the service without a VPN is not guaranteed,” Durov wrote.

Telegram can appeal the blocking decision but Russian authorities aren’t waiting around for a response. They are clearly prepared to match Durov’s efforts, no matter what the cost.

In instructions sent out yesterday nationwide, Rozomnadzor ordered ISPs to block Telegram. The response was immediate and massive. Telegram was using both Amazon and Google to provide service to its users so, within hours, huge numbers of IP addresses belonging to both companies were targeted.

Initially, 655,352 Amazon IP addresses were placed on Russia’s nationwide blacklist. It was later reported that a further 131,000 IP addresses were added to that total. But the Russians were just getting started.

Servers.ru reports that a further 1,048,574 IP addresses belonging to Google were also targeted Monday. Rozcomnadzor said the court ruling against Telegram compelled it to take whatever action is needed to take Telegram down but with at least 1,834,996 addresses now confirmed blocked, it remains unclear what effect it’s had on the service.

Friday’s court ruling states that restrictions against Telegram can be lifted provided that the service hands over its encryption keys to the FSB. However, Durov responded by insisting that “confidentiality is not for sale, and human rights should not be compromised because of fear or greed.”

But of course, money is still part of the Telegram equation. While its business model in terms of privacy stands in stark contrast to that of Facebook, Telegram is also involved in the world’s biggest initial coin offering (ICO). According to media reports, it has raised $1.7 billion in pre-sales thus far.

This week’s action against Telegram is the latest in Russia’s war on ‘unauthorized’ encryption.

At the end of March, authorities suggested that around 15 million IP addresses (13.5 million belonging to Amazon) could be blocked to target chat software Zello. While those measures were averted, a further 500 domains belonging to Google were caught in the dragnet.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

How Pirates Use New Technologies for Old Sharing Habits

Post Syndicated from Ernesto original https://torrentfreak.com/how-pirates-use-new-technologies-for-old-sharing-habits-180415/

While piracy today is more widespread than ever, the urge to share content online has been around for several decades.

The first generation used relatively primitive tools, such as a bulletin board systems (BBS), newsgroups or IRC. Nothing too fancy, but they worked well for those who got over the initial learning curve.

When Napster came along things started to change. More content became available and with just a few clicks anyone could get an MP3 transferred from one corner of the world to another. The same was true for Kazaa and Limewire, which further popularized online piracy.

After this initial boom of piracy applications, BitTorrent came along, shaking up the sharing landscape even further. As torrent sites are web-based, pirated media became even more public and easy to find.

At the same time, BitTorrent brought back the smaller and more organized sharing culture of the early days through private trackers.

These communities often focused on a specific type of content and put strict rules and guidelines in place. They promoted sharing and avoided the spam that plagued their public counterparts.

That was fifteen years ago.

Today the piracy landscape is more diverse than ever. Private torrent trackers are still around and so are IRC and newsgroups. However, most piracy today takes place in public. Streaming sites and devices are booming, with central hosting platforms offering the majority of the underlying content.

That said, there is still an urge for some pirates to band together and some use newer technologies to do so.

This week The Outline ran an interesting piece on the use of Telegram channels to share pirated media. These groups use the encrypted communication platform to share copies of movies, TV shows, and a wide range of other material.

Telegram allows users to upload files up to 1.5GB in size, but larger ones can be split, in common with the good old newsgroups.

These type of sharing groups are not new. On social media platforms such as Facebook and VK, there are hundreds or thousands of dedicated communities that do the same. Both public and private. And Reddit has similar groups, relying on external links.

According to an administrator of a piracy-focused Telegram channel, the appeal of the platform is that the groups are not shut down so easily. While that may be the case with hyper-private groups, Telegram will still pull the plug if it receives enough complaints about a channel.

The same is true for Discord, another application that can be used to share content in ‘private’ communities. Discord is particularly popular among gamers, but pirates have also found their way to the platform.

While smaller communities are able to thrive, once the word gets out to copyright holders, the party can soon be over. This is also what the /r/piracy subreddit community found out a few days ago when its Discord server was pulled offline.

This triggered a discussion about possible alternatives. Telegram was mentioned by some, although not everyone liked the idea of connecting their phone number to a pirate group. Others mentioned Slack, Weechat, Hexchat and Riot.im.

None of these tools are revolutionary. At least, not for the intended use by this group. Some may be harder to take down than others, but they are all means to share files, directly or through external links.

What really caught our eye, however, were several mentions of an ancient application layer protocol that, apparently, hasn’t lost its use to pirates.

“I’ll make an IRC server and host that,” one user said, with others suggesting the same.

And so we have come full circle…

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

MPAA Aims to Prevent Piracy Leaks With New Security Program

Post Syndicated from Andy original https://torrentfreak.com/mpaa-aims-to-prevent-piracy-leaks-with-new-security-program-180403/

When movies and TV shows leak onto the Internet in advance of their intended release dates, it’s generally a time of celebration for pirates.

Grabbing a workprint or DVD screener of an Oscar nominee or a yet to be aired on TV show makes the Internet bubble with excitement. But for the studios and companies behind the products, it presents their worst nightmare.

Despite all the takedown efforts known to man, once content appears, there’s no putting the genie back into the bottle.

With this in mind, the solution doesn’t lie with reactionary efforts such as Internet disconnections, site-blocking and similar measures, but better hygiene while content is still in production or being prepared for distribution. It’s something the MPAA hopes to address with a brand new program designed to bring the security of third-party vendors up to scratch.

The Trusted Partner Network (TPN) is the brainchild of the MPAA and the Content Delivery & Security Association (CDSA), a worldwide forum advocating the innovative and responsible delivery and storage of entertainment content.

TPN is being touted as a global industry-wide film and television content protection initiative which will help companies prevent leaks, breaches, and hacks of their customers’ movies and television shows prior to their intended release.

“Content is now created by a growing ecosystem of third-party vendors, who collaborate with varying degrees of security,” TPN explains.

“This has escalated the security threat to the entertainment industry’s most prized asset, its content. The TPN program seeks to raise security awareness, preparedness, and capabilities within our industry.”

The TPN will establish a “single benchmark of minimum security preparedness” for vendors whose details will be available via centralized and global “trusted partner” database. The TPN will replace security assessments programs already in place at the MPAA and CDSA.

While content owners and vendors are still able to conduct their own security assessments on an “as-needed” basis, the aim is for the TPN to reduce the number of assessments carried out while assisting in identifying vulnerabilities. The pool of “trusted partners” is designed to help all involved understand and meet the challenges of leaks, whether that’s movie, TV show, or associated content.

While joining the TPN program is voluntary, there’s a strong suggestion that becoming involved in the program is in vendors’ best interests. Being able to carry the TPN logo will be an asset to doing business with others involved in the scheme, it’s suggested.

Once in, vendors will need to hire a TPN-approved assessor to carry out an initial audit of their supply chain and best practices, which in turn will need to be guided by the MPAA’s existing content security guidelines.

“Vendors will hire a Qualified Assessor from the TPN database and will schedule their assessment and manage the process via the secure online platform,” TPN says, noting that vendors will cover their own costs unless an assessment is carried out at the request of a content owner.

The TPN explains that members of the scheme aren’t passed or failed in respect of their security preparedness. However, there’s an expectation they will be expected to come up to scratch and prove that with a subsequent positive report from a TPN approved assessor. Assessors themselves will also be assessed via the TPN Qualified Assessor Program.

By imposing MPAA best practices upon partner companies, it’s hoped that some if not all of the major leaks that have plagued the industry over the past several years will be prevented in future. Whether that’s the usual DVD screener leaks, workprints, scripts or other content, it’s believed the TPN should be able to help in some way, although the former might be a more difficult nut to crack.

There’s no doubting that the problem TPN aims to address is serious. In 2017 alone, hackers and other individuals obtained and then leaked episodes of Orange is the New Black, unreleased ABC content, an episode of Game of Thrones sourced from India and scripts from the same show. Even blundering efforts managed to make their mark.

“Creating the films and television shows enjoyed by audiences around the world increasingly requires a network of specialized vendors and technicians,” says MPAA chairman and CEO Charles Rivkin.

“That’s why maintaining high security standards for all third-party operations — from script to screen — is such an important part of preventing the theft of creative works and ultimately protects jobs and the health of our vibrant creative economy.”

According to TPN, the first class of TPN Assessors was recruited and tested last month while beta-testing of key vendors will begin in April. The full program will roll out in June 2018.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

The EU is Working On Its Own Piracy Watch-List

Post Syndicated from Ernesto original https://torrentfreak.com/the-eu-is-working-on-its-own-piracy-watch-list-180124/

Earlier this month, the Office of the US Trade Representative (USTR) released an updated version of its “Out-of-Cycle Review of Notorious Markets,” ostensibly identifying some of the worst IP-offenders worldwide.

The annual list overview helps to guide the U.S. Government’s position towards foreign countries when it comes to copyright enforcement.

The most recent version featured traditional pirate sites such as The Pirate Bay, Rapidgator, and Gostream, but also the Russian social network VK and China-based marketplaces Alibaba and Taobao.com.

Since the list only identifies foreign sites, American services are never included. However, this restriction doesn’t apply in Europe, where the European Commission announced this week that it’s working on its own piracy watch list.

“The European Commission – on the basis of input from the stakeholders – after thorough verification of the received information – intends to publish a so called ‘Counterfeit and Piracy Watch-List’ in 2018, which will be updated regularly,” the EU’s call for submissions reads.

The EU watch list will operate in a similar fashion to the US equivalent and will be used to encourage site operators and foreign governments to take action.

“The list will identify and describe the most problematic marketplaces – with special focus on online marketplaces – in order to encourage their operators and owners as well as the responsible local authorities and governments to take the necessary actions and measures to reduce the availability of IPR infringing goods or services.”

In recent years various copyright holder groups have repeatedly complained about a lack of anti-piracy initiatives from companies such as Google and Cloudflare, so it will be interesting to see if these will be mentioned.

The same is true for online marketplaces. Responding to the US list last week, Alibaba also highlighted that several American companies suffer the same piracy and counterfeiting problems as they do, without being reprimanded.

“What about Amazon, eBay and others? USTR has no basis for comparison, because it does not ask for similar data from U.S. companies,” Alibaba noted in a rebuttal.

The EU watch list is clearly inspired by the US counterpart. It shows striking similarities with the US version of the watch list and some of the language appears to be copied (or pirated) word for word.

The EU writes, for example, that their list “will not mean to reflect findings of legal violations, nor will it reflect the European Union’s analysis of the general intellectual property rights protection and enforcement climate in the country or countries concerned.”

Just a few days earlier the USTR noted that its list “does not make findings of legal violations. Nor does it reflect the U.S. Government’s analysis of the general IP protection and enforcement climate in the countries connected with the listed markets.”

The above means that, despite branding foreign services as notorious offenders, these are mere allegations. No hard proof is to be expected in the report, nor will the EU research the matter on its own.

If the US example is followed, the watch list will be mostly an overview of copyright holder complaints, signed by the authorities. The latter is not without controversy, as China says it doubts the objectivity of USTR’s report for this very reason.

Copyright holders and other interested parties are invited to submit their contributions and comments by 31 March 2018, and the final list is expected to be released later in the year.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

China Seriously Doubts Objectivity of US ‘Pirate Site’ List

Post Syndicated from Ernesto original https://torrentfreak.com/china-seriously-doubts-objectivity-of-us-pirate-site-list-180120/

Late last week, the Office of the US Trade Representative (USTR) released an updated version of its “Out-of-Cycle Review of Notorious Markets,” identifying some of the worst IP-offenders worldwide.

The overview is largely based on input from major copyright holders and related industry groups. While the US Government admits that it doesn’t make any judgments, the list carries a lot of weight and can hurt the image of companies that are singled out.

For some of the ‘classic’ pirate sites such as The Pirate Bay, this doesn’t really matter. On the contrary, they may see it as a badge of honor. However, for billion-dollar businesses such as Alibaba and VK, it’s a different story.

They are not at risk of being the target of a criminal prosecution, as some classic pirate sites are, but the listing will make them a hot topic on the political agenda.

Interestingly, it seems that not all countries are happy with seeing some of their top companies being singled out. When China’s commerce ministry spokesman Gao Feng was confronted with the fact that Alibaba and its Taobao.com site were listed, he made some noteworthy observations.

“In the report, the U.S. frequently discusses the relevant Chinese businesses with the words like ‘reportedly,’ ‘according to authoritative sources’ and the like,” Feng told the local press.

In its report, the US Government stressed that Alibaba should do more to combat counterfeiting and piracy on Taobao.com and other platforms, but China’s officials don’t seem convinced.

“It lacked conclusive evidence and had no relevant figures to back up its points. We have no choice but to express our doubts about the objectivity and reliability of the department that issued the report,” Feng added.

China’s commerce ministry has a point. The USTR report is compiled from comments that are provided by copyright holders. These are not thoroughly vetted, as far as we know, which doesn’t seem very objective.

Even more concerning, copyright holders often cite the USTR’s notorious markets list in legal and lobbying efforts, even though they are in essence their own findings in a rewritten form. While that may be very convenient, it can also be misleading.

Alibaba itself went a step further than the commerce ministry and noted that the company is being used as a “scapegoat” in a geopolitical game. In a detailed ten-page rebuttal, the marketplace responded to the allegations point by point.

“As a result of the rise of trade protectionism, Alibaba has been turned into a scapegoat by the USTR to win points in a highly-politicized environment and their actions should be recognized for what they are,” the company commented.

“The USTR’s actions made it clear that the Notorious Markets List, which only targets non-US marketplaces, is not about intellectual property protection, but just another instrument to achieve the US Government’s geopolitical objectives.”

Critique on the USTR’s Special 301 reports, which the Notorious Markets lists are part of, is not new. Earlier this year Canada’s Government described the process as flawed as it’s mainly driven by one-sided copyright industry claims.

“Canada does not recognize the validity of the Special 301 and considers the process and the Report to be flawed,” a Government memo read.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

US Govt Brands Torrent, Streaming & Cyberlocker Sites As Notorious Markets

Post Syndicated from Andy original https://torrentfreak.com/us-govt-brands-torrent-streaming-cyberlocker-sites-as-notorious-markets-180115/

In its annual “Out-of-Cycle Review of Notorious Markets” the office of the United States Trade Representative (USTR) has listed a long list of websites said to be involved in online piracy.

The list is compiled with high-level input from various trade groups, including the MPAA and RIAA who both submitted their recommendations (1,2) during early October last year.

With the word “allegedly” used more than two dozen times in the report, the US government notes that its report does not constitute cast-iron proof of illegal activity. However, it urges the countries from where the so-called “notorious markets” operate to take action where they can, while putting owners and facilitators on notice that their activities are under the spotlight.

“A goal of the List is to motivate appropriate action by owners, operators, and service providers in the private sector of these and similar markets, as well as governments, to reduce piracy and counterfeiting,” the report reads.

“USTR highlights the following marketplaces because they exemplify global counterfeiting and piracy concerns and because the scale of infringing activity in these marketplaces can cause significant harm to U.S. intellectual property (IP) owners, consumers, legitimate online platforms, and the economy.”

The report begins with a page titled “Issue Focus: Illicit Streaming Devices”. Unsurprisingly, particularly given their place in dozens of headlines last year, the segment focus on the set-top box phenomenon. The piece doesn’t list any apps or software tools as such but highlights the general position, claiming a cost to the US entertainment industry of $4-5 billion a year.

Torrent Sites

In common with previous years, the USTR goes on to list several of the world’s top torrent sites but due to changes in circumstances, others have been delisted. ExtraTorrent, which shut down May 2017, is one such example.

As the world’s most famous torrent site, The Pirate Bay gets a prominent mention, with the USTR noting that the site is of “symbolic importance as one of the longest-running and most vocal torrent sites. The USTR underlines the site’s resilience by noting its hydra-like form while revealing an apparent secret concerning its hosting arrangements.

“The Pirate Bay has allegedly had more than a dozen domains hosted in various countries around the world, applies a reverse proxy service, and uses a hosting provider in Vietnam to evade further enforcement action,” the USTR notes.

Other torrent sites singled out for criticism include RARBG, which was nominated for the listing by the movie industry. According to the USTR, the site is hosted in Bosnia and Herzegovina and has changed hosting services to prevent shutdowns in recent years.

1337x.to and the meta-search engine Torrentz2 are also given a prime mention, with the USTR noting that they are “two of the most popular torrent sites that allegedly infringe U.S. content industry’s copyrights.” Russia’s RuTracker is also targeted for criticism, with the government noting that it’s now one of the most popular torrent sites in the world.

Streaming & Cyberlockers

While torrent sites are still important, the USTR reserves considerable space in its report for streaming portals and cyberlocker-type services.

4Shared.com, a file-hosting site that has been targeted by dozens of millions of copyright notices, is reportedly no longer able to use major US payment providers. Nevertheless, the British Virgin Islands company still collects significant sums from premium accounts, advertising, and offshore payment processors, USTR notes.

Cyberlocker Rapidgator gets another prominent mention in 2017, with the USTR noting that the Russian-hosted platform generates millions of dollars every year through premium memberships while employing rewards and affiliate schemes.

Due to its increasing popularity as a hosting and streaming operation, Openload.co (Romania) is now a big target for the USTR. “The site is used frequently in combination with add-ons in illicit streaming devices. In November 2017, users visited Openload.co a staggering 270 million times,” the USTR writes.

Owned by a Swiss company and hosted in the Netherlands, the popular site Uploaded is also criticized by the US alongside France’s 1Fichier.com, which allegedly hosts pirate games while being largely unresponsive to takedown notices. Dopefile.pk, a Pakistan-based storage outfit, is also highlighted.

On the video streaming front, it’s perhaps no surprise that the USTR focuses on sites like FMovies (Sweden), GoStream (Vietnam), Movie4K.tv (Russia) and PrimeWire. An organization collectively known as the MovShare group which encompasses Nowvideo.sx, WholeCloud.net, NowDownload.cd, MeWatchSeries.to and WatchSeries.ac, among others, is also listed.

Unauthorized music / research papers

While most of the above are either focused on video or feature it as part of their repertoire, other sites are listed for their attention to music. Convert2MP3.net is named as one of the most popular stream-ripping sites in the world and is highlighted due to the prevalence of YouTube-downloader sites and the 2017 demise of YouTube-MP3.

“Convert2MP3.net does not appear to have permission from YouTube or other sites and does not have permission from right holders for a wide variety of music represented by major U.S. labels,” the USTR notes.

Given the amount of attention the site has received in 2017 as ‘The Pirate Bay of Research’, Libgen.io and Sci-Hub.io (not to mention the endless proxy and mirror sites that facilitate access) are given a detailed mention in this year’s report.

“Together these sites make it possible to download — all without permission and without remunerating authors, publishers or researchers — millions of copyrighted books by commercial publishers and university presses; scientific, technical and medical journal articles; and publications of technological standards,” the USTR writes.

Service providers

But it’s not only sites that are being put under pressure. Following a growing list of nominations in previous years, Swiss service provider Private Layer is again singled out as a rogue player in the market for hosting 1337x.to and Torrentz2.eu, among others.

“While the exact configuration of websites changes from year to year, this is the fourth consecutive year that the List has stressed the significant international trade impact of Private Layer’s hosting services and the allegedly infringing sites it hosts,” the USTR notes.

“Other listed and nominated sites may also be hosted by Private Layer but are using
reverse proxy services to obfuscate the true host from the public and from law enforcement.”

The USTR notes Switzerland’s efforts to close a legal loophole that restricts enforcement and looks forward to a positive outcome when the draft amendment is considered by parliament.

Perhaps a little surprisingly given its recent anti-piracy efforts and overtures to the US, Russia’s leading social network VK.com again gets a place on the new list. The USTR recognizes VK’s efforts but insists that more needs to be done.

Social networking and e-commerce

“In 2016, VK reached licensing agreements with major record companies, took steps to limit third-party applications dedicated to downloading infringing content from the site, and experimented with content recognition technologies,” the USTR writes.

“Despite these positive signals, VK reportedly continues to be a hub of infringing activity and the U.S. motion picture industry reports that they find thousands of infringing files on the site each month.”

Finally, in addition to traditional pirate sites, the US also lists online marketplaces that allegedly fail to meet appropriate standards. Re-added to the list in 2016 after a brief hiatus in 2015, China’s Alibaba is listed again in 2017. The development provoked an angry response from the company.

Describing his company as a “scapegoat”, Alibaba Group President Michael Evans said that his platform had achieved a 25% drop in takedown requests and has even been removing infringing listings before they make it online.

“In light of all this, it’s clear that no matter how much action we take and progress we make, the USTR is not actually interested in seeing tangible results,” Evans said in a statement.

The full list of sites in the Notorious Markets Report 2017 (pdf) can be found below.

– 1fichier.com – (cyberlocker)
– 4shared.com – (cyberlocker)
– convert2mp3.net – (stream-ripper)
– Dhgate.com (e-commerce)
– Dopefile.pl – (cyberlocker)
– Firestorm-servers.com (pirate gaming service)
– Fmovies.is, Fmovies.se, Fmovies.to – (streaming)
– Gostream.is, Gomovies.to, 123movieshd.to (streaming)
– Indiamart.com (e-commerce)
– Kinogo.club, kinogo.co (streaming host, platform)
– Libgen.io, sci-hub.io, libgen.pw, sci-hub.cc, sci-hub.bz, libgen.info, lib.rus.ec, bookfi.org, bookzz.org, booker.org, booksc.org, book4you.org, bookos-z1.org, booksee.org, b-ok.org (research downloads)
– Movshare Group – Nowvideo.sx, wholecloud.net, auroravid.to, bitvid.sx, nowdownload.ch, cloudtime.to, mewatchseries.to, watchseries.ac (streaming)
– Movie4k.tv (streaming)
– MP3VA.com (music)
– Openload.co (cyberlocker / streaming)
– 1337x.to (torrent site)
– Primewire.ag (streaming)
– Torrentz2, Torrentz2.me, Torrentz2.is (torrent site)
– Rarbg.to (torrent site)
– Rebel (domain company)
– Repelis.tv (movie and TV linking)
– RuTracker.org (torrent site)
– Rapidgator.net (cyberlocker)
– Taobao.com (e-commerce)
– The Pirate Bay (torrent site)
– TVPlus, TVBrowser, Kuaikan (streaming apps and addons, China)
– Uploaded.net (cyberlocker)
– VK.com (social networking)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Sci-Hub Battles Pirate Bay-esque Domain Name Whack-a-Mole

Post Syndicated from Ernesto original https://torrentfreak.com/sci-hub-battles-pirate-bay-esque-domain-name-whack-a-mole-171216/

Sci-Hub is often referred to as the “Pirate Bay of Science,” and this description has become more and more apt in recent weeks.

Initially, the comparison was made to illustrate that Sci-Hub is used by researchers to download articles for free, much like the rest of the world uses The Pirate Bay to get free stuff.

There are more parallels though. Increasingly, Sci-Hub has trouble keeping its domain names. Following two injunctions in the US, academic publishers now have court orders to compel domain registrars and registries to suspend Sci-Hub’s addresses.

Although there is no such court order for The Pirate Bay, the notorious torrent site also has a long history of domain suspensions.

Both sites appear to tackle the problem in a similar manner. They simply ignore all enforcement efforts and bypass them with new domains and other circumvention tools. They have several backup domains in place as well as unsuspendable .onion addresses, which are accessible on the Tor network.

Since late November, a lot of Sci-Hub users have switched to Sci-Hub.bz when other domains were suspended. And, when the .bz domain was targeted a few days ago, they moved to different alternatives. It’s a continuous game of Whack-a-Mole that is hard to stop.

Suspended…

There’s another striking similarity between TPB and Sci-Hub. Unlike other pirate sites, their founders are both vocal. In the case of Sci-Hub this is Alexandra Elbakyan, a researcher born and graduated in Kazakhstan.

She recently responded to people who had trouble accessing the site. “The site is working properly, but the capitalists have started blocking Sci-Hub domains, so the site may not be accessible at the regular addresses,” she wrote on VK.

Instead of complaining, Elbakyan encouraged people to do some research of their own, as there are still plenty of alternative domains up and running. And indeed, at the time of writing Sci-hub.la, Sci-hub.tv, Sci-hub.tw, Sci-hub.hk, and others can be accessed without any hassle.

While Sci-Hub’s classification as the “Pirate Bay of Science” is certainly warranted, there are also differences. The Pirate Bay was raided several times and the founders were criminally prosecuted. That’s not the case for Sci-Hub.

But who knows what will happen next…

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Weekly roundup: VK Ultra

Post Syndicated from Eevee original https://eev.ee/dev/2017/11/27/weekly-roundup-vk-ultra/

  • fox flux: Cleaned up and committed the “heart get” overlay and worked on some more art for it. Diagnosed a very obscure physics problem, but didn’t come up with a good solution yet; physics is hard! Drew a very good tree trunk to use as a spawn point; also worked on some background foliage, though less successfully. Played with colors a bit. Tried to work out a tileset for underground areas.

  • music: I wrote like half of a little chiptune song that I actually like so far! I’m now seriously toying with the idea of doing my own music for fox flux. Played a bit with more sound effects, too.

  • blog: I wrote up the Eevee mugshot set for Doom I made, as an inaugural post for the release category.

  • veekun: Finished up Ultra Sun and Ultra Moon! Pokémon sprites, box sprites, item sprites, and the same data as Sun/Moon. I say “finished” but of course plenty of stuff is still missing, alas.

  • cc: I’m trying to make glip some building blocks so that they can actually start building the game, so I made some breakable blocks. Also wrote a little shader for implementing their parallax background, which involves a bunch of layer modes.

  • misc: I got a new keyboard. Also I installed umatrix because noscript’s web extension version is half-broken and driving me up the wall. Sorry, noscript.

Huh, that’s not a bad haul, despite a few nights of incredibly bad sleep. Cool.

Google & Apple Order Telegram to Nuke Channel Over Taylor Swift Piracy

Post Syndicated from Andy original https://torrentfreak.com/google-apple-order-telegram-to-nuke-channel-over-taylor-swift-piracy-171123/

Financed by Russian Facebook (vKontakte) founder Pavel Durov, Telegram is a multi-platform messaging system that has grown from 100,000 daily users in 2013 to an impressive 100 million users in February 2016.

“Telegram is a messaging app with a focus on speed and security, it’s super-fast, simple and free. You can use Telegram on all your devices at the same time — your messages sync seamlessly across any number of your phones, tablets or computers,” the company’s marketing reads.

One of the attractive things about Telegram is that it allows users to communicate with each other using end-to-end encryption. In some cases, these systems are used for content piracy, of music and other smaller files in particular. This is compounded by the presence of user-programmed bots, which are able to search the web for illegal content and present it in a Telegram channel to which other users can subscribe.

While much of this sharing files under the radar when conducted privately, it periodically attracts attention from copyright holders when it takes place in public channels. That appears to have happened recently when popular channel “Any Suitable Pop” was completely disabled by Telegram, an apparent first following a copyright complaint.

According to channel creator Anton Vagin, the action by Telegram was probably due to the unauthorized recent sharing of the Taylor Swift album ‘Reputation’. However, it was the route of complaint that proves of most interest.

Rather than receiving a takedown notice directly from Big Machine Records, the label behind Swift’s releases, Telegram was forced into action after receiving threats from Apple and Google, the companies that distribute the Telegram app for iOS and Android respectively.

According to a message Vagin received from Telegram support, Apple and Google had received complaints about Swift’s album from Universal Music, the distributor of Big Machine Records. The suggestion was that if Telegram didn’t delete the infringing channel, distribution of the Telegram app via iTunes and Google Play would be at risk. Vagin received no warning notices from any of the companies involved.

Message from Telegram support

According to Russian news outlet VC.ru, which first reported the news, the channel was blocked in Telegram’s desktop applications, as well as in versions for Android, macOS and iOS. However, the channel still existed on the web and via Windows phone applications but all messages within had been deleted.

The fact that Google played a major role in the disappearing of the channel was subsequently confirmed by Telegram founder Pavel Durov, who commented that it was Google who “ultimately demanded the blocking of this channel.”

That Telegram finally caved into the demands of Google and/or Apple doesn’t really come as a surprise. In Telegram’s frequently asked questions section, the company specifically mentions the need to comply with copyright takedown demands in order to maintain distribution via the companies’ app marketplaces.

“Our mission is to provide a secure means of communication that works everywhere on the planet. To do this in the places where it is most needed (and to continue distributing Telegram through the App Store and Google Play), we have to process legitimate requests to take down illegal public content (sticker sets, bots, and channels) within the app,” the company notes.

Putting pressure on Telegram via Google and Apple over piracy isn’t a new development. In the past, representatives of the music industry threatened to complain to the companies over a channel operated by torrent site RuTracker, which was set up to share magnet links.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Sci-Hub Loses Domain Names, But Remains Resilient

Post Syndicated from Ernesto original https://torrentfreak.com/sci-hub-loses-domain-names-but-remains-resilient-171122/

While Sci-Hub is praised by thousands of researchers and academics around the world, copyright holders are doing everything in their power to wipe the site from the web.

Following a $15 million defeat against Elsevier in June, the American Chemical Society won a default judgment of $4.8 million in copyright damages earlier this month.

The publisher was further granted a broad injunction, requiring various third-party services to stop providing access to the site. This includes domain registries, which have the power to suspend domains worldwide if needed.

Yesterday, several of Sci-Hub’s domain names became unreachable. While the site had some issues in recent weeks, several people noticed that the present problems are more permanent.

Sci-hub.io, sci-hub.cc, and sci-hub.ac now have the infamous “serverhold” status which suggests that the responsible registries intervened. The status, which has been used previously when domain names are flagged for copyright issues, strips domains of their DNS entries.

Serverhold

This effectively means that the domain names in question have been rendered useless. However, history has also shown that Sci-Hub’s operator Alexandra Elbakyan doesn’t easily back down. Quite the contrary.

In a message posted on the site’s VK page and Twitter, the operator points out that users can update their DNS servers to the IP-addresses 80.82.77.83 and 80.82.77.84, to access it freely again. This rigorous measure will direct all domain name lookups through Sci-Hub’s servers.

Sci-Hub’s tweet

In addition, the Sci-Hub.bz domain and the .onion address on the Tor network still appear to work just fine for most people.

It’s clear that Ukraine-born Elbakyan has no intention of throwing in the towel. By providing free access to published research, she sees it as simply helping millions of less privileged academics to do their work properly.

Authorized or not, among researchers there is still plenty of demand and support for Sci-Hub’s service. The site hosts dozens of millions of academic papers and receives millions of visitors per month.

Many visits come from countries where access to academic journals is limited, such as Iran, Russia and China. But even in countries where access is more common, a lot of researchers visit the site.

While the domain problems may temporarily make the site harder to find for some, it’s not likely to be the end for Sch-Hub.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Trolls Want to Seize Alleged Movie Pirates’ Computers

Post Syndicated from Andy original https://torrentfreak.com/trolls-want-to-seize-alleged-movie-pirates-computers-171101/

Five years ago, a massive controversy swept Finland. Local anti-piracy group CIAPC (known locally as TTVK) sent a letter to a man they accused of illegal file-sharing.

The documents advised the man to pay a settlement of 600 euros and sign a non-disclosure document, to make a threatened file-sharing lawsuit disappear. He made the decision not to cave in.

Then, in November 2012, there was an 8am call at the man’s door. Police, armed with a search warrant, said they were there to find evidence of illicit file-sharing. Eventually the culprit was found. It was the man’s 9-year-old daughter who had downloaded an album by local multi-platinum-selling songstress Chisu from The Pirate Bay, a whole year earlier.

Police went on to seize the child’s Winnie the Pooh-branded laptop and Chisu was horrified, posting public apologies on the Internet to her young fans. Five years on, it seems that pro-copyright forces in Finland are treading the same path.

Turre Legal, a law firm involved in defending file-sharing matters, has issued a warning that copyright trolls have filed eight new cases at the Market Court, the venue for previous copyright battles in the country.

“According to information provided by the Market Court, Crystalis Entertainment, previously active in such cases, filed three new copyright cases and initiated five pre-trial applications in October 2017,” says lawyer Herkko Hietanen.

The involvement of Crystalis Entertainment adds further controversy into the mix. The company isn’t an official movie distributor but obtained the rights to distribute content on BitTorrent networks instead. It doesn’t do so officially, instead preferring to bring prosecutions against file-sharers’ instead.

Like the earlier ‘Chisu’ case, the trolls’ law firms have moved extremely slowly. Hietanen reports that some of the new cases reference alleged file-sharing that took place two years ago in 2015.

“It would seem that right-holders want to show that even old cases may have to face justice,” says Hietanen.

“However, applications for enforceability may be a pre-requisite for computer confiscation by a bailiff for independent investigations. It is possible that seizures of the teddy bears of the past years will make a comeback,” he added, referencing the ‘Chisu’ case.

Part of the reason behind the seizure requests is that some people defending against copyright trolls have been obtaining reports from technical experts who have verified that no file-sharing software is present on their machines. The trolls say that this is a somewhat futile exercise since any ‘clean’ machine can be presented for inspection. On this basis, seizure on site is a better option.

While the moves for seizure are somewhat aggressive, things haven’t been getting easier for copyright trolls in Finland recently.

In February 2017, an alleged file-sharer won his case when a court ruled that copyright holders lacked sufficient evidence to show that the person in question downloaded the files, in part because his Wi-Fi network was open to the public

Then, in the summer of 2017, the Market Court tightened the parameters under which Internet service providers are compelled to hand over the identities of suspected file-sharers to copyright owners.

The Court determined that this could only happen in serious cases of unlawful distribution. This, Hietanen believes, is partially the reason that the groups behind the latest cases are digging up old infringements.

“After the verdict of the summer, I assumed that rightsholders would have to operate with old information, at least for a while,” he says. “Rightsholders want to show that litigation is still possible.”

The big question, of course, is what people should do if they receive a settlement letter. In some jurisdictions, the advice is to ignore, until proper legal documentation arrives.

Hietanen says the matter in Finland is serious and should be treated as such. There’s always a possibility that after failing to receive a response, a copyright holder could go to court to obtain a default judgment, meaning the alleged file-sharer is immediately found guilty.

In the current cases, the Market Court will now have to decide whether unannounced seizures are required to preserve evidence. For cases already dating back two years, there will be plenty of discussions to be had, for and against. But in the meantime, Hedman Partners, the company representing the copyright trolls, warn that more cases are on the way.

“We have put in place new requests for information after the summer. We have a large number of complaints in preparation. More are coming,” lawyer Joni Hatanmaa says.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Netflix Expands Content Protection Team to Reduce Piracy

Post Syndicated from Ernesto original https://torrentfreak.com/netflix-expands-content-protection-team-to-reduce-piracy-171015/

There is little doubt that, in the United States and many other countries, Netflix has become the standard for watching movies on the Internet.

Despite the widespread availability, however, Netflix originals are widely pirated. Episodes from House of Cards, Narcos, and Orange is the New Black are downloaded and streamed millions of times through unauthorized platforms.

The streaming giant is obviously not happy with this situation and has ramped up its anti-piracy efforts in recent years. Since last year the company has sent out over a million takedown requests to Google alone and this volume continues to expand.

This growth coincides with an expansion of the company’s internal anti-piracy division. A new job posting shows that Netflix is expanding this team with a Copyright and Content Protection Coordinator. The ultimate goal is to reduce piracy to a fringe activity.

“The growing Global Copyright & Content Protection Group is looking to expand its team with the addition of a coordinator,” the job listing reads.

“He or she will be tasked with supporting the Netflix Global Copyright & Content Protection Group in its internal tactical take down efforts with the goal of reducing online piracy to a socially unacceptable fringe activity.”

Among other things, the new coordinator will evaluate new technological solutions to tackle piracy online.

More old-fashioned takedown efforts are also part of the job. This includes monitoring well-known content platforms, search engines and social network sites for pirated content.

“Day to day scanning of Facebook, YouTube, Twitter, Periscope, Google Search, Bing Search, VK, DailyMotion and all other platforms (including live platforms) used for piracy,” is listed as one of the main responsibilities.

Netflix’ Copyright and Content Protection Coordinator Job

The coordinator is further tasked with managing Facebook’s Rights Manager and YouTube’s Content-ID system, to prevent circumvention of these piracy filters. Experience with fingerprinting technologies and other anti-piracy tools will be helpful in this regard.

Netflix doesn’t do all the copyright enforcement on its own though. The company works together with other media giants in the recently launched “Alliance for Creativity and Entertainment” that is spearheaded by the MPAA.

In addition, the company also uses the takedown services of external anti-piracy outfits to target more traditional infringement sources, such as cyberlockers and piracy streaming sites. The coordinator has to keep an eye on these as well.

“Liaise with our vendors on manual takedown requests on linking sites and hosting sites and gathering data on pirate streaming sites, cyberlockers and usenet platforms.”

The above shows that Netflix is doing its best to prevent piracy from getting out of hand. It’s definitely taking the issue more seriously than a few years ago when the company didn’t have much original content.

The switch from being merely a distribution platform to becoming a major content producer and copyright holder has changed the stakes. Netflix hasn’t won the war on piracy, it’s just getting started.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

MPAA Reports Pirate Sites, Hosts and Ad-Networks to US Government

Post Syndicated from Ernesto original https://torrentfreak.com/mpaa-reports-pirate-sites-hosts-and-ad-networks-to-us-government-171004/

Responding to a request from the Office of the US Trade Representative (USTR), the MPAA has submitted an updated list of “notorious markets” that it says promote the illegal distribution of movies and TV-shows.

These annual submissions help to guide the U.S. Government’s position towards foreign countries when it comes to copyright enforcement.

What stands out in the MPAA’s latest overview is that it no longer includes offline markets, only sites and services that are available on the Internet. This suggests that online copyright infringement is seen as a priority.

The MPAA’s report includes more than two dozen alleged pirate sites in various categories. While this is not an exhaustive list, the movie industry specifically highlights some of the worst offenders in various categories.

“Content thieves take advantage of a wide constellation of easy-to-use online technologies, such as direct download and streaming, to create infringing sites and applications, often with the look and feel of legitimate content distributors, luring unsuspecting consumers into piracy,” the MPAA writes.

According to the MPAA, torrent sites remain popular, serving millions of torrents to tens of millions of users at any given time.

The Pirate Bay has traditionally been one of the main targets. Based on data from Alexa and SimilarWeb, the MPAA says that TPB has about 62 million unique visitors per month. The other torrent sites mentioned are 1337x.to, Rarbg.to, Rutracker.org, and Torrentz2.eu.

MPAA calls out torrent sites

The second highlighted category covers various linking and streaming sites. This includes the likes of Fmovies.is, Gostream.is, Primewire.ag, Kinogo.club, MeWatchSeries.to, Movie4k.tv and Repelis.tv.

Direct download sites and video hosting services also get a mention. Nowvideo.sx, Openload.co, Rapidgator.net, Uploaded.net and the Russian social network VK.com. Many of these services refuse to properly process takedown notices, the MPAA claims.

The last category is new and centers around piracy apps. These sites offer mobile applications that allow users to stream pirated content, such as IpPlayBox.tv, MoreTV, 3DBoBoVR, TVBrowser, and KuaiKa, which are particularly popular in Asia.

Aside from listing specific sites, the MPAA also draws the US Government’s attention to the streaming box problem. The report specifically mentions that Kodi-powered boxes are regularly abused for infringing purposes.

“An emerging global threat is streaming piracy which is enabled by piracy devices preloaded with software to illicitly stream movies and television programming and a burgeoning ecosystem of infringing add-ons,” the MPAA notes.

“The most popular software is an open source media player software, Kodi. Although Kodi is not itself unlawful, and does not host or link to unlicensed content, it can be easily configured to direct consumers toward unlicensed films and television shows.”

Pirate streaming boxes

There are more than 750 websites offering infringing devices, the Hollywood group notes, adding that the rapid growth of this problem is startling. Interestingly, the report mentions TVAddons.ag as a “piracy add-on repository,” noting that it’s currently offline. Whether the new TVAddons is also seen a problematic is unclear.

The MPAA also continues its trend of calling out third-party intermediaries, including hosting providers. These companies refuse to take pirate sites offline following complaints, even when the MPAA views them as blatantly violating the law.

“Hosting companies provide the essential infrastructure required to operate a website,” the MPAA writes. “Given the central role of hosting providers in the online ecosystem, it is very concerning that many refuse to take action upon being notified…”

The Hollywood group specifically mentions Private Layer and Netbrella as notorious markets. CDN provider CloudFlare is also named. As a US-based company, the latter can’t be included in the list. However, the MPAA explains that it is often used as an anonymization tool by sites and services that are mentioned in the report.

Another group of intermediaries that play a role in fueling piracy (mentioned for the first time) are advertising networks. The MPAA specifically calls out the Canadian company WWWPromoter, which works with sites such as Primewire.ag, Projectfreetv.at and 123movies.to

“The companies connecting advertisers to infringing websites and inadvertently contribute to the prevalence and prosperity of infringing sites by providing funding to the operators of these sites through advertising revenue,” the MPAA writes.

The MPAA’s full report is available here (pdf). The USTR will use this input above to make up its own list of notorious markets. This will help to identify current threats and call on foreign governments to take appropriate action.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Какво искат каталунците? (Част 2)

Post Syndicated from Йовко Ламбрев original https://yovko.net/what-catalans-want-2/

След 1939 г. Испания потъва в мрачния период на диктатурата на Франко. Каталуния отново е наказана да не говори своя език под смъртна заплаха. Докато живях в Барселона, лично се запознах със съвсем млади каталунци, загубили дядо или баба заради това. Рани, твърде скорошни, за да бъдат забравени или простени. Още по-малко, че прошка не е поискана.

Първите години след войната са кошмарно тежки за цяла Испания. Едва в края на 50-те и началото на 60-те започва икономическо и културно възстановяване на Каталуния. Езикът все още е забранен в медиите, но бива позволен в театрите, иначе въпреки забраната книгопечатането на литература на каталунски, макар и силно затруднено, не е прекъсвало. Както вероятно вече сте разбрали от първата част каталунците са смели и много упорити хора.

Каталунският език

Един от митовете за каталунския език е, че той е диалект на кастилския (испанския), което обаче изобщо не е вярно. Езикът има само някои прилики с кастилския, както има с френския и италианския, което е нормално, доколкото са в една езикова група и с близка география. Думите, значението и произношението са в огромна степен различни. Глаголите са различни и с различни корени, макар да има сходни. Има и капани – такива глаголи, които се изписват еднакво, но в различните езици имат напълно друго значение (напр. acostar на кастилски е лягам, докато на каталунски е да донеса нещо по-близо). Ако искам да кажа простичкото как се казвам – на кастилски ще е Me llamo Yovko или Mi nombre es Yovko, а на каталунски Em dic Yovko (произнася се ам дик Йовко) или ако спазим горния конструкт El meu nom és Yovko (обърнете внимание на членуването). Кастилският е еволюирал и се е опростил значително в доста отношения заради по-масовата му употреба, докато каталунският е останал по-близо до древността и корените, носи по-сложна граматика.

Живо доказателство, че каталунският е различен език, е, че говорещите кастилски не могат да говорят каталунски. Разбират по смисъл думите, които са сходни, но дотам. По същия начин испанците и италианците се разбират в прилична степен дори и всеки да говори на своя език – това не означава, че единият език е диалект на другия, нали?

В моят курс по каталунски със съпругата ми бяхме единствените, на които кастилският не им е майчин език или поне не основен. Нещо повече – нашият кастилски беше ужасно базов. И макар да учехме нов език (каталунски), чрез друг език, който не владеем добре (кастилския), ние завършихме сред отличниците, докато на доста курсисти с роден кастилски им беше трудно да достигнат дори средни резултати. Иначе казано познанията по кастилски не носеха никакво предимство.

Сега тук по-веселото е, че самият каталунски има поне три диалекта, без да броим валенсианския, който си е всъщност каталунски с някои дребни разлики. Но пък тук ще вземем да вбесим валенсианците, затова млъквам!

Така или иначе темата за езика е чувствителна за каталунците – те си го обичат много, изстрадали са възможността да го говорят и имат всички основания да го пазят като репер на своята културна идентичност. Това е тяхно право, достойно за уважение от всички ни!

Управлението на автономията

По време на своето управление Франко всъщност не възстановява монархията, едва малко преди да умре кротко в леглото си през 1975 г. е посочил наследника си – поредният Бурбон, внук на последния крал и дочакал да седне на престола на Кралство Испания под крилото на Франко – Хуан-Карлос.

Каталунци-конституционалисти оказват сериозна юридическа помощ при съставянето на днешната Испанска конституция от 1978 г., с която Каталуния възстановява своята политическа и културна автономия. Година по-късно, през 1979 г., е приет и Статутът на автономията (основният закон на областта).

Според този основен закон Каталуния е автономна област със самостоятелно политическо и юридическо самоуправление. Парламентът се избира през 4 години и излъчва президент (който е и министър-председател) и правителство.

Каталуния има собствена военизирана полиция (жандармерия) – Mossos d’Esquadra, която е под командването на каталунското правителство и не е подчинена на националните Guardia Civil (жандармерия) и Policía Nacional (полиция). Единствено ако бъде суспендирана автономията, Испания може да подчини Mossos-ите на националните сили за сигурност (чл.155 от Конституцията). Затова, когато ви разиграват сценки от селски вечеринки, че някакъв си прокурор, бил той и главен или гневен, се бил разпоредил каталунската полиция да се подчини на Guardia Civil, им кажете, както направиха каталунците – да си гледат работата – защото това не може да се случи с прокурорско разпореждане. Испанските закони бива да важат и за Испания, нали?

Националните сили за сигурност в Каталуния имат правомощия само да охраняват пристанища, летища, крайбрежие, национални граници, митници и да се грижат за имиграционния контрол и антитерористични операции.

Народната партия и Мариано Рахой

През 2006 г. е одобрен новият Статут на Каталуния чрез референдум, както е по правилата. Гласуван е също и с мнозинство от каталунския и от испанския парламент. Промените обаче са обжалвани пред Конституционния съд от кръгове около дясно-консервативната Народна партия (Partido Popular), която от 2004 г. се ръководи от Мариано Рахой, а от 2011 г. досега управлява Испания. През 2015 г. те всъщност загубиха изборите, но понеже не се сформира правителство, останаха на власт до следващите предсрочни избори през 2016 г., след които управляват в правителство на малцинството, тъй като социалистите от PSOE тихо съдействаха, отказвайки се да участват в гласуването, което позволи Pахой да прокара кабинета си през парламента с обикновено мнозинство. Реално подкрепата на изборите за Народната партия бе едва 33% (от 70% гласували) – иначе казано се ползва с доверието на едва 23% от имащите право на глас в Испания.

Partido Popular е консервативна християндемократическа партия, член на ЕНП (Европейската народна партия). Под ръководството на Рахой партията все повече залита към патриотични и националистически тези, а политическата му стратегия е основана на две базови теми – едната да противостои на административната и политическа еволюция на Каталуния (вкл. оспорвайки дефакто одобрения ѝ статут), а другата – да противостои на политическите договорки с баските. Чудно, нали?

Partido Popular и Рахой не са в състояние да генерират никакво модерно и ново политическо послание. Единственото им спасение е да концентрират влияние чрез десен популизъм и радикализиране на патриотични тези, защото на тази плоскост могат да пързалят гласоподавателите си, които са предимно сред по-възрастните, консервативните, религиозните и по-заможните испанци. В същия момент профилът на техните гласоподаватели е най-слаб откъм образование.

Partido Popular е затънала в корупционни скандали – точно утихне един и се случва следващ – черни партийни каси и странни парични потоци във всякакви посоки, очевидно за търговия с влияние, все излизат на яве, изгаря по някой бушон, но Мариано Рахой се крепи над водата. Интересен факт е, че цели петима последователни ковчежници на партията му са съдени, разследвани, обвинени или отстранени. И Европа, и ЕНП си мълчат и стискат широко затворени очи, щото нали, в името на стабилността, че иначе ако дойде Подемос на власт…

Всъщност, испанската политика в последните години се изразява горе-долу в това Partido Popular и PSOE да си подават топката. Това ще ви обясни защо испанците са склонни да търсят изход в Подемос и други нови партии, опитвайки се да избягат от пинг-понга между двете основни големи партии, потънали в корупционни скандали и безгранични сфери на задкулисно влияние.

Най-близкото приближение на Partido Popular у нас е ГЕРБ (те са и членове на ЕНП неслучайно), а на PSOE е БСП. И сега си представете ту да ви управлява ГЕРБ, ту БСП… познато ли ви е усещането? А присви ли ви душичката. Ами така и трябва! И испанците ги присвива от доста време насам!

Но да се върнем в Каталуния…

Възпалението на раната

През 2010 г. Конституционният съд, сезиран от хора на Partido Popular, отмени част от текстовете в Статута. Важно е да уточним, че в състава на този съд преобладават членове, които дължат постовете си на Partido Popular. В момента през 2017 г. това е още по-вярно. Конституционният съд на Испания, включително самият му Председател, е тежко зависим от партията на премиера Мариано Рахой! И да не си помислите сега, че искам да внушавам нещо – съвсем си е законно всичко. Това са едни почтени и достолепни хорица, в които нямаме никакво право да се усъмним. Поглеждате към нашия Конституционен съд или ВСС и… чувствате хармонията, нали? Хайде, опитайте се да прокарате нещо смислено през тях, да ви видя…

Та нищо че каталунските и испанските парламенти одобряват промените в Статута с нужното мнозинство, нищо че цяла Каталуния се е произнесла и е одобрила промените чрез законен Референдум. Излизат една шепа съдии и отменят 14 члена като противоконституционни и дават ограничителни тълкувания на други 27. Текстовете им са свързани предимно с автономната правосъдна система на Каталуния, някои важни детайли в преразпределянето на финансирането, статутът на каталунския език и определянето на Каталуния като нация.

След всичко това през 2010 г. каталунците истински се ядосаха! По улиците на Барселона излязоха между милион и милион и половина души. Сформира се гражданска организация, която се нарече ANC – Assemblea Nacional Catalana (Национално събрание на Каталуния), която си постави за цел да постигне независимост. А всяка година на 11 септември – националният празник на Каталуния – оттогава насам се организират масови демонстрации за независимост.

Още масло в огъня

Уточнихме вече, че драмата с каталунския език е чувствителна тема, след всички забранявания и преследвания и загинали заради езика си до съвсем скоро. Испанската конституция обаче се грижи за задължителността единствено на кастилския език (това, което сме свикнали да наричаме испански), а каталунците вписаха като задължителен и каталунския в границите на автономията си, но точно този текст бе сред отменените.

Не стига това, ами през 2012 г. министърът на образованието на Испания се изцепи, че неговата цел е “да се испанизират (“españolizar”) каталунските ученици” и вкара законопроект, който не само противоречи на каталунската юрисдикция, ами позволява каталунските деца да бъдат обучавани едноезично на испански, което от една страна е тъпо, когато детето ти може да излезе с два езика от училище, да го насилваш да излезе с един, а от друга – каталунците възприеха това като колониална политика, каквато тя недвусмислено беше.

Та испанската държава и управляващите от Partido Popular вместо да ходят на пръсти по тънкия лед на регионалната си политика, скачат шумно с кални обувки отгоре му.

На 23 януари 2013 г. каталунският парламент прие Декларация за суверенитет и право на самоопределение на Каталуния, която, разбира се, беше първо суспендирана от Конституционния съд, а после отменена частта ѝ за суверенитета. След още купчина юридически пречки все пак Правителството на Каталуния организира необвързващ референдум за независимост на 9 ноември 2014 и 81% от участвалите се произнесоха в полза на независима Каталуния. Активността обаче беше ниска (37-42% според зависи кой и как брои, защото Референдумът беше необвързващ и беше дадена възможност на 16 и 17-годишни да гласуват, както и на неиспански граждани, което иначе не би било възможно). Заради организирането на това допитване тогавашният президент Artur Mas, вицепрезидентът Joana Ortega и образователният министър Irene Rigau бяха обвинени и осъдени на около две години да не заемат обществени постове, както и на глоби – най-голямата за Мас, възлизаща на 36 500 евро. Има и нови обвинения за 5.2 милиона евро заради разходване на публични средства за същото допитване. Преди това обаче Мас разпусна правителството си и свика извънредни парламентарни избори на 27 септември 2015, които бяха спечелени от коалиция от партии, които подкрепят независимостта.

Кралят

Междувременно покрай тези събития Хуан Карлос абдикира в полза на сина си, Фелипе VI – нещо, което испанската конституция също не допуска, но беше променена скоростно за по-малко от седмица, което само показа на каталунците колко невъзможна е тяхната кауза в текущия политически контекст в Мадрид.

След лавината от скандали в кралското семейство на Хуан Карлос, свързани с извънбрачна връзка на краля и негов незаконен син, харчовете на двореца, особено в кризата, ловджийските му гафове, скандалите с корупционни схеми на едната му дъщеря и прането на пари и укриването на данъци от зет му, имиджът на монархията в Испания напоследък хич не е висок. Прехвърлянето на топката към Фелипе VI изглеждаше като спасителен ход в контекста на зачестилите демонстрации, искащи референдум за република, и доколкото младият крал изглежда умерен и по-рационален, за разлика от баща си – женен е за простосмъртна съпруга (била е журналистка преди да се омъжи за него), говори свободно каталунски, освен испански. Дори се бяха появили надежди, че с перфектния си каталунски може да спечели сърцата на всички като поеме ролята на медиатор и спаси ситуацията в Каталуния, но до този момент не се забелязва такова негово желание и едва ли някой още мисли, че това е възможно, доколкото той вече избра обичайната позиция на кралска надменност към проблемите на простосмъртните.

Подготовката на процеса за независимост

Предсрочните избори от 2015 г. имаха допълнителна цел. Основните партии, подкрепящи независимостта, участваха с обща гражданска (непартийна) листа, към която впоследствие се присъедини и една по-малка партия. Така управляващата коалиция в Каталуния има мнозинство в локалния парламент, с което прокара няколко закона от ключово значение за евентуална бъдеща независима република – например за Каталунска данъчна администрация, за въпросния референдум и т.н.

Реално юристите от двете страни спорят каква част от това законодателство е ОК, но предвид сложността на юрисдикциите на автономните области в Испания отговорът не е еднозначен. Тук за Рахой работи простичката теза – абе, не може локалното законодателство да има превес над националното и тези закони са “незаконни” – но всъщност не е така, зависи от много неща. Каталуния не е област Стара Загора, а автономия със собствен основен закон и локално законодателство. То не може да противоречи на националното, но може да бъде много различно от него в много посоки. И не подценявайте юридическата култура и опит на каталунците, моля – обърнете се назад и вижте натрупванията им…

Всъщност популярна теза, която испанските медии и Народната партия на Рахой непрекъснато повтарят, е, че всичко, което се случва в Каталуния, е “незаконно”. Това е непрецизно и популистко обобщение. Доказателство е, че дори приятелски настроеният към Рахой и партията му Конституционен съд на Испания не твърди такова нещо. Няма твърдение, че референдумът е незаконен или противоконституционен, а е само суспендиран от Конституционния съд, докато той прегледа законосъобразността му и се произнесе.

Не четете само El País – това е все едно да се информирате само от “24 часа”.

Вярно, редно е да признаем, че и каталунците използват всички процедурни хватки в своя полза. Законите бяха гласувани в последния момент, за да оставят в цайтнот тромавия Конституционният съд. Но реално това не е нарушение. Войната на нерви се води с всички средства и от двете страни. Особено когато няма желание за диалог.

Данъците

Популярна теза е, че каталунците искат повече пари за себе си и това е проява на егоизъм от тяхна страна. От друга те са богат, индустриален район, който осигурява солидна част за националната икономика – 20% от БВП на Испания и 25% от износа, а е само един от седемнайсетте района. Богатите райони подкрепят бедните региони при преразпределение на данъците, но проблемът е в математиката и кой как пресмята.

Според каталунските икономисти фискалният дефицит на региона надвишава 8% от БВП, което според всички международни стандарти е твърде голяма стойност и спъва развитието на икономиката. Те спорят, че реално стойността е по-голяма, защото има разминаване между разпределения дял (на хартия) за Каталуния от националните финанси, които се връщат най-вече под формата на инфраструктура, и това, което реално Каталуния получава.

Испанската държава не е съгласна. И това е нещо, което се решава на масата на преговорите, с експертни оценки и експертни спорове. Народната партия и Мариано Рахой обаче с години отказват да дискутират каталунските теми – така това се превърна в ключов аргумент на индепендистите.

И не е случайно, че прогресивните испанци твърдят, че основният двигател на процеса на независимост на Каталуния е правителството в Мадрид.

Политически диалог ли?

И за среднограмотен човек е ясно, че ако беше проведен някакъв политически диалог, всичко можеше да се размине. Но двете страни си говорят през медиите и с декларации. Испания пропиля 7 пълни години, през които можеше да потуши напрежението. Пропиля ги генерално и пълноценно, отказвайки всяко предложение да диалог. Лично Рахой се грижеше да аргументира всеки отказ.

В пространно интервю в края на август президентът на Каталуния потвърди, че дори и в последния момент, ако испанската държава се реши на диалог, той ще откликне.

Уви, Мариано Рахой е от друга планета и думите “преговори” и “политически диалог” очевидно са му чужди. Всъщност това отговаря напълно на неговия сценарий – конфронтация и радикализация. Рискува да счупи миноритарното си управление, но това е единствената стратегия, която празната му откъм идеи глава може да роди.

На 15 септември 2017 г. отново Президентът на Каталуния, Вицепрезидентът, Председателката на Каталунския парламент и кметът на Барселона заедно изпратиха писмо до Рахой и краля с предложение за диалог.

Същият ден Рахой каза само, че неговото правителство ще направи всичко възможно да осуети референдума, неговият говорител пък, че в Мадрид не са получили писмото, но в последния момент можели да го тълкуват само като заплаха, а кралят… той, както обикновено, запази царствено мълчание.

Всичко това не е от вчера

Друга весела теза е, че каталунците едва ли не вчера им е хрумнала идеята за независимост. По повода ще остава само тази картинка – отляво е вестник Guardian от края на 1918 година, а отдясно статия в същия вестник отпреди няколко дни. Открийте разликите 🙂

guardian

Републиката

Нещо, което някак остава под килима, но е редно да отчетем, е фактът, че каталунците в мнозинството си са прорепубликански настроени. Това обяснява антипатията на краля и монархистите към тях, но всеки обсъждан дотук референдум не поставя под никакво съмнение, че евентуалната независима Каталуния ще бъде република.

В Испания също се чуват гласове за референдум за ново държавно устройство и това кара определени консервативни и влиятелни кръгове да потръпват при мисълта това да се случи.

Демократичността на испанската конституция

Каталунците често критикуват демократичността на испанската конституция по принцип, макар двама от бащите ѝ да са каталунци. Истината е, че имат основания. Четирима от седмината “бащи” на испанската конституция са били част от фашисткия апарат, включително един от тях е Министърът на пропагандата на Франко. Представете си дали е възможно съвременната германска конституция да е писана от Гьобелс?

Армията е оказала силно влияние в процеса на създаване на конституцията, за да опази своя интерес, и макар одобрена на референдум с 88%, съмненията, че зад този резултат стои пряката или косвена заплаха на бившите военни на Франко, са напълно основателни.

Обобщение

Всъщност, макар и тлеещ отдавна, проблемът не беше нерешим. Каталунците са сговорчиви и работливи хора, които в мнозинството си искат да бъдат оставени на мира да си вадят хляба, да правят музика, книги и изкуство и да се веселят на многобройните си фестивали. Те са адски толерантни и широкоскроени хора, с модерни възгледи за себе си, бъдещето и Европа.

Каквото и да четете в испанските медии, в мнозинството си каталунците нямат нищо против испанците. Това, което им тежи, не са съседите, а испанската държава. Те точно така наричат държавата си – испанската държава – за да акцентират на административния апарат, а не на нацията, и… за да намекнат, че не е тяхната държава…

А тя не е тяхна, защото в общия национален парламент те имат скромно присъствие, обусловено от тежестта на региона върху картата. Не биха могли да прокарат нищо през националния парламент без подкрепата на основните испански партии, които рядко изобщо обръщат внимание на регионите. Локалното им законодателство е под терора на Конституциония съд, който особено откакто Рахой и Partido Popular са на власт, действа по поръчка.

Испания отказва всякакъв диалог с каталунските представители, въпреки че те са легитимно избрани и овластени от хората. Прави го и защото се страхува, че ако изгуби Каталуния, ще последват баските, а после може би Галисия. Баските също от години чакат обещанията на Мадрид да се реализират и все повече губят търпение, но и за това няма да прочетете много в испанските, нашите или европейските медии…

Каталуния е разделена

Истината е, че въпреки всичко Каталуния е разделена. Важно е да правим разлика между това, че 70-80% от каталунците са с нагласа да гласуват на този Референдум, и това как точно ще гласуват.

Ако не се беше стигнало до тази ескалация в последните дни, реално по-малко от половината каталунци щяха да гласуват за отделяне в неделя и всичко щеше да утихне поне за някакъв период от време. Рахой обаче изпрати жандармерия и полиция в нечуван обем, арестува каталунски политици, претърси медии и печатници, конфискува бюлетини, урни и плакати, обвини предварително стотици кметове, че съдействат на организацията по референдума, заплаши да спре националната каталунска телевизия, блокира каталунски сайтове и заплаши да спре целият top level domain на Каталуния .cat, докато междувременно е насъскал прокуратурата да рови за някоя мръсна риза на текущия каталунски президент от времето, когато е бил кмет, чрез прокурорско разпореждане се опита да вземе контрола над каталунската жандармерия, което е незаконно и противоречи едновременно на испанската конституция и на каталунския статут.

Всичко това преди референдумът да се е случил и преди да е обявен за незаконен от Конституционния съд – иначе казано, дори да допуснем хипотезата, че референдумът е престъпление – то още не е се е случило, за да има виновни за него!

След всичко това никой вече не знае как ще гласуват каталунците, защото ескалацията и радикализацията и от двете страни е факт и играта на нерви вече не е безопасна.

Европа мълчи, защото основните европейски партии са обречени заради своите “приятелски” зависимости. Иска им се това да си остане вътрешна работа на Испания и нещата да се оправят някак от само себе си. Отдавна трябваше да бъде предложено посредничество в този спор, да бъде уговорен Рахой да отстъпи нещичко и да изглади нещата. Но ЕНП няма този кураж. А европейците за пореден път виждат една куха бюрокрация, която не работи, скатава се и прибира дъждобрана точно когато завали проливен дъжд (ако изобщо е имало дъждобран). Затова не се чудете, когато хората залитат насам и натам, търсейки изход – кой в популизма, кой в национализма, кой в крайнолеви и дори понякога утопични концепции.

Искат гласът им да се чува и да има значение!

Всъщност каталунците искат едно нещо – да гласуват и гласът им да има значение – и това не може и не бива да противоречи на никоя конституция! Още по-малко в Европа! Днес. Правото на глас и самоопределение е основно човешко право и е наднационално!

Събудете се, хора! Какви легенди са наблъскали в главите ви, ако ви е нужна причина или повод, за да признаете правото на някого да изрази позиция – особено пък когато това са няколко милиона души? Наистина ли сте затрили чувствителността си към свободата, това което сте – а сте свободни хора – когато не са ви нужни причини и правила, за да изразите волята си. Правилата са за да ви гарантират това право, а не за да ви го отнемат. Правилата идват после – първо е свободната воля!

Дали каталунците ще се отделят или не е второстепеннен въпрос. По-важният е да могат да решат това свободно! А ние, останалите, няма да сме европейци и не заслужаваме да се наричаме свободни хора, ако не защитим това им право – звучно и категорично!

Visca Catalunya!

How to Configure an LDAPS Endpoint for Simple AD

Post Syndicated from Cameron Worrell original https://aws.amazon.com/blogs/security/how-to-configure-an-ldaps-endpoint-for-simple-ad/

Simple AD, which is powered by Samba  4, supports basic Active Directory (AD) authentication features such as users, groups, and the ability to join domains. Simple AD also includes an integrated Lightweight Directory Access Protocol (LDAP) server. LDAP is a standard application protocol for the access and management of directory information. You can use the BIND operation from Simple AD to authenticate LDAP client sessions. This makes LDAP a common choice for centralized authentication and authorization for services such as Secure Shell (SSH), client-based virtual private networks (VPNs), and many other applications. Authentication, the process of confirming the identity of a principal, typically involves the transmission of highly sensitive information such as user names and passwords. To protect this information in transit over untrusted networks, companies often require encryption as part of their information security strategy.

In this blog post, we show you how to configure an LDAPS (LDAP over SSL/TLS) encrypted endpoint for Simple AD so that you can extend Simple AD over untrusted networks. Our solution uses Elastic Load Balancing (ELB) to send decrypted LDAP traffic to HAProxy running on Amazon EC2, which then sends the traffic to Simple AD. ELB offers integrated certificate management, SSL/TLS termination, and the ability to use a scalable EC2 backend to process decrypted traffic. ELB also tightly integrates with Amazon Route 53, enabling you to use a custom domain for the LDAPS endpoint. The solution needs the intermediate HAProxy layer because ELB can direct traffic only to EC2 instances. To simplify testing and deployment, we have provided an AWS CloudFormation template to provision the ELB and HAProxy layers.

This post assumes that you have an understanding of concepts such as Amazon Virtual Private Cloud (VPC) and its components, including subnets, routing, Internet and network address translation (NAT) gateways, DNS, and security groups. You should also be familiar with launching EC2 instances and logging in to them with SSH. If needed, you should familiarize yourself with these concepts and review the solution overview and prerequisites in the next section before proceeding with the deployment.

Note: This solution is intended for use by clients requiring an LDAPS endpoint only. If your requirements extend beyond this, you should consider accessing the Simple AD servers directly or by using AWS Directory Service for Microsoft AD.

Solution overview

The following diagram and description illustrates and explains the Simple AD LDAPS environment. The CloudFormation template creates the items designated by the bracket (internal ELB load balancer and two HAProxy nodes configured in an Auto Scaling group).

Diagram of the the Simple AD LDAPS environment

Here is how the solution works, as shown in the preceding numbered diagram:

  1. The LDAP client sends an LDAPS request to ELB on TCP port 636.
  2. ELB terminates the SSL/TLS session and decrypts the traffic using a certificate. ELB sends the decrypted LDAP traffic to the EC2 instances running HAProxy on TCP port 389.
  3. The HAProxy servers forward the LDAP request to the Simple AD servers listening on TCP port 389 in a fixed Auto Scaling group configuration.
  4. The Simple AD servers send an LDAP response through the HAProxy layer to ELB. ELB encrypts the response and sends it to the client.

Note: Amazon VPC prevents a third party from intercepting traffic within the VPC. Because of this, the VPC protects the decrypted traffic between ELB and HAProxy and between HAProxy and Simple AD. The ELB encryption provides an additional layer of security for client connections and protects traffic coming from hosts outside the VPC.

Prerequisites

  1. Our approach requires an Amazon VPC with two public and two private subnets. The previous diagram illustrates the environment’s VPC requirements. If you do not yet have these components in place, follow these guidelines for setting up a sample environment:
    1. Identify a region that supports Simple AD, ELB, and NAT gateways. The NAT gateways are used with an Internet gateway to allow the HAProxy instances to access the internet to perform their required configuration. You also need to identify the two Availability Zones in that region for use by Simple AD. You will supply these Availability Zones as parameters to the CloudFormation template later in this process.
    2. Create or choose an Amazon VPC in the region you chose. In order to use Route 53 to resolve the LDAPS endpoint, make sure you enable DNS support within your VPC. Create an Internet gateway and attach it to the VPC, which will be used by the NAT gateways to access the internet.
    3. Create a route table with a default route to the Internet gateway. Create two NAT gateways, one per Availability Zone in your public subnets to provide additional resiliency across the Availability Zones. Together, the routing table, the NAT gateways, and the Internet gateway enable the HAProxy instances to access the internet.
    4. Create two private routing tables, one per Availability Zone. Create two private subnets, one per Availability Zone. The dual routing tables and subnets allow for a higher level of redundancy. Add each subnet to the routing table in the same Availability Zone. Add a default route in each routing table to the NAT gateway in the same Availability Zone. The Simple AD servers use subnets that you create.
    5. The LDAP service requires a DNS domain that resolves within your VPC and from your LDAP clients. If you do not have an existing DNS domain, follow the steps to create a private hosted zone and associate it with your VPC. To avoid encryption protocol errors, you must ensure that the DNS domain name is consistent across your Route 53 zone and in the SSL/TLS certificate (see Step 2 in the “Solution deployment” section).
  2. Make sure you have completed the Simple AD Prerequisites.
  3. We will use a self-signed certificate for ELB to perform SSL/TLS decryption. You can use a certificate issued by your preferred certificate authority or a certificate issued by AWS Certificate Manager (ACM).
    Note: To prevent unauthorized connections directly to your Simple AD servers, you can modify the Simple AD security group on port 389 to block traffic from locations outside of the Simple AD VPC. You can find the security group in the EC2 console by creating a search filter for your Simple AD directory ID. It is also important to allow the Simple AD servers to communicate with each other as shown on Simple AD Prerequisites.

Solution deployment

This solution includes five main parts:

  1. Create a Simple AD directory.
  2. Create a certificate.
  3. Create the ELB and HAProxy layers by using the supplied CloudFormation template.
  4. Create a Route 53 record.
  5. Test LDAPS access using an Amazon Linux client.

1. Create a Simple AD directory

With the prerequisites completed, you will create a Simple AD directory in your private VPC subnets:

  1. In the Directory Service console navigation pane, choose Directories and then choose Set up directory.
  2. Choose Simple AD.
    Screenshot of choosing "Simple AD"
  3. Provide the following information:
    • Directory DNS – The fully qualified domain name (FQDN) of the directory, such as corp.example.com. You will use the FQDN as part of the testing procedure.
    • NetBIOS name – The short name for the directory, such as CORP.
    • Administrator password – The password for the directory administrator. The directory creation process creates an administrator account with the user name Administrator and this password. Do not lose this password because it is nonrecoverable. You also need this password for testing LDAPS access in a later step.
    • Description – An optional description for the directory.
    • Directory Size – The size of the directory.
      Screenshot of the directory details to provide
  4. Provide the following information in the VPC Details section, and then choose Next Step:
    • VPC – Specify the VPC in which to install the directory.
    • Subnets – Choose two private subnets for the directory servers. The two subnets must be in different Availability Zones. Make a note of the VPC and subnet IDs for use as CloudFormation input parameters. In the following example, the Availability Zones are us-east-1a and us-east-1c.
      Screenshot of the VPC details to provide
  5. Review the directory information and make any necessary changes. When the information is correct, choose Create Simple AD.

It takes several minutes to create the directory. From the AWS Directory Service console , refresh the screen periodically and wait until the directory Status value changes to Active before continuing. Choose your Simple AD directory and note the two IP addresses in the DNS address section. You will enter them when you run the CloudFormation template later.

Note: Full administration of your Simple AD implementation is out of scope for this blog post. See the documentation to add users, groups, or instances to your directory. Also see the previous blog post, How to Manage Identities in Simple AD Directories.

2. Create a certificate

In the previous step, you created the Simple AD directory. Next, you will generate a self-signed SSL/TLS certificate using OpenSSL. You will use the certificate with ELB to secure the LDAPS endpoint. OpenSSL is a standard, open source library that supports a wide range of cryptographic functions, including the creation and signing of x509 certificates. You then import the certificate into ACM that is integrated with ELB.

  1. You must have a system with OpenSSL installed to complete this step. If you do not have OpenSSL, you can install it on Amazon Linux by running the command, sudo yum install openssl. If you do not have access to an Amazon Linux instance you can create one with SSH access enabled to proceed with this step. Run the command, openssl version, at the command line to see if you already have OpenSSL installed.
    [[email protected] ~]$ openssl version
    OpenSSL 1.0.1k-fips 8 Jan 2015

  2. Create a private key using the command, openssl genrsa command.
    [[email protected] tmp]$ openssl genrsa 2048 > privatekey.pem
    Generating RSA private key, 2048 bit long modulus
    ......................................................................................................................................................................+++
    ..........................+++
    e is 65537 (0x10001)

  3. Generate a certificate signing request (CSR) using the openssl req command. Provide the requested information for each field. The Common Name is the FQDN for your LDAPS endpoint (for example, ldap.corp.example.com). The Common Name must use the domain name you will later register in Route 53. You will encounter certificate errors if the names do not match.
    [[email protected] tmp]$ openssl req -new -key privatekey.pem -out server.csr
    You are about to be asked to enter information that will be incorporated into your certificate request.

  4. Use the openssl x509 command to sign the certificate. The following example uses the private key from the previous step (privatekey.pem) and the signing request (server.csr) to create a public certificate named server.crt that is valid for 365 days. This certificate must be updated within 365 days to avoid disruption of LDAPS functionality.
    [[email protected] tmp]$ openssl x509 -req -sha256 -days 365 -in server.csr -signkey privatekey.pem -out server.crt
    Signature ok
    subject=/C=XX/L=Default City/O=Default Company Ltd/CN=ldap.corp.example.com
    Getting Private key

  5. You should see three files: privatekey.pem, server.crt, and server.csr.
    [[email protected] tmp]$ ls
    privatekey.pem server.crt server.csr

    Restrict access to the private key.

    [[email protected] tmp]$ chmod 600 privatekey.pem

    Keep the private key and public certificate for later use. You can discard the signing request because you are using a self-signed certificate and not using a Certificate Authority. Always store the private key in a secure location and avoid adding it to your source code.

  6. In the ACM console, choose Import a certificate.
  7. Using your favorite Linux text editor, paste the contents of your server.crt file in the Certificate body box.
  8. Using your favorite Linux text editor, paste the contents of your privatekey.pem file in the Certificate private key box. For a self-signed certificate, you can leave the Certificate chain box blank.
  9. Choose Review and import. Confirm the information and choose Import.

3. Create the ELB and HAProxy layers by using the supplied CloudFormation template

Now that you have created your Simple AD directory and SSL/TLS certificate, you are ready to use the CloudFormation template to create the ELB and HAProxy layers.

  1. Load the supplied CloudFormation template to deploy an internal ELB and two HAProxy EC2 instances into a fixed Auto Scaling group. After you load the template, provide the following input parameters. Note: You can find the parameters relating to your Simple AD from the directory details page by choosing your Simple AD in the Directory Service console.
Input parameter Input parameter description
HAProxyInstanceSize The EC2 instance size for HAProxy servers. The default size is t2.micro and can scale up for large Simple AD environments.
MyKeyPair The SSH key pair for EC2 instances. If you do not have an existing key pair, you must create one.
VPCId The target VPC for this solution. Must be in the VPC where you deployed Simple AD and is available in your Simple AD directory details page.
SubnetId1 The Simple AD primary subnet. This information is available in your Simple AD directory details page.
SubnetId2 The Simple AD secondary subnet. This information is available in your Simple AD directory details page.
MyTrustedNetwork Trusted network Classless Inter-Domain Routing (CIDR) to allow connections to the LDAPS endpoint. For example, use the VPC CIDR to allow clients in the VPC to connect.
SimpleADPriIP The primary Simple AD Server IP. This information is available in your Simple AD directory details page.
SimpleADSecIP The secondary Simple AD Server IP. This information is available in your Simple AD directory details page.
LDAPSCertificateARN The Amazon Resource Name (ARN) for the SSL certificate. This information is available in the ACM console.
  1. Enter the input parameters and choose Next.
  2. On the Options page, accept the defaults and choose Next.
  3. On the Review page, confirm the details and choose Create. The stack will be created in approximately 5 minutes.

4. Create a Route 53 record

The next step is to create a Route 53 record in your private hosted zone so that clients can resolve your LDAPS endpoint.

  1. If you do not have an existing DNS domain for use with LDAP, create a private hosted zone and associate it with your VPC. The hosted zone name should be consistent with your Simple AD (for example, corp.example.com).
  2. When the CloudFormation stack is in CREATE_COMPLETE status, locate the value of the LDAPSURL on the Outputs tab of the stack. Copy this value for use in the next step.
  3. On the Route 53 console, choose Hosted Zones and then choose the zone you used for the Common Name box for your self-signed certificate. Choose Create Record Set and enter the following information:
    1. Name – The label of the record (such as ldap).
    2. Type – Leave as A – IPv4 address.
    3. Alias – Choose Yes.
    4. Alias Target – Paste the value of the LDAPSURL on the Outputs tab of the stack.
  4. Leave the defaults for Routing Policy and Evaluate Target Health, and choose Create.
    Screenshot of finishing the creation of the Route 53 record

5. Test LDAPS access using an Amazon Linux client

At this point, you have configured your LDAPS endpoint and now you can test it from an Amazon Linux client.

  1. Create an Amazon Linux instance with SSH access enabled to test the solution. Launch the instance into one of the public subnets in your VPC. Make sure the IP assigned to the instance is in the trusted IP range you specified in the CloudFormation parameter MyTrustedNetwork in Step 3.b.
  2. SSH into the instance and complete the following steps to verify access.
    1. Install the openldap-clients package and any required dependencies:
      sudo yum install -y openldap-clients.
    2. Add the server.crt file to the /etc/openldap/certs/ directory so that the LDAPS client will trust your SSL/TLS certificate. You can copy the file using Secure Copy (SCP) or create it using a text editor.
    3. Edit the /etc/openldap/ldap.conf file and define the environment variables BASE, URI, and TLS_CACERT.
      • The value for BASE should match the configuration of the Simple AD directory name.
      • The value for URI should match your DNS alias.
      • The value for TLS_CACERT is the path to your public certificate.

Here is an example of the contents of the file.

BASE dc=corp,dc=example,dc=com
URI ldaps://ldap.corp.example.com
TLS_CACERT /etc/openldap/certs/server.crt

To test the solution, query the directory through the LDAPS endpoint, as shown in the following command. Replace corp.example.com with your domain name and use the Administrator password that you configured with the Simple AD directory

$ ldapsearch -D "[email protected]corp.example.com" -W sAMAccountName=Administrator

You should see a response similar to the following response, which provides the directory information in LDAP Data Interchange Format (LDIF) for the administrator distinguished name (DN) from your Simple AD LDAP server.

# extended LDIF
#
# LDAPv3
# base <dc=corp,dc=example,dc=com> (default) with scope subtree
# filter: sAMAccountName=Administrator
# requesting: ALL
#

# Administrator, Users, corp.example.com
dn: CN=Administrator,CN=Users,DC=corp,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
description: Built-in account for administering the computer/domain
instanceType: 4
whenCreated: 20170721123204.0Z
uSNCreated: 3223
name: Administrator
objectGUID:: l3h0HIiKO0a/ShL4yVK/vw==
userAccountControl: 512
…

You can now use the LDAPS endpoint for directory operations and authentication within your environment. If you would like to learn more about how to interact with your LDAPS endpoint within a Linux environment, here are a few resources to get started:

Troubleshooting

If you receive an error such as the following error when issuing the ldapsearch command, there are a few things you can do to help identify issues.

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
  • You might be able to obtain additional error details by adding the -d1 debug flag to the ldapsearch command in the previous section.
    $ ldapsearch -D "[email protected]" -W sAMAccountName=Administrator –d1

  • Verify that the parameters in ldap.conf match your configured LDAPS URI endpoint and that all parameters can be resolved by DNS. You can use the following dig command, substituting your configured endpoint DNS name.
    $ dig ldap.corp.example.com

  • Confirm that the client instance from which you are connecting is in the CIDR range of the CloudFormation parameter, MyTrustedNetwork.
  • Confirm that the path to your public SSL/TLS certificate configured in ldap.conf as TLS_CAERT is correct. You configured this in Step 5.b.3. You can check your SSL/TLS connection with the command, substituting your configured endpoint DNS name for the string after –connect.
    $ echo -n | openssl s_client -connect ldap.corp.example.com:636

  • Verify that your HAProxy instances have the status InService in the EC2 console: Choose Load Balancers under Load Balancing in the navigation pane, highlight your LDAPS load balancer, and then choose the Instances

Conclusion

You can use ELB and HAProxy to provide an LDAPS endpoint for Simple AD and transport sensitive authentication information over untrusted networks. You can explore using LDAPS to authenticate SSH users or integrate with other software solutions that support LDAP authentication. This solution’s CloudFormation template is available on GitHub.

If you have comments about this post, submit them in the “Comments” section below. If you have questions about or issues implementing this solution, start a new thread on the Directory Service forum.

– Cameron and Jeff

MPAA Revenue Stabilizes, Chris Dodd Earns $3.5 Million

Post Syndicated from Ernesto original https://torrentfreak.com/mpaa-revenue-stabilizes-chris-dodd-earns-3-5-million170813/

Protecting the interests of Hollywood, the MPAA has been heavily involved in numerous anti-piracy efforts around the world in recent years.

Through its involvement in the shutdowns of Popcorn Time, YIFY, isoHunt, Hotfile, Megaupload and several other platforms, the MPAA has worked hard to target piracy around the globe.

Perhaps just as importantly, the group lobbies lawmakers globally while managing anti-piracy campaigns both in and outside the US, including the Creative Content UK program.

All this work doesn’t come for free, obviously, so the MPAA relies on six major movie studios for financial support. After its revenues plummeted a few years ago, they have steadily recovered and according to its latest tax filing, the MPAA’s total income is now over $72 million.

The IRS filing, covering the fiscal year 2015, reveals that the movie studios contributed $65 million, the same as a year earlier. Overall revenue has stabilized as well, after a few years of modest growth.

Going over the numbers, we see that salaries make up a large chunk of the expenses. Former Senator Chris Dodd, the MPAA’s Chairman and CEO, is the highest paid employee with a total income of more than $3.5 million, including a $250,000 bonus.

It was recently announced that Dodd will leave the MPAA next month. He will be replaced by Charles Rivkin, another political heavyweight. Rivkin previously served as Assistant Secretary of State for Economic and Business Affairs in the Obama administration.

In addition to Dodd, there are two other employees who made over a million in 2015, Global General Counsel Steve Fabrizio and Diane Strahan, the MPAA’s Chief Operating Officer.

Looking at some of the other expenses we see that the MPAA’s lobbying budget remained stable at $4.2 million. Another $4.4 million went to various grants, while legal costs totaled $7.2 million that year.

More than two million dollars worth of legal expenses were paid to the US law firm Jenner & Block, which represented the movie studios in various court cases. In addition, the MPAA paid more than $800,000 to the UK law firm Wiggin, which assisted the group in local site-blocking efforts.

Finally, it’s worth looking at the various gifts and grants the MPAA hands out. As reported last year, the group handsomely contributes to various research projects. This includes a recurring million dollar grant for Carnegie Mellon’s ‘Initiative for Digital Entertainment Analytics’ (IDEA), which researches various piracy related topics.

IDEA co-director Rahul Telang previously informed us that the gift is used to hire researchers and pay for research materials. It is not tied to a particular project.

We also see $70,000+ in donations for both the Democratic and Republican Attorneys General associations. The purpose of the grants is listed as “general support.” Interestingly, just recently over a dozen Attorneys General released a public service announcement warning the public to stay away from pirate sites.

These type of donations and grants are nothing new and are a regular part of business across many industries. Still, they are worth keeping in mind.

It will be interesting to see which direction the MPAA takes in the years to come. Under Chris Dodd it has booked a few notable successes, but there is still a long way to go before the piracy situation is somewhat under control.



MPAA’s full form 990 was published in Guidestar recently and a copy is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Under the Hood of Server-Side Encryption for Amazon Kinesis Streams

Post Syndicated from Damian Wylie original https://aws.amazon.com/blogs/big-data/under-the-hood-of-server-side-encryption-for-amazon-kinesis-streams/

Customers are using Amazon Kinesis Streams to ingest, process, and deliver data in real time from millions of devices or applications. Use cases for Kinesis Streams vary, but a few common ones include IoT data ingestion and analytics, log processing, clickstream analytics, and enterprise data bus architectures.

Within milliseconds of data arrival, applications (KCL, Apache Spark, AWS Lambda, Amazon Kinesis Analytics) attached to a stream are continuously mining value or delivering data to downstream destinations. Customers are then scaling their streams elastically to match demand. They pay incrementally for the resources that they need, while taking advantage of a fully managed, serverless streaming data service that allows them to focus on adding value closer to their customers.

These benefits are great; however, AWS learned that many customers could not take advantage of Kinesis Streams unless their data-at-rest within a stream was encrypted. Many customers did not want to manage encryption on their own, so they asked for a fully managed, automatic, server-side encryption mechanism leveraging centralized AWS Key Management Service (AWS KMS) customer master keys (CMK).

Motivated by this feedback, AWS added another fully managed, low cost aspect to Kinesis Streams by delivering server-side encryption via KMS managed encryption keys (SSE-KMS) in the following regions:

  • US East (N. Virginia)
  • US West (Oregon)
  • US West (N. California)
  • EU (Ireland)
  • Asia Pacific (Singapore)
  • Asia Pacific (Tokyo)

In this post, I cover the mechanics of the Kinesis Streams server-side encryption feature. I also share a few best practices and considerations so that you can get started quickly.

Understanding the mechanics

The following section walks you through how Kinesis Streams uses CMKs to encrypt a message in the PutRecord or PutRecords path before it is propagated to the Kinesis Streams storage layer, and then decrypt it in the GetRecords path after it has been retrieved from the storage layer.

When server-side encryption is enabled—which takes just a few clicks in the console—the partition key and payload for every incoming record is encrypted automatically as it’s flowing into Kinesis Streams, using the selected CMK. When data is at rest within a stream, it’s encrypted.

When records are retrieved through a GetRecords request from the encrypted stream, they are decrypted automatically as they are flowing out of the service. That means your Kinesis Streams producers and consumers do not need to be aware of encryption. You have a fully managed data encryption feature at your fingertips, which can be enabled within seconds.

AWS also makes it easy to audit the application of server-side encryption. You can use the AWS Management Console for instant stream-level verification; the responses from PutRecord, PutRecords, and getRecords; or AWS CloudTrail.

Calling PutRecord or PutRecords

When server-side encryption is enabled for a particular stream, Kinesis Streams and KMS perform the following actions when your applications call PutRecord or PutRecords on a stream with server-side encryption enabled. The Amazon Kinesis Producer Library (KPL) uses PutRecords.

 

  1. Data is sent from a customer’s producer (client) to a Kinesis stream using TLS via HTTPS. Data in transit to a stream is encrypted by default.
  2. After data is received, it is momentarily stored in RAM within a front-end proxy layer.
  3. Kinesis Streams authenticates the producer, then impersonates the producer to request input keying material from KMS.
  4. KMS creates key material, encrypts it by using CMK, and sends both the plaintext and encrypted key material to the service, encrypted with TLS.
  5. The client uses the plaintext key material to derive data encryption keys (data keys) that are unique per-record.
  6. The client encrypts the payload and partition key using the data key in RAM within the front-end proxy layer and removes the plaintext data key from memory.
  7. The client appends the encrypted key material to the encrypted data.
  8. The plaintext key material is securely cached in memory within the front-end layer for reuse, until it expires after 5 minutes.
  9. The client delivers the encrypted message to a back-end store where it is stored at rest and fetchable by an authorized consumer through a GetRecords The Amazon Kinesis Client Library (KCL) calls GetRecords to retrieve records from a stream.

Calling getRecords

Kinesis Streams and KMS perform the following actions when your applications call GetRecords on a server-side encrypted stream.

 

  1. When a GeRecords call is made, the front-end proxy layer retrieves the encrypted record from its back-end store.
  2. The consumer (client) makes a request to KMS using a token generated by the customer’s request. KMS authorizes it.
  3. The client requests that KMS decrypt the encrypted key material.
  4. KMS decrypts the encrypted key material and sends the plaintext key material to the client.
  5. Kinesis Streams derives the per-record data keys from the decrypted key material.
  6. If the calling application is authorized, the client decrypts the payload and removes the plaintext data key from memory.
  7. The client delivers the payload over TLS and HTTPS to the consumer, requesting the records. Data in transit to a consumer is encrypted by default.

Verifying server-side encryption

Auditors or administrators often ask for proof that server-side encryption was or is enabled. Here are a few ways to do this.

To check if encryption is enabled now for your streams:

  • Use the AWS Management Console or the DescribeStream API operation. You can also see what CMK is being used for encryption.
  • See encryption in action by looking at responses from PutRecord, PutRecords, or GetRecords When encryption is enabled, the encryptionType parameter is set to “KMS”. If encryption is not enabled, encryptionType is not included in the response.

Sample PutRecord response

{
    "SequenceNumber": "49573959617140871741560010162505906306417380215064887298",
    "ShardId": "shardId-000000000000",
    "EncryptionType": "KMS"
}

Sample GetRecords response

{
    "Records": [
        {
            "Data": "aGVsbG8gd29ybGQ=", 
            "PartitionKey": "test", 
            "ApproximateArrivalTimestamp": 1498292565.825, 
            "EncryptionType": "KMS", 
            "SequenceNumber": "495735762417140871741560010162505906306417380215064887298"
        }, 
        {
            "Data": "ZnJvZG8gbGl2ZXMK", 
            "PartitionKey": "3d0d9301-3c30-4c48-a9a8-e485b2982b28", 
            "ApproximateArrivalTimestamp": 1498292801.747, 
            "EncryptionType": "KMS", 
            "SequenceNumber": "49573959617140871741560010162507115232237011062036103170"
        }
    ], 
    "NextShardIterator": "AAAAAAAAAAEvFypHZDx/4bJVAS34puwdiNcwssKqbh/XhRK7HSYRq3RS+YXJnVKJ8j0gQUt94bONdqQYHk9X9JHgefMUDKzDzndy5WbZWO4CS3hRdMdrbmJ/9KoR4lOfZvqTLt6JWQjDqXv0IaKs06/LHYcEA3oPcyQLOTJHdJl2EzplCTZnn/U295ovxvqF9g9DY8y2nVoMkdFLmdcEMVXjhCDKiRIt", 
    "MillisBehindLatest": 0
}

To check if encryption was enabled, use CloudTrail, which logs the StartStreamEncryption() and StopStreamEncryption() API calls made against a particular stream.

Getting started

It’s very easy to enable, disable, or modify server-side encryption for a particular stream.

  1. In the Kinesis Streams console, select a stream and choose Details.
  2. Select a CMK and select Enabled.
  3. Choose Save.

You can enable encryption only for a live stream, not upon stream creation.  Follow the same process to disable a stream. To use a different CMK, select it and choose Save.

Each of these tasks can also be accomplished using the StartStreamEncryption and StopStreamEncryption API operations.

Considerations

There are a few considerations you should be aware of when using server-side encryption for Kinesis Streams:

  • Permissions
  • Costs
  • Performance

Permissions

One benefit of using the “(Default) aws/kinesis” AWS managed key is that every producer and consumer with permissions to call PutRecord, PutRecords, or GetRecords inherits the right permissions over the “(Default) aws/kinesis” key automatically.

However, this is not necessarily the same case for a CMK. Kinesis Streams producers and consumers do not need to be aware of encryption. However, if you enable encryption using a custom master key but a producer or consumer doesn’t have IAM permissions to use it, PutRecord, PutRecords, or GetRecords requests fail.

This is a great security feature. On the other hand, it can effectively lead to data loss if you inadvertently apply a custom master key that restricts producers and consumers from interacting from the Kinesis stream. Take precautions when applying a custom master key. For more information about the minimum IAM permissions required for producers and consumers interacting with an encrypted stream, see Using Server-Side Encryption.

Costs

When you apply server-side encryption, you are subject to KMS API usage and key costs. Unlike custom KMS master keys, the “(Default) aws/kinesis” CMK is offered free of charge. However, you still need to pay for the API usage costs that Kinesis Streams incurs on your behalf.

API usage costs apply for every CMK, including custom ones. Kinesis Streams calls KMS approximately every 5 minutes when it is rotating the data key. In a 30-day month, the total cost of KMS API calls initiated by a Kinesis stream should be less than a few dollars.

Performance

During testing, AWS discovered that there was a slight increase (typically 0.2 millisecond or less per record) with put and get record latencies due to the additional overhead of encryption.

If you have questions or suggestions, please comment below.

Protesters Physically Block HQ of Russian Web Blocking Watchdog

Post Syndicated from Andy original https://torrentfreak.com/protesters-physically-block-hq-of-russian-web-blocking-watchdog-170701/

Hardly a week goes by without the Russian web-blocking juggernaut rolling on to new targets. Whether they’re pirate websites, anonymity and proxy services, or sites that the government feels are inappropriate, web blocks are now a regular occurance in the region.

With thousands of domains and IP addresses blocked, the situation is serious. Just recently, however, blocks have been more problematic than usual. Telecoms watchdog Roskomnadzor, which oversees blocking, claims that innocent services are rarely hit. But critics say that overbroad IP address blockades are affecting the innocent.

Earlier this month there were reports that citizens across the country couldn’t access some of the country’s largest sites, including Google.ru, Yandex.ru, local Facebook variant vKontakte, and even the Telegram messaging app.

There have been various explanations for the problems, but the situation with Google appears to have stemmed from a redirect to an unauthorized gambling site. The problem was later resolved, and Google was removed from the register of banned sites, but critics say it should never have been included in the first place.

These and other developments have proven too much for some pro-freedom activists. This week they traveled to Roskomnadzor’s headquarters in St. Petersburg to give the blocking watchdog a small taste of its own medicine.

Activists from the “Open Russia” and “Civil Petersburg” movements positioned themselves outside the entrance to the telecom watchdog’s offices and built up their own barricade constructed from boxes. Each carried a label with the text “Blocked Citizens of Russia.”

Blockading the blockaders in Russia

“Freedom of information, like freedom of expression, are the basic values of our society. Those who try to attack them, must themselves be ‘blocked’ from society,” said Open Russia coordinator Andrei Pivovarov.

Rather like Internet blockades, the image above shows Open Russia’s blockade only partially doing its job by covering just three-quarters of Roskomnadzor’s entrance.

Whether that was deliberate or not is unknown but the video embedded below clearly shows staff walking around its perimeter. The protestors were probably just being considerate, but there are suggestions that staff might have been using VPNs or Tor.

Moving forward, new advice from Roskomnadzor to ISPs is that they should think beyond IP address and domain name blocking and consider using Deep Packet Inspection. This would help ensure blocks are carried out more accurately, the watchdog says.

There’s even a suggestion that rather than doing their own website filtering, Internet service providers could buy a “ready cleaned” Internet feed from an approved supplier instead. This would remove the need for additional filtering at their end, it’s argued, but it sounds like more problems waiting to happen.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

AWS Hot Startups – May 2017

Post Syndicated from Tina Barr original https://aws.amazon.com/blogs/aws/aws-hot-startups-may-2017/

April showers bring May startups! This month we have three hot startups for you to check out. Keep reading to find out what they’re up to, and how they’re using AWS to do it.

Today’s post features the following startups:

  • Lobster – an AI-powered platform connecting creative social media users to professionals.
  • Visii – helping consumers find the perfect product using visual search.
  • Tiqets – a curated marketplace for culture and entertainment.

Lobster (London, England)

Every day, social media users generate billions of authentic images and videos to rival typical stock photography. Powered by Artificial Intelligence, Lobster enables brands, agencies, and the press to license visual content directly from social media users so they can find that piece of content that perfectly fits their brand or story. Lobster does the work of sorting through major social networks (Instagram, Flickr, Facebook, Vk, YouTube, and Vimeo) and cloud storage providers (Dropbox, Google Photos, and Verizon) to find media, saving brands and agencies time and energy. Using filters like gender, color, age, and geolocation can help customers find the unique content they’re looking for, while Lobster’s AI and visual recognition finds images instantly. Lobster also runs photo challenges to help customers discover the perfect image to fit their needs.

Lobster is an excellent platform for creative people to get their work discovered while also protecting their content. Users are treated as copyright holders and earn 75% of the final price of every sale. The platform is easy to use: new users simply sign in with an existing social media or cloud account and can start showcasing their artistic talent right away. Lobster allows users to connect to any number of photo storage sources so they’re able to choose which items to share and which to keep private. Once users have selected their favorite photos and videos to share, they can sit back and watch as their work is picked to become the signature for a new campaign or featured on a cool website – and start earning money for their work.

Lobster is using a variety of AWS services to keep everything running smoothly. The company uses Amazon S3 to store photography that was previously ordered by customers. When a customer purchases content, the respective piece of content must be available at any given moment, independent from the original source. Lobster is also using Amazon EC2 for its application servers and Elastic Load Balancing to monitor the state of each server.

To learn more about Lobster, check them out here!

Visii (London, England)

In today’s vast web, a growing number of products are being sold online and searching for something specific can be difficult. Visii was created to cater to businesses and help them extract value from an asset they already have – their images. Their SaaS platform allows clients to leverage an intelligent visual search on their websites and apps to help consumers find the perfect product for them. With Visii, consumers can choose an image and immediately discover more based on their tastes and preferences. Whether it’s clothing, artwork, or home decor, Visii will make recommendations to get consumers to search visually and subsequently help businesses increase their conversion rates.

There are multiple ways for businesses to integrate Visii on their website or app. Many of Visii’s clients choose to build against their API, but Visii also work closely with many clients to figure out the most effective way to do this for each unique case. This has led Visii to help build innovative user interfaces and figure out the best integration points to get consumers to search visually. Businesses can also integrate Visii on their website with a widget – they just need to provide a list of links to their products and Visii does the rest.

Visii runs their entire infrastructure on AWS. Their APIs and pipeline all sit in auto-scaling groups, with ELBs in front of them, sending things across into Amazon Simple Queue Service and Amazon Aurora. Recently, Visii moved from Amazon RDS to Aurora and noted that the process was incredibly quick and easy. Because they make heavy use of machine learning, it is crucial that their pipeline only runs when required and that they maximize the efficiency of their uptime.

To see how companies are using Visii, check out Style Picker and Saatchi Art.

Tiqets (Amsterdam, Netherlands)

Tiqets is making the ticket-buying experience faster and easier for travelers around the world.  Founded in 2013, Tiqets is one of the leading curated marketplaces for admission tickets to museums, zoos, and attractions. Their mission is to help travelers get the most out of their trips by helping them find and experience a city’s culture and entertainment. Tiqets partners directly with vendors to adapt to a customer’s specific needs, and is now active in over 30 cities in the US, Europe, and the Middle East.

With Tiqets, travelers can book tickets either ahead of time or at their destination for a wide range of attractions. The Tiqets app provides real-time availability and delivers tickets straight to customer’s phones via email, direct download, or in the app. Customers save time skipping long lines (a perk of the app!), save trees (don’t need to physically print tickets), and most importantly, they can make the most out of their leisure time. For each attraction featured on Tiqets, there is a lot of helpful information including best modes of transportation, hours, commonly asked questions, and reviews from other customers.

The Tiqets platform consists of the consumer-facing website, the internal and external-facing APIs, and the partner self-service portals. For the app hosting and infrastructure, Tiqets uses AWS services such as Elastic Load Balancing, Amazon EC2, Amazon RDS, Amazon CloudFront, Amazon Route 53, and Amazon ElastiCache. Through the infrastructure orchestration of their AWS configuration, they can easily set up separate development or test environments while staying close to the production environment as well.

Tiqets is hiring! Be sure to check out their jobs page if you are interested in joining the Tiqets team.

Thanks for reading and don’t forget to check out April’s Hot Startups if you missed it.

-Tina Barr