News: File Sharing News

Devs Sneak Movie Piracy Apps Into App Store Disguised as Other Things

Tue, 15 Jun 2021 20:45:47 +0000

Devs Sneak Movie Piracy Apps Into App Store Disguised as Other Things

Movie and TV show piracy apps have periodically appeared on Apple's App Store but in recent years getting past the approval process has become more difficult. However, some developers are now using interesting techniques to fool the great minds at Cupertino, including by disguising piracy apps as puzzle games and Shazam-like music recognition tools.

There is no shortage of apps for both Apple and Android platforms that allow users to stream the latest movies and TV shows but accessing them usually requires extra steps on the user’s side.

Since both Google and Apple have a screening process, these tools are not widely available on their respective app platforms. For Android users, however, it’s simply a case of flicking a switch in the OS allowing software to be installed from third-party sources, and for Apple users, jailbreaking can achieve similar results.

But what if there was a way past Apple and Google’s gatekeepers that allowed full-blown piracy apps onto the official stores?

Piracy Apps as Trojan Horses

In the computing space, the term ‘trojan horse’ is often associated with malware but it appears that some developers are taking the idea of hiding something surprising inside a relatively boring wrapper to a whole new level.

9to5Mac reports that cunning developer ‘Ha Miller’ released a Sudoku game (titled Zoshy+) onto Apple’s App Store but instead of offering hours of logic-based fun, the software had the ability to transform into a movie and TV show piracy app.

The report notes that the Zoshy+ Sudoku interface may have used timed server-side controls to transform itself into a piracy app but according to various reports on social media, the same was also possible by typing the term ‘777’ into the search bar.

In many cultures ‘777’ is considered an important or lucky number but Unix users will be aware it’s a permission to make a file or folder accessible to everyone.

Zoshy+ Transformed (Image credit: 9to5Mac)

Not Just Sudoku

After looking into the Zoshy+ app it appears that it didn’t appear on the App Store just once. A similar (if not functionally identical) app called ‘Noyox‘ has also been doing the rounds lately, after sneaking past Apple’s security checks by masquerading as a Shazam-like music recognition tool.

In common with Zoshy+, Noyox has now been taken down by Apple but as this YouTube review reveals, it’s a full-blown piracy app featuring the latest movies and TV shows.

Interestingly, an app with the same name and appearance is also available on Google Play for Android devices. Unlike the App Store variant, Noyox isn’t advertised as a music recognition app but a Sudoku game. When launched the same ‘Zoshy+’ interface appears and we can confirm that it too turns into a full-blown piracy tool.

Finally, those searching for Zoshy on Google Play will find an app that appears to be a sliding puzzle game. Indeed, it does offer what it claims. However, enter the lucky code ‘777’ into the search bar and the app is transformed into something entirely different….

Devs Sneak Movie Piracy Apps Into App Store Disguised as Other Things

Top 10 Most Pirated Movies of The Week – June 14, 2021

Mon, 14 Jun 2021 22:01:30 +0000

Top 10 Most Pirated Movies of The Week – June 14, 2021

Every week we take a close look at the most pirated movies on torrent sites. What are pirates downloading? 'Infinite' tops the chart, followed by ‘The Conjuring: The Devil Made Me Do It'. 'Cruella' completes the top three.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only.

These torrent download statistics are meant to provide further insight into the piracy trends. All data are gathered from public resources.

This week we have three new entries in the list. “Infinite” is the most downloaded title.

The most torrented movies for the week ending on June 14 are:

Movie Rank	Rank last week	Movie name	IMDb Rating / Trailer
Most downloaded movies via torrent sites
1	(…)	Infinite	5.3 / trailer
2	(1)	The Conjuring: The Devil Made Me Do It	6.5 / trailer
3	(2)	Cruella	7.5 / trailer
4	(3)	Wrath of Man	7.3 / trailer
5	(6)	Spiral	5.4 / trailer
6	(…)	Awake	5.4 / trailer
7	(5)	Mortal Kombat	6.4 / trailer
8	(7)	Godzilla vs. Kong	6.7 / trailer
9	(…)	In The Heights	7.9 / trailer
10	(8)	Zack Snyder’s Justice League	8.4 / trailer

Note: We also publish an updating archive of all the list of weekly most torrented movies lists.

Top 10 Most Pirated Movies of The Week – 06/14/2021

Investigation Links ‘Pirate’ Scam Ads to Canadian Affiliate Network

Mon, 14 Jun 2021 20:38:38 +0000

Investigation Links ‘Pirate’ Scam Ads to Canadian Affiliate Network

The Internet is full of misleading ads that promise free access to popular blockbuster movies, some of which are still in theaters. People who sign up for these services will soon realize that the offers are too good to be true. And when the trial expires, it can get quite costly too. Meanwhile, the masterminds behind the schemes are earning millions of dollars.

The Internet is full of tricksters and scammers. While anyone can fall prey to them, prospective pirates have proven to be a popular target.

Sites that offer free access to the latest Hollywood blockbusters are promoted aggressively. Not seldomly, these ads are stuffed with various piracy-related keywords.

We have seen these promotions in the comment sections of pirate sites but also on legitimate platforms. At the same time, scammers exploit weaknesses in reputable sites to get their ‘offers’ in Google’s top search results.

Just a few weeks ago, we reported how the European Banking Authority’s website was used to trick people into signing up for dubious pirate streaming subscriptions, and the Mississippi Department of Public Safety suffered the same fate.

The people who run these scams generally remain off the radar and the same is true for the companies linked to the misleading subscription sites. However, a very detailed investigation from Radio Canada’s program Décrypteurs lifts part of the veil.

Misleading Ads

The business model behind these schemes is simple and effective. Through various links and advertisements, people are lured into signing up for a website that offers free movies, sports events, or books.

A popular variation of this scheme uses a video player that shows a short movie intro, after which people are redirected to a signup page. As part of this process, they are eventually asked to provide their credit card details to start a free trial.

After completing the registration process, subscribers indeed get access to a movie library. Unsurprisingly, the selection doesn’t include the latest blockbusters that were advertised but relatively unknown films instead.

That is a major disappointment of course, and many people immediately cancel their subscriptions. However, some users forget to do so, which triggers an automated $49.95 subscription payment after the five-day trial ends.

The people behind this scheme reportedly earn dozens of millions of dollars per year, Décrypteurs concludes. Their investigation identifies a Barbados company called Hyuna International as the owner of more than 1,100 of these subscription sites.

Hyuna doesn’t appear to advertise its services directly. The company reportedly uses the services of the marketing company AdCenter, which is based in Montreal. AdCenter, for its part, relies on thousands of affiliates who do the promotional work.

Affiliates Speak Up

Décrypteurs’ investigation goes into extreme detail and their full report adds much more context. For example, the reporters spoke to several people involved, including 15 former AdCenter employees. This confirmed the misleading nature of the subscription scheme.

“Basically, [we were] just making money off people who don’t notice,” one of the former employees said.

“There’s no way people are paying a monthly fee for that content. Just picture a really shitty Netflix … but the movies are things you’ve never heard of, things you wouldn’t even find at the back of a Blockbuster, like really weird things.”

Another affiliate from Asia admitted in an interview that his activities are not ethical, but the money changed his life and that’s worth it.

“I love AdCenter because AdCenter has changed my life,” the affiliate said. “The money I made with AdCenter is worth something like five million dollars in my country. Now I have a big house and a big car.”

False Allegations?

Many affiliates use popular blockbuster titles to lure people into signing up for the service. These movies aren’t on the platform. Instead, it offers various films from the independent distributor RSquaredFilms, which confirmed that it sold movie rights to Hyuna. This means that the service itself is not offering anything illegal.

Also, AdCenter explicitly prohibits affiliates from using deceptive practices but Décrypteurs notes that the company’s employees have indirectly encouraged such tactics.

The investigation failed to find any advertisements that promoted films that were actually available on these services. Instead, affiliates advertise popular Hollywood movies, claiming that these can be streamed for free.

Hyuna and its alleged owner, Canadian businessman Philip Keezer, didn’t answer Décrypteurs’ request for comment. Action Media, aka AdCenter, did reply through its lawyer, stating that the allegations are false, misleading, and downright defamatory.

Interestingly, while the reporters were investigating the issue, the services lowered their subscription fees to $15.95 per month. In addition, the affiliate ads stopped linking to Hyuna’s sites for Canadian visitors. However, a VPN quickly reveals that, in other parts of the world, the ads still lead to the same streaming portals.

Investigation Links ‘Pirate’ Scam Ads to Canadian Affiliate Network

Guy Who Bragged On Triller Owner’s Instagram That He Pirated Jake Paul Fight Gets Sued

Mon, 14 Jun 2021 20:32:10 +0000

Guy Who Bragged On Triller Owner’s Instagram That He Pirated Jake Paul Fight Gets Sued

Triller has followed up on its threat to sue someone for simply watching a pirated stream of the Jake Paul vs. Ben Askren fight. Triller previously gave pirates the opportunity to pay a settlement fee to avoid a lawsuit but one man decided to confess on Instagram instead. It didn't go well.

Following the Jake Paul vs. Ben Askren fight in April, Triller started a litigation drive rarely seen in the sporting world.

It began with a $100m lawsuit targeting entities and individuals who distributed the fight illegally on various platforms including YouTube.

When that didn’t go exactly to plan due to legal complications, Triller modified its approach, filing several separate lawsuits against streaming platforms and a handful of YouTubers.

In the background, Triller also launched an amnesty program, advising people who simply watched the fight illegally to pay $49.99 to avoid being personally sued.

Proving that people simply viewed infringing content is problematic since evidence showing that to be true is difficult to acquire. As it turns out, Triller feels it can proceed with legal action without much evidence at all.

Lawsuit Filed Against Instagram User

Last Friday, Triller filed a lawsuit in an Ohio court against an individual named Jerren Swords, a resident of West Portsmouth, Ohio.

“This is a civil action seeking damages for violation of the Federal Communications Act, 47 U.S.C. § 605, et seq., and for violation of the Copyright Act, 17 U.S.C. § 101, et seq,” the complaint reads.

These claims form the basis of all Triller’s previous lawsuits filed against those it accuses of copying and/or distributing the Jake Paul video online. In this case, however, Triller is demanding damages from an individual who (allegedly) simply watched the fight online without paying for it. So what evidence does Triller possess that could enable it to file a lawsuit?

Defendant Posted a Confession on Instagram

Multi-millionaire businessman Ryan Kavanaugh is the co-owner of Triller and as such has more interest than most in ensuring that his company’s content isn’t pirated online. Quite why Jerren Swords thought it would be a good idea to bait Kavanaugh is unknown but it hasn’t ended well.

According to the complaint, Swords took to Instagram and posted on Kavanaugh’s official account, declaring that he’d “watched the Jake Paul fight for free.” A week later, a fellow Instagram user pointed out that Swords had admitted to watching a pirated fight, to which Swords replied “idc [I don’t care]. He can’t sue me.”

At this point Kavanaugh himself weighed in, implying that Swords was using a fake account. “Give me your real name,” he wrote, “and we can check about that.”

As the image above shows, Swords responded that he was using his own account, at which point Kavanaugh appears to have contacted his legal team. Unfortunately for Swords, his personal details are easily matched to his Instagram account via simple online searches.

Triller Demands Considerable Damages

Referencing the screenshots posted above, Triller’s complaint alleges that Swords “in or about May 2021”, “admitted knowingly, willfully, and unlawfully receiving, viewing, and illegally accessing the Broadcast without paying Plaintiff the appropriate pay-per-view fees.”

At this stage, Triller appears to be relying purely on the ‘confession’ posted to Instagram since its complaint provides no additional evidence. Nevertheless, it suggests that things could get costly.

For an alleged violation of the Federal Communications Act (unauthorized reception or use of communications), Triller seeks damages of up to $10,000 plus costs, interest and attorneys’ fees. For a breach of the Copyright Act (Triller claims that Swords “knowingly, willfully, and unlawfully accessed, received, viewed, distributed, and/or displayed the broadcast), the company demands statutory damages of up to $150,000.

Triller’s Strategy Raises Many Questions

That Triller is prepared to file a lawsuit based on a few lines of text posted to an Instagram account raises questions in itself. People post all kinds of nonsense online every single day so whether Swords actually watched the fight illegally is something that will need to be proven to the court’s satisfaction.

Questions are also raised by other claims in the lawsuit, including Triller’s assertion that Swords watched its live broadcast.

The complaint states that Swords watched the fight “at the time of its transmission” which isn’t supported by anything that Swords wrote on Instagram. However, even if that is indeed the case, it’s hard to see how Triller would be entitled to an injunction restraining the defendant from causing Triller further damage.

“Further harm and injury to Plaintiff is imminent, and Plaintiff is without an adequate remedy at law with respect to such harm and injury. Unless Defendant’s acts are enjoined, it is highly likely that Defendant will continue to unlawfully access, receive, view, distribute, display or otherwise infringe Plaintiff’s copyrighted content,” Triller warns.

When dismissing all but one of the plaintiffs in Triller’s initial lawsuit against entities alleged to have distributed the fight, the judge noted that Triller’s demand for an injunction failed to state why it was still suffering harm after its event had concluded.

“Plaintiff does not, however, explain what irreparable harm it continues to suffer from the availability of copies of a live sporting event that occurred weeks ago, the outcome of which is publicly available, and lasted less than two minutes,” he wrote.

The case against Swords is before a different judge in another district but at least in theory, the same questions could be raised in this matter too.

It is extremely rare for a plaintiff to pursue someone for simply watching pirated content since these cases are notoriously difficult to prove. That being said, Triller may have something else in mind. Faced with a lawsuit of this magnitude, it’s possible that Swords will be persuaded to settle instead. That would provide a useful “head on a pike” to others considering watching Triller’s shows illegally in the future.

In advance of that, it may also encourage people to pay the $49.99 settlement fee being proposed on Triller’s amnesty page, an offer that is set to run for the next two weeks.

Triller’s lawsuit against Jerren Swords can be found here (pdf)

Guy Who Bragged On Triller Owner’s Instagram That He Pirated Jake Paul Fight Gets Sued

‘Web Sheriff’ Targets Ubuntu.com URLs With Overbroad Takedown Notices

Sun, 13 Jun 2021 19:29:45 +0000

‘Web Sheriff’ Targets Ubuntu.com URLs With Overbroad Takedown Notices

Anti-piracy outfit Web Sheriff is somewhat of an icon in the copyright protection industry. The company has protected rightsholders for over two decades and has seen many piracy platforms gone and gone. However, Sheriffs can make mistakes too, and flagging several Ubuntu URLs as copyright-infringing content, seems to fall in that category.

The Web Sheriff, founded by copyright lawyer John Giacobbi, has protected the Internet from pirates for more than two decades.

In the early days, Giacobbi became somewhat of a cult figure thanks to his polite style and trademarked letterhead. This set him apart from other anti-piracy crusaders who usually sent DMCA takedown requests with a more aggressive lawyer-like style.

The Sheriff once had a lively discussion with The Pirate Bay folks, who then sent him this invoice fax. Not much later relationships deteriorated even further after the Sheriff announced he would sue the site’s operators in the US, France, and Sweden, but not much came of that.

In recent years the Web Sheriff hasn’t been in the public eye much but his firm continues to patrol the web. Every week, it sends thousands of takedown notices to various online services, targeting allegedly infringing links. These links are at least in part generated by automated tools, which are far from perfect, it seems.

Web Sheriff Can Miss Too

This week we stumbled upon a series of takedown notices Web Sheriff sent to Google. These point out several infringing links to pirated copies of Magnolia Pictures films including “The Final Year”, “Person to Person”, and “2:22“.

While some of the URLs do indeed point to pirated content, many don’t. The Sheriff finds it particularly problematic to spot pirated “2:22” movies. Most of the links in this takedown notice point to unrelated content, including IRC logs on Ubuntu.com.

We assume that these links are gathered by some automated system that searched for 2:22. And indeed, the Ubuntu IRC logs are from 2/22/2017, but that’s the only similarity we could find. That’s also true for many other URLs in the notice.

This isn’t an isolated incident either. We found two other notices that were sent to Google which also list harmless Ubuntu.com URLs, presenting these as links to pirated content. Those URLs supposedly infringe the rights of the movie “Results“.

Fedora

Intriguingly, Ubuntu isn’t the only Linux distribution that’s highlighted in the notice, there are several Fedora URLs as well. And there’s a long list of Medium posts about election and test results, which have nothing to do with the “Results” film.

We could probably find many other overbroad requests but manually checking notices for errors actually takes a lot of time. That is, perhaps, why this problem exists in the first place. That said, for takedown senders, it may be wise to add Ubuntu.com and other URLs to a whitelist.

Once again, these examples show that automated filters are far from perfect. In this case, the Ubuntu mistakes were caught by Google and not removed from the search engine. However, as we have highlighted in the past, in other cases legitimate URLs simply disappear.

‘Web Sheriff’ Targets Ubuntu.com URLs With Overbroad Takedown Notices

WhatsApp Does Not Have To Immediately Suspend Accounts Reported For Piracy

Sat, 12 Jun 2021 21:59:02 +0000

WhatsApp Does Not Have To Immediately Suspend Accounts Reported For Piracy

Last month the High Court in Delhi ordered WhatsApp to suspend accounts that allegedly shared a pirated movie. The Court also told WhatsApp to take similar action against other accounts following demands from a copyright holder. While WhatsApp did suspend accounts, the company has now convinced the Court that due to end-to-end encryption, copyright holders shouldn't have "unfettered discretion" over account suspensions.

Following the release of the movie ‘Radhe: Your Most Wanted Bhai’ in India, rightsholder Zee Entertainment Enterprises said that it had found pirated copies being circulated via WhatsApp and Telegram.

Zee filed official complaints with cybercrime police and took its battle to the Delhi High Court, filing an application for interim relief against a number of defendants who either distributed the movie online or helped to facilitate such transfers.

One of the defendants in the case is WhatsApp, which informed the Court that it has policies in place to deal with copyright infringement, including by suspending or terminating user accounts.

In an order handed down May 20, Justice Sanjeev Narula awarded an ex-parte injunction against eight alleged pirates and ordered WhatsApp to suspend the accounts of two yet-to-be personally identified users. He also informed WhatsApp that when instructed by Zee, it must suspend the accounts of any other user alleged to have pirated the movie within 24 hours.

WhatsApp Suspends Users But Objects To Future Suspensions

At a video conference hearing on June 1, it was revealed that service providers for eight defendants had handed over their personal details to the plaintiffs. Counsel for four of the alleged pirates indicated that they wish to “amicably settle the matter” with Zee but whether the media company is open to settlement is not yet clear.

In respect of WhatsApp, counsel Mukul Rohatgi told the Court that his client had suspended two accounts per its May order but raised concerns over the instruction to suspend future accounts based simply on the allegations of Zee.

Rohatgi argued that as an “intermediary” under the Information Technology Act, 2000, WhatsApp is immune from liability for making available or hosting content circulated on the WhatsApp Service. The only situation where it could be held liable is if the company obtains “actual knowledge” that specific content is unlawful yet refuses to take down or disable that content.

According to Rohatgi, mere receipt of allegations of copyright infringement from Zee does not constitute “actual knowledge” of unlawful content. Furthermore, since communications between WhatsApp accounts are encrypted end-to-end, WhatsApp cannot see what the messages contain. This means that it cannot validate the claims from Zee which effectively gives the broadcaster “unfettered discretion” to remove WhatsApp accounts as and when it chooses.

Zee Entertainment Argues in Favor of Account Suspensions

Representing Zee, counsel Amit Sibal said that the directions for WhatsApp to suspend accounts were “just and proper” since Zee is a responsible company and can be trusted not to misuse the order. In any event, any request by Zee can be subjected to judicial scrutiny. Sibal also welcomed additional safeguards if that would mean the injunction could remain in place.

In his order, Justice Narula told the companies that the issue would require additional consideration but in the meantime, WhatsApp will not have to suspend accounts based on mere allegations of copyright infringement. The Court will make that decision instead.

“This Court has been issuing such directions in relation to infringement of copyright, especially in matters where the content is published on the websites which are also referred to as ‘rogue websites’,” the Judge writes.

“However, the Court prima facie finds merit in the contention of Mr. Rohatgi that since the messages between WhatsApp users are protected with an end-to-end encryption protocol, [WhatsApp] would not be in a position to review any accounts reported by the Plaintiff in the future to confirm that they are in fact selling pirated copies of the film in question.

“Thus, it would be appropriate that any further direction for suspension of WhatsApp accounts be issued by the Court. Accordingly, the direction contained in the order dated 20th May, 2021 insofar as it directs [WhatsApp] to suspend the accounts, on the request of the Plaintiff, is kept in abeyance till the next date of hearing.”

Justice Narula’s order can be found here (pdf)

WhatsApp Does Not Have To Immediately Suspend Accounts Reported For Piracy

Wormhole: Instant Encrypted File-Sharing Powered by WebTorrent

Fri, 11 Jun 2021 20:49:56 +0000

Wormhole: Instant Encrypted File-Sharing Powered by WebTorrent

Wormhole is a browser-based tool that allows people to instantly share files with end-to-end encryption. The service uses WebTorrent under the hood and is free to use. BitTorrent will speed up transfers but people are not required to keep their browser windows open if files are smaller than five gigabytes.

Most people still associate torrents with desktop clients. However, the browser-native WebTorrent equivalent has become the driving force behind many innovative services.

Simply put, WebTorrent has built a bridge between BitTorrent with the web. Instead of using standalone applications, it allows people to share files directly from their browser, without having to configure or install anything.

In recent years there have been a few services built on this technology. βTorrent is a full-fledged torrent client that works in the browser, and File.pizza was one of the first to develop a simple one-click file-sharing tool.

The new “Wormhole” service also offers free and simple file-sharing, but it goes a step further. Wormhole adds a privacy layer by offering end-to-end encrypted file transfers. And while it uses WebTorrent under the hood, users don’t have to keep seeding.

One of the driving forces behind the project is none other than Feross Aboukhadijeh, who also invented WebTorrent. Together with John Hiesey, he launched Wormhole to allow people to securely send small and large files in a matter of seconds. No signup required.

Fast and Secure

The strong emphasis on speed and security sets the service apart from many competitors. By using end-to-end encryption, only the sender and the receiver can see the files. This is not the case with Dropbox, WeTransfer, and other sharing platforms.

“We built Wormhole with end-to-end encryption. When you use Wormhole, a key is generated on your device and used to encrypt your files. In transit, your data is unreadable to Wormhole and service providers like your ISP,” Wormhole explains.

The focus on speed is where WebTorrent comes in. Wormhole uses a combination of cloud hosting servers and BitTorrent technology to be able to share large files as fast as possible. If you upload a two-gigabyte video, you can share the link with other people instantly, even when you’re not done uploading yet.

Instant Downloading

Wormhole co-founder Feross tells us that this allows recipients to download files right away – before the file is fully hosted on Wormhole’s servers. Inline media viewing for images and videos is on the roadmap as well.

“Because we’re using WebTorrent under the hood, Wormhole has the ability to do ‘instant streaming’ – so there’s no need to wait for your files to upload before you send the share link to your recipient,” Feross explains.

“You can see it in action when you send a super large file through Wormhole. If you send the share link to the recipient before your files have finished uploading, then WebTorrent will simultaneously start streaming the file directly to the recipient.”

P2P technology can significantly speed up file transfers. This is particularly true when people are in the same network. If that’s the case, the files don’t even have to travel over the Internet. Needless to say, this advantage disappears when the browser tab is closed.

Limitations

While we are certainly impressed by the ease of use, Wormhole has its limitations. When people upload files larger than five gigabytes they have to keep their browser windows open. These files will not be stored on Wormhole’s servers. For smaller files, the browser tab can be closed after uploading.

There are a few other restrictions as well. The uploaded files are only available for 24 hours after which they are deleted from the server. In addition, there’s a limit of 100 downloads for every file.

Feross tells us that Wormhole is primarily designed for people who want to share files quickly and securely with other individuals or a small group. It’s not intended to store files permanently or send something to millions of people.

Expansion

Wormhole has only been live for a few weeks and it’s still in development. To pay the bills, the team plans to release a premium version with larger file sending limits, and other features including customizable link expiration times.

Looking even further ahead, Feross and John are considering the addition of a business plan. This may be particularly useful for lawyers, accountants, doctors, and other professionals, who have to securely send documents and other files.

“These industries are currently unable to use mainstream cloud storage providers due to privacy concerns and so they are stuck using slow, clunky file management apps which leave a lot to be desired,” Feross says.

Eventually, the project could even expand to other apps for businesses and consumers, by offering dedicated tools to securely manage and share photos, documents, and spreadsheets. These will also have a strong focus on end-to-end encryption.

“Today, every major website is designed so that the service provider possesses the key to your data. We think this is unacceptable and there’s a better way, Feross adds.

Perhaps the service is best explained by simply giving it a try. There’s no need to register an account and the service isn’t just secure, but also free to use.

Wormhole: Instant Encrypted File-Sharing Powered by WebTorrent

Court: BREIN Can Continue Action Against Hosts in ‘Pirate CDN’ Streaming Case

Fri, 11 Jun 2021 20:47:08 +0000

Court: BREIN Can Continue Action Against Hosts in ‘Pirate CDN’ Streaming Case

In 2019, BREIN, MPA, and ACE shut down Moonwalk, a huge ‘pirate CDN’ that provided thousands of movies and TV shows to hundreds of pirate sites. That content was stored at hosts in the Netherlands, which are now facing legal pressure to hand over details of their customers. Two of the hosts rejected BREIN's standing but a court has now sided with the anti-piracy outfit.

Back in 2013 a new type of pirate operation began operating from Russia. Moonwalk, which is now described as a ‘pirate CDN’, began supplying large numbers of third-party pirate sites with pirated movies and TV shows, paying out an estimated $0.60 per 1000 views.

One of the problems for local rightsholders was that Moonwalk hosted much of its content outside Russia, the Netherlands in particular. However, that changed in October 2019 when Dutch anti-piracy group BREIN, the MPA, and global anti-piracy coalition ACE teamed up to target Moonwalk.

In total, five hosting providers were served with ex parte court orders requiring them to disconnect streaming servers and preserve evidence related to Moonwalk. While that had the desired effect by taking the ‘pirate CDN’ down, BREIN has since complained that it has not been able to obtain all of the documentation it would like from the hosting companies.

BREIN Sues Three Dutch Hosting Providers

Last April, BREIN said it had filed legal action (pdf) against three local Internet companies so that it could gain access to documents relating to Moonwalk, its operators, and the services it provided to hundreds of streaming sites.

According to BREIN, the hosting companies – Yisp, Worldstream and Serverius – did provide some information but following BREIN’s analysis the data turned out to be either false or not traceable. At BREIN’s request, Severius was later dismissed from the action.

BREIN’s lawsuit also demands a declaration in respect of the enforcement of intellectual property rights. Not only does BREIN want access to the hosting companies’ documents, but also seeks remedy for what BREIN describes as the hosts’ “structural failure” to take adequate measures to have reliable data at hand.

In short, BREIN wants these and similar companies to follow strict “Know Your Business Customer” guidelines so when it needs to identify an infringing customer (in the event of a complaint or court order, for example), that data is readily available.

Worldstream and Yisp Push Back

Back in January 2021, Worldstream and Yisp pushed back against BREIN’s action, stating that BREIN had no standing to bring the case and had not adequately consulted with the defendants.

The companies took the position that BREIN’s claims are inadmissible but the anti-piracy outfit said that it qualified under the Dutch Civil Code, noting that it represents the interests of its affiliates, is a not-for-profit entity, and its claims have sufficient connection with the Dutch legal sphere since the defendants are established in the Netherlands and have their servers there.

Court Rules in Favor of BREIN

In a decision handed down on June 2, 2021, the Central Netherlands Court recognized BREIN’s position of acting in the interests of rightsholders and that the group’s legal action is not a prelude to claims of compensation against Yisp or Worldstream.

The Court also noted given BREIN’s standing, it does not have to meet the strict admissibility requirements of paragraphs 2-5 of Section 3:305a of the Dutch Civil Code.

In summary, the Court declared (pdf) that BREIN is indeed admissible in its claims and as the unsuccessful parties, the hosting companies must pay court costs. The main case will resume at the end of June.

Reactions from BREIN and Worldstream

“There are always a number of standard defenses in our cases,” says BREIN director Tim Kuik.

“If it is an infringer then someone else did it and if it is a neutral intermediary then we are inadmissible. It is nice that the judge has sat down and referred the inadmissibility story to the trash.”

BREIN says the decision will prove useful in other proceedings, should other entities argue that it has no standing. The anti-piracy group also believes that it held sufficient consultations with the defendants “in the given circumstances”, claiming that legal time constraints prevented early discussion with Worldstream. In respect of Yisp, BREIN says that the company filed a 100-page document explaining why its action should be dismissed so, on that basis, consultation would not have been “useful”.

Worldstream says it is disappointed with the decision of the Court.

“We have taken note of the judgment and regret the Dutch court’s decision of giving BREIN an exception for not meeting the court’s strict admissibility requirements, while these do pretty much always apply to other parties. In our opinion, the procedural run-up to this lawsuit by BREIN was quite sloppy,” Chief Legal Operations Officer (CLOO) Wouter van Zwieten informs TorrentFreak.

“Next to that, in our view, BREIN ignored the court’s requirement of conducting prior consultation with the defendants. In defendants’ view no serious attempt of prior consultation were conducted by BREIN. Nevertheless, the Dutch court has decided otherwise.”

While BREIN can now move ahead with its action, Worldstream says this decision says nothing about the actual case. The company has filed its defense and BREIN now has a few weeks to respond.

“We certainly regret though that for an entity like BREIN, who is not an impartial entity but working for clients instead, all legal exceptions are applied, while the legal requirements are getting stricter and stricter for Infrastructure-as-a-Service companies like Yisp and Worldstream who operate as part of the Internet as we know it from a user perspective, a security-focused but open Internet, meeting Western world standards,” the company concludes.

Court: BREIN Can Continue Action Against Hosts in ‘Pirate CDN’ Streaming Case

Free Music App TREBEL Files For IPO, Hoping To Attract Millions of Pirates

Thu, 10 Jun 2021 21:15:11 +0000

Free Music App TREBEL Files For IPO, Hoping To Attract Millions of Pirates

For those who are currently pirating music on torrent sites, downloading tracks from YouTube-ripping services, or are simply unhappy with the playback restrictions of Spotify's free tier, TREBEL may be of interest. The company has filed for an IPO in the United States and is specifically targeting users who can't (or won't) pay for music.

When Spotify launched in 2006, the plan was to draw music pirates into a legal ecosystem that would render piracy less attractive while compensating the artists.

While both of those goals have been achieved, piracy is still the go-to option for millions of music fans and artists still have complaints that they are not being paid appropriately. In time these issues will have to be addressed but in the meantime, free music app TREBEL is hoping that it can play a unique part in the free streaming revolution.

After being a dark horse in the market for the past three years, TREBEL has now filed for an IPO in the United States and the SEC filing leaves absolutely no doubt who the company is targeting.

Ahoy Pirates and Stream-Rippers

TREBEL makes it crystal clear that the people it wants onboard do not currently pay for music, either because they can’t or simply won’t. The company says this audience amounts to more than three billion listeners, most of whom use music piracy sites and apps, or platforms like YouTube – “both of which deliver sub-optimal experiences for users and inequitable monetization for content owners.”

With the word ‘piracy’ appearing no less than 33 times in its SEC filing, TREBEL says its goal is to eliminate the need for people to use piracy sites, apps and stream-ripping platforms. That’s broadly the goal of other streaming services too, so how will TREBEL succeed in areas where Spotify and YouTube have fallen short?

The Business Plan

First off, this isn’t a shady operation culling tracks from dubious sources. TREBEL’s SEC filing reveals that the company is “supported by premium advertisers” and has “strong relationships” with the largest record labels in the world including Universal Music Group, Sony Music Entertainment, and Warner Music Group, who together hold 68% of the music recording market.

TREBEL says it generates revenue in three ways – display, video, and audio ads, in-app purchases, and branded experiences. At the moment, advertising is the cash cow, something it has in common with YouTube’s free tier but TREBEL believes it offers a much better experience by not inconveniencing the user.

Unique Features Aim to Boost User Experience

To begin, TREBEL says its ads don’t interrupt users’ listening experiences since they only appear when activities other than playing music are engaged in.

“TREBEL’s business model utilizes a well-established habit (in our user demographic) of searching, previewing, downloading, playlisting music then using those playlists to listen to their music offline,” its filing reads.

“TREBEL’s patented business model includes delivering advertisements when the user is engaging with the TREBEL Music app in non-music listening activities, such that, when the user listens to music, the listening experience is not normally interrupted by advertising.”

While that is a big plus, TREBEL has other tricks up its sleeve too. Unlike its rivals, TREBEL offers free offline listening by allowing users to download tracks to their devices for playback when they don’t have an internet connection. There are no track playback restrictions either, meaning that shuffle-mode isn’t mandated.

On top, TREBEL doesn’t require users to have their screens active when listening, meaning that background play can take place when screens are off or being used for other tasks such as texting or emails.

TREBEL’s Competition

As part of its SEC filing, TREBEL lists its competitors and the order in which they appear is telling. Right at the top the company cites ‘Digital Piracy’ as its primary competition, which makes sense since that’s the sector it is hoping to get its growth from.

“Stream ripping is the illegal practice of creating a downloadable file from content that is available to stream online. In recent years, it has become the most prevalent form of online music copyright infringement,” TREBEL says.

“While the exact scale and impact of digital piracy on our service is difficult to quantify, we believe that by offering a better user experience, we can successfully convert a significant number of stream rippers into TREBEL Music users.”

Second up is YouTube and the countless third-party platforms and tools that utilize its services. TREBEL acknowledges that it does not have the brand recognition of Google’s platform and according to its own data has nowhere near the library as things stand. However, TREBEL thinks it can succeed by offering a better experience, particularly when it comes to its uninterrupted and background playback features.

Finally, TREBEL addresses services like Spotify and Deezer. Again, TREBEL believes it can offer a better service by offering features that these platforms do not. The free tiers offered by its rivals do not offer offline listening, have restricted playback and skipping options, and interrupt users with ads.

“TREBEL solves these problems for users who are unable or unwilling to pay for subscriptions,” the company notes.

TREBEL’s Shortcomings

While there are plenty of good things to say about TREBEL, it does have significant shortcomings too. At the moment it has a library of 15 million songs, which is decent of course but nothing when compared to its rivals.

Of more concern, however, is its ability to reach users looking to convert.

At the time of writing, TREBEL is only available for download from the Apple App Store and Google Play Store in the United States and Mexico, and in the Huawei App Gallery in Mexico. This means (at least in ordinary terms) users in every other region will be denied access to the service.

The company says it has plans for international expansion beginning with Canada, Brazil, and other Latin American countries but at the moment, Europe and other regions do not get a mention. If TREBEL is to become a global name, this will need to be addressed.

Those interested in testing out TREBEL can do so here. SEC filing here

Free Music App TREBEL Files For IPO, Hoping To Attract Millions of Pirates

Blizzard DMCA Notice Wipes ‘Diablo II: Resurrected’ Offline Patches from GitHub

Thu, 10 Jun 2021 21:12:38 +0000

Blizzard DMCA Notice Wipes ‘Diablo II: Resurrected’ Offline Patches from GitHub

Blizzard Entertainment is continuing its quest to wipe offline patches for the upcoming "Diablo II: Resurrected" game off the Internet. After targeting the main developer with a cease and desist order, the game company has now asked GitHub to remove dozens of forks that were still floating around.

Over the years, video game developer Blizzard has published many popular game titles that have entertained millions of people.

Later this year the company is expected to releases a remaster of Diablo II, the iconic game that was first released more than two decades ago.

In April, the first preview of ‘Diablo II: Resurrected’ came out, which was well received. A few fans are enjoying it enough to want to play the game without an Internet connection, something that they could easily do with the original Diablo II.

However, times have changed. As with many other games that are published nowadays, ‘Diablo II: Resurrected’ comes with advanced copy protection that prevents users from tinkering with the files. This is a challenge, but one that’s not impossible to overcome.

D2ROffline

Last month developer Ferib Hellscream released an offline patch for the game, which was based on a similar anti-tampering bypass the same developer released for World of Warcraft a year earlier. This ‘D2ROffline’ patch also made it possible for people to play the game without an official invite for the alpha release.

Blizzard wasn’t happy with this patch, as Kotaku mentioned last month. The game publisher sent a cease and desist letter, urging Ferib to remove the code from GitHub and take it off his own site as well.

Ferib swiftly complied and also took down a blog post where he explained how the project came about. The older post on the World of Warcraft bypass was deleted as well and the developer also removed some YouTube videos on the subject.

However, permanently removing something from the Internet is easier said than done. The deleted blog posts live on at Archive.org and the D2ROffline code remained widely available as it was forked dozens of times on GitHub.

Blizzard Goes After D2ROffline Forks

This prompted Blizzard to take action yet again. Hoping to finally quash the code, it has now targeted forked patches posted on GitHub by sending a DMCA takedown notice.

“The project at issue is designed to circumvent Blizzard’s technological protection measures by allowing for the bypassing of the CRC32 integrity checks. These integrity checks are there to scan memory regions of the game in order to check whether the code for the game has been modified before it is executed/ran,” Blizzard explained.

While the D2ROffline code itself is not copyright infringing, Blizzard believes that it circumvents access control protections, which violates Section 1201 of the DMCA. It has therefore asked GitHub to remove the code.

“The repository itself has been removed following Blizzard’s demand to the infringer that it be removed. However, Blizzard urgently needs the forks above removed as well, as the content contained therein is causing harm to Blizzard,” the company writes.

And so it happened. A few hours ago GitHub published the DMCA notice and removed all mentioned forks.

Legal Resources?

Before taking action, GitHub says it offered to connect the owners of some or all of the affected repositories to legal resources if they wished to object.

This is in line with a promise GitHub made earlier, where it committed to protecting developers’ freedoms to tinker with software, while putting $1 million into a takedown defense fund.

TorrentFreak spoke to ‘Mike’ (real name known to us), the owner of one of the forks that were removed yesterday. He informed us that GitHub sent a notice pretty much at the same time as the repo was removed.

As can be seen above, GitHub’s email doesn’t mention the legal defense fund directly. That may be different for other developers. The email does mention the option of filing a DMCA counter-notice.

“If you believe that your repository was disabled as a result of mistake or misidentification, you have the right to file a counter notice and have the repository reinstated,” GitHub wrote.

Mike tells us that he doesn’t plan on filing a counter-notice. However, he doesn’t believe that Blizzard’s takedown notice will be very effective. There are still plenty of copies around and putting the genie back in the bottle is near-impossible.

Blizzard DMCA Notice Wipes ‘Diablo II: Resurrected’ Offline Patches from GitHub

EU Warns People About the Risks and Damages of Piracy

Wed, 09 Jun 2021 21:31:22 +0000

EU Warns People About the Risks and Damages of Piracy

The European Union Intellectual Property Office (EUIPO) has launched a public awareness campaign, warning the public about the risks and damages of piracy. The campaign warns that people who pirate content or buy counterfeit goods put their health, safety, money, and privacy at risk. At the same time, people help fund organized crime including drug and human trafficking.

EUIPO launched a new public awareness campaign yesterday, warning the public about the dangers of piracy and counterfeiting.

According to the European Union, intellectual property infringement is a serious problem that poses significant risks to the public at large.

Pirated Music & Counterfeit Vaccines

As other reports have done in the past, EUIPO bundles counterfeiting and piracy in the same breath. This makes sense to a degree, as both are related to intellectual property, but the risks involved can be quite different.

People who buy counterfeit medicines, such as antibiotics, painkillers, or Covid-vaccines, are directly putting their health at risk. Those who use a stream-ripping tool to download music from YouTube mostly upset the major music labels.

This distinction is notably absent from EUIPO’s media campaign which stresses that piracy is a serious problem. It highlights, for example, that pirate IPTV subscriptions alone are good for a billion euros in illegal proceeds every year.

Human Trafficking…

The people who willingly run large piracy operations certainly operate in the criminal territory. And according to the EUIPO, this can go far beyond copyright infringement. There are links to drugs and people trafficking as well.

“IP crime is a profitable activity involving organized crime groups and increased evidence shows links between counterfeiting and piracy as well as other crimes such as drug and human trafficking, cybercrime or fraud,” EUIPO writes.

These links are not directly backed by research, as far as we can see, but it’s clear that piracy and counterfeiting are seen as a severe problem.

Urgent Action Needed

The Executive Director of the EUIPO, Christian Archambeau, notes that urgent coordinated action is needed to address the problem. Because of this, piracy and counterfeiting are now listed among the top ten EU priorities in the fight against organized crime.

There are several types of actions that can be taken to hinder piracy. Within Europe, there have already been several enforcement activities, mainly against illegal IPTV services. However, online intermediaries can also offer a helping hand.

When it comes to counterfeiting, online marketplaces should screen vendors and products, for example. And to hinder piracy, companies including hosting providers and social media networks could play a more active role.

EUIPO highlights a recent study that estimated that 35% of all digital content discussions on social media “could be possibly related to piracy.” Reddit was particularly popular among movie and TV pirates, while music piracy is more prevalent on Twitter.

The EU body hopes that these and other online services, which also include payment providers and advertising networks, can help address piracy and counterfeiting through preventive and corrective measures.

The ‘Awareness’ Campaign Video

While it’s hard to disagree with the importance of awareness, we wonder if EUIPO’s message will reach the intended audience. As far as we can see, there is no dedicated website that clearly communicates the problem to the public.

Aside from the rather dry press communication, the main driver of this campaign is a video that was posted on YouTube

The video gives some hints on what to look for in order to avoid trouble. Checking for an HTTPS connection is important, it notes. While that’s always a good idea, pretty much all pirate sites and counterfeit shops have secure connections nowadays.

The best advice from the video is that “if the price is too good to be true, it probably is.” But then again, most people who pirate content or buy counterfeits are likely aware of that already.

At the time of writing, the official campaign video has yet to go viral. The English version has captured 116 views over the past 24 hours, while the Spanish and Italian equivalents are such at 13 and 10 views respectively.

EU Warns People About the Risks and Damages of Piracy

Record Labels Sue Frontier For Failing to Terminate Persistent Pirates

Wed, 09 Jun 2021 21:27:24 +0000

Record Labels Sue Frontier For Failing to Terminate Persistent Pirates

Fifteen major recording labels including UMG, Sony Music and Warner Music have sued US ISP Frontier Communications for failing to suspend the accounts of customers who allegedly downloaded and shared pirated music. The companies describe Frontier as a safe haven for pirates and one that generates revenue from repeat infringers.

Over the past several years there has been a drive to hold US-based ISPs liable for copyright infringements carried out by their customers.

Major recording labels have been at the heart of the action, suing Cox Communications, Charter Communications and RCN, for failing to suspend the accounts of customers who pirated music, even though the ISPs had been sent multiple DMCA notices indicating that infringement was taking place.

These lawsuits are a serious business. In Cox Communications’ case, a jury ordered the ISP to pay $1 billion in damages. Cox is now fighting that decision, warning that if it loses the Internet will never be the same.

Undeterred by that possible eventuality, yesterday the same core record labels filed a fresh lawsuit against ISP Frontier Communications containing similar allegations and the prospect of a considerable damages award.

UMG Recordings Inc. v. Frontier Communications Corp

Filed in a New York district court yesterday by UMG Recordings Inc, Sony Music Entertainment, Warner Music Inc, and more than a dozen other labels, the lawsuit consists of similar accusations previously leveled against Cox, Charter and RCN.

According to the labels, together they sent more than 20,000 DMCA copyright notices to Frontier complaining that its subscribers were unlawfully downloading, copying, and distributing their copyrighted works using peer-to-peer networks including BitTorrent. The plaintiffs state that these notices alerted Frontier to “clear and unambiguous” infringing activity, while also identifying specific subscribers as “flagrant and serial infringers.”

The labels state that over the years, Frontier has also received thousands of infringement notices from other copyright holders which identified thousands of Frontier subscribers engaged in “blatant and repeat infringement.” More than 4,000 subscribers were identified in three or more notices and some subscribers identified in 100 notices or more.

“These examples and countless others amply illustrate that, rather than terminating repeat infringers — and losing subscription revenues — Frontier consciously chose to look the other way in order to continue to collect subscriber fees,” the complaint reads.

Frontier Had The Ability and Obligation to Prevent Infringement

Citing Frontier’s Acceptable Use Policy (AUP), the labels say that Frontier had the power to suspend or terminate a subscriber’s Internet access for a variety of reasons, including for “transmitting or receiving copyright infringing…material.” The AUP also addresses the issue of repeat infringement, noting that this provides grounds for termination of service.

“Despite these alleged policies, and despite receiving thousands of DMCA Notices from Plaintiffs’ representatives, and thousands of similar notices from other copyright owners, Frontier knowingly permitted specifically identified repeat infringers to continue to use its network to infringe,” the complaint adds.

Holding Frontier liable for contributing to the direct infringements of its customers, the labels say that the ISP was motivated to keep infringing subscribers on board for financial benefit, adding that terminating subscribers would deprive it of revenue and make its service less attractive to existing and prospective customers.

Since P2P use consumes lots of data usage, infringing customers were particularly lucrative, the plaintiffs add. Pirates are likely to pay more money for faster connections with greater usage limits, leading Frontier to turn a blind eye to repeat infringement by known specific subscribers.

“The specific infringing subscribers identified in the DMCA Notices knew Frontier would not terminate their accounts despite receiving multiple notices identifying them as infringers, and they remained Frontier subscribers to continue illegally downloading copyrighted works,” the complaint notes.

Contributory and Vicarious Copyright Infringement

The complaint lists 2,856 copyrighted works owned by the labels including tracks by 2Pac, 50 Cent, Amy Winehouse, Ariana Grande, Avicii, Bon Jovi, Drake, Elton John, Eminem, Jay Z, Kanye West, Lil Wayne, Nas, Nicki Minaj, Nine Inch Nails, Nirvana, Post Malone, Rihanna, The Beatles, The Police, The Rolling Stones, U2, Guns N’ Roses, Elvis, Michael Jackson, Prince, and many more.

These were all illegally reproduced and distributed by Frontier customers via BitTorrent and other P2P protocols, in breach of the labels’ copyrights.

The lawsuit claims that Frontier’s failure to take action against repeat infringers dates back to 2013 but the labels are only interested in narrowly-defined copyright infringement claims dating back to the beginning of May this year.

“Frontier’s subscribers’ infringing activity that forms the basis for Plaintiffs’ claims, and for which Frontier is secondarily liable, occurred after Frontier received multiple notices of those subscribers’ infringing activity,” the labels write.

“Since [May 1, 2021], Frontier’s subscribers have infringed 2,856 copyrighted works after those particular subscribers were identified to Frontier in multiple infringement notices, and the infringement is ongoing.”

Due to Frontier’s alleged inaction, the ISP is contributorily liable for the direct infringements of its subscribers, the lawsuit adds. Frontier had knowledge that its network was being used for copyright infringement on a massive scale and knew which of its customers were repeat infringers.

“By purposefully ignoring and turning a blind eye to its subscribers’ flagrant and repeated infringements, Frontier knowingly caused and materially contributed to the unlawful reproduction and distribution of Plaintiffs’ copyrighted works.”

Alleging contributory copyright infringement, the labels demand statutory damages of up to $150,000 for each of the 2,856 works infringed, plus attorneys’ fees and costs.

The labels also demand damages for vicarious copyright infringement, noting that Frontier had the right and ability to control the infringing conduct of its customers and had a direct financial interest in such activities. Again, the plaintiffs demand $150,000 for each of the 2,856 works infringed after May 1, 2021.

Demands For Injunctions

The recording companies are asking the court for a judgment against Frontier declaring that the ISP willfully infringed their copyrights. They also request preliminary and permanent injunctions enjoying Frontier and its business associates from directly or indirectly reproducing and distributing their musical works moving forward, in advance of a trial by jury.

Updated: Statement from Frontier Communications spokesperson:

“Frontier is not alleged to have done anything directly to infringe any copyright owner’s rights, and in fact has terminated many customers about whom copyright owners have complained. Frontier believes that it has done nothing wrong and will vigorously defend itself.”

The record labels’ complaint can be found here (pdf)

Record Labels Sue Frontier For Failing to Terminate Persistent Pirates

Why is Verizon Blocking Pirate Sites Such as NYAA and Mangadex?

Tue, 08 Jun 2021 19:59:20 +0000

Why is Verizon Blocking Pirate Sites Such as NYAA and Mangadex?

For more than a week, Verizon customers have been unable to access several popular pirate sites. The IP-addresses of sites such as NYAA and Mangadex are null-routed instead. While the blocks appear to be intentional, Verizon is keeping its motivation quiet. So why are these sites blocked and has it got anything to do with piracy? Could it be related to Russian CDN provider DDoSGuard, which the sites have in common?

A week ago, complaints started pouring in that Verizon is actively blocking pirate sites. The issue was widely discussed on social media as well, where some suggested that pirate site blocking has officially arrived in the US.

At first sight, it indeed seems this way. Popular sites such as NYAA and Mangadex are unreachable. The same applies to Kemono.party and many others.

Users who try to access the sites get an error message in their browsers instead, noting that the domain names are unreachable. The big question is why these domains are being blocked.

Not a Simple Error

To find out more we reached out to Verizon through the official press channels last week, but without any response. That leaves us with no other option than to simply report what we know and what this could potentially mean.

At this point, it’s clear that Verizon has known about the issue for over a week. Aside from reaching out ourselves, we heard from several Verizon subscribers who contacted the company. They were told that the issue was being investigated.

This suggests that it’s more than a simple routing error or misconfiguration. That would have been fixed by now. There is more going on here, it seems.

The Russian Connection

The blocked sites we know of have things in common in that they’re all pirate sites. Some operate in the anime/manga niches, but others such as vojvodinanet.com are inaccessible too. In addition, all sites use the same CDN and DDoS protection service, DDoS-Guard.

DDoS-Guard is a Russian CDN provider that’s considered a safe haven for pirate sites. A few months ago the company was reported to the US Government by Hollywood’s MPA, which said that DDoS-Guard is not responsive to takedown requests.

In addition to pirate sites, scammers, spammers, and other types of abuse also take place through DDoS-Guard. We don’t know if this is more prevalent than on comparable services, but it’s an important element to keep in mind.

Piracy Block or Collateral Damage?

NYAA and Mangadex have similar but different DDoS-Guard IP-addresses. NYAA uses 185.178.208.182 and Mangadex resolves to 185.178.208.185. Both IP addresses are blocked by Verizon and all traffic is sent into a black hole.

However, it is worth noting that other sites use these same addresses as well. This includes xn--bstchange-hib.com, which is a phishing site. Many other domains have their hosting accounts suspended, while ipts-money.site is linked to a dubious Ethereum and Bitcoin giveaway site.

Looking through the list we see several abuse-related domain names linked to those IP-addresses. For example, znot-stresser.com sounds a lot like a DDoS tool. That domain is currently offline but the list of questionable names doesn’t instill much confidence.

It is certainly possible that the NYAA and Mangadex IP-addresses are being blocked due to collateral damage because other sites of services are using those IPs for nefarious purposes. Large network providers regularly block malicious IP-addresses, so that wouldn’t be unusual.

Not a Typical Pirate Site Block

Verizon’s ‘looking glass‘ reveals that, in North America, the blocked IP-addresses are null routed to AS65512. This essentially means that all traffic goes into a black hole, which is a typical way to handle abuse.

This is certainly not how other ISPs block pirate sites. That often happens through a relatively simply DNS blockade. And when that happens, users often see a message explaining why the site is blocked.

In this case, users who try to access NYAA or Mangadex simply get an error message in their browser explaining that the domains are unreachable. Again, this applies to all sites that use these IP-addresses.

History of (Un)intentional Pirate Site Blocking

This isn’t the first time that pirate sites have found themselves mysteriously blocked. A few years ago, Cogent suddenly blocked several Cloudflare IP-addressed that were linked to The Pirate Bay and other pirate sites.

Cogent’s blockade was eventually linked to a court order, which required the Internet backbone provider to block several IP-addresses. Many of the pirate sites subsequently went down as collateral damage.

Comcast also has a history of unintentional blocking. Ten years ago the ISP’s users were unable to access The Pirate Bay. However, the company swiftly reached out to The Pirate Bay and resolved the issue within a few hours after it became public.

Verizon Has the Answers

To us, it seems unlikely that Verizon has unilaterally started blocking pirate sites – that all happen to use DDoS-Guard – without a court order. But it’s possible. Or perhaps there is a court order?

Verizon is the only one with the answers here but, for now, the company is silent.

Why is Verizon Blocking Pirate Sites Such as NYAA and Mangadex?

Nintendo Awarded $1.13m After File-Hosting Site Failed To Remove Pirated Games

Tue, 08 Jun 2021 19:56:22 +0000

Nintendo Awarded $1.13m After File-Hosting Site Failed To Remove Pirated Games

Nintendo has booked a major legal victory against DSTORAGE SAS, the operator of file-hosting site 1fichier. After the platform failed to remove infringing copies of Nintendo games from its servers following takedown demands, a Paris court has ordered the company to pay $1.13m in damages. The Court noted that rightsholders do not need a court order to have pirated content removed from online platforms.

There are many options for those seeking to store and share files online. File-hosting platforms such as Mega.nz have become a huge success story for their owners but in order to avoid legal troubles, strict rules must be adhered to.

Not only must hosting platforms respond to law enforcement requests, there is the not insignificant issue of thousands if not millions of DMCA notices to process, in order to maintain safe harbor provisions under local law. According to historical reports from rightsholders, French file-hosting site 1fichier hasn’t always played by the rules.

1fichier Has Been Irritating Rightsholders For Years

As far back as 2014, rightsholders including the RIAA have been complaining about a lack of cooperation from 1fichier. The site, which according to data from SimilarWeb has around 35 million visitors per month, fails to respond adequately to takedown demands, resulting in its reporting to the USTR more than five years ago.

In 2018, the powerful Entertainment Software Alliance (ESA) also weighed in, reporting 1fichier to the USTR for its takedown failings. ESA, whose members include gaming giants Nintendo, Activision and EA, claimed that 1fichier was reluctant to respond to takedown notices, noting that just 0.59% of content was removed following complaints. By 2020 that situation had apparently deteriorated, with takedown rates dropping to just 0.12%

Nintendo Takes Legal Action Against 1fichier

Disappointed with the lack of responses to takedown demands, Nintendo filed a lawsuit in France against DSTORAGE SAS, the operating company of 1fichier. The aim was to compel 1fichier to cooperate while obtaining damages for what the company claimed were infringements of its copyrights.

In a decision handed down on May 25, 2021, the Judicial Court of Paris sided with Nintendo, ruling that DSTORAGE SAS could be held liable after failing to remove illegal copies of Nintendo games hosted on its platform, despite receiving copyright notifications demanding that content should be removed or blocked.

According to a statement from Nintendo, the Court ordered DSTORAGE to pay 935,500 euros ($US1.13m) in damages but also clarified the responsibilities of file-hosting services such as 1fichier when it comes to the processing of copyright takedown notices.

The Court said it was not necessary for rights holders to obtain a decision from a court before asking for infringing content to be removed, so complaints should be actioned accordingly.

Decision Welcomed By Nintendo

Applauding the decision of the Court, Nintendo says that the ruling sends the clear signal that by refusing to block access to pirated content after receiving official takedown notices, services such as 1fichier and their owners can be held liable.

“Nintendo welcomes the decision of the Paris Judicial Court. The message it sends is clear: by refusing to block access to content such as unauthorized copies of video games notwithstanding prior notification, providers of shared hosting services such as Dstorage (1fichier) are liable under French law and are required to remove or make impossible access to such content,” Nintendo says.

“Services that do not comply with the law may be ordered to pay damages to right holders whose intellectual property rights have been infringed.”

Nintendo says the decision is not only important for its own business but for the entire videogame industry too, since file-hosting platforms like 1fichier cannot now insist that a court order is required before content can be removed.

Nintendo Awarded $1.13m After File-Hosting Site Failed To Remove Pirated Games

MPA “Hacker” Shows that Pirates Don’t Fear EU’s Copyright Takedown Plans

Mon, 07 Jun 2021 20:19:25 +0000

MPA “Hacker” Shows that Pirates Don’t Fear EU’s Copyright Takedown Plans

Europe is working hard to modernize copyright law and regulations. The implementation of the Copyright Directive is nearing its conclusion. At the same time, copyright takedown and liability regulations are further strengthened by the proposed Digital Services Act. Or are they? An MPA-controlled 'hacker' shows that, for now, pirates and cybercriminals have little to fear.

In recent years the European Commission has proposed and adopted various legislative changes to help combat online piracy.

This includes the Copyright Directive which passed in 2019 as well as the Digital Services Act, which was officially unveiled last December.

These changes have been spurred on by major copyright holders, who have long called for stricter enforcement of pirated content online. At the same time, digital rights groups and some legal experts are concerned that fundamental rights are at risk by increased filtering.

When it comes to the Digital Services Act proposal, neither ‘side’ is satisfied. The new regulations improve the takedown process and will deal with ‘repeat infringers.’ However, there are no ‘staydown’ requirements, which was a priority item on the copyright holders’ wishlist.

These and other issues were extensively discussed in a webinar that was organized by the European Audiovisual Observatory earlier this month. The list of speakers included Stan McCoy from the Motion Picture Association (MPA). At least, that was the plan.

“Dan McCrook”

When McCoy was asked to share his thoughts his presentation was abruptly ‘hijacked’ by a cybercriminal named “Dan McCrook,” who shared his opinion on the proposal from a cybercriminal perspective.

“Stan’s feed being hacked by me, his evil twin Dan McCrook,” he said. “In replacement for whatever boring presentation Stan was going to give you about the DSA, I’m going to offer you today a cyber criminal’s guide to the Digital Services Act.”

According to “McCrook” there is little to worry about for pirates. The DSA introduces Know Your Business Customer (KYBC) requirements, as copyright holders requested. However, these only apply to marketplaces and not to hosting services or other platforms pirates commonly use. So that’s good news for criminals.

Re-upload Scripts Still Work

The DSA isn’t going to make it much harder to upload copyright-infringing content either. While there are some procedural changes to the takedown process, there is no “staydown” requirement. This means that pirates can continue to use their ‘re-upload’ scripts.

“We’re well adapted to notice and action. There are actually thousands of software scripts available for free on the internet that will real re-upload your illegal content immediately. Just if it ever should happen to get taken down from your favorite pirate cyberlocker. So good news for us to have minimal change on that front,” McCrook said.

On top of that, newer piracy business models often use IPTV or app-based models which don’t rely heavily on traditional URLs. This means that the proposed legislation will do little to curb those activities.

“I do a lot of my cybercrime through app-based technologies that don’t even use URL technology, so that’s good news. Basically, the DSA proposes process changes around notice and action but no staydown and therefore happily, from my perspective, no real disruption of the current cybercrime business model,” McCrook noted.

Try Proving Deliberate Collaboration

Finally, McCrook is pleased to see that online platforms will only lose their liability exemption if it can be proven that these services “deliberately collaborate” with pirates or other cybercriminals. This will be quite a challenge.

“Good luck seeing inside the mind of the platform operator and proving deliberate collaboration. I think that’s likely to help my platform of friends avoid liability even if it can be shown that their service is objectively designed to favor illegal content.”

Despite the somewhat cynical presentation, it’s clear that the MPA is not happy with the current proposal. And after ‘the real McCoy’ regained control over his feed, he made this pretty clear as well, calling for stricter technology-neutral legislation.

If anything, it’s clear that we can expect another clash between copyright holders, various technology companies, and rights groups, over how far copyright-related legislation should reach. This is a process that could drag on for years, as the Copyright Directive made clear.

Article 17 is Still Contested

Exactly two years ago, the European Parliament implemented the Copyright Directive, including the controversial Article 17. This requires online services to license content from copyright holders or, if that is not possible, to ensure that infringing content is taken down and not re-uploaded to their services.

Today, EU member states were expected to have the language transposed into local law. While many have, including Denmark, which finalized everything late last week, plenty of uncertainty remains.

For example, late last week the European Commission issued its guidance on the transposition of Article 17, which may or may not lead to more tweaks in local laws.

However, the real wait is for the EU Court of Justice, which will soon decide on Poland’s request to get rid of Article 17’s ‘filtering’ obligation. Among other things, the country argued that this will limit freedom of expression and lead to censorship.

We wonder what McCrook and his friends would make of all of this?

MPA “Hacker” Shows that Pirates Don’t Fear EU’s Copyright Takedown Plans

Amazon, Lee Child Pirate Site Lawsuit Encounters Creaking Ukrainian Legal System

Mon, 07 Jun 2021 20:16:27 +0000

Amazon, Lee Child Pirate Site Lawsuit Encounters Creaking Ukrainian Legal System

In 2020, Amazon teamed up with publisher Penguin Random House and authors including Lee Child and John Grisham to sue several pirate eBook sites operating out of Ukraine. After a cash-strapped local court reported that it had no stamps and envelopes so couldn't correspond on paper, the publishers had to hire a private investigator in an effort to track down and serve a key defendant.

Last summer, Amazon Content Services, publisher Penguin Random House and several authors including John Grisham and Lee Child, filed a lawsuit in the United States targeting a range of ‘pirate eBook sites.

Background: Massive Copyright Infringement

Operating under the ‘Kiss Library’ brand, Kissly.net, Wtffastspring.bid, Libly.net, and Cheap-Library.com marketed themselves as providers of a “premium selection” of books at “unbeatable prices”. The plaintiffs said that this was only possible due to the sites offering pirated copies of their books.

The action’s stated aim was to put the platforms out of business but also to seek damages from the people behind them including Ukrainian nationals Rodion Vynnychenko and Artem Besshapochny, who are said to have created Kiss Library and profited from its activities.

Just days after the action was filed, a Washington court handed down a preliminary injunction targeting the defendants and their payment processors, domain registrars, hosts, back-end service providers, affiliate program providers, web designers, and search engines. The court also issued an order to financial companies demanding that they locate all of the defendants’ accounts and prevent the transferral of any assets.

In her order, Judge Marsha J. Pechman noted that the restraining order was necessary since the defendants had “gone to great lengths” to frustrate the plaintiffs and the court by using “multiple false identities and addresses” and “purposely-deceptive contact information.” As the battle moved to Ukraine, this assertion became increasingly evident.

Ukraine Court System Under Strain

In April, the plaintiffs told the Washington court that they had served defendants Kiss Library, Artem Besshapochny and Jack Brown but were experiencing difficulties serving Rodion Vynnychenko. In part, the delays were put down to Vynnychenko deliberately attempting to evade service but other problems were related directly to legal rules in Ukraine and serious issues caused by the coronavirus pandemic.

Ukrainian law requires government service on parties using original paper copies of documents. The plaintiffs sent these (along with translations) in August 2020 but the Desnyanskyi District Court of Kyiv didn’t receive them until October 2020. In the meantime, Vynnychenko reportedly deregistered his Kyiv address and failed to appear at two hearings. When he did register a new address, the right court (Kirovskyi District Court of Kirovohrad) did not receive the service documents until February 2021. And problems were mounting.

At a hearing on March 4, 2021, to confirm service on Vynnychenko at his new address, Amazon and the other plaintiffs were informed that service could not go ahead because the court had run out of money. The seriousness of the matter was underlined when the court said it could not correspond on paper because the “court completely lacks postal stamps and envelopes for sending judicial correspondence.”

Defendant is a Moving Target

When the hearing continued on April 24, the Kirovskyi District Court informed plaintiffs’ counsel that the address provided by Vynnychenko was not in fact his residence. As a result, the court returned the request unexecuted to the Ministry of Justice leading the plaintiffs to take matters into their own hands by tracking down the defendant in person.

“Based on these repeated and intentional attempts to evade service, Plaintiffs engaged a private investigator to assist the Ukrainian government in identifying and confirming Defendant Vynnychenko’s place of residence,” they told the Washington court last week.

“Through those efforts, Plaintiffs located Vynnychenko’s true residence in Kyiv and forwarded his location to the Ministry for government-mandated service.”

Amazon and the other plaintiffs say that after identifying Vynnychenko’s home, the Ministry of Justice forwarded the service documents to the Holosiivskyi District Court last week. Another hearing is now scheduled for June 11 but given the evasion tactics deployed thus far, service actually taking place remains a question.

Issues With Other Defendants

Despite being properly served, defendants Artem Besshapochny and Jack Brown have both failed to appear at hearings thus far, meaning that none of the defendants have appeared as required. However, the plaintiffs aren’t idling in the background.

Last week they told the Washington court that in addition to tracking down Vynnychenko, they have also been pursuing discovery regarding the “identities and activities” of Does 1-10 as listed in the original lawsuit.

Given the problems thus far, it remains to be seen whether plaintiffs Amazon, Penguin Random House, Lee Child, Sylvia Day, John Grisham, C.J. Lyons, Doug Preston, Jim Rasenberger, T.J. Stiles, R.L Stine, Monique Troung, Scott Turow, Nicholas Weinstock and Stuart Woods will ever see a penny from this action.

They demand $150,000 per infringed work for willful direct copyright infringement and $150,000 per work for vicarious and/or contributory copyright infringement in respect of offenses carried out by Kiss Library’s users.

Related documents can be found here (1,2,3, pdf)

Amazon, Lee Child Pirate Site Lawsuit Encounters Creaking Ukrainian Legal System

Top 10 Most Pirated Movies of The Week – June 7, 2021

Mon, 07 Jun 2021 20:13:37 +0000

Top 10 Most Pirated Movies of The Week – June 7, 2021

Every week we take a close look at the most pirated movies on torrent sites. What are pirates downloading? 'The Conjuring: The Devil Made Me Do It' tops the chart, followed by ‘Cruella'. 'Wrath of Man' completes the top three.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only.

These torrent download statistics are meant to provide further insight into the piracy trends. All data are gathered from public resources.

This week we have three new entries in the list. “The Conjuring: The Devil Made Me Do It” is the most downloaded title.

The most torrented movies for the week ending on June 07 are:

Movie Rank	Rank last week	Movie name	IMDb Rating / Trailer
Most downloaded movies via torrent sites
1	(…)	The Conjuring: The Devil Made Me Do It	6.5 / trailer
2	(2)	Cruella	7.5 / trailer
3	(1)	Wrath of Man	7.3 / trailer
4	(3)	Army Of The Dead	6.0 / trailer
5	(4)	Mortal Kombat	6.4 / trailer
6	(…)	Spiral	5.4 / trailer
7	(6)	Godzilla vs. Kong	6.7 / trailer
8	(7)	Zack Snyder’s Justice League	8.4 / trailer
9	(…)	Occupation Rainfall	5.1 / trailer
10	(5)	The Unholy	5.0 / trailer

Note: We also publish an updating archive of all the list of weekly most torrented movies lists.

Top 10 Most Pirated Movies of The Week – 06/07/2021

Danish Piracy Crackdown Spreads from Torrent Sites to Facebook

Sun, 06 Jun 2021 21:45:23 +0000

Danish Piracy Crackdown Spreads from Torrent Sites to Facebook

A Danish court has convicted a man who streamed TV series and movies via Facebook Live. The owner of the 'Facebio' group was sentenced to 20-days probation and must pay $9,000 in piracy damages. The local anti-piracy group Rights Alliance, which referred the man to the authorities, is calling for stronger enforcement on legitimate social media platforms.

Over the past several months, Danish law enforcement authorities have effectively dismantled the once-thriving local torrent tracker scene.

It started in September and October 2020 when DanishBits and NordicBits went offline after their operators were caught. Other trackers tried to fill this void but were soon targeted as well.

These efforts are the result of cooperation between the anti-piracy group Rights Alliance and local enforcement authorities. This partnership has proven to be quite effective and the enforcement actions have resulted in several prison sentences as well.

It is safe to say that the criminal prosecutions will make prospective pirate site operators think twice before they start a new site. That said, foreign torrent sites are relatively unaffected and there are plenty of other piracy options as well, including social media platforms.

Criminal Prosecution of a Facebook Pirate

This hasn’t done unnoticed by the Rights Alliance, which recently reported a Facebook group to the authorities. The owner of the ‘Facebio’ group streamed movies and series via Facebook’s Live feature and maintained a library of videos that could be viewed on-demand.

Following the referral, the Danish Government’s SØIK’s IP-Task Force tracked down the operator, who was confronted and later confessed to sharing 19 movies and TV shows without permission.

Probation and Damages

Earlier this week, a court in Sønderborg sentenced the man – who’s in his thirties – to 20 days probation. In addition, he was ordered to pay 55,000 Danish Krone (~$9,000) in damages to the Rights Alliance which acts on behalf of various copyright holders.

According to a source familiar with the matter, users of the ‘Facebio’ group are not under investigation. That said, piracy on legitimate streaming platforms is an increasing concern for copyright holders, which could lead to more enforcement efforts.

A recent piracy study from MediaVision found that these services are very popular among pirates. Roughly 30% of Danish pirates said they use YouTube to find illegal content, and 22% use Facebook as a piracy source.

More Piracy Policing on Social Media

The survey was conducted before the massive crackdown on local torrent trackers, so the numbers could be even higher now. Commenting on this development, Rights Alliance Director Maria Fredenslund calls on the authorities to make sure that enforcement efforts expand to social media platforms.

“We are following developments closely and can see that illegal content on legal services is an increasing challenge. Therefore, it is absolutely crucial that the IP Task Force expands its efforts and now also investigates the illegal use of films and TV series on social media,” she says.

For now, however, the anti-piracy group is pleased to see that SØIK took its complaint seriously and that the Facebook ‘pirate’ was brought to justice.

“It sends a clear signal that there is nothing harmless about watching and sharing content illegally – not even when it takes place on Facebook or Youtube,” Fredenslund adds.

Danish Piracy Crackdown Spreads from Torrent Sites to Facebook

Floyd Mayweather vs. Logan Paul Will Be Another Piracy Bonanza

Sat, 05 Jun 2021 21:04:48 +0000

Floyd Mayweather vs. Logan Paul Will Be Another Piracy Bonanza

This weekend, boxing legend Floyd Mayweather will fight YouTuber Logan Paul for bragging rights, and the not insignificant prospect of tens of millions of dollars each, whatever the outcome. Despite calls from anti-piracy groups for people to watch the event legally, this matchup will be pirated to hell and back. Here's why.

When talk of a Floyd Mayweather versus Conor McGregor boxing match was first aired in the media, few true boxing fans believed it would happen. But it did and was a spectacular success, despite being heavily pirated.

There is no doubt that Mayweather enjoys the limelight but McGregor and his infamous trash-talk was always going to be a huge factor in attracting eyeballs. What followed was a boxing match that showed that if your mouth is big enough and you have enough fans, having a fistfight for money doesn’t have to follow the traditional boxing model.

Not to take anything away from these two professionals, but they have to shoulder some responsibility for what the boxing world now has to endure in the shape of brothers Jake and Logan Paul. While their abilities are up for debate, they have huge mouths and audiences to match, which makes them attractive commercial options for anyone wanting to punch them in the face.

This weekend, Logan Paul will try to emulate his brother’s performance against Ben Askren by knocking out Floyd Mayweather live on Showtime in the US and Sky in the UK. To be frank (and despite being at least 30 pounds heavier), that’s his only chance of winning the fight. But both men will emerge victorious whatever happens, to the tune of a rumored tens of millions of dollars each.

But that, of course, rests on people paying to watch the PPV. Unfortunately, all the signs suggest that huge numbers of people will pirate the event instead, and that will rest pretty squarely on the shoulders of Logan and brother Jake. Here’s why.

Jake and Logan Are Famous Because They’re Free

With 23.1m and 20.4 million subscribers on YouTube, Logan and Jake are undoubtedly internet superstars but for the large part, following them hasn’t cost fans a penny.

The brothers have successfully leveraged the advertising-supported models of YouTube and similar platforms to bring their content to the masses at pretty much zero cost, meaning that their fans simply aren’t in the habit of paying. Which is fortunate because a huge section of their audiences is unlikely to have much disposable income.

While Logan and Jake’s fans are continually growing up (hopefully at a faster rate than the brothers themselves) there is no doubt that these gentlemen attract a young audience. They are a huge deal with tweens, teenagers and younger adults who have grown up with the free nature of YouTube, not $49.99 (in the US) and £16.95 (in the UK) PPV events.

Indeed, the brothers largely market themselves to their social media audiences, which in their cases are populated by younger people. The problem with that is these fans present the perfect piracy storm. Not only do they have less free cash than older adults and have grown up in an environment of having to pay nothing, they also tend to be experts at finding free streams or have a large enough network to have them delivered on a plate.

When you add in the fact that the Pauls never shut up about having more money than most regular fans, you have to wonder whether the ‘Logangsters’ would want to part with all of their spare cash to watch the fight when an illegal stream is just a click away. And there are other problems too.

Iiiiiiit’s SHOWTIME!!..Possibly

For fans who did part with their money to watch Jake knock out Ben Askren in 70 seconds, there will be mixed emotions. Ok, their hero disposed of his opponent quickly and spectacularly but was it worth $49.99? As a boxing fan, who appreciates a good fight, absolutely not. The many clips on YouTube and other platforms by the next morning did, however, since they came at a price more closely associated with the Pauls’ other content.

To be clear, there will not be a quick knockout of Floyd Mayweather, so the round-to-dollar ratio should present much more value. But this is a fight card, not just one fight, so will there be more value there? Skimming it quickly, possibly. Being more objective, probably not.

Mayweather fans will relish him fighting but as high-quality cards go, this one ranks very averagely. Add in the fact that most Logan Paul fans will have zero clue who anyone else is on the card, it’s doubtful they’ll be sitting through all of it. In fact, most people are clearly only interested in the main event and whichever way you cut it, that is not worth the money in itself.

Piracy Bonanza Incoming

That will lead to the inevitable cries on Monday that while the fight did well, it will have been heavily pirated everywhere. The UK, where the Federation Against Copyright Theft has already issued a “DON’T PIRATE” warning on behalf of its client Sky, will be especially affected due to problems dating back decades.

Very big fights tend to happen in the US, on US broadcasting schedules, meaning that in the UK the Mayweather v Paul fight will take place in the middle of the night. Even for the most dedicated of fans, staying up all day and then all night is a big ask. Granted, younger fans might have less of a problem staying conscious but paying for a PPV and keeping mom and dad awake might prove even less popular.

Instead, expect many thousands of young Paul fans to be tucked up in bed with a phone, tablet or laptop for company, waiting for their social media friends to paste them a link to the fight, either live or straight after. The quality won’t be great but there will be enough detail to watch Logan get schooled for all eight rounds, if Mayweather wants it to go that far.

According to the contract, going the distance after making Paul look like an amateur still won’t mean a win for Mayweather though. So, the YouTuber’s fans can get up on the morning after the fight, declare victory, and begin saving up for Jake Paul’s next battle against former UFC champ Tyron Woodley in August.

Depending on how long the fight lasts (or God forbid Mayweather gets knocked out), paying might become a more attractive option next time. But let’s see.

Floyd Mayweather vs. Logan Paul Will Be Another Piracy Bonanza

New Triller Lawsuit Targets Young YouTuber For Jake Paul Fight Piracy

Fri, 04 Jun 2021 21:23:49 +0000

New Triller Lawsuit Targets Young YouTuber For Jake Paul Fight Piracy

Triller is continuing its pursuit of companies, business entities and individuals who allegedly posted the recent Jake Paul fight online without permission. The latest target is the operator of a small YouTube channel that showed the fight less than 300 times. Nevertheless, Triller is demanding damages that could reach tens of millions of dollars. A lot for what appears to be a very young man.

After the Jake Paul vs. Ben Askren fight took place in April, Triller fired off a $100m lawsuit targeting entities and individuals who allegedly streamed the event illegally online.

In the early stages, the lawsuit did not go to plan. Judge Percy Anderson wasn’t happy that 13 main yet separate defendants had been bundled into the same action, noting that the illegal conduct of one defendant could be wrongly attributed to another independent defendant.

As a result, every defendant except FilmDaily.com was culled from the suit, with Triller faced with having to file new lawsuits if it wanted to progress cases against other defendants. The company responded by suing the H3 Podcast and then last week filed three new lawsuits targeting the people behind Online2LiveStream.us and My-Sports.club, plus YouTuber ‘ItsLilBrandon’.

Yesterday, Triller added yet another fresh lawsuit to the collection, targeting the operator of another YouTube channel.

Lawsuit Targets Matthew Space, Alleged Owner of ‘Eclipt Gaming’

While all lawsuits are serious by their very nature, it’s hard to view the Elipt Gaming YouTube channel in the same light as some of the other defendants in Triller’s litigation drive.

First of all, Eclipt is small. At the time of writing the YouTube channel has just 2,250 subscribers who mostly appear interested in the gaming videos on offer. Even then, these videos aren’t particularly popular. While a GTA Online video has 1,600 views, the vast majority of the others are lucky if they get a couple of hundred. This is definitely not a major piracy hub.

Nevertheless, the terminology used by Triller pulls no punches. Eclipt Gaming is described as a business entity founded around March 2018 and operated by an individual named as Matthew P. Space. Triller also throws in an additional 10 ‘Doe’ defendants for reasons that are not yet clear. The company goes on to allege copyright infringement, taking care to eliminate any attempt at a ‘fair use’ defense.

“[O]n or about April 19, 2021, Defendants, and each of them, unlawfully uploaded, distributed and publicly displayed, without authorization, and with no supplemental commentary or other attempt at transformation, the Broadcast to the users of the YouTube Channel, as a video entitled ‘Jake Paul Vs Ben Askren Full Fight + Highlights & Post Fight Interview,’ which was available at https://youtube.com/watch?v=YAfEWF4tdco,” the lawsuit reads.

Triller says it “promptly notified YouTube of the infringing content, and the aforementioned video is no longer available,” although the link does not return a YouTube copyright complaint notice.

Triller’s Evidence Reveals Fight Was Streamed 297 Times

As shown in the screenshot below, Triller visited the Eclipt Gaming channel after the fight was finished, something which is made clear by the inclusion of a post-fight interview in the allegedly infringing video. In common with Eclipt’s other videos the fight was lightly viewed, having been streamed just 297 times, although Triller expands that in its comments to the court.

“Defendants’ calculated and reprehensible infringement, theft, and other unlawful acts — committed in knowing violation of the law — has resulted in damages suffered by Plaintiff by stealing and diverting at least 300 unique viewers of the illegal and unauthorized viewings of the Broadcast from Plaintiff,” Triller’s complaint reads.

In common with Triller’s other recently filed lawsuits, the company describes Eclipt in extremely elaborate terms, including claims that it acts as a “shell” for Matthew Space’s business interests that was “conceived, intended, and used by Space as a device to avoid liability and for the purpose of substituting an undercapitalized entity — namely, Eclipt — in the place of Space.”

It will be interesting to see what the court makes of that claim and various others that tread similar lines, including claims that Space and Eclipt commingled assets and engaged in unlawful business conduct in an effort to avoid liability to Triller. On first blush and based on the videos on offer, it seems unlikely that there were many assets to commingle, let alone in any particularly organized fashion.

Claims Show Judge Was Right to Dismiss Original Lawsuit

As previously mentioned, the Judge dealing with the original $100m complaint was concerned that bundling many defendants into one suit could result in the illegal conduct of one defendant being wrongly attributed to another. Those concerns are now proving to be correct. The new batch of lawsuits, including the one filed against Eclipt, are all different. Indeed, most have a laundry list of offenses but for Eclipt, just three are listed.

Alleging copyright infringement and vicarious copyright infringement, Triller says that Eclipt “illegally copied, uploaded, publicly performed and distributed the Broadcast via the internet with full knowledge that the Broadcast could only be obtained by purchasing a license from Plaintiff.”

For this Triller demands all profits made by the defendants and damages for its losses, in a sum to be determined at trial. At least in theory, these claims could reach tens of millions of dollars.

Alleging violations of the Federal Communications Act, Triller says that Space/Eclipt somehow “intercepted, received and/or descrambled Plaintiff’s satellite signal” in order to receive the fight and subsequently copied and distributed it via YouTube in exchange for “payments to aid, encourage, support, or otherwise endorse Defendants’ infringing conduct.”

For each offense (at least 300, according to Triller) the company demands up to $110,000, meaning that Eclipt/Space could, in theory, be on the hook for an additional tens of millions of dollars in damages. That’s a lot for someone who looks a lot like a teenager in his numerous gaming videos from just a couple of years ago.

Triller’s complaint can be found here (pdf)

New Triller Lawsuit Targets Young YouTuber For Jake Paul Fight Piracy

Anti-Piracy Outfits Target Anti-Piracy Company With Questionable DMCA Takedowns

Fri, 04 Jun 2021 21:21:04 +0000

Anti-Piracy Outfits Target Anti-Piracy Company With Questionable DMCA Takedowns

The CoPeerRight Agency is a French anti-piracy company that's been around for nearly two decades. Aside from targeting pirated content on P2P networks and video hosting services, the company shares promotional trailers for clients as well. Ironically, many of these authorized videos are taken offline by fellow anti-piracy groups. To stop this abuse, the CoPeerRight Agency calls for more manual verification.

As a veteran in the anti-piracy business, the CoPeerRight Agency has witnessed many online piracy threats come and go.

When the company first started, LimeWire was the largest threat. This was later replaced by torrent sites, and today, pirate streaming and IPTV services are flourishing.

All these years, CoPeerRight has offered its clients a variety of anti-piracy tools. The company sends standard takedown notices to sites and platforms, but it also uploads trailers to steer people away from pirated content.

These promotional trailers can be seeded on torrent sites to sow confusion. However, the anti-piracy outfit also publishes trailers on legitimate streaming platforms such as Vimeo and YouTube. This helps to raise the profile of local film releases and can generate additional revenue.

The videos are all published with authorization from local distributors or rightsholders, but that doesn’t mean that there aren’t any issues.

RIAA Targets Movie Trailer

Just a few days ago we noticed that the RIAA sent a takedown notice that targeted one of these ‘authorized’ movie trailers. Specifically, the Italian trailer for “The Dressmaker” movie.

This RIAA represents music companies, so that alone makes it an odd takedown notice. In addition, CoPeerRight informed us that they have the right to distribute this video internationally. As such, the company believes that it should have never been removed from Vimeo.

“We were surprised to receive a strike for a trailer that we posted for marketing purposes with authorization of the rightsholder,” a CoPeerRight spokesperson informed us, adding that “this happens from time to time.”

With movie trailers, there are often dozens of rightsholders involved. This includes distributors around the world and the accompanying music may complicate matters even further.

“The Dressmaker” trailer included music from Universal Music, which is indeed an RIAA member. However, according to CoPeerRight, all the rights were properly cleared. The company swiftly sent a DMCA counternotice to Vimeo hoping to get it restored.

While one would expect that this matter would be resolved fairly quickly, the RIAA wasn’t eager to restore it immediately. The music group instead referred CoPeerRight to a representative from Universal Music, who never replied, and the trailer remained offline.

Earlier this week, it was finally restored. Under the DMCA, Vimeo is required to do so within 10 working days, unless the claiming party files a lawsuit. That didn’t happen. In fact, CoPeerRight heard nothing from Universal Music or the RIAA.

Not an Isolated Incident

At first, we assumed that this must be an isolated incident or a mere oversight. However, CoPeerRight says that, while RIAA mistakes are rare, takedowns from other anti-piracy groups are actually pretty common.

“Our clients’ promotional content is regularly deleted by anti-piracy companies. The main issue is a lack of manual verification,” the company explains.

To back up these claims, CoPeerRight shared a long list of videos that were flagged over the past several years. This put the company at risk of losing profitable promotion Vimeo and YouTube channels, some of which have over 100,000 subscribers.

And that’s not all. The problem is even worse on torrent sites, where CoPeerRight also releases trailers. This is a tactic to steer people away from pirate releases but it’s also a magnet for takedown notices from rightsholders, which assume that it’s pirated content.

Takedowns Target Legal Torrents

Over the years, other anti-piracy groups have removed numerous promotional torrents from Google’s search results.

“We stopped counting the notices from anti-piracy companies that remove Google search results. However, these takedown notices undermine our promotional campaigns on torrent trackers,” CoPeerRight informs us.

Mixed Responses

The French anti-piracy outfit regularly reaches out to colleagues to discuss these issues. This doesn’t always help but on occasion, it can bear fruit.

For example, some anti-piracy companies are relatively quick to retract inaccurate takedowns. In one email we’ve seen, one even offered to add the affected channel to a whitelist.

An email conversation with another anti-piracy company, which we shall leave unnamed, was less friendly. When CoPeerRight described that company’s notices as “fraudulent” it quickly escalated into a legal threat.

All in all, it is no surprise that mistakes happen. And when the volume is massive they will be more noticeable. Still, we didn’t expect that anti-piracy companies would regularly target each other’s content.

CoPeerRight stresses that RIAA’s takedown notice is quite rare. However, there are other anti-piracy vendors who are known to make the same mistakes over and over again.

Ideally, the anti-piracy company would like platforms such as Vimeo and YouTube to publish DMCA counternotices in the Lumen Database, similar to what they do with regular DMCA notices. That would make the process much more transparent.

“We take pride in carrying out legitimate copyright protection on the video platforms, but other vendors, under the guise of anti-piracy, have questionable practices. But I am sure you are already aware of that,” CoPeerRight concludes.

Anti-Piracy Outfits Target Anti-Piracy Company With Questionable DMCA Takedowns

Copyright Holders Hold Cloudflare Liable for Failing to Terminate Repeat Infringers

Fri, 04 Jun 2021 02:38:08 +0000

Copyright Holders Hold Cloudflare Liable for Failing to Terminate Repeat Infringers

In a California court case, Cloudflare stands accused of failing to terminate customers repeatedly called out as copyright infringers. The case wasn't filed by Hollywood or the major record labels, but by two manufacturers of wedding dresses. They have now filed a motion for summary judgment, stating that the CDN provider could and should have done more to prevent copyright infringement.

Popular CDN and Internet security service Cloudflare has come under a lot of pressure from copyright holders in recent years.

The company offers its services to millions of sites. This includes multinationals, governments, but also some of the world’s leading pirate sites.

Many rightsholders are not happy with the latter category. They repeatedly accuse Cloudflare of facilitating copyright infringement by continuing to provide access to these platforms. At the same time, they call out the CDN service for masking the true hosting locations of these ‘bad actors’.

Cloudflare sees things differently. The company positions itself as a neutral service provider that doesn’t ‘host’ any infringing content and says it passes on information temporarily cached on its services.

This means that if copyright holders report problematic URLs to Cloudflare, the company forwards the DMCA takedown notices to its customer. By doing so, Cloudflare is convinced that it operates in accordance with the law.

Repeat Infringer Lawsuit

That stance is not appreciated by all rightsholders and in 2018 the service was taken to court over the issue. The case wasn’t filed by major entertainment companies, but by two manufacturers and wholesalers of wedding dresses. Not a typical “piracy” lawsuit, but it’s a copyright case that could have broad implications.

In a complaint filed at a federal court in California, Mon Cheri Bridals and Maggie Sottero Designs argued that, despite multiple warnings, Cloudflare failed to terminate sites operated by counterfeit vendors. This makes Cloudflare liable for the associated copyright infringements, they said.

Cloudflare disagreed and filed a motion to dismiss. The company said that the rightsholders failed to state a proper claim, as the takedown notices were not proof of infringement, among other things. The California Federal Court disagreed, however, and allowed the case to move forward.

Rightsholders Request Summary Judgment

This ruling was good news for Mon Cheri Bridals and Maggie Sottero, which have now filed a motion for summary judgment. The companies argue that Cloudflare is liable for both direct and contributory copyright infringement, hoping to establish this as fact before trial.

The wedding dress manufacturers explain that they sent Cloudflare numerous takedown notices. These notices identified allegedly infringing images that were hosted by Cloudflare’s subscribers and requested the company to take action to prevent further infringements.

In response, Cloudflare forwarded these notices to its clients and their hosting providers, as is common policy. However, according to the rightsholders, this is not enough.

“Cloudflare did not investigate the alleged infringement, did not request any information from its customers, did not remind its customers of Cloudflare’s infringement policy or threaten any type of disciplinary action […] and did not do anything to evaluate whether its customer was indeed engaged in infringing activities.

“It did not matter whether Cloudflare received 1, 101, 10,000, or 1,000,000 infringement notices concerning a domain client – its response and handling of the complaints was always the same,” the dress manufacturers add.

Cloudflare believes that it’s following the law. In the past, the company stressed that it doesn’t store any infringing material on its servers, so forwarding the notices is sufficient.

“Cloudflare Can and Should Take Action”

The wedding dress manufacturers clearly disagree and claim that the CDN provider could and should have taken simple steps to prevent infringements

“[A]fter receiving numerous notices of infringement implicating a website client, Cloudflare could have taken simple measures to prevent further infringement, including evicting the infringing content from its cache servers and terminating caching services until the website proves compliance with Cloudflare’s anti infringement policies,” the companies write.

“And while Cloudflare may not have control over the infringing content on a website’s origin host servers, it can and should do its part to curb infringement by not permitting repeat infringers to use its services to more effectively and quickly distribute infringing material to consumers in the United States.”

With the motion for summary judgment, the copyright holders ask the court to rule that, because it failed to act, Cloudflare indeed is liable for the repeat infringements of its customers. If that is the case, the only remaining issue will be the scale of the damages claim.

Potential for Broad Implications

Cloudflare will likely disagree with these allegations but, at the time of writing, it has yet to respond in court. Previously, Cloudflare scrutinized the practices of the wedding dress manufacturers’ DMCA takedown partner, while describing the notices as invalid.

This isn’t the first time that the repeat infringer issue has come up in US courts. Several movie companies successfully sued ISPs that failed to take action against repeat infringers. These ISPs didn’t host any copyrighted material either.

While the present case doesn’t directly involve any pirate sites, it could have potentially far-reaching consequences. If the court rules that Cloudflare’s current policy is insufficient, it could be required to take stricter action against other sites as well.

—

A copy of the motion for summary judgment, submitted at a California Court by Mon Cheri Bridals and Maggie Sottero Designs, is available here (pdf)

‘Terminating Internet Access Based on Piracy Accusations is Extremely Harmful’

Thu, 03 Jun 2021 19:41:02 +0000

‘Terminating Internet Access Based on Piracy Accusations is Extremely Harmful’

A wide variety of public interest groups, trade organizations, and law professors have come out to support ISP Cox Communications in its effort to reverse a piracy liability ruling. In various amicus briefs, they inform the Court of Appeals for the Fourth Circuit that if the current verdict stands, many people risk having their Internet access cut off based on one-sided piracy accusations, which would be extremely harmful.

Two years ago Internet provider Cox Communications lost its legal battle against a group of major record labels.

A Virginia jury held Cox liable for pirating subscribers because it failed to terminate accounts after repeated accusations, ordering the company to pay $1 billion in damages.

The ISP disagreed with the verdict and filed an appeal. In its opening brief, filed at the Court of Appeals for the Fourth Circuit last week, Cox argued that it’s incorrectly being held liable for pirating subscribers. Not only that, but the company also warned against the harm that a loss of Internet access can cause to businesses and individuals.

Cox is not alone in this assessment. This week, a variety of organizations and groups have submitted amicus curiae briefs to the court, supporting Cox’s call to reverse the verdict. All these groups highlight the harm Internet disconnections will cause.

Law Professors Back Cox

The first amici curiae brief comes from seventeen intellectual property law professors, who are connected to universities throughout the United States. They highlight various legal arguments.

For example, the professors explain that Cox shouldn’t be held liable for vicarious copyright infringement, as there is no evidence that its policies acted as a ‘draw’ to potential pirates. On the contrary, Cox’s anti-piracy policy appeared to be more strict than those of its competitors.

“There was no evidence in this case that customers subscribed to Cox because of any knowledge or expectation about how it treated infringement. Indeed, the record shows no evidence that customers subscribed to Cox for any reason other than to access the internet for its wide variety of legal uses,” the professors write.

Disconnections are Disproportionate

Keeping the current verdict intact will violate internet principles, the professors note. It causes disproportionate harm because ISPs have to closely monitor the traffic of subscribers, which invades privacy. Alternatively, they can terminate accounts of customers based on third-party allegations, which would be harmful as well.

“If ISPs are forced to engage in proactive enforcement, they have a limited set of actions they can take to control alleged infringement. Their primary tool — terminating accused subscribers from the internet altogether — is a blunt instrument that would lead to remedies disproportionate to any violation.

“The COVID-19 pandemic has reinforced the internet’s importance,” the professors add (pdf). “A loss of internet service, now more than ever, could seriously harm almost every aspect of an individual’s personal and professional life”

EFF and Others Chime In

Similar arguments were made by other amici curiae. This includes a broad coalition of the EFF, Public Knowledge, the Center for Democracy and Technology, and various library organizations.

Their brief (pdf) stresses that Internet terminations are not required under the DMCA, as there are other options to deter pirates. If ISPs are required to disconnect users, based simply on third-party complaints, it will lead to catastrophic consequences.

“More aggressive termination policies would punish the innocent and guilty alike,” the organizations warn the court.

“Distance learning, telework, and telemedicine have become essential during the pandemic and are likely to remain so. For many or even most subscribers, loss of internet access would be catastrophic.”

Internet Association’s Power Company Analogy

A similar warning is repeated in the amicus curiae brief from the Internet Association. The group argues that ISPs can indeed stop piracy by terminating Internet access, but that doesn’t make it a reasonable solution.

If an ISP can be held liable for copyright infringement because it fails to terminate alleged pirates, would the same apply to the power company that supplies the energy for the pirating device?

“Termination of internet access to a house, business, or smaller ISP is not like removing or disabling access to infringing content,” the Internet Association writes (pdf).

“It is more like cutting off electricity to a building. Doing so may stop illegal downloading from occurring on the property, but failure to do so does not make the power company contributorily liable for whatever takes place.”

Using a Cannon to Shoot a Mosquito

In yet another amici curiae brief, the broadband and wireless organizations CTIA, NTCA, and USTelecom, present another analogy.

In addition to various legal arguments, the groups equate the use of Internet terminations to stop piracy to shooting cannons to kill a mosquito. It may work, but at what cost?

“This is a quintessential case of using a cannon to kill a mosquito. The consequences of denying consumers access to the internet based on unverified allegations of prior copyright infringement cannot be overstated,” the organizations write (pdf).

“It has become particularly evident over the past year that the internet has become not only an essential platform for the exercise of free speech, but a critical means of access to education, employment opportunities, vaccines, medical care, defense and vindication of legal rights, and access to food and other essential products and services.”

All the highlighted briefs support Cox’s request to reverse the district court’s liability ruling. In the weeks to come, the music companies are expected to share their arguments, which will likely be backed by other copyright holders in various amicus briefs.

‘Terminating Internet Access Based on Piracy Accusations is Extremely Harmful’

Mangamura Operator Handed Three-Year Prison Sentence, $650K in Fines

Wed, 02 Jun 2021 19:22:35 +0000

Mangamura Operator Handed Three-Year Prison Sentence, $650K in Fines

The former operator of Mangamura, a now-defunct site blamed for causing billions of dollars in losses to the Japanese manga industry, has been sentenced in Japan. Romi Hoshino, 29, was sentenced by the Fukuoka District Court to three years in prison and fines in excess of US$650,000.

After being founded in 2016, pirate site Mangamura was said to have caused huge damage to the local manga industry.

According to Japan-based anti-piracy group CODA, in just two years Mangamura caused around $2.91 billion in losses but in April 2018 the show came to an abrupt end.

Just days after the government in Japan announced emergency websites blocking measures against several sites, including Mangamura, the download platform shut itself down. At the time the move appeared to be voluntary but serious developments were taking place behind the scenes.

It transpired that a criminal investigation was underway into the Mangamura’s activities, which eventually led to the arrest of the site’s operator, Romi Hoshino, in Manilla.

Hoshino was later deported to Japan where he was arrested by the authorities in advance of a criminal trial. Close to two years later, Hoshino has now discovered his fate.

Three Years in Prison, Heavy Fine

On Wednesday at the Fukuoka District Court, Hoshino is reported to have appeared all in black and sporting a ‘buzz cut’. Nikkei notes that he maintained the same expression throughout as Judge Hiroshi Kamihara handed down a guilty verdict.

According to the Court, the 29-year-old breached copyright law and concealed the criminal proceeds from Mangamura by depositing them into a foreign bank account.

Judge Kamihara sentenced Hoshino to three years in prison and fined him 10 million yen (US$91,146). The Judge also levied an additional fine of 62 million yen (US$565,105), an amount equal to the advertising revenue earned from Mangamura between December 2016 and November 2017 and banked overseas.

Justifying the sentence, the Judge noted that the punishment handed down was appropriate given the scale of the offending and the implications of allowing piracy to run away unhindered.

“There is a risk of destroying the profit structure of copyrighted works from the ground up and hindering the development of culture. It is highly illegal,” he said.

Publisher Shueisha Welcomes The Sentence

After the decision was handed down, a spokesperson for publisher Shueisha welcomed the sentence and expressed hope that it would deter others.

“If a work created with heart and soul is released for free, it will damage the soil where interesting works are born. The prison sentence is appropriate. We expect it will have a deterrent effect,” the company said.

Mangamura Operator Handed Three-Year Prison Sentence, $650K in Fines

Database of ‘Pirate Site Haven’ DDoS-Guard is Reportedly Up For Sale

Wed, 02 Jun 2021 19:19:17 +0000

Database of ‘Pirate Site Haven’ DDoS-Guard is Reportedly Up For Sale

The database of DDoS-Guard, a bulletproof hosting service utilized by many pirate sites, is reportedly up for sale on a hacking forum. DDoS-Guard was previously reported to the USTR as a 'notorious market' by the MPA for allegedly playing host to file-sharing giants BS.to, S.to, and file-hosting site GoUnlimited. According to the sale, the leak includes the details of whoever operates major Russian torrent site RuTracker.

So-called bulletproof hosting services are a thorn in the side of anti-piracy groups everywhere.

They operate much like regular hosting companies but are much more lenient when it comes to complaints from third parties, meaning that spammers, online gambling entities, and other questionable actors have a better chance of keeping their content online.

Given that pirate sites now fall into these categories, bulletproof hosters are also havens for pirate sites. As a result, they attract the negative attention of Hollywood studios who complain about their refusal to deal with takedown notices responsibly.

DDoS-Guard Previously Reported to the USTR

Late 2020, the MPA made its annual submission to the USTR’s notorious markets study, including familiar pirate site targets such as The Pirate Bay, RARBG, YTS, 1337x, Popcorn Time, Leakthis, and Rapidgator, among others.

The Hollywood group also included several Internet infrastructure companies for consideration including Peter Sunde’s Njalla, the .to domain registry, and several hosting services including Cloudflare and DDoS-Guard.net. The latter earned its place on the MPA’s list for playing host to large pirate and file-hosting sites including BS.to, S.to, and GoUnlimited. DDoS-Guard was also linked to so-called ‘pirate CDNs’ (including Kodik) operating from Russia.

“Some of the biggest sites are taking advantage of DDoS-Guard’s services, including bs.to and s.to from this list. DDoS-Guard is not responsive to takedown requests,” the MPA told the USTR.

While DDoS-Guard didn’t make it to the final report published earlier this year, the service could now have an even more serious problem on its hands.

DDos-Guard’s Database and Source Code Reportedly Up For Sale

According to a report from cybersecurity company Group-IB, last week it discovered an unusual sale taking place on the forum of hacking site Exploit.in. The forum is currently down, but Group-IB says the DDoS-Guard database and source code were allegedly on offer.

“The database supposedly contains information about DDoS-Guard’s customers, including their names, IP-addresses, and payment information. In addition to the database, the threat actor claims to have the source code of the DDoS-Guard’s infrastructure,” Group-IB’s report reads.

“The seller is currently auctioning the entire set at a starting price of $350,000. It is not possible to verify the authenticity of the alleged stolen data, as the threat actor didn’t provide the sample.”

Obvious Implications For Pirate Sites

Operating out of Russia (and according to the MPA, also the UK) DDoS-Guard is fairly well known for its dealings with pirate sites. In 2020, for example, Germany-focused music piracy site DDL-Music.to went offline after Universal Music took legal action against Cloudflare, which had been providing CDN services to the platform.

DDL-Music later reappeared using the services of DDoS-Guard but it’s certainly not the only site that could be affected by the alleged leak of the CDN/DDoS mitigation platform’s database.

As seen in the Group-IB-supplied screenshot below, the person offering the company’s data for sale specifically mentions RuTracker, one of the largest and longest-standing torrent sites on the Internet.

The database and source package was initially offered for $500K but the price has been dropped by $150K, presumably to be of more interest to prospective buyers. The big question, at least as far as pirate sites go, is whether the leak (should it prove genuine) carries any useful information about the operators of the many pirate sites who have used the service.

In many circumstances, CDN and DDoS companies are given fake or useless information which can lead to nowhere. However, if there was a level of trust that information would be kept secret, it’s certainly possible that some entities may have let their guards down.

Considering its earlier research into the activities of DDoS-Guard as part of its Jolly Roger’s Patron’s report, TorrentFreak has asked Group-IB for a list of pirate sites using the platform. We’ll update this piece when that becomes available.

Database of ‘Pirate Site Haven’ DDoS-Guard is Reportedly Up For Sale