Over the years, Z-Library established itself as a premier source of pirated books, serving an audience of millions of users.

 

Up until a few months ago, this all happened relatively quiet. However, when the United States launched a criminal case against two alleged operators, everything changed.

 

Z-Library lost access to over 200 domain names late last year and, just last week, the authorities carried out a new seizure round. Despite these enforcement actions and the pending criminal case, the remaining Z-Library team has no plans to hide in the shadows.

Seizures Sow Confusion

The site swiftly switched to backup domains and remained online. However, speaking with TorrentFreak, the team says that this game of whack-a-mole likely isn’t over yet and more seizures are expected in the future.

 

“We have already replaced these [seized] domains with others, but it is likely that this will not be a long-term solution as the authorities continue to seize domains,” Z-Library noted.

 

These evasive actions are likely to make the site an even bigger target for U.S. law enforcement agencies including the FBI, who will be motivated to bring those responsible to justice. That’s not the only concern for Z-Library, however, as the domain seizures are having another side-effect; the rise of copycats.

Copycat Warning

After the crackdown last year, the popular pirate library has become rather hard to find through search engines such as Google. Instead of the official site, the top results now point to copycat platforms.

 

These knockoffs use the Z-Library brand to draw visitors and that appears to be working quite well. For example, Zlibrary.to had an estimated 9.1 million visits last month, while Z-Lib.is had a reported 7.8 million visits.

 

These sites have nothing to do with the official site and, according to the Z-Library team, these copycats are unsafe. The fraudulent sites pose a security risk, the team warned its users this week.

 

“We want to remind you to be cautious when searching for Z-Library on Google, as there are currently several unsafe and fraudulent websites appearing at the top of the search results. These websites may steal your personal information and compromise your security,” Z-Library wrote.

Scammy Google Takedowns

It’s not possible for us to verify these claims in detail but it is clear that these sites intentionally set out to confuse the public. That’s also happening on Twitter, where one of the copycats is having fun with more than 20k followers.

 

These sites don’t stop at simply impersonating Z-Library either. We previously noticed that some of these copycats use DMCA notices to protect ‘their’ brand.

 

For example, someone named “Mahut Aydin” didn’t like this Reddit thread that claims Z-lib.is is a scam. They sent Google a DMCA notice asking to remove it from search results, but that effort failed.

 

Zlibrary.to also sent an unusual takedown notice to Google. The copycat website asked Google to remove several URLs from Ebookchase.com from its search engine, claiming that the site is “stealing” their works.

 

Google likely realized that something was off as the search engine didn’t comply with either of these requests. That said, the same copycat sites continue to take the top “Zlibrary” spots of search results today.

 

After filing a series of lawsuits against cheat developers, cheat sellers, resellers, and even gamers who use cheats, there’s little doubt that Bungie views cheating as a threat to its business.

 

After a Washington court awarded Bungie $6.7 million in damages against LaviCheats on Monday, the company scooped a damages award of $16.2m in the same court (but in a different case) on Tuesday.

 

For the sole defendant in yet another Bungie lawsuit, filed at exactly the same court in 2022, these headlines should make for uncomfortable reading. While the case doesn’t feature a cheat developer or seller, Bungie has shown few signs that it’s prepared to back down from its mission to stamp out game tampering.

Twitch Streamer Feels The Heat

In its July 2022 complaint, Bungie targeted a Twitch user who reportedly live streamed himself cheating in Destiny 2 while evading multiple bans. When it became apparent that the user was just 17-years-old, his name was removed from the docket and replaced by the initials L.L. Bungie continued, business as usual.

 

According to the complaint, L.L. and Bungie have a history. While using various pieces of cheat software, L.L. streamed his games on Twitch and using its own tools, Bungie detected his activity and banned him. L.L. responded by opening new accounts, which Bungie would eventually shut down. When L.L. posted a series of tweets in May 2022, in which ‘arson’ and ‘death’ were mentioned along with a named member of staff, Bungie was prompted into action.

 

In common with other lawsuits against cheaters, Bungie says that L.L.’s use of cheat software modified Destiny 2 and led to the creation of an unauthorized derivative work. That entitles the company to either $150,000 in statutory damages or an amount to be determined at trial. Bungie says that each time L.L. played the game, he also bypassed Bungie’s security measures. Citing violations of the DMCA’s anti-circumvention provisions, Bungie demands $2,500 for each time that happened.

 

More fundamentally, each time L.L. was banned and then signed up for a new account, he agreed to Bungie’s Limited Software License Agreement with no intent to comply with it; fraud according to Bungie. That’s on top of allegations that L.L. resold Bungie-issued digital emblems on a third-party platform with authorization to do so.

L.L. Came Out Swinging

Covered in detail last September, L.L.’s response to Bungie’s complaint can be summarized in a few key points.

 

Anything that L.L. may have said about Bungie was simply the teenager making fun of the company’s “apparently ineffective” efforts to combat cheating in Destiny 2. Since “Congress has not, at present, chosen to make [cheating] unlawful,” the defense continued, none of the alleged acts in the complaint violated any of Bungie’s rights.

 

Regarding violations of the LSLA, the court was informed that as a minor, L.L. has the right to disaffirm any contract within a reasonable time of becoming an adult. As it happened, he had already declared all contracts with Bungie null and void.

 

In its response to L.L.’s motion to dismiss, Bungie said the court could go right ahead and dismiss all of its claims related to the LSLA. While the LSLA prohibits things like cheating, it also acts as permission since it licenses certain actions, including playing the game.

 

With no license in place, Bungie said that every download and every play of Destiny 2 amounted to copyright infringement, potentially placing L.L. in a less advantageous position than he had enjoyed before.

 

In a subsequent filing, which appeared to reference the claim that Congress still hadn’t made cheating in games illegal, Bungie informed the court of the Yout vs. RIAA decision, which relates to the circumvention of technological measures that protect access to a copyright work.

 

Cheating may not be illegal but without circumvention, this type of cheating wouldn’t exist.

Court Steps in to Clarify the Law

In an order handed down this week, District Judge Richard A. Jones said that since L.L. had properly disaffirmed all contracts due to his status as a minor, he would now address L.L.’s motion to dismiss Bungie’s lawsuit for failure to state a claim.

 

With no enforceable contract between L.L. and Bungie, the Court dismissed Bungie’s breach of contract claim in connection with the LSLA. Bungie’s claim of fraudulent inducement, related to L.L.’s allegedly false statements when agreeing to the terms of the LSLA, is a matter to be addressed at a later stage, so was not dismissed.

Copyright Infringement

Bungie’s arguments in support of its copyright infringement claim were described by the Judge as “persuasive.” The cheat software “transformed Destiny 2 by manipulating the software to add visual elements overlayed on the original visuals in the game” and since L.L. had no permission from Bungie, that amounts to an unauthorized derivative work.

 

Attempts by the defense, to play down the anti-cheat provision in the LSLA, also failed. Any use of software to cheat in Destiny 2 was preannounced in the LSLA as grounds for immediate termination of L.L.’s license.

Anti-Circumvention Claim

Regarding Bungie’s anti-circumvention claims, the Court said that L.L. bypassed license access control measures when he agreed to the LSLA but with no intention to abide by it. He also bypassed Bungie’s “step control measures” when he created new accounts after being banned, and when he used cheat software to avoid detection by Bungie’s anti-cheat technology.

 

“The Court is not persuaded by Defendant’s cherry-picked reading of the DMCA that only establishes a violation when the Defendant decrypts, descrambles, or disables Plaintiff’s software,” Judge Richard A. Jones’ order continues.

 

“When read as a whole, the statute clearly states that avoiding or bypassing a technological measure violates the DMCA. Therefore, the Court denies Defendant’s motion to dismiss the circumvention of technological matters claim.”

 

L.L. enjoyed some success with the defeat of Bungie’s claim under the Washington Consumer Protection Act, which related to L.L.’s unauthorized sales of digital emblems. The Court accepted that L.L.’s cheating, selling, and other conduct caused injury to Bungie’s business, but the company failed to show that L.L.’s conduct is of public interest.

 

With the case set to continue, the Court invited Bungie to submit its first amended complaint.

 

Judge Richard A. Jones’ order can be found here (pdf)

 

Bungie’s relentless pursuit of cheat developers, sellers, and resellers was probably crafted to send a deterrent message.

 

After another judgment and multi-million dollar damages award was handed down this week, any cheat developers still operating may consider other companies’ games less of a risk. For those still unconvinced, a judgment handed down Tuesday may be persuasive.

The Domino Effect

Bungie filed a copyright infringement lawsuit against defendants allegedly involved in the development and supply of Destiny 2 cheat ‘Wallhax’ back in August 2021.

 

In June 2022, Bungie was awarded $13.5m in copyright infringement damages against Elite Boss Tech, Inc., 11020781 Canada Inc., and owner Robert James Duthie Nelson. The defendants admitted that Wallhax injected new code into Bungie’s code, thereby creating an unlicensed derivative work. They also conceded that Wallhax circumvented Bungie’s technological measures in breach of the DMCA.

 

With an apparently compliant defendant at its disposal, Bungie was able to identify two other key defendants. One of them decided to help Bungie, but the other – Denmark-based developer Daniel Larsen – proved less cooperative.

 

Bungie’s response included calling in technical experts to paint Larsen’s contribution to Wallhax in an extremely negative light, and him personally as an uncooperative witness. Some may have been tempted to visit the United States to iron things out but according to court documents, Larsen resisted the temptation.

No Defendant Present, No Defense

On Monday, with Larsen thousands of miles away, Bungie filed a motion for default judgment at a Washington court and didn’t hold back. From a technical perspective, the motion wasn’t entirely successful, but that certainly didn’t prevent it from being a success.

 

Bungie asserted a total of eight claims against Larsen: copyright infringement, violations of the civil Racketeer Influenced and Corrupt Organizations Act (RICO), violations of the DMCA, violations of the Computer Fraud and Abuse Act (CFAA), violations of the Washington Consumer Protection Act (CPA), and civil conspiracy.

 

Seeking entry of default judgment on all claims, Bungie requested over $17.27m in damages, including almost $268k in attorney fees and $80,200 in costs. The company also requested a permanent injunction against Larsen, barring him from similar future conduct.

Successful Copyright Claims

District Judge Tana Lin found in favor of Bungie on its copyright infringement claim. Larsen’s conduct was indeed willful, an important factor in support of Bungie’s claim for enhanced damages.

 

Regarding Bungie’s RICO claim, the court found sufficient evidence to show that Larsen willfully utilized Bungie’s Destiny 2 software to develop the Wallhax cheat and that Larsen directly infringed Bungie’s copyrights for his own personal gain.

 

Since Larsen benefited financially from criminal copyright infringement through the sale of 6,000 cheats, with illegal gains also reinvested back into the business, the court was satisfied with Bungie’s RICO claim.

 

Bungie’s claim alleging violations of the DMCA’s anti-circumvention provision was equally successful.

 

“Bungie has provided allegations and evidence that Larsen developed and designed the Wallhax cheat to circumvent Bungie’s technological measures to protect its copyrighted works in violation of § 1201(a),” the order reads.

 

“And Bungie has shown that the Wallhax cheat circumvented the controls and that Larson himself evaded those controls by opening new accounts after being banned. Additionally, Bungie has shown that Larsen violated § 1201(b)(1) by creating an infringing derivative work. The Court finds that entry of default judgment on these claims is proper.”

Computer Fraud, Civil Conspiracy

The court also found that when Larsen intentionally accessed Destiny 2 servers to obtain the Destiny 2 software to create the Wallhax cheat, that amounted to a violation of the Computer Fraud and Abuse Act (CFAA).

 

When Larsen created multiple accounts after being banned from Destiny 2, he breached the terms of Bungie’s Limited Software License Agreement LSLA, the court found. No evidence supported Bungie’s claim that Larsen breached the Consumer Protection Act but the videogame company’s Civil Conspiracy claim succeeded, with the court noting that Bungie’s evidence was sufficient to show that Larsen conspired with the other defendants.

Default Judgment and Amount

Bungie asked the court for a damages award of $13,530,000 for violations of the DMCA. The court has the discretion to award no less than $200 or no more than $2,500 per act of circumvention, device or performance of service. Bungie requested $2,000 for each cheat downloaded and the court found the amount appropriate. Damages award granted: $13,530,000.

 

For its claim under the Copyright Act, Bungie asked the court for $466,718.90 in actual and statutory damages and requested the amount to be trebled due to Larsen’s willful conduct. The court said that Bungie failed to provide admissible evidence of actual damages but its claim for willful infringement of two copyrighted works was accepted. Damages award granted: $300,000.

 

In respect of Larsen’s alleged breach of contract, RICO and CFAA violations, the court awarded damages of $1,999,998. Bungie’s request for an award of $267,887.10 in attorney fees and $80,263.92 in costs was accepted by the court.

 

In total, the court awarded Bungie $16,178,149.02 in damages and costs, plus a broad injunction to restrain Larsen from any and all future activities similar to those dealt with in this case.

 

Whether Bungie will be able to collect anything from Larsen is unknown, but the above seems to provide an aggressive framework for dealing with any developers who target Bungie’s games in future.

 

The order granting default judgment and the judgment itself can be found here (1,2, pdf)

 

Obtaining a proper education can give people a leg up in life, but this privilege does come at a price.

 

Studying can be a costly endeavor, requiring expensive textbooks that may only be in use for a single semester. To reduce costs, some students choose to share books or buy cheaper second-hand versions. Textbook piracy is also widespread and in many cases considered socially acceptable among students.

 

Last year, a Danish student survey found that nearly half of all students who use digital textbooks obtain copies through illegal means. Most students are well aware that selling and pirating books is against the law, but 68% still found it acceptable to share pirated books with friends or other students.

Criminal Conviction

Rights Alliance, a Danish anti-piracy group that represents rightsholders in several sectors, has had this issue on its radar for a few years now. Thus far, it has resulted in several criminal convictions of what, at first glance, seem rather small offenders.

 

This month another case went before the court after a 25-year-old man was found guilty of selling PDFs of pirated textbooks to 12 people. The offender avoided a prison sentence, in part due to the lengthy proceeding, but was ordered to pay a fine of 5,000 Danish kroner (~$670) in compensation, while 2,450 kroner (~$360) were confiscated.

 

The court concluded that the man sold 56 pirated copies in total, which he stored on a Microsoft OneDrive server. This wasn’t a typical hardcore criminal operation, however, as the seller himself wasn’t the source. He received the pirate books for his “social work” study from other students and decided to sell them to others online.

 

While this type of activity is clearly illegal, the sentence also has an ironic twist. A quick calculation shows that the fine and confiscated money amount to less than $20 per pirated textbook, meaning that buying them legally would probably have been more expensive.

Facing the Consequences

Commenting on the recent verdict, Rights Alliance director Maria Fredenslund says the case highlights that relatively small acts of piracy can have real criminal consequences.

 

“Thanks to an effective effort by the police, it was possible to stop the systematic sale before the consequences became too great. This case shows that systematic illegal sales are not reserved for an overwhelming profit. Just a few completed sales of illegal textbooks can have criminal consequences,” Fredenslund notes.

 

According to the anti-piracy group, most of the textbooks in the case originated from Nota, a Danish Library for people with print disabilities. Responding to this finding, Nota’s acting director Michael Karvø stresses that it will continue to tighten its security to prevent piracy.

 

“Nota takes the illegal sharing of Nota’s materials very seriously and therefore has a continuous focus on the implementation of new security measures to prevent illegalities,” Karvø says.

Taking Responsibility?

The educational book publishers association is pleased with the conviction. However, Secretary General Pia Vigh notes that educational institutions can and should do more to address the piracy problem.

 

“When so many of the students share digital study books knowing that it is illegal, it shows a great need for the educational institutions to take more responsibility,” Vigh comments.

 

The association calls for a cultural change in the educational setting, where piracy should not be without consequences. Instead, it should be actively condemned, also by teachers.

 

Whether this conviction or the others reported previously will have a serious impact remains doubtful. As the price of textbooks remain high, some students are still willing to take a calculated risk.

 

With pirate IPTV services first seeping and then exploding into the mainstream around 2016/17, the launch of streaming service DAZN provided hope of a viable alternative.

 

Initially made available in Germany, Switzerland, Austria and Japan, DAZN’s mission to provide affordable access to live and on-demand sports content was exactly what fans had been crying out for. Having grown tired of waiting, millions had already switched to pirate IPTV services but with a new approach, fresh-faced DAZN might even begin to win some back.

We are basically saying pay-per-view sucks

In December 2018, with Mexico’s Canelo Álvarez set to take on Britain’s Rocky Fielding the very next day, the Evening Standard interviewed DAZN’s then-CEO, Simon Denyer. After securing an eight-year boxing rights deal worth $1 billion, the plan was to ditch expensive one-off payments for big events in favor of steady, $10-per-month subscription packages.

 

“We are basically saying pay-per-view sucks,” Denyer said.

 

DAZN’s marketing drilled that message home – and then some.

 

 

Even those with a fundamental understanding of the boxing business could’ve predicted how this was likely to pan out.

 

The world’s best fighters live for big paydays, specifically the multi-multi-multi million dollar kind that are typically sustained by a solid PPV model. So, after onboarding subscribers on a PPV-sucks basis, DAZN told its customers that big fights would be available on the DAZN platform, on a PPV basis.

 

With other market forces already biting hard, DAZN followed up with a recent announcement heralding huge price increases for its regular subscription packages.

 

In the wake of almost doubling standard subscription rates in the United States and other key markets, DAZN will have to work hard to win new subscribers. Retaining the 20 million customers it already has will be a challenge too, but one that can be made easier by eliminating cheaper competitors operating in the same market.

DAZN Joins Rivals to Fight Piracy

Having lost more than $6 billion since launch in 2016, with an operational loss of $1.3 billion in 2021 alone, DAZN’s affordable content strategy appears to have issues. In 2021 it acquired soccer match rights in Italy and Germany, but since they are incredibly expensive, that meant doubling the price of subscriptions in those countries.

 

In a move to ensure that customers have no cheaper options, this week global anti-piracy coalition Alliance for Creativity and Entertainment announced that DAZN had become its latest member. Along with dozens of other corporations facing similar issues, DAZN will help to disrupt pirate streaming services all over the world.

 

“Intellectual property theft of live sports content is an industry issue, negatively impacting all sports and sports fans, and it needs a global concerted effort to meaningfully tackle it. ACE is the natural home for the Sports Piracy Task Force, given their track record, reputation, and experience in delivering effective programs of action,” says Shay Segev, DAZN Group CEO.

ACE Sports Piracy Task Force

Launched this week, the ACE Sports Piracy Task Force currently consists of beIN Media Group and DAZN, but the plan longer term is to bring other sports rightsholders on board to tackle what is increasingly viewed as a global threat.

 

“With every new member, our global network becomes more powerful and more effective at targeting and shutting down the piracy operators that threaten the media, entertainment and live sports economy and consumers,” says Jan van Voorn, Head of ACE and Executive Vice President and Chief of Global Content Protection at the MPA.

 

DAZN Chief Operations Officer Ed McCarthy describes the move as good for broadcasters and fans alike.

 

“Working with ACE, beIN, and other broadcasters and rights holders, the task force will pursue the criminal operators who are damaging sport at all levels, often using fans’ credit cards and data [for] illegal purposes. DAZN stands with ACE in the fight to eradicate the global theft of content,” McCarthy says.

Sports Rights Cost Billions

For perspective on what helps to drive up subscription prices and provide oxygen to illegal IPTV providers, the cost of broadcasting licenses is informative.

 

In 2021, DAZN won the rights to screen live Serie A soccer matches in Italy for three seasons. That deal will cost the company $2.7 billion. In the same year, DAZN and Movistar won the rights to broadcast Spanish soccer matches for five seasons. According to LaLiga, that deal is worth 4.9 billion euros ($5.37 billion).

 

A deal in the UK to screen Premier League matches is split unevenly between Sky, BT and Amazon. It covers just two seasons (2023/24 and 2024/25) and is believed to be worth in the region of £5.1 billion ($6.4 billion).

 

DAZN chief executive Shay Segev recently told The Times that obtaining Premier League rights is a priority for the company. Counterintuitively, a successful bid could also fuel piracy.

 

UK football fans currently need to subscribe to three streaming services to watch all available matches. DAZN getting in on the action raises the prospect of UK fans having to subscribe to four platforms to watch all televised matches. Or maybe even five, if Apple decides to get involved.

 

Over the past several years, major videogame companies have taken cheat developers, sellers, and resellers to court in the United States.

 

In 2021, American videogame company Bungie upped its game with lawsuits against three major players; Elite Tech Boss, LaviCheats & VeteranCheats.

 

Bungie’s legal campaign is beginning to pay off. Last summer, the case against Elite Tech Boss resulted in a consent judgment where a key defendant agreed to pay $13.5 million in damages. This was followed by a $12 Million default judgment last month against Veterancheats.

 

The case against cheat reseller LaviCheats reached its conclusion at a Washington federal court this week. Like the cases against the other cheat operations, this lawsuit wasn’t fully litigated.

Lavicheats Doesn’t Show Up in Court

Earlier this year, Bungie filed a motion for default judgment against LaviCheats. The game company asked the court to rule on the matter without hearing the defendant, as they apparently have no interest in making a court appearance.

 

Bungie believes that the cheat seller is operated by India-resident Kunal Bansal, AKA “Lavi”. No known address exists for this person so to alert Bansal to the legal proceeding, Bungie sent an email and posted a message in the .

 

These unusual serving options were authorized by the court and achieved the desired result. Although there was no response from the defendant in court, Destiny 2 cheats were removed from the LaviCheats website.

$6.7 Million Default Judgment

In the absence of a proper defense, United States District Judge Tana Lin assumed that Bungie’s copyright infringement claims were true. The same also applies to the financial damages reported by the video game company.

 

This week, Judge Lin ruled on the motion for default. After concluding that the court has jurisdiction over the foreign defendant and that a default judgment is appropriate, she awarded more than $6.7 million in compensation.

 

The bulk of the award is made up of statutory damages for ‘willful’ violations of the DMCA. This applies to the cheat’s circumvention of Bungie’s technological protection measures.

 

With 2,790 downloads of “Bansal Cheats” and $2,000 in statutory damages per download, this amounts to over $5.5 million. This is a reasonable figure, according to the court, which notes that the maximum damages per download would be higher.

 

“Based on the allegations in the Complaint and the evidence provided, the Court is satisfied that Bansal’s violations of the DMCA were willful and that an award of up to $2,500 per download of the Bansal Cheats is ‘just’.

 

“Bungie has asked for only $2,000 for each of the 2,790 downloads of the Bansal Cheats and the Court finds that this amount is appropriate,” Judge Lin adds.

Copyright and Trademark Infringement

Bungie allegations also included copyright infringement claims. These damages are not determined by the number of downloads of the cheat software, but by the number of copyrights at stake – two in this case – for which the court granted the $150,000 statutory maximum per infringement.

 

“Given the adequate allegations of Bansal’s willful copyright infringement, the Court finds that the maximum statutory award is appropriate and awards $300,000 in statutory damages,” Judge Lin writes.

 

For the trademark violations, Bungie requested damages based on the defendant’s actual profits – between $45,987.58 and $579,270 according to estimates, with the court opting for the higher number.

 

“The Court accepts as true that Bansal earned the higher amount—given that the allegations in the complaint are accepted as true—and the Court awards $579,270 in damages for the Trademark claims.”

Success!?

There’s no denying that the outcome of this case is a clear win for the Bungie. In addition to the damages awards and additional fees, the order also comes with an injunction requiring Bansal and LaviCheats to stop offering Bungie cheats.

 

As mentioned earlier, the service has already stopped selling Destiny 2 cheats, so that’s another clearly positive result.

 

Whether Bungie will be able to recoup any of the damages awarded is questionable, however. The whereabouts of LaviCheats’ operator is unknown and, given his lack of response in the lawsuit, the Indian defendant is unlikely to pay up without external pressure.

 

—

 

A copy of the default judgment issued by United States District Judge Tana Lin is available here (pdf)

 

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only.

 

These torrent download statistics are only meant to provide further insight into the piracy trends. All data are gathered from public resources.

 

This week we have four newcomers on the list. “Dungeons & Dragons: Honor Among Thieves”, which came out as a high-quality pirate release, is the most downloaded title.

The most torrented movies for the week ending on May 08 are:

Movie Rank	Rank last week	Movie name	IMDb Rating / Trailer
Most downloaded movies via torrent sites
1	(…)	Dungeons & Dragons: Honor Among Thieves	7.4 / trailer
2	(…)	Renfield	6.4 / trailer
3	(…)	The Pope’s Exorcist	6.1 / trailer
4	(3)	Avatar: The Way of Water	7.8 / trailer
5	(1)	Ant-Man and the Wasp: Quantumania	6.4 / trailer
6	(2)	Scream VI	6.8 / trailer
7	(6)	Shazam! Fury of the Gods	6.3 / trailer
8	(8)	John Wick: Chapter 4	8.5 / trailer
9	(4)	Ghosted	5.8 / trailer
10	(…)	Mafia Mamma	5.3 / trailer

 

 

Note: We also publish an updating archive of all the list of weekly most torrented movies lists.

 

Two years ago, a group of several film companies including the makers of Hellboy, Rambo V, The HItman’s Bodyguard, and Dallas Buyer’s Club, sued Internet provider Grande Communications.

 

The filmmakers accused the Astound-owned ISP of not doing enough to stop pirating subscribers. Specifically, they alleged that the company failed to terminate repeat infringers.

 

In addition to millions of dollars in potential damages, the plaintiffs also asked for strict anti-piracy measures. This includes a three-strikes termination policy against alleged pirates as well as an outright block of various pirate sites, including The Pirate Bay.

Motion to Dismiss Denied

Grande challenged the claims and filed a motion to dismiss the case. The ISP addressed the substance of the allegations and described the film companies and their anti-piracy partner Maverickeye as “copyright trolls”.

 

After reviewing the positions from both sides, the Texas federal court largely denied the motion to dismiss, noting that the filmmakers’ allegations are plausible enough for the case to continue. The requested pirate site-blocking injunction was dismissed, however, although it can be reintroduced at a later stage.

 

The order means that the case will continue and the parties will continue collecting evidence. This brings us to the next topic on the court’s agenda; a request from the filmmakers to release the identities of 125 Grande subscribers who were repeatedly flagged for sharing pirated films.

Subscribers Object

The identification request was submitted last year. The filmmakers say they have no intention of filing legal claims against the users, but the companies would like to contact them to learn more about Grande’s repeat infringer policy and other issues relevant to its claims.

 

A court order clarified that ‘all Protected Information provided by any party or nonparty…shall be used solely for the purpose of…trial…and for no other purpose…’

 

Despite these assurances, at least six subscribers filed official objections with the court. Nearly all of them denied having downloaded the pirated films and one subscriber said they had never received a copyright infringement complaint, contrary to the filmmakers’ claim.

Objections Overruled

After reviewing the subscribers’ objections, which were not shared with the filmmakers and the ISP, Magistrate Judge Dustin Howell decided to overrule them. This means that Grande must identify all 125 subscribers and share their personal details with the plaintiffs.

 

Judge Howell doesn’t refute the accuracy of the objections but concludes that the interests of the movie companies outweigh the privacy concerns of the subscribers. Specifically, the subscribers can provide important evidence to back up the filmmakers’ claims.

 

“The Court agrees with Plaintiffs that the subscriber information is relevant to the factual matters to be addressed in this case and that the burden imposed on the subscribers is not undue,” Judge Howell writes.

 

“Plaintiffs explain in their motion that the subscriber information will enable Plaintiffs to tie individual users to the allegedly infringing IP addresses and respond to Grande’s safe-harbor defense regarding the effectiveness of Grande’s notice procedure.”

The Neighbours?

Judge Howell further notes that it doesn’t matter whether the account holders pirated anything themselves. If a neighbor or friend used their connection to download something, the request for information would still be valid for the purpose of this lawsuit.

 

Finally, the court addresses privacy concerns. Judge Howell notes that the earlier mentioned protective order prevents the movie companies from using the subscribers’ details for anything unrelated to its case against Grande.

 

“[T]he Court’s order protecting the privacy of the subscribers’ information and limiting its use adequately addresses the objectors’ concerns about the burden imposed by disclosing their personal information for use in this case,” Judge Howell notes.

 

As mentioned earlier, there was one subscriber who objected by claiming that they never received a copyright infringement notice from Grande. The court overruled this objection as well, as the lack of notice is particularly relevant to the case at hand.

 

Whether the filmmakers will be able to obtain any useful information from the subscribers is unknown, but in the event that they do, details are likely to appear in the near future.

 

Instant update: The movie companies just submitted a request to unseal the subscribers’ objections (pdf), as these could prove to be useful too. This request only applies to the parties in this case, not the broader public.

 

“[T]he Court noted that in one objection […] the subscriber asserted not receiving notice from Defendant that its account had infringed copyrighted material. Accordingly, this and the other objections are relevant to proving Plaintiffs’ claims and rebutting Defendant’s assertion that it has implemented a repeat infringer policy.”

 

—

 

A copy of the order overruling the subscribers’ objections, issued by Magistrate Judge Dustin Howell, is available here (pdf)

 

Nintendo’s N64 console went on sale in Japan in June 1996, selling for ¥25,000 (around US$185). By the end of day one, all 300,000 units had sold out.

 

For hardcore gamers in Europe facing a release date eight months away, importing an N64 was a tempting but expensive option. Adjusted for inflation, imported Japanese N64s changed hands for the equivalent of $1,400 in today’s money; a copy of Super Mario 64? A snip at $165.

 

Months before the console was finally released in Europe, N64 went on sale in the United States. Imported into the gray market in Europe, US cartridges were cheaper than their Japanese counterparts. Unfortunately, Japanese console owners soon found that while US cartridges would play on their machines, Nintendo had ensured that they wouldn’t physically fit in the slot.

 

The restrictions could be removed by dismantling the N64 but removing Nintendo’s security screws required a special tool that was difficult to source. Jumping through these hoops to play a genuine cartridge on a genuine console not only felt ridiculous but probably amounted to a breach of license/copyright. Had Nintendo’s slot shenanigans been in digital form today, circumvention would likely constitute an offense under the DMCA.

 

Yet, despite Nintendo deploying tactics equivalent to these across many consoles spanning decades, some people appeared surprised by news of Nintendo’s latest circumvention crackdown. The gaming giant couldn’t prevent its special screws from being removed in private homes but, since the modern equivalent is playing out in public, action was always inevitable. Only the timing was in question.

Nintendo Targets Lockpick_RCM & Lockpick

News of Nintendo’s decision to target Lockpick_RCM & Lockpick first appeared in a tweet posted by Simon Aarons. In common with many others, Aarons forked the tool on GitHub, and when Nintendo filed a DMCA notice to have Lockpick taken down, he received an early heads-up and decided the internet deserved one too.

 

In layman’s terms, Lockpick_RCM & Lockpick allow Switch owners to extract encryption keys for use in other software including hactool, hactoolnet/LibHac, and ChoiDujour.

 

At that point, there’s a fork in the road. The road on the right leads to homebrew and emulation, which developers and some parts of the modding community insist is the only way. The road branching to the left is somewhat darker, leads to piracy, and puts Lockpick and those dependent on it in jeopardy.

Nintendo Doesn’t Mention Emulation Directly

Some believed this ambiguity was enough to keep Nintendo at bay but, as this tweet attempts to explain with the help of ChatGPT (and forgiving the first Bowser reference), Nintendo now fears the worst.

 

The DMCA notice submitted to GitHub is yet to be officially published, and at the time of writing, the repos haven’t been taken down either. GitHub often grants developers a short period of time to address complaints filed by rightsholders, to avoid entire repos being unnecessarily removed. According to Nintendo’s take on events, not much can be done short of removing all functionality.

 

The company explains that the Switch contains multiple technological protection measures, including those that permit the console to interact exclusively with legitimate Nintendo video game files. In summary, this prevents users from playing pirated copies of Nintendo’s games on Switch devices but also prevents users from copying and playing games on devices that are not Nintendo Switch. An emulator reference, presumably.

Nintendo: Circumvention of TPMs is Illegal

“The reported repository offers and provides access to circumvention software that infringes Nintendo’s intellectual property rights. Specifically, the reported repository provides Lockpick to users,” the complaint reads.

 

“The use of Lockpick with a modified Nintendo Switch console allows users to bypass Nintendo’s Technological Measures for video games; specifically, Lockpick bypasses the Console TPMs to permit unauthorized access to, extraction of, and decryption of all the cryptographic keys, including product keys, contained in the Nintendo Switch.”

 

In discussions over the weekend, some users highlighted that the keys in question are extracted from their own devices, devices they paid for and therefore own. They also note that pirates are unlikely to extract their own keys, but by effectively declaring that emulation/homebrew fans can’t extract keys from their own devices, Nintendo will force them to obtain keys in other ways.

 

While the prediction concerning key acquisition seems valid, in the unlikely event Nintendo addresses key ownership, licensing agreements would almost certainly tilt in favor of the gaming company. In practical terms, citing the DMCA’s anti-circumvention provisions is more than enough.

 

“The decrypted keys facilitate copyright infringement by permitting users to play pirated versions of Nintendo’s copyright-protected game software on systems without Nintendo’s Console TPMs or systems on which Nintendo’s Console TPMs have been disabled,” Nintendo informs GitHub.

 

“Trafficking in circumvention software, such as Lockpick, violates the Digital Millennium Copyright Act of the United States (specifically, 17 U.S.C. §1201), and infringes copyrights owned by Nintendo.”

After Several Years, Why Did Nintendo Act Now?

At this point, it’s worth highlighting that Lockpick was first uploaded to GitHub on December 8, 2018, with Lockpick_RCN uploaded on March 4, 2019. Despite functionality being clear from the start (and a naming convention suggesting that circumvention of digital locks was always the aim), it’s taken Nintendo four years to take action. So why now?

 

Absent any comment from Nintendo, only speculation remains. However, if one was attempting to compile a shortlist of credible reasons, people playing Zelda: Tears of the Kingdom on PC almost two weeks before the game is officially released on Switch, would be extremely difficult to beat.

 

Not only does this example supply motivation to act in spades, there’s almost a need to justify it beyond the explanation in the takedown notice.

 

Regardless of any objections over the right to maintain emulators or arguments over legitimate reverse engineering and related fair use defenses, this isn’t a case of Nintendo being massively unreasonable, it’s Nintendo reading the law, liking the odds, and then recalling that anti-circumvention notices cannot be countered.

 

In addition to the repos mentioned above, Nintendo’s notice also requests the removal of around 80 forks. If every last trace of Lockpick is eventually removed from GitHub, that shouldn’t come as a surprise. It was always inevitable; someone just had to poke the bear in both eyes at exactly the right time.

 

With millions of fans all over the world, Spanish football league ‘La Liga’ is one of the most popular in the game.

 

In common with similar sports organizations, La Liga has a dedicated anti-piracy team that actively tracks and reports unauthorized live streams.

 

This sounds like a straightforward task but, in reality, it often turns into a perpetual stream of takedown notices. After all, the operators of piracy sites and apps have no intention of abiding by the law and pull out all the stops to avoid getting caught.

La Liga vs. Nodito

A recent takedown notice from La Liga illustrates this problem quite well. A few days ago the league sent a takedown notice to GitHub, asking it to remove an APK file that belongs to the user Nodoapps, known for the Spanish football streaming app Nodito.

 

“The National Professional Football League has among its main objectives the fight against piracy in the digital environment, in particular, the protection of its rights and those of its member clubs, and spends enormous human and technological resources to detect such misuse,” the notice starts.

 

La Liga explains that since the app links to live streams of First and Second Division games published without permission, GitHub should take the code offline.

 

“This user does not have any right to this type of links with illegal broadcasts, so the conduct described supposes a violation of said exploitation rights of audiovisual content of the National League Championship in its First and Second Divisions.”

 

The takedown notice was effective in the sense that GitHub acted swiftly. As a result, people who try to download the APK file through that link now see a 404 error instead. That doesn’t really solve the problem though.

New GitHub Link

Soon after the above-mentioned URL was reported and disabled, the same user began promoting a new GitHub download link through Nodoapps’ official linktree page. Simply putting the APK file in a ‘gg’ subfolder did the trick.

 

La Liga’s anti-piracy team is likely be aware of this and will probably send a new takedown notice to GitHub, asking the company to take this down as well. But even if all piracy was eliminated from GitHub overnight, the problem isn’t going away.

 

By now, the Nodito app is being shared all over the web on dedicated APK-sharing sites. The developers also posted a copy on Google Drive, which will likely be updated to a new URL once it’s removed.

Whack-A-Mole

The above shows how difficult it can be to effectively take down a pirate streaming app that doesn’t rely on a single domain. In fact, the developers have previously shown that they don’t mind rebranding the entire app if the situation calls for it.

 

Nodito isn’t the first streaming tool Nodoapps released. The software was previously known as “NogoGO,” until its site was hit by a DMCA takedown notice.

 

“We wanted to inform you that access to the NodoGO site has been removed due to a DMCA problem. As a result, the app disappeared and it’s no longer accessible to any user,” Nodoapps announced two weeks ago

 

“That is why we have had to create a new application called NODITO […] that we will share in our social networks,” the team added.

 

And indeed, in addition to the download options listed at Linktree, Nodoapps also promotes download options for the APK file on its official Telegram channel, Instagram, Twitter, and elsewhere.

Scammers Enter the Game

By now, the Nodito brand has taken on a life of its own, which can make it hard to spot which versions are official and which aren’t. This provides an opportunity for scammers to enter the game, and indeed, an unofficial “Nodito” made its way to the Google Play Store recently.

 

This app has been downloaded over 10,000 times in just a few days but according to Nodoapps’ official developers, it should be avoided at all costs.

 

“It is a scam, they ask for your phone number to ‘supposedly’ verify themselves but all they do is send you SMS. All they do is take advantage of Nodito’s name,” Nodoapps writes.

 

These types of scams are hard to avoid. Nodoapps knows from experience that sending a takedown notice may temporarily solve the problem, but dealing with scammers is a game of whack-a-mole too.

 

Hosting companies, CDN platforms and consumer ISPs face an increasing risk of being held liable for the activities of their customers.

 

At least in theory, copyright law in both the United States and Europe should provide adequate protections for intermediaries but if a chink appears in the armor, nothing can stop rightsholders filing a lawsuit. When they do, things can get very expensive, very quickly.

 

According to its website, UK-based CDN company DataCamp shifts a lot of data via its CDN77 service; 120 Tbps network capacity over six continents, with 140+ private peerings connecting 3,000+ networks. In February 2022, U.S. broadcaster DISH Network filed a $32.5m lawsuit against DataCamp, claiming that it failed to deal with copyright infringing customers.

 

Filed in an Illinois district court, the complaint claimed that pirate IPTV services Banjo TV, Bollywood IPTV, Comstar TV, Express IPTV, Gennie TV, Gold TV, IPGuys, Istar, Red IPTV, Sky IPTV, and Zumm TV, were all customers of DataCamp.

 

DISH said it sent “hundreds of notices” requesting removal of content under the DMCA, along with copies of lawsuits and judgments relating to pirate IPTV services.

 

According to DISH, DataCamp’s response was lacking and since it failed to “adopt and reasonably implement” a repeat infringer policy despite having servers in the United States, the company could not rely on the safe harbor provisions of the DMCA.

“Tactical Leverage” Lawsuit

In a motion to dismiss, DataCamp described the DISH lawsuit as a means to “gain tactical leverage” over alleged direct infringers, i.e the people behind the named IPTV providers.

 

The company informed the court that knowledge of its customers’ activities would be “technologically impossible” since all traffic is completely encrypted, including between the providers and their customers. As for the infringement notices, DataCamp said it forwarded them to the relevant customers since they were best placed to remove any infringing content.

 

DISH wasted no time filing a response to DataCamp’s motion to dismiss and DataCamp was equally swift with its own reply. The filings revealed zero progress in the dispute and a canyon between each side’s interpretation of where safe harbors end and liability begins.

Confidentiality Agreement

After a couple of weeks of relative calm, the parties agreed on a confidentiality order and from there, nothing but silence until December 2022. A status report revealed that DISH had served requests for production on DataCamp and that the company would engage in “rolling” document production.

 

As part of that process, DataCamp was required to hand over invoices and customer support ticketes for the eleven pirate IPTV services named in the DISH complaint.

 

In an apparent effort to provide at least some confidentiality, DataCamp said it had “designated its production of its customers’ information (which includes location and payment information) as Attorney Eyes Only under the protective order.”

 

The report further revealed that DISH and Datacamp had engaged in settlement discussions. DISH had made an intital offer back in October 2022 and DataCamp responded two weeks later. A week or so before Christmas last year, DataCamp still hadn’t received a response.

Motion to Dismiss Denied

Late March 2023, the Court dismissed DataCamp’s motion to dismiss, without prejudice to later refiling if their settlement negotiations come to nothing.

 

A settlement conference is currently scheduled for May 23, 2023, at the request of both parties. This week the court agreed an extension of the fact discovery deadline to allow the companies more time to resolve the lawsuit via a settlement before incurring additional costs associated with depositions.

 

In a joint status report filed on May 5, the parties report that DISH provided a settlement letter to DataCamp on May 2. The CDN company says that it will send its response to DISH by May 16. The contents of those letters are unlikely to appear in public but even for a successful, profitable company like DataCamp, the numbers probably won’t make for great reading.

 

Court documents referenced above can be found here (1,2,3,4,5, pdf)

 

Offering piracy-related services is a serious offense in the UK for which several vendors have received multi-year prison sentences in recent years.

 

These sentences are typically announced by copyright holders or the police, as a deterrent for those who might be tempted to follow in the same footsteps.

 

Reporting on these news releases can be tricky, as the information tends to be limited. This is particularly true when court documents are unavailable, something true for another conviction announced today.

Five-Year Prison Sentence

City of London Police have just announced that at Liverpool Crown Court today, 54-year-old Mark Brockley was sentenced to five years in prison. Police were alerted to Brockley’s activities in 2018, when BT reported the now-suspended Twitter account @Infinity_IPTV in connection with sales of illegal IPTV subscriptions.

 

Brockley reportedly charged £15 per month for a subscription. Between October 24, 2014, and May 8, 2019, the operation made 5,251 sales and generated £237,058. Of these sales, 1,408 directly referenced IPTV and no taxes were paid on the income.

 

Police visited Brockley in 2019 and seized his laptop and mobile phone, which linked him to the Infinity IPTV Twitter account. Based on this and other evidence, Liverpool Crown Court found Brockley guilty of supplying articles for use in fraud and the fraudulent evasion of income tax.

 

City of London Police are pleased with this outcome. According to Detective Constable Geoffrey Holbrook of the Police Intellectual Property Crime Unit (PIPCU), the IPTV seller continued even after he was interviewed by police.

 

“Brockley made tens of thousands of pounds from an illegal activity and used the money to fund his lifestyle. Despite being interviewed by PIPCU officers and knowing that his actions were against the law, he continued to sell IPTV subscriptions..,” Holbrook notes.

‘Fugitive’ + Dog

There is one major unresolved issue in this case, however. The former IPTV seller has disappeared and was sentenced in his absence, current whereabouts unknown.

 

“We are now appealing for information on Brockley’s whereabouts, and ask anyone who may be able to help to contact the City of London Police,” Holbrook says.

 

The authorities believe that the IPTV seller didn’t flee alone. The man reportedly took his dog with him and presumably set course for France. City of London Police are encouraging anyone with knowledge of Brockley’s whereabouts to come forward. This can also be done anonymously through the Crimestoppers hotline.

 

Public records show that, after his involvement with the IPTV business, Brockley got involved in spirits sales through his company Anfield Gin. At the time of writing, the website for this ‘handmade gin’ company no longer appears online.

 

When the global music industry declared YouTube-ripping platforms public enemy number one and responsible for most music piracy online, the stage was set for legal showdowns.

 

Stream-ripping platform Yout took the initiative in 2020 by suing the RIAA, hoping that the court would declare its service non-infringing. The battle to convince the judge centered on YouTube’s ‘rolling cypher’ and whether it should (or should not) be considered a Technological Protection Measure (TPM).

 

Under the DMCA, unauthorized circumvention of a TPM amounts to copyright infringement, so it was up to Yout owner Johnathan Nader to satisfy the judge that his platform does not amount to a circumvention tool. In 2022, Judge Stefan Underhill concluded that since Yout’s evidence failed to meet that standard, the case would be dismissed and the RIAA would emerge on top.

Yout.com Takes Case to Appeal

Based on his firm belief that YouTube-ripping tools do not violate the DMCA, Nader took his case to the Court of Appeals for the Second Circuit. No stone was left unturned in his 92-page opening brief, with Nader claiming that the lower court’s dismissal was premature.

 

Arguing that the Yout platform amounts to a modern VCR with just as many non-infringing uses, once again Yout explained how anyone with a browser can download videos from YouTube for time-shifting purposes. The service doesn’t save any of that content on its own servers either, every decision lies with the user.

 

Yout’s arguments inevitably focused on YouTube’s ‘rolling cypher’ and its characterization as a technological protection measure. The RIAA’s position couldn’t be more clear but the system actually belongs to YouTube; did the company design the mechanism to limit copying? If not, that could put the RIAA’s claims in a different light, Yout informed the court.

RIAA Returns Fire

In an answering brief filed this week, the labels waste no time in drilling down to what they believe are the fundamental issues.

 

“This case involves Yout’s illicit stream-ripping service. YouTube provides users with streams of music videos, not free downloads. YouTube’s users can watch and listen to music videos for free on its ad-supported service, but those users do not get access to the digital files that contain the record companies’ valuable copyrighted works,” the brief begins.

 

“As its name suggests, Yout enables its users to gain unauthorized access to the digital music files from YouTube and download copies. The purpose of Yout is to bypass YouTube’s technological restrictions on accessing the digital copies of works streamed on YouTube.”

 

The RIAA claims that Yout’s users have no need to buy legal music subscriptions or visit ad-supported streaming services. Yout, meanwhile, “pays nothing to the owners of the copyrighted content that is plundered.”

RIAA: Courts Say Stream-Ripping Technology is Unlawful

Referencing the district court’s opinion, the RIAA describes it as “correct on all counts” and in line with findings by courts outside the U.S. that stream-ripping technology is unlawful. That leads directly back to the fundamental questions in the case on which the parties fundamentally disagree.

 

• Does YouTube employ a technological measure that effectively controls access to copyrighted works?
• If the answer is yes, does the Yout service circumvent it?

 

These questions have been answered many times since this process began in 2020, with Yout insisting there is no TPM and the RIAA arguing the opposite. In the labels’ answer dated May 4, they cite Yout’s explanation of what happens on YouTube and its subsequent actions as a service.

 

“First, Yout alleges that YouTube employs a ‘signature mechanism’ that requires ‘read[ing] and interpret[ing]’ JavaScript to ‘derive[] a signature value’,” the RIAA says. “That is a description of an effective technological measure.

 

“Second, Yout alleges that its service uses a process for avoiding or bypassing this technological measure by, among other steps, ‘modif[ying]’ the range of numbers in the ‘signature value,’ and thereby gaining unauthorized access to the ‘download[able]’ ‘file(s)’ that comprise the music video.”

 

From proceedings thus far it’s clear that the parties do actually agree on some details, albeit not for very long.

Yout Wants to Hear YouTube’s Take

In the RIAA’s first point detailed above, both sides agree that Yout uses Javascript to “derive a signature value” to enable the video download process. The part where they disagree is whether YouTube’s use of the cypher was for copyright protection purposes right from the beginning.

 

To find out, Yout would like to involve YouTube, which might even help to support the RIAA’s claims. Ultimately, the RIAA doesn’t want that to happen because it says that YouTube’s intent doesn’t matter.

 

“Yout raises a scattershot of arguments for reversal. None of them succeeds. For example, Yout argues that discovery is necessary to determine whether YouTube ‘inten[ded]’ the signature value mechanism to be a technological measure under the DMCA…but YouTube’s intent is irrelevant under the statute,” the industry group says.

 

While that is technically correct, a senior Google attorney is on record in Europea saying that the measures were implemented to protect copyright holders. Whether that also applies to the United States is unknown.

Dozens of Pages of Background

At 68-pages long the RIAA’s answer is certainly detailed but if YouTube’s intent is irrelevent under the statute in the United States, the same doesn’t seem to apply when it comes to citing court decisions in jurisdictions thousands of miles away.

 

“Yout has faced anti-circumvention lawsuits outside the United States, where courts and law enforcement have uniformly concluded that Yout’s service violates those countries’ equivalents to the DMCA,” the RIAA’s answer notes, citing an injunction application in Denmark.

 

The labels also mention a case they launched against German hosting company Uberspace, which hosted the website of youtube-dl but not the software itself; that was available via a hyperlink to another site.

 

For perspective, Denmark blocks pirate sites, including YouTube-ripping platforms. Germany blocks pirate sites too. The United States does not. Also relevant is the fact that youtube-dl is hosted on Github in the United States. When the labels’ attempt to take it down failed, no lawsuit followed in the United States, where the DMCA actually has jurisdiction.

RIAA Mentions GitHub

That GitHub is mentioned in the RIAA’s answer is interesting. The coding platform filed an amicus brief in the current case back in February.

 

Highlighting the importance of browser extensions such as Dark Reader, Google Translate, and OpenDyslexic, GitHub voiced concerns that the district court’s ruling could put developers at risk of criminalization if the DMCA is interpreted too strictly.

 

“YouTube’s decision not to provide its own ‘download’ button, however, is not a restriction on access to works. It merely affects how users experience them,” GitHub informed the court.

 

GitHub’s assertion that the court’s interpretation of section 1201(a) amounts to a control on how a person experiences content, rather than a control on access, is dismissed in the RIAA’s brief.

 

Translation or accessibility tools would not run afoul of section 1201(a) because they are “unlikely to involve a signature mechanism at all, let alone modifying that mechanism to provide access to an underlying digital file for a copyrighted work.”

 

In its conclusion, the RIAA says that Yout’s own allegations establish that its service violates the DMCA and, as such, the Court of Appeal should affirm the the district court’s ruling.

 

The RIAA’s answering brief is available here (pdf)

 

By providing free access to millions of books, Z-Library became the go-to site for many readers in recent years.

 

Z-Library’s very existence was put to the test last November when U.S. law enforcement agencies seized over 200 domain names connected to the site. Two alleged Z-Library operators from Russia were arrested in Argentina as part of a criminal investigation.

Down, Not Out

Despite the gravity of the copyright infringement accusations and ‘pending extraditions, Z-Library never went completely offline. The site continued to operate on the dark web, offering millions of pirated books and articles as it did before.

 

The site eventually returned on the clearnet too, providing a unique subdomain for all Z-Library users. The idea behind this move was to make it more difficult for law enforcement to take down the whole operation all at once.

 

This setup worked well for a few months allowing the remaining Z-Library team to focus on expanding the community. Starting this week, however, legal trouble hit Z-Library once again when the U.S. Department of Justice carried out a new round of domain name seizures.

New Domain Seizures

A few days ago we noticed that several domain names associated with the shadow library had stopped working. Instead, users were directed to a seizure banner which most of the site’s users are familiar with by now.

 

The first seized domain we spotted was b-ok.lat. It previously redirected to the main login portal at singlelogin.me which was still operational at the time. Soon after, however, these domain names were seized by U.S. authorities along with booksc.me and b-ok.as.

 

The seized domains now point to the name servers of ‘seizedservers.com’ which are controlled by the U.S. Government. Since Z-Library has domains at multiple registries, it’s possible that more seizures will follow in the near future.

Z-Library Confirms Seizures

When Z-Library was first targeted last November it initially denied that its domains had been seized. This time around the site’s operators swiftly confirmed the action, pointing users to an alternative login screen through a Telegram message.

 

“Unfortunately, one of our primary login domains was seized today. Therefore, we recommend using the domain singlelogin.re to log in to your account, as well as to register,” the Z-Library team wrote.

 

The Telegram message also reminds users that the TOR and I2P versions of the site are still operational. In addition, several other Z-Library domains remain functional as well, at least for now.

 

The U.S. government’s recent enforcement actions show that the authorities are still intent on taking Z-Library down. In addition to the domain name seizures, authorities are likely to do everything in their power to track down those operating the shadow library today.

 

Needless to say, the stakes are extremely high for the existing Z-Library team. Willingly evading U.S. law enforcement is not a good look in court and that will be taken into account if they’re eventually caught.

 

After protest, disappointment, hand-wringing, and at times, sheer frustration, the European Commission has officially unveiled its full recommendation for combating piracy of live sports and musical events.

The Recommendation

The European Commission begins with a broad overview of the value of live events and the problems faced by rightsholders when tackling pirate IPTV and similar unlicensed streaming services.

 

From a reference perspective, particularly related to specific challenges and various aspects of relevant law, the EC’s recommendation provides a great overview that makes for interesting reading. If explaining the illegal streaming problem had been the main aim, the document would receive solid marks. As a road map for solving tough issues in a short time frame, not so much.

 

Right from the very beginning it’s extremely clear that the EC understands almost every aspect of the challenges faced by rightsholders. Unfortunately, the vast majority of the report is dedicated to coverage of those challenges, for consumption by the very entities that supplied the information to the EC in the first place. Some of the key points in the initial overview can be summarized as follows:

 

Unauthorized supply, technical challenges

 

– Main value in live sports broadcasts lies in the exploitation of live transmission
– Illegal retransmissions can cause significant losses to rightsholders/broadcasters
– Increasingly sophisticated means make content available via IPTV/apps/websites
– Streaming piracy is a global phenomenon, increasingly reliant on ‘offshore hosting’
– Offshore hosting minimizes pirates’ exposure to copyright or criminal law in the EU
– ‘Piracy-as-a-Service’ makes it easy to create pirate sites and start generate revenue
– Some infringing services mirror legitimate streaming services
– CDNs/reverse proxies often misused to obfuscate sources of pirate streams

 

These issues are common knowledge and the subject of countless reports, mostly published by rightsholders; the presence of the terms ‘offshore hosting’ and ‘Piracy-as-a-Service’ are evidence of that. What rightsholders want are solutions to these problems because, as things stand, the law doesn’t have enough teeth, they insist.

 

Having denied calls for new legislation anytime soon, the challenge for the EC was to come up with credible new ideas or fresh angles that might have smoothed the choppy waters for a couple of years. Instead, rightsholders who understand the finest intracies of relevant law (because they work with it, and within it, every single day) were presented with an overview of existing law, summarized below:

 

Role of ISPs and other intermediaries, relevant law

 

– ISPs provide connectivity to end users and a gateway to all online content
– Intermediaries have crucial role to assist in removal/disabling of pirate streams
– Tools already exist under EU law to combat unauthorised retransmissions:
– Injunctions Art 8(3) of Directive 2001/29/EC / Arts 9 and 11 of Directive 2004/48/EC
– General framework to ensure safe online environment (Reg (EU) 2022/2065)
– Certain intermediaries are able to remove content on receipt of a notice
– ISPs only obliged to act on the basis of an injunction

 

When calls for new law were rejected, it was inevitable that rightsholders and broadcasters would have to continue working with the tools they already have, for at least another two to three years. The EC’s recommendation focuses on a specific tool that rightsholders claim is extremely effective but could be used more.

 

Commonly targeted at consumer ISPs, so-called ‘dynamic/live’ injunctions aim to frustrate consumption of illegal IPTV services. They are well developed, highly flexible, and already tested in Italy, France, Portugal, and Greece. Rightsholders know them inside out.

 

While rightsholders always appear keen to expand the reach of live blocking orders, the EC recommendation highlights both benefits and drawbacks.

 

“Other providers of intermediary services may be misused to facilitate unauthorised retransmissions or to circumvent blocking injunctions,” the EC notes.

 

“For instance, content delivery networks and reverse proxies may be used to obfuscate the origin of the unauthorized retransmission, while alternative DNS resolvers and proxy services such as Virtual Private Networks (VPNs) may be used to facilitate access to services that have been blocked.”

 

The EC offers a potential solution to these workarounds but framing it as optimistic would seriously overstate any realistic chance of success.

Encouraging Cooperation and Collaboration

Throughout the recommendation the EC notes that Member States should be “encouraged” to take certain actions, or maybe intermediaries might see their way clear to helping out, but there’s rarely even a hint that those actions are required by law.

 

On the topic of VPNs and DNS helping to circumvent blocking injunctions, the EC says that “providers of intermediary services should consider whether they could take further voluntary measures to prevent their services from being misused.”

 

While on one hand the request might seem reasonable, VPN providers’ businesses tend to center on privacy so, by default, their subscribers’ communications are none of their business, or anyone else’s. Any VPN provider that voluntarily participated in a blocking program would likely herald its own demise.

 

The EC generally notes that it is “necessary to foster collaboration between sports event organizers, holders of rights, providers of intermediary services and public authorities.”

 

There’s no question that rightsholders could benefit from successful collaborations but “providers of intermediary services” come in all shapes and sizes, have their own businesses to run, and are acutely aware of what is “necessary” and what’s actually required of them under law.

 

Then there’s the not insignificant matter of “providers of intermediary services” operating on the basis it’s not “necessary” to process takedown notices, let alone take any content down.

 

How rightsholders will respond in practice to the recommendation remains to be seen but their work will be monitored and then assessed for effect no later than November 17, 2025.

Rightsholders ‘Regret Lack of Ambition’

The Audiovisual Anti-Piracy Alliance (AAPA) wasted no time in responding negatively to the EC recommendation. AAPA’s members include the Premier League, Sky, beIN, and Canal+ so have more interest than most in new legislation to “encourage” intermediary compliance.

 

“Following the publication of the Commission Recommendation on combating online piracy of sports and other live events, the Audiovisual Anti-Piracy Alliance (AAPA) expresses its disappointment and concern regarding the possibility that a review of the effectiveness of the Recommendation may not occur for 2.5 years,” AAPA’s response begins.

 

“Not only is this initiative of a non-legislative nature (while the European Parliament, supported by the AAPA and other actors, had previously called for a legislative initiative), the possibility of a 2.5-year assessment period does not address the urgency of the situation.”

Action Rightsholders Could Take?

The EC recommendation also calls on rightsholders to “increase the availability, affordability, and attractiveness of their commercial offers” to help deter piracy. AAPA says that from its perspective, “legal offers have never been more as widely and easily accessible than before” while the quality is “viewed as being superior to that found on illegal sources.”

 

From the perspective of live sports consumers, addressing availability and attractiveness but not affordability sits at the very heart of why pirate services became so popular in the first place. Until affordability is properly addressed, no amount of blocking or additional liability for intermediaries will contain the pirate streaming problem.

 

EC’s Recommendation on combating online piracy of sports and other live events (here)

 

Music fans love to share mixtapes and have done so for decades but sharing these ‘tapes’ over the Internet is not without risk.

 

Popular hip-hop mixtape site and app Spinrilla has millions of users and is well aware of the pitfalls. In 2017, the company was sued by several RIAA-backed labels, including Sony, Warner, and UMG, which accused the company of massive copyright infringement.

 

“Spinrilla specializes in ripping off music creators by offering thousands of unlicensed sound recordings for free,” the RIAA commented at the time.

Spinrilla Fought Piracy Accusations

The hip-hop site countered the allegations by pointing out its RIAA-approved anti-piracy filter and highlighting how it actively worked with major record labels to promote their tracks. In addition, Spinrilla stressed that the DMCA’s safe harbor protects the company from liability.

 

As the case progressed both parties filed motions for summary judgment. The music companies requested rulings to establish that Spinrilla is liable for direct copyright infringement and that the DMCA safe harbor doesn’t apply. Spinrilla countered with cross-motions, filed under seal, in which they argued the opposite.

Court: Spinrilla is Liable

In December 2020, US District Court Judge Amy Totenberg ruled that Spinrilla is indeed liable for direct copyright infringement. In her ruling, Judge Totenberg concluded that 4,082 copyrighted sound recordings were streamed at least once through Sprinrilla’s website or app.

 

Without the DMCA’s safe harbor protection, Spinrilla faced a severe disadvantage in the event the case went to trial. With 4,082 copyrights at stake, potential damages would exceed $600 million if the jury found that the infringements were willful.

 

In recent weeks it looked like both parties were gearing up for a trial but, at the last minute, Spinrilla accepted a settlement and voluntarily submitted an “offer of judgment” to the court.

$50 Million + Shutdown

Spinrilla doesn’t go light on itself in the judgment offer. The mixtape service commits to paying $50 million in damages plus other fees to the music companies. That’s far less than the potential $600 million available at trial, but it’s still a massive figure for a piracy case.

 

The proposed judgment, signed by a clerk at a US District Court in Georgia yesterday, effectively ends the legal battle after more than six years.

 

“Judgment shall be entered in favor of Plaintiffs and against Defendants jointly and severally in the amount of $50,000,000, inclusive of any recoverable costs and attorneys’ fees,” the judgment reads.

 

In addition to the piracy damages, Spinrilla will close its doors for good. That includes its hugely popular iOS and Android apps, which were downloaded millions of times.

 

To give an impression of its reach, the Android app has over 93,000 reviews and over 10 million downloads. The Apple store doesn’t share any download statistics but the Spinrilla app has 342,000 reviews on the platform.

Transfer Domain Name

The judgment prohibits Spinrilla and its founder Dylan Copeland from offering the service, and the Spinrilla site and apps are required to shut down within five days.

 

“[Defendants are restrained from] operating the Spinrilla Service or any other website, platform, system, or application that Defendants (or either of them) own or control, directly or indirectly, that is substantively similar to the Spinrilla Service,” the judgment reads.

 

“Defendants shall have five (5) days from notice of entry by the Court of this Offer of Judgment to come into compliance with the terms set forth in the preceding paragraph without being in violation of said judgment.”

 

At the time of writing the Spinrilla apps and website remain online but that is expected to change soon. As part of the judgment, the Spinrilla domain name will end up in the hands of the music companies.

 

“Defendants shall transfer the domain name https://spinrilla.com to the Plaintiffs in accordance with the terms of the confidential Settlement Agreement and Release among the parties,” the judgment adds.

 

There is no mention of the judgment or the pending shutdown of Spinrilla on the official site but we expect confirmation to arrive fairly soon.

 

—

 

A copy of the judgment approved yesterday by US District Court Judge Amy Totenberg is

 

To reduce the chances of being tracked, profiled, spammed with malicious ads, infected with malware or subjected to ransomware, no device in this building accesses the internet without stringent filtering.

 

With network tools and browser plugins doing some of the heavy lifting, WireGuard VPN connections help to keep the dangers at bay. In today’s online environment, every little helps and on this network, a little amounts to millions of URLs blocked every year.

 

A new government initiative launched today on the website of the National Cyber Security Centre (NCSC) sounded interesting; at least until the website started delivering broken and insecure HTTP pages in an apparent protest against an encrypted connection.

 

Having to reduce network security to read what the NCSC had to say about staying safe online wasn’t a great start. Worringly, things only went downhill from there.

Campaign to Raise Kids’ Awareness of Online Harms

The new awareness campaign targets pre-teens and young teenagers and is designed to raise awareness of some of the risks they’re likely to encounter when using the web.

 

A key feature is described as an “interactive video learning resource” which amounts to short video clips of a longer story, punctuated by multiple choice questions relating to decisions for staying safe online. For the strictly over 18s, think Black Mirror’s ‘Bandersnatch‘ but on a much tighter budget.

 

“Young people are growing up in an increasingly digital world, exposing them to both the opportunities and risks of the internet,” the NCSC campaign website notes.

 

“CyberFlix highlights some of the most common cyber scams and malicious activity that a pre-teen and teenage internet user might come across and empowers them to make choices to keep themselves more secure online.”

Hard to Believe Nobody Googled “CyberFlix”

For people who never go online, the word ‘CyberFlix’ probably means very little. For a few million others who love movies and TV shows but would rather not pay for them, CyberFlix means watching movies and TV shows but not having to pay for them.

 

The CyberFlix app for Android devices is a reported clone of Terrarium TV, which shut down in 2018 under legal pressure widely attributed to Hollywood. Given its similarities, CyberFlix became a favorite among pirates and as this complaint shows, also a prime target for enforcement groups including the Alliance for Creativity and Entertainment.

 

The problem for the online harms campaign is that when people seek it out by its chosen name, search engines turn up pages and pages of results that link to various CyberFlix-branded apps, most of which are completely dedicated to piracy.

 

If the CyberFlix campaign generates enough interest in its own right, it might be able to improve its position in search results. As things stand the bizarre choice of name means that wherever it ends up, the campaign is likely to be surrounded by piracy apps when people attempt to find it using a search engine.

 

Given the nature of the campaign and the fact that the government is behind it, this apparent blunder is all the more extraordinary.

Reducing Online Harms…

The entertainment industries claim apps like CyberFlix often contain malware and malicious advertising, perhaps the most common online harms encountered by the majority of all internet users. However, determining whether a piracy app is actually malicious isn’t always straightforward since many are able to pass virus/malware scans.

 

That may mean they’re clean but there are no guarantees, especially for apps with CyberFlix branding. There isn’t just one version of the app, many modified versions are available online, most likely under the control of different people.

 

For example, if people in the UK search for ‘CyberFlix’ today (looking for a campaign that reduces their exposure to online harms, perhaps), the item at the very top of Google’s results is a website where visitors can download and receive advice about a particular CyberFlix variant:

 

The advice doesn’t mention the third option (not installing the app at all) but in this case the Android APK (installation) file passes most malware checks. It also communicates with a server in Germany along with other CyberFlix variants. The same server also has connections to other apps, with the majority flagged for some type of malware issue. For whatever reason (probably some of these), Google isn’t happy with it either.

 

In summary, CyberFlix is a) a popular piracy app and b) a government campaign to help kids avoid trouble online. Got it.

 

With more than 13 million books, Z-Library is one of the largest repositories of pirated books on the Internet.

 

The site has millions of regular readers who find a wealth of free knowledge and entertainment at their fingertips.

 

Z-Library’s success was vigorously interrupted late last year when the U.S. Government seized the site’s main domain names. The problems were later exacerbated when two alleged Russian operators were indicted.

 

Following an FBI investigation, the authorities identified Russian nationals Anton Napolsky and Valeriia Ermakova as prime suspects. The pair were arrested in Argentina and await potential extradition to the United States.

Z-Library Comeback

The criminal action brought the site to its knees, but Z-Libary didn’t close its doors. Despite losing two alleged members of its team, on top of more than 200 domain names, Z-Library had no intention of shutting down.

 

The site remained accessible through the dark web and, earlier this year, made a full comeback on the clearnet. The new setup comes with some new features, including a unique subdomain for all Z-Library users, which may make it more difficult for law enforcement to take down the whole operation all at once.

 

Implementing these and other changes required substantial investment so to help pay the bills, Z-Library asked its users to chip in. According to statistics reported by the site, tens of thousands of dollars poured in.

 

After recently adding its 13 millionth book, Z-Library seems stable today. The two defendants in the criminal case are still expected to show up in a U.S. court but when that will happen remains uncertain, at least based on the information available to us.

Defendants Retain U.S. Lawyers with a Russian Twist

Two weeks ago, activity in the criminal docket indicated that Napolsky and Ermakova have both retained U.S. lawyers as their official representatives.

 

Ermakova is represented by Temkin & Associates founder Maria Temkin, who speaks fluent Russian. Attorney Anna V. Brown of Brown Legal Consulting, who also speaks Russian, was added to the record as Napolsky’s lawyer.

 

Both lawyers have links with Russia, where they possibly have roots. Temkin, for example, studied English at the Institute of Foreign Languages in St. Petersburg, while Brown attended the Far Eastern Federal University in Vladivostok.

 

Russia itself also showed a keen interest in the case early on. Soon after the indictment was announced by the US Justice Department, the Russian Embassy in Argentina got in touch with the defendants’ friends and families and questioned whether extraditions are possible.

 

“We proceed from the fact that the current legislation of Argentina does not allow automatic execution of extraterritorial decisions and requests from third states,” the Russian Embassy wrote at the time.

 

“We are counting on a transparent and fair consideration by the Argentine court of the American formal request for extradition, which, to our knowledge, has not yet been received,” the diplomatic mission added at the time.

Many Questions

The Embassy’s comments raise plenty of questions on the status of the two defendants but very little official information has been presented thus far. TorrentFreak contacted the Russian Embassy in Argentina for an update but, at the time of publication, we have yet to receive a reply.

 

Information made available through official channels regarding criminal proceeding is also scarce. The remaining Z-Library team is mostly in the dark as well.

 

“Unfortunately, we don’t have new information on their case, but as far as we know, Anton and Valeriia are still in Argentina now,” the Z-Library team informed us.

 

TorrentFreak reached out to both of the defense attorneys a while ago. Temkin hasn’t responded to our request and Brown declined to comment on the case at this time.

 

The public record shows no sign of any extradition thus far, so we assume that Napolsky and Ermakova are still in Argentina. Without confirmation, they could also be in Russia, the U.S., or any other part of the world.

 

Supported by Hollywood and other content industries, Dutch anti-piracy group BREIN has been battling online piracy for almost a quarter of a century.

 

The non-profit organization has shut down thousands of piracy sites since then, including former torrent giant Mininova and many other notable names.

 

In recent years, BREIN has focused more heavily on deterring users as well. In part, this has been achieved by tracking down persistent pirates and putting them on notice via warning letters.

 

This can be an effective strategy but contacting alleged pirates in the Netherlands is easier said than done. Just a few weeks ago a local court of appeal ruled that Internet provider Ziggo is not required to forward BREIN’s warning letters to subscribers whose accounts were used to share pirated content through BitTorrent.

Warning an eBook Pirate

In this case, BREIN chose not to appeal the ruling. Instead, it was looking forward to a court of appeal ruling in a related case, which was handed down today.

 

The matter involves a Ziggo subscriber who stands accused of offering a library of over 200 e-books to the public through an open directory. BREIN hoped that the ISP would forward a notice to the associated account holder or share their personal details, but Ziggo refused to do so voluntarily.

 

BREIN took the matter to court which last year ruled that the ISP is not required to cooperate with the request. Without a license from the Dutch Data Protection Authority, linking the IP address to the subscriber’s information would violate privacy law. Similarly, sharing the data with BREIN wouldn’t be allowed either.

Court of Appeal Rules on Piracy Warning

Disappointed with this outcome, BREIN immediately filed an appeal. That paid off today when the Arnhem-Leeuwarden Court of Appeal handed a win to the anti-piracy group.

 

“The court finds Brein’s interests in having public access to this library closed via the internet outweigh the infringement of the privacy of Ziggo customers and Ziggo’s interests,” the court’s press service writes.

 

BREIN also requested a ruling that would require Ziggo to comply with its demands in similar cases going forward. Since future cases will have to be judged individually to weigh the interests of both sides, the request was denied.

 

The Court of Appeal ruling means that Ziggo has five days to forward BREIN’s warning notice to the relevant subscriber via email. If this fails to shut down the pirated eBook directory, Ziggo must share the subscribers’ personal details with the anti-piracy group.

 

The Court of Appeal also ordered Ziggo to pay €14,385 towards the anti-piracy group’s legal fees.

Business as Usual

BREIN is pleased that Ziggo must forward its warning but a more straightforward way of reaching pirates in future instances was the overall goal. Speaking with TorrentFreak, BREIN Director Tim Kuik says that it will be “business as usual” for new cases.

 

“That means we need to motivate a request for name and address details on the basis of the Supreme Court’s Lycos/Pessers criteria. An intermediary then needs to assess and make a decision. If it refuses to cooperate BREIN can go to court..,” Kuik says.

The Mircom Angle

Dutch courts are required to weigh privacy rights against the interests of rightsholders to determine whether ISPs are required to comply with disclosure requests.

 

This cautious approach is good for Internet users but BREIN sees it as a major hassle. It also contradicts how these issues are handled elsewhere. In the United States and other countries, for example, ISPs are required by law to forward copyright infringement notices to subscribers.

 

Interestingly, BREIN highlights a note in this week’s decision that references an earlier judgment by the European Court of Justice. In this ‘Mircom’ case, Europe’s highest court concluded that ISPs can be required to share the personal details of alleged BitTorrent pirates.

 

Linking the IP addresses of alleged non-criminal pirates to subscriber details doesn’t by definition violate EU privacy law, the EU court held.

 

However, in the same case, the court also noted that national courts must test each case to appropriately weigh the rights of both parties, to ensure that everything is in accordance with local law.

 

All in all, today’s Court of Appeal ruling is a small victory for BREIN. That said, the battle between privacy rights and rightsholder interests in piracy cases certainly isn’t over in the Netherlands.

 

Pirate IPTV providers and streaming websites offering discounted or even free access to live sports broadcasts are controversial worldwide.

 

Rightsholders say these illegal platforms threaten their business and need to be brought under control. In the European Union, pressure has been building on the European Commission to urgently address the problem, via new legislation if necessary, but responses thus far have left rightsholders underwhelmed.

 

Last October, over 100 rightsholders and organizations, including the MPA, UEFA, Premier League, beIN, LaLiga, Serie A, Sky, and BT Sport, told the European Commission time was running out. Three weeks later the EC rejected demands for legislative instruments or European-wide regulation but promised to come up with a recommendation on mitigation measures under existing law.

 

Following public submissions that mostly underlined rightsholders’ claims that existing law is inadequate, the EC began to prepare its recommendation for combating piracy. A draft leaked to the media last month revealed that rightsholders will be expected to wait for another three years while the situation is monitored for change.

 

Faced with the prospect of no legislative action until 2026, rightsholders vented their disappointment via the Live Content Coalition, well in advance of the recommendation’s official publication.

Two Dozen MEPs Issue Demands at the Highest Level

The Association of Commercial Television and Video on Demand Services in Europe (ACT) is leading the campaign for legislative change on behalf of its members, some of which are multi-billion dollar businesses in their own right.

 

This morning, ACT made public a letter sent to European Commission President Ursula von der Leyen. Dated April 28, 2023, it references the EC’s recommendation due to be published this week or, more accurately, the draft leaked to the media last month.

One Year Monitoring Period

Signed by 24 Members of the European Parliament, the letter is a follow-up to correspondence in March that called on the the Commission to “act decisively, efficiently and with the utmost priority against those who drain our creative economies.” Once again, a refusal to address the problem with urgent legislation is highlighted as a major concern.

 

“As previously outlined, we, together with many of our colleagues remain disappointed that the European Commission proposed a Recommendation despite unambiguous requests from the European Parliament for a legislative instrument,” the MEPs write.

 

“The only encouragement this house received from the European Commission can be found in the response from October 2022 which recognises that this issue should be tackled with urgency allowing for a solid and transparent monitoring system.”

 

The MEPs say they support the implementation of a monitoring period since producing performance data will incentivize “all the players in scope of the Recommendation” to act. What they cannot accept is that the suggested monitoring period, at least according to the leaked draft, is 36 months in duration.

 

“We took note from the press that a current draft of the Recommendation envisages a three-year review period. Such a lengthy timeframe will only benefit malicious actors to the detriment of our European creative and sports industries,” the MEPs warn.

 

“We strongly encourage the European Commission’s services under your authority to ensure that the final Recommendation – to be released in early May – includes a review period that is not longer than one year from publication.”

MEPs Ask EC President to Keep Promises

When the European Commission published its work program last October, it gave assurances that should the recommendation not generate “the desired effects in a timely manner,” further steps would be taken, “including by proposing new EU legislation addressing this significant problem.”

 

It’s unclear whether the leaked draft repeated or omitted that assurance but the MEPs insist that, for the avoidance of doubt, it needs to appear in the recommendation due for publication this week.

 

“Otherwise, our previous exchanges would be contradicted, Madam President, and the European Commission would demonstrate a lack of resolve in defending the rule of law in the European Union and delivering on the Commission’s commitment to ensure that what is illegal offline is illegal online,” the letter concludes.

 

The letter sent to EC President Ursula von der Leyen can be found here (pdf)

 

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only.

 

These torrent download statistics are only meant to provide further insight into the piracy trends. All data are gathered from public resources.

 

This week we have two newcomers on the list. “Ant-Man and the Wasp: Quantumania”, which came out as a high-quality pirate release, is the most downloaded title.

The most torrented movies for the week ending on May 01 are:

Movie Rank	Rank last week	Movie name	IMDb Rating / Trailer
Most downloaded movies via torrent sites
1	(1)	Ant-Man and the Wasp: Quantumania	6.4 / trailer
2	(…)	Scream VI	6.8 / trailer
3	(3)	Avatar: The Way of Water	7.8 / trailer
4	(2)	Ghosted	5.8 / trailer
5	(…)	Peter Pan & Wendy	4.4 / trailer
6	(4)	Shazam! Fury of the Gods	6.3 / trailer
7	(5)	65	5.5 / trailer
8	(6)	John Wick: Chapter 4	8.5 / trailer
9	(10)	Puss in Boots: The Last Wish	7.9 / trailer
10	(7)	The Super Mario Bros. Movie	7.4 / trailer

 

Note: We also publish an updating archive of all the list of weekly most torrented movies lists.

 

 

In the United States, consumer ISPs have been handing over the identities of suspected BitTorrent pirates for years, mostly because a court has compelled them to as part of a copyright infringement lawsuit. It’s not particularly difficult for rightsholders to take this route, but it can be expensive.

 

In the early 2000s, the RIAA hoped to cut costs by obtaining the details of Verizon customers via the DMCA subpoena process. That ultimately failed in 2005 when a court found that subpoenas under section 512(h) only apply to ISPs that directly store, cache, or provide links to infringing material.

 

That decision settled the waters for years but didn’t prevent BMG and anti-piracy partner Rightscorp from trying to identify 30,000 subscribers of ISP CBeyond in 2014. A year later, a court sided with the ISP and rejected calls for a more progressive reading of the law.

 

“It is the province of Congress, not the courts, to decide whether to rewrite the DMCA in order to make it fit a new and unforeseen internet architecture and accommodate fully the varied permutations of competing interests that are inevitably implicated by such new technology,” the judge wrote.

Congress Not Needed

Even though Congress still hasn’t rewritten the DMCA, movie studios known for tracking down alleged BitTorrent pirates in pursuit of cash settlements are increasingly using the DMCA subpoena system anyway. During 2022 and early 2023, Voltage Pictures, Millenium Funding, LHF Productions, and Capstone Studios obtained DMCA subpoenas targeting customers of CenturyLink (now Lumen).

 

The first request of 2022 targeted ‘just’ 13 subscribers, the next sought to unmask 63.

 

Last month a court clerk’s signature approved the pursuit of another 150 CenturyLink customers and soon after another ISP’s subscribers would begin feeling the heat.

Billion Dollar Headache

Like competitor CenturyLink, Cox Communications declined to take part in the ‘Six Strikes‘ anti-piracy initiative in the United States back in 2013. Eventually a more traditional piracy reduction method would resurface.

 

In 2019, the major recording labels of the RIAA successfully argued that Cox could be held liable for copyright infringements carried out by its customers. A Virginia federal jury found the ISP contributorily and vicariously liable and awarded the labels $1 billion in damages.

 

One billion dollars is a huge amount but Cox was also concerned about other things; being forced to disconnect subscribers “based on a few isolated and potentially inaccurate allegations” and concerns that the interests of rightsholders were being elevated above those of “ordinary, and often blameless, people who depend on the internet.”

 

To this background of liability for subscribers’ infringements, while defending the public against potentially baseless claims, Cox Communications now finds itself in the middle of another piracy dilemma.

Another Controversial DMCA Subpoena

The same movie studios that have been targeting CenturyLink subscribers for more than a year have decided that Cox subscribers should receive similar treatment.

 

Last month, Voltage Holdings, Millennium Funding, and Capstone Studios, filed an application for a DMCA subpoena to compel Cox Communications and CoxCom LLC to hand over the details of allegedly infringing customers.

 

Court documents list 41 IP addresses (four of which are duplcates) alleging that corresponding subscribers can be found in Virginia, Louisiana, Nevada, Arizona, Rhode Island, Oklahoma, California, Connecticut and Kansas. The majority stand accused of downloading and/or sharing the 2022 movie, ‘Fall.’

 

Most of the alleged pirates are linked with copies of the movie labeled [YTS.MX], a reference to YTS, the most popular torrent site on the planet. Millenium Media was one of the companies behind a lawsuit and subsequent $1m settlement with YTS back in 2020, which didn’t require the site to shut down.

Sign on the Line

Filed in a Hawaii district court, the application for DMCA subpoena follows a now-familiar format. The application notes that since all required paperwork is in order, it’s the clerk’s responsibility alone to act as the law requires.

 

“512(h)(4) provides that the Clerk, not a Judge should issue and sign the proposed subpoena,” it reads.

 

In common with the subpoenas against CenturyLink, the Cox application describes in detail how courts have ruled that DMCA subpoenas don’t apply to conduit ISPs. However, the application says that given developments in recent years (specifically, a lawsuit BMG filed against Cox itself), there’s a belief that the Tenth Circuit will eventually find that 512(h) does apply to conduit ISPs after all.

 

“For these reasons, the undersigned request that the Clerk of the Court expeditiously issue and sign the proposed subpoena and return it to the undersigned…to be served on the service provider,” it concludes.

 

The DMCA subpoena application was signed by the clerk the very same day so, in all likelihood, Cox has already been served. Cox hasn’t filed a motion to quash as far as we know, which may suggest it intends to recognize the validity of the subpoena by handing over its subscribers’ details to the movie studios.

512(h) is Ambiguous, Concentrate on the Clerk

In a 2021 submission to the Copyright Office on the CASE Act, the powerful Copyright Alliance noted a submission by Verizon which called for the Office to “create guidance for its Claims Attorneys that any Section 512 (h) subpoenas directed to a Section 512 (a) mere conduit service provider must be issued by a federal judge and not by a clerk of a court.”

 

Describing the issue as “highly contested” and 512(h) itself as “ambiguous” according to the Copyright Office, the Copyright Alliance pointed out that it isn’t the Copyright Claims Board’s job to get involved.

 

“In any event, it is the clerk of a federal district court – not the CCB – who will determine whether to issue a subpoena under Section 512(h),” the Alliance advised.

 

Presumably this is exactly what Congress intended, or maybe not. Either way, ISPs with repeat infringer lawsuits pending seem unlikely to rock the boat in a rush to find out.

 

ISPs on firmer footing probably won’t find themselves targeted in future applications but that won’t stop them being filed, most likely in increasing numbers.

 

The DMCA subpoena application and IP list can be found here (1,2, pdf)

 

Every day, millions of people from all over the world submit posts, comments, and other content to Reddit.

 

In many cases, discussion comments are read and soon forgotten but several old threads were brought back to life recently as part of a piracy liability case.

Redditors as Evidence

The comments in question were picked up by Kerry Culpepper, a copyright attorney who leads several piracy lawsuits against Internet providers on behalf of independent film companies.

 

In the case at hand, the makers of The Hitman’s Wife’s Bodyguard, London Has Fallen, Hellboy and other films, accuse Internet provider RCN of not doing enough to stop subscribers from pirating on its network. Instead of terminating the accounts of persistent pirates, the ISP turned a blind eye, the filmmakers argued.

 

The main lawsuit was filed at a federal court in New Jersey and the parties are in the process of gathering evidence. As part of this quest, the filmmakers stumbled upon responses from nine Reddit users, whose comments are potentially relevant to the dispute.

 

For example, a comment from Redditor “ChikaraFan” noted the following regarding RCN’s handling of copyright infringement emails:

 

“Seems extremely rare if ever. RCN seems fairly lax…no data caps. I looked up before I switched and had little trouble.”

 

Reddit doesn’t usually give up the identities of its users. However, in February the movie companies obtained a subpoena asking Reddit to share the personal details of nine users, including relevant IP-address logs.

Reddit Objects

Reddit was unhappy with the subpoena, characterizing it as overbroad. According to Reddit’s lawyers, the subpoena was more akin to a fishing expedition than regular evidence gathering. As such, Reddit only handed over the details of one user whose comment mentioned RCN, denying other ‘less relevant’ ones, citing the users’ First Amendment right to anonymous speech.

 

This refusal to hand over user data triggered the filmmakers to file a motion to compel. Since the subpoena was issued in California, the motion was handled there as well, separate from the main lawsuit.

 

The case was heard last week by U.S. District Court Magistrate Judge Laurel Beeler via a virtual hearing over Zoom. Since Reddit previously handed over information relating to one user, the identities of eight others was at stake.

 

From the get-go, the Judge said that she was inclined to deny the motion to compel, thereby protecting the Redditors’ right to anonymous speech. The film companies’ attorney, Kerry Culpepper, was still allowed to present his arguments.

 

Culpepper argued that the comments are highly relevant to show that RCN didn’t have a proper repeat infringer policy. In addition, they could help to show that RCN can monitor its subscribers and that its lax policies acted as a draw to potential customers.

 

As the only party able to identify the commenters, Reddit’s role is essential, the filmmakers’ attorney said. Without Reddit’s help, obtaining this information simply isn’t possible.

Anonymous Speech Outweights Rightholders’ Interests

While Judge Beeler acknowledged the potential interest the filmmakers have in the user data, in this case the Redditor’s right to remain anonymous outweighs the interests of the rightsholders.

 

According to the court, the comments are too general and, for some users, it is not even clear that they’re RCN customers. When added to the fact that the subscribers are not suspected of any wrongdoing themselves, the balance tips in favor of the Reddit users.

 

“The court denies the motion to compel and quashes the subpoena because on this record, the First Amendment bars the discovery,” Judge Beeler writes in her order, issued shortly after the hearing.

Other Ways to Get Information

The court’s standard for review was whether the Redditors’ comments were directly and materially relevant to a core claim or defense. Judge Beeler doesn’t believe that’s the case here, as there are other ways for the filmmakers to back up their claims against RCN.

 

For example, through discovery, the plaintiffs can obtain information about RCN’s repeat infringer policy and data caps from the company itself.

 

The above-mentioned comment from the user ChikaraFan was the “closest call” according to Judge Beeler. It makes sense for the filmmakers to want this evidence but Reddit doesn’t have to share the user’s personal details.

 

“ChikaraFan was apparently drawn to RCN’s lack of ‘data caps,’ which is another technical issue that can be illuminated by discovery from RCN itself,” Judge Beeler writes.

 

“Even as to the issue of customers being drawn to RCN, the question here is whether the information is available from ‘any’ other source. It is implausible that this one (First Amendment protected) user is an irreplaceable source.”

 

The denial means that the identity of the eight Reddit users won’t be shared with the filmmakers. While these users aren’t accused of any wrongdoing, not being dragged into a copyright dispute through the side door is likely to be a relief.

 

—

 

A copy of U.S. District Court Magistrate Judge Laurel Beeler order on the motion to compel is available here (pdf)

 

Online piracy has always been linked to computer viruses and similar badware but for years that connection was rarely exploited by groups hoping to deter piracy. KaZaA and LimeWire users needed no reminder, of course.

 

Several years ago, TorrentFreak was reliably informed that anti-piracy groups were preparing to push the piracy/malware nexus into the mainstream. What followed was a series of reports and PSAs that focused on ‘concerns’ that pirates were being infected with malware, but skipped over important details such as ‘where’ and ‘how’.

 

“Don’t use pirate sites,” was the best advice on offer; security software was never mentioned.

Why This Type of Messaging Fails

To be fair, issuing advice on how to safely navigate the high seas would’ve been counterproductive to the point of encouraging piracy. But more fundamental than that, almost all campaigns and press releases relied on bare statements about malicious ads, malware, phishing, fraud, identity theft and banking trojans, accompanied by zero supporting evidence.

 

In internet speak it was “Trust me, bro” versus “Pics or it didn’t happen.” The pics never arrived and only reluctantly do people trust random strangers, even those who want to prevent pirates’ houses burning down.

 

At least in the early days, we tried to encourage those making the claims to back them up. Letting people see how malware works didn’t have to amount to technical piracy advice, but there was always a chance they might see those pushing malware on them in new light.

 

Lecturing people and expecting compliance often leads to immediate pushback. Educating people helps them to make their own choices and, if all goes well, they may come along voluntarily.

Don’t Tell People What To Think – Show Them

A video published by Linus Tech Tips earlier this month is a great example of how to reach out to people. In just two weeks it’s been viewed over 2.3 million times, with viewers not only learning why cheap piracy-configured boxes should be avoided, but also being shown exactly why.

 

But first, Linus gets to break the ice in a way no anti-piracy executive would dare. After describing himself as part of the Napster generation (he would’ve been around 14 at the time) he implies that he may have first hand experience of the topic in hand.

 

“[A]s part of the Napster generation I may or may not have dabbled myself at some point. No judgment,” he says.

 

“However, it’s important to remember that the kinds of folks who are willing to help you circumvent copyright law tend to be the same kinds of folks who don’t care about other laws either. Like privacy or data collection laws. To which you might think, ‘come on, Linus, how bad could it be?’.”

 

At this point Linus shows the viewer just how bad things can get with some of the most popular Android boxes sold on platforms including Amazon and eBay. Anyone who peruses the device sections on either of those sites will have seen at least one of the examples in the video. Rest assured, the video won’t help their sales moving forward.

Just the Facts, No Preaching, No Lecturing

While Linus is in the fortunate position of not being in a job that pays him to tell people to stop pirating, he clearly understands his audience. He also sticks to the topic in hand.

 

“And I’m not gonna stand here and tell you to pirate or not to pirate. I’m just gonna tell you to practice safe computing, and this ain’t it,” he says.

 

The video was well received and while it isn’t an anti-piracy commercial, the end result is effortlessly more effective, based in fact, and achieved without drama. It also has 5,000+ comments, suggesting excellent viewer engagement, something the professionals simply cannot match.

 

Two videos (1,2) produced by the United States’ StreamSafely campaign released in 2020 have around 2,500 combined.

 

To be clear, that’s 2,500 views overall – the videos have a grand total of zero comments. To be fair they’re not as bad as those figures suggest but without context they are dry and without a slither of supporting evidence, they’re ultimately meaningless.