Jump to content
  • Comcast Subscriber Receives DMCA Notice for Downloading Ubuntu

    Karlston

    • 2 comments
    • 1.2k views
    • 5 minutes
     Share


    • 2 comments
    • 1.2k views
    • 5 minutes

    Comcast Subscriber Receives DMCA Notice for Downloading Ubuntu

     

    Every day, people who download and share pirated content receive DMCA notices via their ISPs, warning them to cease and desist their infringing behavior. While the majority of these notices are accurate, one Ubuntu user says he has just been targeted by an anti-piracy company alleging that by torrenting an OS ISO released by Ubuntu itself, he breached copyright law.

     

    Two decades ago, the BitTorrent protocol revolutionized peer-to-peer (P2P) file-sharing. The content-agnostic system allowed people to efficiently share and download even the largest files and soon grew to become the dominant method of transfer for millions of file-sharers.

     

    Over the years, people have shared all kinds of content using torrents and it quickly became associated with mass copyright infringement of movies, TV shows, music and everything in between. However, BitTorrent is also used to distribute large volumes of data with the blessing of rightsholders, with the sharing of Linux distros a prime example.

     

    Indeed, large companies such as Ubuntu owner Canonical actively encourage the distribution of their packages via BitTorrent, even going as far as operating their own tracker. This is effectively a green light for users to obtain Ubuntu using BitTorrent and is universally considered to be entirely safe. However, a development yesterday caused mass confusion when a user was accused of copyright infringement via a notice from his ISP.

    Anti-Piracy Firm Sends DMCA Notice Against Comcast User

    Posting to Reddit’s /r/linux sub-Reddit, a forum with more than 656K subscribers, ‘NateNate60’ reported the unthinkable. After downloading an official Ubuntu ISO package (filename ubuntu-20.04.2.0-desktop-amd64.iso) he says he received a notice from Comcast’s Infinity claiming that he’d been reported for copyright infringement.

     

    “We have received a notification by a copyright owner, or its authorized agent, reporting an alleged infringement of one or more copyrighted works made on or over your Xfinity Internet service,” the posted notice reads.

     

    NateNate60 wisely redacted the notice to remove the ‘Incident Number’ and the precise time of the alleged infringement to protect his privacy but the clam was reported filed with Comcast on May 24, 2021.

     

    “The copyright owner has identified the IP address associated with your Xfinity Internet account at the time as the source of the infringing works,” it continues, adding that NateNate60 should search all of his devices connected to his network and delete the files mentioned in the complaint.

     

    ubuntu dmca comcast

     

    Detail of the Allegedly-Infringing Content and DMCA Notice

    The allegedly infringing content is the 64-bit Ubuntu 20.04.2.0 LTS release but the first big question is whether the file is actually the official release from Canonical. Given that the listed hash value is 4ba4fbf7231a3a660e86892707d25c135533a16a and that matches the hash of the official release, mislabeled or misidentified content (wrong hash, mislabeled file etc) appears to be ruled out.

     

    Indeed, the same hash value is listed on Ubuntu’s very own BitTorrent tracker and according to NateNate60, this is where he downloaded the torrent that led to the DMCA notice. It doesn’t get much more official than that.

     

    According to the DMCA notice sent by Comcast, the complainant wasn’t Ubuntu/Canonical but an anti-piracy company called OpSec Security, which according to its imprint is based in Germany. TorrentFreak has contacted OpSec for a comment on the DMCA notice but at the time of writing the company is yet to respond.

    Implications of the DMCA Notice

    It is certainly possible for someone to fake a DMCA notice (and also cause outrage by choosing controversial content such as Ubuntu) so we have also contacted Canonical for its take on the claims being made. While we wait for the company to weigh in, it seems possible that this is some kind of error, one that could be easily triggered by someone cutting-and-pasting the wrong hash value into a BitTorrent monitoring system.

     

    That being said, there can be consequences even when erroneous DMCA notices aren’t properly handled. Presuming the notice is genuine (albeit sent in error), Comcast needs to be informed that mistakes have been made. The ISP has a repeat infringer policy and given the current hostile environment, terminating users is certainly on the agenda. Indeed, the notice states just that.

     

    “We remind you that use of our service in any manner that constitutes an infringement of any copyrighted work is a violation of Comcast’s DMCA Policy and may result in the suspension or termination of your service and account,” it warns.

     

    Arguably unwisely, however, NateNate60 says he isn’t going to take the matter up with Comcast.

     

    “I really don’t want to risk them shutting off my Internet access over this stupid thing so I’m probably just going to ignore it,” he wrote on Reddit.

     

    Again, we need to wait for responses from OpSec and Ubuntu explaining why this notice was sent but not contesting an erroneous DMCA notice has implications.

     

    For example, should NateNate60 suddenly get another couple of similar notices (regardless of whether they are genuine or sent in error), Comcast may feel that in order to retain its safe harbor under the DMCA, terminating the account might be its only option. At that point the damage has been done and it could prove even more difficult to get the account reinstated.

     

    Also, if this notice is indicative of a broader issue, it seems unlikely that NateNate60 will be the only recipient of a ‘strike’ against his account for downloading/sharing official Ubuntu torrents. Raising the issue quickly will allow the parties to see what went wrong here (if that’s indeed the case) and prevent it from happening again.

     

    We’ll update this post when Canonical and OpSec Security respond to our requests for comment.

     

     

    Comcast Subscriber Receives DMCA Notice for Downloading Ubuntu

    • Like 2

    User Feedback

    Recommended Comments

    OpSec Says DMCA Notice System Was “Spoofed” To Target Ubuntu Download

    Ubuntu

     

    An anti-piracy company cited as the sender of a DMCA notice targeting an entirely legal copy of Ubuntu says that its notice sending system was spoofed. The notice was reportedly sent via Comcast to warn a Reddit user that he'd breached copyright law but the explanation from OpSec Security only raises even more questions as to how something like this could possibly happen.

     

    Yesterday we reported that Reddit user NateNate60 had received a DMCA notice, apparently from Comcast, declaring that he’d breached copyright law by downloading and sharing a legal copy of Ubuntu.

     

    “We have received a notification by a copyright owner, or its authorized agent, reporting an alleged infringement of one or more copyrighted works made on or over your Xfinity Internet service,” the posted notice reads.

     

    “The copyright owner has identified the IP address associated with your Xfinity Internet account at the time as the source of the infringing works,” it continues, adding that NateNate60 should search all of his devices connected to his network and delete the files mentioned in the complaint.

     

    According to the Xfinity notice, the sender was OpSec Security so to find out more we contacted the anti-piracy company for an explanation. That came in late last night and while it provides some answers, it also raises even more questions.

    OpSec: Our Anti-Piracy System Was “Spoofed”

    In a response from OpSec Marketing Communications Manager Amanda Hershey, the company explained that the notice was malicious and was sent to damage its reputation.

     

    “OpSec Security’s DCMA [sic] notice sending program was spoofed on Wednesday, May 26, 2021 by unknown parties across multiple streaming platforms,” Hershey explains.

     

    “The content in question all appears to be Ubuntu Linux ISO. We have incontrovertible evidence that proves these DMCA notices were not perpetrated by or originated with OpSec Security.”

     

    Why OpSec references “multiple streaming platforms” is unclear. People do not ‘stream’ Ubuntu packages, they download them – in this case via torrents distributed by Ubuntu’s own tracker. And while OpSec says it has “incontrovertible evidence” that shows the DMCA notices were not sent by the company, it is yet to reveal details in public.

     

    “OpSec’s enforcement efforts are occasionally spoofed by a third party in an attempt to damage OpSec’s reputation. These attempts are easily identifiable, and easily disproven,” the company explains.

     

    While the security company says that third parties are “spoofing” its system, it does not explain how that was possible. And, at least in this case, the bad DMCA notice was apparently not “easily identifiable”, since it clearly managed to cause confusion. So how did this happen?

    Inside Information Acquired?

    In our initial report we noted that it’s not impossible for someone to fake a DMCA notice. In this case, however, it is difficult to dovetail events on the ground and the statement from OpSec because a certain amount of more difficult-to-acquire information would be needed to be this targeted.

     

    Firstly, NateNate60 says he did download the content in question after obtaining a torrent directly from Ubuntu’s own tracker. That would, of course, expose his IP address both to the tracker and everyone else sharing the content. However, in order to send the DMCA notice via email (whether that was from Comcast or a spoofed email address purporting to be Comcast), anyone obtaining NateNate60’s IP address would necessarily need his email address too.

     

    This raises the question of how that email address was obtained. OpSec Security wouldn’t ordinarily have it, neither would the alleged malicious party, but Comcast clearly would. That’s how DMCA notices sent to ISPs work. The sender doesn’t know the contact details of the alleged infringer so they ask someone who does to forward the notice, in this case, Comcast.

     

    So, if we take OpSec’s statement at face value, at least in theory a third-party could’ve tricked Comcast into sending the notice after “spoofing” OpSec’s “notice sending program”. This raises more questions.

     

    If these allegedly malicious efforts to undermine OpSec’s reputation are “easily identifiable, and easily disproven”, how was Comcast not put on alert? And if this has happened before as the company claims, why hasn’t the loophole been closed?

     

    In any case, the allegedly malicious third-party would also need to know how to contact Comcast in a convincing manner, in order to masquerade as OpSec. It’s not easy to determine how that could be achieved without knowing how OpSec usually communicates with Comcast. This could be explained if OpSec’s system had been hacked or illegally accessed in some way, but the company does not use that terminology, instead going with the term “spoofed”, i.e imitated, not compromised.

     

    Furthermore, even if we adopt the scenario that Comcast didn’t send the email and it was a spoofed fake, how did the sender a) discover NateNate60’s IP address, b) the exact time he downloaded the torrent, and c) manage to match that IP address to his email address? It sounds like a lot of effort simply to tarnish OpSec’s name, especially since there was no guarantee that NateNate60 would ever publish the notice online.

    Both OpSec and Canonical Say They Are Taking Action

    While OpSec’s statement is helpful to an extent, it clearly raises even more questions. We have put these questions to the security company and will publish an update when it responds. In the meantime, OpSec says the matter is now being escalated.

     

    “We are notifying the appropriate authorities about this incident,” OpSec says.

     

    Ubuntu owner Canonical says it has launched its own investigation.

     

     

    OpSec Says DMCA Notice System Was “Spoofed” To Target Ubuntu Download

    • Like 2
    Link to comment
    Share on other sites


    Really have to check whether the sender of the email is legit or not.

    It looks absurd when a DMCA notice being served when an user only download free and open-source OS like Linux.

    Link to comment
    Share on other sites




    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...