Movie studio Voltage Pictures has targeted alleged movie pirates in court for well over a decade.

The company and its subsidiaries filed numerous lawsuits against internet subscribers in the United States, Australia, and Europe, using various strategies.

In Canada, Voltage and other film companies attempted to target a large group of copyright infringers through a reverse class-action lawsuit, which is relatively rare. The movie company argued that this is a cheaper way to target large numbers of infringers at once.

The lawsuit in question, filed in 2016, revolves around a representative defendant, Robert Salna, who provides WiFi services to his tenants. Through Mr. Salna, Voltage hoped to catch a larger group of infringers.

The case garnered the interest of the Canadian Internet Policy and Public Interest Clinic (CIPPIC) which intervened in the Federal Court proceeding to represent anonymous defendants. The intervention was a success and the Federal Court dismissed the class action attempt in 2019.

Filmmakers Don’t Give Up

While the filmmakers lost their first battle in court, that was just the beginning. The case went through a series of appeals and cross-appeals, and Voltage also petitioned the Supreme Court to take on the matter.

Last year, the Federal Court of Appeal in Toronto took on what now appears to be the final proceeding. The filmmakers hoped to overturn an earlier dismissal by the Federal Court.

One of the contested issues relates to how the class action defendants are notified. Voltage argued that this could be done through the piracy notices ISPs are required to forward under subsection 41.25(2) of Canada’s Copyright Act.

The filmmakers hoped to utilize Canada’s notice-and-notice regime to reach out to proposed defendants. Under their proposal, a hyperlink to contact the rightsholder’s attorney would be added to the notices.

Overall, Voltage argued that the reverse class action approach is doable and should be certified.

Federal Court of Appeal Rejects Reverse Class Action

After hearing both sides, Justices Gleason, Goyette, and Biringer disagreed with Voltage. In their decision issued on July 16, they conclude that the proposed class action is not permitted under the Copyright Act.

More fundamentally, they ruled that a reverse class action is not the preferred procedure for these types of cases, leading to the dismissal of the case in its entirety.

Citing Supreme Court jurisprudence, the Court of Appeal concluded that, to identify alleged copyright infringers, these types of lawsuits should use Norwich orders, not the notice-and-notice system.

“The Supreme Court of Canada […] noted that a copyright owner who wishes to sue a person alleged to have infringed copyright online must proceed by way of a Norwich order to obtain details about them and cannot use the notice-and-notice regime in the Copyright Act for this purpose,” Justice Mary Gleason concludes.

The Supreme Court citation
 

The federal court previously ruled that Voltage’s proposed use of the “notice-and-notice” regime is not permitted. The Copyright Act specifically states that these notices can’t be used to offer settlements, demand payments, or to request personal information.

Similar to piracy warnings that ISPs forward in other countries, the notices are mainly aimed to act as a deterrent.

“In short, the context of the notice-and-notice regime demonstrates an intention to limit the involvement of ISPs to the initial delivery of a notice aimed at deterrence,” the Court of Appeal verdict reads.

“This context does not suggest that a copyright owner who wishes to pursue enforcement against the suspected infringer could use the notice-and-notice regime as a litigation tool,” the order adds.

IP Address Is Not Sufficient

The verdict also cites jurisprudence holding that an IP address alone is not sufficient to establish copyright infringement. It also requires proof that the defendant authorized or controlled the alleged infringements, instead of merely being the listed subscriber connected to an IP address.

This is a critical finding when it comes to the class action approach where all defendants are treated similarly, as these nuances may differ greatly from person to person.

“I cannot see how there is any basis in fact to conclude that the proposed class proceeding is preferable to individual actions because the individual issues in this case swamp whatever common issues there might be,” Justice Gleason writes.

Case Closed, Costs Owed

The Federal Court of Appeal denied the appeal brought by Voltage Pictures and the other film studios therefore the Federal Court’s decision to deny certification of the proposed reverse class stands.

Crucially, the Court issued the dismissal without leave to reapply, permanently ending the legal battle. In doing so, the Court of Appeal effectively closed the door on the strategy being used in mass copyright lawsuits against individuals in Canada.

This doesn’t mean that BitTorrent users can no longer be sued, but reverse class action lawsuits of this type appear off-limits.

In addition to ending this long-running lawsuit, the court also upheld the Federal Court’s decision to award Mr. Salna CAD$50,710 in costs for the previous proceedings, noting that this was warranted by the “exceptional circumstances” and novel issues in the case. The film companies must also pay Mr. Salna’s appeal costs.

All in all, this final decision is a clear victory for Robert Salna and the thousands of people who could’ve been targeted through this and future cases.

Source

Hope you enjoyed this news post.

Posted Tuesday 5 August 2025 at 3:48 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of July): 3,458

RIP Matrix | Farewell my friend  

In 2012, America missed a golden opportunity to show the world how site blocking and other internet restrictions could be deployed at scale to protect rightsholders’ revenues.

Vast opposition led to the SOPA bill being withdrawn but elsewhere, site blocking was being introduced in one country after another, driven by the same core rightsholders.

Claims that the United States needed to catch up led to a new push towards site blocking. After publicly getting underway in January, a key statistic concerning the common use of blocking outside the U.S. seems to have changed its appearance.

Blocking Democracy

Confirmation that site-blocking was back on the political agenda was announced at CinemaCon in April 2024.

“Site-blocking is a common tool in almost 60 countries, including leading democracies and many of America’s closest allies,” MPA Chairman and CEO Charles Rivkin informed the audience.

“So today, here with you at CinemaCon, I’m announcing the next major phase of this effort: the MPA is going to work with Members of Congress to enact judicial site-blocking legislation here in the United States.”

The FADPA bill, the yet-to-be-published ACPA bill, and new addition Block BEARD bill, represent three different takes on a familiar site-blocking recipe.

Each bill contains more or less of the same core ingredients utilized in countries engaged in blocking elsewhere. The headline figure of 60 countries may have needed some initial adjustment, and potentially even more after democracy entered the site-blocking equation.

“This targeted legal tool mirrors successful approaches used in over 50 democratic countries,” the background text for the Block BEARD bill explains.

Site Blocking and Democracy

If site blocking is a common tool in 60 countries around the world, having 50 democracies in the mix seems to imply that blocking is compatible with democratic values.

While that may well be the case, it doesn’t explain the sudden disappearance of 10 countries, which in theory could include “leading democracies” and/or close American allies.

In reality, quietly disposing of a few isn’t such a bad idea. While many countries block pirate sites, some also have a tendency to block other sites for different reasons, including around election time to ensure a ‘fair’ vote. These countries swell the numbers, but on balance the optics aren’t that great.

Framing site blocking as popular in democracies isn’t new. However, the headline figure of 60 countries in which the MPA previously reported positive site-blocking experiences, “with one of the most effective tools” in the toolbox, has no corresponding public list of countries for reference.

As a result, determining how 60 sites became 50 isn’t straightforward. That being said, presentations made available by the World Intellectual Property Organization show blocking countries on a map of the world, and color coded to show the blocking mechanisms they use.

The only thing left to do was add them all up.

Site-Blocking Countries Part 1

Using the presentation slides, data from other sources, and a more clearly defined map, we attempted to identify every country present in the most recent original dated February 2025 (above/far right, below/grayed out) to compile a more detailed list.

Countries potentially identified: Australia, Austria, Belgium, Czech Republic, Denmark, Finland, France, Germany, Greece, Iceland, India, Indonesia, Ireland, Italy, Latvia, Lithuania, Malaysia, Netherlands, Norway, Philippines, Portugal, Romania, Russia, Slovakia, South Korea, Spain, Sweden, Thailand, Turkey, United Kingdom, Vietnam (30 countries)

Based on the original map, all of these countries block sites on copyright grounds, but how many are democracies?

Full democracy (22), Flawed democracy (3) Not a democracy (6)

We assume the 22 full democracies above are among the ~50 countries referenced in the bill, but since there’s no official list with every country named, we don’t know which of the remaining countries are accounted for.

Site-Blocking Countries Part 2

Countries potentially identified: Argentina, Benin, Bolivia, Brazil, Canada, Colombia, Democratic Republic Of Congo, Ecuador, Equatorial Guinea, Gabon, Guinea, Ivory Coast, Kenya, Madagascar, Mali, Mexico, Niger, Paraguay, Peru, Republic Of Congo, Senegal, Uruguay, Venezuela (23 countries)

Based on the original map, all of these countries block sites on copyright grounds, but how many are democracies?

Full democracy (2), Flawed democracy (11), Not a democracy (10)

We assume the pair of full democracies are among the ~50 countries referenced in the bill, but since a comprehensive list remains elusive, we draw no firm conclusions.

Overall, we’ll also assume that both full and flawed democracies from both sets qualify for inclusion, which leaves us with 22 full democracies and 14 flawed democracies. That’s 36 countries in total but still short of the ~50 required. If anyone has any additional details to share, please feel free to contact us.

Additional Countries and Aggressive Blockers

Countries that allow site blocking that we initially missed include Israel (barely visible but indeed present on the MPA’s map) and Egypt, which was not identified as included according to the February 2025 presentation.

Whether the latter currently allows site blocking in a usable format isn’t clear. Nor does it help us get closer to the increasingly unlikely target of 50 site-blocking democracies, which comes under further pressure from countries heavily engaging in non-copyright blocking.

Indeed, many countries in the list use their pirate site-blocking capabilities to target other sites for reasons that have nothing to do with copyright. Some clearly need no encouragement to do so.

Furthermore, there are numerous countries that despite having site-blocking ‘on the books’, haven’t blocked any sites in years or haven’t made use of their blocking mechanism at all. Nevertheless, it appears that some must’ve been counted in the overall total.

Blocking Can Always Be Justified

In Europe, full democracies overwhelmingly use their blocking abilities as intended, i.e they’re used to block access to copyright infringing sites. However, most if not all EU countries (plus the UK) currently block access to a number of Russian news outlets in response to the invasion of Ukraine. Rather than censorship, the official reason for blocking is sanctions/misinformation.

Whether one agrees or disagrees that from a perspective of conflict new rules inevitably come into play, blocking access to information on political grounds, using systems designed to block something else, was always inevitable. Every government in the world has some information it would like to suppress, for a wide range of reasons, and the system of government – democracy or otherwise – doesn’t mean much when blocking is presented as justified.

Strategic Friction

Just as regular site-blocking is meant to put an obstacle in the path of a potential infringer, no access to an instant blocking system reduces the likelihood that blocking becomes a go-to solution for all kinds of problems.

Putting a system and/or new legislation in place increases the risk of blocking being used to solve an ‘off-brand’ problem unrelated to its original purpose. Some may argue that would be impossible in a full democracy but events in the UK (1,2) show how quickly things can go in the wrong direction.

It was recently revealed that the government hoped to censor certain types of social media content by having Big Tech do it for them. Of course, that would’ve had a similar effect to the unthinkable and exposes clear underlying intent. In the event of non-compliance and a perceived need to demonstrate strength, it would be better if instant blocking options didn’t exist.

But they do exist, and democracy failed to prevent that. A law that denied any and all additional uses would’ve been useful at the start, at least in hindsight.

Source

Hope you enjoyed this news post.

Posted Monday 4 August 2025 at 12:14 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of July): 3,458

RIP Matrix | Farewell my friend  

Rightsholders call them illicit streaming devices, others prefer the catch-all term pirate boxes. Millions are happy with Firesticks, a name so well known that in some cases it’s used to describe other devices, regardless of manufacturer.

But of all names used to describe piracy-configured TV devices, the default option in Ireland – dodgy boxes – is short, descriptive, memorable, and on home soil, almost universally understood.

For broadcaster Sky, which according to media reports has 700,000 local subscribers, 400,000 local dodgy box users is a significant problem. Or, from a business perspective, the most significant obstacle between Sky’s shareholders and news of one million paying customers.

Sky Ramps Up the Pressure

Whether Sky is seriously preparing to chase down users of dodgy boxes, or simply laying the groundwork in case that becomes necessary, is still uncertain. What is clear right now is Sky’s determination to suppress availability of dodgy boxes, the subscription packages purchased by consumers, and anyone involved in the supply, distribution, and sale of illegal streams fueling the entire system.

In June The Irish Times reported on a civil case at the High Court in Dublin that seemed to appear out of nowhere for a case of such significance. Plaintiff Sky claims that defendant David Dunbar of Wexford is a “top level” pirate who operates an illegal streaming service generating up to €450,000 a year. Such numbers are usually worth a closer look since they may offer clues on the size of the service involved and provide a rough idea of potential sentences.

Big Money, Calculated Neatly

Sky’s underlying calculations aren’t provided but based on €450,000 in annual revenue, every month the service would need to generate exactly €37,500 based on Sky’s estimate of 5,000 subscribers overall. A monthly payment of exactly €7.50 for every subscriber, without any breaks for an entire year, would indeed yield exactly €450,000.

In this case, however, only the prices of annual packages appear in the initial report, one costing €80 and the other €100. If 50% of customers opted for the former, and the remainder only purchased the latter, that’s exactly €450,000 in annual revenue and perhaps a little too tidy to be based on real data.

Indeed, according to the initial report, Sky’s investigator could only show that Dunbar had “at least 1,682 customers” but believed it was likely much more than that. A 50/50 subscription split based on this figure would mean annual revenue of €151,380, just a third of the headline claim of €450,000, which still managed to retain its significance as the case moved on.

The Luck of The Irish

The investigation into Dunbar’s activities reportedly dates back to November 2024, although it’s suggested that probably wasn’t recognized right at the beginning.

According to reports, Sky investigators had become aware of a social media account selling dodgy boxes which investigators subsequently linked to Dunbar. Separately, a perfectly-timed anonymous tip was received from across the water in the UK. As Irish Times explains:

“Separately, Sky investigators were informed of an anonymous tip-off received by UK-based charity Crime Stoppers, alleging Mr Dunbar’s operation of the service.”

Which service still isn’t clear, but the tip seems to have been quite valuable. Sources aren’t usually revealed in these types of cases, but this one received a prominent mention in The Irish Times and then a subsequent correction to clarify that the tip was received in the UK, not in Ireland itself. What followed next was a controversial move seen only rarely in piracy cases.

Sky Obtains an Anton Piller Order

Whenever a plaintiff obtains an Anton Piller order, controversy is rarely far behind. Awarded by a court, Anton Piller orders allow a plaintiff to enter a defendant’s premises to search for and seize evidence relevant to their case, to prevent it from being destroyed or tampered with.

The execution of an Anton Piller order can be highly intrusive, so courts require the plaintiff to present a strong case. Equally, Anton Piller orders are sought only rarely, usually in the most important of cases, because when things go wrong, plaintiffs can risk significant penalties.

Plaintiffs also need to show evidence that any documents sought actually exist on the premises, and are likely to be destroyed if action isn’t taken. Applications are heard ex parte and in most cases, defendants are taken completely by surprise. That being said, Anton Piller orders are not supposed to be used to scoop up evidence as part of a fishing expedition, assuming the defendant even lets anyone inside.

No Cooperation

After obtaining an Anton Piller order and others that aimed to secure evidence, an independent solicitor attended Dunbar’s home to explain what they meant and to clarify his obligations. According to The Irish Times, Dunbar refused to comply. He refused to allow the solicitor inside and then reportedly went about destroying evidence and “dissipating funds” that according to one of the orders, had been frozen by the court.

Counsel for Sky say that Dunbar knew exactly what he was doing, and he understood that failure to comply with orders issued by a court meant that he risked being held in contempt.

Dunbar said he only understood the seriousness of the situation after a full explanation from his own legal team. At that point, he immediately sought to comply.

Dunbar Decides Not to Defend His Case

During a hearing at the High Court earlier this week, it was revealed that Dunbar had decided not to fight Sky’s infringement lawsuit. Instead, after reaching an agreement with Sky, Dunbar consented to a judgment in Sky’s favor, meaning that he instantly lost the case. The judgment was accompanied by a damages award of €480,000 against Dunbar for provision of an illegal streaming service since 2018.

That’s a full six years before the anonymous tip, and a damages amount quite close to the revenue amount previously estimated, and no mention of any new evidence since the ‘1,682 customers’ claim last month. It seems reasonable to assume that destruction of evidence played some part in that.

The figure indicating 1,682 customers seems particularly accurate, so how it was obtained is an interesting question. In theory, it’s also two-thirds less financially damaging than the headline amount but doesn’t appear to have helped much.

Justice Mark Sanfey said that Dunbar’s infringement isn’t in doubt, so in line with the consent judgment, he was ordered to pay Sky €480,000 in damages and cover Sky’s legal costs of around €100,000. For breaching various orders, Sky reportedly filed a motion to have Dunbar sent to prison, but the judge is yet to render his decision.

The Hidden Costs of Non-Compliance

On two significant occasions, both in Canada, the owners of TVAddons and Vader Streams were shocked when lawyers brandishing Anton Piller orders turned up out of the blue and demanded to be let inside.

In a third case against the alleged operators of SmoothStreams, two men were held in contempt for failure to comply with the terms of an Anton Piller order. Even after years of litigation at huge expense, the main case still hasn’t started, with penalties for contempt of court likely to be extremely painful indeed.

Coincidentally, a significant pirate IPTV case prosecuted outside Europe in the past few months, involved the prosecution of one of two known operators of a significant pirate IPTV service. The second operator, previously identified by law enforcement and confirmed as a business partner in Ireland, wasn’t mentioned at the time at all.

The service in the other case may have been equally successful as Dunbar’s, however; estimates suggest an annual revenue figure for that service, generated by two people, just shy of double the annual revenue figure Dunbar reportedly made alone.

Source

Hope you enjoyed this news post.

Posted Sunday 3 August 2025 at 3:44 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of July): 3,458

RIP Matrix | Farewell my friend  

Traditional site-blocking measures that require local ISPs to block subscriber access to popular pirate sites are in common use around the world.

The aim is to deter piracy by making sites more difficult to find, but these measures are only partially effective.

More recently, site-blocking requests have begun to target other intermediaries. This includes DNS providers, such as Google and Cloudflare, which were ordered to block sites in France, Italy, and elsewhere.

A few months ago DNS blocking arrived in Belgium, where several orders required both ISPs and DNS resolvers to restrict access to pirate sites. This prompted significant pushback, most notably Cisco’s OpenDNS ceasing operations in the country.

Broad Blocking Order Targets Internet Archive’s ‘Open Library’

A new order, issued by the Brussels Business Court in mid-July, targets an even broader set of intermediaries and stands out for other reasons as well.

Requested by various publishing and author organizations, the order aims to block access to known pirate libraries including Anna’s Archive, LibGen, OceanofPDF, and Z-Library. In addition, it also targets the Internet Archive’s Open Library project.

Target Sites (in Dutch)
 

Open Library was created by the late Aaron Swartz and Internet Archive’s founder Brewster Kahle, among others. As an open library its goal is to archive all published books, allowing patrons to borrow copies of them online.

The library aims to operate similarly to other libraries, loaning only one copy per book at a time. Instead of licensing digital copies, however, it has an in-house scanning operation to create and archive its own copies.

Open Library

The Open Library project was previously sued by publishers in the United States, where the Internet Archive ultimately losing the case. As a result, over 500,000 books were made unavailable.

However, many other books remain available to patrons. The authors and publishers in Belgium argue that, since this is done without permission, the site should be blocked alongside Anna’s Archive, LibGen and Z-Library.

Clear and Significant Infringement

The rightsholders describe Open Library as a website where registered members of the public can easily access and download their books. This includes 1,542 works from the publisher Dupuis, over 5,000 works from the publisher Casterman, and many others.

According to the publishers, the operators of the Open Library are not easily identified, while legally required information is allegedly missing from the site, which they see as an indication that the site is meant to operate illegally.

This description seems at odds with the fact that Open Library is part of the Internet Archive, which is a U.S.-registered 501(c)(3) non-profit.

From the order (in Dutch)

The publishers also reference a U.S. court order in favor of other publishers, which allegedly confirms the unlawful nature of Open Library.

The Brussels court, after reviewing these arguments and the submitted evidence, concluded that there was a prima facie case of “clear and significant infringement,” which justified granting a provisional blocking order against Open Library and the other targeted sites.

Broad Blocking Order Targets ISPs, Search, Payments, and More

Internet Archive was not heard in this case, as the blocking order was issued ex parte, without its knowledge. This is remarkable, as the organization is a legal entity in the United States, which receives support from many American libraries.

The broad nature of the order doesn’t stop there either. In addition to requiring ISPs, including Elon Musk’s Starlink, to block the library’s domain names, it also directs a broad range of other intermediaries to take action.

This includes search engines, DNS resolvers, advertisers, domain name services, CDNs, and hosting companies. An abbreviated overview of the requested measures is as follows;

—

Search Engines

Google must remove the target sites from search results, deactivate related Google Ads, remove an infringing app from the Google Play Store, and block DNS requests for the associated domains.

Microsoft is ordered to remove the target sites from the “Bing” search engine and block related DNS queries.

Hosting, DNS, CDNs, and Domain Name Services

The following companies must terminate hosting, and deactivate or suspend the domain names of the target sites: Hostinger, GoDaddy, Amazon Web Services, SEDO, Cloudflare, Unmanaged Ltd, AlexHost, and Internet Archive.

Payment Intermediaries

These companies are ordered to suspend all payment services benefiting the target sites: Alipay (Europe), Cash App and Squareup Europe, and PayPal (Europe).

ISPs including Starlink

The following ISPs, active in Belgium, are required to implement DNS blocking measures: Telenet, Proximus, Mobile Vikings, Orange Belgium, Voo, DIGI Communications, Cybernet, EDPnet, CENTREA, Yoin, Tchamba Refinder, IPTelecom, United Mobile, SkyDSL Europe, Starlink Internet Services.

—

Given the broad nature of the order, pushback from some of the intermediaries is expected. The Internet Archive’s Open Library won’t be pleased either, as the order effectively blocks their service in Belgium, including all access to public domain content.

—

A copy of the order from the Business Court in Brussels (in Dutch) is available here (pdf)

Source

Hope you enjoyed this news post.

Posted Saturday 2 August 2025 at 4:08 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of July): 3,458

RIP Matrix | Farewell my friend  

After a decade of focusing efforts overseas, the push for website blocking has landed back on American shores.

Earlier this year, U.S. Rep. Zoe Lofgren introduced a new pirate site blocking bill, titled the Foreign Anti-Digital Piracy Act (FADPA).

This week, a similar proposal was introduced by Senators Tillis, Coons, Blackburn, and Schiff. The bipartisan bill, titled Block Bad Electronic Art and Recording Distributors (Block BEARD), aims to introduce a legal mechanism for rightsholders to request site blocking orders.

Block BEARD

The site-blocking proposal seeks to amend U.S. copyright law, enabling rightsholders to request federal courts to designate online locations as a “foreign digital piracy site”. If that succeeds, courts can subsequently order U.S. service providers to block access to these sites.

The Block-BEARD bill
 

Pirate site designation would be dependent on rightsholders showing that they are harmed by a site’s activities, that reasonable efforts had been made to notify the site’s operator, and that a reasonable investigation confirms the operator is not located within the United States.

Additionally, rightsholders must show that the site is primarily designed for piracy, has limited commercial purpose, or is intentionally marketed by its operator to promote copyright-infringing activities.

If the court classifies a website as a foreign pirate site, rightsholders can go back to court to request a blocking order. At this stage, the court will determine whether it is technically and practically feasible for ISPs to block the site, and consider any potential harm to the public interest.

The granted orders would stay in place for a year with the option to extend if necessary. If blocked sites switch to new locations, the court can also amend blocking orders to include new IP addresses and domain names.

Blocking Through Service Providers

The Block BEARD bill broadly applies to service providers as defined in section 512(k)(1)(A) of the DMCA. This is a broad definition that applies to residential ISPs, but also to search engines, social media platforms, and DNS resolvers.

Service providers with fewer than 50,000 subscribers are explicitly excluded, and the same applies to venues such as coffee shops, libraries, and universities that offer internet access to visitors.

Unlike the FADPA bill introduced by Representative Lofgren earlier this year, the Senate bill does not specifically mention DNS resolvers. Block BEARD does not mention VPNs, but its broad definition of “service provider” could be interpreted to include them.

The proposal states that providers have the option to contest their inclusion in a blocking order. Once an order is issued, they would have the freedom to choose their own blocking techniques. There are no transparency requirements mentioned in the bill, so if and how the public is informed is unclear.

Companion Bill with MPA and RIAA Support

The Senate’s Block BEARD bill is substantially similar to the House version, FADPA, and could be considered a companion bill. Since legislation has to pass both the House and the Senate, a combination of both proposals may ultimately lead to the final blocking legislation.

Commenting on the introduction, Senator Tillis hinted at this cooperation, mentioning that collaboration between the Senate and the House is already ongoing.

“I’m proud to lead this bipartisan discussion to protect our creative economy and digital security and I look forward to continuing to work with my colleagues in the House to address this important matter,” Sen. Tillis said.

Rightsholder groups have also responded positively to the bill. Mitch Glazier, CEO of the music industry’s RIAA, thanked the Senators for their efforts to protect consumers and rightsholders.

“Similar tools have been proven effective around the world over the last ten years with no harm to speech, Internet infrastructure or security, or participation online, and we strongly support this effort to create a simple, effective, judicial remedy with due process in the U.S,” Glazier said.

Motion Picture Association CEO Charles Rivkin is equally pleased.

“With bold leadership from Senators Tillis, Coons, Blackburn, and Schiff, the Block BEARD Act will equip our nation with a tool that’s worked in dozens of countries worldwide: a narrow, targeted means to fight the worst forms of foreign piracy while protecting free speech and the rule of law,” Rivkin said.

Notably, the press release did not include any comments from service providers. However, they are likely to chime in as the bill makes its way through the legislative process.

—

A copy of the “Block Bad Electronic Art and Recording Distributors Act of 2025” (Block BEARD) is available here (pdf)

Source

Hope you enjoyed this news post.

Posted Friday 1 August 2025 at 4:17 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of July): 3,458

RIP Matrix | Farewell my friend  

With more ways to stream online video than ever before, protecting content continues to be a key issue for copyright holders.

This is often achieved through Digital Rights Management (DRM) anti-piracy tools that dictate where and when digital content can be accessed.

PlayReady DRM is one of the leading players in the field. The Microsoft-owned technology is used by many of the largest streaming services including Disney+, Netflix, Prime Video, and others. As such, keeping it secure is vital.

Unfortunately for rightsholders, most protection measures have their weak spots. That also applies to PlayReady, as pirates have repeatedly shown that not all implementations are perfectly watertight.

Certificates Leaked on GitHub

A few weeks ago, an account named ‘Widevineleak‘ published a list of both SL2000 and SL3000 certificates on GitHub. The SL2000 variant is commonly referred to as software DRM while the higher SL3000 provides more advanced hardware-based security.

The leak of SL3000 certificates is particularly problematic because SL3000 is intended to protect the highest quality content, including 4K and UHD releases. With these certificates, pirates could potentially decrypt and re-distribute high-resolution video streams, effectively bypassing the protections.

The prospect of mass piracy is clearly problematic for rightsholders, streaming platforms, and PlayReady itself, which relies on trust and security. It therefore comes as no surprise that Microsoft took immediate action.

Microsoft Issues Takedown Notice

Microsoft’s response included a takedown notice sent to its subsidiary, GitHub, asking it to remove the leaked SL3000 certificates. This confirms that the leaked information was the real deal and at risk of being exploited.

“The hosted materials are part of our PlayReady product and allow bad actors to pirate PlayReady protected content,” the notice reads, adding that “the entire repository is infringing” so should be completely removed.

Takedown notice
 

GitHub complied with the takedown notice and removed the content in question, as well as two forks of the repository. Visitors who check out the link today will see a removal notice instead.

Curiously, the leaked SL2000 certificates were not mentioned in the takedown notice and remain online at the time of writing. While the immediate focus was on the higher-security SL3000 certificates, the omission raises questions about Microsoft’s broader strategy for addressing such leaks across different security tiers.

Leaked SL-2000 certificates

Microsoft did not immediately respond to a request for comment on the leak and the takedown notice. That said, it doesn’t appear to be the only company to notice the leak.

Amazon Bans Users over Leaked Certificates

Amazon Prime, which uses PlayReady DRM among other protections, takes action against accounts that use these leaked certificates. An email seen by TF indicates an account suspension due to a violation of Prime Video’s terms of use.

“We have indefinitely suspended this account pursuant to Section 6.a. of the Prime Video Terms of Use because we have found you to be in violation of the said Terms,” the email reads.

Amazon’s suspension email (partial)
 

The email adds that Section 4.k of the terms specifically prohibits attempts to disable, bypass, modify, defeat, or otherwise circumvent any DRM or other content protection systems. That would apply to those who use leaked credentials.

Account suspensions are not isolated to these leaked certificates. Users of other DRM circumvention tools, including VineTrimmer PlayReady, also had their accounts banned recently.

Amazon did not respond to our request for comment, but it is clear that these types of DRM circumvention efforts can be monitored and are taken seriously.

Ultimately, the integrity of DRM systems like PlayReady hinges on the trust placed in them by content owners. These leaks not only undermine trust but also serve as a stark reminder that the fight for content protection is an ongoing, adaptive battle, with pirates constantly looking for the next exploit.

Source

Hope you enjoyed this news post.

Posted Thursday 31 July 2025 at 3:00 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

Whether by court order, administrative process, or even on a semi-voluntary basis, on paper there are dozens of countries that now have some kind of mechanism requiring local ISPs to block pirate sites.

Previously, measures were implemented within specific regions by local ISPs. Now, rightsholders are venturing beyond local infrastructure into the wider internet, to compel global DNS resolvers to render sites inaccessible.

Commissioned by Cloudflare and prepared by Analysys Mason, a new report titled The Economic Cost of Network Blocking examines the repercussions of escalating global efforts to restrict access to content online.

A Patchwork of Blocking Measures

The report provides a detailed overview of how blocking is supposed to work and what can go wrong when things break down. Examples include blunders concerning Italy’s Piracy Shield and LaLiga’s campaign that intermittently wiped out thousands of innocent sites because pirate sites shared the same IP addresses at the time. While all of these events have been reported here in detail, the cumulative effect of blocking on the wider internet is of particular interest.

The report notes that the success of the internet has been made possible by technical standards, infrastructure, and practices applied on a global scale, developed without government intervention at the technical level. Now that governments are attempting to exert more control over content accessible within their countries, the use of blocking measures may come at a cost to the internet itself.

“By intervening at the technical layer, governments risk fragmenting the Internet’s technical fabric. Recent examples show a patchwork of approaches to restricting access to illegitimate content, leading to diverging national regulations and increasing technical fragmentation.”

Undermining the Internet Undermines Confidence

The report warns that the most common methods used, IP address and DNS blocking, impact the wider internet and can lead to collateral damage, impacting both legitimate services and their users. Despite having no connection to the illegitimate content being targeted, those affected suffer immediate economic damage, but the long-term effects are potentially even more serious.

A lack of transparency means that when content is rendered unavailable, intentionally or otherwise, users typically receive no explanation, leading to confusion and erosion of trust in online services. Blocking measures such as DNS poisoning, which effectively lie in response to queries about IP addresses, risk damaging trust built up over decades concerning the reliability of the underlying functions of the internet itself.

Due to a “siloed approach” and a patchwork of blocking measures deployed by various countries, the internet’s success – which was built on a consistent global user experience – risks a descent into disruption, inconsistency, and declining confidence.

None of this, the authors suggest, is good for the wider internet; regional complications undermine global collaboration, with negative consequences for security, resilience, even general fault-finding.

Bad for Users, Bad For the Internet, Bad For Business

While rightsholders point out that piracy hurts their bottom lines, the report submits that the chosen remedy has negative effects on businesses that have no connection to the problem or its purported solution.

“Network blocking can also discourage investments and increase compliance costs for businesses, particularly small and medium-sized enterprises – potentially leading to a situation where only large businesses can manage the complexity of varying national regulations,” the report warns.

“Network blocking may also threaten the openness and economies of scale that have allowed businesses to be created, expand, and flourish through a common shared infrastructure. This environment may give way to hard ‘digital borders’ for online services, with limitations to the global collaboration that has underpinned Internet security and resilience, while threatening investment in new services and infrastructure.”

Additional Risk and Costs For Service Providers

In May 2024, when a French court ordered Google, Cloudflare and OpenDNS to block access to pirated content at the behest of Canal+, the immediate fallout made international headlines.

Rather than build the systems necessary to ensure compliance with the legal requirement, Cisco withdrew its OpenDNS service from the entire country. When a court in Belgium issued a similar ruling earlier this year with a €100,000 daily penalty for failure to comply, OpenDNS exited that country too.

“Most global public DNS resolvers provide their services for free. If the only way to offer such a service is to build and maintain complex software to geolocate and apply distinct blocking requirements for a multitude of countries around the world, companies are likely to simply stop offering the public service, to the detriment of Internet users around the world,” the report notes.

“In the short term, these effects mean it can be more desirable to withdraw the service from the jurisdiction requesting the block than to continue to offer it with a specific set of rules.”

For remaining service providers, Cloudflare and Google, compliance through their global resolvers meant the introduction of different processes and procedures in different jurisdictions. And with that, additional compliance costs, for which they pick up the bill. Ultimately, however, these increased costs are often passed on, meaning consumers of legitimate content and services pay for site blocking.

Who Benefits From Site-Blocking?

When sites are blocked on copyright grounds, any benefits are primarily enjoyed by a relatively small number of private stakeholders, the report notes. Service providers, on the other hand, face increased burdens of compliance, extreme financial penalties, a risk of internet fragmentation, and associated complications directly affecting their businesses.

“These risks and harms should be assessed vis-a-vis the benefits that blocking is intending to create (and may or may not be effective in bringing about). Where network blocking is prompted by copyright infringement, the benefits of the blocking action are attributed only to individual copyright holders,” the authors write.

Alluding to blocking orders obtained to protect live broadcasts taking place at a specific time, the report notes that the benefits of blocking “are accrued very narrowly” if the measure is effective “and not at all if avoidance mechanisms can be effectively deployed.”

Given that the premium copyrighted content in question is only consumed legally by the limited audience who choose to pay for it, “the wider public benefits of such actions are very limited,” the report adds.

The report also highlights a lack of recourse when blocking measures go wrong, and a lack of redress due to the absence of a mechanism that would provide compensation for additional costs, loss of trade, or reputational damage.

“Without mechanisms for appeal or accountability for copyright holders, there are few deterrents against procedural abuse. The lack of legal remedies can also discourage foreign investment, as it signals weak regulatory transparency and insufficient due process,” the report adds.

Cost vs. Benefits

In addition to balancing the benefits of blocking against potential risk, the report repeatedly recommends that removing content at the source should always be the primary course of action. That makes complete sense since it would remove any need for blocking and with that eliminate any and all risk.

“Removal of content from the origin server can be achieved by instructing the operator of the origin server or content creator to remove the content. This instruction can be issued directly by the authority seeking to restrict access to the content, or facilitated by another value chain actor, such as the ISP or CDN.”

This overly optimistic solution sounds feasible but appears to be of little interest to increasingly impatient rightsholders, who now want live streams taken down in a matter of minutes. Italy’s Piracy Shield currently blocks servers belonging to Amazon, which should be fairly responsive on the takedown front. The preference for blocking suggests that the takedown ship may have sailed long ago.

Other recommendations include greater transparency, keeping end users better informed, and implementing mechanisms for recourse and redress.

Finally, the authors highlight the UK system for blocking sites as “measured and targeted” and commend it for avoiding overblocking. Those claims do seem accurate, although our observations overall are somewhat more critical.

The UK offers only limited access to court orders in a timely fashion. Many have secret annexes that never see the light of day, and there’s zero transparency after a dynamic or live injunction is obtained, despite that period accounting for the lion’s share of all blocking. ISP messages to users provide only limited information about blocking, and in many cases, no messages at all. Nevertheless, it’s still better than most.

Coincidentally, the top commendation in the report goes to Australia, which we highlighted as a good system just a couple of weeks ago.

—

A copy of the report is available on the Analysys Mason website and here (pdf).

Source

Hope you enjoyed this news post.

Posted Wednesday 30 July 2025 at 12:07 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

The anti-circumvention provisions of the Digital Millennium Copyright Act (DMCA) exist to deter circumvention of TPMs (technological protection measures) used to protect and prevent access to copyrighted works.

For example, it’s illegal to circumvent a TPM to enable copying of Nintendo Switch games. It’s also illegal to circumvent a TPM to modify a Switch to play pirated games, or indeed anything else.

The same also applies to people who prefer to repair broken electronic devices rather than buy new ones. The moment a work protected by copyright is made accessible after circumventing a TPM, an offense is committed under the DMCA, albeit with limited exceptions.

Exceptions to the Rules

To accommodate instances of circumvention for the promotion of public safety, security, or similarly beneficial activities, the DMCA has some exceptions built-in, applicable to schools, libraries, law enforcement, and encryption researchers, for example.

The Librarian of Congress also engages in a triennial rulemaking process to identify additional exceptions, part of a “fail‐safe mechanism” to protect the right to make non-infringing use of copyrighted works, under the fair use doctrine.

As part of the Eighth Triennial Rulemaking Proceeding (pdf), in October 2021 the Librarian of Congress adopted the ‘Medical Device Exemption.’ An analysis of the statutory factors determined that maintenance and repair of medical devices constituted fair, non-infringing uses, that would be adversely affected by the DMCA’s anti-circumvention provision.

Exemption Challenged by Medical Device Manufacturers

The exemption was subsequently renewed in 2024, despite continued opposition from the trade associations Advanced Medical Technology Association (AdvaMed) and Medical Imaging & Technology Alliance (MITA) whose members manufacture medical devices and rely on TPMs to protect their intellectual property.

From the beginning they argued that the independent service organizations (ISOs) that petitioned in favor of the exemption were primarily commercial and in direct competition with the original manufacturers. Allowing circumvention, they added, would jeopardize both patient safety and privacy.

The associations followed up by filing a lawsuit against the Library of Congress and the Librarian of Congress at a federal district court in Washington, D.C. They argued that the Medical Device Exemption violated the Administrative Procedure Act (APA), describing it as describing it as arbitrary and capricious, and contrary to the APA given the Librarian’s failure to respond to critical comments.

The district court determined that the plaintiffs’ APA claims were barred by sovereign immunity because the Library of Congress was not an “agency” under that statute. On appeal the D.C. Circuit vacated that opinion, finding that the Copyright Act and DMCA provided for APA review of the Library of Congress’s rulemaking.

The case was referred back to the district court, the plaintiffs amended their lawsuit to include three claims under the APA, and both parties cross-moved for summary judgment.

Summary Judgment in Favor of the Defendants

District Judge Beryl A. Howell’s memorandum opinion published last week examines the Librarian’s determination that the exempted uses were non-infringing fair uses under 17 U.S.C. § 107. Judge Howell reviewed the Librarian’s application of the four statutory fair use factors and concluded as follows:

1. Purpose and Character of the Use

The Judge concludes that the diagnosis, maintenance, and repair work of independent service organizations (ISOs) is a transformative use, just as the Librarian observed. By restoring device functionality and not commercializing the protected software itself, that demonstrates a “novel function going beyond the original purpose” of the software.

“Contrary to plaintiffs’ hyperbolic characterization…..the Librarian did acknowledge the commercial nature of the exempted uses but rightly recognized that commercial use is not dispositive,” the Judge notes, adding that the commercial aspect was reasonably outweighed by the transformative use.

2. Nature of the Copyrighted Work

The Librarian’s analysis found that this factor also favors fair use. The plaintiffs had argued that software is “essentially a creative work” but the Librarian took the position that software and data in medical devices are used for their “functional and informational aspects” rather than their expressive qualities. The court agreed.

“The Librarian nonetheless reasonably concluded that in this case, the software code itself and the ancillary materials are informative, factual, and functional rather than expressive in nature, favoring fair use,” Judge Howell writes.

3. Amount and Substantiality of Portions Used

The Librarian concluded that this factor favored fair use but was given little weight. If necessary, entire copyrighted works can be used as long as the use was “reasonable” relative to the purpose of diagnosis, maintenance, or repair.

Judge Howell says the Librarian’s decision was well reasoned, noting that copying even large amounts can favor fair use when “tethered to valid, and transformative, purpose.”

4. Effect on the Market for or Value of Copyrighted Work

The Librarian’s analysis found that diagnosis, maintenance, and repair of devices is unlikely to harm the market for the software embedded inside them, because the software “has no independent value separate from being used with the equipment.”

Judge Howell agrees; third party repairers do not “usurp the market of the original work” or act as a substitute. There is no “chilling effect on innovation” as the plaintiffs insist, since they recoup their costs by selling devices while any other unauthorized uses remain prohibited.

The Judge also cited comment from the FDA which noted that both OEMs and ISOs “provide high quality, safe, and effective medical device servicing” and “that the continued availability of ISOs to service and repair medical devices is critical to the functioning of the healthcare system in the United States.”

Judge Howell’s Conclusion

According to the Judge, the anti-circumvention provision of the DMCA is intended to balance copyright holders’ right to prevent circumvention, with the right to access and use material for non-infringing purposes under the fair use doctrine. Not doing so would risk fair-users of information being “relegated to negotiating access on terms set by the monopoly rights-holders.”

The Exemption for medical devices and systems is consistent with copyright law and the DMCA and supported by the Librarian’s thorough and well-reasoned explanations from the Eighth and Ninth Triennial Rulemaking proceedings. The plaintiffs’ arguments to the contrary, challenging both the substance of the Librarian’s reasoning and her procedural thoroughness, were all unsuccessful.

 

Consequently, plaintiffs’ motion for summary judgment is denied, and defendants’ cross-motion is granted.

Judge Howell’s Memorandum Opinion is available here (pdf)

Source

Hope you enjoyed this news post.

Posted Tuesday 29 July 2025 at 5:20 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only.

Downloading content without permission is copyright infringement. These torrent download statistics are only meant to provide further insight into piracy trends. All data are gathered from public resources.

This week we have three newcomers on the list. “How to Train Your Dragon” is the most shared title.

The most torrented movies for the week ending on July 28 are:

Note: We also publish an updating archive of all the list of weekly most torrented movies lists.

Source

Hope you enjoyed this news post.

Posted Tuesday 29 July 2025 at 9:27 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

Similar to other social media platforms, Facebook has to battle a constant stream of copyrighted material, much of it posted by users who have no permission to do so.

To facilitate this process, the company has rolled out several anti-piracy initiatives in recent years.

Automated Piracy Takedowns

For example, Facebook uses its “Rights Manager” tool to automatically detect infringing material and allow owners to take down or monetize the content. In addition, Facebook also uses third-party tools and in-house technology to address the problem.

With these proactive tools, the social media giant hopes to help copyright holders protect their rights. At the same time, it also keeps the takedown notice volume low, which saves resources.

While automated removal algorithms can work well, they are not infallible. This applies to keyword blacklists in particular, since on Facebook they appear to ban links to all content that simply mention forbidden words.

Facebook Bans MagisTV Mentions

A few days ago, Jonathan Bailey of Plagiarism Today informed us that Facebook flagged a post linking to one of his articles as potentially copyright infringing. The article in question is a news roundup that linked to a recent article we published on the popular piracy app MagisTV.

Neither of the articles linked to any problematic material. On the contrary, it showed how the piracy app failed to secure a trademark while facing severe malware allegations.

To rule out the possibility this was some kind of outlier, we posted the Plagiarism Today article and the original TorrentFreak article on Facebook ourselves, which resulted in near-instant removals.

“We removed your content,” Facebook writes in a short message, adding that “it may contain something that’s not allowed for copyright reasons,” which goes against its intellectual property Terms of Service.

Facebook Removes News from Anti-Piracy Coalition ACE

These tests suggest that Facebook has an issue with mere mentions of the term ‘MagisTV’. But would Facebook flag news articles authored by the Alliance for Creativity and Entertainment, a global anti-piracy coalition under the Motion Picture Association, that continuously works to shut MagisTV down?

This question was swiftly answered when we posted an ACE press release mentioning MagisTV convictions on Facebook. Just a few minutes after it was published, the post was removed for copyright reasons.

Apparently, simply mentioning MagisTV is a violation of Facebook’s Terms of Service. This is clearly an automated removal error, as none of the links or articles violate Facebook’s terms.

Banned for Posting News

Facebook’s automated removal rules are obviously not working perfectly. However, the platform allows affected accounts to appeal decisions, which is exactly what we did when the first post was removed last Wednesday.

After five days, we still hadn’t heard back, so we decided to post a more recent article on MagisTV raids and arrests to see if these errors persist. And indeed they did; the article was swiftly taken down again.

In hindsight, that was a step too far, as the account we used was suspended with a threat to permanently disable it. We don’t feel the urgent need to appeal, but it’s not difficult to see how this could cause a lot of trouble for those heavily reliant on Facebook.

Source

Hope you enjoyed this news post.

Posted Tuesday 29 July 2025 at 9:16 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

For pirate sites trying to stay online in the face of expanding site blocking measures, a supply of effective domains and an operational DNS are absolutely critical.

No surprise then that both are considered priority anti-piracy targets to be blocked, tampered with, seized by law enforcement, or sacrificed when anti-piracy groups get a little too close.

Courts are also known to transfer ownership of domains in copyright lawsuits, or if the parties remain on speaking terms, a private agreement can have a similar effect. The Alliance for Creativity and Entertainment and the Motion Picture Association have amassed more domains previously used for piracy than any other group in history.

ACE: Domain Hunters

Pirate domains are ‘seized’ through various legal means to ensure they aren’t used for the same purpose again. They’re ultimately transferred to the Motion Picture Association, which still has decades-old examples such as isoHunt.com in its archives.

Relics like these are unlikely to see action anytime soon but have proven useful in the past.

The MPAA’s ‘You Can Click But You Can’t Hide’ campaign in 2003 saw pirate domains like LokiTorrent.com briefly converted into online PSA billboards. A similar concept is operational today but is substantially more sophisticated than its predecessors.

There are no veiled threats on the thousands of domains seized by ACE over the last few years; just a seizure notice followed by a redirect to the ACE portal, where visitors can discover more about ACE members and learn why consuming legal content is a better, safer choice than the alternative.

ACE/MPA Builds on a Solid Q1 2025

As reported in April, ACE domain seizures were numerous in the first quarter of 2025. Our count of around 80 domains is an estimate based on information from various sources since no official figures are made available. In Q2 2025, over 110 domains were commandeered by MPA/ACE, redirecting millions of unsuspecting visitors to its anti-piracy portal.

In many ways the seizure list for Q2 2025 paints a fairly typical yet dismal picture of how ISP domain blocking fuels endless hopping from domain to domain as sites deploy the most obvious countermeasure. Some domains are later handed over to ACE in bulk, marking the end of the site. For other platforms that simply means starting the process all over again, in preparation for the next time, and the time after that.

While ACE/MPA hasn’t shown particular interest in Italy-focused streaming brand Altadefinizione, its domains wouldn’t look out of place when compared to those of counterparts Calcio and Calciostreaming in the list above.

How many domains the site has burned through circumventing blocking measures in Italy is unclear but there are at least 900 domains with similar branding and with the addition of just a single character, at least 900 more become available – ad infinitum. In the near future, this could become standard practice for the majority of large sites.

A Messy Environment

In addition to reliance on data from third-party sources to determine seizures, there are several complications that could lead to more or less being counted in a period overall.

Some pirate operators appear to direct their domains towards the ACE portal seemingly voluntarily, with historical records showing a few domains attempting to use MPA DNS for short unexplained periods. Some domain extensions also present challenges when trying to determine links to a particular site and in a relatively small number of cases, that ultimately proves impossible.

Since pirates tend to register domains for the shortest time possible, MPA renewals of expiring domains that look very much like dozens of others it also controls (and dozens of newcomers it does not) can make the checking process a chore, even for a few outliers.

Once treated as prized possessions, domains are now considered consumables; register, rinse out, and then replace – often with a second-rate, confusingly similar copy, also to be dumped in the not-too-distant future.

Transparency

With domain seizures and site blocking measures on an upward trajectory, and transparency alluded to but rarely provided, tracking with any degree of accuracy is becoming more difficult. Eventually it will only be possible for those with access to the data and/or interested parties in a position to commit significant resources.

Finally, like most websites these days, visitors to the ACE portal are subject to tracking. In practical terms, that’s likely to be of limited concern compared to the undocumented extras available at whichever pirate site people were originally hoping to visit, or indeed, most search engines and shopping platforms available today. Nevertheless, it’s still valuable data.

Access to data is important, but currently extremely one-sided.

Source

Hope you enjoyed this news post.

Posted Monday 28 July 2025 at 5:31 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

The link between online piracy and malware is far from new. More than two decades ago, LimeWire users were already plagued by malicious software masquerading as music downloads.

Today’s online landscape continues to face similar issues, if not worse. With more attack vectors and potential victims than ever before, security risks are front and center.

Even if operators of pirate sites and services are not actively looking for trouble, the third-party ads on their sites can easily cause havoc. This makes online pirates a key target for cyber threats.

Report: Pirate Sites & Cyber Threats

A new report released this week, commissioned by the Motion Picture Association’s anti-piracy arm ACE, quantifies the risk for users of popular pirate sites in Southeast Asia. Written by Dr. Paul Watters of Macquarie University, it examines cyber threat detections on websites in Malaysia, Indonesia, Thailand, Vietnam, and Singapore.

Consumer Risk from Piracy in Southeast Asia (pdf) is part of a series, which previously covered other countries such as the Philippines and Poland.

The report looks at the 30 most popular sites in each country, split into various content categories such as P2P, IPTV, streaming and anime sites. It also includes piracy-themed scam sites, which do not provide any content themselves but are designed to attract pirates, often for credit card scams.

The final sample includes 1,200 websites that were tested for problematic content using VirusTotal. The results were then compared to a control sample of legal streaming services in the same regions.

It shouldn’t come as a surprise that the ‘pirate’ sites were much riskier than legal streaming platforms. P2P sites performed the worst with an average total of 53.2 threat detections per 30 sites per country, followed by scam sites (44.8) and pirate streaming services (35.6).

Manga sites were the most ‘safe’ according to the report, with an average of 10.6 detections per 30 sites per country.

Key Findings Deserve Nuance

For its ‘Key Findings’ the report zooms in on the worst result combination of category and country, which explains the higher relative risks shown in the image below. The 65x multiplier for the P2P category, for example, refers to Indonesia.

Key Findings
 

We have no reason to doubt these results; our recent reporting has indicated several high-profile threats associated with pirate sites, some of which may not even be picked up by simple VirusTotal scans.

That said, the ‘relative risk’ terminology can be confusing. After all, most legal streaming sites have no malware threats, so what does it mean when P2P sites have a relative risk of 65 in Indonesia?

It basically means there were a total of 65 threat detections for the 30 sites in the P2P category in Indonesia. Similarly, there were 52 detections for the 30 pirate streaming sites in Malaysia, et cetera. This includes the sites with lower or no threats at all.

In theory, it could be that one site is responsible for all detections in a category, with the other 29 being clean. Those details are not specified, however.

Detections (worst-case) per category in Indonesia
 

The report notes that the “extraordinary” findings “dwarf the baseline,” which consists of legal streaming sites that often have zero threats. Instead of zero as a comparison base, the report uses a pseudo count of one, concluding that the risk is 65 times higher.

“When we normalize these findings against the Top 30 mainstream control sites to compute Relative Risk, the elevation is extraordinary: worst-case RRs for Streaming piracy (e.g. 52.00 in Malaysia), P2P (65.00 in Indonesia), and Scam (49.00 in Thailand) dwarf the control baseline,” the report reads.

For those who are still following along, the “relative risk” is essentially the same as the number of detections in pretty much all examples, as the baseline is 1. So people are 65 times more likely to…?

65 Times More Likely to be Infected by Malware?

We agree with the report in the sense that malware and other cyber threats are relatively prevalent on pirate sites. However, results like these should be interpreted by others with caution.

ACE, which commissioned the research, draws a conclusion that, while approved by the report’s author, may be a bit too broad based on what the study reports.

“[T]he study revealed that in the worst case, local consumers are up to 65 times more likely to be infected with malware when using piracy sites as compared to legitimate websites,” the group wrote (emphasis added).

From ACE’s press release
 

ACE uses the “key finding” figure from the worst-case scenario in the most problematic category and country, P2P sites in Indonesia. The average number of threats for 30 sites across all countries and categories is closer to 28 detections.

More problematic is the “infected with malware” phrase. This isn’t a correct representation of the findings, as malware is only a subset of the detected cyber threats. These also include phishing, suspicious content, spam, and potentially unwanted software.

Not All Malware
 

Needless to say, an unclassified popup advertisement is not the same as a malware infection. In fact, even when it comes to malware, the report only lists detected problems, not actual malware infections.

Unfortunately, however, the “infected by malware” headline was picked up broadly in the press.

Automated Blocking Recommended

This problem shouldn’t boil down to how many times more likely pirates are to be infected by malware. The details and severity of the threats are key. There is no doubt that a subset of pirate sites is posing a problem, and that may even be more severe than the report’s abstract figures suggest.

The bigger question is what to do with this information, and the report provides some pointers there as well.

On top of awareness campaigns and strengthened law enforcement, intelligence-driven site-blocking is offered as a solution. These automated blocking powers should be in addition to those authorized by various courts.

“Southeast Asian regulators should mandate that ISPs consume real-time feeds from national CERTs and aggregated threat-intelligence sources (e.g. VirusTotal) to automatically sinkhole or filter newly identified high-risk domains across Streaming piracy, Anime, Streaming Sports, P2P, IPTV, Manga and Scam categories.”

While many rights holders will support this suggestion, it may require some fine-tuning. After all, the report also detected several cyber threats on legitimate streaming platforms in Vietnam.

Source

Hope you enjoyed this news post.

Posted Sunday 27 July 2025 at 1:15 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

Over the past two years, rightsholders of all kinds have filed lawsuits against companies that develop AI models.

Most of these cases allege that copyrighted works are used to train models without authorization. This applies to text, but also to images and video.

A new lawsuit filed at a California federal court by two adult production companies focuses on a specific type of video downloaded from pirate sources.

Meta Sued for Massive Copyright Infringement

The complaint was filed by Strike 3 Holdings and Counterlife Media, which are known for popular adult brands including Vixen, Tushy, Blacked, and Deeper. Strike 3 is the most active copyright litigant in the United States, mostly targeting individual BitTorrent pirates.

The case against Meta also centers on unauthorized BitTorrent sharing but on a different scale. According to the adult companies, Meta downloaded at least 2,396 of their films since 2018, allegedly to aid their AI training.

“Defendant downloaded Plaintiffs’ Works from pirate sources for purposes of acquiring content to train its Meta Movie Gen, Large Language Model (“LLaMA”), as well as various other Meta AI Models that rely on video training content,” the complaint reads.

The complaint

The adult producers fear that this training may ultimately result in AI models that can create similar “Hollywood grade” films at a lower cost.

“By training so specifically on Plaintiffs’ Works, Meta’s AI Movie Gen may very well soon produce full length films with Plaintiffs’ identical style and quality, which other real world adult studios cannot replicate”

Tit for Tat

Meta allegedly downloaded the copyrighted works without permission and also stands accused of uploading them to third parties, who participated in the same BitTorrent swarms. Plaintiffs allege this is backed up by data from their proprietary in-house tracking software VXN Scan.

IP Address evidence
 

BitTorrent transfers rely on a “tit for tat” algorithm where participants are rewarded for sharing content with others, as that significantly increases their download speeds. According to the complaint, Meta allegedly continued sharing pirated files for this purpose.

“Defendant was specifically aware of this issue and, discovery will likely show, is the reason why Defendant elected to continuously distribute Plaintiffs’ content as opposed to just purchasing a subscription or modifying its BitTorrent clients to download only,” the complaint notes.

“Meta made the deliberate choice to seed Plaintiffs’ motion pictures in order to capitalize on faster download speeds so it could infringe other content faster.”

Corporate IP Addresses and Hidden Datacenters

The adult producers discovered the alleged infringements after Meta’s BitTorrent activity was revealed in a lawsuit filed by several book authors. In that case, Meta admitted that it obtained content from pirate sources.

This prompted Strike 3 and Counterlife Media to search for Meta-linked IP addresses in their archive of collected BitTorrent data. This scan revealed that forty-seven IP addresses, identified as owned by Facebook, allegedly infringed their copyrighted works.

IP address ownership is linked through MaxMind’s database, and a list of thousands of alleged infringements from these addresses is provided as evidence.

MaxMind data
 

The book authors lawsuit also revealed that Meta allegedly used “off-infra” IP addresses to conceal its BitTorrent activities. The adult producers argue that these stealth IPs were also used to pirate their works, identifying several they believe are linked to the activity.

Correlations between Meta IPs and third-party servers identify seven IP address ranges that show correlational activity. This includes similar download patterns as well as large-scale copyright infringement.

“These correlations also quantify that both the ‘off-infra’ as well as the Meta Corporate IP addresses act consistently in non-human patterns and that the acquisition of this content is for AI training data and not for personal use.”

Hidden datacenters?
 

Adding to these allegations, the complaint also identifies a Facebook employee who used a Comcast IP address to download content. This person, whose name is redacted, allegedly shared content via Meta corporate IPs and the stealth IP addresses.

Damages Up to $359 Million

Based on these allegations, Strike 3 Holdings and Counterlife Media accuse Meta of both direct and secondary copyright infringement, requesting a trial by jury.

The rightsholders seek statutory damages, which, for willful copyright infringement, could mean $150,000 per work. With 2,396 movies at stake, potential damages could reach $359 million.

Meta has yet to respond to the lawsuit, and all allegations have yet to be proven. This could potentially include a technical inspection of the VXN Scan tracking software, which is also used in many lawsuits against individual BitTorrent users.

Strike 3 has a history of settling copyright disputes out of court, so that’s a possible outcome here as well.

—

A copy of the complaint filed by Strike 3 Holdings and Counterlife Media at the U.S. District Court for the Northern District of California is available here (pdf)

Source

Hope you enjoyed this news post.

Posted Saturday 26 July 2025 at 1:08 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

With around 400 million Spanish speakers and tens of millions of passionate football fans, Latin America is a natural overseas market for top-tier Spanish football league LaLiga.

At least initially market prospects look quite good. Data reported in 2023 by LATAM-focused anti-piracy group Alianza (DirecTV, SimpleTV, SKY Brasil, Warner, Disney, LaLiga & more) around 98.2m households in the region have access to broadband.

The fly in the ointment is that an estimated 40 million of those households engage in piracy. Within Argentina’s 11.3 million broadband-enabled households, 4.8 million households have a penchant for piracy, a 42.6% piracy rate overall. That’s not quite as bad as Mexico (46%) and nowhere near Ecuador’s overall rate (58.6%) but somehow significantly worse than Brazil (38.4%).

LaLiga & Alianza Target #1 LATAM IPTV Menace, MagisTV

In an announcement Thursday, LaLiga reported relatively rare success in Argentina after teaming up with Alianza and local law enforcement. Under the authority of orders issued by the Juzgado de Garantias Nº 4 (Court of Guarantees No. 4) of San Isidro, as part of a legal process in which LaLiga is a plaintiff, local distributors of MagisTV subscriptions were targeted in several regions of Argentina.

The orders were signed by Judge Esteban Rossignoli, who recently ordered local ISPs to carry out live blocking to protect the Champions League and Argentine League finals.

LaLiga reports that after the Court issued multiple arrest warrants, Argentine Federal Police and local forces conducted five simultaneous raids that led to the execution of arrest warrants in Chubut, Mendoza, and Río Negro.

Assistance was provided by LATAM online market Mercado Libre and payment platform Mercado Pago, both of which receive praise from LaLiga for their contribution. Several years ago the former was itself declared a Notorious Market for failure to tackle infringement, but since its removal from the list in 2021, there’s been no looking back.

Local ISP Allegedly Acted as a MagisTV Sales Outlet

LaLiga reports that one of the main targets was local internet service provider UV Mundo Digital. With offices in Trelew and Rawson in the province of Chubut, it appears that those two locations were targeted in the operation. LaLiga claims that the ISP sells subscriptions to MagisTV Pro, promoting the packages on a website (still online), social media, and in its retail stores, “under the guise of legality.”

During the course of the investigation, police reportedly visited UV Mundo Digital’s premises and were informed that in addition to regular packages, they could also offer a “different internet service and different cable service, installed by a third party with a different price.” A provided booklet reportedly concerned MagisTV Pro.

magispro.lat (still online)

LaLiga’s criticism of the ISP and CABASE (the non-profit association it’s a member of), sits in stark contrast to the warm words used to describe companies that are actively collaborating.

“This type of operation demonstrates that CABASE is influenced by some ISPs that violate legal standards related to audiovisual fraud and others that refuse to comply with judicial orders,” says Javier Tebas, president of LALIGA.

“We are very satisfied with the collaboration of ALIANZA and LALIGA, as well as with entities like Mercado Libre, which have supported the investigation. We firmly believe that collaboration is key to eradicating audiovisual fraud.”

More Arrests to Come

LaLiga says the authorities have requested the arrest of four individuals identified as “key operators” in the distribution of MagisTV Pro. They used accounts at Naranja X and Binance, and may not have anticipated that using the services of Mercado Pago was a mistake. It’s alleged that some accounts accumulated amounts exceeding 160 million Argentine peso, around US$125,000

“All of them were directly linked to the sale of illegal accounts through banking evidence, IP address records, and messages extracted from messaging applications,” Spain’s top football league reveals.

Perhaps the most artistic IPTV ads ever created (X account)

Whether collaborating with LaLiga and Alianza will help to remove Argentina from the USTR’s Priority Watchlist remains to be seen. However, for UV Mundo Digital owner Ulises Jorge Velázquez, the situation seems to be deteriorating. He’s now considered a fugitive with a warrant out for his arrest.

According to a La Nacion report, the alleged duration of offending appears to be quite short.

“From at least January 1st until the 7th [of July 2025], Velázquez and the other suspects offered Magis TV Pro accounts for sale, with monthly payments, to distribute television signals without proper authorization,” Prosecutor Musso wrote in a request for the suspects to be arrested.

“The APK (Android application) operates in clear violation of the rights of the owners of the works. All of this was done through the website www.magispro.lat and WhatsApp contacts associated with them, with monthly payments made through transfers to virtual wallet accounts and even through crypto assets,” he continued.

“Based on the evidence presented, I interpret this criminal act as constituting the crime of infringement of intellectual property law,” the Prosecutor added.

Source

Hope you enjoyed this news post.

Posted Friday 25 July 2025 at 5:38 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

Last month, the Supreme Court granted Cox Communications’ petition for a writ of certiorari in a landmark copyright liability battle.

The internet provider challenged the $1 billion damages award by a Virginia jury in 2019, which went in favor of a group of major record labels, including Sony, Universal, and Warner.

Cox successfully convinced the Supreme Court that the contributory infringement standards, which determine how ISPs should respond to pirating subscribers, should be reviewed. The same applies to the associated willfulness finding, which contributed to the initial billion-dollar verdict.

The Supreme Court’s review offers potential clarity for an industry grappling with complex legal issues. The outcomes of other lawsuits between ISPs and rightsholders will be directly impacted too, especially when it comes to claims for contributory infringement.

Labels vs. Altice Case on Hold

A lawsuit between several major record labels and Internet provider Altice is one of those affected. The matter was scheduled for trial in September, but both parties agreed that it would be wise to stay the proceeding until the Supreme Court issues its decision.

In a joint motion, the parties informed the Texas federal court that the Cox decision will potentially change the liability standards when it comes to repeat infringers, an issue central to the case. Therefore, it’s sensible to put the case on hold.

“The Parties agree that proceeding to trial now, before the Supreme Court’s decision in Cox, risks both the Parties and this Court expending significant resources to complete pre-trial proceedings and prepare for and hold a trial, only to have wasted the jury’s time and have to repeat those efforts as a result of the decision in Cox,” the joint motion reads.

The request for a stay was granted by U.S. Magistrate Judge Roy Payne last week, who put the case on hold, canceling the plans for a September trial.

Warner et al. vs. Altice Stayed

Verizon Asks for a Stay

Contrary to their agreement in the Altice case, the labels are not willing to put a similar case against Verizon on hold. While many of the same companies are listed as plaintiffs, they believe that this case can continue for now, as it’s nowhere near a trial.

Verizon previously requested a stay pending the Cox review. While the case is in its early stages, with a motion to dismiss pending and no discovery taking place at the time, the ISP sees no reason to rush it forward and potentially ‘waste’ resources.

“The Supreme Court’s ruling in Cox will control this Court’s decision on that issue. A stay is therefore warranted in the interest of judicial economy and will not prejudice any party,” Verizon wrote.

Labels Oppose More Stalling

This week, the labels objected to the request, asking a New York federal court to keep the case active. According to the music companies, several of their claims won’t be affected by the Supreme Court ruling so should be allowed to move forward.

The labels reiterate that Verizon received thousands of piracy notices for its customers, which it allegedly ignored. After being sued, Verizon allegedly tried to stall the litigation, including the labels’ request to begin discovery.

Verizon’s recent request to stay the case is another attempt to delay, they say.

“Now, Verizon seeks what would be a yearlong stay based on speculation that a Cox ruling might impact some aspects of Plaintiffs’ contributory infringement claim—though it will not impact their vicarious liability claim or Verizon’s primary defense under the [DMCA],” the labels write.

“This case is already one year old and has not left the gate. Verizon has failed to carry its burden to justify further delay. The request should be denied.”

Labels Oppose Stay in Verizon
 

The labels’ position clearly differs from that adopted in the Altice case, where they agreed to put the case on hold. In addition to the different claims at stake, this can be explained by the Verizon case being in its early stages.

In the Altice lawsuit, the dispute was preparing to go to trial, while the Verizon case still has a motion to dismiss pending, as well as a discovery process, where both sides can gather further evidence.

Whether the court rules in favor or against, the Supreme Court decision will ultimately affect the Verizon case too, at least when it comes to the contributory infringement claim and the issue of willfulness.

—

A copy of Verizon’s request to stay the case is available here (pdf) and the opposition brief from the record labels can be found here (pdf)

Source

Hope you enjoyed this news post.

Posted Thursday 24 July 2025 at 5:09 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

According to his profile on LinkedIn, Las Vegas resident Kristopher Dallmann became the CEO of Jetflicks, LLC, in June 2007.

Fueled by pirated content obtained via sites including The Pirate Bay, RARBG, and Nzbplanet, Jetflicks’ operations came to an abrupt halt in 2017 with an FBI raid on Dallmann’s Las Vegas home following a Motion Picture Association investigation.

Disagreement and the Long Haul to Trial

Dallmann subsequently claimed that FBI agents removed him from the premises at gunpoint, declined his request for a lawyer, and insisted he waived his Miranda rights.

The U.S. Government strongly refuted that version of events. A similar pattern of disagreement, over what at times seemed relatively insignificant details, became a feature of a prolonged and complex legal battle spanning the next seven years.

Indicted by a grand jury in 2019, a total of eight defendants faced charges of conspiring to violate criminal copyright law.

Archive Image: Jetflicks

Disguised as an aviation service, Jetflicks reportedly offered subscribers a library of movies and at one point 183,285 pirated TV episodes; that made it the largest internet piracy case by volume of infringed works ever to go to trial in the U.S., the Department of Justice said.

Las Vegas Jury Finds Defendants Guilty

Dallmann and co-defendants Jared Jaurequi, Douglas Courson, Felipe Garcia, and Peter Huber, went on trial at a court in Las Vegas in the summer of 2024.

The court heard that lead defendant Dallmann ran Jetflicks with assistance from Jaurequi and Courson. Garcia was in charge of customer support and also obtained TV show content, while Huber worked at Jetflicks as a programmer.

The jury found all five defendants guilty of conspiracy to commit criminal copyright infringement. Dallmann was also found guilty of three additional counts of criminal copyright infringement plus two counts of money laundering by concealment.

A sixth defendant, Jetflicks programmer Yoany Vaillant, went on trial separately after the court severed his case from the others. He worked at Jetflicks for just four-and-a-half months but was found guilty of conspiracy to commit criminal copyright infringement after a two-week trial last November.

U.S. Sought 25-30 Year Sentence for Dallmann

Following the convictions in June 2024, the court docket has remained active with over 200 additional entries. As previously reported, this is a very important case for both the U.S. government and the MPA. Not only is Jetflicks the largest case by volume of works infringed, but it’s also the very first illegal streaming case to go to full trial in the United States.

Last year’s convictions would’ve been welcomed, but deterrent sentences were a priority too. Four of the men were told they could receive sentences of up to 60 months in prison.

Group leader Kristopher Dallmann submitted that a sentence of 36 months on each of his felony counts would be reasonable and could run concurrently. However, the government’s Sentencing Guideline proposed a range of 25 to 30 years, prompting Dallmann’s counsel to brand it “facially absurd.”

Judgment for Dallmann

A judgment signed by U.S. District Judge Richard F. Boulware, II, dated July 18, 2025, confirms that Dallmann was found guilty on six counts in the indictment. They include (Count 1) Conspiracy to Commit Criminal Copyright Infringement and (Counts 2&3) Criminal Copyright Infringement by Reproduction or Distribution.

Dallmann was also found guilty of Criminal Copyright Infringement by Public Performance (Count 4 / 17 U.S. Code § 106(4)), plus Money Laundering and Aiding and Abetting (Counts 13&14), and sentenced as follows;

Total criminal monetary penalties of $375.00 were due immediately. Dallmann is required to surrender for service of sentence on October 17, 2025.

Previous Convictions

In 2021, Jetflicks programmer Luis Angel Villarino pled guilty to one count of conspiracy to commit copyright infringement and was sentenced to one year and one day in prison.

Daryl Polo, Jetflicks programmer and later the operator of rival service iStreamitAll, received a 57-month sentence and a $1m forfeiture order after pleading guilty to four counts of criminal copyright infringement and one count of money laundering.

USA v Dallmann [Jetflicks] Judgment/Sentencing of Kristopher Lee Dallmann (pdf)

Source

Hope you enjoyed this news post.

Posted Wednesday 23 July 2025 at 5:49 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

Pirate streaming apps and unauthorized IPTV services have become increasingly popular globally in recent years.

Latin America is no exception to this trend but unlike other regions, one pirate streaming brand clearly stands out: MagisTV.

The MagisTV name is used by dozens of websites, many of which are reseller platforms. While some of these might be related, the name is also used by unrelated entities, simply because the brand has become synonymous with pirate IPTV.

A Notorious Market

Rightsholders worldwide are not pleased with the brand’s dominance and have worked hard to counter it. This resulted in several referrals that reportedly resulted in criminal investigations in Argentina, Colombia, Ecuador, and Venezuela.

Following a referral from the MPA’s anti-piracy arm ACE, two Magis TV operators were criminally prosecuted in Colombia, with both receiving 30-month suspended prison sentences from a local court in May.

The MagisTV problem was also reported to the Office of the U.S. Trade Representative (USTR), which added the brand to its latest list of notorious piracy markets.

“MagisTV is one of the world’s most popular IPTV services and operates primarily in Latin America. The service provides unauthorized access to live sports streams, television channels, and on-demand movies and television shows to its customers for a monthly subscription,” USTR wrote.

However, despite these enforcement actions and repeated warnings, the “Magis TV” problem hasn’t gone away.

Magis TV Trademark Application Abandoned

Following the USTR’s listing, several Magis TV domain names were abandoned, while others rebranded their service to Flujo TV, presumably to escape the heat. The Magis TV brand nonetheless remains popular today even in the United States, where a Chinese company tried to obtain the U.S. trademark.

The company ‘Shenzhen Huiyi Electronics’ applied for the ‘Magis TV’ mark for the recognizable logo at the U.S. Patent and Trademark Office. Last December, it passed the first hurdle when the office issued a “notice of allowance,” to the frustration of many rightsholders.

Magis TV Mark

To proceed with the registration process, the Chinese set-top box manufacturer was required to file a Statement of Use (SOU), proving they are actually using the trademark in commerce. That document never arrived, prompting the trademark office to abandon the application.

This effectively means the trademark application is no longer active and will not proceed to registration.

Application Abandoned

If the Chinese company would still like to secure the trademark, it can file a “Petition to Revive” within two months, which comes at an extra cost. For now, however, there’s no indication that it missed the deadline unintentionally. Instead, the legal pressure against the Magis TV brand likely makes the trademark less appealing.

A Malware and Security Threat

In addition to the legal concerns, recent publications in Latin American news outlets repeatedly warn of potential security risks related to Magis TV. While these concerns are certainly warranted, the barrage of articles clearly stands out, as the collection of translated headlines below shows.

• Download Magis TV: Using the free APK to watch series and movies is a threat to your banking data.
  (Cronista, July 20)
• Find out what Magis TV is and why it’s not the best option for your entertainment.
  (Infobae, July 17)
• Downloading Magis TV on your cell phone is a risk.
  (Eldestape, July 17)
• Why not download Magis TV?
  (Infobae, July 16)
• Watching free series and movies on Fire TV Stick with Magis TV is illegal.
  (Eldestape, July 15)
• Magis TV: Downloading the free 2025 APK can ruin your TV and steal your data.
  (Cronista, July 14)
• ‘Magis TV download’, one of the most common and dangerous searches.
  (Infobae, July 12)
• Watching the 2025 Club World Cup final on Magis TV is a risk.
  (Eldestape, July 11)
• Don’t use Magis TV.
  (Infobae, July 8)
• Farewell to Magis TV: safe and legal platforms for watching movies and series.
  (Infobae, July 8)
• Magis TV Danger: This APK version can destroy your electronic devices and put your personal data at risk.
  (Cronista, July 6)

—

Some headlines

The articles list a wide variety of potential threats, including malware, viruses, data theft, identity theft, bank fraud, and many others. At the same time, they conveniently offer options for legal and authorized streaming services readers can try instead.

Interestingly, several Magis TV websites are fighting back against these news articles by explicitly mentioning that their software is safe. This is corroborated with ‘evidence’ in some cases, including the site below that shows a clean VirusTotal check to reassure visitors.

Whether these promises are worth anything is questionable because VirusTotal showed a different result when we checked the APK file ourselves. And that’s just one of the many APKs out there.

Clean?

Source

Hope you enjoyed this news post.

Posted Wednesday 23 July 2025 at 2:14 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only.

Downloading content without permission is copyright infringement. These torrent download statistics are only meant to provide further insight into piracy trends. All data are gathered from public resources.

This week we have two newcomers on the list. “How to Train Your Dragon” is the most shared title.

The most torrented movies for the week ending on July 21 are:

Note: We also publish an updating archive of all the list of weekly most torrented movies lists.

Source

Hope you enjoyed this news post.

Posted Tuesday 22 July 2025 at 5:02 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

In 2023, Google and its cybersecurity partners teamed up with German law enforcement agencies after discovering BadBox, a botnet comprised of 74,000 Android devices infected with malware.

After deploying a range of measures to suppress BadBox, a much larger threat quickly arrived.

BadBox 2.0

BadBox 2.0 was discovered by HUMAN’s Satori Threat Intelligence and Research team. Their initial report published in March revealed how infected devices were able to request and click on ads without the user being aware, committing ad fraud and laundering.

As part of a botnet able to act as a residential proxy network, devices were also being used for account takeovers, DDoS attacks, and spreading malware. Since infected devices are also capable of executing new code delivered over the internet, without any user interaction, the potential for harm was unusually high.

One million infected devices…

At the time the impact of BadBox 2.0 was described as global, with more than one million devices infected in 222 countries and territories. To prevent the spread, users were advised to only download apps from official marketplaces such as Google Play while avoiding off-brand devices.

A list of device model numbers made available since reveals that cheap set-top boxes manufactured in China appear to account for the majority of infected devices. However, laptop and desktop computers, smartphones, tablets, in-car entertainment devices and digital projectors have all been compromised too.

In an announcement late last week, Google revealed that in partnership with HUMAN Security and Trend Micro, its researchers are now battling a botnet comprised of 10 million uncertified and infected devices, running Android’s open-source software (Android Open Source Project), “which lacks Google’s security protections.”

Lawsuit Filed in New York

Google’s actions include a lawsuit filed at a federal court in New York which began in May but with most documents sealed until recently. In addition to a temporary restraining order issued on May 30, on July 1 Google was awarded a preliminary injunction to mitigate the ongoing spread of malware, infection of new devices, and other “criminal schemes”.

The identities of the defendants – Does 1-25 – are reportedly unknown but with some confidence Google’s recently unsealed complaint places the blame firmly on bad actors in China who it believes would not comply with a judgment for money damages.

• The Infrastructure Group: Established and manages the “command-and-control” C2 infrastructure (C2 Servers and domains) for BadBox 2.0.
• The Backdoor Malware Group: Developed and preinstalls malware on the infected devices and uses that malware to operate a botnet composed of a subset of BadBox 2.0-infected devices to carry out a variety of ad fraud campaigns.
• The Evil Twin Group: Develops apps that the BadBox 2.0 Enterprise uses to commit ad fraud via hidden ads.
• The Ad Games Group: Connected to an ad fraud campaign conducted through BadBox 2.0-infected devices that uses fraudulent “games” to generate ads in hidden web browsers

Google Obtains Permission to Take Significant Action

Specific details are currently withheld, but it appears that Google has been granted broad permission based on claims under the Computer Fraud and Abuse Act (CFAA) and the Corrupt Organizations Act (RICO), to block (and require other entities to block) traffic to and/or from IP addresses and certain domains.

Other reasonable measures, including seizing control of domain names through registrars and registries, are also at Google’s disposal, to limit the botnet’s ability to operate.

Blocking Measures on Steroids

The FBI’s advice is for users to “avoid downloading apps from unofficial marketplaces advertising free streaming content” and “assess all IoT devices connected to home networks for suspicious activity.”

While avoiding unofficial marketplaces is straightforward, those looking for the latest movies and TV shows are unlikely to find suitable apps offering that content for free anywhere else. Monitoring home networks is likely to prove prohibitively difficult too.

There may be a very good argument for physically destroying these devices. The complaint states that the entire supply chain is compromised. “They are devices manufactured by the BadBox 2.0 Enterprise,” it reads.

But even if malware isn’t preinstalled, it can be installed remotely when devices are switched on by the user or when users download apps designed to look attractive but carry a similarly malicious payload.

The preliminary injunction obtained by Google is available here (pdf)

Source

Hope you enjoyed this news post.

Posted Monday 21 July 2025 at 5:46 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

Not long after winning the Oscar for Best Picture in 2010, the makers of the war action thriller ‘The Hurt Locker’ set their eyes on their next prize.

With a then-novel legal scheme, they planned to sue tens of thousands of Americans, who shared pirated copies of their film via BitTorrent, in a single lawsuit.

“We’re creating a revenue stream and monetizing the equivalent of an alternative distribution channel,” lawyer Jeffrey Weaver said at the time.

These types of business models, where lawyers and anti-piracy outfits also reap the financial benefits, were already well-known in the UK and Germany, but the United States opened the doors to millions of new targets.

Fifteen years later, these lawsuits are still prevalent, but the playing field has changed. Filing lawsuits against hundreds or thousands of defendants at once was ruled a no-go. This made these legal campaigns substantially more expensive, as every complaint comes with a filing fee and paperwork.

At the same time, some judges were showing increasing reluctance to take on this type of case. And with a ruling that an IP address alone is insufficient evidence, nearly all rights holders gave up on the practice.

Strike 3’s Unrelenting Anti-Piracy Campaign

Strike 3 Holdings is the only prolific litigant in BitTorrent piracy cases today. Known for brands including ‘Milfy,’ ‘Tushy,’ and ‘Vixen,’ the adult entertainment company isn’t scaling down either.

Thus far this year, the company has filed 2,277 lawsuits in U.S. courts, putting the firm on track to beat last year’s record of more than 3,900 lawsuits filed overall. All of these cases target IP addresses observed in public BitTorrent swarms, allegedly sharing adult videos.

Once a complaint is filed, Strike 3 obtains a subpoena through which it can compel the corresponding Internet provider to share the personal details of the account holder. This person can then be added as a named defendant in the case and summoned to appear in court.

These types of lawsuits seldom make it to trial. Strike 3 often reaches out to the defendant with a settlement offer and if both parties agree, that effectively ends the case. Lawsuits can also be dismissed for other reasons which are typically not made public. And in rare instances, defendants can claim a victory of sorts.

A Pirate’s Catch 22

Whether defendants are innocent or not, these cases typically have financial implications. Some defendants opt to proceed pro se, defending themselves; legal representation isn’t cheap, especially if many hours are spent on the case, let alone a full trial.

This leads to a catch-22 situation where defendants have to invest thousands of dollars to prove their innocence, without a guarantee of success or financial compensation. Ironically, it is often cheaper to settle the case, even for someone who did nothing wrong.

We are not lawyers, and the above is not legal advice, but it illustrates the conundrum some people find themselves in. For those defendants who really are innocent, there’s no easy way out. That’s simply how the system works.

Given this backdrop, some defendants choose to ignore a lawsuit completely, hoping that it will go away. That may be understandable, but it is arguably the worst option of all. And typically the most costly too.

Ignoring a Lawsuit Can Be a Costly Mistake

Most Strike 3 cases are dismissed, often after a settlement, but default judgments are also common. When defendants fail to respond to a lawsuit, the plaintiff’s arguments can be taken as written and with no defense, the alleged pirate literally loses by default.

We don’t report on most of these judgments because they have little news value in isolation. However, damages awards can be substantial and in the bigger picture, the numbers quickly add up.

Earlier this year, we highlighted three defendants who were ordered to pay $97,500, $86,250 and $26,250 respectively. But there are many more.

A quick glance at recent records reveals a $24,000 award for damages against a defendant in Texas last month. Strike 3 requested a $51,750 damages award at a California federal court last week, against a defendant who alleged shared 96 videos. And with thousands of cases still in the pipeline, these lawsuits are unlikely to end anytime soon.

For anyone involved in one of these cases, innocent or not, the defaults are a reminder that ignoring legal paperwork can be a costly mistake. And if defendants are innocent, history has shown that it can be worth putting up a serious defense. But of course, that will likely mean a substantial upfront legal bill.

Source

Hope you enjoyed this news post.

Posted Monday 21 July 2025 at 4:11 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

Generic warnings about malware, identity theft, and other types of fraud have become embedded in the majority of anti-piracy campaigns over the last few years.

Yet, no matter how stylishly produced or immaculately directed at the target audience, moving the awareness needle by a few percentage points is just the beginning.

Increased awareness of the message doesn’t mean that more people believe in it, or that they’re more convinced that it holds any relevance to them as an individual. With no exceptions, every single rightsholder-backed anti-piracy/malware campaign has a mountain to climb; that’s assuming they even take time to listen.

They would say that, they’re only interested in your money

For pirates, the statement above is a common reaction to malware warnings from rightsholders. The statement is difficult to counter because yes, they would indeed say that. And of course, it’s usually being said by a massive corporation motivated by money. It’s easily tested too; just stop paying and see how it goes.

Communication between pirate sites and their users varies wildly for all kinds of reasons, but in general, operators of today’s large public sites appear to see no value in user engagement. Content gets posted, and people come and view it for free. If it arrives quickly enough and the quality and delivery seem acceptable, visitors are likely to return and might even bring friends along sometime.

Broad generic warnings that there’s no such thing as free, and that visiting any pirate site will end in disaster, represent a default position to which few pirates can relate. For the overwhelming majority, that’s not their experience. And because of the scope, the entire message is dismissed as self-serving and substantially untrue.

The truth is usually found somewhere in the middle and, in individual cases, it may actually prove quite hard to digest.

The Infostealer Crisis

While many seasoned pirates are quick to dismiss malware warnings from anti-piracy groups, what’s happening behind the scenes in the infostealer crisis poses a real concern for others.

As the investigation reported by Microsoft in March reveals, malicious mechanisms to obtain information from internet users can be extremely sophisticated.

With more than a trillion ads delivered globally, malicious ads represent a tiny fraction of the total, malicious code even less. But whether they appear on mainstream social media platforms or on dedicated pirate sites, the end result is the same for those affected by them.

Personal information, valuable credentials, stored credit card info, cookies/session tokens, and crypto wallets are siphoned up by those most likely to exploit them, potentially on an ongoing basis for those silently infected.

Cybersecurity portal Hudson Rock currently reports over 32.2 million infected machines and over 4.8 million compromised employees; some of the most valuable targets are corporate accounts.

Hudson Rock’s Cavalier OSINT & Infostealer Investigation Platform, with data verified through Infostealers.com public breach disclosures, delivers some remarkable and at times alarming insights on infostealers, related infections, and their links to piracy.

That includes information on the most popular movie piracy site to ever exist.

Infostealer Exposure Analysis: FMovies

FMovies was famously shut down around a year ago but retains its title as the most popular mainstream movie piracy streaming site to ever exist.

To retain the original context and to avoid misrepresentation, the information concerning FMovies is presented here as-is. The source for each conclusion appears on each image, using data verified as indicated.

Infection Rates/User Passwords Overwhelmingly Weak

Buttons could actually say almost anything

Geographical Spread/Total AV Failure to Identify Threats

Basic Credential Hygiene Failure

The Consequences of Credential Hygiene Failure

The End

Interesting Tools: Do Your Own Research

For anyone concerned about infostealer threats or just intrigued to learn more, free tools available at Hudson Rock should prove informative. Ultimately, hard and measurable data is more convincing than vague threats.

Using data from over 32 million devices infected with infostealers, the tools can provide insight into threats linked to Android apps (left) and most domains (right). Results should be read in context.

While results for ‘Android Piracy App X’ may show hundreds of confirmed users of ‘Android Piracy App X’ who are infected, it’s possible that the infection came via another vector, not necessarily the app in question. The same applies to websites where testing a range of sites in the same niche, both legal and illegal, provides greater insight than not doing so.

The result on the right relates to a piracy domain ‘seized’ by the Alliance for Creativity and Entertainment, as indicated by the favicon. The data suggests an infection rate that puts FMovies in the shade. Using the free tools, insights like these are freely available to all; researching Android apps can be quite the ride.

Source

Hope you enjoyed this news post.

Posted Sunday 20 July 2025 at 6:40 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

When governments prohibit, outlaw, or otherwise restrict certain activities or access to products, some believe that can make the forbidden even more interesting.

Coincidentally, perhaps, forbidden is a theme the adult industry has always found quite lucrative, ironically in countries where there are few restrictions.

In Vietnam, making, possessing and distributing pornographic material is illegal, so the underground market today is fueled by sites offering pirated porn from which third parties profit. Running these types of sites is not without risk, however.

Two Men Prosecuted

In an announcement on Wednesday, police provided an outline of crimes allegedly committed by two men said to operate hundreds of sites.

The Investigation Police Agency at Tuyen Quang Provincial Police first announced the prosecution of Thái Nguyên province resident Vũ Văn Thìn. Born in 1988, he allegedly launched the first of his sites in 2018.

Stocked with “pornographic and depraved” content, the sites reportedly attracted a large, but unspecified number of visitors. Since many porn pirates prefer not to pay, especially in a country where explicit adult material is illegal, the sites offered free content to generate revenue from advertising.

Easy Money

Vũ Văn Thìn’s successes reportedly led to others wanting to work with him, including Đinh Mạnh Dũng (born 1989), a resident of Thanh Hóa province. Working as partners and independently, Thìn and Dũng are said to have expanded their site portfolios when generating revenue came easily.

As the government source explains:

Realizing that making money is easy, the subjects multiplied the number of websites; using high-tech technical means with sophisticated tricks to commit criminal acts, in order to increase profits and evade the censorship of telecommunications service providers in Vietnam.

At the time of his arrest, Vũ Văn Thìn had reportedly “created, managed and operated” 287 websites to which he’d posted 21,000 videos.

Đinh Mạnh Dũng reportedly created and operated more than 100 similar sites offering similar content, although he personally uploaded fewer videos, around 1,000 according to police.

Very Serious Crimes

While prosecutions of regular pirate site operators in Vietnam fall well short of Western rightsholders’ expectations, the distribution of prohibited content is described by police as a very serious crime that “infringes on fine customs and social ethics.”

Whether the alleged volume of sites will have any bearing on the prosecution’s case is unknown. Site names have not been released for obvious reasons, but in practical terms, it seems unlikely that the defendants operated 400 distinct sites.

Circumvention of Government Blocking

A more likely scenario would see hundreds of domains linked to a very limited number of sites, for the purpose of circumventing ISP blocking measures, among other things. Having become ubiquitous in the broader streaming piracy landscape, large pirate sites with strong connections to Vietnam use similar tactics to avoid blocking in multiple jurisdictions.

Deployed at local ISPs either owned by the state or operated by those closely connected to the Vietnamese government, blocking is supposed to prevent access to prohibited content of various types, which in practice can be broadly defined.

Circumvention of blocking measures ordered by the state, for the purpose of distributing content banned by the state, has the potential to prove costly. The revenue generated through ads may also factor into the equation but depending on the nature of the ads, the cost may be felt more acutely by users.

Source

Hope you enjoyed this news post.

Posted Saturday 19 July 2025 at 6:25 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

The News/Media Alliance, a trade association behind major news publishers, announced that it has “successfully secured” the removal of 12ft.io, a website that helped users bypass paywalls online. The trade association says 12ft.io’s webhost took down the site on July 14th “following the News/Media Alliance’s efforts.”

12ft.io — or 12 Foot Ladder — also allowed users to view webpages without ads, trackers, or pop-ups by disguising a user’s browser as a web crawler, giving them unfettered access to a webpage’s contents. Software engineer Thomas Millar says he created the site when he realized “8 of the top 10 links on Google were paywalled” when doing research during the pandemic.

Over the past decade, the online publishing business model has become increasingly unstable. For many years, websites gave readers free access because they were supported by advertising revenue, which is dependent on pageviews. But as traffic has fluctuated, in large part due to changes to Google’s Search algorithm and an increasing shift toward AI search, many magazines, including The Verge, have diversified their business to become more dependent on subscriptions and paywalls to support themselves. The attempts for publishers to become more sustainable have also led to an internet that is less open and accessible — a complaint that Millar’s project is responding to.

Still, in an ironic twist, Millar began asking users to pay for a subscription to 12ft.io to help cover the cost of the tool in 2022. “I’m making it my mission to clean the web,” Millar said at the time.

In its announcement, News/Media Alliance says 12ft.io “offered illegal circumvention technology” that allowed users to access copyrighted content without paying for it. The organization adds that it will take “similar actions” against other sites that let users get around paywalls. The News Media Alliance recently called Google’s AI Mode “theft.” (Like many chatbots, Google’s AI Mode eliminates the need to visit a website, starving publishers of the pageviews they need to be compensated for their work.)

“Publishers commit significant resources to creating the best and most informative content for consumers, and illegal tools like 12ft.io undermine their ability to financially support that work through subscriptions and ad revenue,” News/Media Alliance president and CEO Danielle Coffey said in the press release. “Taking down paywall bypassers is an essential part of ensuring we have a healthy and sustainable information ecosystem.”

Source

Hope you enjoyed this news post.

Posted Friday 18 July 2025 at 4:39 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

In 2021, German Internet providers agreed to voluntarily block the most egregious pirate sites.

The ISPs teamed up with rightsholders groups and launched the “Clearing Body for Copyright on the Internet” (CUII), which was in charge of handing down blocking ‘decisions’.

Notably, the CUII did not rely on court judgments. Instead, the private organization issued their own recommendations after an internal review process, which assess whether a reported domain is indeed linked to a website that structurally infringes copyrights.

As an extra precaution, the Federal Network Agency (Bundesnetzagentur) reviewed all of CUII’s blocking decisions before they were implemented.

This extrajudicial blocking regime has resulted in 25 blocking orders since it launched, targeting hundreds of domains operated by sites such as Kinox, Filmfans, Sci-Hub, Lib-Gen, Romslab, and Totalsportek. This significantly reduced the traffic to these domain names and reportedly worked well. Nonetheless, Heise reports that a major change just taken place.

Judicial Oversight Is Now Required

Last month, the participants of the blocking agreement amended their code of conduct, which fundamentally changes how CUII operates. Going forward, all blocking action will take place after a court orders at least one Internet provider to block a website.

“The CUII no longer reviews blocking claims, but instead coordinates the initiation and conduct of proceedings, the implementation of court blocking decisions, and the unblocking of domains that are no longer infringing,” CUII writes.

What Changed?

Under the amended agreement, other ISPs will follow court-ordered blockades, even if they are not directly targeted themselves. This is similar to the blocking regime that is currently operational in the Netherlands.

The move away from privatized blocking orders is notable, but is not directly linked to accuracy concerns. According to CUII, the main reason is that the Federal Network Agency could no longer efficiently review CUII’s orders, as it has limited resources and other priorities.

“[T]he Federal Network Agency could no longer guarantee the continued fast and effective process with the usual level of quality. Therefore, it has asked the CUII to have the review conducted by the courts in the future,” CUII writes.

Key Changes

Under the updated agreement, rightsholders will report potential blocking targets to CUII, which will then pick one Internet provider to be sued in court. If the rights holder is successful in court, they will inform the clearing house of the outcome, which will then ask other ISPs to block the targeted domains as well.

While this sounds straightforward, obtaining a pirate site blocking order in Germany is more complicated than elsewhere. Previously, courts have ruled that blocking measures should only be used as a last resort, which means that action against hosting providers can be required beforehand.

Just a few weeks ago, rightsholders complained about these strict requirements at the European Commission, noting that they prevent swift and effective enforcement. The complaining parties include the MPA, BVMI, GAME, and DFL, who are all part of CUII.

“[T]he overextended application of the subsidiarity principle places undue burdens on rights holders, who are often required to take prior legal action against EU-based hosting providers before obtaining blocking orders,” the rightsholders wrote.

When a court order is obtained and implemented by all participating ISPs, CUII will be responsible for reviewing new domains and mirrors to be added to the blocklist. If permitted by the underlying order, a new court procedure is not required.

Rightsholders will remain in charge of monitoring that the blocking conditions still apply. When a domain name no longer links to infringing content, they will alert CUII so the associated blocking order can be lifted.

Transparency?

The decision to add judicial oversight will help to ensure a proper review of all blocking requests. That said, CUII’s blocking decisions were generally quite thorough; most problems in Germany can be traced back to a lack of transparency.

In Germany, there is no public overview of blocked domain names, which makes public scrutiny much more difficult. It took a then-17-year-old developer to start an independent monitoring site, after which several erroneously blocked domains were identified and reported.

The now-18-year-old Lina writes in a blog post that she exposed dozens of wrong and outdated blocks since the site was started. This often involved domain names that were no longer active but remained blocked.

While many CUII critics, including Lina, are happy to see blocking powers in the hands of the judicial system, this change doesn’t make the blockades more transparent.

Aside from inadvertent leaks and an unofficial monitoring portal, there’s no official overview of blocked domains. As in the older version, the new agreement stipulates that “details” about the site will be published, but that doesn’t include a full list of domains.

Source

Hope you enjoyed this news post.

Posted Friday 18 July 2025 at 4:38 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend  

Originally known as Switch-xci, NSW2U has been a thorn in the side of Nintendo for over half a decade.

The site was initially active on several platforms, including YouTube. Later on, its primary focus was providing a linking portal for pirated games.

The main NSW2U domain had more than two million monthly visits, according to Similarweb, which was enough to warrant a mention on the USTR’s latest list of notorious pirate sites. Following a presumed referral from rightsholders, it also attracted the attention of the FBI.

Last Thursday, we reported that the FBI had seized the NSW2U.com domain plus several others linked to gaming piracy sites. This action was confirmed in a press release issued by the FBI’s Atlanta Field Office, which said that it dismantled the infrastructure of these websites.

The FBI further stated that unspecified records indicate that the most popular domain is linked to 3.2 million illegal downloads, resulting in a loss of $170 million.

FBI Domain Error

The press release lists seven domain names in total: nsw2u.com, nswdl.com, game-2u.com, bigngame.com, ps4pkg.com, ps4pkg.net, and mgnetu.com. While most of these were indeed linked to pirated games, ps4pkg.net stands out as a currently unregistered domain that wasn’t active earlier in the year either.

Domain available
 

When we asked the FBI about this peculiarity, a spokesperson informed us that the domain name was listed in error in the June 10th press release, which is still online today. Instead of ps4pkg.net, the target domain should have been ps5pkg.net.

FBI Atlanta press release
 

This confusion went unnoticed by most news publications that picked up the press release but was spotted elsewhere, including by popular YouTuber SomeOrdinaryGamers.

Broader Infrastructure

Unfortunately, the FBI was not at liberty to share further details on the follow-up plans for the case, as it’s part of an ongoing investigation. However, the official communication suggests that the enforcement action might not be limited to domain names, but also the broader “infrastructure”.

Servers may have been targeted as well, for example. That could explain the involvement of the Dutch fiscal police, FIOD, as the Netherlands is a popular hosting location for many pirate sites and services. Public information shows that NSW2U used Dutch servers in the past.

FIOD informed us that it took action in response to a request for mutual legal assistance. No further details could be shared, but FIOD is known to investigate and take action at local hosting providers in criminal cases.

There is currently no information indicating any arrests and to our knowledge, there hasn’t been a publicly announced indictment either.

New NSW2U Domains

The erroneous domain listed in the FBI press release is not the only source of confusion in the wake of events last week. As is often the case when pirate sites are shut down, opportunists have stepped in to take advantage.

There are several NSW2U-branded domains still online today that claim to be alternatives or mirrors of the original. This includes NSW2U[.]games (caution!) which was registered a few hours after the FBI seized the original domains.

Registered after the domain seizures
 

This domain redirects to a NSW2U-branded site that doesn’t look like the original, but it is clearly targeted at disoriented users. The .games domain redirects to another unofficial NSW2U-branded domain, which then links users to yet another domain displaying a third-party download site within an iframe.

Some of these domains are listed by security vendors as malicious. The iframe in question loads external and unknown JavaScript files from a recently registered domain, presumably to display ‘advertisements.’ However, we can’t rule out other risks.

In fact, the site itself admits potential trouble. It explicitly recommends an ad blocker and antivirus to avoid malicious ads or redirects. Of course, staying away from these sites completely, for various reasons, is the safest choice.

Safe?

For now, all signs suggest that the FBI action effectively took the real NSW2U operation offline and, absent the copycats, there is no indication that it will make a comeback anytime soon.

Source

Hope you enjoyed this news post.

Posted Thursday 17 July 2025 at 5:15 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of June): 2,864

RIP Matrix | Farewell my friend