Z-Library has become the go-to site for many readers in recent years by providing access to nearly 14 million books, without charging a penny.

 

The site’s continued ability to do so was put to the test late last year when U.S. law enforcement seized over 200 domain names connected to the platform. Two alleged Z-Library operators were arrested in Argentina and currently face extradition to the States.

 

Despite being in the crosshairs of law enforcement, Z-Library has shown no signs of slowing down. The site remained accessible through the dark web and later made a full comeback. When the U.S. authorities seized more domains earlier this year, it still didn’t falter.

Browser Extensions

One thing has clearly changed, however. Since the shadow library is now well aware that its domain names could be taken away at any moment, numerous precautions are being taken to mitigate the risks.

 

A few weeks ago, Z-Library released a dedicated desktop application that should make it easier to access the site. The software has the ability to redirect users to working domains and whenever necessary, connect over the Tor network, which also helps to evade blocking efforts.

 

In an announcement this week, the operators of the shadow library unveiled new precautionary tools to redirect users to working domains, including any new ones, should they be needed.

Seamless Access?

The new browser extensions are available for both Chrome and Firefox and promise ‘seamless access’ to alternative domains in the event that existing ones run into trouble.

 

“Say goodbye to searching for available domains, as this handy extension takes care of everything for you. Simplify your online library experience and enjoy seamless access to a world of knowledge, right at your fingertips.

 

“After launching the extension, the process of searching for an available domain will begin. Within some seconds when the domain is found, you will be redirected to the library homepage,” Z-Library explains.

 

 

While installing browser extensions should always happen with caution, in just a few hours thousands of Z-Library users have already installed the new software. According to the Chrome store, the Z-Library Finder currently has over 7,000 users.

Challenges Remain

These extensions may indeed help to point users to new domain names, but the solution isn’t bulletproof. The authorities may attempt to remove the listings from the Chrome and Firefox extension libraries, for example.

 

Even if Z-Library decides to self-host these tools, they still rely on technical infrastructure that could be targeted in the future. That being said, the releases are still notable; it’s rare to a service going full steam ahead in the face of an active criminal case.

 

As reported earlier, the two alleged operators apprehended in Argentina continue to fight extradition. They recently asked a New York federal court to dismiss the indictment, citing various shortcomings, and the U.S. is expected to file a response to this request soon.

 

Filed in February 2022, a DISH Network copyright infringement lawsuit demanded $32.5m in damages from UK-based CDN company DataCamp.

 

The complaint alleged that DataCamp failed to take appropriate action against 11 pirate IPTV services flagged by DISH as repeat infringers, through the sending of more than 400 DMCA notices to DataCamp.

 

Similar lawsuits have become fairly common in recent years and when copyright holders prevail, damages awards can reach hundreds of millions of dollars. It’s therefore no surprise when defendants, including ISPs and hosting providers, find themselves under considerable pressure to settle.

 

Earlier this year the parties in the DISH matter said that a settlement was being discussed for a second time, just as DataCamp found itself under mounting pressure in an increasingly complex case.

 

Dramatic developments this week indicate that an amicable settlement is of no interest to DataCamp. The company’s answer and counterclaims contain allegations that, if proven true, could have serious implications for this case and raise questions about many others.

DISH Holds Exclusive Rights to TV Channels

Most if not all infringement lawsuits filed by DISH in recent years have centered on a number of TV channels for which it holds exclusive rights in the United States.

 

Typical DISH lawsuits filed against pirate IPTV services claim that, since these channels were made available in violation of DISH’s rights, operators are liable for damages under the Federal Communications Act or the Copyright Act.

 

More recently, DISH favored claims under the Copyright Act, alleging various types of copyright infringement, depending on the defendant and circumstances. DataCamp faces secondary copyright infringement claims, none of which hold water, the company now insists.

 

“DISH claims it entered into signed, written licensing agreements with the Networks granting DISH the exclusive right to distribute and publicly perform the Channels by means including satellite, over-the-top (OTT), internet protocol television (IPTV), and internet,” DataCamp’s filing informs the court.

 

“The Channels are not Registered Copyrighted Works with the U.S. Copyright Office. The United States Supreme Court has held that a plaintiff, such as DISH, cannot file suit for unregistered works. DISH has alleged copyright infringement for Unregistered Works in its Complaint.”

The ‘Phony Infringement Notice Scheme’

DataCamp alleges that around October 2017, DISH began sending infringement notices to DataCamp after “concocting a scheme” with anti-piracy partner NagraStar and its law firm. The CDN company says the aim was to “aggressively monetize DISH’s contractual rights under the guise of United States Copyright Law.”

 

DataCamp claims that the targets in this alleged scheme were smaller companies, including DataCamp, for the purposes of “extorting money” from them. DataCamp was to be used “as an example to bully the rest of the industry.”

 

According to DataCamp’s counterclaims, the plan was to use the DMCA to pressure smaller companies into compliance. This would enable them to avoid expensive and brand-tarnishing litigation, irrespective of whether the underlying claims were of substance, the CDN company states.

 

While DataCamp’s allegations are not yet supported by detailed evidence, the UK-based company takes the opportunity to recall some of its own experiences.

DISH TV Channels Are Not Copyrighted Works

“Having been repeatedly threatened with litigation/prosecution, DataCamp believed it had no choice but to comply with DISH’s demands by terminating its customers’ accounts, even when some customers claimed that no infringement occurred and despite DISH’s failure to provide proof of ownership/authority to sue, or proof of infringement, as required by the DMCA,” the company notes.

 

“In fact, DISH did not possess exclusive rights to any actual identified Copyrighted Works in question. Rather, DISH merely has limited contractual rights to ‘Channels,’ which are not Registered Copyright Works, and are not categorically protected under U.S. Copyright Law. DISH therefore is oddly and improperly trying to leverage its distribution agreements to secure exclusive rights not granted by the U.S. Copyright Office.”

 

DataCamp then arrives at what it believes to be the crux of the matter. The company alleges that DISH “illicitly and improperly” secures rights in certain TV programming that has not been registered with the Copyright Office. In this case, DISH says the plaintiffs’ sole purpose was to “bully” DataCamp into an agreement.

 

Dish institutes this action for the primary, if not sole, purpose of bullying DataCamp into agreement to a False Public Judgement for tens of millions of dollars which DISH would agree, in private, never to execute on so that DISH would lie to the industry and terrorize and intimidate other companies like DataCamp into giving into its demands for money, attorneys’ fees, and control of the Alleged Direct Infringers

 

DataCamp informs the court that it “rejected this fraudulent, false, unethical demand out of hand,” adding that DISH still isn’t taking no for answer and persists with its demands for what DataCamp says would be a “bizarre result.”

 

 

“DISH actually claims proudly that it ‘does this all the time’,” DataCamp continues.

 

“DISH’s demands for the creation of a fraudulent judgment would be a fraud on the Court and the Public which DataCamp will not be a party to.”

Counterclaims: Fraud, Deceptive Practices, Racketeering, Conspiracy

DataCamp alleges that DISH misrepresented its exclusive right to any copyright works, its authority to enforce, its possession of registrations for copyright works, and the lawfulness of more than 400 DMCA notices.

 

“DISH acted intentionally and/or with a reckless disregard for the truth because it (a) knew of the requirements of the DMCA and Copyright Law; (b) repeatedly engaged in this deceptive conduct with DataCamp as well as other service providers; (c) had no genuine concern for any specific Copyrighted Works at issue as evidenced by the demanded False Public Judgement,” DataCamp’s counterclaim reads.

 

DISH conduct shows a “pattern of racketeering” including fraud, mail fraud, and wire fraud, DataCamp continues, noting it was injured as a result of “these RICO violations.” In respect of the allegedly “phony infringement notices” sent to DataCamp, these are claimed to have had an ulterior motive of assisting DISH to enforce its contractual rights, rather than protect against copyright infringement.

 

 

DataCamp rounds off its counterclaims with allegations of civil conspiracy against DISH, Nagrastar, and its law firm, for operating a scheme that induced DataCamp to wrongfully comply with invalid notices, causing significant costs, expenses, and loss of customers. The company seeks damages and a trial by jury.

 

DataCamp’s answer, affirmative defenses, and counterclaims, are available here (pdf)

 

 

Founded in the last millennium, CannaPower must be one of the oldest pirate sites still around today.

 

The site currently indexes more than 50,000 audio releases, which are shared through external hosting platforms.

CannaPower Blocking Efforts

With roughly a million monthly visits, mostly from Germany, the download portal is large enough to appear on the music industry’s radar. In fact, it’s become one of the prime enforcement targets and an anti-piracy guinea pig of sorts.

 

When German Internet providers teamed up with copyright holders and agreed to voluntarily block blatant pirate sites, CannaPower was one of the first targets. At the time, the site operated from the Canna.to domain. Today, Canna-Power.to is its main home, but that domain is blocked too.

 

The blockades made it more difficult for Germans to visit the site, but certainly not impossible. By switching to a DNS resolver not controlled by local Internet providers, many people can regain access to the site.

Sony Targets DNS Resolver

Rightsholders are well aware of this. In fact, this was likely one of the main reasons that the German branch of Sony Music filed a lawsuit against DNS resolver Quad9 in 2021. The main goal of this court case was to block CannaPower at the third-party DNS resolver.

 

Sony Music’s lawsuit was successful. While Quad9 is determined to have the blocking order overturned, it initially complied with the blocking order in Germany only. However, after a follow-up complaint from Sony and a €10,000 fine, this blocking effort was rolled out globally.

 

The DNS blocking case in Germany will set an important precedent but, thus far, it hasn’t resulted in CannaPower throwing in the towel. Quad9 is a relatively small DNS resolver compared to Google, OpenDNS, and Cloudflare, so the effects are limited.

‘They’ll Never Get Us Down’

In an interview with the German site Tarnkappe, the site says that Quad9’s global DNS blocking efforts have no meaningful effect on its traffic numbers. And if more blocking orders should follow, the site doesn’t plan to stop either.

 

“The number of visitors has remained constant,” CannaPower says. “They will never get us down! And when the time comes, yes, then we’ll just move to the Tor network.”

 

On the Tor network, rightsholders can’t easily restrict access to a domain name, since ISPs and regular DNS resolvers can’t see this traffic.

 

 

Quad9 actually didn’t notice Quad9’s new global blocking effort and found out about it through the news. For now, the site will remain operational from the canna-power.to domain but it plans to switch to a new one in the near future, although that’s reportedly not related to the blocking efforts.

 

In addition to making it harder for users to access the site, blockades can also lower the revenue of pirate sites by reducing their traffic. While that may happen to CannaPower in the future, money doesn’t appear to be a weak spot either.

 

“I’m already getting hardly any donations or advertising revenue. The project is basically a hobby of mine. I finance almost everything out of my own pocket. And that will not change in the future,” CannaPower’s operator concludes.

After reading the introduction to Bungie’s latest lawsuit, which targets makers and sellers of Destiny 2 cheats, one gets the impression the developer may be starting to enjoy this fight.

 

A Bungie-compiled list of online aliases, including PRAGMATICTAX, NOVA, J3STER and CYPHER, are the latest individuals to face legal action for developing, marketing, selling, and providing customer support for, tools that enable cheating in the blockbuster online game, Destiny 2.

 

Ten named defendants, several of them already identified by both alias and real name, sit atop a pre-allocated space marked ‘JOHN DOES NO. 11-50.’ At this stage of Bungie’s crusade against cheaters and those who enable them, it’s unlikely that space will remain empty for long.

Bungie vs. Ring-1: An Ongoing Saga

The lawsuit filed Tuesday at a Washington court shows a fine-tuning of Bungie’s legal tactics and a determination to finish the mission, even if that requires several bites of the cherry.

 

Individuals behind cheat maker and distributor, Ring-1, were targeted in a Bungie lawsuit back in 2021. Bungie listed six causes of action including copyright infringement, trafficking in circumvention devices contrary to the DMCA, trademark violations, and unfair competition.

 

In February 2023, after reaching settlements with three defendants, a California court rejected Bungie’s request for a $2.2m judgment. With Ring-1 still in business today, Bungie now appears ready to finish the job.

 

”The days of Destiny 2 cheaters being free to engage in a wholesale assault on the Destiny 2 game and its community without fear of consequences are over”

 

(Bungie statement in new Ring-1 lawsuit)

Basis For Complaint

The introduction highlights Bungie successes in earlier lawsuits and suggests there’s now little need to establish whether certain types of conduct amount to an offense.

 

The sale and use of cheat software “violates a raft of federal and state laws, breaches users’ contracts with Bungie, and is a basis for significant tort liability,” Bungie writes. “Cheat manufacture and sale has been repeatedly found to violate copyright law [and] the DMCA’s anti-circumvention provisions,” the company continues, adding that when defendants are sufficiently organized, RICO violations enter the mix.

 

RICO violations formed no part of the lawsuit against Ring-1 defendants in 2021, but they certainly do now. Highlighting the refusal of Ring-1 to curtail its activities, Bungie lays down the law.

 

“Bungie’s litigation, and litigation victories, have not gone unnoticed; they have been widely covered in the gaming industry press and beyond. Defendants, in other words, have been more than placed on notice that their conduct is tortious, wrongful, and in fact illegal, and have had every opportunity to voluntarily cease it,” the complaint reads.

 

“Instead, the Ring -1 Enterprise has deliberately and willfully continued to engage in that conduct, secure in the belief that they can avoid consequences for it. And the Ring -1 Cheat is particularly dangerous, predicated on an insidious misuse of the hypervisor layer of users’ operating systems that puts their computers and others’ at risk.”

Ring-1 Defendants, From the U.S. to Australia

The investigation mantra “follow the money” appears to have bypassed lead defendant Joshua Fisher. The complaint notes he’s a resident of Birmingham, UK, and the sole proprietor of payment processing company, Paydash. That’s almost correct; Fisher was indeed the sole director of Paydash Limited, at least until it collapsed into liquidation more than a year ago, after failing to file its first set of accounts.

 

Liquidation documents make no mention of Bungie’s allegations, including the claim that Paydash processed Ring-1 payments while acting as a “middleman reseller” for Ring-1 cheats. Public records show that Paydash’s attempt to remain anonymous by utilizing a London virtual office address were undermined by Fisher’s address disclosures relating to at least one other business. Other defendants made poor choices too.

 

 

Bungie claims that defendant Jacob W. Mahuron is a Ring-1 support staffer residing in Delaware, who goes by the username “PragmaticTax” on the Ring-1 forums. Fellow support staffer Matthew Abbott (a/k/a “Nova”) allegedly lives in West Virginia, while David Hastings (J3STER) managed to keep his physical location private.

 

While there are lessons to be learned about using the same username internet-wide, the above defendants all used Discord. Bungie made a note of their unique IDs so whatever Discord has on file, is likely to be handed over as the case develops.

 

Other defendants include Travers Rutten (Travers7134), an alleged reseller residing in Brisbane, Australia, and reseller Jesse Watson (jessewatson3944) of ‘physical location unknown’ but resident of the ‘Softaim Express’ Discord server. ‘Calc’ is allegedly a Ring-1 developer, ‘Cypher’a Ring-1 staff member, ‘Khaleesi’ a support staffer, and the list goes on.

 

“Doe Defendants Nos. 11-50 are persons and parties whose identities are currently unknown to Bungie, but who, upon information and belief, are both complicit in Defendants’ torts and members in fact of Defendants’ racketeering enterprise, including cheat developers, resellers, administrators, and other agents of the enterprise,” Bungie adds.

Bungie Goes For the Jugular

The defendants face allegations of copyright infringement, Civil RICO (racketeering: wire fraud, criminal copyright infringement, money laundering), circumvention of technical measures in violation of the DMCA, violations of the Computer Fraud and Abuse Act, Breach of Contract, Interference with Contractual Relations, and Civil Conspiracy.

 

“This conspiracy directly harmed Bungie, through lost business, an injured reputation, and the significant expense of its anti-cheating measures. As a result of the foregoing, Bungie is entitled to an award of damages in an amount to be proven at trial,” Bungie concludes.

 

Bungie’s complaint can be found here (pdf)

 

Two decades ago, most piracy activity was centered around music. When broadband capacity grew, movies and TV series eventually took over and they remain most popular today.

 

Within the video piracy category, anime has become a significant traffic magnet. Today, there are many piracy sites specializing in anime, with the largest serving millions of pageviews per day.

 

9anime is one of these anime piracy juggernauts. The streaming portal first appeared on the scene in 2016 and has thrived ever since. According to recent estimates from SimilarWeb, the site is good for 110 million monthly visits.

Legal Pressure

Popularity at this level also has its drawbacks. In recent years, complaints from rightsholders resulted in 9anime being blocked by ISPs around the world. Anti-piracy groups, including the ACE coalition, are actively trying to track down the platform’s operators.

 

These enforcement efforts have produced usable intel. According to the IIPA, which counts the MPA among its members, the site is part of a piracy streaming conglomerate operated from Vietnam. Other piracy giants such as Fmovies and Putlocker are part of the same group.

 

This information has been shared with the U.S. Trade Representative on several occasions, most recently in January this year.

 

“The operator of the notorious streaming piracy network of sites Fmovies has over 60 associated domains, many of which are known pirate brands such as Bmovies, 9anime, Putlocker, and Solarmovies, provides unauthorized access to popular movies and TV series, and is domiciled in Vietnam,” IIPA wrote.

9anime Rebrands to AniWave

At least initially, legal pressures didn’t seem to impact 9anime, but this week there are signs that enforcement efforts haven’t left the site completed unfazed.

 

“Because of DMCA issues and multiple ISPs blocking our domain, we decided to rebrand 9anime as Aniwave. All of 9anime domains will be redirected to our new domain aniwave.to,” the site’s operators just announced.

 

As a result of this decision, all backup 9anime domains currently point to Aniwave.to, leaving the old brand completely behind.

 

 

A domain change can temporarily help to bypass ISP blockades and may also sidestep Google’s DMCA-related downranking measures. However, that could also be achieved by simply switching to a new domain name with similar branding.

 

Apparently, 9anime has opted for entirely new branding which can be quite confusing for users, especially since many fake 9anime clones are still around.

 

“There are many clone/fake 9anime sites, they’re mostly stealing your data and trying to steal 9anime’s users,” the operators consistently warned. However, a detailed explanation of the brand change is absent.

Is There More to the Story?

Without further information, we can only speculate at this point, but we know that Hollywood has been strengthening its relationship with Vietnamese authorities in recent months.

 

A few weeks ago, representatives from the MPA and ACE met with officials from Vietnam’s Ministry of Public Security (MPS), to discuss future cooperation.

 

Through this meeting, Vietnam’s Deputy Minister of Public Security, Le Quoc Hung, asked MPA and ACE to share intelligence going forward so that both sides can cooperate in their efforts to curb online piracy and copyright infringement.

 

While we don’t know what information was shared, piracy hosting service 2Embed and piracy streaming portal Zoro.to, which were both operated by the same Vietnamese person, have since shut down.

 

Intriguingly, just before it was taken down by ACE, Zoro.to was reportedly acquired by a third party and rebranded to AniWatch, which shouldn’t be confused with 9anime’s new AniWave brand.

 

Considering 9anime’s reported connection to Vietnam, it wouldn’t be a surprise if enforcement efforts from MPA, ACE, and Vietnamese authorities also had a hand in the site’s sudden rebranding this week. But perhaps more will become clear on that in the near future.

 

The DMCA takedown process allows copyright holders to report infringing content and have it removed or taken down.

 

It is a powerful tool that takes millions of URLs and links offline every day. In most cases, this happens for a good reason, but some takedown efforts are more questionable.

 

Fraudsters have previously used false DMCA notices to target competitors. The strategy can be particularly effective when notices are sent to Google, as the search engine actively downranks domains that are frequently mentioned in takedown requests.

YTMP3.nu

Notices sent by legitimate music industry groups such as the BPI and RIAA contain claims that YTMP3.nu violates the DMCA’s anti-circumvention provision. However, the YouTube-ripping service also views itself as a victim of bogus takedown notices sent by one or more competitors.

 

In an effort to curtail the abuse, earlier this year the site sent a cease and desist letter to Google, asking the search engine to begin verifying senders of DMCA notices. In addition, YTMP3.nu also asked for a litigation hold in anticipation of future legal action.

 

The letter didn’t prompt Google to launch an official verification procedure but the YouTube ripper did follow up on its legal threat, although Google itself isn’t a direct target.

Lawsuit Against DMCA Fraudsters

In response to a series of allegedly fraudulent notices, yesterday the operator of YTMP3.nu and Y2mate.nu filed a complaint at a federal court in California. The complaint alleges that the sites are being targeted by one or more competitors with the aim of disappearing the sites from search results.

 

 

YTMP3.nu and Y2mate.nu are operated by CreativeCode Ltd, a company incorporated in Anguilla, a small island in the Eastern Caribbean. With more than 40 million monthly visits, Y2mate has a particularly large userbase that is monetized through advertising.

 

 

YouTube-ripping sites apparently operate in a competitive industry. In recent weeks, some unknown person or persons targeted the YTMP3.nu and Y2mate.nu domain names with takedown notices without proper cause, the complaint alleges. The defendants are not known by name yet and are referred to as ‘does’ for now.

 

“Starting on or about June 27, 2023, Defendants began to submit fraudulent DMCA notices to Google, falsely alleging that the Websites were infringing on copyrights held by Defendants and that the Websites implemented software that circumvented technologic barriers regarding copyright[sic],” the complaint reads

 

“This has caused Google to either delist or downgrade Plaintiff’s websites’ search results on its search engine, resulting in greatly reduced traffic to Plaintiff’s websites and causing Plaintiff significant damages.”

 

The complaint doesn’t specify what impact the notices had on revenues, but it notes that traffic to the sites reduced by approximately hundreds of thousands of clicks per day.

Rick Astley

While both YouTube rippers have been targeted by legitimate rightsholders in the past, the defendants in this lawsuit clearly fall into a different category. Their notices often fail to list a copyrighted work or reference rather dubious copyright holders.

 

The complaint lists an example of a DMCA notice that was sent by “End Of YouTube Converter,” claiming to protect the Rick Astley track “Never Gonna Give You Up.” Mr. Astley’s hit song has taken many people by surprise over the years, but the rights to the song are not held by “End Of YouTube Converter”.

 

“It is clear that ‘End Of YouTube Converter’ does not own the copyright to ‘Never Gonna Give You Up’ (and is not otherwise authorized by the actual rights holder). Instead, the copyrights for ‘Never Gonna Give You Up’ are held by All Boys Music, Ltd., for the words and music, and BMG Music for the sound recording of Rick Astley’s performance on the 1987 record Whenever You Need Somebody,” the complaint continues.

 

 

Google is known to remove YouTube-ripper URLs in response to takedown notices sent by legitimate copyright holders, but this one doesn’t appear to fall into that category.

F*** You!

CreativeCode’s attorney previously sent cease-and-desist letters to multiple email addresses suspected of being behind these fraudulent takedowns. While the emails were not answered directly, a recipient ostensibly replied through yet another DMCA notice.

 

The takedown notice in question sent an indirect message that wasn’t too hard for the attorney to unravel.

 

“This Defendant, cheekily, but in complete disregard and violation of United States law, sent a DMCA Notice to Google referencing the YouTube page of Ceelo Green’s hit 2010 single, ‘F*** You!’,” the complaint explains.

 

“Clearly, the cease-and-desist letter struck its target, receiving an unsubtle and churlish response. This provides even further evidence that the DMCA Notices are fraudulent and meant for no other purpose than to harass.”

Trial and Damages

On top of their complaints concerning the bogus notices, the YouTube rippers further stress that they shouldn’t be classified as anti-circumvention tools under the DMCA. While that’s not needed to make a claim here, it suggests that CreativeCode also objects to notices from legitimate rightsholders.

 

The company sees its websites as content-neutral services. While music companies often complain about music downloaded through the sites, the YouTube rippers highlight a variety of non-infringing uses.

 

That said, this case is primarily targeted at competitors, not actual rightsholders. Through discovery, YTMP3.nu and Y2mate.nu hope to pinpoint and then name the perpetrators.

 

The complaint calls for a trial and accuses the defendants of violating the DMCA, Intentional Interference with Prospective Economic Advantage, and breaching California’s Unfair Competition Law. Through the lawsuit, the YouTube rippers hope to recoup at least $500,000 in damages.

 

—

 

A copy of the complaint filed on behalf of CreativeCode LTD at the U.S. District Court for the Northern District of California is available here (pdf)

Millions of people regularly pirate movies and music without getting into trouble. In fact, some pirates even discuss their habits openly on the Internet, on platforms such as Reddit, for example.

 

Admissions of anonymous Redditors typically go unnoticed by copyright holders but even when observed, it’s rare for companies to take matters further or ask any questions. A group of independent filmmakers in the United States recently attempted to buck that trend.

 

The film companies and their attorney Kerry Culpepper are not planning to take any Reddit users to court. However, they do want to reach out to them to ask some questions about their Internet providers, which are being targeted in various lawsuits.

Filmmakers vs. Anonymous Redditors

Earlier this year, the filmmakers turned to Reddit after they found public comments that may help their case. As part of the RCN lawsuit, they identified several potentially relevant threads and requested a DMCA subpoena, hoping to compel Reddit to identify the anonymous users.

 

The Redditors in question discussed issues such as RCN’s handling of copyright infringement emails. The filmmakers could use this information to their advantage, but only if they obtained the identities of the commenters first.

 

Reddit was unhappy with the subpoena and only handed over the details of one user whose comment mentioned RCN. Reddit refused to hand over the details of users who posted ‘less relevant’ comments, arguing that their First Amendment right to anonymous speech outweighs the interests of rightsholders.

 

The court eventually agreed with this defense, concluding that Redditors’ First Amendment right to anonymous speech should be protected. According to U.S. District Court Magistrate Judge Laurel Beeler, the filmmakers have other options to obtain this type of information, including through RCN itself.

Another ISP, Another Reddit Subpoena

Judge Beeler’s ruling was a setback for the filmmakers but a few weeks ago they returned to court with a similar request. Targeting a new group of Redditors, this time the request was related to the filmmakers’ piracy liability lawsuit against Internet provider Grande.

 

The Reddit users all commented in threads with information that could be relevant to the Grande lawsuit, with many directly referring to piracy activity.

 

 

The filmmakers argue that the Redditors can be used as witnesses to show that Grande failed to properly implement a repeat infringer policy, with that failure acting as a draw to potential subscribers.

 

Reddit again refused to identify its users, arguing that the right to anonymous speech outweighs the interests of the film companies. Reddit does not deny that its users are relevant, but the company stresses that the information sought by the filmmakers can also be obtained from other sources.

 

Among other things, Reddit refers to the filmmakers’ statement that they had already obtained a list of the 118 top pirating IP addresses from Grande. While initial attempts to contact those people didn’t lead to useful information, the filmmakers didn’t subpoena these potential witnesses.

Court Protects Redditor’s Right to Anonymous Speech

After reviewing arguments presented by both sides, the motion to compel was denied by the court. This means that Reddit doesn’t have to identify the anonymous Redditors.

 

“The court denies the motion because the plaintiffs have not demonstrated a compelling need for the discovery that outweighs the users’ First Amendment right to anonymous speech,” Judge Beeler concludes in her order.

 

The court doesn’t disagree that the Redditors could offer usable testimony. However, since the filmmakers can also obtain this information from other sources, unmasking the anonymous users would go too far.

 

Subpoenaing (some of) the 118 top pirating Grande users directly would make more sense. That information will be more recent than the rather dated Reddit comments and wouldn’t necessarily require more time.

 

“They are the top pirating IP addresses, and they are from a more recent time period: it is not obvious why subpoenaing even a subset of those addresses would not yield information at least equivalent to, if not better than, information from the six Reddit subscribers.

 

“The [Reddit] information may be relevant, but it is also attenuated: it is at best weak evidence about Grande’s insufficient policy regarding repeat infringers or its appeal to pirating subscribers,” Judge Beeler adds.

 

In addition to the five Reddit ‘witnesses’ who made general piracy-related comments about Grande, the filmmakers singled out a 12-year-old comment from the user “xBROKEx”, who specifically mentioned having pirated the movie The Expendables.

 

This comment could, in theory, provide evidence for a direct copyright infringement lawsuit. However, Judge Beeler treated this person as a witness because the filmmakers failed to make a prima facie copyright infringement case against this person.

 

All in all, the denial means that the identities of the six Reddit users won’t be shared with the filmmakers. While the users aren’t accused of any wrongdoing, not being dragged into a copyright dispute through the side door is likely to be a relief.

 

The filmmakers, meanwhile, have to find other ways to obtain the required information. Whether they will try to get information from Reddit again in the future is unknown. If they do, they would likely have to seek a new approach.

 

—

 

A copy of U.S. District Court Magistrate Judge Laurel Beeler’s order on the motion to compel is available here (pdf)

 

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only.

 

These torrent download statistics are only meant to provide further insight into the piracy trends. All data are gathered from public resources.

 

This week we have three newcomers on the list. “Guardians of the Galaxy Vol. 3”, which came out as a high-quality pirate release, is the most downloaded title.

The most torrented movies for the week ending on July 31 are:

Movie Rank	Rank last week	Movie name	IMDb Rating / Trailer
Most downloaded movies via torrent sites
1	(3)	Guardians of the Galaxy Vol. 3	8.2 / trailer
2	(…)	The Little Mermaid	7.2 / trailer
3	(1)	The Flash	7.0 / trailer
4	(2)	Transformers: Rise of the Beasts	6.3 / trailer
5	(…)	Hidden Strike	5.5 / trailer
6	(4)	John Wick: Chapter 4	8.0 / trailer
7	(5)	Fast X	6.1 / trailer
8	(6)	Avatar: The Way of Water	7.8 / trailer
9	(9)	The Super Mario Bros. Movie	7.3 / trailer
10	(…)	Barbie	7.5 / trailer

 

 

Note: We also publish an updating archive of all the list of weekly most torrented movies lists.

 

For more than a decade, Sky has found its ISP division named as a respondent in injunction applications filed at the High Court in London.

 

With the aim of reducing availability of pirated content, U.S. movie studios, recording labels, publishers, and more recently gaming company Nintendo, have named Sky and rival ISPs including Virgin Media, BT, TalkTalk, Plusnet and EE, as facilitators of their customers’ piracy habits.

 

The adversarial nature of such applications has long given way to a process that establishes ongoing infringement, formalizes the ISPs’ knowledge of that infringement, and then considers them ‘innocent infringers’ required to prevent infringement using various blocking measures.

 

Those who obtain the blockades insist they’re effective, hence the dozens of requests and thousands of online locations blocked over the last 13+ years.

Sky as Both Applicant and Respondent

As a content producer and owner in its own right, Sky is an enthusiastic supporter of ISP blocking. When the MPA obtained a High Court injunction to block cyberlocker platform Mixdrop in early 2022, Sky joined the MPA as an injunction applicant, with Sky’s ISP division one of several ISP respondents, some of them content distributors in their own right.

 

In an article published Sunday, the Financial Times reported that Sky obtained another High Court blocking injunction last week, to protect its own broadcasts. The injunction reportedly has two aims, the first being to compel ISPs (including the one it operates) to block piracy services streaming its “best selling football games” to the UK public at a cut-down price.

 

The specifics of blocking programs are a tightly guarded secret; the Premier League and most major ISPs previously convinced the High Court that any disclosure could help to facilitate infringement of the Premier League’s rights, and/or help pirates circumvent High Court orders. With that established, it’s no surprise that the report doesn’t elaborate on what Sky will be able to block after winning the injunction last week.

 

That being said, the mention of “best selling” football games logically leads to Premier League matches, which are usually subject to blocking injunctions obtained directly by the Premier League itself and renewed each season at the High Court. That raises the interesting prospect of a potential changing of the guard.

Injunction Has a Novel Feature

Whether Sky is preparing to take responsibility for protecting Premier League matches in the form of its own broadcasts is currently unknown, but another aspect of the injunction is perhaps even more interesting. Again, no specifics have been made public and that’s unlikely to change, but it’s being claimed that the injunction will also seek to protect some of Sky’s linear TV channels.

 

After a “third-party group” identifies the sources of the illegal streams, Sky will be able to “shut down individual pirate sites at certain times” by issuing blocking instructions to the other ISPs named as respondents in the injunction. The Ashes on Sky Sports Cricket and House of the Dragon when airing on Sky Atlantic, are cited as two possible examples.

So What’s the Big Blocking Plan?

While even the most closely guarded secrets tend to leak out eventually, right now the specifics of the injunction are shrouded in mystery beyond the details above. However, by using information available to us right now, it’s possible to formulate a small number of potential theories, with one standing out as the most logical.

 

As previously reported, Sky (the ISP division) previously provided the Premier League with considerable inside information relating to the servers its customers consumed most bandwidth from at specified times, knowing that there was a good chance these were servers offering ‘pirate’ streams.

 

For obvious reasons, this raised eyebrows in respect of privacy, but documents discussing the program, seen by TF, indicate the mechanism is viewed in a particular way. Sky shouldn’t be considered as monitoring customers’ IP addresses, what they consume or from where. The focus should be placed at the other end instead; the IP addresses operated by pirate services and the volume of content they send to Sky’s internet customers.

Bringing More Blocking In-House Could Make Sense

With that subtle but legally significant difference in mind it’s not difficult to see how that situation might improve, should Sky itself become the holder of an injunction to protect its own content. Using technical information from its own ISP, to protect its own content, not just that of a third party like the Premier League, could be considered entirely normal.

 

We don’t know if that’s the case here, or if Sky still shares this type of information externally. But if it did, it would make sense to bring everything in-house and make better use of the monitoring already carried out to facilitate Premier League match blocking. That intelligence could then be used to protect scheduled TV content that Sky also owns, at the same time, at minimal cost.

 

It’s important to note that blocking Premier League content requires perpetual monitoring of many pirate IPTV services, even when matches aren’t being played. Widening the range of content to be blocked using information already being collected in that process would be a more effective use of resources.

 

Furthermore, IPTV blocking doesn’t mean blocking just a channel or two, it means blocking entire pirate services, so it’s not hard to see how blocking on match days a few days apart could be interspersed with blocking TV shows. Timed nicely, that could effectively mean the blocking of all known pirate services, perpetually. If presented as such in an application, that could lead to the court having reservations; as a welcome side-effect, it doesn’t get much better than that.

 

Whatever the plan, a scenario like that must be the end game, not just for Sky, but for all companies involved in TV content production and distribution. Aiming for anything less would mean pirate streams remaining viable and the overarching plan leaves no room for that.

 

In October 2021 when DISH Network filed yet another lawsuit against a pair of IPTV sellers in the United States, nothing stood out as particularly unusual.

 

The lawsuit named Kevin Hibdon and James Meadows, the alleged operators of Louisville Media Box, a local one-stop-shop catering to the community’s pirate IPTV needs.

 

Based on a simple Google search, the good people of Kentucky and indeed residents of any town or city on the planet, would’ve had no problem finding the business. It dominates search results, even today.

 

 

It’s possible that DISH Network discovered Hibdon and Meadows using a search engine, but it would make for a much better story had they’d heard or seen local celebrity @ShannonTheDude promoting the business on 95.7 QMF and 100.1 WKQQ weekdays 3-7pm and Kentucky Sports Radio 9-noon. Or on Twitter.

DISH and Sling Spoil the Party

On October 28, 2021, DISH and partner Sling filed a complaint at a Western District of Kentucky court. Targeting Hibdon and Meadows individually and collectively as Louisville Media Box, the plaintiffs claimed that the pair illegally broadcasted and resold their exclusive content through their own range of pirate streaming boxes.

 

The plaintiffs alleged that in doing so, the men repeatedly violated the DMCA. Count one claimed the men circumvented Sling’s technological measures, in violation of 17 U.S.C. § 1201(a)(1)(A). Count two alleged the pair trafficked in circumvention technology and services, in violation of 17 U.S.C. § 1201(a)(2).

 

Both men answered the complaint in November 2021. Their responses consisted mostly of denials, quite a few statements indicating a lack of knowledge, a scattering of affirmative defenses, and a concession that the plaintiffs had indeed sent cease and desist letters in both April and June 2021.

Meadows Wanted No Part of the Lawsuit

DISH served Meadows with its first set of interrogatories and requests for production on December 9, 2021, and followed up with a second set in February and March 2022. Meadows’ “wholesale refusal” to participate in the discovery process was problematic for DISH and also for his own counsel, who asked to be excused from his defense duties in April 2022.

 

A joint telephone conference was held on April 11, 2022, to discuss Meadows’ lack of cooperation in the presence of Magistrate Judge Regina Edwards. Meadows failed to participate – and then failed to comply with a court order to meet his discovery obligations.

 

After no-showing a status conference and becoming the subject of a third order, Meadows faced the threat of a default judgment. Surprisingly he then attended a show cause hearing, after which the court issued a fifth order insisting that he should take the discovery process seriously, or else.

Too Busy Selling Pirate IPTV to Respond

Early November 2022, DISH and Sling found themselves attempting to communicate with Meadows again. Contrary to any normal expectations, Meadows was apparently still in the pirate IPTV business, still violating the DMCA, and now in receipt of yet another cease-and-desist letter.

 

 

The plaintiffs’ letter complained about sales and support for an Android device known as Tanggula Box (also available on Amazon) and how it utilizes a service that provides DISH or Sling programming obtained after circumventing the company’s DRM. If we recall, both men were accused of circumventing DRM and trafficking in DRM circumvention devices.

 

The wall of text in the cease-and-desist seems standard enough, at least until consumed in manageable pieces:

 

Your involvement with regards to the Service, including your trafficking in the Service, STB, PSDs, Apps, Subscriptions and/or Device Codes, violates federal law including the Digital Millennium Copyright Act, 17 U.S.C. S 1201 (“DMCA”).

 

The DMCA prohibits circumvention of technological measures that control access to copyrighted works, such as the DRMs implemented technological measures that control access to copyrighted works, such as the DRMs implemented by DISH and Sling that are circumvented to obtain the Programming that is retransmitted without authorization on the Service.

 

You violate [the trafficking] provision of the DMCA through your involvement with, and trafficking in, the Service because at least part of the Service is designed, produced, and has no purpose or use other than to circumvent the DRMs that protect the Programming.

 

The key takeaway here is that while the men were accused of trafficking in circumvention devices, they were also accused of direct circumvention. There’s no mention of circumvention here.

 

It’s also worth highlighting that in the original complaint under the heading “Unauthorized Rebroadcasting of Plaintiffs’ Programming” it was alleged that one of “defendants’ streaming services” was PrimeStreams. A separate lawsuit against PrimeStreams was dismissed in mysterious circumstances earlier this year and as far as we’re aware, no mention was made of Hibdon or Meadows in that matter.

Meadows Refuses to Comply

Despite being given the opportunity to dig into the complaint, Meadows failed to respond to the cease and desist. He followed that up with zero cooperation towards discovery.

 

Meadows had discussed producing documents with the court, including tax returns, set-top box sales records, and banking records. Production of information related to transfers of money to China, from where devices and content appear to have been acquired, also seemed to be on the agenda.

 

Then in an email to the plaintiffs’ counsel late November 2022, Meadows said that he was sorry he had been unable to help DISH more. The reason for that as per the email, is that Meadows and his family were “being threatened with death” and he would rather lose the copyright lawsuit than have his wife or his children “murdered.”

 

In response and in part due to his absence, the court struck Meadows’ answer and entered default against him. The plaintiffs demanded $7,424,000 in statutory damages and an injunction. Evidence to support that came in the form of Meadows’ financial records (how or where from is unclear), which claimed to show 7,424 violations of the DMCA, a figure that was later reduced to 5,816.

Hibdon Checks Out

Early March 2023, via an agreed motion for final judgment and permanent injunction, Hibdon left the lawsuit behind. Judgment was entered against Hibdon on count two of the complaint, trafficking in circumvention devices. No mention was made of count one, circumvention itself.

 

Via the agreed motion, the plaintiffs were awarded damages of $1,102,500 against Hibdon, and he was enjoined from redistributing, retransmitting, distributing, copying, reproducing, selling, marketing, and a dozen other acts related to the plaintiffs’ content, ever again.

Report and Recommendation

In a report and recommendation dated July 21, 2023, Magistrate Judge Regina Edwards presents a recap of the case thus far which at times feels somewhat puzzling.

 

When viewed from an obtuse angle, references to “rebroadcasting” the plaintiffs’ content “through their own streaming boxes” could suggest that set-top box receiving devices are also able to transmit. Even with some room for maneuver, it could imply that original streams were illegally obtained by the pair and then redistributed to their customers.

 

The judgment against Hibdon makes no mention of anything like that and appears to rely solely on sales of set-top boxes, aka trafficking. That wouldn’t make much sense if illegal streams were actually being obtained by the pair and then rebroadcasted.

 

The report notes that to succeed in their circumvention claim, the plaintiffs must show that a) they deployed technical measures to protect their work and b) Meadows worked to defeat them.

 

“Despite Plaintiffs’ DRM security, the Complaint states that Defendants sold devices, pre-loaded with access codes, that would circumvent these measures and retransmit Sling Programming without Plaintiffs’ authorization,” the report notes.

 

And here we are again; transmitting receivers.

 

Set-top boxes pre-loaded with access codes, that are able to defeat DRM, do actually exist. However, the claim that set-top boxes retransmit Sling’s programming is not explained in any detail. In a peer-to-peer system like BitTorrent, that might make sense, but in this context makes almost none.

 

Nevertheless, since the plaintiffs claimed to have observed unique identifiers in their content viewable on the set-top boxes, the report found that evidence enough of Meadows himself having circumvented the plaintiffs’ DRM, in violation of the DMCA, something it appears Hibdon did not.

Damages Recommendation

On trafficking in circumvention devices, Meadows didn’t stand a chance. Failing to turn up to defend himself didn’t help, neither did an earlier comment to the plaintiffs along the lines of “Go get your default.”

 

It was originally alleged that Meadows committed 7,424 violations of the DMCA. If he’d attended court he could’ve done the work the Judge was good enough to do for him. The manner in which some violations were considered or calculated led to the plaintiffs reducing violations down to 5,816 and damages to $5,816,000, considerably less than the $7,424,000 amount originally requested.

 

Ultimately a review by the Court found that ‘only’ 5,735 violations were considered valid, leading to a recommendation of a $5,735,000 default judgment and a permanent injunction, in part because “Meadows has brazenly continued to sell these codes after this suit commenced.” (pdf)

 

In the face of what is likely to be a ruinous end to this lawsuit, it’s difficult to fathom what would drive someone to openly continue the same conduct before the axe has fallen. What makes even less sense is having @ShannonTheDude promote the business on public radio and then announce a huge influx of new members.

Whether it’s the fresh Kentucky air, a high concentration of invisible bourbon fumes, or something else, that’s not one but three lawsuits in Kentucky involving the same plaintiffs, plus IPTV providers, and sellers, that took an awfully long time to conclude, yet still managed to end up making very little sense.

 

Last fall, a Texas federal jury found Grande Communications liable for willful contributory copyright infringement and ordered the ISP to pay $47 million in damages to a group of record labels.

 

District Court Judge David Ezra confirmed the judgment in January. This was a clear mistake, according to Grande, which hoped to have it overturned.

Do-Over Denied

In March, the Internet provider filed a renewed motion for judgment as a matter of law. Put simply, Grande wanted the Judge to overrule the jury. This is warranted if the evidence clearly weighs in favor of the requesting party but when a jury finds otherwise.

 

If that was not an option, the ISP asked the court for a new trial to allow the piracy liability issues to be raised again before a new jury.

 

U.S. District Court Judge David Ezra reviewed the motion but eventually denied both requests. According to the Judge, there was nothing wrong with the jury verdict and the court didn’t make any clear errors either.

 

“Neither Grande’s legal nor evidentiary arguments warrant judgment as a matter of law or a new trial,” Judge Ezra’s conclusion read.

Appeal Without Bond

With dozens of millions in damages on the line, Grande wasn’t planning to let the issue go. The ISP filed an appeal at the Fifth Circuit which is just getting started.

 

To save costs, the ISP requested to postpone the damages payment until the appeal concludes. Such a request is not unique, but Grande additionally asked the court to waive the bond it would have to post.

 

Courts can allow such postponements in extraordinary circumstances, when there’s no doubt that the losing party can easily pay their dues at a later stage, for example.

 

According to Grande, the company and its parent Astound have plenty of financial resources to enable payment when the time comes. The company further notes that posting a bond for the full $47 million judgment is a ‘waste of money’, as that would cost millions.

 

“Requiring Grande to post bond or other security when there is no dispute as to Grande’s financial security would be a ‘waste of money.’ A bond for the full amount of the current judgment would cost Grande approximately $4 million per year.

 

“Because Grande is capable and will continue to be capable of satisfying the judgment, it would serve no legitimate purpose to require Grande to incur this substantial annual expense, which would benefit the issuer of the bond and no one else.”

Music Companies Oppose

The request sounds straightforward, but the music companies have a different take on the matter. They don’t want the bond waived and point out that Grande’s current stance is contrary to the one it took at trial.

 

The ISP now highlights the financial backing of its parent, the Astound group, but previously asked for Astound’s financial strength to be excluded from the trial.

 

“The Court’s ruling excluding this evidence was based on the adamant representations of Grande’s counsel that Grande is an independent entity from Astound and that Astound’s finances were wholly irrelevant to this case,” the music companies note.

 

“Grande now argues that it should be permitted to ride Astound’s financial coattails and rely wholly on Astound’s present-day assets and revenues to avoid this automatic procedural rule and waive the bond requirement that applies to every defendant that loses at trial.”

 

The music companies ask the court to deny Grande’s request, arguing that the company fails to provide evidence to demonstrate its own financial position.

 

Grande’s comments about the “waste of money” are not sufficient either according to the plaintiffs. This argument is backed up by a statement by Astound’s Chief Financial Officer, but that is self-serving and lacks proper documentation, the music companies counter.

Post The $47m Bond, Or Else

After reviewing the arguments from both sides, Magistrate Judge Dustin Howell agreed with the music companies, denying Grande’s request to waive the bond.

 

In addition, Judge Howell grants the music companies cross-motion, which requires the Internet provider to post the required $47 million bond within two weeks. Failure to do so means that the company must pay the full damages amount right away.

 

 

—

 

A copy of U.S. Magistrate Judge Dustin Howell’s order is available here (pdf). Grande’s original motion and the opposition from the music companies can be found here (1, 2)

 

Unanimously approved by the Chamber of Deputies back in March and then unanimously approved by the Senate earlier this month, Italy’s new anti-piracy law has just been unanimously approved by telecoms regulator AGCOM.

 

In a statement published Thursday, AGCOM welcomed the amendments to Online Copyright Enforcement regulation 680/13/CONS, which concern measures to counter the illegal distribution of live sports streams, as laid out in Resolution 189/23/CONS.

 

The new provisions grant AGCOM the power to issue “dynamic injunctions” against online service providers of all kinds, a privilege usually reserved for judges in Europe’s highest courts. The aim is to streamline blocking measures against unlicensed IPTV services, with the goal of rendering them inaccessible across all of Italy.

 

“With such measures, it will be possible to disable access to pirated content in the first 30 minutes of the event broadcast by blocking DNS resolution of domain names and blocking the routing of network traffic to IP addresses uniquely intended for illicit activities,” AGCOM says.

 

 

Dated July 14, 2023, the law (LEGGE 14 luglio 2023, n. 93) underpinning the new measures will come into force on August 8, at which point AGCOM says it will be able to disrupt the pirated broadcasting of all events transmitted live, whether sport-related or otherwise.

 

“With this amendment, in perfect synchrony with the changes introduced by Parliament, AGCOM is once again at the forefront of the European scene in combating online piracy activity,” says AGCOM Commissioner Massimiliano Capitanio.

 

Nationwide dynamic blocking measures aren’t the only changes heading Italy’s way.

Penalties For Challenging AGCOM’s New Powers

When AGCOM issues blocking instructions to service providers, their details will be passed to the Public Prosecutor’s Office at the Court of Rome.

 

After carrying out AGCOM’s instructions, those providers will be required to send a report “without delay” to the Public Prosecutor’s Office. It must detail “all activities carried out in fulfillment of the aforementioned measures” along with “any existing data or information in their possession that may allow for the identification of the providers of the content disseminated abusively.”

 

In other words, ISPs will be expected to block pirates and gather intelligence on the way. Failure to comply with the instructions of AGCOM will result in a sanction as laid out in LEGGE 31 luglio 1997, n. 249 (Law 249 of July 31, 1997); an administrative fine of 20 million lira to 500 million lira, or in today’s currency – €10,620 to €265,000.

 

Those involved in the supply/distribution of infringing streams will now face up to three years in prison and a fine of up to €15,000. That’s just €5,000 higher than the minimum punishment intermediaries risk should they fail to follow blocking instructions. Notably, it’s still €250,000 less than the maximum fine a service provider could face if they fail to block piracy carried out by actual pirates.

Watch Pirate Streams? There’s a Fine For That

Unlike the United States where simply consuming pirated streams probably isn’t illegal, in 2017 the Court of Justice of the European Union confirmed that consuming illicit streams in the EU runs contrary to law.

 

With new deterrents in place against operators of pirate services and otherwise innocent online service providers, Italy has a new deterrent for people who consume pirated streams. From August 8, 2023, they risk a fine of up to €5,000. At least on paper, that has the potential to become quite interesting.

 

IPSOS research carried out in Italy over the past few years found that roughly 25% of the adult population consume pirate IPTV streams to some extent during a year.

 

Italy has a population of around 59 million so even with some aggressive rounding that’s still a few million potential pirates. How evidence of this offense can be obtained and then attributed to an individual is unclear.

 

Presumably, the intent is to target people who buy IPTV packages, but in any event, the overriding aim is to deter any involvement in illegal streams, no matter where they begin, or where they end.

 

There are thousands of pirate sites on the Internet but only a few will receive a permanent entry in the history books. That includes Sci-Hub.

 

Founded by Kazakhstani computer programmer Alexandria Elbakyan, the shadow library provides free access to millions of academic publications. As such, it’s an essential tool for less privileged students and researchers around the world.

Tearing Down Paywalls Since 2011

Without Sci-Hub, many academics would be unable to complete their research projects. This all comes at the detriment of the profits of major publishers, but many argue that’s an easy tradeoff to make.

 

Alexandra knows this from experience. She started Sci-Hub after running into accessibility problems more than a decade ago while studying at a less fortunate university.

 

“When I was working on my research project, I found out that all research papers I needed for work were paywalled. I was a student in Kazakhstan at the time and our university was not subscribed to anything,” Alexandra told TorrentFreak years ago.

 

Today, Sci-Hub continues to tear down academic paywalls but that comes at a cost. Sci-Hub has been sued several times and owes millions in damages to major publishers. In addition, Elbakyan also drew the attention of the FBI.

 

Instead of throwing in the towel, Sci-Hub’s founder continues to defend her ideals. They’re a thorn in the side of major publishers, but on the other side of the debate, Elbakyan reaps praise.

EFF Award

This week, the Electronic Frontier Foundation (EFF) announced that Sci-Hub’s founder will receive an award for her accomplishments in advancing access to scientific knowledge.

 

EFF’s awards are presented to people who have taken a leading role in the fight for freedom and innovation online. The previous winners include Internet pioneer Vint Cerf, Linux creator Linus Torvalds, and whistleblower Chelsea Manning.

 

 

According to EFF, Elbakyan deserves the award as her life’s work enables millions of people to access scientific knowledge that would otherwise exist beyond their financial reach.

 

“Sci-Hub is used by millions of students, researchers, medical professionals, journalists, inventors, and curious people all over the world, many of whom provide feedback saying they are grateful for this access to knowledge.

 

“Some medical professionals have said Sci-Hub helps save human lives; some students have said they wouldn’t be able to complete their education without Sci-Hub’s help,” EFF adds.

The Real Threat?

EFF also highlights that Elbakyan’s work helps to challenge the current academic publishing system, where researchers are used as unpaid workhorses.

 

“Through Sci-Hub, Elbakyan has strived to shatter academic publishing’s monopoly-like mechanisms in which publishers charge high prices even though authors of articles in academic journals receive no payment,” EFF writes.

 

Elbakyan previously said that academic publishers are the real threat to the progress of science as they keep scientific progress and findings behind closed doors, instead of sharing knowledge freely as Sci-Hub does.

 

 

In addition to Elbakyan, the digital rights group will also present awards to the Library Freedom Project and the Signal Foundation for their achievements.

‘I Am Sci-Hub’

Sci-Hub’s founder is pleased with EFF’s acknowledgment, although the initial plan to give the award to the Sci-Hub website, rather than her personally, wasn’t well received.

 

“It was really disgusting to read they ask me to accept their EFF Pioneer award ‘on behalf of Sci-Hub’,” Elbakyan said in response two weeks before the awards were officially announced.

 

“Why did not they want to give the award to me directly? Sci-Hub is my sole creation; it is not an organization and never had any team. In 1998 they awarded Torvalds, not Linux,” she added.

 

That commentary apparently made EFF reconsider its plan. The award now goes to Elbakyan directly and it will be officially handed out at the awards ceremony in San Francisco this coming September.

 

EFF previously recognized that it may be challenging for Sci-Hub’s founder to attend the ceremony in person, noting that there are secure methods of communication available in case she prefers to accept it virtually instead.

 

Sky has fought piracy mechanisms of all kinds over the years. From set-top box modifications to viewing card tampering, blocking, even full PC-based emulation, the pay TV company has seen it all.

 

Exploits that are relatively easy to pull off and work at scale are considered serious threats. Last month we reported on the sale of Sky encryption keys on platforms including Telegram. That type of thing has been going on for some time, but over the space of a few days, direct URLs to watch Sky content in the UK, Italy, and Germany, were posted online and inevitably began to spread.

Free Decryption Key Extractors

This week a related problem was observed by intelligence and investigations company, Kopjra S.r.l. Working as a Sky anti-piracy partner in Italy, Kopjra sprang into action after spotting software uploaded to GitHub by a user who only signed up this month.

 

The user account ‘TAJLNsScripts’ was created in early July and currently focuses on video platform-related tools. The first script causing concern at Sky was written in Python and claims to allow users to log in to Now TV via a terminal window, browse the platform’s content, and then obtain decryption keys for both VOD content and live TV.

 

 

A second repository named ‘SkyGo-Drm-Solution’ offered a Python script with features broadly in line with the VOD capability of its Now TV-focused namesake. In order to function, the tool requires users to take an extra step using a specific cookie culled from Sky’s platform.

 

While still a concern for Sky, the extra steps and the question of what to do with the keys once obtained, are likely to put off most people from venturing further. For people with a rudimentary understanding of how these things work, nothing here is particularly difficult either.

 

The broad underlying concern is that these scripts and others like them exploit a fundamental weakness that a) can’t be easily fixed and b) goes way beyond Sky. It’s a fairly sensitive topic, to put it mildly.

Kopjra’s Aggressively-Worded DMCA Takedown

After identifying itself as representing Sky UK, Kopjra informed GitHub via a DMCA notice that the tools allow for the decryption of Sky content otherwise protected by Widevine DRM.

 

“This activity is manifestly illicit, and it represents a violation of our Client’s exclusive intellectual property rights (COPYRIGHT) on the Asset, given that our Client has never authorized – neither intends to authorize – any of the Page/s displaying contents concerning the Asset,” the notice reads.

 

“In consideration of the above, we formally invite you to immediately remove – within 24 hours of receipt of this letter – the above-mentioned Page/s, to disable access to users and cease any further publishing of any content concerning the Asset on the Page/s.”

 

 

As the image above shows, the scripts in question were uploaded to GitHub roughly three weeks ago. The first and second repo were both created on July 8, approximately six minutes apart. Both had obvious topic tags and were very easy to find from the beginning.

 

After being publicly exposed for a considerable time, removing the software was presented as an emergency matter, with Kopjra informing GitHub that anything short of immediate compliance would render the coding platform liable for losses.

 

“We bring to your attention that, in case of failure to comply with the above requests, you will be deemed directly responsible for the persisting infringement of our Client’s intellectual property rights as well as for the consequent damages (both economic and non-economic) suffered and that can be suffered in the future,” the notice warned.

GitHub Removes Software

The DMCA takedown notice published by GitHub shows that the developer of the software was given an opportunity to make changes to their code, provided with advice on how to submit a counternotice, and directed towards GitHub-supplied legal resources.

 

These steps are part of GitHub’s commitment to supporting developers following the attempted takedown of youtube-dl in 2021. The commitment doesn’t imply that GitHub endorses a developer’s work, but the company does believe that coders should have the freedom to tinker.

 

What response was received by GitHub, if any, isn’t detailed in the notice, but the end result was both repositories being disabled along with several forks. The developer’s account was not suspended due to the takedown notice, but it now contains just three repos rather than the original five.

 

 

For Sky and its anti-piracy partners, this represents just one of many takedowns filed already this month, mostly hoping to make sites and services much harder to find.

Continuous DMCA Notices

Sky has several anti-piracy partners and they are always kept busy tackling various threats. Takedown notices targeting pirate IPTV services, their sales portals in particular, are sent to Google on a regular basis. The strategy includes making numerous claims in respect of different types of infringement.

 

For example, notices like these (1,2) claim that infringing links to copyrighted content are provided by the sites in question, but very rarely are any links included in takedown notices. To avoid the notices being rejected, they carry additional claims that the sites display Sky’s logos without permission. Since that’s usually the case and is easily proven, these takedowns can be effective.

 

Sky isn’t simply a broadcaster, though, it owns content too. That leads to takedown notices like this which target sites that directly host movies and TV shows, or allow them to be streamed via their platforms.

 

Like many similar companies, Sky has to deal with a persistent threat from piracy apps, usually in the form of Android APK files offered on various sites. They are tackled with notices like this, while platforms offering DRM keys are dealt with in broadly the same way.

 

Image credit: Pixabay/TheDigitalArtist

 

In 2021, the RIAA secured a major victory in its piracy lawsuit against YouTube-rippers FLVTO.biz and 2conv.com, and their Russian operator Tofig Kurbanov.

 

A Virginia federal court issued a default judgment in favor of the RIAA, which represented several prominent music companies.

 

Following this win, the RIAA demanded $83 million in damages for the widespread copyright infringement that allegedly took place through the sites. The request was met with heavy opposition from Mr. Kurbanov, but last year it was granted nonetheless.

 

The RIAA, which described the legal battle as a landmark case, was happy with the outcome. As it stands, it will act as a deterrent against similar stream-rippers and other potentially infringing sites. However, the case is not over just yet.

$83 Million Appeal

While Mr. Kurbanov previously walked away from the U.S. court battle, he may choose to keep on fighting. In a new filing submitted yesterday, a challenge against the piracy liability ruling and damages award was docketed at the Court of Appeals for the Fourth Circuit.

 

 

The appeal doesn’t come as a complete surprise. More than a year ago, Kurbanov’s legal team already signaled their intention to challenge the verdict. A notice of appeal was filed in March 2022, but it took more than a year before the case was formally docketed.

 

TorrentFreak reached out to the defense’s team for a comment on their plans, but they didn’t immediately reply. Since quite a bit of time has passed, and considering Kurbanov’s previous change of heart regarding U.S. courts, anything could happen.

Questions Remain, Traffic Slides

Last year, defense lawyer Val Gurvits informed us that his client intended to challenge the fact that the sites are being held liable for millions of dollars in damages, without having to present concrete evidence of copyright infringements that allegedly took place in the United States.

 

“If the record companies can really get multi-million dollar judgments without having to prove a single instance of infringement within the United States, then no one who operates a website is safe,” Gurvits said at the time.

 

Whether this is still the plan remains unclear. If the operator of the YouTube rippers does decide to proceed with the appeal, an opening brief could be expected later this year, with the RIAA to respond after that.

 

Meanwhile, the contested YouTube rippers are still online. Their traffic has been decimated, however, in part because the sites voluntarily blocked all traffic from the United States.

 

When the RIAA filed its lawsuit five years ago, FLVTO.biz had an estimated 94 million visits per month and 2conv.com pulled in around 23 million monthly visits. Today, these visitor numbers have dropped to 3 million and 2 million visits, respectively.

 

Historically, the domain name WHOIS system has been an important tool to track down the operators of pirate sites and services.

 

While WHOIS data is not always accurate, it is still helpful in holding site operators accountable, at least when the information is available for access.

 

In recent years, access to domain registration information has often been restricted. This change is in large part the result of EU General Data Protection Regulation (GDPR), a privacy law that limits the availability of personal information in public databases.

 

In response to the law, domain name oversight body ICANN implemented a measure to restrict access to personal WHOIS data for gTLDs, unless explicit permission is granted. This was a welcome privacy upgrade for many domain registrants, but anti-piracy groups were not happy.

.US WHOIS Restrictions

Copyright holders have complained about the stricter privacy rules but were pleased to see that these didn’t apply universally. The .US ccTLD, for example, which falls under the oversight of the United States Department of Commerce’s NTIA, remains publicly accessible.

 

Public access helps enforcement efforts but also has some drawbacks. Since anyone can access the private details of domain registrants anonymously, the information can be used to spam, phish, or dox people.

 

To reduce the potential for abuse, NTIA and its contractor GoDaddy are proposing to limit anonymous access to .US registrant data and make information seekers accountable too.

 

“In response to concerns about the potential for abuse of usTLD registrant data, NTIA is considering a proposal from its Contractor to create an Accountable WHOIS Gateway System to provide public access to usTLD registrant information,” NTIA noted.

 

“The System would require those seeking access to the usTLD registration data to provide their name, an email address, and to accept the Terms of Service (TOS).”

 

RIAA Opposes WHOIS Shield

Earlier this year, NTIA asked the public for input on this proposal. As expected, that triggered opposition from various parties including the music industry’s anti-piracy watchdog, RIAA.

 

In response to the proposal, RIAA points out that EU privacy regulation and proxy registration services for many top-level domains have made it virtually impossible to obtain accurate registrant data for anti-piracy purposes.

 

The .US TLD is a rare exception, which is also apparent in the abuse numbers. Pirate sites tend to avoid .US domain names, presumably because WHOIS data is publicly available.

 

“We have seen much less copyright infringement on sites with .us domains than on those in the gTLD space,” RIAA writes.

 

This statement is backed up by figures showing that copyright infringement through .US domain names is trending down in recent years, while it has increased on .COM domain names.

 

 

WHOIS data is not only important to catch pirates, RIAA writes. It can also be helpful to other investigators, including law enforcement agencies, who also deal with online harms.

 

At the same time, RIAA suggests that the harm faced by registrants is minimal. At least, the organization is not aware of any concrete examples where public .US WHOIS information has caused any problems.

 

“[W]hile we have heard of anecdotal evidence of harm to registrants generally, we don’t know of any documented, verifiable, widespread, pervasive harm to .us registrants caused by publicly available registrant data.”

Why Change?

NTIA doesn’t propose to make it entirely impossible for rightsholders and other interested parties to obtain WHOIS data. Instead, it wants to hold WHOIS data seekers accountable, by asking them for their information as well.

 

This shouldn’t prevent RIAA and other rightsholders from accessing WHOIS records, but the RIAA sees no reason to change the status quo.

 

“Given the steep rise of cyber problems since the WHOIS data for gTLDs was masked, and the challenges such masking has caused to those combatting those problems, we don’t understand why .us would change its current policies.

 

“Accordingly, the current system of access to usTLD domain name registration data should remain unchanged, and we do not support efforts to create unnecessary gates around registrant data,” RIAA adds.

 

If NTIA decides to block unlimited and anonymous access to WHOIS data, RIAA notes that copyright holders should be granted free and immediate access. In addition, WHOIS data should be vetted through ‘know-your-customer’ requirements, while corporate domain registrations should remain publicly accessible.

 

—

 

A copy of RIAA’s full response to the NTIA’s proposal was published this week and is available here (pdf)

 

For the last 40 years the Motion Picture Association has regularly highlighted the damage caused by in-theater recordings of the latest movies. And quite rightly so.

 

So-called ‘cam’ copies appear online within hours of movies first appearing in theaters, yet as piracy releases go, cams are unique in their ability to disappoint just about everyone. Not only do these often potato-quality copies somehow eat away at the box office, but filmmakers’ work is often reduced to a smear, and that disappoints pirates too.

 

The fact that unlicensed gambling ‘companies’ continue to use cams as a promotional vehicle leaves few obvious grounds to argue that the majority of cams benefit anyone at all. Yet camming persists in a number of countries, despite intense pressure from the United States demanding meaningful action against it.

 

In-theater camming contributed to India being placed on the USTR’s Priority Watch List and the question now is whether a long-running legal amendment process can even begin to address it.

Cinematograph (Amendment) Bill 2019

The Cinematograph (Amendment) Bill 2019 was introduced to amend the Cinematograph Act, 1952, which contained provisions for the certification of films for exhibition and for regulating exhibitions of those films.

 

Certain amendments proposed to the 2019 bill (pdf) recognized the growth of piracy in India and specifically targeted ‘cam’ piracy. It stated that “no person shall, without the written authorization of the author, be permitted to use any audiovisual recording device in a place to knowingly make or transmit or attempt to make or transmit or abet the making or transmission of a copy of a film or a part thereof.”

 

The proposals stated that violations would be punishable by a prison term of up to three years, a fine, or both

 

The bill was the subject of a Standing Committee Report published in March 2020. A copy available via PRS Legislative Research (pdf) shows that the committee heard evidence from the Motion Picture Distributors Association, Viacom 18, the Film and Television Producers Guild of India, and others.

Amended Amendments

The Standing Committee Report referenced 18 U.S. Code Section 2319B, the United States’ anti-camcording provision, which also provides for up to three years in prison for a first ‘camming’ offense.

 

The Committee felt that since movies are expensive, punishments should be reviewed in an upwards direction. Somewhat remarkably, the Committee also raised doubts over the bill’s ability to counter the piracy that takes place inside India’s Censor Board.

 

Throughout the process, concerns were raised over a number of issues. They included fears of potential overreach in the statement that “no person shall be permitted to use any audio-visual recording device…,” which could include the use of a mobile phone, for example. Other debates centered on whether broadly defining recording “in a place” or more specifically an “exhibition facility” would be better or worse, or vice-versa.

 

A clear definition for the word “knowingly” was sought to establish mens rea while the reference to recording a movie “or a part thereof” raised questions over punishing behavior that should be protected under fair use exceptions.

 

Calls for tougher sentencing were addressed with proposals for a minimum three-month prison sentence, a minimum fine of roughly US$3,600, and a maximum fine of 5% of the audited gross production cost of the recorded movie. Not even the United States has ventured that far.

Cinematograph (Amendment) Bill, 2023

The Union Cabinet, the supreme decision-making body in India, approved the Cinematograph (Amendment) Bill, 2023 (pdf) in April.

 

Anurag Thakur, Minister for Information and Broadcasting, predicted the bill would meet the needs of all.

 

“This Bill will live up to the expectations of the industry,” the minister said. “This Bill is going to satisfy each and every one without any controversy.”

 

The bill was introduced in the Rajya Sabha (upper house of parliament) on July 20, 2023. It includes provisions for film certification and the prospect of films being denied any kind of exhibition at all. For our purposes here we will not venture into that political quagmire, but it’s fair to say that controversy is rarely far away.

 

A PRS India summary of the section relevant to camming reads as follows:

 

The Bill prohibits carrying out or abetting: (i) the unauthorized recording and (ii) unauthorized exhibition of films. Attempting an unauthorized recording will also be an offense. An unauthorized recording means making or transmitting an infringing copy of a film at a licensed place for film exhibition without the owner’s authorization. An unauthorized exhibition means the public exhibition of an infringing copy of the film for profit: (i) at a location not licensed to exhibit films or (ii) in a manner that infringes upon the copyright law

 

When accompanied by the fines mentioned earlier, which include up to 5% of a movie’s audited gross production costs, it seems likely that the United States would’ve been quite pleased with India’s latest attempt at anti-camming legislation. And then this;

 

Certain exemptions under the Copyright Act, 1957 will also apply to the above offenses. The 1957 Act allows limited use of copyrighted content without owner’s authorization in specified cases such as: (i) private or personal use, (ii) reporting of current affairs, or (iii) review or critique of that work.

 

That fair use-style exemptionsFpurp, available under the Copyright Act 1957, will also apply to in-theater recording scenarios, seems unlikely to be viewed in the same positive light. The IIPA previously urged India to “swiftly enact legislative amendments to outlaw unauthorized recording of all or part of an audiovisual work in a cinema.”

 

Image credit: Pixabay/igorovsyannykov

 

In 2021, Sony Music obtained an injunction ordering DNS resolver Quad9 to block the popular pirate site Canna.to.

 

The injunction, issued by the District Court of Hamburg, required the Swiss DNS resolver to block its users from accessing the site to prevent the distribution of pirated copies of Evanescence’s album “The Bitter Truth“.

Quad9 Appeals Site Blocking Injunction

The Quad9 Foundation fiercely opposed the injunction. The not-for-profit foundation submitted an appeal hoping to overturn the blocking order, arguing that the decision set a dangerous precedent.

 

The DNS resolver stressed that it doesn’t condone piracy but believes that enforcing blocking measures through third-party intermediaries, that don’t host any content, is a step too far.

 

This initial objection failed; the Regional Court in Hamburg upheld the blocking injunction. However, this was only a preliminary proceeding and Quad9 promised to continue the legal battle, warning of a broad impact on the Internet ecosystem.

Sony Starts Main Proceeding

After Sony’s preliminary victory, the music company initiated a main proceeding at the Leipzig court. This was the next step in the legal process and allowed both sides to provide more evidence and expert opinions.

 

Sony, for example, referenced earlier jurisprudence where Germany’s Federal Court ruled that services such as YouTube can be held liable for copyright infringement if they fail to properly respond to copyright holder complaints.

 

Quad9’s expert, Prof. Dr. Ruth Janal, contested this line of reasoning, noting that, under EU law, DNS resolvers shouldn’t be treated in the same fashion as platforms that actually host content.

Court Confirms Blockade

After hearing arguments from both sides, earlier this year the Regional Court of Leipzig handed a win to Sony. This means that Quad9 is required to block the music piracy site canna.to. If not, those responsible face a hefty fine, or even a prison sentence.

 

“The defendant is liable as a perpetrator because it makes its DNS resolver available to Internet users and, through this, it refers to the canna.to service with the infringing download offers relating to the music album in dispute,” the Court wrote.

 

Judge Werner argues that Quad9 should have taken action when the copyright holder alerted it to a pirated copy of the Evanescence album. Its intentional failure to act makes the DNS resolver liable.

Quad9 Appeals

Quad9 characterized the decision of the Leipzig Regional Court as absurd. In essence, it ruled that a DMS resolver can be held liable for the infringements of third-party websites. This is contrary to EU and German law, according to the foundation.

 

The DNS resolver sees itself as a neutral intermediary but the court’s judgment classified it as an actual wrongdoer. This is an “absurdly extreme” decision according to Quad9, which filed an appeal at the Dresden Higher Regional Court last month.

 

Under EU and German law, DNS providers should be classified as Internet access providers, not hosting platforms. As such, they shouldn’t be held directly liable for third-party infringements.

 

“[H]osting providers or platforms through which content is made available for retrieval via the Internet are fundamentally different in terms of their technical functionality and also the provider’s ability to influence content posted by customers to operate a DNS resolver,” the appeal filing reads.

German Ruling, Global Blockade

Quad9 was already heavily disappointed by the original court ruling but then a few weeks ago, the situation took another turn for the worse.

 

Sony wasn’t happy with the geo-blocking measures taken by the DNS provider to comply with the ruling. The music company applied for an administrative fine at the Regional Court in Hamburg, arguing that the measures were ineffective.

 

According to Sony, the blocked Canna.to (and the new canna-power.to domain) site could still be reached by Germans through a VPN. In addition, users of an unnamed mobile network were also able to access the site, presumably because their traffic was routed outside of Germany.

 

Facing a €10,000 administrative fine, Quad9 felt that it had no other option than to block the pirate site globally, across its entire service.

 

“The fact that the court issued a fine meant that we had to impose the blocking at the global level,” Quad9 explains.

 

The DNS provider doesn’t agree with the fine as it has zero control over how third parties may circumvent blocking measures. However, its hands are tied and a global blockade is the only solution now.

 

Ultimately, Quad9 hopes that the lower court’s blocking order will be overturned on appeal. It will continue to fight the case, even if that takes several years.

 

“Quad9 is prepared to continue the battle for freedom of access to information and Internet sovereignty. Cases like this are typically drawn out over the course of months and years.

 

“We hope that we will ultimately prevail as we consider it to be inappropriate and disproportionate to be required to roll out blocking based on a court decision in one country to result in a global block,” Quad9 concludes.

 

—-

 

A translated copy of the appeal brief filed by Quad9’s lawyer at the Dresden Higher Regional Court is available here (pdf)

 

French football club Paris Saint-Germain holds the record for purchasing the two most expensive players in the world; Neymar for €222 million and Kylian Mbappe for €145 million.

 

In 2022, PSG reported losses of €368 million, with reports suggesting that Mbappe’s contract will end up costing the club around €630 million euros.

 

Barcelona, one of Spain’s most iconic clubs, has an average match crowd of more than 83,000 fans, but is also €1.35 billion in the red. Manchester United is almost a billion pounds in debt, and according to a recent report, the majority of all clubs in the UK are “hugely loss-making.”

Italy Goes Hard on Pirates

Italian clubs also have debt problems; Inter Milan (€390m), Roma (€271m) and Juventus (€223m), for example. Top-tier Italian football clubs, broadcasters, and the government together concluded that since piracy must be mostly to blame, nothing should be off-limits in their quest to stamp it out.

 

Earlier this month, the Italian parliament gave the green light to new legislation that authorizes telecoms watchdog AGCOM to issue legally binding orders to the country’s ISPs. On receipt of an order and without delay, ISPs must take technical measures to block piracy-facilitating internet infrastructure.

 

Concerns that the entire internet industry would be required by law to stand by to protect the business interests of multi-billion euro corporations were mostly drowned out; urgency to get the law passed by parliament was the priority. Even when ISPs described the blocking program as a “mega firewall” scant attention was paid to the risks.

ISP Association Vows to Fight For Its Sector

After the law was passed earlier this month, official documents revealed that meetings to finalize exactly how unprecedented blocking would be achieved from a technical standpoint were yet to take place, and the “single technical platform” underpinning nationwide blocking in Italy was yet to be built.

 

Gian Battista Frontera is the president of the Association of Independent Providers (Assoprovider), a trade association that represents the interests of more than 200 small to medium-sized companies operating in the internet and telecoms sector. Frontera says that despite repeated warnings and requests to consider the concerns of its members, many of whom operate in remote, low-population, and disadvantaged areas, the government failed to listen.

 

“At risk are more than 2,000 companies and more than 10,000 highly specialized workers who have been providing services for decades in the most peripheral areas of the country, in inland and mountainous areas, those considered to be market failures where large companies are not present, playing a precious and irreplaceable role with their own financial resources in bridging the serious scourge of the digital divide,” Frontera wrote recently, hoping to avert a potential “disaster”.

 

The new law was ultimately approved by both houses of parliament, but Frontera says that it won’t be effective in the fight against piracy but will instead undermine Assoprovider’s members.

 

“[The law] obliges providers, at their own expense, to intervene promptly by disabling access to illicit content,” Frontera informs Corcom

 

“These obligations imposed on providers will force companies, which have an average of three to four employees and a turnover that barely reaches 500,000 euros, to hire at least four other people to guarantee a 24-hour control service, including Saturdays, Sundays and holidays.

 

According to Assoprovider estimates, the costs of complying with the rapid blocking requirements of the law could reach 200,000 to 300,000 euros per year, an amount that will push many smaller companies into bankruptcy. Larger players will have the resources to cope, Frontera suggests; they also have a vested interest.

 

“In addition to not being effective, this law still favors large multinationals, many of which have direct interests in the streaming sector, to the detriment of small and medium-sized enterprises,” he notes.

DAZN Angers Fans With Price Hikes

While the new law in Italy will protect all ‘live’ content, it was crafted to support broadcasters and football clubs in Serie A, Italy’s top league. Based on the assumption it will drive football fans away from pirate set-top boxes (known locally as “pezzotto”) and towards companies like DAZN, subscription uptake should be considerable.

 

Yet to a background of service failures and broadcasters offering much less for Serie A broadcasting rights, DAZN has just announced considerable subscription price rises in Italy. The country’s passionate football fans are less than happy (translated).

 

 

Over the past several days, DAZN has been the subject of relentless criticism on social media. The price increases are obviously unpopular since they widen the gap between pirate and legal subscriptions when people feel the opposite is required.

 

“After the new law on #piracyonline, #Dazn triples the costs of subscriptions, 55 euros per month for a poor service full of problems. If you wanted to wage war against #pezzotto you are on the wrong track, now doing so will become a necessity,” one comment reads.

 

“Dear #DAZN, you increase the prices and I’ll subscribe to the #pezzotto . A month’s subscription to Dazn costs the same as a year of pezzotto. Adios,” adds another. Others are even more blunt.

 

 

The ‘coincidence’ between the new law being passed and prices going up is a popular angle of discussion, but there are plenty of others too, including DAZN’s website crashing when people tried to change their package online.

 

Overall though, many people feel that being a football fan is now more of a financial commitment than a pastime, one increasingly for the rich over the regular guy in the street.

 

The problem for Italy is that the popularity of the “pezzotto” will be difficult to repress, especially when events like those of the last few days end up generating interest in piracy, contrary to the goals of the new law.

 

 

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only.

 

These torrent download statistics are only meant to provide further insight into the piracy trends. All data are gathered from public resources.

 

This week we have three newcomers on the list. “The Flash”, which came out as a high-quality pirate release, is the most downloaded title.

The most torrented movies for the week ending on July 24 are:

Movie Rank	Rank last week	Movie name	IMDb Rating / Trailer
Most downloaded movies via torrent sites
1	(…)	The Flash	7.0 / trailer
2	(1)	Transformers: Rise of the Beasts	6.3 / trailer
3	(2)	Guardians of the Galaxy Vol. 3	8.2 / trailer
4	(3)	John Wick: Chapter 4	8.0 / trailer
5	(5)	Fast X	6.1 / trailer
6	(7)	Avatar: The Way of Water	7.8 / trailer
7	(…)	Ruby Gillman, Teenage Kraken	5.7 / trailer
8	(…)	Resident Evil: Death Island	6.1 / trailer
9	(6)	The Super Mario Bros. Movie	7.3 / trailer
10	(4)	Asteroid City	6.9 / trailer

 

 

Note: We also publish an updating archive of all the list of weekly most torrented movies lists.

 

It’s no secret that the majority of mainstream movies appear on pirate sites soon after their release. In that respect, not much has changed since the early 2000s. Pirate site aesthetics, on the other hand, have undergone a transformation.

 

Today’s pirate movie and TV show sites are considerably more polished, often carrying official poster images and metadata to give that Netflix-style feel. Pirate sites offering Japanese cartoons (anime) often look so good they could easily pass for legitimate platforms.

 

These glossy sites receive hundreds of millions of visits every month from extraordinarily enthusiastic fans who happily soak up every available detail but mostly pay nothing for the privilege.

 

Japanese rightsholders are making progress against anime piracy, even in challenging overseas territories such as Brazil. But having spotted the pots of gold at the end of the anime rainbow, companies like Disney also have content to protect. With decades of experience doing just that, there’s little doubt that the pressure is building.

DMCA Subpoenas, Visit to Vietnam

During the last week of June, high-level executives from the Motion Picture Association visited Vietnam, a hotbed of some of the most polished and popular pirate sites to ever exist. The visit coincided with the takedown of Vietnam-based 2Embed, a site that supplied hundreds of other sites with video content.

 

Authorities in Vietnam welcomed enhanced cooperation with ACE to tackle other pirate sites moving forward, but a visit to court in the United States and a routine application for a DMCA subpoena against Cloudflare was also delivering results.

 

Animedao, one of the targeted sites

 

In the wake of our initial report on the subpoena early July, one of the targeted sites ‘Anime Kaizoku’ indicated it had thrown in the towel. Now a considerably larger platform claims to have done the same.

Animedao.to Announces Shutdown

Recent data published by SimilarWeb indicate that AnimeDao received over 54 million visits in three recent months. In April, the pirate anime site welcomed around 19.1 million visitors, and in May, around 18.1 million.

 

June’s figures were lower at 16.9 million visits, but with the majority of visitors arriving from the United States, it was inevitable that anti-piracy group ACE would eventually take action.

 

 

The DMCA subpoena provided fairly clear evidence that the site was under some type of investigation but what lies ahead after more recent developments is unclear.

 

As the image below shows, AnimeDao has now decided that for financial, technical, and legal reasons, its days of servicing millions of visitors each month are over.

 

 

The comment about content no longer being available without popup ads is interesting. While situations vary, it may suggest that at least some content arrives as a package and is intended to be consumed in a particular way, i.e. while being monetized.

 

The statement about CORS relates to cross-origin resource sharing, a browser mechanism that controls access to resources located outside of a given domain. This suggests that content that may otherwise have been accessible from other platforms is being restricted.

 

The final comment about ‘being targeted’ is self-explanatory but how that will play out, especially given recent events, is open for debate.

Problematic Resurrections

Following MPA/ACE’s visit to Vietnam, Zoro.to – until recently the world’s most popular pirate site – suddenly shut itself down and handed its domains over to the MPA.

 

Had that been the end of the matter, Hollywood would’ve probably mentioned it via a press release. What actually happened is that within hours of Zoro.to’s closure, it reemerged under a new domain (aniwatch.to) with all-new branding.

 

That could suggest that if any agreement was in place with the operator of Zoro, it might not have taken the form of a cast-iron legal contract usually associated with ACE activity. Whether that indicates one of the parties not taking things particularly seriously is open to speculation but the recent reemergence of former fan-favorite Aniwatch.me (not to be confused with Aniwatch.to) may be a sign of things going in the wrong direction.

 

Then finally, there was the demise of Anime Kaizoku, a much smaller site, but a significant closure nonetheless. After disappearing online in response to ACE pressure, a few days ago the animekaizoku.com domain suddenly found new life and now redirects to another anime site called Simkl.com, which is now scooping up all of the shuttered site’s traffic.

 

 

Only time will tell how this difficult anime landscape will change over the next few months, but it seems unlikely it will be allowed to continue in the manner it does today. The anime piracy scene seems to be extremely well organized, with both centralized and somewhat sophisticated independent systems ensuring that content reaches the widest possible audience via any number of supplied sites.

 

That raises interesting questions concerning the diversity of original (pirated) content sources and how that might affect the stability of the anime piracy ecosystem.

 

Relatively few sites offer large volumes of anime content that they both host and control, perhaps fewer than 10 and maybe less than that. One of those sites, GogoAnime, is relied upon by dozens of sites for their content so they may be especially vulnerable to being substantially wiped out overnight.

 

One domain that won’t be offering anime content anytime soon is BUNNYCDNN.RU. It was previously known for its connections with high-traffic anime platforms but today, after being transferred to a new owner, is now notable for being under the control of MPA/ACE.

 

In 2021, Canada’s Federal Court of Appeal upheld the first pirate site-blocking order in the country.

 

The landmark decision opened the door to additional and more advanced blocking requests. Indeed, it didn’t take long before NHL broadcasters asked the court for a pirate IPTV blocking order of their own.

 

The Federal Court eventually granted this request for the ongoing season, with some safeguards. In part due to intervention from the Canadian Internet Policy and Public Interest Clinic (CIPPIC), an independent expert was appointed to measure the effectiveness and proportionality of the blocking efforts.

 

This NHL blocking action was followed by a FIFA World Cup blocking order last fall, which was also granted without further hassle. Following up on these successes, rightsholders set their sights on the MLB.

2023 MBL ‘Blue Jays’ Piracy Blockade

Last week, Canada’s Federal Court authorized another sports streaming blockade. Following a complaint from Rogers and TVA, Canadian Internet providers are now required to block IP addresses used to broadcast Toronto Blue Jays games.

 

 

The blocking order is different from previous requests, as it mostly covers the games of Canada’s only MLB team. In addition, MLB Jewel Events including All-Star games and the World Series are covered as well. These limitations are determined by Rogers and TVA’s broadcast rights.

 

“Third Party Respondents shall, during each of the MLB Live Game Windows […] block or attempt to block access, by at least their residential wireline Internet service customers, to each of the IP addresses for the Target Servers,” Judge Lafrenière writes.

 

The game windows and server IP addresses are not disclosed, but they likely cover several of the most popular IPTV streaming services in Canada. These IP addresses can also be updated during the season, if streaming services try to circumvent the blockades.

 

The blocking efforts will remain in place for the remainder of the 2023 MLB season, which ends in October. If rightsholders would like to extend blocking to future seasons they will have to go back to court first.

Costs and Complaints

The Internet providers are not accused of any infringing activity and they will be compensated for any costs incurred when implementing these blocking measures. This compensation should be paid by the rightsholders, up to a maximum of CA$50,000.

 

 

As in previous cases, the Court has also appointed an independent expert to review the IP addresses submitted for blocking, to ensure that detection and notification requirements are followed.

 

TekSavvy is one of the Internet providers targeted through the order. While the company protested previous blockades, further protest appears pointless so the company will comply with the blocking requirements.

 

That said, TekSavvy does point out that other parties who are affected by the measures can challenge them in court.

 

“Anyone who claims to be affected by the order may also apply to the Court to discharge or vary the order. This includes any operators of servers who are affected by this order, any Internet service customer affected by the Order or any other third party who claims to be affected by this order,” the ISP notes.

 

This is the fourth blocking order issued in Canada. At the time of writing, only the original “GoldTV” blockade and the new MLB blockade remain active. The NHL order expired and must be renewed for the upcoming season if rightsholders want to keep it in place.

 

Interestingly, traditional pirate streaming and torrent sites are not yet blocked in Canada. A complaint against Soap2Day could have been the setup for the first attempt of this kind, but the streaming site decide to shut down after being served.

 

—

 

A copy of the MLB blocking order, issued by Justice Roger R. Lafrenière last week, is available here (pdf)

 

The VPN industry is booming and prospective users have hundreds of options to pick from. All claim to be the best, but some are more privacy-conscious than others.

 

The VPN review business is flourishing as well. Just do a random search for “best VPN service” or “VPN review” and you’ll see dozens of sites filled with recommendations and preferred picks. Some VPN companies even own review sites.

 

At TF we don’t want to make any recommendations. When it comes to privacy and anonymity, an outsider can’t offer any guarantees. Vulnerabilities are always lurking around the corner and even with the most secure VPN, you still have to trust the VPN company with your data.

 

Instead, we aim to provide an unranked overview of VPN providers, asking them questions we believe are important. Many of these questions relate to privacy and security, and the various companies answer them here in their own words.

 

We hope that this helps users to make an informed choice. However, we stress that users themselves should always ensure that their VPN setup is secure, working correctly, and not leaking. We also advise people to properly research the company behind the VPN service. This article is not a recommendation of any kind.

 

This year’s questions and answers are listed below. We have included all VPN providers we contacted that don’t keep extensive logs or block lawful torrent traffic on all of their servers. The order of the providers is arbitrary and doesn’t carry any value.

 

Note: The responses below were received in 2023. Some companies failed to respond and are therefore excluded.
—

 

1. Do you keep (or share with third parties) ANY data that would allow you to match an IP-address and a timestamp to a current or former user of your service? If so, exactly what information do you hold/share and for how long?

 

2. What is the name under which your company is incorporated (+ parent companies, if applicable) and under which jurisdiction does your company operate?

 

3. What tools are used to monitor and mitigate abuse of your service, including limits on concurrent connections if these are enforced?

 

4. Do you use any external email providers (e.g. Google Apps), analytics, or support tools ( e.g Live support, Zendesk) that hold information provided by users?

 

5. In the event you receive a DMCA takedown notice or a non-US equivalent, how are these handled?

 

6. What steps would be taken in the event a court orders your company to identify an active or former user of your service? How would your company respond to a court order that requires you to log activity for a user going forward? Have these scenarios ever played out in the past?

 

7. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why? Do you provide port forwarding services? Are any ports blocked?

 

8. Which payment systems/providers do you use? Do you take any measures to ensure that payment details can’t be linked to account usage or IP-assignments?

 

9. What is the most secure VPN connection and encryption algorithm you would recommend to your users?

 

10. Do you provide tools such as “kill switches” if a connection drops and DNS/IPv6 leak protection? Do you support Dual Stack IPv4/IPv6 functionality?

 

11. Are any of your VPN servers hosted by third parties? If so, what measures do you take to prevent those partners from snooping on any inbound and/or outbound traffic? Do you use your own DNS servers?

 

12. In which countries are your servers physically located? Do you offer virtual locations?

 

Important note: Services that offer dedicated or fixed IP-addresses are often able to link an IP-address to a user account, irrespective of the answer to question 1.

 

Tip: Here’s a list of all VPN providers covered here, with direct links to the answers. Some links in this article are affiliate links. This won’t cost you a penny more but it helps us to keep the lights on. Please note that unlawful activity is strictly forbidden on these services. That includes copyright infringement.

All VPNs

– NordVPN
– ExpressVPN
– Private Internet Access
– TorGuard
– ProtonVPN
– IVPN
– Windscribe
– Oeck
– Speedify
– CyberGhost
– AirVPN
– Trust.Zone
– Mullvad
– Perfect Privacy
– Hide.me
– AzireVPN
– Guardian
– OVPN
– HideIPVPN
– Ivacy

NordVPN

 

1. We do not keep connection logs nor timestamps that could allow us to match customers with their online activity.

 

2. Parent company is Nordvpn S.A., operating under the jurisdiction of Panama.

 

3. We use an automated tool that limits the maximum number of concurrent connections to six per customer and a system that automatically suspends the account if a specific connection pattern is recognized, e.g. hundreds of connections to different servers in a very short period of time. This is being done in order to mitigate web scraping. Apart from that, we do not use any other tools.

 

4. NordVPN uses third-party data processors for emailing services and to collect basic website and app analytics. We use Iterable and Sendgrid for correspondence, Zendesk to provide customer support, Google Analytics to monitor website and app data, as well as Crashlytics, Firebase Analytics and Appsflyer to monitor application data. All third-party services we use are bound by a contract with us to never use the information of our users for their own purposes and not to disclose the information to any third parties unrelated to the service.

 

5. NordVPN is a transmission service provider, operating in Panama. DMCA takedown notices are not applicable to us.

 

6. If the order or subpoena is issued by a Panamanian court, we would have to provide the information if we had any. However, our no-log policy means that we do not store any information about our users’ online activity – only their email address and basic payment info. So far, we haven’t had any such cases.

 

NordVPN notes on its website that it “will only comply with requests from foreign governments and law enforcement agencies if these requests are delivered according to laws and regulations.” It adds that it will “never log [user] activity unless ordered by a court in an appropriate, legal way.”

 

NordVPN tells us that the standard no-logging policy remains in place. It will challenge any logging requests until all options are exhausted and will use all means to keep customers informed. At the same time, the company wants to dissociate itself from bad actors in the VPN industry while sending a clear message to terrorists and criminals that it will not work as a safe haven for crime.

 

7. We do not restrict any BitTorrent or other file-sharing applications on most of our servers. We have optimized a number of our servers specifically for bandwidth-hungry activities. At the moment, we do not offer port forwarding and block outgoing SMTP 25 and NetBIOS ports.

 

8. Our customers are able to pay via all major credit cards, regionally localized payment solutions and cryptocurrencies. Our payment processing partners collect basic billing information for payment processing and refund purposes, but that data cannot be connected to an internet activity of a particular customer. Bitcoin is the most anonymous option, as it does not link the payment details to the user identity or other personal information.

 

9. All our protocols are secure, however, the most advanced encryption is used by NordLynx. NordLynx is based on the WireGuard® protocol and uses ChaCha20 for encryption, Poly1305 for authentication and integrity, and Curve25519 for the Elliptic-curve Diffie–Hellman key agreement protocol.

 

10. We provide automatic kill switches and DNS leak protection. Dual-Stack IPv4/IPv6 functionality is not yet supported with our service; however, all NordVPN apps offer an integrated IPv6 Leak Protection.

 

11. Most of our servers are leased, but we are gradually increasing our collocated server network. That said, the security of our infrastructure is our top priority. Due to our special server configuration, no one is able to collect or retain any data, ensuring compliance with our no-logs policy. Our no-logs policy has been audited and verified by Deloitte — an industry-leading Big Four auditing firm. We do have our own DNS servers, and all DNS requests travel through a VPN tunnel. Our customers can also manually set up any DNS server they like.

 

12. We do not offer virtual locations, our servers are located in places we state they are. At the time of writing, we have over 5500 servers in 60 countries.

 

NordVPN details

 

—

ExpressVPN

 

1. No, ExpressVPN doesn’t keep any connection or activity logs, including never logging browsing history, data content, DNS requests, timestamps, source IPs, outgoing IPs, or destination IPs. This ensures that we cannot ascertain whether a given user was connected to the VPN at a certain time, assumed a particular outgoing IP address, or generated any specific network activity.

 

KPMG also recently conducted an independent audit which confirmed that our VPN servers are in compliance with our privacy policy. This means that users can be confident that we will never know what they do online when connected to our service and that we do not have such sensitive information to share, even if compelled to.

 

2. Express Technologies Ltd is a British Virgin Islands (BVI) company. Being under BVI jurisdiction helps to protect user privacy, as the BVI has no data retention laws, is not party to any 14 Eyes intelligence sharing agreements, and has a dual criminality provision that safeguards against legal overreach. (As of September 2021, ExpressVPN is part of the Kape Technologies group).

 

3. We reserve the right to block specific abusive traffic to protect the server network and other ExpressVPN customers. With regards to limits on the number of devices simultaneously connected, no timestamps or IP addresses are ever logged; our systems are merely able to identify how many active sessions a given license has at a given moment in time and use that counter to decide whether a license is allowed to create one additional session. This counter is temporary and is not tracked over time.

 

4. We use Zendesk for support tickets and SnapEngage for live chat support; we have assessed the security profiles of both and consider them to be secure platforms. We use Google Analytics and cookies to collect marketing metrics for our website and several external tools for collecting crash reports (only if a user opts in to sharing these reports).

 

5. As we do not keep any data or logs that could link specific activity to a given user, ExpressVPN does not have the ability to identify or report users.

 

6. Legally our company is bound to respect subpoenas and court orders when they originate from the British Virgin Islands government or in conjunction with BVI authorities via a mutual legal assistance treaty. Regarding a demand that we log activity going forward: Were anyone ever to make such a request, we would refuse to re-engineer our systems in a way that infringes on the privacy protections that our customers trust us to uphold.

 

We never store any data that could match an individual to specific network activity or behavior. Thus, we may only inform law enforcement that we do not possess logs of connections or user behavior that could associate a specific end-user with an infringing IP address, timestamp, or destination. This was proven in a high-profile case in Turkey in which law enforcement seized a VPN server leased by ExpressVPN but could not find any server logs that would enable investigators to link activity to a user or even determine which users, or whether a specific user, were connected at a given time.

 

7. We do not believe in restricting or censoring any type of traffic on any of our VPN servers, including BitTorrent traffic. We do not support port forwarding.

 

8. ExpressVPN accepts all major credit cards, PayPal, and a large number of local payment options. We also accept Bitcoin, which we recommend for those who seek maximum privacy with relation to their form of payment. As we do not log user activity, IP addresses, or timestamps, neither ExpressVPN nor any external party can link payment details entered on our website with a user’s VPN activities, including IP assignments.

 

9. By default, ExpressVPN automatically chooses the protocol best-suited to your network depending on a variety of factors. For example, our in-house modern protocol Lightway uses a 4096-bit CA with AES-256-GCM and ChaCha20/Poly1305 encryptions, D/TLS 1.2 on UDP or TLS 1.3 for TCP, and SHA256 signatures to authenticate traffic.

 

10. Yes, our Network Lock feature, which is turned on by default, prevents all types of traffic including IPv4, IPv6, and DNS from leaking outside of the VPN, such as when your internet connection drops or in various additional scenarios. We do not currently support IPv6 routing through the VPN tunnel. ExpressVPN also protects users from data leaks in a number of ways.

 

11. Our VPN servers are hosted in trusted data centers with strong security practices, where the data center employees do not have server credentials. Leased vs co-located is not the salient factor in determining security.

 

The efforts we take to secure our VPN server infrastructure are extensive and include (among other things) our proprietary TrustedServer technology, unique keys per server, VPN servers that don’t store user data, and carefully engineered our apps and VPN servers to categorically eliminate sensitive information. We run our own logless DNS on every server, meaning no personally identifiable data is ever stored. We do not use third-party DNS. Most recently, we were the first VPN provider to pull our servers from India because of the recent directives requiring all VPN providers to store user information for at least five years.

 

To ensure that we are delivering the best protections to users, we also recently invited both KPMG and Cure53 to separately conduct independent audits on our systems and core server technologies.

 

12. ExpressVPN has servers in 94 countries, and also recently upgraded to 10Gbps servers for faster speeds and more reliable connections. For more than 95% of our servers, the physical server and the associated IP addresses are located in the same country. For countries where it is difficult to find servers that meet ExpressVPN’s rigorous standards, we use virtual locations. The specific countries are published on our website here.

 

ExpressVPN extra details

 

—

 

—

Private Internet Access

 

1. We do not store any logs relating to traffic, session, DNS or metadata. There are no logs kept for any person or entity to match an IP address and a timestamp to a current or former user of our service. In summary, we do not log, period. Privacy is our policy.

 

2. Private Internet Access, Inc. is an Indiana corporation, under the parent company Kape Technologies PLC, a leading ‘privacy-first’ consumer software provider.

 

3. We have an active, proprietary system in place to help mitigate any abuse. However, we’re pleased to announce that earlier this year we rolled out unlimited simultaneous device connections for all our users, in order to help PIA to deliver even better value with one subscription and to allow customers to benefit from the privacy and security of a VPN across all their devices.

 

4. We use Google Apps Suite and Google Analytics on our website only with interest and demographics tracking disabled and anonymized IP addresses enabled. We use Zendesk for our support team.

 

5. Primarily, we stress that our service is not intended to be used for illegal activities and copyright infringements and we request our users to comply with this when accepting our Terms of Use. In this respect as in all others, we are committed to protecting the privacy of our customers while following the letter of the law.

 

6. PIA has a strict 100% no-usage-logs policy which has twice been proven in court. Last year, our No Logs policy also underwent an independent audit by Big Four firm, Deloitte, which found that PIA’s server configurations align with internal privacy policies and confirmed that our infrastructure is not designed to identify users or pinpoint their activities. As part of our commitment to transparency, we provide a semi-annual report containing details about any recent requests made to our legal department. As always, PIA has nothing to share in response to these inquiries as we keep no logs of our customers. Our company would fight a court order that requires us to do any sort of logging.

 

7. BitTorrent and file-sharing traffic are not discriminated against or throttled. We do not censor our traffic, period. PIA does offer port-forwarding, and information on how to enable port forwarding can be found here.

 

8. Our current payment providers/methods include Stripe, Paypal, Bitpay, Apple/iTunes, GooglePlay, Amazon and Paygarden. Payment details are only linked to accounts for billing purposes. IP assignments and other user activity on our VPN servers aren’t linkable to specific accounts or payment details because of our strict and demonstrated no-log policy.

 

9. At the moment, the most secure and practical VPN connection and encryption algorithm that we recommend to our users would be our cipher suite of AES-256 + RSA4096 + SHA256 over OpenVPN. More information for customers can be found on our support portal.

 

10. Our users gain access to a plethora of additional tools, including but not limited to a robust Kill Switch, IPv6 Leak Protection and DNS Leak Protection. PIA’s MACE feature is also included as standard and offers a DNS-based ad blocker that helps protect users from ads, trackers, and malware. PIA’s other security features include Identity Guard, allowing users to monitor whether their emails have been involved in data breaches, and an optional privacy-first antivirus product offering users additional security online.

 

11. Our bare metal servers are located in third-party data centers that are operated by trusted business partners with whom we have completed serious due diligence. If countries or data centers fail to meet our high privacy standards, we remove our VPN server presence. Often in these instances we would be able to offer virtual server locations instead, where the registered IP address matches the country you’ve chosen to connect to, while the server is physically located in another country, usually nearby. In addition, all of our servers are RAM-only, so any information that has passed through them is erased every time the server reboots.

 

12. PIA’s server network covers 84 countries and 140+ locations, including in all 50 US states. Our full list of server locations can be found here. We have been upgrading our servers to superior NextGen servers with 10Gbps network cards, which help provide reduced server downtime, better speeds and security for our users. All our servers themselves are physical. We do also offer virtual locations as explained above.

 

Private Internet Access details

 

—

TorGuard

 

1. TorGuard has always adhered to a strict no-logs policy for all its users. Neither timestamps nor IP logs are maintained on any VPN or authentication server. The only data that TorGuard possesses is network statistical data. This information aids in assessing server load. Additionally, TorGuard records the billing or payment method details when a user acquires our services.

 

2. TorGuard is a part of VPNetworks LLC, which itself is a subsidiary of Data Protection Services. All our operations are executed within the regulatory framework of the United States. TorGuard’s originality and commitment to its core values are preserved as it continues to operate under its initial ownership – VPNetworks LLC and Data Protection Services. It’s noteworthy to mention that TorGuard has always been faithful to its origins, never having changed ownership, and continues to function under the governance and principles set by its founding companies.

 

3. We use a simplified edition of Nagios to oversee hardware utilization, uptime, and latency associated with our VPN/Proxy, devoid of any extra modules. TorGuard enforces a real-time limit of eight simultaneous connections for each user, and each session is instantly cleared as soon as the user disconnects. In instances where a user fails to disconnect or gets inadvertently disconnected, our system has the capability to automatically discard these obsolete sessions within a few minutes.

 

4. We host our own analytics using Matamo, an open-source platform, and have ensured it doesn’t retain referral IP addresses. We utilize anonymized data from Matamo analytics to enhance our understanding and optimize our website and service offerings. All customer support processes are managed in-house, without the use of third-party tools. As for email delivery, it is managed via Sendgrid.

 

5. In the event of receiving a legitimate DMCA removal notice, our legal team would be responsible for addressing it. However, owing to our stringent no-log policy and shared IP network, it’s impossible for us to relay any such requests to a specific user.

 

6. When we receive a court order, it’s immediately subjected to a review by our legal team to validate its jurisdictional legitimacy. In cases where the order is validated, our legal representation would be compelled to expound on the details of our shared IP network and our firm policy against storing any identifiable logs or timestamps. Considering the design of our network and the substantial volume of traffic it accommodates, any modifications to record user activity are unfeasible. This is a circumstance we’ve never had to confront in the course of our operations.

 

Our network at TorGuard is specifically engineered to operate with minimal server resources, rendering it inherently incapable of retaining user logs. The structure of our shared VPN servers and the high traffic volume that circulates through our network make it virtually impossible to maintain such logs.

 

7. All servers, with the exception of those located in the USA and on our residential and streaming IP network, permit torrent traffic. The exclusion of Bittorrent traffic on USA servers is a measure taken in response to a legal settlement in 2022. Furthermore, TorGuard provides port forwarding for all ports exceeding 2048. The only port we restrict outgoing is the SMTP port 25, as a measure to prevent misuse.

 

8. We employ Stripe to process credit or debit card transactions and have our own BTCPay system for handling Bitcoin and Litecoin transfers. TorGuard also accepts all types of cryptocurrency through NowPayments, and Paymentwall is used for Gift Card payments and local bank transfer options. To ensure the utmost protection of our users’ privacy, TorGuard has taken considerable steps, including extensive modifications to our billing system, to accommodate various payment providers.

 

9. For enhanced security, we suggest deploying OpenVPN with AES-256-GCM-SHA512, incorporating our stealth VPN protocol as an additional protective layer. This can be done through TorGuard’s desktop or mobile applications.

 

10. Indeed, our kill switch has a unique design that directs all traffic into a ‘black hole’ should the user experience connectivity loss or if the application crashes for any reason. We are currently developing a dual-stack for IPv4/IPv6, which will be launched once IPv6 adoption becomes more prevalent among users.

 

11. While we do host servers at third-party locations, we only choose these sites after a thorough review based on strict security criteria. We employ disk encryption and operate part of the network on virtual RAM disks. Regular audits are conducted on our servers and we ensure no keys are stored on the endpoints that could risk traffic compromise. Moreover, any remote access, like IPMI, is either disabled or stringently restricted and monitored. We offer secure public DNS, but we also furnish our internal DNS on every endpoint, which directly queries root VPN servers.

 

12. Currently, we maintain three virtual locations: Taiwan, Greece, and Russia. Although TorGuard generally prefers to avoid virtual locations, there are instances when we can’t find a bare-metal data center that satisfies our stringent security criteria. In such cases, we choose not to compromise on security.

 

TorGuard website

 

—

ProtonVPN

 

1. Each time a user connects to the service, we only obtain a timestamp of the last successful login attempt. This gets overwritten each time a user successfully logs in. This does not contain any identifying information, such as IP addresses or locations. We retain this limited information to protect user accounts from password brute force attacks. However, we do not share any of this data with third parties.

 

2. Proton AG

 

3. Users are required to create an account in order to use our service. We keep accounting data to see how many sessions are being opened by a given user, in order to allow only the number of sessions corresponding to their subscribed plan.

 

4. We use Zendesk to collate and respond to support requests or bug reports.

 

5. Our Anti-Abuse and Legal team investigates the complaints we receive in that regard with all evidence available and make a decision on whether there is good cause to believe that the mentioned accounts are involved in such activities, in which case they are suspended. We always use Swiss law as our reference for such complaints.

 

6. This type of request has never been made for Proton VPN. That said, Proton VPN is based in Switzerland meaning it would be illegal for us to cooperate with any foreign law enforcement or court unless specifically requested to do so by the Swiss authorities. However, even in this scenario, the only information we would have access to would be the username, email address and billing information for existing users. This data is deleted when an account is deleted.

 

7. Some of our servers are optimized for P2P file sharing. This feature comes with fast download speeds and unlimited bandwidth.

 

8. We allow users to pay by credit card, debit card, PayPal, Bitcoin or cash. We rely on third parties to process credit card and PayPal transactions, and we do not save full credit card details.

 

9. We use only the highest strength encryption and would recommend others do the same. This means all network traffic is encrypted with AES-256, key exchange is done with 4096-bit RSA, and HMAC with SHA384 is used for message authentication. We use only VPN protocols that are known to be secure – IKEv2/IPSec, OpenVPN and WireGuard. Proton VPN does not have any servers that support PPTP and L2TP/IPSec, even though they are less costly to operate.

 

10. All of our clients support kill-switch functionality.

 

11. While we own our Secure Core entry servers, we do also utilize rented infrastructure. We only use physical servers that we can fully control as opposed to virtual servers meaning the hardware is dedicated solely to Proton VPN, giving us a higher degree of control and making it more secure. All rented Proton VPN servers are secured with block-level disk encryption. By implementing full-disk encryption on all our servers, we can protect our certificates and mitigate the risk of MITM attacks. And yes, all our servers implement DNS servers.

 

12. As part of Proton AG we share with Proton Mail the core infrastructure where our websites and databases are hosted. This infrastructure is hosted in Switzerland and owned by Proton AG. As part of the VPN infrastructure, we own the VPN Secure Core servers and rent dedicated physical VPN servers across the globe.

 

ProtonVPN website

 

—

AirVPN

 

1. No, we do not keep or share with third parties ANY data that would allow us to match an IP address and a timestamp to a current or former user of our service

 

2. AirVPN in Italy. No parent company/companies.

 

3. No monitoring tools are used. In order to limit the amount of simultaneous connections from a single account, a counter is kept. Each new connection increases the counter and each new disconnection decreases the counter. If the counter exceeds the amount of concurrent connections allowed (purchased for an account) a new connection is refused. In this way no logging or inspection activity is necessary.

 

4. No, we do not use any external email providers, analytics, or support tools that hold information provided by users.

 

5. They are ignored if they pertain to P2P, they are processed, verified and handled accordingly (rejected or accepted) if they pertain to websites (or FTP services etc.) hosted behind our VPN servers.

 

6. a) We would co-operate to the best of our abilities, although we can’t give out information we don’t have. b) We are unable to comply due to technical problems and limitations. c) The scenario in ‘case b’ has never occurred. The scenario in ‘case a’ has occurred multiple times, but our infrastructure does not monitor, inspect or log customers’ traffic, so it is not possible to correlate customer information (if we had it) with customers’ traffic and vice-versa.

 

7. a) Yes, BitTorrent and other file-sharing traffic are allowed on all servers. AirVPN does not discriminate against any protocol or application and keeps its network as agnostic as possible. b) Yes, we provide remote inbound port forwarding service. c) Outbound port 25 is blocked.

 

8. We accept payments via PayPal, major credit cards, Apple Pay, Google Pay, giropay, iDEAL, eps and Bancontact. We also accept Bitcoin, Litecoin, Bitcoin Cash, Dash, Doge, and Monero. By accepting directly various cryptocurrencies without intermediaries we get rid of additional fees and above all privacy issues, including correlations between IP addresses and payments. By accepting Monero we also offer the option to our customers to pay via a cryptocurrency that protects transactions with a built-in layer of anonymity.

 

9. CHACHA20-POLY1305 and AES-256-GCM

 

10. We provide Network Lock in our free and open-source software. It can prevent traffic leaks (both IPv4 and IPv6 – DNS leaks included) even in case of application or system processes wrong binding, in case of UPnP caused leaks, wrong settings, WebRTC and other STUN related methods, and of course in case of unexpected VPN disconnection. b) Yes, we do provide DS IPv4/IPv6 access, including IPv6 over IPv4, pure IPv4 and pure IPv6 connections. In this way, even customers whose ISP does not support IPv6 can access IPv6 services via AirVPN.

 

11. We do not own our datacenters and we are not a transit provider, so we buy traffic from Tier 1, Tier 2 and only occasionally Tier 3 providers and we house servers in various datacenters. The main countermeasures are: exclusive access to IPMI etc. via our own external IP addresses or a specific VPN for the IPMI etc.; reboot inhibition; USB support eliminated from kernel; all data stored in RAM disk, and some other methods we prefer not to disclose. However, if server lines are wiretapped externally and transparently, and server tampering does not occur, there is no way inside the server to prevent, or be aware of, ongoing wiretapping. Wiretapping prevention must be achieved with other methods on the client-side (some of them are integrated into our software), for example, VPN over Tor, Tor over VPN etc.

 

12. NO, we do not offer virtual locations and/or VPS. We declare only real locations of real “bare metal” servers.

 

AirVPN website

 

—

Oeck

 

1. No. We do not keep any connect / disconnect timestamps or similar information. We explain exactly what we don’t log and what we monitor in our Privacy Policy.

 

2. Oeck Limited. We are registered in Hong Kong as the data retention laws are still in favor of VPN companies and the location is still friendly towards VPN services. When and if we need to, we can quickly move Oeck to Singapore if anything in Hong Kong changes.

 

3. Though we allow account sharing for our customers, we do limit their total concurrent connections to six. This is monitored in real-time and there is no logging of this information whatsoever. We also do ask that our customers use a designated P2P region if they are going to be doing any torrenting or other P2P activity.

 

4. We use AWS for our outbound email – however, email is never used for correspondence. We have a support ticket system that our customers must use in order to communicate with us which is custom made and part of our website. Tickets are deleted 48 hours after resolution. We use Matomo for our analytics. We went down this path as Matomo is hosted by us and no other party has access to it.

 

5. If possible, we temporarily suspend usage of the port on the VPN node specified in the complaint. That’s all we can do, as there is no way for us to match anything to any customer. The suspension of the specified port on the specified server is lifted after 31 days.

 

6. This has never happened to us. However, in this event, we would only be able to provide a customer’s username, email address, and any possible billing information from our payment providers ( receipts of payment, etc ). Billing information will be impossible if the customer has chosen to pay by cash. If we were forced by authorities to log activity moving forward, we would simply turn off our servers in the affected jurisdiction. We own all of our own hardware ( even the routers in the datacenter ) and our exit-nodes run without any storage media. We will simply turn the switch off. We also make use of a warrant canary.

 

7. Yes. We allow our customers to torrent via our torrent region as it is optimized for that technology. Although we do not block torrenting in our other regions, we do suggest that users use the torrent region when torrenting. We provide a very advanced port-forwarding service to all of our customers. No ports are blocked.

 

8. We use Stripe, PayPal and Coinbase Commerce for online payments. We also accept cash in the mail. The only detail we have is if a customer has paid their account or not. As far as what the payment providers log – they log everything they possibly can. We encourage payments via cash if possible.

 

9. We offer OpenVPN with RSA-4096 and AES-256-GCM.

 

10. Our apps come with a kill-switch feature. For users who choose not to use our apps and use a third-party OpenVPN client instead, we have made available SOCKS5 proxies that work just like a kill-switch. These can only be accessed via our VPN. They can be used via a browser, app, or system-wide proxy.

 

11. No. All of our hardware is owned by us. Even the routers are owned by us. We do not log any VPN activity. Our VPN exit-nodes do not have hard drives or other storage capabilities, everything runs off RAM. Our upstream providers do not have access to our network as our stuff begins at our own routers. We only ever use our own DNS servers.

 

12. We have a real-time monitor of our servers. That is a list of our available VPN regions that users can connect to. The graph is displaying the information as a per-region display. This is because we node-balance our servers so users always have the best connection. Though we don’t offer virtual locations, we do offer residential IP proxies as part of our service. There are over 30 regions available and these are used for our smart routing feature.

 

Oeck website

 

—

Perfect Privacy

 

1. We do not store or log any data that would indicate the identity or the activities of a user.

 

2. The name of the company is CyberDock IT Solutions GmbH and the jurisdiction is Germany.

 

3. The number of connections/devices at the same time is not limited because we do not track it. In case of malicious activity towards specific targets, we block IP addresses or ranges, so they are not accessible from our VPN servers. Additionally, we have limits on new outgoing connections for protocols like SSH, IMAP, and SMTP to prevent automated spam and brute force attacks. We do not use any other tools.

 

4. Our websites use Google Analytics to improve the quality of the user experience and it’s GDPR compliant with anonymized IP addresses. You can prohibit tracking with just one click on a provided link in the privacy policy. If a customer has a problem with Google, he has the possibility to disable the tracking of all Google domains in TrackStop. I believe we are the only VPN provider that offers this possibility. All other solutions like email, support, and even our affiliate program is in-house software and under our control.

 

5. Because we do not host any data, DMCA notices do not directly affect us. However, we generally answer inquiries. We point out that we do not keep any data that would allow us to identify a user of the used IP address.

 

6. If we receive a German court order, we are forced to provide the data that we have. Since we don’t log any IP addresses, timestamps or other connection-related data, the only step on our side is to inform the inquiring party that we do not have any data that would allow the identification of a user based on that data. Should we ever receive a legally binding court order that would require us to log the activity of a user going forward, we’d rather shut down the servers in the country concerned than compromise our user’s privacy.

 

There have been incidents in the past where Perfect Privacy servers have been seized, but no user information was compromised that way. Since no logs are stored in the first place and additionally all our services are running within RAM disks, a server seizure will never compromise our customers. Although we are not subject to US-based laws, there’s a warrant canary page available.

 

7. With the exception of our US servers and French servers, BitTorrent and other file-sharing software is allowed. We offer port forwarding and do not block any ports.

 

8. We offer Bitcoin, PayPal and credit cards for users who prefer these options and over 60 other payment methods. Of course, it is guaranteed that payment details are not associated with any IP addresses. The only thing you know about a person is that he or she is a customer of Perfect Privacy and which email address was used.

 

9. The most secure protocol we recommend is still OpenVPN with 256-bit AES-GCM encryption. With our VPN Manager for Mac and Windows you also have the possibility to create cascades over four VPN servers. This Multi-Hop feature works tunnel in tunnel. If you choose countries for the hops which are known not to cooperate with each other, well you get the idea. On top of that, you can activate our NeuroRouting feature, which changes the routing depending on the destination of the visited domain and dynamically selects different hops for the outgoing server to ensure it is geographically close to the visited server.

 

10. Yes, our servers support full Dual Stack IPv4/IPv6 functionality, even when your ISP does not support IPv6. Our VPN Manager has a “kill switch” which has configurable protection with three security levels.

 

11. We run dedicated bare-metal servers in various data centers around the world. While we have no physical access to the servers, they all are running within RAM disks only and are fully encrypted.

 

12. Currently, we offer servers in 25 countries worldwide. All servers are located in the city displayed in the hostname – there are no virtual locations. For full details about all servers locations, please check our server status site as we are constantly adding new servers.

 

Perfect Privacy website

 

—

Hide.me

 

1. No, we don’t keep any logs. We have developed our system with an eye on our customers’ privacy, so we created a distributed VPN cluster with independent public nodes that do not store any customer data or logs at all.

 

2. Hide.me VPN is operated by eVenture Limited and based in Malaysia with no legal obligation to store any user logs at all.

 

3. We do not limit or monitor individual connections. To mitigate abuse, we deploy general firewall rules on some servers that apply to specific IP ranges.

 

4. Our website does not include third-party tracking tools. For live support, we embed Zendesk in a privacy-friendly two-click solution, so it does not load by default and no personal data is shared.

 

5. Since we don’t store any logs and/or host infringing copyright material on our services, we’ll reply to these notices accordingly.

 

6. Although it has never happened in such a scenario, we won’t be able to entertain the court orders because our infrastructure is built in a way that it does not store any logs, and there is no way we could link any particular cyber activity to any particular user. In case, we are forced to store user logs, we would prefer to close down rather than putting our users at stake who have put their trust in us.

 

7. There is no effective way of blocking file-sharing traffic without monitoring our customers, which is against our principles and would be even illegal. Usually, we only recommend our customers to avoid the US & UK locations for file-sharing, but it is on a self-regulatory basis since these countries have strong anti-copyright laws in place.

 

8. We support a wide range of popular payment methods, including all major cryptocurrencies like Bitcoin, Litecoin, Ethereum, Dash, Monero, Paypal, credit cards and nank transfer. All payments are handled by external payment providers and are linked to a temporary payment ID. This temporary payment ID can not be connected to the user’s VPN account/activity. After the payment is completed, the temporary payment ID will be permanently removed from the database.

 

9. After all, modern VPN protocols that we all support – like WireGuard, IKEv2, OpenVPN, SoftEtherVPN, and SSTP, are considered secure even after the NSA leaks. We follow cryptographic standards and configured our VPN servers accordingly in order to support a secure key exchange with 8192-bit key size and a strong symmetric encryption (AES-256) for the data transfer.

 

10. Our desktop client supports security features such as Multihop Double VPN, Kill Switch, Firewall to limit apps to VPN, Firewall to limit all connections to VPN, Split Tunnel, Auto Connect, Auto Reconnect, etc, which makes sure that the connection is always secure. Above all, we have put in some additional layers of security, which include default protection against IP and DNS leaks.

 

Hide.me is one of the few VPN providers that supports Dual Stack IPv4 and IPv6, so our customers do not need to worry about potential IP leaks.

 

11. We operate our own non-logging DNS-servers to protect our customers from DNS hijacking and similar attacks. We do not own physical hardware, but in case there is intrusion detection and other various security measures in place to ensure the integrity and security of all our single servers. Furthermore, we choose all third-party hosting providers very carefully, so we can assure that there are certain security standards in place (ISO 27001) and no unauthorized person could access our servers. Among our reputable partners are NFOrce, M247, Psychz Networks and many more.

 

Similar to Apple’s private relay, our dynamic Multihop Double VPN feature allows us to route tunnel the connection over multiple server locations. Neither the incoming or outgoing server can match users’ activity, which provides an extra layer of security.

 

12. Our servers are located in countries all over the world.

 

Hide.me website

 

—

Trust.Zone

 

1. Trust.Zone doesn’t store any logs. Therefore, we have no data that could be linked and attributed to the current or former user. All we need from customers is an email to sign up.

 

2. Trust.Zone is under Seychelles jurisdiction. The company is operated by Internet Privacy Ltd.

 

3. Our system can understand how many active sessions a given license has at a given moment in time. This counter is temporarily placed in RAM and never logged or saved anywhere.

 

4. Trust.Zone has never used any third-party tools like Google Analytics, live chat platform, support tools, or others.

 

5. If we receive any type of DMCA requests or Copyright Infringement Notices – we ignore them. Trust.Zone is under offshore jurisdiction, out of 14 Eyes Surveillance Alliance. There is no data retention law in Seychelles.

 

6. A court order would not be enforceable because we do not log information and therefore there is nothing to be had from our servers. Trust.Zone supports Warrant Canary. Trust.Zone has not received or been subject to any searches, seizures of data, or requirements to log any actions of our customers.

 

7. BitTorrent and file-sharing traffic is allowed on all Trust.Zone servers. Moreover, we don’t restrict any kind of traffic. Trust.Zone does not throttle or block any protocols, IP addresses, servers, or any type of traffic whatsoever. We offer port forwarding to increase download speeds for torrents.

 

8. All major credit cards are accepted. PayPal, Alipay, wire transfer, and many other types of payments are available. As we don’t store any logs, there is no way to link payment details with a user’s internet activity

 

9. We use the most recommended protocols in the VPN industry – WireGuard, OpenVPN, IKEv2/IPSec, L2TP/IpSec, Softether, Socks5 proxy Trust.Zone uses AES-256 Encryption by default.

 

10. Trust.Zone supports a kill-switch function. We also own our DNS servers and provide users with the ability to use our DNS to avoid any DNS leaks. All features listed above are also available with our FREE PLAN, which doesn’t require a credit card to start. We also provide users with additional recommendations to be sure that there are no WebRTC leaks, DNS leaks, or IP leaks.

 

11. We have a mixed infrastructure. Trust.Zone owns some physical servers and we have access to them physically. In locations with lower utilization, we normally host with third parties. But the most important point is that we use dedicated servers in this case only, with full control by our network administrators. DNS queries go through our own DNS servers.

 

12. We are operating with 200+ dedicated servers in 100+ geo-zones and are still growing. We also provide users with dedicated IP addresses and port forwarding. The full map of the server locations is available here.

 

Trust.Zone website

 

—

Windscribe

 

1. No.

 

2. Windscribe Limited. Ontario, Canada.

 

3. Byte count of all traffic sent through the network in a one-month period as well as a count of parallel connections at any given moment.

 

4. No. Everything is self-hosted.

 

5. Our transparency policy is available here.

 

6. Under Canadian law, a VPN company cannot be compelled to wiretap users. We can be legally compelled to provide the data that we already have (as per our ToS) and we would have to comply with a valid Canadian court order. Since we do not store any identifying info that can link an IP to an account, the fact that emails are optional to register, and the service can be paid for with cryptocurrency, none of what we store is identifying.

 

7. We allow P2P traffic in most locations. Yes, we provide port forwarding for all Pro users. Only ports above 1024 are allowed.

 

8. Stripe, Paypal, Coinpayments, Paymentwall. IP addresses of users are not stored or linked to payments.

 

9. The encryption parameters are similar for all protocols we support. AES-256 cipher with SHA512 auth and a 4096-bit RSA key. We recommend using IKEv2, as it’s a kernel space protocol that is faster than OpenVPN in most cases. We also support WireGuard.

 

10. Our desktop apps have a built-in firewall that blocks all connectivity outside of the tunnel. They also have split routing (per process, or network level), MAC address spoofing, and external DNS server support. In an event of a connection drop, it fails closed – nothing needs to be done. The firewall protects against all leaks, IPv4, IPv6, and DNS. We only support IPv4 connectivity at this time.

 

11. We lease servers in over 150 different datacenters worldwide. Some datacenters deploy networking monitoring for the purposes of DDOS protection. We request to disable it whenever possible, but this is not feasible in all places. Even with it in place, since most servers have dozens/hundreds of users connected to them at any given moment, your activity gets “lost in the crowd”. Each VPN server operates a recursive DNS server and performs all DNS resolution locally.

 

12. Our server overview is available here. We don’t offer virtual locations.

 

Windscribe website

 

—

Mullvad

 

1. No, all details are explained in our no-logging data policy.

 

Update: April 2023: Mullvad was subject to a search warrant but the company reports that customer data wasn’t compromised.

 

2. Mullvad VPN AB – Swedish. The parent company is Amagicom AB – Swedish.

 

3. We mitigate abuse by blocking the usage of ports 25, 137,139, and 445 due to email spam and Windows security issues.

 

OpenVPN: Number of connections: Each VPN server reports to a central service. When a customer connects to a VPN server, the server asks the central service to validate the account number, whether or not the account has any remaining time. If the account has reached its allowed number of connections, and so on. Everything is performed in temporary memory only; none of this information is permanently stored on disk.
WireGuard: Number of connections: Each VPN server reports public keys connected to a central service. If a key is abused, it will be revoked.

 

Our servers send two types of data to our monitoring system: aggregated application data, such as the total number of current VPN connections, and generic system metrics, such as CPU load per core and total bandwidth used by the server.

 

We log the total sum of each of these statistics in order to monitor the health of each individual VPN server. We ensure that the system isn’t overloaded, and we monitor the servers for potential attacks, bugs, and network issues. We also monitor the real-time state of total connections per account as we only allow for five connections simultaneously. As we do not save this information, we cannot, for example, tell you how many connections your account had five minutes ago. For WireGuard we have a limit of a maximum of 5 keys (i.e. 5 devices).

 

4. We have no external elements at all on our website, except for pulling in external elements when customers select stripe payments. These elements are not loaded until the user selects “pay by” and a method that Stripe supplies. We do use an external email provider; for those who want to email us, we encourage them to use PGP encryption which is the only effective way to keep email somewhat private. The decrypted content is only available to us.

 

5. As explained here, there is no such Swedish law that is applicable to us.

 

6. From time to time, we are contacted by governments asking us to divulge information about our customers. Given that we don’t store activity logs of any kind, we have no information to give out. Worst-case scenario: we would discontinue the servers in the affected countries. The only information AT ALL POSSIBLE for us to give out is records of payments since these are stored at PayPal, banks etc.

 

7. All traffic is treated equally, therefore we do not block or throttle BitTorrent or other file-sharing protocols. Port forwarding is allowed (update May 2023, it is now disabled).

 

8. We accept cash, Bitcoin, Bitcoin Cash, bank wire, credit card, PayPal, GiroPay, Eps transfer, Bancontact, IDEAL, Przelewy24 and Swish. We encourage anonymous payments via cash or one of the cryptocurrencies. We run our own full node in each of the blockchains and do not use third parties for any step in the payment process, from the generation of QR codes to adding time to accounts. Our website explains how we handle payment information. You can also pay in-app on the Apple store using the Mullvad iOS app.

 

9. We offer OpenVPN with RSA-4096 and AES-256-GCM. And we also offer WireGuard which uses Curve25519 and ChaCha20-Poly1305.

 

10. We offer a kill switch and DNS leak protection, both of which are supported in IPv6 as IPv4. While the kill switch is only available via our client/app, we also provide a SOCKS5 proxy that works as a kill switch and is only accessible through our VPN.

 

11. At 14 of our locations (4 in Sweden, 1 in Denmark, 1 in Amsterdam, 2 in Norway, 1 in the UK, 2 in Finland, 1 in Germany, 1 in Paris, 1 in Zurich) we own and have physical control over all of our servers. In our other locations, we rent physical, dedicated servers and bandwidth from carefully selected providers. Keep in mind that we have 3 locations in the UK and 3 in Germany, the servers we physically own are the ones hosted by 31173.se (they start with gb-lon-0* and de-fra-0*, and gb4-wireguard, gb5-wireguard, de4-wireguard and de5-wireguard). All servers are 10gbps.

 

Yes, we use our own DNS servers. All DNS traffic routed via our tunnel is hijacked, even if you set accidentally select another DNS our DNS will anyhow be used. Except if you have set up DNS over HTTPS or DNS over TLS, or if you use a custom DNS in our app.

 

12. We don’t have virtual locations. All locations are listed here.

 

Mullvad website

 

—

IVPN

 

1. No. We believe that not logging VPN connection related data is fundamental to any privacy service regardless of the security or policies implemented to protect the log data. Specifically, we don’t log: traffic, DNS requests, connection timestamps and durations, bandwidth, IP address, or any account activity except simultaneous connections.

 

2. Privatus Limited, Gibraltar. No parent or holding companies.

 

3. We limit simultaneous connections by maintaining a temporary counter on a central server that is deleted when the user disconnects (we detail this process in our Privacy Policy).

 

4. No. We made a strategic decision from day one that no company or customer data would ever be stored on third-party systems. All our internal services run on our own dedicated servers that we set up, configure, and manage. No third parties have access to our servers or data. We don’t host any external scripts, web trackers, or tracking pixels on our website. We also refuse to engage in advertising on platforms with surveillance-based business models, like Google or Facebook.

 

5. Our legal department sends a reply stating that we do not store content on our servers and that our VPN servers act only as a conduit for data. In addition, we inform them that we never store the IP addresses of customers connected to our network nor are we legally required to do so. We have a detailed Legal Process Guideline published on our website.

 

6. If asked to identify a customer based on a timestamp and/or IP address then we would reply factually that we do not store this information. If legally compelled to log activity going forward we would do everything in our power to alert the relevant customers directly (or indirectly through our warrant canary).

 

7. We do not block any traffic or ports on any servers. We provide a port forwarding service.

 

8. We accept Bitcoin, Cash, Monero, PayPal, and credit cards. When using cash there is no link to a user account within our system. When using Bitcoin, the transaction is processed through our self-hosted BTCPay server. We store Bitcoin transaction IDs in our system. If you wish to remain anonymous to IVPN you should take the necessary precautions when purchasing Bitcoin. We accept Monero directly to our self-hosted wallet and, no third party has access to payment information. When paying with PayPal or a credit card a token is stored that is used to process recurring payments but this is not linked in any way to VPN account usage or IP assignments.

 

9. We offer and recommend WireGuard, a high-performance protocol that utilizes state-of-the-art cryptography. Alternatively, we also offer OpenVPN with RSA-4096 / AES-256-GCM, which we also believe is more than secure enough for the purposes for which we provide our service.

 

10. Yes, the IVPN client offers an advanced VPN firewall that blocks every type of IP leak possible including IPv6, DNS, network failures, WebRTC STUN, etc. Our VPN clients work on a dual-stack IPv4/IPv6 but we currently only support IPv4 on our VPN gateways. Full IPv6 support is in the pipeline.

 

11. We use bare metal dedicated servers leased from third-party data centers in each country where we have a presence. We install each server using our own custom images and employ full disk encryption to ensure that if a server is ever seized the data is worthless.

 

We also operate an exclusive multi-hop network allowing customers to choose an entry and exit server in different jurisdictions which would make the task of legally gaining access to servers at the same time significantly more difficult. We operate our own network of log-free DNS servers that are only accessible to our customers through the VPN tunnel.

 

12. We have servers in 32 countries. No virtual locations. The full list of servers is available here.

 

IVPN website

 

—

AtlasVPN

 

1. If the question relates to the VPN server’s IP address and a user’s online activity while connected to VPN, then the answer is no.

 

2. Atlas VPN is incorporated under Peakstar Technologies Inc. We operate in Delaware’s (USA) jurisdiction.

 

3. We use an automated system that monitors the number of simultaneous connections per account. Yet, we do not store this information. The free version of our service is limited to 2 concurrent connections. Worth noting that our premium subscription does not limit the number of concurrent connections.

 

4. We mainly use Zendesk to communicate with our users. We also use Google Analytics and AppsFlyer to monitor application and website data.

 

5. Atlas VPN is considered to be a transmission service provider as per § 512 (a) of the Digital Millennium Copyright Act (DMCA) and not a storage service provider. Transmission service providers have no obligations to react to take-down notices or enable counter-notices.

 

6. We would comply with a justified court order in a manner that would be deemed appropriate after consultation with legal counsel. It would naturally depend on the court order on what steps we would need to take to ensure compliance. As far as logging future activity, we would do whatever it takes to protect our users’ privacy. We can not say how the process would unfold as we have never received any court order of this nature.

 

7. Yes, it is allowed. No port forwarding services are provided. SMTP ports are blocked to prevent email abuse.

 

8. Stripe (as well as Google Pay for the convenience of our users), PayPal as well as reseller services, such as Google Play and App Store. The details can be linked with account usage as far as app analytics go. They can be linked with ongoing sessions. This linkage is deleted as the VPN session is terminated.

 

9. It depends on the platform of the application. We use the IPSec/IKEv2 protocol, and depending on the platform we recommend Diffie Hellman group 20 and 256-bit ChaCha20/Poly1305 with 128-bit ICV.

 

10. Yes, these are implemented using platform tools. We do support dual-stack functionality.

 

11. All of our servers are hosted by third parties. We perform proper due diligence to ensure that the partners are reliable. Even if partners tried snooping, they would not be able to do so, since inbound and outbound traffic from the client is encrypted. We do use our own DNS servers.

 

12. They are located in the countries that are shown in our applications at any given time. No virtual locations are offered.

 

AtlasVPN website

 

—

Speedify

 

1. No, we do not share ANY user information with ANY third party. We do not store or log ANY information about which users accessed which domain names or IP addresses. We do not log customers’ IP addresses.

 

2. Connectify, Inc. – operating under US jurisdiction.

 

3. We monitor with a set of self-hosted, open-source tools including Prometheus and Grafana.

 

4. We don’t use third-party analytics tools. Our help desk is built on HelpScout. Messages are automatically deleted after a time period.

 

5. We politely reply that we do not collect enough information to be of any use.

 

6. We properly respond to law enforcement and offer the information which is in our logs. Which as previously noted, is not helpful for connecting users to activity. We would fight any order that attempted to force us to log a user activity going forward. We have received subpoenas for information about various IP addresses before. We have never been asked or ordered to attempt to log information about any user going forward.

 

7. Speedify has dedicated servers for P2P traffic. Most of our servers do not allow BitTorrent traffic. We do provide port forwarding and static IP address services with our dedicated VPN servers. Only port 25 is blocked as unencrypted SMTP is dangerous and insecure even to the sender, and has no legitimate use.

 

8. Speedify offers a variety of ways to pay, including Apple App Store, Google Play Store, Recurly, PayPal, and FastSpring. Purchases through Apple App Store and Google Play Store do not provide us with any information about the purchaser unless the user provides it to us directly.

 

9. We default to 256-bit AES encryption. Those concerned about security may wish to turn on the Killswitch to ensure traffic does not go out while the VPN is not connected.

 

10. Yes, we support killswitch. It is not on by default, but it’s available in the settings menu. Yes, we have built-in DNS and IPv6 leak protection. The software supports Dual Stack IPv4/IPv6, but not all our deployed servers are on IPv6. it’s rolling out to more and more servers as we speak.

 

11. Speedify VPN servers are hosted by third parties. On the VPN side, traffic is entirely encrypted. Internet traffic from clients is run through a server-side TCP proxy to erase hints in IP and TCP headers such as RTT which a sophisticated opponent could otherwise use to tease apart traffic from different operating systems. Then the traffic is NATed together, often 1000 users sharing a single IP address, to make individuals impossible to trace. We proxy the DNS before forwarding it to trusted, privacy-oriented DNS partners.

 

12. Our servers are constantly changing: in areas with few users, we will use virtual servers, but in most cases, we will use hardware servers.

 

Speedify website

 

—

CyberGhost

 

1.

CyberGhost has a strict No-Logs policy, so none of our traffic or DNS servers log or store any user info. Customers can rest assured that we keep absolutely no logs of any of our customers’ activities.

 

2. CyberGhost has been part of Kape Technologies, a leading ‘privacy-first’ consumer software provider, since 2017.

 

3. Our dedicated team monitors the whole service and infrastructure for any abuse of service. We have several tools in place, from CDN protection to firewalls and our own server monitoring system. Concurrent connections limits are monitored & also enforced via our systems to avoid such types of abuses.

 

4. We use Google Analytics for website analytics, Zendesk for customer support, and Iterable for customer communications.

 

5. Back in 2011, we were the first in the VPN industry to publish a Transparency Report. It’s something we still do today when we launch our reports quarterly. Our latest transparency report for Q1 2023 can be found here. Regardless of the number of DMCA takedown notices or legal requests we receive, our reply is always the same: we keep no user logs and so we cannot comply with the request.

 

6. Since we store no logs, such requests do not affect us. Under Romanian law, data retention is not mandatory. This allows us to give our ‘Ghosties’ complete digital privacy.

 

7. Many of our servers do support BitTorrent and CyberGhost offers servers that are optimized for private and secure file-sharing and safe and anonymous access to torrent sites for legal downloads. In some countries, local legislation prevents us from offering adequate service for torrenting. Other locations have performance constraints. We currently do not support port forwarding services. What’s more, specific ports related to email services are also blocked as an anti-spam security measure.

 

8. Our current payment providers are Cleverbridge, Stripe, BitPay, Braintree, and Paddle. We do not store any payment details. These are handled by our payment providers, which are entirely Payment Card Industry Data Security Standard compliant.

 

9. We generally favor the AES-256 encryption platform & protocol wide for its good balance of performance and security.

 

10. CyberGhost features an automatically integrated kill switch as a robust and reliable security feature. This is turned on by default, protecting users should their VPN connection ever be disrupted. CyberGhost does not support dual stack.

 

11. We use disk encryption to make sure no third party can access the contents of our VPN servers. Furthermore, we have additional server authenticity tests in place to eliminate the risk of Man-in-the-middle attacks. We use self-managed DNS servers to ensure the E2E protection of online activity.

 

12. Most of our servers are physically located within the borders of the specified country. We do also offer virtual locations for countries or locations where physical servers are not possible. Our server fleet now covers over 90 countries and over 115 different locations, allowing our users to browse safely and anonymously across the world. More details are available here.

 

CyberGhost website

 

—

AzireVPN

 

1. No, we do not record or store any logs related to our services. We do not log traffic, user activity, timestamps, IP addresses, number of active and total sessions, DNS requests, or similar data.

 

2. The registered company name is Netbouncer AB, and we operate under Swedish jurisdiction. There are no data retention laws for VPN providers in Sweden.

 

3. We take extra security steps to harden our servers: they are prepared by removing their hard drives. Their custom base image runs in RAM. The operating system is hardened with a method we call Blind Operator 2.0, which means that local (TTY) or remote (SSH) access is blocked. The servers are completely headless after deployment and it is not possible to log in to them. As for abuses such as incoming DDoS attacks, filtering on the attacker’s source port is used to mitigate them.

 

4. No, we do not rely on and refuse to use third-party vendors. We run our own email infrastructure and encourage people to use PGP encryption when contacting us. The ticketing support system, website analytics (Matomo with anonymization settings), and other tools are all open-source, or custom software hosted in-house.

 

5. We inform the sender that we do not keep any logs and cannot identify a user.

 

6. A court may issue an order requiring us to identify a user. In this case, we will first ensure that the order is valid. We will then inform the other party that because of our unique infrastructure, we cannot identify any current or former user of our service. If they force us to give them physical access to a server they will not be able to do anything. The reason for this is that the servers block local (TTY) and remote (SSH) access as part of Blind Operator 2.0, making it impossible to log in to a server.

 

To date, we have never received a court order and have never provided any personal information.

 

7. Yes, BitTorrent, peer-to-peer, and file-sharing traffic is allowed and treated the same as any other traffic on all of our servers. We do not offer port forwarding services yet, but we are working on it and expect to release it in the coming weeks.

 

8. Anonymous payment methods include cryptocurrencies or sending cash through the mail. Available cryptocurrencies include Bitcoin, Litecoin, Monero, and a few others. Traditional payment methods such as PayPal (with or without recurring payments), credit cards (VISA, MasterCard, and American Express via Stripe), and Swish are accepted.

 

We do not store any sensitive payment information on our servers, only an internal reference code for order confirmation. All transaction information is deleted from our database after six months.

 

9. We recommend the use of our WireGuard servers. WireGuard is a lightweight and powerful modern VPN protocol. Our custom applications are available for Windows, Android, macOS, and iOS. Otherwise, it is preferable to use official tools on Linux, macOS, and routers (using OpenWrt or DD-WRT).

 

10. We provide easy-to-use and similar looking custom VPN applications for Windows, Android, macOS and iOS that do not require any configuration file manipulation. We plan to add a kill switch and DNS leak protection to our desktop applications in the future.

 

We provide our users with a full dual IPv4+IPv6 stack on all servers. This eliminates the need for loose IPv6 leak protection. In the coming weeks, it will also be possible to connect to our WireGuard servers via a native IPv6 line.

 

11. We physically own all of our servers in all of the locations we offer. Our team ships them to data centers that meet our strict criteria, such as the availability of neutral and privacy-conscious Internet providers and closed racks for security. We also host our non-logging local DNS servers in each location; our VPN tunnels use them by default. Static DNS servers are also available.

 

12. We currently have 78 servers in 25 locations. In the past year, we have added new servers in Finland, Hong Kong, Singapore, and 3 new locations in the United States. There are no virtual locations.

 

AzireVPN website

 

—

Guardian

 

1. We do not.

 

2. DNSFilter, Inc. United States of America.

 

3. No limits on concurrent connections, though we may introduce bandwidth throttling if we notice huge amounts being consumed. We still won’t track, just would limit speeds in such cases.

 

4. Zendesk, so if you send an e-mail to support, it will have a help ticket for the inquiry you’ve sent. No analytics.

 

5. We simply block the port that they allege was in use. We do not retain any useful records and thus have no further action to take.

 

6. We have not had such a case occur. If one were to happen, we would engage with our legal counsel on how to fight it.

 

7. We currently have no terms for or against specific types of traffic. If a DMCA request is filed and says a specific port is being used for file-sharing activity, we will block the port.

 

8. We use Apple’s in-app purchase system on iOS, and Stripe on the web. Our payment authorization systems are separated from our VPN credential generation systems.

 

9. We offer IKEv2, as mentioned above, but are now also offering WireGuard and encourage our users to consider using it.

 

10. We currently only support IPv4, with IPv6 on our roadmap. We do not support what may be deemed a “kill switch” in a traditional sense due to the limitations of iOS.

 

11. We use 1.1.1.1 for DNS, and we use bare-metal servers (not shared VMs) on our hosting provider. We are in the process of setting up our own data centers.

 

12. We have servers located in the United States, Canada, Brazil, France, Germany, Italy, Netherlands, Switzerland, United Kingdom, Japan, Singapore, and Australia.

 

Guardian website

OVPN

 

1. Our entire infrastructure and VPN service is built to ensure that no logs can be stored – anywhere. Our servers are locked in cabinets and operate without any hard drives. We use a tailored version of Alpine, which doesn’t support SATA controllers, USB ports, etc.

 

2. OVPN Integritet AB (Org no. 556999-4469). We operate under Swedish jurisdiction. In May 2023: OPVN was acquired by Pango.)

 

3. We don’t monitor abuse. In order to limit concurrent connections, our VPN servers validate account credentials by making a request to our website. Our web server keeps track of the number of connected devices. This is stored as a value of 0-4, where it is increased by one when a user connects and decreased by one when a user disconnects.

 

4. For website insights, we use Matomo/Piwik, an Open Source solution that we host ourselves. The last two bytes of visitors’ IP addresses are anonymized; hence no individual users can be identified. Automatic emails from the website are sent using Postmark. Intercom is used for support.

 

5. Since we don’t store any information, such requests aren’t applicable to us.

 

6. OVPN has proven in court that no logs are stored. Furthermore, a court wouldn’t be able to require logging in our jurisdiction – but in case that changes in the future, we would move the company abroad. OVPN has insurance that covers legal fees as an additional layer of safety, which grants us the financial muscles to refute any requests for information.

 

7. We don’t do any traffic discrimination. As such, BitTorrent and other file-sharing traffic are allowed on all servers. We do provide port forwarding services as incoming ports are blocked by default. The allowed port range is 49152 to 65535. For other ports, we recommend users to purchase our Public IPv4 add-on.

 

8. PayPal, credit cards (via Braintree), Bitcoin (via CoinPayments), Ethereum (via CoinPayments), Monero (via CoinPayments), cash in envelopes as well as a Swedish payment system called Swish. We never log the IP addresses of users, so we can’t correlate an IP address to a payment.

 

9. OVPN’s default setting is to use WireGuard as VPN protocol.

 

10. Our desktop client provides a kill switch as well as DNS leak protection. All our servers support dual-stack IPv4 & IPv6. Our browser extension blocks WebRTC leaks.

 

11. We own all the servers used to operate our service. All VPN servers run without any hard drives – instead, we use tmpfs storage in RAM. Writing permissions for the OpenVPN processes have been removed, as well as syslogs. Our VPN servers do not support physical console access, keyboard access or USB access. The servers are colocated in various data centers that meet our requirements. OVPN does not rent any physical or virtual servers. We operate our own DNS servers.

 

12. We do not offer any virtual locations. All our regions are listed here. We have photos of our servers at all locations, which are viewable by clicking on the region names

 

OVPN website

HideIPVPN

 

1. We do not store or share any such information that allows doing that. The only information we store is that related to the payment process. But it is not shared anywhere outside the payment systems.

 

2. The registered name of the company is Server Management LLC and we operate under US jurisdiction.

 

3. A single subscription can be used simultaneously for 5 connections. Abuses of service usually mean using non-P2P servers for torrents or DMCA notices.

 

Also, our no-log policy makes it impossible to track who downloaded/uploaded any data from the internet using our VPN. We use IPtables plugin to block P2P traffic on servers where P2P is not explicitly allowed. We block outgoing mail on port 25 to prevent spamming activity.

 

4. We use the live chat provided by tawk.to and Google Apps for incoming email. For outgoing email, we use our own SMTP server.

 

5. Since no information is stored on any of our servers there is nothing that we can take down. We reply to the data center or copyright holder that we do not log our user’s traffic and we use shared IP-addresses, which make it impossible to track who downloaded any data from the internet using our VPN.

 

6. Due to having a no-logs policy and using shared IPs there is nothing to disclose regarding client activity when using VPN. Because of that, the only information we can provide to law enforcement is that we do not keep logs of connection or track user behavior that could tie them to a specific activity.

 

7. This type of traffic is welcomed on our German (DE VPN), Dutch (NL VPN), Luxembourg (LU VPN) and Lithuanian (LT VPN) servers. It is not allowed on US, UK, Canada, Poland, Singapore, Russian and French servers as stated in our TOS. The reason for this is our agreements with data centers. We do not allow port forwarding and we block ports 22 and 25 for security reasons.

 

8. HideIPVPN accepts the following methods: PayPal, Bitcoin, Credit & Debit cards, JCB, American Express, Diners Club International, Discover. All our clients’ billing details are stored in the WHMCS billing system.

 

9. SoftEther VPN protocol looks very promising and secure. Users can currently use our VPN applications on Windows and OSX systems. Both versions have a “kill switch” feature in case the connection drops. Our apps can re-establish a VPN connection and once active restart closed applications. Also, the app has the option to enable DNS leak protection.

 

10. Yes, our free VPN apps have both features built-in. It is worth mentioning that our free VPN apps for Windows and macOS – there is a brand new version of them – have even more cool and unique features. We were one of the first – if not THE FIRST – to introduce as you call it a “kill switch” in our apps. Now, we give users the ability to easily choose the best, “fastest” VPN server available for them in their location – a “Sort by speed” option.

 

11. We don’t have physical control of our VPN servers. Servers are outsourced in premium datacenters with high-quality Tier 1 networks. Our servers are self-managed and access is restricted to our personnel only.

 

12. At the moment we have VPN servers located in 12 countries – US, UK, Netherlands, Germany, Luxembourg, Lithuania, Canada, Poland, France, Australia, Russia, and Singapore.

 

HideIPVPN website

 

—

Ivacy

 

1. Ivacy VPN does not keep any personally identifiable information on any of its users. Since we do not keep such information, there is no way to share private information with third parties. The only bit of information we collect is email address against which the account is bound and payment details which are necessary in order to issue a paid subscription. Plus we also offer more anonymous ways of making a transaction if you’re concerned about your privacy like Cryptocurrencies.

 

As for what information is collected, none contains any identifiable information or user data like DNS requests, traffic details, or IP addresses. The only thing known is the countries where users originate from.

 

2. The company is registered as Ivacy VPN and is a part of PMG Pte. Ltd. Ivacy mainly operates from Singapore with some remote resources working from other parts of the world. As such, we’re only answerable to Singaporean laws.

 

3. We employ a few essential tools, which are as follows: Firebase Crashlytics, Google Analytics, and iTunes.

 

4. Apart from the tools mentioned above, we also utilize third-party tools like Zendesk (Customer Service & Support Ticketing) and LiveChat (Help Desk Software).

 

To provide outstanding customer support and quick delivery of service, we keep a record of all our correspondence. This includes a record of complaints, questions, and compliments submitted via our website, extensions, or apps.

 

5. When a user connects with Ivacy, he/she becomes anonymous. Therefore, we cannot connect specific activities with specific users since we don’t keep any logs or records. However, if a case is forwarded to our legal department, appropriate measures will be taken to address the issue promptly.

 

6. As mentioned earlier, Ivacy VPN does not keep any personally identifiable information on any of its users, which is also in accordance with the GDPR. Because of this, we do not have any information to give to anyone, even if it is a court order. Such scenarios have never played out in the past because Ivacy VPN is a GDPR complaint VPN provider.

 

7. Yes, BitTorrent and other file-sharing traffic are allowed on our P2P-optimized servers. Ivacy also keeps striving to improve its product and as such, new P2P servers within the same country and new countries with P2P protocols will keep on adding in the future We do offer port forwarding services as well. However, all ports are blocked by default and need to be enabled by users according to their needs and requirements.

 

8. Ivacy VPN utilizes the following payment systems/providers: Debit/Credit Cardm, PayPal, BitPay, Coingate, and PerfectMoney. Please note Ivacy VPN utilizes third-party payment processors. These third-party payment processors are evaluated regularly, ensuring our users’ data is not used for any other purpose except for processing payments.

 

It is important to note, though, that the payment data provided rests with the respective payment processors. Therefore, in those instances where we process data, it is passed on to the processor without keeping any record of it at our end.

 

9. OpenVPN with the AES-256-GCM encryption algorithm.

 

10. Ivacy VPN does provide tools like Internet Kill Switch, IPv6 Leak Protection, Secure DNS, Public Wi-Fi Security, Split Tunnelling, and several other advanced security features. These features ensure our users remain safe, secure, and anonymous at all times while connected to our VPN servers.

 

11. Our servers are hosted on Tier-4 data centers, and yes, we do own DNS servers.

 

12. Ivacy does not offer virtual locations and all the locations listed are actual, physical locations. Our complete list of physical servers can be found over here.

 

Ivacy website

 

—

 

*Note: NordVPN, ExpressVPN, and Private Internet Access are TorrentFreak sponsors. We reserve the first three spots for them as a courtesy. This article also includes a few affiliate links which cost readers nothing but help us pay the bills. We never sell positions in our review article or charge providers for a listing.

 

Given the scale of the problem and the underlying feeling that anti-piracy campaigns rarely have much of a long term impact, a change of tactics every few years is to be expected.

 

After demonizing file-sharers for much of the 2000s, more focus was placed on pirate sites and the people behind them. In parallel, pirates were asked to consider the effect of their habits on creators, not the very big ones, but those struggling through life trying to make ends meet, just like them.

 

There was nothing fundamentally wrong with that message but since Hollywood and most of the music industry thrive on images of extraordinary wealth and power, the message often found itself muffled under red carpets, dazzling awards shows, and other big displays of huge money, also not being shared with the little guys. It was time for another change in tactics.

Think About The Guy in the Mirror

The theme of the last five years has three key components: criminality, malware, and the welfare of pirates. Now portrayed as victims themselves rather than the reason pirate sites exist, pirates are warned about high-level organized crime, using digital content as misdirection, while malware steals their privacy and empties their bank accounts. Piracy also received an upgrade in the corridors of power; it’s a cybercrime issue now.

 

The narrative is indeed dramatic, but is it credible?

 

In many cases, this imagery is overblown and completely unhelpful. In other cases the claims are entirely credible, there’s little doubt about that. The caring-is-sharing philosophy has been on life support for years and by default, even the smallest pirate site operators are criminals under the law. In many cases the way they generate revenue is no more harmful to users than the rest of the awful advertising found online, but malware and other mechanisms are also part of the equation.

 

Based on the theory that scary reports have limited impact and that knowledge always beats fear, perhaps it’s the right time for people to make up their own minds after taking a little look under the hood. That’s not just an opportunity to see how things tick, but also part of a balancing exercise; legality and supporting creators on one side and illegality and potentially deal-breaking risks on the other.

 

Since Android apps are likely to be installed without even a moment’s thought, especially by younger people, that might be a good place to start. None of the following tools require any apps to be installed.

Free Tools For Basic Checks

While it’s not the most comprehensive tool on the market, CloudSEK’s BeVigil mobile app search engine can be installed on Android devices themselves via Google Play. The BeVigil app will raise the alarm if another app requests excessive permissions, while aiming to improve malware and vulnerability detection in rogue apps.

 

The BeVigil platform can also be accessed via the web, where users can search for an app by name or upload an app for the platform to test.

 

 

For the purposes of illustration we selected a single variant of the movie and TV show streaming app ‘Pikashow‘ at random and discovered three risky device permissions and three more flagged as dangerous.

 

 

For absolute beginners the colour scheme alone provides guidance; green being broadly acceptable and red the complete opposite. Three reds means three red flags, no matter how many greens.

 

For the curious, clicking each reported colour-coded permission will provide an explanation about what the app could do, if the user grants it permission to do so. For example, the red ‘system alert window’ permission above allows the app to place another window on top of all windows containing any message whatsoever.

 

Most of the time “Click here to remove malware” means “Click here to install malware” while “Click here to watch movies” means “Click here to install malware.” An alert window may also offer a shiny new update with sincere assurances that everything is always safe to use and despite warnings “click install anyway.” Countless people blindly do just that.

 

 

To be clear, not everything that raises an alarm turns out to be malicious but double-checking on another platform never hurts. We asked Immuniweb its opinion on the same app and it received an even worse report.

 

The overall score calculated for an app to be rated relatively ‘safe’ on BeVigil seemed too high. One BeeTV variant downloaded over a million times received a security rating of 7.4 despite requesting ‘system alert window’ permission and access to information in the user’s phone, including network provider, outgoing call status, and the details of all phone accounts registered to the phone.

 

The question that needs to be asked here is simple: Why does an app need all of that information just to play a video? The answer is simple too: It doesn’t.

VirusTotal and JoeSandbox

On a base level both VirusTotal and JoeSandbox make it easy for users to upload an APK and have it analyzed. In many cases other users will have uploaded the same file already, meaning that reports are available immediately.

 

These tools are much more advanced and while still easy to use, interpretation of the presented data becomes increasingly complex as connections are developed. VirusTotal has a gallery of other users’ investigations into all kinds of malware, which on one hand can be truly fascinating yet on the other, absolutely terrifying.

 

 

That being said, both have a free tier so are perfect for becoming more familiar with both apps and websites from a perspective most users never experience. Both platforms also allow viewing of detailed reports carried out in the past and one in particular catches the eye.

 

Advance warning that this report is huge and may well lock up your browser for a while as it loads. The report is a major concern and more time is needed to digest it properly, but it doesn’t look great at first blush.

 

More generally, the sky isn’t falling just yet but with so many opportunities to get educated via freely available tools, taking unnecessary risks needs to become a thing of the past. The important thing is to raise awareness; informed choices that resonate with the individual always beats blindly following the crowd.

 

Note: Risk can be managed and reduced but it cannot be eliminated. No single tool is authoritative. Testing on five tools is always better than testing on one. All security vendors reporting an app as clean does not necessarily mean that an app is safe. No app should be trusted by default just because it has a familiar name. Finally, security issues aside, it should be obvious that copyright infringement is against the law.

 

Other free tools worth checking out:

 

Any.run – Interactive malware analysis
Hybrid Analysis – Free malware analysis
Qu1cksc0pe – Malware analysis tool (advanced)
MobSF – Malware analysis tool

 

In January 2023, the Alliance Against Pay Television Piracy (Allianz) welcomed Jorge Bacaloni as the organization’s new president.

 

Bacaloni is also the Regional Anti-Piracy Manager of Vrio Corp, a company comprised of DirecTV Latin America and Sky Brasil, among others. In an interview following his appointment, the anti-piracy chief stressed that public/private partnerships are a necessity in the fight against piracy.

 

“It is necessary for the entire industry to accept that this is a challenge for everyone and to work in coordination,” he said.

 

“Alianza has a very important role, but it cannot fight a huge criminal network alone, one that is growing by leaps and bounds, hand in hand with technological advances. That is why we believe that governments, in addition to creating favorable conditions for the private sector to create value, must carry out concrete actions to provide legal certainty.”

 

Precisely when DirecTV’s anti-piracy team filed its complaint with the authorities in Argentina isn’t clear, but it appears the type of cooperation Bacaloni called for again in June is already producing results.

Specialist Prosecutor Launches Investigation

DirecTV’s complaint focused on Digital TV, a pirate IPTV service offering around 900 live TV channels, including channels exclusive to the company in Latin America. Digital TV also had a sizeable VOD platform, 8,000 movies and 400 TV series, DirecTV reports. To round off the package, Digital TV reportedly offered live soccer and adult channels as part of a low-cost subscription deal.

 

Under the control of specialist cybercrime prosecutor Alejandro Musso in Buenos Aires, the investigation was carried out by Argentina’s Specialized Fiscal Unit for the Investigation of Cybercrimes (UFECI) with assistance from fraud investigators at online marketplace operator Mercado Libre.

Raids Against Pirate IPTV Provider ‘Digital TV’

After receiving authorization from a local court, law enforcement carried out raids in the Buenos Aires Province town of Ramos Mejía, and the cities of Arrecifes and Chivilcoy.

 

“A 22-year-old man, a computer technician with extensive knowledge of programming, was arrested in Ramos Mejía and brought to justice after being accused of being the creator of ‘Digital TV’, a platform that was used for the illegal retransmission of television signals,” a statement from DirecTV reads.

 

Image of the raid issued by police

 

The company says that according to a preliminary inspection, the service had around 85,000 subscribers. An app associated with the service, available for download from “one of the main virtual stores” is said to have been downloaded over 100,000 times.

 

“The Court ordered [the app’s] immediate blocking given the million-dollar losses suffered by rightsholders due to the action of piracy,” DirecTV adds.

 

TorrentFreak found an app fitting that description on Google Play.

 

 

At the time of writing the app remains available on Google Play from Argentinian and overseas IP addresses. The same is true for what appears to be one of Digital TV’s websites.

 

TorrentFreak was independently able to link the app on Google Play directly with the website, and then link both to the developer arrested by police.

Police Traced “Mastermind” Via IP Addresses

Local media outlet La Nacion published police photographs of the suspect and identified him as local man Martin Coll, the alleged “mastermind” behind DigitalTV and just one of the players involved in TV piracy across Latin America.

 

“The suspect is part of one of the organizations that operates throughout Latin America, it is a million-dollar business that generates large losses for the affected companies,” a police source said.

 

Police-issued photo of Digital TV suspect

 

La Nacion reported that police were able to identify Coll by tracking the IP addresses he used online. While that evidence would indeed prove useful as part of a larger package, we were able to discover the name of the “mastermind” within five minutes of downloading the Digital TV Android app from Google Play.

 

Whether it was a blunder or misplaced overconfidence is unclear, but the Digital TV app contains an abundance of useful information. In terms of personally identifying information, the certificates are particularly informative since they carry the developer’s full name.

 

 

Among other highly sensitive pieces of information, the app links to an API at the domain DigitalTV.cloud. Other than a default server landing page there’s no public-facing website at that address, but one does exist at another URL.

 

The servers indicated behind the scenes clearly formed an important part of Digital TV’s infrastructure and the authorities are obviously well aware of that since the domain is now linked to an ISP blocking notice.

 

 

As noted earlier, Coll’s anonymity was completely removed when local media published his full name and photographs, which included images of the suspect in handcuffs following his arrest. Whether that’s normal for Argentinan media is unclear but whatever the truth, local TV channel Canal26 went on to broadcast images of the suspect to 4.5 million subscribers all around the country.

 

When that genie escapes from the bottle, there’s no hope of returning it. In the meantime, reports suggest the developer is refusing to answer any questions. Two other men said to be resellers of the service have reportedly been identified by the authorities.