Back in July we reported that the Alliance for Creativity (ACE) and the Motion Picture Association (MPA) had obtained a DMCA subpoena compelling Cloudflare to hand over the personal details of sports streaming service HeHeStreams.

 

Soon after, the site – which in the main facilitated access to MLB, NBA, NFL, and NHL content – disappeared and began redirecting to ACE. We can confirm that a settlement was reached but since both sides are honoring their agreement, no further details are available.

 

For HeHeStreams’ operator, who founded the site in 2016/17, felt the shutdown marked the end of an era from which he could move on but that wasn’t to be the case. A separate criminal investigation representing a different set of rightsholders was already underway, one that doesn’t come with the option of a civil settlement.

HeHeStreams Operator Charged With Numerous Crimes

Joshua Streit, better known online as Josh Brody, was named yesterday as the operator of HeHeStreams. According to the Department of Justice, Streit has been charged with numerous crimes including computer systems intrusions at Major League Baseball and the illegally streaming of content from MLB, NBA, NFL and NHL to the public, for profit. He was also charged with attempting to extort $150,000 from MLB.

 

Before diving into those details, an explanation of HeHeStreams’ operations is in order.

HeHeStreams Was a Special Type of IPTV Service

The majority of traditional IPTV suppliers facilitate access to pirated streams by offering them from their own servers. This is a model that burns through lots of bandwidth and is seen as a necessary cost of doing business. What HeHeStreams managed to do is eliminate these costs almost completely by not utilizing pirated streams at all.

 

Instead, it found a way to connect HeHeStreams users to genuine streams offered by the sports broadcasters. This had obvious upsides – no more massive streaming server bills and since official streams rarely break down or buffer, a bunch of happy customers.

 

“Streit obtained the copyrighted content by gaining unauthorized access to the websites for those sports leagues via misappropriated login credentials from legitimate users of those websites. One of the victim sports leagues sustained losses of approximately $3 million due to Streit’s conduct,” the DoJ notes.

 

This method of using official streams to supply ‘pirate’ customers was alluded to in our interview with Akamai earlier this year. A pair of DISH lawsuits against SportsBay and Nitro IPTV also illustrate the same problem, one that broadcasters need to fix.

 

Quite why these gaping loopholes aren’t being closed isn’t clear but what we do know is that disclosing such vulnerabilities can go horribly wrong.

Bug Bounty Or Criminal Extortion?

Back in the summer, TorrentFreak sought comment from Joshua Streit on the ACE/MPA settlement deal. After he declined, the discussion shifted to the apparent loopholes at DISH-owned Sling TV referenced in their lawsuits, ones that fail to prevent non-customers from piggybacking onto legal streams.

 

How these are exploited went unexplained but without mentioning any services in particular, Streit indicated that he had been trying to share knowledge of serious vulnerabilities with one (or more) providers. He expressed some frustration at their apparent reluctance to work together. We later got the impression that things had improved but that was clearly not the case.

 

According to the criminal complaint filed by the US Government, around March 2021 Streit emailed an MLB employee noting that he’d previously disclosed a network vulnerability but was disappointed by the company’s response. “The lack of gratitude is frankly shocking,” he reportedly wrote.

 

Streit later sent another email noting that he’d reported yet more vulnerabilities to the company over a particular weekend and he had two reporters who cover MLB matters interested in the story. An unnamed MLB executive then contacted Streit by phone and reportedly found him “upset” by MLB’s failure to acknowledge his efforts.

 

Streit allegedly informed the MLB executive that he expected to be financially compensated for the work he’d done but was told that while MLB has no bug bounty program, the company “appreciated” his disclosures. Streit responded that bug bounty programs are useful for cooperation and according to the complaint, added that it would be bad for MLB if the media found out about the vulnerability.

 

After a gap of several months, Streit allegedly emailed MLB again in the hope that the earlier discussions could be continued. The MLB executive replied, informing Streit that “people here are concerned about this as unauthorized access to our systems” but then went on to ask Streit what kind of money he was expecting. $150,000, apparently.

 

 

Serious vulnerabilities can return big bug bounties and there is no question this vulnerability is serious. The complaint against Streit says that an analysis conducted by just one of the sports leagues reveals losses of almost $3m to the HeHeStreams operation alone. And herein lies the problem.

 

It’s not known if MLB would’ve been more responsive to a neutral third-party discloser but at least as far as FBI Special Agent Joshua Williams is concerned, Streit’s overall conduct means that his request for payment amounted to extortion.

 

“(i) believe that…although the defendant approached MLB in the guise of being helpful to MLB, his simultaneous intrusion into MLB accounts and illegal streaming of MLB content on the illicit streaming website indicates that Streit acted knowingly and with the intent to extort MLB,” Agent Williams writes.

Potentially Serious Prison Time

As per the Department of Justice, 30-year-old Streit from Minnesota is charged with:

 

One count of knowingly accessing a protected computer in furtherance of a criminal act and for purposes of commercial advantage and private financial gain, which carries a maximum sentence of five years in prison.

 

One count of knowingly accessing a protected computer in furtherance of fraud, which carries a maximum sentence of five years in prison.

 

One count of wire fraud, which carries a maximum sentence of 20 years in prison and one count of illicit digital transmission, which carries a maximum sentence of five years in prison. He also faces one count of sending interstate threats with the intent to extort, which carries a maximum sentence of two years in prison.

 

Of immediate interest here is the reference to “illicit digital transmission”. This terminology is used in the Protecting Lawful Streaming Act (PLSA), a law that made certain streaming conduct a felony. It was signed into law last December and as far as we’re aware, hasn’t been used until now.

 

The criminal complaint can be found here (pdf)

 

Section 1201 of the DMCA prohibits the circumvention of copyright controls without permission.

 

This legal restriction prevents the general public from bypassing DRM protection on a wide variety of content and devices.

 

There are some important exceptions to this rule, however. This includes phone jailbreaking, which was declared legal in 2010. These provisions are renewed every three years after the Copyright Office hears various arguments from stakeholders and the general public.

Jailbeaking Video Streaming Devces

This triannual review also allows interested parties to come up with new proposals. In the most recent rulemaking process, for example, the Electronic Frontier Foundation (EFF) suggested an expansion of the current jailbreaking exemptions to include video streaming devices.

In previous years the Office already allowed the public to jailbreak smartphones, tablets, wearables, and smart TVs. According to the EFF, general video streaming devices such as Roku and Apple TV boxes should fit in the same category.

 

Jailbreaking these devices will enable the public to “exercise full control” over their hardware, EFF argued. That allows people to unlock valuable new features, such as adding a web browser and compatibility with other tools such as privacy-enhancing VPNs.

Copyright Holders Fear Widespread Piracy

This proposal received broad support from digital rights activists. However, major copyright industry groups including the RIAA, ESA, and Hollywood’s MPA, fiercely opposed the plan. They urged the Copyright Office not to grant the exemption as it would open the door to widespread piracy.

 

The groups fear that jailbreaking will result in widespread copyright infringement, as it allows the public to install piracy tools on these video devices as well.

 

“Access controls on these devices are designed to prevent unauthorized access to copyrighted works,” the copyright holders wrote. “Once circumvented, even for the ostensible purpose of first installing a lawful application, nothing prevents a user from later installing infringing applications or applications that enable infringement on these devices.”

Jailbreaking Exemption Approved

After reviewing the input from both sides, the Copyright Office recommended approving the new DMCA anti-circumvention exemption. According to the Office, the current limitations hinder fair use modifications of these devices.

 

“Proponents have satisfied their burden of showing that technological measures applied to video streaming devices and routers or other networking devices are having, or are likely to have, an adverse effect on noninfringing uses. The Register accordingly recommends adoption of exemptions authorizing the jailbreaking of both types of devices, with appropriate limitations.”

 

Copyright holder fears that the exemption will open the door to piracy apps is ungrounded. Similar comments were made in 2015 when the Smart-TV exemption was discussed, and the Copyright Office sees no reason to change its position.

 

“While opponents argue that the proposed exemption could lead to unauthorized access to copyrighted works and to unapproved apps, as in 2015, “[n]o actual evidence was submitted to illustrate the claim that jailbreaking . . . will make it easier to gain unauthorized access to copyrighted content’,” the Office notes.

Limitations Apply

The final exemption class does come with some limitations. People are only allowed to use jailbroken devices with “lawfully obtained software.” In addition, jailbreaking should not be carried out to “gain unauthorized access to other copyrighted works.”

 

This advice was adopted and the Librarian of Congress has now published the full list of new rights that go into effect today. The full streaming device section reads as follows:

 

Computer programs that enable smart televisions to execute lawfully obtained software applications, where circumvention is accomplished for the sole purpose of enabling interoperability of such applications with computer programs on the smart television, and is not accomplished for the purpose of gaining unauthorized access to other copyrighted works. For purposes of this paragraph (b)(10), “smart televisions” includes both internet-enabled televisions, as well as devices that are physically separate from a television and whose primary purpose is to run software applications that stream authorized video from the internet for display on a screen.

 

The Copyright Office specifically states that the new exemptions apply to Roku and Apple TV but hardware from other manufacturers with similar restrictions should fall into the same category. Jailbreaking was already quite common for these devices and now people are allowed to do this legally.

 

The final rule also includes other new exemptions, including broader rights to repair video game consoles. However, the proposal to allow museums and libraries to allow the public to access abandoned video games off-premises was rejected.

 

Making movies readily available on official streaming services was supposed to be the silver bullet for defeating piracy, but these things aren’t always so straightforward.

 

To improve the chances of success, subscriptions also need to be priced fairly and when movies come out, there should be no sitting around waiting for a piracy-encouraging theatrical window to close.

 

All of these elements formed part of the plan when Netflix delivered Zack Snyder’s Army of the Dead back in May. Readily accessible, reasonably priced, with a very small gap between theatrical release and streaming debut, things appeared to go smoothly.

 

This October 29th, Netflix will release Army of Thieves, the prequel to Army of the Dead. It will tick all of the piracy-defeating boxes of the first installment but that hasn’t prevented the movie from leaking online.

Army of Thieves Appears on Pirate Sites

A few hours ago, rumors began circulating that Army of Thieves had leaked online, days ahead of its Netflix release. Comments indicated that this is a very good copy and not something culled from a grainy physical or online source. It’s now confirmed that the movie has indeed leaked in 1080p, with one release labeled as a WEBRip and the other a much more sought-after WEB-DL.

 

The latter is usually preferred since these are digital files downloaded from streaming services, not lower-quality screen captures produced locally. It’s a little early to say for sure but the rumors of decent quality are likely to be true, as per the leaked screenshots below.

 

 

But just like London buses, you wait for one leak and then several others come all at once.

Paranormal Activity: Next of Kin…and More

In the wake of Army Of Thieves, several other movies leaked to torrent and streaming sites, mostly ahead of their official release dates. Again, all appear to have been released in WEB-DL and/or WEBRip qualities.

 

As the seventh installment and a reboot of the Paranormal Activity series, Paranormal Activity: Next of Kin was set for a theatrical release in March 2021 but the coronavirus pandemic pushed that out to March 2022.

 

Earlier this year it was announced that the film will be released exclusively on Paramount+ on October 29th but that has now been trumped by pirates, who leaked the movie a few hours ago. Again, quality appears good.

Icelandic drama film Lamb premiered at the 2021 Cannes Film Festival and was released in Iceland on September 24. The movie began a limited theatrical release on October 8 in the US but viewers in countries around Europe could be waiting until January 2022 to watch legally. Those who prefer not to wait now have another option, however.

 

Finally, pirates also leaked the new Bruce Willis movie ‘Apex‘ in the past few hours. The action-thriller is set to have a day-and-date release on November 12 but yet again, pirates have gone one better, this time by a couple of weeks.

 

While the leaks are controversial enough, they are made more interesting by the fact that a single shadowy and prolific group has taken responsibility for them all.

P2P Release Group EVO Strikes Again

To give just a handful of examples, during October last year P2P release group EVO leaked screener copies of the movies Falling and My Salinger Year online. This September, EVO was also responsible for leaking Netflix movies The Power of the Dog and The Guilty, which were apparently ripped from festival screeners.

 

Then, several days before the new Dune movie was set to enjoy its US release on HBO Max this month, EVO leaked a copy of that too. This week they are responsible for leaking several more, including Army of Thieves, something that Netflix is unlikely to be happy about.

Times Have Changed and The Leak May Not Cause Chaos

While there is little doubt that Army of the Dead fans will be enthusiastic about watching the prequel, pre-release leaks of movies set to appear on Netflix probably avoid many of the problems experienced by others with more complex release models, such as Lamb.

 

Firstly, Netflix has more than 200 million subscribers and when households and account sharing are taken into consideration, the reach of the platform is significantly more than that. As a result, all of the customers that were intending to watch the movie on Friday can still do so, without resorting to piracy. The other bonus is that there is no theatrical window to disrupt or destroy.

 

While its model offers some protection, the downside for Netflix is that new movie releases can be a magnet for new subscribers. The leak probably won’t do too much damage in that respect but Netflix has become much more aggressive on the piracy front in recent times, so could yet have the last say.

 

Earlier this month, several copyright holder groups sent their annual “Notorious Markets” recommendations to the U.S. Trade Representative (USTR).

 

The submissions are meant to call out well-known piracy sites, apps, and services, but Cloudflare was frequently mentioned as well.

Cloudflare in the ‘Piracy’ Spotlight

The American web security and infrastructure provider can’t be officially listed in the final report since it’s not a foreign company. However, rightsholders have seized the opportunity to point out that the CDN service helps pirate sites with their infringing activities.

 

The Motion Picture Association (MPA), for example, pointed out that Cloudflare can mask the IP address and hosting provider of a website. This allows operators of copyright-infringing sites, including The Pirate Bay, to frustrate enforcement efforts.

 

“Cloudflare’s customers include some of the most notorious, longstanding pirate websites in the world, including The Pirate Bay, whose current domain, thepiratebay.org, has been identified as infringing rights holders’ copyrights nearly six million separate times,” the MPA wrote.

 

“Nonetheless, The Pirate Bay, and other notorious pirate sites, remain Cloudflare customers despite repeated notices of infringement to Cloudflare.”

Cloudflare: ‘We Share Information’

According to Cloudflare, these types of characterizations don’t tell the full story. In a rebuttal sent to the USTR this week the company hopes to set the record straight. Cloudflare doesn’t deny that it ‘shields’ IP addresses, but notes that there are plenty of options for rightsholders to obtain information.

 

For example, through a basic DMCA subpoena, which can be signed off by a court clerk, rightsholders can request information including IP addresses, payment details, and other account details. Last year alone, the company received 67 DMCA subpoenas which targeted hundreds of domains.

 

There are also more direct options. When copyright holders submit a copyright infringement complaint through Cloudflare’s web form, the company will share the name of the hosting company that’s used by the targeted site.

 

This option shouldn’t come as a surprise to the MPA, RIAA, and other groups that complained to the USTR, as they all use the abuse form. Apparently, this helped them to identify the hosting companies of the accused pirate sites.

 

“In fact, all of the rights holders who referenced Cloudflare in their complaints also referenced the hosting providers for websites that use Cloudflare’s services, demonstrating Cloudflare’s cooperation in providing them access to the information they need to pursue a takedown,” Cloudflare writes.

IP Addresses are Restricted

Without a subpoena, the CDN provider hands over details on the hosting company of allegedly infringing sites. However, the host’s IP address isn’t generally shared as this type of sensitive information has been abused by malicious actors in the past.

 

“Although we appreciate the importance of addressing copyright infringement, we do not believe that opening a website up to cyberattack is either an appropriate or legally acceptable way to address infringement,” the company explains, adding that a select group of ‘trusted’ notifiers can get this information.

 

“Cloudflare does provide origin host IP addresses through its Trusted Reporter program to those entities that have proven a genuine need for the information and have adequately demonstrated the willingness and ability to secure the information and protect it from being used for cyberattack.”

 

In addition, the CDN provider is also working with a small number of rightsholder groups to find ways to use automated processes so information on allegedly infringing sites can be shared even quicker.

Losing Trust in Trusted Reporters?

The trusted notifiers include the RIAA, MPA, and the Swiss Watch Industry, which all called out Cloudflare in their recent notorious markets submissions. Reading between the lines, the CDN provider is not happy with all of them, as some decided to share sensitive data in public.

 

“Unfortunately, however, some rightsholders who have been granted access to sensitive IP information through our Trusted Reporter process have demonstrated through public Notorious Markets submissions that they do not believe they have an obligation to secure that information.

 

“This flagrant disregard for the sensitivity of the information they have been given and the commitments they made when signing up for the program does not help build trust or long-term cooperative relationships,” Cloudflare warns.

 

The CDN provider doesn’t mention any names but the MPA and RIAA shared information on the hosting companies of alleged pirate sites hosted by Cloudflare. That said, we didn’t see any IP addresses being shared by these groups.

Tension and Accusations Remain

It is worth pointing out that the RIAA already anticipated Cloudflare’s rebuttal. The music industry group confirmed that it can obtain the IP addresses of pirate sites. However, since Cloudflare informs its customers if this happens, these can quickly move to new hosting providers before RIAA can do anything.

 

“Since there is no real-time access to the site’s location, any IP address provided by Cloudflare one day may be inaccurate the next,” RIAA wrote.

 

All in all, it’s clear that there is quite a bit of tension between Cloudflare and some rightsholder groups. This is also illustrated in one of the closing comments from the CDN provider, which urges rightsholders to keep their eye on the real target.

 

“We believe it is time for rightsholders to shift their comments away from policy advocacy to focus instead on the physical and online markets that are the intended subject of the Notorious Markets report,” the company concludes.

 

—–

 

A copy of Cloudflare’s rebuttal, submitted to the Office of the United States Trade Representative, is available here (pdf)

 

As part of their ongoing efforts to shut down or disrupt pirate IPTV services, Universal, Amazon, Columbia, Disney, Netflix, Paramount, Sony, and other content creators sued Jason Tusa, the operator of the Area 51, Digital UniCorn Media, Singularity Media, and Altered Carbon services.

 

Tusa had been on the radar of the studios for some time and had previously shut down Area 51 after reaching a settlement agreement with anti-piracy coalition Alliance For Creativity and Entertainment. Tusa failed to honor that agreement by continuing in the pirate IPTV business, the lawsuit ensued, and in August the studios won a preliminary injunction to restraint Tusa moving forward.

 

Last month the plaintiffs filed a motion for default judgment, seeking maximum statutory damages for willful infringement ($150,000 per copyright work) for a total of $16,350,000. They also sought execution of a confidential settlement sum previously agreed with Tusa, a permanent injunction, interest, and attorney’s fees in excess of $330,000.

 

United States District Court Judge Virginia A. Phillips this week ruled in favor of the studios but it seems unlikely that the outcome will be enthusiastically welcomed by the plaintiffs.

Judge Summarizes Tusa’s ‘Particularly Egregious’ Behavior

Judge Phillips begins by accepting that Tusa ran various pirate IPTV services offering 2,600 channels and PPV events without having any license to do so. Then, despite agreeing to shut down Area 51, launched Singularity Media, a service that was shut down after he was confronted by ACE. Tusa then signed a settlement agreement but went on to launch Digital UniCorn Media but denied he had anything to do with it.

 

In February 2021, ACE/MPA investigators found that Tusa was running Altered Carbon, despite having taken a number of steps to hide his involvement. After the plaintiffs filed their lawsuit in July, Tusa engaged counsel but failed to answer or respond to the complaint. So, in August 2021, a clerk entered a default against Tusa leading the Judge to consider whether a default judgment was warranted.

Each of Plaintiffs Claims Considered

In respect of direct copyright infringement, Judge Phillips says that since Tusa streamed the plaintiffs’ copyright works on Altered Carbon without authorization, the plaintiffs were likely to succeed in their claim. When considering whether their contributory copyright infringement claim would succeed, several factors come into play.

 

With direct infringement already established, the Judge says that Tusa had “actual knowledge” that his 24/7 streams were unlicensed yet continued to provide them to his customers. As a result, he materially contributed to the infringement of his stream suppliers

 

“By operating the Altered Carbon websites and supplying the IPTV Service, Tusa facilitates, encourages, and enables the direct infringement of Plaintiffs’ Copyrighted Works,” the Judge writes, adding that both the contributory copyright infringement and inducement claims are also likely to succeed. Tusa knowingly distributed the Altered Carbon service for the purpose of infringing copyrights, Judge Phillips adds.

 

Since Tusa breached his earlier settlement agreement, he is also liable for a breach of contract that caused the plaintiffs “irreparable harm and concrete damage in additional costs to bring Tusa into compliance.”

Copyright Infringment Damages

As previously reported, the plaintiffs demanded maximum statutory damages of $16,350,000, representing $150,000 for Tusa’s willful direct infringement of the 109 copyrighted works in suit. The Judge acknowledges that this is just a small sample of the works infringed by Tusa and that his overall infringing activity was “continuous” and took place on a “massive scale”.

 

After considering all of the above, Judge Phillips concludes that a default judgment is indeed warranted. Noting that Tusa’s conduct involved running a pirate service, breaching a settlement agreement, relaunching new services, offering massive volumes of pirated content, and then failing to mount a defense, the Judge accepts that a “substantial financial penalty” is appropriate. It seems unlikely the studios will be delighted with the outcome.

 

“The Court awards $2,500 for each of 109 copyrights at issue, for a total of $272,500. Despite the egregiousness of Defendant’s behavior in this case, the Court declines to award the statutory maximum in damages because the number of copyrighted works at issue would amount to an excessively large award of $16,350,000,” Judge Phillips writes.

 

“The Court concludes that statutory damages of $272,500 for direct and secondary copyright infringement are sufficient to compensate Plaintiffs for financial losses incurred from Defendant’s infringement of Plaintiffs’ Copyrighted Works and deter Defendant from future infringement.”

Other Damages and Awards

The terms of the settlement agreement with Tusa are redacted from court documents but the Judge accepts that while the studios upheld their side of the deal, Tusa did not. As a result it appears that they are owed ‘something’, but precisely what that ‘something’ is remains confidential.

 

In addition, Judge Phillips was happy to hand down a permanent injunction but in respect of the plaintiffs’ demands for attorneys’ fees and costs, wasn’t prepared to award the amounts requested. In short, the studios demanded $330,600 but the Judge finds that just $9,050 is an appropriate amount.

 

 

Given that the plaintiffs previously described Area 51 as the “then-largest stand-alone pirate IPTV service by traffic in the United States,” and that massive damages are not uncommon in such cases, Tusa appears to have walked away in relatively good shape.

 

The terms of the confidential settlement agreement may provide important nuance but whatever the agreement, the financial terms clearly weren’t enough to deter ongoing infringement.

 

Judge Phillips’ order and judgment can be found here and here (pdf)

 

Anonymity is a great good on the Internet but increasingly there are calls for stricter identity checks.

 

Such requirements are not new. In daily life, many people encounter situations where they have to prove their identity. When opening a bank account, for example. But online it is still rare.

 

At the start of this year, then-President Donald Trump signed an executive order that could help change this. Titled: ‘Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities,’ aims to tackle online cybercrime including copyright infringement.

IaaS Providers Should Verify Customers

The executive order aims to stop foreign cybercriminals from using US-based Infrastructure as a Service (IaaS) products. Specifically, this can be achieved by requiring such services to properly verify and retain the identities of non-US customers.

 

This proposal is music to the ears of large copyright holder groups, including the Motion Picture Association (MPA). Rightsholders often complain that anonymous operators of pirate sites and services use American services such as domain registrars, hosting companies, CDN and proxy services, and even cryptocurrency exchanges.

 

So, when the U.S. Department of Commerce launched a public consultation on the implementation of the executive order, Hollywood’s anti-piracy group was keen to respond. According to the MPA, the proposal will help to deter piracy, but only under the right conditions.

MPA Proposes Strict Requirements

Under the DMCA, online services can already be required to identify potential copyright infringers. However, the MPA notes that operators of pirate sites and services often use false information.

 

“In our experience, malicious cyber actors – including operators of piracy sites and services – almost always misrepresent their identity to IaaS providers. The regulations should therefore ensure that the verification of their identities generates a high degree of confidence that the recorded identities are genuine,” MPA writes.

 

Among other things, IaaS providers shouldn’t just verify personal information when an account is opened. The services should make sure that this information remains accurate while the customer uses its products.

 

In addition, the MPA would like these robust identity checks to apply to all customers, not just foreign ones. After all, pirate sites aren’t merely operated by people from other countries.

 

“While a significant share of malicious cyber activity – including copyright infringement – is perpetrated by non-U.S. commercial actors, U.S. business customers represent a non-negligible share of perpetrators of malicious cyber-enabled activities.”

Ensuring Effective and Correct Policies

The MPA suggests three measures that should help to ensure that the new requirements are effective and correctly implemented by IaaS providers.

 

Firstly, online services should offer a tool that allows interested parties to notify them if their clients are potentially using false or misleading identities. Secondly, services should terminate the accounts of clients whose information is false or misleading, and who fail to correct these errors.

 

The third measure is targeted at the IaaS providers themselves. If they fail to comply with the regulation, financial penalties should follow.

 

The MPA wholeheartedly supports the efforts to require IaaS providers to identify customers. However, the group is concerned that the current IaaS definition used by the Government isn’t broad enough.

Cryptocurrency Exchanges and DNS Servers

For this reason, the regulation should ensure that it covers a wide range of services, including web hosting, reverse proxies, CDNs, DNS servers, anti-DDoS services, domain registrars, payment processors, advertising networks, and cryptocurrency exchanges.

 

The role of hosting providers is obvious, but the Hollywood group stresses that cryptocurrency exchanges and DNS servers also play an important crucial role in the piracy ecosystem.

 

“Cryptocurrencies have become a popular method among malicious cyber actors – including copyright infringers – for anonymously receiving payments and storing profits,” MPA writes.

 

“[DNS] servers ‘resolve’ a web address into the corresponding IP address. DNS resolution is an essential networking function of the internet and infrastructure that is essential to operating a website,” the group adds.

 

At the moment, many cryptocurrency exchanges already have thorough verification procedures, but the MPA clearly sees room for improvement. For DNS servers this may be harder to implement, as these generally don’t have site operators as customers. But perhaps these could be otherwise urged to stop resolving pirate sites?

 

If implemented, the MPA has good hope that the new regulation will help to track down cybercriminals and significantly deter piracy. In due course, this should help protect entertainment industry revenues while keeping the public safe from piracy-related malware threats.

 

—

 

A copy of the Motion Picture Association’s comments and suggestions in response to the U.S. Department of Commerce consultation is available here (pdf)

 

After cutting her teeth in lower-profile promotions, MMA fighter Paige VanZant made her winning UFC debut in 2014. With subsequent ‘Fight of the Night’ and ‘Performance of the Night’ awards, she cemented herself as a fan favorite but with just two wins from her last six fights, ’12 Gauge’ eventually left the UFC.

 

While VanZant continued to fight, athleticism and good looks opened up even greater opportunities for the former UFC fighter. In 2016, a series of impressive performances on Dancing With The Stars brought her into the mainstream and today she is reportedly making more by posting her racy images online than she ever did with the world’s premier martial arts organization.

VanZant Popular on Instagram, But Also PPV

With around three million followers, VanZant is certainly making some decent returns from her Instagram account but she’s not averse to posting some tasters online for free either. She is active on Reddit and often posts content to the MMABabes sub (NSFW). However, the self-proclaimed ‘Professional Bad Ass and Model’ also has her own site where fans can subscribe to all her glory for $9.99 per month.

 

This pay-per-view model is certainly popular with some but of course, there are those who would prefer not to pay for the privilege. As a result, VanZant’s images (that appear to be getting racier over time) are widely shared on social media without permission. She also has a keen following on Discord too but for people who posted content from her fansite to the platform, time could be running out.

Paige Wants Personal Contact With Pirates

At the time of writing, people who subscribe to VanZant’s official site can get a range of perks, including a FaceTime meeting with the model and influencer. This type of contact is likely to be popular with fans but for those who are pirating her contact, VanZant has another type of personal attention in mind.

 

On October 15, attorney Jason Fischer of Fischer Law, P.L. wrote to Discord informing the platform that unknown individuals had posted dozens of VanZant’s copyrighted images and videos on the platform. These were reportedly culled from her official site and posted to Discord without permission.

 

“It has come to the attention of Ms. Vanzant that copies of her copyrighted content have been reproduced and published on Discord,” the notice to Discord reads.

 

“This copyrighted material was captured from Ms. Vanzant’s fan site (https://www.paigefanzant.com/) without permission and has similarly been reproduced and published on Discord without permission. Accordingly, we respectfully request that you remove the above-described copyrighted materials from your site/servers.”

 

While this would usually be the end of the matter, VanZant wasn’t done.

VanZant Goes to Court in the United States

In an application filed at a California district court, VanZant’s attorney explained that since her content had been posted to Discord without permission, she is entitled to access the identities of the Discord users responsible for infringing her copyrights.

 

Listing more than 60 links to images and videos, the filing requests a DMCA subpoena compelling Discord to hand over the personal details of its allegedly infringing users. This information should include usernames/account names, real names, physical addresses, users’ telephone numbers, email addresses, IP addresses, and billing information for all of these accounts.

 

At this stage it is unclear what Ms. VanZant and her attorney intend to do with this information but for those who posted her content to Discord (and if they can be tracked down) there is likely to be no good news.

 

The DMCA subpoena application can be found here (1,2,3 pdf)

 

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only.

 

These torrent download statistics are only meant to provide further insight into the piracy trends. All data are gathered from public resources.

 

This week we have three new entries in the list. “Dune” is the most downloaded title.

The most torrented movies for the week ending on October 25 are:

Movie Rank	Rank last week	Movie name	IMDb Rating / Trailer
Most downloaded movies via torrent sites
1	(6)	Dune	8.3 / trailer
2	(3)	Halloween Kills	6.1 / trailer
3	(2)	Free Guy	7.4 / trailer
4	(1)	Copshop	6.4 / trailer
5	(…)	Night Teeth	5.7 / trailer
6	(5)	Old	5.9 / trailer
7	(…)	After We Fell	5.0 / trailer
8	(8)	The Suicide Squad	7.6 / trailer
9	(9)	Black Widow	6.8 / trailer
10	(4)	Old Henry	7.3 / trailer

 

 

Note: We also publish an updating archive of all the list of weekly most torrented movies lists.

 

Six major ISPs – BT, EE, Plusnet, Sky, TalkTalk and Virgin Media – control more than 90% of the fixed line broadband market in the UK. This means that when copyright holders want to prevent access to pirate sites in the region, these providers are regularly named in blocking injunction applications.

 

Late Friday, the High Court reported that Columbia Pictures, Disney Enterprises, Netflix Studios, Paramount Pictures, Universal City Studios and Warner Bros. Entertainment made submissions in a new application earlier this month, requesting an order for the ISPs listed above to block five pirate streaming portals in the UK.

Tinyzonetv.to – The Largest Platform

The most popular domain in traffic terms is tinyzonetv.to. The platform currently enjoys around 16.5 million visits per month according to SimilarWeb stats, with around 13.5% from the United States and 13% from the UK.

 

The site claims to have 250,000 videos in its movie and TV show database supported by subtitles in English and Spanish. These include new titles such as Dune and Halloween Kills.

 

 

In common with many other sites that eventually find themselves exposed to legal action, tinyzonetv.to was targeted in a DMCA subpoena application filed by the Motion Picture Association (MPA) and Alliance for Creativity and Entertainment (ACE) in the United States earlier this year.

 

That successful application required CDN provider to hand over the personal details of the site operator but whether that translated into useful information for the anti-piracy groups is unclear.

Watchserieshd.tv – 10 Million Visits Per Month

Watchserieshd.tv is another popular domain that in April was pulling in around 14 million visitors per month. Traffic recently dropped to around 9.7 million but with an extensive library of movies, TV shows and anime content on offer, it is still popular in the UK, which accounts for an estimated 18% of its traffic.

 

 

The first public signs that the MPA had taken an interest in watchserieshd.tv appeared in September 2020 when MPA/ACE obtained a DMCA subpoena at a California district court. That required Cloudflare to give up the personal details of the site’s operator, which is often necessary for enforcement action.

 

This May the anti-piracy groups obtained another subpoena which again listed the watchserieshd.tv domain, perhaps suggesting that the original subpoena didn’t result in useful information.

Levidia.ch Replaces Levidia.to

The next popular in traffic terms is levidia.ch. This domain only started getting significant traffic in June 2021 and now enjoys around 4.5 million visits per month. This doesn’t appear to be a new site, however.

 

Around the time the domain started to gain traction, another similar domain – levidia.to – started losing traffic, suggesting the .ch domain acted as a replacement for its predecessor. Indeed, levidia.ch displays the .to domain on its homepage.

 

 

MPA/ACE interest in levidia.to became apparent in November 2020 when they obtained a DMCA subpoena which required the Tonic domain registry to hand over the personal details of the domain’s registrant. Whether that action forced the owner to ditch the domain isn’t clear but lividia.to isn’t currently in operation.

123movies.online/123moviesfun.ch and Europixhd.net

123movies.online and 123moviesfun.ch link to the same site, now operating purely from the .online domain. It appears to enjoy around a million visits per month, with 30% from the United States. The UK’s share is around 16% but that is up 30% in recent weeks so preventing that from accelerating ahead will be a key goal of the MPA.

 

Europixhd.net is the final entry in the injunction. The site was pretty popular back in April with around 2.3 million visits per month but more recently visitor numbers are down to around 750,000. Roughly 18% of the site’s traffic is from the United States with around 6.5% coming from the UK, a figure that continues to fall.

 

Europix branded domains were targeted in an earlier blocking order in Australia but it’s not clear whether these share the same operator.

Considerations of the High Court

Given that the MPA has massive experience when it comes to obtaining blocking injunctions in the UK, it’s no surprise that the High Court went ahead and granted its application in this case. That being said, no details were taken for granted by the Judge.

 

Mrs Justice Falk agreed with the movie industry group’s claims that the sites are illegal, noting that none of the sites actually host any content but present it to the public via links to third-party sites. According to the order, this does not detract from the case, since all of the sites knowingly facilitate access to copyright-infringing content via communications to a “new public”.

 

All of the sites are operated on a for-profit basis, so this falls foul of existing rulings too.

 

“In my view the Target Websites do authorize infringing acts of copying by users, and indeed positively encourage and facilitate it. The fact of extensive copying by users can be inferred from the quantity of material indexed on the Target Websites, their purpose of making the content available and the extent of traffic to the sites,” the order reads.

 

“As to authorization, the nature of the relationship is the provision by the Target Websites of a user-friendly environment to locate and access content. The sites provide the means to infringe, and infringement by copying is an inevitable consequence of accessing the material. The Target Websites have the means to control access but have taken no steps to prevent infringement. The activities amount to the purported grant of the right to do the acts complained of.”

Complications With Sites’ Use of Cloudflare

The order notes that all of the sites in the injunction are operated outside the Court’s jurisdiction utilizing Cloudflare’s delivery platform. Since blocking injunctions tend to target domains and IP addresses, this could cause issues for other sites using the same Cloudflare IP addresses. This issue is addressed by the Court as follows:

 

“The Target Websites are all operated outside the jurisdiction. The majority are hosted via CloudFlare’s delivery platform. Where that is the case it is not possible to determine definitively whether or not other sites are also hosted on the same server,” the order notes.

 

“The applicants have confirmed that, following the grant of the order, they will notify the Target Websites to CloudFlare and request that they be allocated to dedicated IP addresses. This approach has been taken in respect of sites blocked pursuant to existing orders under section 97A, and is intended to ensure that only material on the Target Websites is blocked.”

 

The order can be found here

 

Over the years we have seen our fair share of bizarre DMCA takedown notices, but we continue to be surprised by new schemes.

 

This week we can add another to the list, one that has some serious threats attached.

 

The notices in question were sent to Google but the accompanying message appears to be directed at the targeted sites, many of which offer APK versions of apps. These sites may or may not offer pirated software, but the takedown notices are unusual nonetheless.

Mysterious Supreme Court Action?

The sender claims to represent unnamed game developers and, in broken English, says they went all the way up to the Supreme Court to go after the infringing websites.

 

“We are reaching you in behalf of a very, very long list of Game Developers who repeatedly denounced your illegal activities and asked the supreme court of the USA to take legal action,” one of the notices reads.

 

There is no reference to the supposed legal action or the related lower court judgment but the consequences are very real, at least according to the takedown sender.

$500,000 Fine and the ‘FBI’

In addition to a potential ‘fine’ of at least half a million dollars, the targeted site operators are apparently facing prison sentences as well.

 

“This is an official warning of takedown, therefore you are requested to immediately proceed with deleting every illegal/pirate page from your website. Don’t play with law, or next time we’ll not be so kind with you: we’ll directly take you to jail instead, after a fine of 500,000 USD, at least.”

 

As if the above isn’t enough, some notices want us to believe that the “FBI” is the sender. We’re not sure which FBI the notice refers to but the Federal Bureau of Investigation doesn’t get involved in these issues.

 

 

Interestingly, the threatening language isn’t only used by this mysterious FBI entity. Someone using the name “Anti-piracy Protection” is also targeting APK sites, warning of Supreme Court action.

 

“We request to immediately cease and desist, or we will be forced to file a legal case to the supreme court of the United States of America to have our customers’ rights indemnified and ask the Hosting Provider to delete the website and all associated domains,” these notices read.

Imposters?

This “Anti-piracy Protection” outfit shouldn’t be confused with APP Global, which uses the same name for its legitimate takedown notices and has nothing to do with the above. The dubious notices come from another outfit, one that has targeted more than 100,000 URLs.

 

TorrentFreak spoke to the operators of two affected sites who clearly believe that something is off here. One site operator informed us that 7,000 of his site’s URLs were removed from Google as a result of these notices.

 

Another site owner was targeted by the same scheme, which took pretty much his entire website out of Google’s search results

 

“This guy ransacked my entire index through sitemap.xml, then got all my URLs from there,” the site operator tells us.

 

“He then created dozens of gmails and sent fake DMCA notices under the [imposter] names ‘Anti-Piracy Protection’, ‘Intercorp Security, ‘International CyberCrime Investigations – FBI’. This has been going on for a long time.”

Extortion?

To clarify, these names are likely used in bad faith. If our hunch is right, these bizarre takedown notices are not coming from actual copyright holders but from malicious senders. Their notices could be a tool to remove search results of competing sites, or worse.

 

One of the site operators also shared an extortion message that he received, referencing the takedown scheme. We weren’t able to independently verify the legitimacy of this email, but it wouldn’t surprise us if it’s real.

 

 

Thus far Google’s response to these notices has been mixed. The company rejected quite a few but tens of thousands of URLs were indeed removed.

 

One of the site operators informed us that several of his URLs were restored after he complained to Google, but he fears that the ‘senders’ are not going to give up that easily. For now, suspicious notices keep coming in, using the aforementioned names but also strange labels such as “Reporter Badguys” and “Anti Game Publisher.”

 

Bizarre indeed…

 

Earlier this year, people who allegedly offered or even watched the Jake Paul vs. Ben Askren boxing match online without permission were sucked into legal action.

 

Copyright owner Triller filed a wave of lawsuits after the PPV fight aired, targeting various sites and their operators. That included a number of YouTube channels including the H3 Podcast, which is currently fighting back citing fair use, a defense that Triller says isn’t available.

 

Despite the main event of the Jake Paul card ending in just 119 seconds, Triller’s lawsuits are aimed at recovering damages for alleged copyright infringement of that segment. That’s also the aim of a lawsuit filed in June targeting Arvin De La Santos, the alleged operator of the YouTube channel YourEXTRA.

 

In its complaint filed at a California court, Triller demanded compensation for copyright infringement and vicarious copyright infringement (Triller says Santos profited from the fight) in an amount to be determined at trial, plus $110,000 for each violation of the Federal Communications Act. It now transpires that Triller was initially happy to settle the matter out of court but that didn’t go to plan.

Fair Use, Innocent Infringement, Unclean Hands

This week De La Santos formally answered Triller’s complaint and as is common with such responses, the YouTuber largely denies most of Triller’s allegations.

 

The answer from De La Santos cites the doctrine of fair use as an affirmative defense. No specifics are detailed at this stage and since the nature of the original video is currently unclear, it’s hard to assess whether the defense will hold water moving forward.

 

‘Innocent infringement’ is put forward as another affirmative defense, with a note that should the defendant’s actions be deemed “improper” (this is disputed by the defense), then any infringement was in good faith and not willful.

 

What is more immediately interesting though is the claim that the dispute could have been settled before it had even begun, if Triller had kept to its word.

Triller “Refused to Honor” Settlement Agreement

After the Jake Paul fight aired in April, Triller launched an amnesty campaign for people who watched the fight online without paying. The company said that up to two million people could pay a settlement fee to avoid legal action.

 

It’s unclear whether that campaign bore any fruit but according to De La Santos’ answer, settling Triller’s claims in return for the company not filing a lawsuit didn’t go to plan. The YouTuber’s attorney says that Triller comes to the court with ‘unclean hands’ after acting in bad faith in respect of a pre-lawsuit settlement agreement.

 

“Defendant was enticed to settle the alleged infringement as opposed to having to go to Court. Defendant agreed to sign Plaintiff’s settlement agreement, and paid the required fee which came with a release of claims,” the filing reads.

 

“Thereafter, Plaintiff filed this lawsuit and returned the settlement fee (without interest) and now seeks to recover damages and attorney fees that they are not entitled to. This is a deceptive act and practice under California law,” it continues adding: “The parties have previously agreed and resolved this dispute, which Plaintiff has now refused to honor.”

Defendant Seeks Judgment

In closing, De La Santos asks the court to ensure that Triller “takes nothing by way of their complaint” including legal or equitable relief. He asks for the complaint to be dismissed with prejudice (cannot be filed again) and that judgment is entered in his favor.

 

The YouTuber also demands his costs and attorney fees incurred thus far or a jury trial, if necessary.

 

Finally, in Triller’s ongoing lawsuit filed against the H3 Podcast that alleges piracy of the same event, there appear to be settlement controversies of a different type.

 

The H3 Podcast reports that in an effort to end that dispute quickly and amicably, it offered to pay Triller $25,000. That offer was reportedly rejected with Triller countering with a much larger amount of $900,000. It also wanted the H3 Podcast to publish the statement below, which at the time would have served as a propaganda tool to ensure that people who watched the event illegally would settle with Triller.

 

 

The H3 Podcast declined and the case is now in full swing with an ongoing war over detailed aspects of what is – and what isn’t – fair use.

 

The De La Santos/YourEXTRA answer to Triller’s complaint can be found here (pdf)

 

Under US copyright law, Internet providers must terminate the accounts of repeat infringers “in appropriate circumstances.”

 

In the past such drastic action was rare but with the backing of legal pressure, ISPs are increasingly being held to this standard.

Initially, these lawsuits were mostly initiated by music companies, backed by the RIAA. However, in recent months a group of independent filmmakers joined in. These plaintiffs include the makers of films such as The Hitman’s Wife’s Bodyguard, London Has Fallen, and Hellboy.

 

One of the targeted ISPs is RCN, which was previously targeted in a similar lawsuit by the RIAA. According to the filmmakers, the ISP failed to terminate subscribers who repeatedly infringe copyrights. This allegedly violates the DMCA and RCN should therefore be held liable.

RCN Strikes Back at “Trolls”

This week the Internet provider responded to the allegations with a motion to dismiss. In addition to rebutting the legal claims, RCN starts off by providing context and highlighting previous legal efforts from the filmmakers and their anti-piracy tracking firm Maverickeye.

 

Some of the companies involved have previously gone after individual pirates from which they obtained settlements, and the ISP puts them in the “copyright troll” corner, a label the filmmakers have previously rejected.

 

“Plaintiffs and Maverickeye are part of a well-known web of copyright trolls. Until now, Plaintiffs’ modus operandi has been to file John Doe lawsuits in the hope of securing quick settlements and to dismiss them at the slightest resistance. Plaintiffs are rarely successful in contested cases,” RCN writes.

 

“Additionally, courts and litigants in these cases have persuasively accused Maverickeye of serious wrongdoing, such as submitting fraudulent ‘expert’ declarations from fictitious persons, violating state law by engaging in unlicensed surveillance, and even conspiring with copyright owners to offer copyrighted content over BitTorrent and then sue anyone who tries to download it.”

‘Piracy Liability Claims Fail’

These counter-allegations don’t plead RCN free. However, the ISP continues by setting out why the filmmakers’ piracy liability claims fail. In large part, this focuses on the piracy evidence provided by Maverickeye.

 

The ISP notes that it’s not clear how the German company detects copyright infringements. Neither are there any details of forensic evidence that prove any actual infringing activity.

 

RCN argues that, without evidence of such direct infringements, the filmmakers can’t hold the company responsible for contributory infringement. After all, it’s hard to hold someone liable when the underlying piracy activity isn’t backed up with proper evidence.

‘IP Address in Not Sufficient’

Maverickeye allegedly tracked the IP addresses of alleged pirates. However, an IP address is not sufficient to prove that subscribers downloaded any infringing material, the ISP claims, pointing to the ‘Cobbler’ case.

 

“Like in Cobbler, Plaintiffs have failed to allege ‘something more’ beyond identifying an IP address to create a reasonable inference that a particular RCN subscriber is also the alleged direct infringer.

 

“And without a reasonable inference that an RCN subscriber directly infringed Plaintiffs’ copyrights, Plaintiffs’ secondary copyright infringement claims against RCN cannot survive a motion to dismiss,” RCN adds.

Financial Benefit?

RCN continues with various other arguments explaining why the contributory and vicarious copyright infringement claims fail.

 

For example, a plausible vicarious copyright infringement claim requires the plaintiffs to show that there’s a ‘financial benefit.’ According to RCN, that’s not the case here.

 

“The only financial benefit that Plaintiffs allege is the receipt of flat fees for internet service, which remains the same whether RCN’s subscribers infringe Plaintiffs’ copyrights or not,” RCN writes.

 

Many of these arguments are similar to the ones we’ve seen in similar cases. We expect that the filmmakers will disagree with the ISP and file their rebuttal in the weeks to come.

 

—

 

A copy of RCN’s memorandum in support of its motion to dismiss the filmmakers’ complaint is available here (pdf)

 

Yout.com’s legal battle with the RIAA, which was instigated by the YouTube-ripping service in 2020, hasn’t been a straightforward affair. The original complaint hoped to achieve a declaratory judgment that the service operates legally but the RIAA has fought back on every detail.

 

The basis of Yout’s complaint is that it operates an entirely legal service that, contrary to the claims of the RIAA, does not “descramble, decrypt, avoid, bypass, remove, deactivate, or impair” YouTube’s so-called ‘rolling cipher technology’ when it allows users to download MP3’s from YouTube. Yout believes its platform simply offers features that already exist in web browsers but makes the process easier.

 

The music industry group has continually said that no matter how Yout cuts it, YouTube has mechanisms in place to prevent permanent downloads and any system that allows them can be labeled as breaching the anti-circumvention provisions of the DMCA. Whether it helps a little or lot, the RIAA says that Yout meets the threshold to be defined as a circumvention tool.

 

The case has now been live for almost a year, with the RIAA calling for the complaint to be dismissed, Yout arguing otherwise, and the RIAA firing back.

 

In an apparent effort to get things back on track, the presiding judge dismissed the case without prejudice in August, allowing Yout to file a refocused amended complaint. The YouTube-ripping platform provided plenty of detail to the court but according to the RIAA, Yout hasn’t helped to progress the case.

RIAA Files Motion to Dismiss

In a motion to dismiss and supporting memorandum filed with the court this week, the RIAA criticizes Yout for failing to provide important facts that could help to show whether the service breaches the anti-circumvention provisions of the DMCA. Describing the entire lawsuit as being based on “manifestly implausible claims”, the RIAA says key information is still lacking in the second amended complaint.

 

“[P]laintiff has failed to fix a fundamental deficiency in its pleading: the lack of any detailed description of how the Yout service operates,” the RIAA writes.

 

“Although Plaintiff has added allegations and screenshots that show what someone sees when he or she visits Plaintiff’s website, and allegations that describe a complicated process by which someone not using Plaintiff’s service can supposedly download a music video from YouTube, Plaintiff has conspicuously avoided alleging facts that explain how Yout actually works.

 

“Instead, Plaintiff has merely alleged that ‘Yout’s software platform enables a person to complete the process described above [i.e., the process followed by someone not using Yout], but in fewer steps.’ This vague reference to unexplained ‘steps’ is the antithesis of the non-conclusory, factual allegations the law requires.”

 

Since this information about how Yout operates hasn’t been provided, the RIAA says that the second amended complaint should be dismissed with prejudice, effectively ending the entire case.

Circular Arguments Suggest Little Progress

From the very beginning the basic claims of both sides haven’t really changed but for good measure, the RIAA again highlights details that it believes are important.

 

It says that Yout is simply one of a number of stream-ripping services online whose “raison d’être is to bypass YouTube’s technological restrictions” to enable digital downloads to users’ devices, contrary to the law. Yout is attempting to “turn the legal tide” against successful cases against similar services in other regions by having a US court give its blessing to something that breaches the DMCA, the RIAA adds.

 

“Plaintiff’s allegations show that Yout does bypass or avoid YouTube’s TPMs, and Plaintiff does not and cannot plausibly allege that it has the authority of copyright owners to access and copy their works,” its motion reads.

 

Finally, the RIAA addresses another of Yout’s claims which describes how the RIAA sent DMCA takedown notices to Google, demanding that Yout URLs be delisted from search results. Yout says that these notices should never have been sent since it does not circumvent technical measures, and the RIAA either sent the complaints without carrying out appropriate testing or already knew that the sservice was non-infringing.

 

Again, the RIAA reiterates an argument it presented earlier. If these were alleged copyright infringement notices that contained misrepresentations, there may be a remedy under the law. However, the RIAA says its notices addressed alleged circumvention issues under the DMCA, which don’t go punished.

 

“Plaintiff’s Section 512(f) claim is based on RIAA’s notices to Google, which alleged circumvention, not infringement. Even if Section 512(f) were applicable, Plaintiff does not and cannot plausibly allege, as it must, that RIAA knew its allegation was false (it was not),” the music group says.

 

“Plaintiff cannot plausibly plead state-law defamation or business disparagement claims, both of which require Plaintiff to allege a false statement. Nothing in RIAA’s notices was false. On the contrary, RIAA’s allegation that the Yout service is circumvention technology is true as a matter of law.”

 

In summary, neither side has moved its original position in any notable way and at this point, only old ground is being covered. Where the case goes from here will have to be determined by the judge.

 

The RIAA’s motion and supporting memorandum can be found here and here (pdf)

 

Tackling online piracy is a complicated endeavor that often starts by identifying the operators of infringing sites and services. This is also where the first hurdles come into play.

 

Most pirate operations shroud themselves in secrecy and do all they can to remain anonymous. This starts with the domain name registration.

 

The owner of every domain name on the Internet is required to supply personal information when they buy a domain. This “Whois” information has to be accurate. However, it’s not necessarily available to the public at large.

Whois Privacy

There are several commercial Whois proxy or shielding services that hide registrant information. These have legitimate uses, to avoid abuse and harassment for example, but they also come in handy when a site’s business model is not entirely legal.

 

Copyright holders have complained about these privacy services for years. Domain registrar oversight body ICANN is aware of this and is considering whether to make ‘proxy’ registration data available for enforcement purposes. The plan has yet to be finalized.

 

To make matters worse for copyright holders, the EU’s GDPR privacy law only made it harder to identify domain owners. In response to the GDPR, ICANN implemented a temporary specification that led to further restrictions, shielding the personal data of site owners that would previously have been available through the Whois system.

RIAA Calls Out ICANN

These developments are a source of frustration for the RIAA. The music industry group submitted its notorious markets comments to the USTR last week. In addition to providing an updated list of piracy threats, these domain name troubles were highlighted.

 

“(i)t has become exceedingly difficult to track, enforce against, and accurately associate various notorious websites,” the RIAA writes. According to the group, ICANN’s policy that requires privacy and proxy services to disclose registrant data has been fully approved. However, the implementation is delayed.

 

“With estimates of over one third of all domain name registrations behind a privacy/proxy service, this failure of ICANN to implement disclosure policies for privacy/proxy services only serves to embolden online infringers and others that engage in malicious activity online with only minimal risks of identification and reprisal.

 

“In addition, ICANN has failed to adopt meaningful solutions to improve the accuracy of registrant information, despite discussions on this topic for the last several years,” the RIAA adds.

GDPR Byspass?

The RIAA isn’t happy about ICANN’s GDPR restrictions either. The domain name body added these to reduce liability under the EU’s privacy regulation. However, ICANN hasn’t come up with a solution for rightsholders who need this information.

 

“Despite promises to establish and implement a policy to provide uniform and consistent rules on how users can access such registration data, including for intellectual property protection and enforcement purposes, ICANN has yet to fully develop or implement such rules,” the RIAA notes.

 

“As previously noted, this continues to frustrate our ability to contact the registrant directly to address infringement issues, investigate relationships between infringing sites, and analyze our other enforcement options.”

 

By calling out these issues, the RIAA hopes to put them on the political agenda. And indeed, it appears that there is already some movement on this front.

EU to the Rescue?

Interestingly, it’s the EU that may come to the rescue of rightsholders. Europe’s privacy regulation previously resulted in Whois restrictions but the EU is now planning to turn things around.

 

In the draft of the ‘cybersecurity’ directive NIS 2, the registration of domain names will require complete and detailed data, including names, addresses, and phone numbers. This proposal is largely supported by ICANN, which stated that the information should be available to “legitimate access seekers.”

 

The legislation is still work-in-progress and the text may change along the way. In the most recent draft, the registration data is not meant to be posted publicly. Instead, it will be made available to public and competent authorities for enforcement purposes, among other things.

 

Based on the above, we can expect more clashes between privacy advocates and copyright enforcers in the near future. Whether with or without the involvement of the USTR.

 

—

 

A copy of RIAA’s submission to the US Trade Representative is available here (pdf). An overview of the nominations for the notorious markets report, which show a lot of overlap with previous years, is listed below.

 

Stream-ripping Sites

 

– Ytmp3
– Mp3juices
– Snappea
– Flvto & 2Conv
– Y2mate
– Savefrom
– MP3-YouTube

 

Mp3 Search-and-Download Sites

 

– Newalbumreleases
– Intmusic
– AK47Full

 

BitTorrent Indexing Sites

 

– ThePirateBay
– 1337x
– Rarbg

 

Cyberlockers

 

– Zippyshare
– Rapidgator
– Turbobit
– Filecrypt (link protector)
– Ddownload.com
– Anonfiles.com

 

Piracy within Mobile Apps

 

– Telegram

 

Bulletproof ISPs

 

– Ecatel/Quasi Networks
– FlokiNET

 

Nigerian-Operated Infringing Sites

 

– No sites mentioned

 

Reverse Proxy Services to Obfuscate Hosting ISP

 

– Njal.la Registrar.
– .to ccTLD Registry.

 

Famously founded by Kim Dotcom a year after the 2012 shutdown of Megaupload, Mega has grown to become one of the most popular cloud storage sites online today. Dotcom is no longer involved with the platform but that hasn’t affected its growth.

 

In its launch year Mega hosted just 0.6 million files but just 12 months later, that had grown to an impressive 3.6 billion. By 2019, the number of files stored had swelled to 63.8 billion and last year that figure grew further still, topping out at 84 billion files.

 

This data is presented in Mega’s annual transparency report and this week the company published its latest set, revealing that it now has 230 million users in more than 200 countries and territories. Together those users are storing more than 100 billion files utilizing end-to-end encryption, meaning that the platform continues to grow.

Copyright Infringement & Content Removal

Right from the beginning, Mega has been promoted as a privacy platform, meaning that not even the company itself is able to look at what content is being stored on its servers. This is a welcome feature for users but it’s still possible for them to share stored content with outsiders, as long as links are distributed with a decryption key.

 

It follows then that some Mega users utilize the service for sharing copyrighted content including movies, music and TV shows, much as they had done with Megaupload. In what appears to be a clear effort to distance itself from its predecessor, however, Mega is overtly public about what actions it takes to tackle infringement in response to valid or at least uncontested copyright holder requests.

 

During the most recent reporting period spanning 12 months to September 2021, Mega received more than 2.3 million takedown requests from copyright holders, up from around 1.2 million in the previous reporting period. The company says that it aims to process takedowns within a maximum of four hours, with most takedowns being actioned within minutes.

 

 

“The number of files which have been subject to such takedown notices continues to be very small [compared to overall files stored], indicative of a user base which appreciates the speed, flexibility and privacy of Mega’s systems for legitimate business and personal use,” the company says.

 

“In Q3 2021, the links taken down represented 0.0007% of the 107 billion files uploaded to Mega servers.”

 

In common with many online platforms that handle user-uploaded content, Mega also processes copyright counternotices, which allow those wrongfully targeted with a takedown request to file an objection. The company says that most of the counternotices it receives are both genuine and appropriate but the number it receives is vanishingly small.

 

In the previous reporting period, Mega processed 20 counternotices. In the latest, that had dropped to just 13, none of which were contested by the original complainant. This suggests that the overwhelming majority of copyright complaints are genuine, with possibly a small number targeting files that users simply don’t care enough about.

Repeat Infringer Policy

After initially operating a “five strikes” policy, in 2015 Mega introduced a “three strikes” regime that remains in place today.

 

“Mega suspends the account of any user with three copyright takedown strikes within six months. In some cases, the account can be reinstated after it is proved to be the subject of invalid takedown notices, but most suspended accounts are terminated,” the company says.

 

Account suspensions for alleged copyright infringement peaked in the third quarter of 2017 at just over 8,000 but tailed off to a relatively steady 2,000 to 2,500 suspensions per quarter thereafter. In the 2019/20 period, Mega suspended a total of 8,845 accounts, a number that increased to 9,716 in the most recent 12-month period.

 

Added together, the total number of accounts suspended is large but as Mega is keen to point out, the overall number of users on the platform should be considered for context.

 

“As at 30th September 2021, Mega had suspended 144,813 users for repeated copyright infringement. The data below shows that suspensions are a very small % of the number of registered users,” its new report reads.

 

Storage of Personal Data

Finally, Mega reports that it currently stores “very limited” non-encrypted personal data on servers in New Zealand, Canada and/or Europe, suggesting none in the United States. This data includes users’ email addresses and “some activity” relating to account access, file uploads, shares, and chats.

 

However, digging into the service’s privacy policy reveals that when people use Mega, its systems retain metadata including IP address and port information for logins, API usage, file uploads, folder creations and link exports. This means that if a user shares a file in public with a decryption key attached, copyright owners can identify the content and potentially link that to an account at Mega carrying personal data.

 

Mega also stores the email addresses of anyone that users have contacted using Mega’s systems, the email addresses of chat participants, plus chat commencement and duration times.

 

Account data is kept for as long as accounts are active and in the event that an account is suspended or terminated, the company ‘may’ hold that data if enforcement action takes place or is likely. After 12 months, if no action is apparent, account data will be anonymized with the following condition:

 

“[W]here you are a contact of, have had a folder shared with you by, or have chatted with, another MEGA user, those details will continue to be retained to allow services to continue for those other users,” the company writes.

 

“If we think it is necessary or we are obliged by law in any jurisdiction, then we are entitled to give Your Files, Your Chats, any Account Data and any Usage Data to competent authorities, even if those items are encrypted. We reserve the right to assist any law enforcement agency with investigations, including disclosure of information to them or their agents.”

 

Mega’s latest transparency report can be found here

 

Earier this month the RIAA secured a major victory in its piracy lawsuit against YouTube-rippers FLVTO.biz and 2conv.com and their Russian operator Tofig Kurbanov.

 

A Virginia federal court issued a default judgment in favor of several prominent music companies after the defendant walked away from the lawsuit.

 

According to Judge Buchanan there is a clear need to deter the behavior of Kurbanov, who also failed to hand over evidence including server logs. “A less drastic sanction is unlikely to salvage this case,” he noted.

 

Following this win, the RIAA also asked for an injunction to stop the sites’ worldwide stream-ripping activities. In addition, the music group demanded $82 million in damages. Both of these requests have yet to be signed off by the court.

YouTube Rippers Oppose Demands

While the Russian operator previously indicated that he would no longer take part in the lawsuit, his legal team is not letting the case go completely. This week, they filed a brief in opposition of the RIAA’s demands.

 

Among other things, Kurbanov’s attorneys point out that the RIAA failed to provide evidence of concrete copyright infringing activity that took place in the United States. Without infringements, there shouldn’t be any damages, they argue.

 

“Plaintiffs have provided the Court with no competent evidence from which the Court could conclude that any infringement took place at all in connection with the 1,618 works in suit, much less that such infringement took place within the boundaries of the United States.

 

“Without such evidence, this Court cannot find that Plaintiffs are entitled to any statutory damages, since the evidence of actual infringement does not exist,” the attorneys note.

 

The defense argues that if the court decides to award statutory damages nonetheless, these should be substantially lower than the millions the music companies demand. Lower damages are appropriate because the case only deals with contributory infringement, while Mr. Kurbanov himself has never set foot on U.S. soil.

YouTube-DL Defense

In addition, the attorneys stress that the stream-rippers’ alleged infringing activity stems from open source software that’s freely available on the Internet. This software, youtube-dl, was previously removed from GitHub by the RIAA but it was reinstated after an intervention from the Electonic Frontier Foundation (EFF).

 

Kurbanov’s legal team specifically cites the EFF which concluded that, in circumvention terms, youtube-dl works in the same way as a regular web browser.

 

“As the EFF explains, the youtube-dl software does nothing more than provide YouTube’s servers with the same code that any web browser would provide if an individual went to YouTube looking to play one of the songs that Plaintiffs make freely available to the entire world.”

 

In addition to the damages, the RIAA also asked for an injunction that would effectively order Kurbanov to block worldwide traffic to his sites. Not just that, the Russian site operator would also lose ownership of his domain names.

Blocking Should be Limited to U.S. Traffic

This global ‘blocking’ demand goes too far, the lawyers point out, as United States courts have no jurisdiction over alleged infringing activity that takes place in other countries.

 

Mr. Kurbanov has already decided to block U.S visitors from accessing FLVTO.biz and 2conv.com so there is no need for any further measures. If the court decided to issue an injunction after all, it would be appropriate to limit it to the United States.

 

“Should this Court find injunctive relief appropriate, it should narrowly target such relief, ordering only that Mr. Kurbanov continue to block visitors to the Websites from the United States from accessing any copyrighted materials owned by the Plaintiffs,” Kurbanov’s attorneys write.

 

“Such an order – while not currently necessary given the complete blocking of the sites in the United States – is sufficient to protect all of Plaintiffs’ legitimate concerns.”

 

Given the stakes at play, we can expect the RIAA to contest this opposition brief if it gets the chance. After that, it will be up to the court to decide if damages and injunction measures are appropriate and what these should be.

 

—

 

A copy of Mr. Kurbanov’s brief in opposition to RIAA’s request for damages and a permanent injunction is available here (pdf)

 

Last week, Hollywood’s Motion Picture Association (MPA) shared its annual overview of “notorious markets” with the US Trade Representative (USTR).

 

This list typically includes examples of pirate sites and services. However, it goes further than that, as third-party intermediaries are called out as well.

Notorious Domain Registries?

This year, the MPA included five registries connected to the .CH, .IS, .RU, .TO and.TV domains. These organizations manage and oversee the respective TLDs. While registries are neutral service providers, rightsholders believe that they can take a more active anti-piracy approach.

 

“A registry, directly or via its contractual relationship with its registrars, has the ability to withdraw or disable domain names used by websites engaged in massive copyright infringement,” MPA wrote.

 

With the nomination for the USTR’s annual list of notorious markets, these organizations risk becoming targeted by diplomatic pressure. However, the registries themselves see things quite differently.

TONIC

The Tonga Network Information Center (TONIC), responsible for the .TO TLD, is one of the affected organizations. The MPA specifically mentioned sites such as rarbg.to, fmovies.to, kinox.to, serienstream.to, 1337x.to, torrentgalaxy.to, solarmovie.to, ibit.to, and bs.to which use the TLD.

 

Speaking with TorrentFreak, TONIC stresses that the organization has no obligation to respond to random complaints from third-parties. TONIC points to statements made by the EFF in the past, which also warned that taking domains offline without due process can damage free speech.

 

This doesn’t mean that TONIC takes no action at all. The registry informs us that it has complied with many court orders in the past, some of which resulted in domain name suspensions.

 

“The .TO registry complies with court orders from courts of competent jurisdiction, including US courts, and has on many occasions taken down domain names in compliance with court orders,” TONIC’s Eric Gullichsen says.

ISNIC

MPA’s submission also includes Iceland’s registry ISNIC. According to the Hollywood group, pirate sites and services regularly use .IS domains and it accuses the registry of being unresponsive to law enforcement requests.

 

“Examples of infringing websites operating with .IS domains include filmlinks4u.is, watch32.is, soap2day.is, torrentz2.is, and moviewatcher.is. ISNIC does not generally respond to international or local law enforcement requests,” MPA wrote.

 

ISNIC CEO Jens P. Jensen categorically denies the latter accusation, stating that it’s “plainly wrong.” ISNIC does respond to local court orders and it also accepts third-party abuse complaints.

 

“ISNIC does respond to genuine, well-written and informative abusive reports coming from private parties and from Law Enforcement,” Jensen informs TorrentFreak.

 

“Our job is then to identify, and in some cases provide the reporter with the real name and address of the registrant so that he or she can be held accountable,” he adds.

 

 

As a relatively small player, Iceland’s registry says that it goes above and beyond what other registries do. Jensen says that this includes some large players “which MPA decides not to mention as they might kick back heavily.”

 

ISNIC handles abuse complaints from outsiders through a ‘bad registration process’ which verifies the identity of a domain owner. If a registrant can’t back up or correct the registration within one to two weeks, the domain is suspended.

 

This policy and ISNIC’s other procedures are in line with the new .IS domain law that was published by the Parliament of Iceland earlier this year.

 

The commentary from TONIC and ISNIC show that both registries disagree with MPA’s characterizations. Both clearly reject the “notorious market” label and hope that the US Trade Representative will recognize that they don’t act in bad faith.

 

This isn’t the first time that registrars and registries are nominated as “notorious markets.” The MPA called out many of the same organizations last year, but those were not included in USTR’s final notorious markets report.

 

In recent years, Italian authorities investigating IP crime have committed significant resources to the ongoing problem of pirate IPTV services.

 

From being part of the operation that shuttered software platform Xtream-Codes to the closure of a service that was allegedly responsible for the supply of 80% of the country’s ‘illegal transmissions’, Italy has been pushing hard against all players in the ecosystem.

 

One area where local law enforcement has been treading new ground is the targeting of subscribers to such unlicensed services. Last year, authorities said that users are on the radar, with potentially tens of thousands set to face action.

 

In February 2020, police reported over 220 to the judicial authorities and last month followed up with another batch of 240, all of whom face fines and potential court appearances. Another investigation, which police reported as concluded this week, will see another 1,800 face action.

Investigation into IPTV Reseller Concludes

A new announcement from the Guardia di Finanza, the police unit tasked with financial crimes, reveals that an investigation into a pirate IPTV reseller operation run by a resident of Varese has is now complete.

 

It’s alleged that the man, who is believed to be 70-years-old, ran platforms including TVSStreamingItalia and IPTVPanamaCity to sell IPTV packages offering Mediaset Premium, Sky, Disney+ and DAZN content without permission.

 

 

The man was reported to the Computer Crimes Section of the Milan Public Prosecutor’s Office for crimes including counterfeiting, alteration or use of trademarks, violations of intellectual property rights, and computer fraud dating back to 2017. He is believed to have earned around 500,000 euros from his operation, an amount on which he failed to declare income taxes, a situation the authorities will seek to remedy.

1,800 IPTV Subscribers Face Prosecutions

After supplying the pirate service with their device MAC addresses, subscribers bought access to the platform in a number of ways, including via direct bank transfers and top-ups with pre-paid cards. This enabled the investigators to positively identify them as customers of the service.

 

Of course, some customers could claim to be innocent victims on the basis they believed that they would be subscribing to an official service. Not so say police.

 

In an effort to deflect blame away from himself, it’s alleged that the reseller sent messages to prospective users indicating that viewing channels inside Italy carried risks related to exclusive rights and dissemination of intellectual property. That disclaimer did nothing for the defendant but effectively put customers on notice that what they were about to do was illegal, meaning they cannot claim ignorance about the nature of the subscription.

 

 

As a result, around 1,800 subscribers were traced via their payments to the pirate IPTV supplier. They will have to pay a fine and potentially defend themselves in court against allegations of knowingly receiving stolen goods. Local publication Varesenews reports that the total fines could reach 300,000 euros but how this will be split between the defendants is unclear.

ACE Confirms Closure of Another IPTV Platform

Early October we reported that the Alliance for Creativity and Entertainment (ACE) had quietly seized dozens of IPTV-related domains, including electrotv-sat.com, electro-tvsat.com, electro-tv-sat.com, electrotvsat.net, and electro-tv-sat.net.

 

In an announcement late Monday, ACE confirmed that the seizures were part of an operation to shut down Electro TV Sat in North Africa.

 

“Electro TV Sat offered several reseller packages and Illicit Streaming Devices preloaded with illegal streaming apps. The service, which had been active since April 2020, featured 6,000 channels and 200,000 movie titles & TV series, affecting all 34 members of ACE,” the anti-piracy coalition reported.

 

“Two individuals from the city of Oujda in northeast Morocco operated the service, which received 90,000 monthly visitors with substantial traffic coming from French-speaking countries.”

 

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only.

 

These torrent download statistics are only meant to provide further insight into the piracy trends. All data are gathered from public resources.

 

This week we have three new entries in the list. “Copshop” is the most downloaded title.

The most torrented movies for the week ending on October 18 are:

Movie Rank	Rank last week	Movie name	IMDb Rating / Trailer
Most downloaded movies via torrent sites
1	(…)	Copshop	6.4 / trailer
2	(1)	Free Guy	7.4 / trailer
3	(…)	Halloween Kills	6.1 / trailer
4	(4)	Old Henry	7.3 / trailer
5	(5)	Old	5.9 / trailer
6	(…)	Dune	8.3 / trailer
7	(2)	The Addams Family 2	5.4 / trailer
8	(7)	The Suicide Squad	7.6 / trailer
9	(back)	Black Widow	6.8 / trailer
10	(3)	The Night House	6.6 / trailer

 

 

Note: We also publish an updating archive of all the list of weekly most torrented movies lists.

 

Copyright holders have tried a wide variety of legal options to tackle online piracy, including lawsuits.

 

This year we have seen a series of complaints in US courts where filmmakers sued third-party services for facilitating piracy. This includes VPN providers and their hosting companies.

VPN.ht is one of the companies that was sued. Last week it settled the case by agreeing, among other things, that it would block BitTorrent traffic and keep logs on US servers. In response, the VPN announced that it would stop using US-based servers, to ensure the privacy of its users.

Filmmakers Demand Millions and More

The settlement didn’t end the lawsuit completely as the anonymous operators of Popcorntime.app were targeted in the same case. Since the Popcorn Time operators failed to respond in court, the filmmakers requested a default judgment of millions of dollars in damages as well as a broad injunction.

 

The proposed injunction would not just apply to the Popcorn Time operators, it also required third-party Internet services to take action.

 

For example, third-party service providers, including Cloudflare and Google, would have to stop people from accessing alternative Popcorn Time domains such as popcorn-ru.tk. Those measures include the removal of all search engine results.

 

The proposed injunction would also compel regular ISPs to block subscribers’ access to Popcorn Time domain names. If granted, that broad language could affect a wide variety of Internet services including Comcast, Verizon, and AT&T.

Filmmakers Demand Millions and More

Recognizing the gravity of the situation, Google asked the Virginia federal court to be heard in the matter so it could object to the far-reaching proposals. However, this is no longer needed, as the filmmakers have withdrawn most of their demands.

 

A few days after Google wrote to the court, the filmmakers submitted an amended proposed order which limits the scope of the requested injunction. All demands for third-party companies to take action, including Google, have been removed.

 

The paperwork doesn’t explain why the rightsholders took this action. It’s possible that they were not eager to go head to head with Google over the matter. At least, not in this case.

Judge Sides With Filmmakers

The withdrawal of the blocking measures doesn’t mean that the filmmakers are leaving empty-handed. On the contrary, last Friday Virginia Magistrate Judge Theresa Carroll Buchanan issued her report and recommendation on the default judgment, which brings good news for the rightsholders.

 

Among other things, Judge Buchanan recommends awarding damages for trademark infringement, DMCA violations, contract breach, and willful copyright infringement against Popcorntime.app.

 

“With Defendant Doe’s BitTorrent software Popcorn Time users can search, download, and stream copies of the Plaintiffs’ Works through peer-to-peer sharing, which results in the unauthorized distribution and public performance of the Copyright Plaintiffs’ Works. Accordingly, the undersigned finds that Plaintiffs have sufficiently pled an infringement claim under the Copyright Act,” Judge Buchanan writes.

 

“Plaintiffs requests the maximum possible statutory damages award of $150,000 per Work (here, twenty-one) for a total of $3,150,000. Because of Defendant Doe’s willful infringement, the undersigned finds that Plaintiffs’ request for $3,150,000.00 total damages is reasonable.”

$5,734,946.74

In addition to the copyright infringement damages, the Judge also recommends $2,000,000 in trademark infringement damages as well as $525,000 in damages for violating the DMCA, among other things. Added up, this brings the total damages to $5,734,946.74.

 

The recommendation also approves an injunction that requires the Popcorn Time operators to stop any infringing activity. The measures against third party services such as Google are off the table, and Judge Buchanan says that she would not have approved these anyway.

 

“As discussed above, the Plaintiffs have withdrawn any request that this Court order third-party providers, like Google, to cease providing service to and to block Defendant Doe, which the undersigned was nonetheless prepared to reject,” Judge Buchanan adds.

 

The Report and Recommendation is not final yet and still has to be approved by the court. If that happens, the filmmakers will score a big win. However, getting paid by the anonymous Popcorn Time operators will probably be quite a challenge.

 

—-

 

A copy of Virginia Magistrate Judge Theresa Carroll Buchanan’s Report and Recommendations is available here (pdf)

 

Dune (also known as Dune: Part One) is the first installment of a planned two-part adaption of the 1965 sci-fi book written by Frank Herbert. The movie has been in the planning for years, with filming eventually taking place between March and July 2019.

 

Dune had its world premiere at the 78th Venice International Film Festival on September 3, 2021, and Warner Bros. released the movie internationally on September 15, which did not include key markets such as the US and UK.

 

The movie will launch simultaneously in theaters and on HBO Max on October 21, a day earlier than originally planned. However, the controversial decision to have a day-and-date release in the US is already being overshadowed by another type of distribution.

Dune Released on Pirate Sites

During the early hours of Sunday, the P2P release group known as EVO released a 10.6GB file claiming to be an ‘HDRip’ of Dune. This means that the copy was not obtained from a ‘cammed’ or camcorder copy of the movie shown in theaters but has been ripped from some other source.

 

Some torrent sites have the release marked up as a WEBRip, which suggests an online streaming source but at the time of writing, EVO has not yet responded to TorrentFreak’s request for comment. From the NFO file released with the movie what we can confirm is that the resolution is a reported 1920×780 and the running time is 2 hours and 30 mins, five minutes less than the 155 minutes listed on IMDb.

 

Update: A source familiar with the release says the runtime discrepancy is explained by the source of the leak, which is a European VOD/DCP leak with a higher framerate.

 

 

As the image above shows, the quality could be better and indeed, some pirates will prefer to wait until October 21 to obtain a copy of the movie ripped from HBO Max. In the meantime, however, that isn’t stopping pirates in their droves from obtaining the release.

From One Copy, Many Others Spawn

After the original 10.6GB release, other EVO branded variants appeared online in smaller file sizes including 4.4GB and around 1.8GB. These easier-to-consume copies are popular with pirates, with tens of thousands getting in on the action in the first few hours alone. As a result, Dune is clearly well on its way to becoming one of the most pirated movies of the year.

 

 

It will take some time to properly assess how many times the film will be grabbed via torrents but it’s less easy to estimate to what lengths the movie will be pirated overall.

 

Unauthorized streaming sites now account for a huge part of the unofficial market so even if there have been hundreds of thousands of downloads thus far (which seems likely), that figure could be dwarfed in the days to come.

Dune Release Latest in High-Profile Leaks from EVO

The leaking of Dune by the EVO peer-to-peer group is the latest to make headlines for the shadowy entity. Last month, EVO was also responsible for leaking copies of ‘The Power of the Dog’ and ‘The Guilty’. These Netflix movies were apparently obtained from film festival screeners and published well before their official release dates.

 

The exact source of the Dune leak is currently unknown but coming just days before its simultaneous release in US theaters and HBO Max will come as a blow to Warner Bros. and indeed director Denis Villeneuve, who has already urged people to watch the movie in theaters, not on the small screen.

 

“The way it happened, I’m still not happy. Frankly, to watch Dune on a television, the best way I can compare it is to drive a speedboat in your bathtub. For me, it’s ridiculous. It’s a movie that has been made as a tribute to the big-screen experience,” he said recently, commenting on the day-and-date release.

 

Villeneuve says that the big enemy of the cinema “is the pandemic” but right now, another type of viral distribution could be an even bigger concern.

 

Over the past decades, hundreds of popular ‘pirate’ sites have come and gone. This includes the likes of isoHunt, ExtraTorrent, and KickassTorrents.

 

These shutdowns have a serious impact but, as time passes, estranged users eventually move on. The same can’t be said for all anti-piracy organizations.

Hunting Pirate Ghosts

As it turns out, sites that have long disappeared are still seen as a ‘threat’. That is, judging from the takedown notices they send to Google. While browsing through the Lumen Database this week we spotted a takedown notice targeting NYAA.se, for example.

 

While the NYAA brand is still used today by a different operation, the original NYAA.se site shut down more than four years ago. At the time of writing Google no longer indexes any NYAA.se URLs. However, that doesn’t stop takedown notices from coming in.

 

 

This unusual request prompted us to take a deeper dive into the matter to see if other dead sites are still alive in anti-piracy circles. We didn’t have to look very far to get confirmation.

KickassTorrents and ExtraTorrent

Five years ago marked a turbulent time for the torrent ecosystem as some of the top sites were taken offline. This includes KickassTorrents, which was shut down following a criminal investigation from US law enforcement.

 

At the time, the site was operating from KAT.cr which immediately went offline. While someone else picked up the domain name after it expired, the site never returned in its original form.

 

When we look through Google’s DMCA takedown database, however, it’s clear that anti-piracy organizations still see a threat. The domain was targeted in dozens of requests this year, filed by multiple reporting agencies. This includes the one below that came in this week.

 

 

We see a similar pattern for ExtraTorrent.com, which decided to go offline in 2017, a few months after KickassTorrents disappeared. While Google no longer indexes any ExtraTorrent links after all these years, new takedown requests continue to come in.

Defunct Pirate Bay Domains

We can repeat these findings for pretty much every prominent piracy site that shut down in recent years. Not just that, it also works for domain names that were suspended or abandoned, including those of The Pirate Bay.

 

Thepiratebay.se domain, for example, was previously the main domain of the notorious torrent site. After a legal battle, it was eventually handed over to the Swedish police in 2017. However, hundreds of new takedown notices come in for this domain every month.

 

While the reported links lead nowhere, the anti-piracy groups may have a better reason here, as there are still several ancient Thepiratebay.se links indexed by Google’s search engine.

How Far Can We Go Back

Google only started reporting its takedown requests ten years ago so we can’t go back indefinitely. However, we can certainly go beyond 2016, starting with FilesTube, which once was the top target for Google takedown notices.

 

FilesTube transformed itself into a legal platform in 2014 and later it disappeared completely. Today, takedown notices for FilesTube are rare, but we were still able to spot six separate reports this year. The most recent one was filed last month.

 

If we go back yet another year, we arrive at 2013, when Hollywood took down Hotfile and isoHunt, which many considered to be pirate sites as well.

 

After roughly eight years, anti-piracy groups haven’t forgotten about these two either. Both continue to be targeted occasionally. For example, just this week Google was asked to remove an isoHunt.com URL from its search engine, which probably hasn’t been indexed for over half a decade.

 

The main question we have is why these sites are still being reported?

 

It’s clear that reporters don’t always confirm that the links are actually live. We will ask some of the reporting agencies to shed a light on this, so perhaps we’ll find out more on that in the near future.

 

Qatar-based TV network beIN has been heavily embroiled in perhaps the most controversial TV piracy scandal in recent years. Saudi-backed pirate satellite provider beoutQ threatened to decimate beIN’s business and the ensuing battle had far reaching consequences.

 

The conflict was part of a diplomatic crisis between Qatar and other Arab countries and resulted in beIN being prevented from doing business in Saudi Arabia. BeoutQ was happy to continue broadcasting beIN’s content, however. BeoutQ’s satellite operations reportedly went offline in August 2019 under assorted diplomatic pressures, but that didn’t stop the transmission of beIN content via its rival’s set-top boxes.

 

Last week it was reported that progress has been made between the parties, with Saudi Arabia set to lift the ban on beIN along with a promise to close pirate websites. But as the ‘hydra’ concept of piracy dictates, when one head is cut off several others appear – if they don’t exist already, which they always do.

beIN Reveals Major Piracy Threats

This week, beIN Media Group and subsidiary Miramax submitted their recommendations to the Office of the United States Trade Representative for the purposes of the USTR’s 2021 Out-of-Cycle Review of Notorious Markets. There is predictably no mention of beoutQ but the companies are keen for the US government to take action against a number of pirate IPTV operations.

 

The companies begin by highlighting that the “most egregious” pirates in its report are making their content – and US content – available to the masses illegally, something which negatively affects companies in the United States including Netflix, Disney, Fox, HBO, Paramount Pictures, Sony Pictures, Universal Pictures, and Warner Bros. One pirate IPTV provider in particular appears to be a major concern.

Dream TV

In its submission, beIN provides an overview of how the pirate IPTV ecosystem works, from the pirates who capture the first copies of live TV, movies and TV shows to an underlying infrastructure including re-streamers, resellers, and device distributors. BeIN believes that the original sources of beIN channels are relatively limited but has identified one in particular.

 

“Dream TV is a well-known and widely viewed Moroccan-based pirate IPTV service provider. On its website, Dream TV presents itself as the largest provider of IPTV international channels on the market for individuals and resellers, offering 2,300 channels of different qualities: SD, HD, FHD and H265,” beIN notes.

 

“Through its investigations, beIN has found that Dream TV is likely to be responsible for a substantial proportion of pirated beIN channels streamed in the pirate IPTV ecosystem. These are all pirate streams showing pirated beIN channels, as well as Miramax content and channels belonging to other international and US rights holders, such as: ABC News, Cartoon Network, CNN, FOX, and NBC.”

 

According to beIN, Dream TV also offers a program that allows people to sign up, purchase and resell Dream TV and as such requests that Dream TV is designated as a ‘notorious market’ by the USTR.

Many Other Pirate IPTV Providers Pose a Threat

BeIN continues by providing details of many other pirate IPTV providers. These include Mediastar and Forever IPTV, which are reportedly owned and operated by Chaloos, a company based in Erbil, Iraq.

 

“[Forever IPTV] is a wholesaler of pirate IPTV channels that offers to supply pirated channels to IPTV resellers. Forever IPTV provides access to thousands of on-demand movies and television shows, including content owned by Miramax. For example, the following US channels are available on Forever IPTV: ABC News, CBS, CNN, Discovery, Disney, ESPN, FOX, HBO, and MTV,” beIN writes.

 

Chaloos was added to the Notorious Markets list in 2020 but, according to beIN, the situation hasn’t improve so the company should remain on the list for 2021. However, the problems with Iraq-based entities are even broader.

 

Earthlink is Iraq’s largest Internet service provider but also has an interesting sideline. According to beIN, Earthlink operates pirate IPTV service Shabakaty, which is believed to have 500,000 subscribers. The channels on offer include those offered by Disney, HBO and Sky, with the service also offering content on-demand from the likes of Netflix, Paramount, Sony, Universal and Warner. That earned the IPTV service a spot on the MPA’s submission too.

 

Pirate provider Family Box is also cited as a threat, offering around 7,000 IPTV channels with global coverage. iStar is another, offering its own devices that come with a 12-month subscription to a pirate app branded ‘Online TV’. Both of these entities are reported as operating from Erbil, Iraq, with iStar-branded receivers sold across both Europe and the United States. iStar is currently being sued by DISH in the US.

 

Other providers listed by beIN include Redline/Red IPTV (Turkey), Renbow TV/Cobra IPTV, Spider (Jordan), Starsat, Apollo IPTV (UAE), and Volka IPTV (Tunisia/Morocco/Algeria).

The System Holding it All Together

An interesting section in the beIN submission details the software platform Xtream-UI. Readers will recall that a similar software service, Xtream-Codes, was shut down in 2019 following a massive law enforcement operation.

 

BeIN says that to a large extent the worldwide pirate IPTV infrastructure is facilitated by ‘IPTV panels’ such as Xtream-UI, which is said to operate from Extreme-ui.org. This appears to be an error in the submission since that domain does not exist. The correct domain is easy to find though and the oversight is unlikely to hinder the USTR’s investigations.

 

BeIN stops short of highlighting Xtream-UI as a ‘notorious market’ but does blame the tool for being a central component of IPTV-based infringement in the Middle East and worldwide.

 

The beIN and Miramax submission can be found here (pdf)

 

In recent years, adult entertainment outfit Malibu Media has often been described as a copyright-trolling operation.

 

The company, known for its popular “X-Art” brand, has gone after thousands of alleged file-sharers in U.S. courts, collecting millions of dollars in settlements.

Accused Subscriber Fight Back

Most Internet subscribers who are accused of piracy don’t put up a fight but occasionally one does. They include Mr. W.M. who filed a counterclaim and demanded that Malibu should back up its claim with the digital evidence that led to their accusation.

 

Despite a court order, this evidence never came in. This frustrated the court, the accused subscriber, and even Malibu’s own attorney, who withdrew from the case last year because her client failed to comply.

 

In the months that followed little progress was made and, earlier this year, U.S. District Court Judge Thomas M. Durkin handed a win to Mr. W.M. The court ordered Malibu to pay $48,656.73 in costs and attorneys’ fees.

Malibu Didn’t Pay Up

In most cases, an order like this would end things but, in this instance, the matter is far from resolved. As it turns out, Malibu Media has failed to pay up. On top of that, it actively diverted funds that should have been used to pay these fees.

 

Over the past months, Mr. W.M.’s legal team hired Joseph Stewart, an experienced collection attorney, to try to get what they’re owed. They went as far as obtaining a restraining order that required Malibu Media and its payment processor Epoch.com to restrain the “X-Art.com Proceeds.” That order also applied to ZO Digital, a company operated by the husband of Malibu’s boss, Colette Pelissier, which collected these payments.

 

The legal team also obtained information from Epoch.com which showed that plenty of X-Art.com revenue was still coming in. However, after the passing of several months, the fees had yet to be paid.

 

This prompted Mr. W.M.’s attorney, Joseph Stewart, to request a turnover order and other declaratory relief, to increase the pressure and make sure that the appropriate payments are made. This week, District Court Judge Thomas M. Durkin signed off on this request.

Plenty Revenue

The court order highlights that in roughly six months of this year, X-Art.com generated well over $100,000 in proceeds.

 

“Epoch’s books and records indicate that between February 17, 2021, when this court entered its judgment, and August 14, 2021, when it was served with the restraining order, Epoch paid ZO Digital a total of $125,397.07 (net of fees and charges) from the X-Art.com Proceeds.”

 

Judge Durkin orders Epoch to make sure that the money is not paid to Malibu, but to Mr. W.M.’s law firm, until the fees are paid off.

 

The order further confirms that ZO Digital failed to obey the court’s order that required it to produce documents and restrain funds. To ensure that the company follows orders going forward, Judge Durkin issued a conditional judgment in the amount of $51,333.

Court Slams Malibu

As expected, the order is also very critical of Malibu Media and its designated representative Colette Pelissier. The company obstructed the legal process on several occasions, despite having sufficient financial means to pay.

 

“Rather than pay, Malibu Media chose to not cooperate in the captioned supplemental proceedings by producing no documents, twice failing to appear for a debtor examination, and a third time failing to appear despite the court ordering Pelissier to do so or face arrest,” Judge Durkin writes.

 

“Malibu Media deliberately failed on multiple occasions to disclose documents related to the Epoch merchant account for X-Art.com and documents showing that it was diverting X-Art.com Proceeds to ZO Digital. Malibu Media has thus hindered, delayed, and interfered with these proceedings.”

Conditional Arrest Order

Since Pelissier failed to appear before a court without a proper reason, Judge Durkin signed a conditional body attachment order. This effectively means that she will be arrested if she fails to obey.

 

“The court orders the issuance of a body attachment order for the arrest of Colette Pelissier, but suspends that order for 14 days, until the next court status date of October 22, 2021, at 10:00 a.m.”

 

In this upcoming hearing, the court will check if ZO Digital has complied with the asset restaining order. If that’s not the case, a warrant for the arrest of Malibu Media’s CEO will follow.

 

The above suggests that Malibu Media has only made matters worse in recent months and the end is not yet in sight. The company, which has its corporate status suspended, also risks having to pay additional fees as a result, the court clarified.

 

—

 

A copy of Judge Durkin’s order and injunction is available here (pdf)

 

With individuals and groups getting involved in the pirate IPTV market on a continuous basis, it may seem that stopping the illegal distribution of live

 

TV channels, movies and TV shows is an impossible task doomed to failure.

 

That may be the case, but copyright holders and broadcasters are certainly willing to try.

 

Shutdowns, domain seizures, and other enforcement actions are reported almost every week, including civil lawsuits and criminal prosecutions in the US, EU and beyond. Germany has been helping to grow that tally in recent weeks.

September Raids Target Pirates

Last month, German news publication Tarnkappe reported that raids in Germany targeted two suspects aged 50 and 53 under suspicion of capturing broadcasters’ TV signals and offering them for sale via a pirate IPTV service.

 

 

In that operation, police reportedly seized 60 encoders and receivers, 20 smart cards, plus various pieces of computing and network hardware. Tarnkappe subsequently reported that rumors of multiple busts had been spreading in various IPTV discussion forums but it was impossible to link the reports to any particular provider.

 

Police in Germany now help to connect the dots with a new announcement.

One-Year Investigation Bears Fruit

A statement from police headquarters in the city of Osnabrück reveals that the Central Office for Internet and Computer Crime at the Osnabrück public prosecutor’s office and the cybercrime experts of the Central Criminal Inspectorate (ZKI) have “struck a serious blow” against a pirate IPTV provider.

 

After more than a year of investigations, in September 2021 police carried out searches in Sulingen, Dissen, Hamburg, Berlin, Enger, Gütersloh and Bochum. In total 70 IT devices were seized including cell phones, TV receivers, PCs, laptops, hard drives and other storage media. Police were also able to shut down the provider.

 

“We have succeeded in smashing the criminal network and also locating the people behind this perfidious fraud. We were able to shut down the illegal servers and take them offline,” says Marco Ellermann, spokesman for the Osnabrück Police Department.

Suspects Under Investigation

The authorities say that they have been able to identify 10 suspects connected with the service, including a 34-year-old believed to be the head of the ‘gang’. The police have not indicated that anyone has been arrested but it’s clear that at least some of the raids took place in residential properties.

 

Police say that their investigation has provided “concrete suspicion” that the suspects were involved in the sale of illegal IPTV, in particular premium TV content belonging to broadcaster Sky.

 

“To do this, they used shared IT network structures by renting servers. The case started rolling through an advertisement from the pay-TV provider. The accused advertised ‘cheap and stable television viewing’ via social networks. Without exception, they acted with nicknames,” police report.

 

The authorities report that if convicted, the suspects face a sentence of between six months and 10 years for commercial or organized computer fraud. Users of the service may face issues too, with police reportedly investigating their connections to the shuttered (and as yet unnamed) IPTV service.