Generally speaking, pirates tend to dislike restrictions, because more often than not, restrictions mean either less piracy or less convenient piracy.

News from Amazon last month indicated that apps linked to piracy would start to face new restrictions when sideloaded to Fire TV devices, although exactly how that would manifest itself was still unknown.

The ‘announcement’ was ‘quietly’ delivered via the media and spread quickly. That produced predictable headlines, mostly warning of an Amazon Crackdown / Piracy Ban plus additional drama conjured up from nowhere.

First Apps Flagged By Amazon

While there are reports that more than one app has been flagged by Amazon since then, one stands out for being reported most often, backed up by independent screenshots showing Amazon’s message.

BeeTV is an Android-based app providing access to pirated movies and TV shows. In one form or another, BeeTV apps have been around for years. That’s not because of longevity and continuity as a single app, but because anyone with an app looking for installs can put a BeeTV logo on it and get instantly recognized.

As the image shows, when Fire TV users tried to sideload a BeeTV app, Amazon spotted it too.

BeeTV Meets Amazon ‘Crackdown’

While the message is clear, Amazon’s alleged crackdown is accompanied by a convenient one-click circumvention option. This is not exactly as some have advertised, and it may, or may not, be the start of a tapered approach..

For some, that’s still enough to arouse scattered suspicions that ‘Launch Anyway’ could lead to being flagged by the authorities or reported to anti-piracy groups. Theoretical consequences such as these do give some people pause for thought, but overall deterrent value seems limited, as the disguised Reddit thread below suggests.

What Happens After ‘Launch Anyway’? 

NOTHING

So does nothing happen, or does nothing appear to happen?

Something Happens: Free Movies & TV Shows plus Bonus Extras

The most popular BeeTV variants appear to be at versions 4.4.4 to 4.4.7, with various MOD versions promising no advertising. We carried out a series of tests on all three versions and can report that many things can happen, but conveniently the user sees nothing.

Our assessment here is based on what an app like this needs to function. For pragmatic reasons, allowances are made for monetization via ads etc. with additional ‘functionality’ viewed case-by-case. Declared permissions that go beyond those needed for a regular app to provide the same services are generally unacceptable by default.

Without granting permission to access the internet, not much will happen, and in the event functionality exists to download a video, denying access to external storage would be an issue too. Let’s assume all permissions are granted, and since many users will also sideload the app onto their cellphones, we will cover some of the main issues across all devices at the same time.

Permissions Permissions Permissions

Here’s just some of what the app can do, beyond what it needs to be able to do. We’ll consider the implications later.

• Location: Even with allowances made for access to localized content, identifying the user’s approximate location is not the same as always being able to identify a user’s location accurate to a few feet.

• External Storage Read/Write: The app has broad access to external storage, including read/write permissions. What people store on their devices tends to vary depending on the individual.

• Bookmarks/Browsing History: Tests indicate the app not only has permission to read bookmarks and browsing history, it can write to them as well.

Other Security Issues of Concern

• SMS/Call Logs: When providing access to a movie or TV show, there’s no reason why the app should obtain the name of the device’s network operator. Being able to query a user’s SMS messages and obtain their content definitely isn’t needed, nor is it acceptable to query a device’s contact list, or access its call logs.

There are also some serious issues on the technical side outside the scope of this article, but one apparent double standard is worth highlighting.

On one hand, the app uses SSL certificate pinning to prevent MITM attacks (eavesdropping) on communications it aims to keep private. On the other, it proactively enables cleartext traffic, which enables eavesdropping (and modification) of transmitted data it presumably wishes to see (and potentially tamper with), without being detected by the user.

What Could Possibly Go Wrong?

Apart from intercepting unencrypted network traffic, potentially including credentials, API keys, and other sensitive information, a potential attacker could track the user’s location in real-time. This could enable anything from stalking to targeted phishing attacks based on known daily routines, augmented by information from contact lists, call logs, and the content of SMS data.

If more data was needed to carry out identity theft, a simulated identity theft warning sent to the user by SMS, claiming to be from the user’s own bank (confirmed by entries in their contact list and SMS), could lead to some people clicking a link to a bogus banking page. They might even be persuaded to hand over the rest of their info.

Of course, savvy users don’t click links in unsolicited messages, it’s too risky. Instead, they visit their own bank with a communication that they themselves initiate; just quickly dig out the bookmark and……

Almost Nothing Happens?

In summary, then, aside from launching at boot and the ability to install additional software, the app can harvest personal information, obtain information on contacts, and the content of their messages on the device. It can intercept communications, manipulate device behavior, and track movements and activities in real-time, while recording locations (home, workplace, gym) and times.

On the plus side, version 4.4.4 does not appear to have the ability to use a device’s camera to photograph anything it likes, at any time, without the user’s knowledge or permission. It’s an oversight that seems to have been ‘corrected’ in 4.4.7.

There are the movies and TV shows to consider, of course, accessed from well over 200 pirate site domains embedded in the app. There’s also the superficially ‘clean’ detection reports on VirusTotal to put any remaining doubts to rest.

A fitness app carrying out 24/7 monitoring wouldn’t be flagged for being malicious, and there’s not much difference in this case either. The app asked for permission, and without considering intent, permission was granted. There’s not much that can be done about that.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Monday 8 December 2025 at 4:58 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of November): 5,412

RIP Matrix

In 2023, Lithuania amended its Code of Administrative Offenses, allowing media watchdog LRTK to fine pirates, without going to court.

This legislative change was specifically designed to deter piracy in the European country. With potential fines on the line, pirates would reconsider their habits, the idea was.

Tracking Torrent Tracker Pirates

Over the past two years, dozens of fines were handed out. The targets were mostly first-time offenders who received the minimum fine of 140 euros. For repeat offenses, however, fines can potentially reach 850 euros.

What makes these fines stand out is that LRTK predominantly targets users of the private torrent trackers Linkomanija and Torrent.lt. These are two of the most-visited pirate sites in the Eastern European country.

The media watchdog does not only target local piracy communities; it also focuses on protecting locally produced media. In a recent announcement, LRTK notes that, this year, it fined more than 30 people who shared a copy of the film “Pietinia Kronikas” (The Southern Chronicles).

These targets are again linked to the Linkomanija and Torrent.lt torrent trackers, and ten of them were fined in November, suggesting an increase in enforcement activity.

In most cases, the suspects were fined in their absence, as they failed to respond to inquiries from the media watchdog.

“The LRTK contacted the violators in writing, requesting explanations and inviting them to participate in the investigation of the administrative offense. However, the majority of individuals did not respond to the invitations and failed to appear for the investigation,” LRTK writes.

From 250+ Blocked Domains to Malware Threats

In addition to targeted fines, the regulator is also expanding its site blocking efforts. According to new figures, LRTK blocked more than 700 IP addresses and 250 domain names linked to pirate sites in 2025 alone.

Andrius Katinas, Head of the Supervision Division at LRTK, admits that while piracy activity has decreased, it remains a significant problem. Therefore, the regulator is adding a “consumer safety” narrative by warning that pirate sites are linked to malware and other cyber threats.

In a report by local news outlet Delfi, the watchdog links pirate sites to data theft, malicious software, ransomware, stolen credit cards or bank details, compromised accounts, and hacked social media.

“These cases constantly happen,” Katinas warns. “Individuals who lost access to their personal or work accounts often receive offers to recover them for a ransom, are threatened with the publishing of compromising content, or are otherwise manipulated.”

Changing Piracy Rates?

There is no silver bullet to stop piracy. While site blocking, fines, and awareness campaigns have some effect, some people continue to return to pirate sites. That includes the heavily targeted Linkomanija and Torrent.lt trackers.

Historically, piracy rates have always been high in Lithuania, but, according to LRTK Chairman Mantas Martišius, piracy is now clearly on the decline.

Martišius notes that enforcement has paid off. Importantly, however, the economic situation in Lithuania is improving, so people now have the opportunity to spend money on legal platforms and services.

All in all, LRTK is adamant that its efforts to curb piracy are paying off. That becaome apparent earlier this year when the watchdog publicly criticized data reported by piracy tracking firm MUSO, stressing that “Lithuania is no longer the leader in piracy”.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Sunday 7 December 2025 at 4:10 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of November): 5,412

RIP Matrix

The New York Times has escalated its legal battle against the AI startup Perplexity, as it’s now suing the AI “answer engine” for allegedly producing and profiting from responses that are “verbatim or substantially similar copies” of the publication’s work.

The lawsuit, filed in a New York federal court on Friday, claims Perplexity “unlawfully crawls, scrapes, copies, and distributes” content from the NYT. It comes after the outlet’s repeated demands for Perplexity to stop using content from its website, as the NYT sent cease-and-desist notices to the AI startup last year and most recently in July, according to the lawsuit. The Chicago Tribune also filed a copyright lawsuit against Perplexity on Thursday.

The New York Times sued OpenAI for copyright infringement in December 2023, and later inked a deal with Amazon, bringing its content to products like Alexa.

Perplexity became the subject of several lawsuits after reporting from Forbes and Wired revealed that the startup had been skirting websites’ paywalls to provide AI-generated summaries — and in some cases, copies — of their work. The NYT makes similar accusations in its lawsuit, stating that Perplexity’s crawlers “have intentionally ignored or evaded technical content protection measures,” such as the robots.txt file, which indicates the parts of a website crawlers can access.

Perplexity attempted to smooth things over by launching a program to share ad revenue with publishers last year, which it later expanded to include its Comet web browser in August.

“By copying The Times’s copyrighted content and creating substitutive output derived from its works, obviating the need for users to visit The Times’s website or purchase its newspaper, Perplexity is misappropriating substantial subscription, advertising, licensing, and affiliate revenue opportunities that belong rightfully and exclusively to The Times,” the lawsuit states.

The NYT is seeking damages and is also asking the court to permanently block the AI startup from engaging in its allegedly unlawful behavior. “Publishers have been suing new tech companies for a hundred years, starting with radio, TV, the internet, social media and now AI,” Perplexity spokesperson Jesse Dwyer said in an emailed statement to The Verge. “Fortunately it’s never worked, or we’d all be talking about this by telegraph.”

Update, December 5th: Added a statement from Perplexity.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Saturday 6 December 2025 at 3:27 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of November): 5,412

RIP Matrix

Over the past few months, Belgium has issued several site-blocking orders targeting hundreds of piracy-linked domain names.

These blockades follow a newly instated two-step process. A local court first issues a blocking order, after which a special government body determines how it will be implemented. This process aims to prevent errors and overblocking.

Pirate DNS Blocking

While site blocking is common in Europe, these new Belgian blockades go beyond the typical ISP blockade. Similar to France and Italy , the orders were also directed at third-party public DNS resolvers.

The first implementation order, issued by the Belgian Department for Combating Online Infringement in April, required both ISPs and DNS resolvers to restrict access to pirate sites. Specifically, Cloudflare, Google, and Cisco’s OpenDNS were ordered to stop resolving over 100 pirate sites or face fines of €100,000 euros per day.

This order prompted significant pushback, most notably from Cisco, which ceased operating its OpenDNS service in Belgium soon after the order was announced.

In July, another order by the Belgian authority ordered blockades of shadow library websites, including Libgen, Zlibrary, and Anna’s Archive. This sweeping court order required ISPs to take action and also involved other intermediaries, such as hosting providers, search engines, and DNS services.

The underlying court order also called for a broad blockade of the Internet Archive’s Open Library service. While that was ultimately prevented, the involvement of a broad range of intermediaries caused concern about the escalating scope of the blocking orders.

New ‘Limited’ Piracy Blocking Order

On November 26, the Belgian Department for Combating Online Infringement published a new blocking implementation order. While this effectively adds dozens of new domains to the Belgian blocklist, the scope of this order is surprisingly limited.

Instead of casting a wide net, the order strictly targets Belgium’s five major Internet Service Providers: Proximus, Telenet, Orange Belgium, DIGI Communications Belgium, and Mobile Vikings.

From the order

The list of “addressees” no longer includes the DNS resolvers, Google, Cloudflare, and Cisco, which were central targets in the April blocking order. There is no mention of hosting services, advertisers, or other intermediaries either.

The official implementation order does not mention the rightsholder(s) who requested the blocking measures, nor does it mention the targeted sites. However, the blocked domains are published in a separate spreadsheet showing that 1337x, Fmovies, Soap2Day, and Sflix branded domains are among the key targets.

From the blocking spreadsheet
 

Since these pirate targets often switch domain names to evade enforcement, rightsholders can submit a new list of mirror sites or proxies once per week, capped at 50 new domains per week. When these are approved by the Belgian Department, ISPs have five working days to update the blocklist.

Retreat or a Pause?

The decision to exclude DNS resolvers from this latest order is likely not a coincidence. It might very well be a direct consequence of the legal pushback Cisco initiated earlier this year, when it appealed the April blocking order at the Brussels Business Court.

This appeal was not without result, as the court suspended enforcement of that blocking order against Cisco in July, after which OpenDNS became available again in Belgium.

“The OpenDNS service has been reactivated in Belgium following a decision by the Brussels court to suspend enforcement of the order requiring Cisco to implement DNS blocking measures. The suspension of the order is pending a final ruling in the legal proceedings which remain ongoing,” a Cisco representative wrote in a community update.

To find out more about the suspended blocking measures, we reached out to the Belgian Department for Combating Online Infringement, which did not respond to our inquiry. Without further details, we don’t know whether the suspension also applies to other DNS resolvers. Confusingly, the official transparency portal makes no mention of an appeal at all.

It is likely, however, that since the legality of the blocking orders against third-party DNS resolvers is still being litigated, rightsholders have chosen to limit their blocking requests to ISPs. This would suggest that it’s a pause, not a formal retreat.

—

A copy of the latest blocking implementation order, published by the Department for Combating Infringements of Copyright and Related Rights Committed Online and the Illegal Exploitation of Online Games of Chance on the 26th of November, 2025, is available here (pdf).

The full blocking spreadsheet, last updated November 26, is available at the Belgian government website.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Saturday 6 December 2025 at 3:26 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of November): 5,412

RIP Matrix

While Australia’s site-blocking mechanism has made few enemies since 2018, it hasn’t been known for being fast.

As discussed earlier this year, accuracy has traditionally been favored over speed, which is contrary to less cautious approaches taken in other countries.

After an unprecedented request and cooperation from the Federal Court, Australia will now step up several gears and show whether it can achieve both.

Not Just Another Blocking Order

When Justice Halley handed down his order in Universal City Studios LLC v Telstra Limited [2025] FCA 1390 on November 12, in most respects it was much like any other issued in recent years.

Member studios of the MPA – Universal, Disney, Paramount, Columbia, Warner Bros., Netflix and Apple (plus Viacom) requested an injunction under Section 115A of the Copyright Act, requiring around 50 local ISPs (operating as Telstra, Optus, Vocus, TPG Telecom, Aussie Broadband and Superloop) to block 52 overseas-based pirate streaming sites.

The copyright works applicants aim to protect necessarily play a key role in blocking proceedings. The difference in this case was the emphasis placed on the Universal Pictures movie Wicked: For Good and its inevitable appearance on high-traffic sites using familiar branding: HydraHD, Hurawatch, Braflix, Soap2Day, MyFlixer, HiAnime, OnionPlay, 123movies, SolarMovies, Gomovies, Fmovies – the list goes on……and on.

With Wicked: For Good‘s international release scheduled for November 17, Australian ISPs agreed to take all reasonable steps to disable access to 23 sites as a matter of urgency, with the remaining 29 to be blocked within the usual span of 15 business days.

In order to have a fighting chance against adaptable piracy platforms, a dynamic blocking order was issued, meaning that new domains and IP addresses could be added to deal with the inevitable countermeasures. Under normal circumstances, that can take time but for Wicked: For Good‘s theatrical release in Australia, time was already running out.

Additional Urgent Access Means

Less than two weeks after handing down the initial order, Justice Halley was handing down a second. Dated November 25, the order reveals that studios filed an urgent application for an order to tackle countermeasures deployed by the sites.

Operating from new domains, described in the order as “Additional Urgent Access Means”, the sites were already illegally distributing Wicked: For Good which was set to continue playing in theaters in Australia until the end of 2025.

New domains, IP addresses, and/or URLs are normally reported by rightsholders to the ISPs, who are then expected to respond within seven working days. If neither the respondent nor the court requires the matter to be relisted, the ISPs have a further 15 working days to disable access.

The prospect of the movie being distributed unhindered for free until Christmas Eve was considered unacceptable.

Urgent Additional Blocking Order

On November 28, just over two weeks after handing down the initial blocking order, Justice Halley authorized a second.

In response to the studios’ calls for urgency, Universal City Studios LLC v Telstra Limited [2025] FCA 1485 targeted the ‘Additional Urgent Access Means’ (new domain names/IP addresses/URLs) deployed by the sites to circumvent the previously implemented blocks.

The court recognized that standard procedures, which require notification and then a response period, would allow the sites to operate unhindered for at least 22 days.

“This would have the consequence that those sites would remain accessible for the majority of the theatrical release period for the film ‘Wicked: For Good’ which would have the likely effect of reducing the commercial success of the film as infringing copies of the film would be available without charge from the Additional Urgent Access Means,” Justice Halley noted in his order.

Rapid Response

To combat this, the new order required the ISPs to disable access to the new means of access, whether domain names, IP addresses, or URLs, by 4.00 pm on Friday, November 28, 2025. As far as we’re aware, a response time this short is unprecedented in Australia.

The ability to quickly respond to blocking countermeasures is crucial. For Australia, this is new territory but shouldn’t be unnecessarily difficult. However, as months of delay have decreased to weeks and now just days, rightsholders elsewhere in the world – especially in the live sports arena – still aren’t satisfied, even when blocking takes place within hours. In some areas, rightsholders consider 10 minutes to be reasonable.

Under those demands, Australia’s traditional accuracy would face challenges, with or without a reduction in overall piracy rates. Right now, despite aggressive worldwide blocking measures, piracy continues to trend up.

The orders dated November 12 and November 28 are available here and here

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Friday 5 December 2025 at 3:46 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of November): 5,412

RIP Matrix

A report published by the European Commission last month assessed whether its Recommendation of May 2023 had made a difference in the fight against pirated streams.

No significant improvement” was the downbeat conclusion.

From the perspective of top-tier Spanish football league, LaLiga, new legislation is the only workable solution, and it needs to be implemented in Europe, sooner rather than later.

LaLiga Claims to Have Slashed Piracy in Half, Give or Take

At the same time as urgently calling for new legislation, LaLiga claims to have reduced piracy of its content in Spain by as much as 60%. This was achieved under existing legislation for the season that concluded at the end of the summer. A 40% reduction, the lower figure previously cited by LaLiga, would still be unprecedented.

Yet, in the context of LaLiga’s court-ordered authority, which permits aggressive blocking of almost any site or service facilitating access to pirate streams of its premium content, such results are not absolutely impossible, at least in measured short bursts. LaLiga regularly laments Cloudflare’s refusal to prevent piracy platforms from using its services and for every week that remains the case, Cloudflare IP addresses – utilized by pirates and regular customers alike – are blocked by Spanish ISPs.

LaLiga reports that in May 2025, 38% of piracy involving LaLiga content “was distributed through Cloudflare’s infrastructure.” So at least on paper and without considering circumvention and other factors, aggressive yet effective blocking of Cloudflare would in theory be sufficient to claim a ~40% reduction in piracy rates.

The problem, which has thus far proven impossible to solve, is how blanket denial of service to piracy platforms can be executed without subjecting innocent parties to the same fate.

Internet Private Security Guard

As Head of Web Application Protection at DDoS-Guard, a Russian Internet company providing protective online services, Dmitry Nikonov understands the importance of connectivity. Operating in broadly the same market as Cloudflare, DDoS-Guard has been paying close attention to the events playing out in Spain.

LaLiga’s legal authority allows it to block Cloudflare and in the event that DDoS-Guard’s services also become a concern, there would be no legal barrier to prevent it from being treated in much the same way. The consequences of non-compliance seem to have alarmed Nikonov.

“This is happening right now, in the fall of 2025, and the scale of this phenomenon is astonishing. It seems LaLiga is beyond control,” Nikonov writes in a column for Forbes Russia.

“LaLiga can essentially apply a ‘piracy’ mask to entire ranges of addresses, often affecting endpoints that are not directly related to illegal broadcasts.”

‘Private Regulation’ of the Internet

Nikonov believes the authority delegated to LaLiga should serve as a wake-up call for the global internet. He says that the authority to interfere with internet functioning has elevated the company to a powerful position; the big question is whether anyone can do anything about it.

“LaLiga is becoming a private regulator: not a state or an independent regulator, but a commercial organization that has delegated authority to interfere with network infrastructure. Football matches have become the pretext for a large-scale experiment on the internet, testing whether there is anyone to protect its freedom,” Nikonov says.

“If the football league has such powers today, then nothing will stop other major players from acquiring them tomorrow. We’re talking about media holdings, streaming companies, and corporations for whom content is not entertainment, but a source of profit.”

Trade Barriers, No Legal Recourse

In a late October submission to the 2026 National Trade Assessment Report, Cloudflare warned the Trump administration that Spanish courts allow rightsholders to request “overbroad court orders” that cause collateral damage affecting tens of thousands of legitimate websites.

Since the Spanish government has chosen not to intervene, and “no judicial opportunity for remedy” currently exists, Cloudflare said that creates “significant trade barriers between the countries.”

Nikonov uses similar terms to those used in a Cloudflare-commissioned report released in the summer. “The internet will become fragmented,” he says, before reminding readers that state institutions won’t be responsible, but commercial organizations shielded by government.

“This scheme avoids public debate (the Spanish parliament refused to consider the issue, citing a court ruling) and instead considers the proportionality of the measures. Under the guise of copyright protection, a tool is emerging that allows commercial players to directly influence the accessibility of parts of the internet, bypassing legal proceedings.

“Access to resources will be determined not by technical standards, but by the interests of private corporations with administrative resources,” he warns.

More Powerful Tools Than Previously Reported?

Nikonov suggests that more powerful tools are being deployed in Spain, beyond simple DNS blocking. He claims that a key role belongs to the National Telecommunications Market Commission (CNMC), which, at the behest of LaLiga issues “mandatory directives” to all Spanish ISPs, urging “the fastest possible compliance.”

“[This] effectively forces them to implement DNS and BGP filtering. Border Gateway Protocol is the primary dynamic routing protocol on the internet,” he continues.

A phrase often used to convey the importance of BGP is simple but effective: BGP is the glue that holds the internet together. That’s not overblown or alarmist; but some would argue that meddling with it is.

“As a result, telecom operators are becoming the enforcers of state anti-piracy policies. What we’re facing is no longer an isolated failure, but a testing of a model that sets a precedent for new internet governance — a private corporation, through the regulator, gains de facto access to leverage over network infrastructure.”

Regulation and Using the Same System For ‘Something Else’

It’s possible that at some point there will be calls for site blocking to be regulated, but according to Nikonov, some may welcome that with open arms.

“[M]odern digital ecosystems are structured in such a way that anyone who gains access to regulatory levers automatically gains power over the infrastructure used by millions of people. In other words, the internet today is no longer a distributed network, but a set of control points, each of which becomes a juicy target,” he notes.

“And if today this point is used to protect football broadcasts, tomorrow it will be used for something entirely different.”

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Thursday 4 December 2025 at 4:30 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of November): 5,412

RIP Matrix

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only.

Downloading content without permission is copyright infringement. These torrent download statistics are only meant to provide further insight into piracy trends. All data are gathered from public resources.

This week we have two newcomers on the list. “Predator: Badlands” is the most shared title.

The most torrented movies for the week ending on December 1 are:

Note: We also publish an updating archive of all the list of weekly most torrented movies lists.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Wednesday 3 December 2025 at 5:05 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of November): 5,412

RIP Matrix

The Supreme Court case between several major record labels and Internet provider Cox Communications is one of the landmark copyright battles of this decade.

The outcome will determine how Internet providers should deal with pirating subscribers on their networks.

The Supreme Court must decide whether an ISP can be held liable for failing to disconnect repeat copyright infringers. In addition, it must determine if this ‘inaction’ amounts to willful copyright infringement, even if the ISP wasn’t aware that its specific conduct was illegal.

Supreme Court Hearing

Yesterday, the Supreme Court heard oral arguments in the case, grappling with these questions for nearly two hours. The justices critically questioned all sides in their effort to form a final opinion.

Cox’s attorney, E. Joshua Rosenkranz, began by arguing that it would be a dangerous expansion of the law to hold an ISP liable for the actions of its subscribers.

He argued that under the “purpose” standard, liability should only apply if an Internet provider takes “affirmative steps” to facilitate copyright infringement. For example, by advertising piracy services.

Rosenkranz added that, under the record labels’ theory, Cox would be liable for failing to take action against alleged crimes. That would essentially turn ISPs into the “Internet police” with devastating consequences.

“[T]he consequences of Plaintiffs’ position are cataclysmic,” Rosenkranz said, noting that universities, hospitals, and entire towns would risk being disconnected from the Internet.

“Turning Internet providers into Internet police for all torts perpetrated on the Internet will wreak havoc with the essential medium through which [the] modern public engages in commerce and speech,” Rosenkranz added.

The “Gun Dealer” Analogy

At the hearing, several justices seemed skeptical of Cox’s claim that inaction is fine. Justice Sonia Sotomayor was particularly aggressive, stressing that Cox could know exactly which subscriber accounts were infringing but simply opts to do nothing.

To illustrate her point, Justice Sotomayor challenged Rosenkranz with a vivid analogy.

“If I’m a gun dealer and I’m selling to someone who says to me, ‘I’m going to kill my wife with this gun,’ I think the common law would say you knew what he was going to do with the gun; you joined in. Why isn’t your continuing to provide Internet service the same?”

Cox’s attorney responded by noting that, unlike a murder weapon, an internet connection has substantial legal uses. However, the challenges were not over yet.

Justice Ketanji Brown Jackson continued to test Cox’s theory that “inaction” does not create liability. She presented an even more extreme hypothetical scenario featuring an addicted infringer.

“Suppose I come to you and I want to buy your services. I tell you that I as a customer am addicted to infringing on the Internet. I’ve been sued before. I know what I’m doing is illegal, but I just keep doing it. And not only that, Cox, based on where I live, is my only option.”

Rosenkranz replied that even in that extreme scenario, selling internet access would not create liability for Cox, adding that the music companies or other rightsholders could sue this hypothetical piracy addict instead.

The “Meaningless” Safe Harbor

Representing the record labels, attorney Paul Clement stressed that Cox was not an innocent bystander but a “willfully blind” party that profited from piracy. He pointed to Cox’s internal communication, in which employees expressed contempt for the law, including a now-infamous “f*** the DMCA” email.

The attorney, backed by Justice Kagan, argued that Cox’s legal theory is fatally flawed. If an ISP can never be liable without taking affirmative steps to encourage piracy, then the DMCA’s “safe harbor” would be unnecessary.

“Why would anybody care about getting into the safe harbor if there’s no liability in the first place?” Justice Kagan asked. And after follow-up questioning, Cox’s attorney agreed that the safe harbor is not doing anything under their suggested liability rule.

“Mass Evictions” & “BitTorrent Throttling”

While Cox was grilled on the ‘inaction’ vs. ‘intent’ issue, the record labels faced tough questions over the requested Internet disconnections. Justices Alito and Gorsuch appeared concerned that the record labels’ liability standard would force ISPs to disconnect thousands of innocent people.

Justice Alito specifically asked attorney Clement how an ISP is supposed to respond to repeated piracy notices if their customer is a university with 50,000 students.

Clement argued that ISPs and rights holders could simply “have a conversation” to resolve such issues, a suggestion Cox’s attorney later dismissed as a “terrible answer” for a company facing “crushing liabilities”.

Since it is impractical for a university to be disconnected from the Internet, or for a university to disconnect thousands of students, the record labels’ attorney suggested that bandwidth throttling could also be a viable anti-piracy measure.

“I don’t think it would be the end of the world if universities provided service at a speed that was sufficient for most other purposes but didn’t allow the students to take full advantage of BitTorrent. I could live in that world,” Clement answered.

U.S. Government Backs Cox

The U.S. Government appeared as an amicus curiae and largely supported Cox’s legal interpretation. Deputy Solicitor General Malcolm Stewart urged the Court to adopt a strict “purpose” requirement, arguing that unless an ISP provides “targeted assistance” specifically to pirates, it shouldn’t be liable for the actions of subscribers.

Stewart warned the Justices that expanding liability beyond this “purpose” test would be dangerous. He argued that forcing ISPs to disconnect allegedly pirating subscribers would clash with the essential role the internet plays in society.

“The approach of terminating all access to the Internet based on infringement… seems extremely overbroad given the centrality of the Internet to modern life and given the First Amendment,” Stewart told the Court.

What’s Next?

The Supreme Court now has to decide whether the $1 billion verdict will stand, or if the case will get a do-over at the lower court.

If the court sides with the record labels, ISPs across the United States will continue to need strict “repeat infringer” termination policies to avoid legal liability. If Cox wins, rightsholders will have a hard time holding ISPs liable for pirating subscribers.

The justices are expected to cast their preliminary votes in a private conference later this week, but a final written opinion is not expected before the summer of 2026.

—

A copy of the oral arguments hearing transcript and the audio is available at the Supreme Court’s website.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Wednesday 3 December 2025 at 4:59 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of November): 5,412

RIP Matrix

After years of uncontrolled piracy, in 2019 authorities in Brazil teamed up with ICE and the US Department of Justice to launch Operation 404.

Described as a “milestone” for Brazil’s momentum in the fight against piracy, it was revealed that with assistance from overseas, 136 websites and 100 apps had been put out of action, either by domain suspension or site blocking measures.

Local agencies and anti-piracy groups including ANCINE (National Film Agency) and the National Council for the Fight Against Piracy (CNCP), were pleased with their work, although it was far from done.

Operation 404.1 Was Only the Beginning

Named after the well-known HTTP error indicating a currently unavailable website, Operation 404 would need to build on its early momentum. To understand the scale of the challenge, one only has to look at one of the earliest targets, Futemax, which remains active today despite years of blocks.

More domains would be needed to remain online

For the past six years, authorities and rightsholders in Brazil have continued to add Futemax-branded domains to Brazil’s secretive blocklist.

Whether Futemax, FutemaxHD, FutemaxBR or FutemaxTV variants, the domain-blocking Whac-A-Mole has seen commitment from both sides. At the time of writing, over 360 of these domains appear on the list, presumably at least some in connection with subsequent waves of Operation 404, which have generally taken place on an annual basis since 2019.

Ministry of Justice Announces 404.8

Brazil’s Ministry of Justice and Public Security (MJSP) announced that phase Operation 404.8 was ‘carried out’ November 27, without clarifying that only a relatively small number of events and achievements presented to the media actually took place on that day. This approach to presentation has persisted from 404.1 to the present day but the volume of work as reported only really makes sense as part of a longer timeline.

In common with 404.5 (March 2023), 404.6 (November 2023) and 404.7 (September 2024), this year the Ministry reported an international effort in which local authorities collaborated with partners from Argentina, Ecuador, Paraguay, Peru, and the United Kingdom.

Operation 404 (Phase 8 )

This was Ecuador’s first direct appearance within Operation 404 but for the United States government, which has provided significant support right from the very beginning, there was no direct involvement.

The Ministry says that along with representatives from Mexico, the role of the U.S. Department of Justice and Department of Commerce was to observe, in order to “learn about the methodology used in combating digital piracy.”

Much to Observe

The MJSP said a total of 44 search and seizure warrants were executed, which includes four preventive arrest warrants and three arrests in flagrante delicto in various Brazilian states. The Ministry says the aim was to identify and hold accountable the operators and various individuals behind an unspecified number of “pirate platforms.”

“Audio and video content, such as games and music, were removed,” the Ministry continued. “There was also the blocking and suspension of 535 websites and one illegal streaming application, in addition to the removal of thousands of pirated materials from repositories and social networks. In this phase, the focus broadened to reach the financing and monetization structures of these illegal services.”

Operation 404.8

In common with previous phases, the Ministry reported collaboration with local federal agencies. They include the National Telecommunications Agency (Anatel) and the National Film Agency (Ancine), both of which are actively involved in having pirate websites blocked by local ISPs.

That raises questions over Brazil’s broader site-blocking regime that receives very little attention.

Operation 404 Blocking is a Fraction of Overall Blocking

On face value, the number of pirate domains blocked under Operation 404 is publicly reported. Given tendencies seen in the past, that include conflating the number of sites blocked with the number of domains, the overall figures may or may not provide a reasonable account of events on the ground.

Refusal to reveal exactly which platforms have been targeted are compounded by the secrecy surrounding Brazil’s primary blocklist, which is restricted and certainly not open for scrutiny. The same applies to the many orders handed down by judges that provide it with constant fuel.

The table below covering Operation 404.1 to 404.8 inclusive, suggests that since 2019, just over 3,000 ‘pirate’ domains have been blocked on copyright grounds as part of Operation 404.

Yet the country’s master blocklist currently contains over 30,000 entries. Since it also contains gambling site domains, the full list can’t be attributed purely to pirate sites.

Nevertheless, the number of sites/domains publicly declared as blocked is clearly just a drop in the ocean. Or, rather, it appears to be; for the last six years no domains have been mentioned in connection with Operation 404 blocking, which effectively rules out fact checking.

Even access to the list of blocked domains is quickly of limited use. Without all-important context, it’s ultimately just a big list of domains.

—————–

Operation 404 receives cooperation from the following agencies, organizations, rightsholders, and anti-piracy partners:

[UK] City of London Police – Police Intellectual Property Crime Unit (PIPCU)
[UK] Intellectual Property Office (IPO),
[USA] U.S. Department of Justice
[USA] Department of Commerce
[Peru] National Institute for the Defense of Competition and the Protection of Intellectual Property (INDECOPI)
[UK] English Premier League
[Spain] LaLiga
[International] Alliance for Creativity and Entertainment (ACE)
[Brazil] Brazilian Association of Pay Television (ABTA)
[LATAM] Alliance against Audiovisual Piracy (ALIANZA)
[Brazil] National Council to Combat Piracy (CNCP)
[Brazil] Association for the Protection of Intellectual and Phonographic Rights (APDIF)
[International] International Federation of the Phonographic Industry (IFPI)
[International] Entertainment Software Association (ESA)
[USA] Motion Picture Association (MPA)
[Paraguay] National Directorate of Intellectual Property (DINAPI)
[Japan] Content Overseas Distribution Association (CODA)
[S.Korea] Copyright Overseas Promotion Association (COA)
[Ecuador] National Intellectual Rights Service (SENDI)
[Ecuador] National Police
[Argentina] Specialized Fiscal Unit for Cybercrime Investigation (UFEIC)
[Argentina] Federal Police of Argentina (PFA)
[Paraguay] Specialized Unit for Punishable Acts Against Intellectual Property
[EU] European Union Intellectual Property Office (EUIPO)

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Wednesday 3 December 2025 at 4:57 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of November): 5,412

RIP Matrix

Supreme Court justices expressed numerous concerns today in a case that could determine whether Internet service providers must terminate the accounts of broadband users accused of copyright infringement. Oral arguments were held in the case between cable Internet provider Cox Communications and record labels led by Sony.

Some justices were skeptical of arguments that ISPs should have no legal obligation under the Digital Millennium Copyright Act (DMCA) to terminate an account when a user’s IP address has been repeatedly flagged for downloading pirated music. But justices also seemed hesitant to rule in favor of record labels, with some of the debate focusing on how ISPs should handle large accounts like universities where there could be tens of thousands of users.

Justice Sonia Sotomayor chided Cox for not doing more to fight infringement.

“There are things you could have done to respond to those infringers, and the end result might have been cutting off their connections, but you stopped doing anything for many of them,” Sotomayor said to attorney Joshua Rosenkranz, who represents Cox. “You didn’t try to work with universities and ask them to start looking at an anti-infringement notice to their students. You could have worked with a multi-family dwelling and asked the people in charge of that dwelling to send out a notice or do something about it. You did nothing and, in fact, counselor, your clients’ sort of laissez-faire attitude toward the respondents is probably what got the jury upset.”

A jury ordered Cox to pay over $1 billion in 2019, but the US Court of Appeals for the 4th Circuit overturned that damages verdict in February 2024. The appeals court found that Cox did not profit directly from copyright infringement committed by its users, but affirmed the jury’s separate finding of willful contributory infringement. Cox is asking the Supreme Court to clear it of willful contributory infringement, while record labels want a ruling that would compel ISPs to boot more pirates from the Internet.

Cox: Biggest infringers aren’t residential users

Rosenkranz countered that Cox created its own anti-infringement program, sent out hundreds of warnings a day, suspended thousands of accounts a month, and worked with universities. He said that “the highest recidivist infringers” cited in the case were not individual households, but rather universities, hotels, and regional ISPs that purchase connectivity from Cox in order to resell it to local users.

If Sony wins the case, “those are the entities that are most likely to be cut off first because those are the ones that accrue the greatest number of [piracy notices],” the Cox lawyer said. Even within a multi-person household where the IP address is caught by an infringement monitoring service, “you still don’t know who the individual [infringer] is,” he said. At another point in the hearing, he pointed out that Sony could sue individual infringers directly instead of suing ISPs.

Justice Amy Coney Barrett asked Cox, “What incentive would you have to do anything if you won? If you win and mere knowledge [of infringement] isn’t enough, why would you bother to send out any [copyright] notices in the future? What would your obligation be?”

Rosenkranz answered, “For the simple reason that Cox is a good corporate citizen that cares a lot about what happens on its system. We do all sorts of things that the law doesn’t require us to do.” After further questioning by Barrett, Rosenkranz acknowledged that Cox would have no liability risk going forward if it wins the case.

Kagan said the DMCA safe harbor, which protects entities from liability if they take steps to fight infringement, would “seem to do nothing” if the court sides with Cox. “Why would anybody care about getting into the safe harbor if there’s no liability in the first place?” she said.

Kagan doesn’t buy Sony’s “intent” argument

Kagan also criticized Sony’s case. She pointed to the main principles underlying Twitter v. Taamneh, a 2023 ruling that protected Twitter against allegations that it aided and abetted ISIS in a terrorist attack. Kagan said the Twitter case and the Smith & Wesson case involving gun sales to Mexican drug cartels show that there are strict limits on what kinds of behavior are considered aiding and abetting.

Kagan described how the cases show there is a real distinction between nonfeasance (doing nothing) and misfeasance, that treating one customer like everyone else is not the same as providing special assistance, and that a party “must seek by your action to make it occur” in order to be guilty of aiding and abetting.

“If you look at those three things, you fail on all of them,” Kagan said to attorney Paul Clement, who represents Sony. “Those three things are kind of inconsistent with the intent standard you just laid out.”

Clement said that to be held liable, an Internet provider “has to know that specified customers are substantially certain to infringe” and “know that providing the service to that customer will make infringement substantially certain.”

Justice Neil Gorsuch indicated that determining secondary liability for Internet providers should be taken up by Congress before the court expands that liability on its own. “Congress still hasn’t defined the contours of what secondary liability should look like. Here we are debating them, so shouldn’t that be a flag of caution for us in expanding it too broadly?”

Alito: “I just don’t see how it’s workable at all”

Clement tried to keep the focus on residential customers, saying that 95 percent of infringing customers are residential users. But he faced questions about how ISPs should handle much larger customers where one or a few users infringe.

Justice Samuel Alito questioned Clement about what ISPs should do with a university where some students infringe. Alito didn’t seem satisfied with Clement’s response that “the ISP is supposed to sort of have a conversation with the university.”

Alito said that after an ISP tells a university, “a lot of your 50,000 students are infringing… the university then has to determine which particular students are engaging in this activity. Let’s assume it can even do that, and so then it knocks out 1,000 students and then another 1,000 students are going to pop up doing the same thing. I just don’t see how it’s workable at all.”

Clement said that hotels limit speeds to restrict peer-to-peer downloading, and suggested that universities do the same. “I don’t think it would be the end of the world if universities provided service at a speed that was sufficient for most other purposes but didn’t allow the students to take full advantage of BitTorrent,” he said. “I could live in that world. But in all events, this isn’t a case that’s just about universities. We’ve never sued the universities.”

Barrett replied, “It seems like you’re asking us to rely on your good corporate citizenship too, that you wouldn’t go after the university or the hospital.”

Kagan said that if Sony wins, Cox would have little incentive to cooperate with copyright holders. “It seems to me the best response that Cox could have is just to make sure it never reads any of your notices ever again, because all of your position is based on Cox having knowledge of this,” she said.

Clement argued in response that “I think willful blindness would satisfy the common law standard for aiding and abetting.”

Purpose vs. intent

Some of the discussion focused on the legal concepts of purpose and intent. Cox has argued that knowledge of infringement “cannot transform passive provision of infrastructure into purposeful, culpable conduct.” Sony has said Cox exhibited both “purpose and intent” to facilitate infringement when it continued providing Internet access to specific customers with the expectation that they were likely to infringe.

Sotomayor said Cox’s position is “that the only way you can have aiding and abetting in this field is if you have purpose,” while Sony is saying, “we don’t have to prove purpose, we have to prove only intent.” Sotomayor told Clement that “we are being put to two extremes here. The other side says, ‘there’s no liability because we’re just putting out into the stream of commerce a good that can be used for good or bad, and we’re not responsible for the infringer’s decision.'”

Sotomayor said the question of purpose vs. intent may be decided differently based on whether Cox’s customer is a residence or a regional ISP that buys Cox’s network capacity and resells it to local customers. Sotomayor said she is reluctant “to say that because one person in that region continues to infringe, that the ISP is materially supporting that infringement because it’s not cutting off the Internet for the 50,000 or 100,000 people who are represented by that customer.”

But a single-family home contains a small number of people, and an ISP may be “materially contributing” to infringement by providing service to that home, Sotomayor said. “How do we announce a rule that deals with those two extremes?” she asked.

Clement argued that the DMCA’s “safe harbor takes care of the regional ISPs. Frankly, I’m not that worried about the regional ISPs because if that were really the problem, we could go after the regional ISPs.”

Cox’s case has support from the US government. US Deputy Solicitor General Malcolm Stewart told justices today that “in copyright law and more generally, this form of secondary liability is reserved for persons who act for the purpose of facilitating violations of law. Because Cox simply provided the same generic Internet services to infringers and non-infringers alike, there is no basis for inferring such a purpose here.”

Terminating all access “extremely overbroad”

Sotomayor asked Stewart if he’s worried that a Cox win would remove ISPs’ economic incentive to control copyright infringement. “I would agree that not much economic incentive would be left,” Stewart replied. “I’m simply questioning whether that’s a bad thing.”

Stewart gave a hypothetical in which an individual Internet user is sued for infringement in a district court. The district court could award damages and impose an injunction to prevent further infringement, but it probably couldn’t “enjoin the person from ever using the Internet again,” Stewart said.

“The approach of terminating all access to the Internet based on infringement, it seems extremely overbroad given the centrality of the Internet to modern life and given the First Amendment,” he said.

Oral arguments ended with a reply from Rosenkranz, who said Clement’s suggestion that ISPs simply “have a conversation” with universities is “a terrible answer from the perspective of the company that is trying to figure out what its legal obligations are [and] facing crushing liabilities.” Rosenkranz also suggested that record labels pay for ISPs’ enforcement programs.

“The plaintiffs have recourse,” he said. “How about a conversation with the ISPs where they talk about how to work out things together? Maybe they kick in a little money. Now, they won’t get billion-dollar verdicts, but if they believe that the programs that Cox and others have aren’t satisfactory, they can design better programs and help pay for them.”

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Tuesday 2 December 2025 at 5:05 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of November): 5,412

RIP Matrix

With an estimated 85 million visits per month, Nhentai is one of the most trafficked websites online today.

The site serves adult-oriented anime and manga, also known as hentai. These spicy Japanese comics are popular worldwide, but not everyone is happy with with the content Nhentai has to offer. Some rightsholders consider the site a deviant pirate operation.

In the summer of 2024, California-based rightsholder PCR Distributing (PCR), which operates under brands including J18 and JAST USA, took legal action against Nhentai, describing the site as a significant threat to its business.

Nhentai Owner Unmasked

PCR initially requested a DMCA subpoena asking Cloudflare to unmask the people behind the site. However, when Nhentai filed an objection, PCR swiftly dropped the subpoena request and launched a full lawsuit against the site’s owner at a California federal court.

In January, Nhentai asked the court to dismiss the lawsuit in its entirety. Among other things, the site’s attorneys argued that a representative of PCR’s brands previously granted written permission for the use of their content while exploring the option to run paid ads on the site.

Besides a dismissal, the site’s operator/owner requested a protective order to proceed in the case anonymously, at least in the early stages. Keeping personal details out of public filings would shield them from potential retribution, they argued.

In April, California District Court Judge Cynthia Valenzuela denied both Nhentai’s motion to dismiss and the motion for a protective order. This meant that the lawsuit would continue, with Delaware company X Separator LLC stepping forward as Nhentai’s owner/operator.

Nhentai Owner Denies Wrongdoing

Last week, X Separator filed a formal answer to PCR’s complaint. The company admits that it owns and operates Nhentai.net with the intention of making it available in the United States while earning revenue there as well.

In the same filing, the company denies that it engages in copyright infringement or piracy activities, and further denies any connections to or involvement with Nhentai.to.

Denials such as these are typical under the circumstances. Together with a list of affirmative defenses, they make up the formal answer that a defendant must submit once a federal lawsuit moves forward.

However, Nhentai’s filing doesn’t stop there. In addition to the mandatory response, X Separator is countersuing PCR for fraud and negligent misrepresentation.

Copyrights And Permission

The countersuit centers on PCR’s copyright registrations and the permission that was allegedly given to Nhentai. It argues that PCR Distributing didn’t just tolerate the site; the rightsholder actively approached Nhentai for promotions, partnerships, and advertisements.

From the counterclaims
 

The legal paperwork includes the examples above, as well as many others where representatives of PCR brands suggest deals or partnerships while their content remains on the site. These offers run counter to the copyright allegations in the complaint.

In addition, Nhentai’s countersuit points out that these works were not initially registered at the U.S. Copyright Office.

“From at least October 29, 2020 through April 21, 2022 – the timeframe in which the above-referenced emails were sent – Plaintiff/Counter-Defendant knew it had not filed or registered any U.S. copyrights,” X Separator’s filing reads.

In March 2023, PCR Distributing reportedly began registering its works at the Copyright Office but never rescinded the permission previously given to Nhentai. PCR went on to sue Nhentai for copyright infringement in 2024.

Permission not Retracted

Nhentai Countersues for Fraud

The emails where PCR Distributing allegedly approved the use of its works on Nhentai form the basis of the fraud and misrepresentation counterclaims.

For example, the counterclaim notes that PCR CEO Dave Adams submitted a declaration where he, “under penalty of perjury,” claimed to have personal knowledge of “countless instances” where PCR’s works were posted on nHentai.net without authorization.

Countless Instances
 

X Separator argues that these statements are demonstrably false. The company alleges that PCR’s executives knew about the “permission” emails but chose to mislead the court to secure a DMCA subpoena and file the lawsuit.

$500k in Damages

The countersuit formally lists claims for Fraud/Intentional Misrepresentation and Negligent Misrepresentation.

Because of the alleged deception, Nhentai’s parent company claims to have suffered significant harm so is requesting compensatory damages “which currently exceeds $500,000.00”.

$500k

In addition, the company seeks punitive damages, arguing that the rightsholder acted “willfully, fraudulently, maliciously, and oppressively” with the specific intent to injure the site’s owner.

PCR Distributing has yet to respond to allegations. Meanwhile, the case will move forward to an eventual trial, if it gets that far. For now, Nhentai remains online.

—

A copy of X Separator LLC’s first amended answer to the amended copyright infringement complaint, including the counterclaims, is available here (pdf)

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Tuesday 2 December 2025 at 4:02 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of November): 5,412

RIP Matrix

Described by the MPA, Premier League and other rightsholders as a priority piracy threat, a set-top box available to buy right now on popular markets, initially sounds like an attractive buy.

Manufactured in China, EVPAD TV boxes look fairly unremarkable, and with an Android 7.0 operating system under the hood, they are. When purchased with a cheap ‘lifetime’ subscription, with installable apps providing access to all the content most people will ever need, looks become less important.

However, a look under the hood reveals that the trade-off between content and privacy cannot be ignored.

Researchers Investigate EVPAD

Android-based EVPAD devices provide access to a huge library of infringing movies, TV shows, and live TV, sourced from countries including Canada, Taiwan, the UK, and the United States, among others. As a result, major rightsholders have regularly reported EVPAD and similar devices to the USTR’s Notorious Markets review.

A team of researchers at Korea University took an interest in the EVPAD ‘3p’ and ’10p’ devices when considering what type of anti-piracy measures might be effective against device-specific apps, operating within closed, subscription-based networks.

In this case, the EVPAD website advises buyers of the ‘3p’ device to download two apps from a third party website. ‘StarLive’ and ‘StarVod’ provide access to live TV broadcasts and VOD content, respectively. For the ’10p’ device, a single app called ‘StarV10’ is sufficient and in all cases, installation is simplicity itself.

“Interestingly, during the installation process from such unknown sources, the service applications are installed seamlessly without requiring any additional user interaction or explicit permissions,” the researchers report.

“Upon further inspection, we found that the global system setting for package installation from non-market sources (install_non_market_apps) was set to 1, indicating that side-loading from unknown sources is universally permitted on this Android 7-based device.”

For regular buyers, zero control over permissions should’ve been an immediate red flag. For the researchers, the secrets of obfuscated source code were still to be discovered.

“Streaming is Safer Than Torrents”

Since regular streaming is a process of consumption and the law tends to view supply more seriously, the theory that streaming is safer than torrents usually finds solid ground.

That doesn’t necessarily mean that streaming pirated content is legal, but in a client/server streaming scenario, obtaining evidence of downloading meets technical challenges that aren’t easily overcome. In contrast, BitTorrent users upload by default, which makes evidence of a more serious offense comparatively easy to obtain.

When people buy an EVPAD TV box, many will expect to ‘stream’ pirated content to the device. While that may be a part of the process, the reality is less straightforward.

A Hybrid Network

The researchers at Korea University found that EVPAD devices initially communicate with centralized servers, which manage authentication, various updates, and the all-important content lists. Once obtained, EVPAD devices use that information to join a BitTorrent-like peer-to-peer (P2P) network, in which unwitting downloaders become simultaneous uploaders, or as they say in court, unlicensed distributors of infringing content.

StarLive uses the ‘libtvcore‘ library to establish connections with other EVPAD devices, enabling real-time data sharing among peers, including the distribution of live TV broadcasts.

Under the Hood

When a user of StarVod selects a video to watch, the system identifies a corresponding .torrent file and HTTP file server. Encrypted using XOR, the .torrent file is decrypted by the libp2ptrans library then used to perform standard BitTorrent functions, with a tracker providing a list of available peers.

“Simultaneously, the user engages in both P2P communication with other peers and HTTP communication with the file server delivering the selected VoD title. This dual approach ensures both downloading and streaming, but in practice, HTTP streaming via a dedicated file server significantly enhances service availability and playback speed, often playing a major role in video streaming,” the researchers note.

Hybrid Network Complicates Blocking

This hybrid approach to networking complicates blocking efforts. While blocking certain domains would prevent service updates, that may not necessarily disrupt the P2P network.

In the event that the source of content becomes unavailable, the researchers say that data broadcasting nodes in the P2P network provide a fallback mechanism by acting as servers within the ‘swarm’. For video-on-demand (VoD) content, the system utilizes P2P but when necessary, HTTP is used to reach servers operating as Content Delivery Networks.

“[These servers] distribute torrent files and video content, and the presence of multiple similar domains suggests that they are designed to quickly circumvent domain blocks. Additionally, there are domains and IP addresses for Trackers to facilitate torrent-based communication,” the researchers add.

After manipulating IDs used to identify content categories, the researchers obtained all VOD lists from the servers above, which together identified 24,934 pieces of video content. That included 1,052 movies and TV shows in the ‘Nflix’ category alone.

Building Resilience Introduced Weakness

No system is completely bulletproof, and this one is no exception. In theory, the decentralized nature of the P2P network makes the system more difficult to shut down. In practice, it also introduces vulnerabilities that can be exploited to disrupt the service.

The researchers discovered two vulnerabilities. Using the Android emulator NoxPlayer to mimic an authenticated EVPAD device, the first allowed them to bypass authentication. This enabled content to be viewed from around the world, without a subscription, with the potential for “unlimited replication.”

While the first vulnerability granted access to the network, the second vulnerability instantly denied it.

“Given the critical nature of this vulnerability, we determined that even a single, carefully crafted TCP packet is sufficient for an individual to trigger service termination on a remote peer device. This drastically lowers the bar for potential abuse, as no significant bandwidth or coordinated effort is required,” the team note.

Blocking Measures Disrupt the EVPAD Network

When combined, these vulnerabilities form the basis of a theoretical anti-piracy strategy. Once a node is deployed in every available TV channel, the data normally used to connect peers can be leveraged for a different purpose. It allows an attacker to identify specific users and hit them with a TCP packet, causing an instant disconnection.

There’s no suggestion that such an attack has ever been used outside a lab environment. However, the researchers mention an injunction obtained in India by the Premier League that granted authority to block certain domains, which caused network disruptions lasting four days.

While service was restored, the researchers say that would’ve been more difficult if additional capability had been deployed alongside.

Implications For End Users

Beyond the inherent risks of sharing copyrighted content, the implications for users of EVPAD devices are significant. Often distributed in a pre-rooted state with no package installation restrictions, EVPAD devices are highly vulnerable to abuse. The researchers found that the device update process lacks any mechanism to verify integrity or authenticity.

The device also operates with SELinux in permissive mode, where policy violations occur without enforcement. These factors and others lead to the conclusion that attackers could secure a global network of “zombie” devices through which they could execute further attacks by remote control.

“At its peak, [the Mirai botnet] generated about 1TB of attack traffic using 145,000 devices,” the researchers note, adding that 17,000 compromised EVPAD devices could “potentially generate up to 0.12TB of malicious traffic at peak.”

The study identified 131,175 devices across 116 countries and 78 operational servers located in the United States, Japan, Singapore, Hong Kong, and other countries

“Even if malicious intent is not the primary motive, the lack of commitment to user security by such illegal operators places users in a vulnerable position, making them susceptible to attacks.”

Watch Out Your TV Box: Reversing and Blocking a P2P-based Illegal Streaming Ecosystem, is available here (pdf)

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Monday 1 December 2025 at 3:10 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of November): 5,412

RIP Matrix

Five years ago, YouTube ripper Yout.com sued the RIAA, asking a Connecticut district court to declare that the site does not violate the DMCA’s anti-circumvention provision.

The music group had previously used DMCA takedown notices to remove many of Yout’s links from Google’s search results. This had a significant impact on Yout’s advertising revenues, according to operator Johnathan Nader, who always believed he wasn’t breaking any laws.

In 2022, the district court concluded that Yout had failed to show that it doesn’t circumvent YouTube’s technological protection measures. That rendered Yout’s defamation and business disparagement claims moot, but the legal battle was far from over.

Yout.com Appeals

Yout’s operator did not give up. In 2023, Nader appealed in the belief that YouTube rippers do not violate the DMCA. The argument received backing from the EFF and GitHub in their supporting amicus briefs.

The RIAA disagreed, countering that Yout is an “illicit stream-ripping service” that effectively allows people to “bypass YouTube’s technological restrictions” that prevent downloading of works streamed through YouTube. As such, the service violates the DMCA, a position supported by the Copyright Alliance.

One of the key issues in this dispute is whether YouTube’s “rolling cipher” is a technological measure designed to control access to or copying of copyrighted works. The difference between access and copying has become a key point of contention in a new AI twist.

AI Relevance: Access Controls vs. Copy Controls

Last month, AI music companies Suno and Udio filed an amicus brief at the Court of Appeals, alerting it to an alleged error the Connecticut district court made in its original ruling against Yout.

Suno and Udio, who were both sued by music companies, argued that the lower court’s ruling failed to recognize the difference between “access controls” and “copy controls”. This is crucial, they noted, as Congress explicitly separated these two copyright controls to enable fair use.

Congress recognized that to claim fair use, people have to copy something first. If the law were to prohibit the circumvention of copying restrictions, fair use would be effectively outlawed as well.

– Circumventing access controls is prohibited under 17 U.S.C. § 1201

– Circumventing copy controls is NOT explicitly prohibited under 17 U.S.C. § 1201.

For AI companies like Suno and Udio, the legal distinction between access controls and copy controls is not just a technicality. It’s the difference between having a viable fair use defense and being automatically liable for massive damages.

If the court rules that YouTube’s “rolling cipher” is an access control, Suno and Udio effectively lose their ability to argue fair use for the data they’ve scraped by accessing YouTube.

Yout Cites New Paywall Defense

Last week, Yout’s legal team told the Court of Appeals that they wholeheartedly agree with Suno and Udio. In a response brief, they note that the AI companies have it precisely right.

Yout’s lawyer, Evan Fray-Witzer, once again stresses that YouTube doesn’t have any access controls, as it is obvious that anyone with a web browser can watch videos on the platform.

“The District Court’s opinion ignores the simple fact […] that the videos displayed on YouTube are freely available to ‘anyone who requests them’ without a paywall, encryption, password, or decryption,” Yout’s response reads.

To back this up, Yout points to a very recent ruling: the July 2025 decision in a lawsuit between Emmerich Newspapers and the news aggregator Particle Media, better known as NewsBreak.

In that case, a court ruled that the news aggregator didn’t violate the DMCA when its bots stripped “paywall code” from the newspaper’s website. The judge concluded that, because the newspaper’s server voluntarily sent the full article text to the bot (including the paywall code), the bot didn’t “break in” to an access-controlled area. Instead, it simply “used” the data it was given in a way the publisher disliked.

Yout stresses that the same logic applies to its interaction with YouTube. Because YouTube sends audio and video data to anyone who visits the site without requiring a password, Yout argues the “gates are up,” making it legally impossible to “circumvent” an access control.

RIAA: You Can Watch, But You Can’t Touch

The RIAA also filed a brief in response to Suno and Udio, urging the Court of Appeals to reject the arguments from these AI companies.

RIAA’s central argument is that YouTube’s “rolling cipher” is designed to distinguish between two different things: access to a performance (the stream) and access to the work (the fixed digital file).

The RIAA agrees that YouTube allows people to view the stream, but they argue that the rolling cipher is designed to control access to the underlying fixed file.

“Amici’s argument conflates access to a ‘performance’ of a work with access to the ‘work’ itself,” the RIAA writes. In bypassing the cipher to download the file, stream-rippers such as Yout can access something YouTube never intended to give: a permanent digital copy.

While YouTube allows the public to view the performances without restriction, it uses the “rolling cipher” to restrict direct access to the underlying file. By modifying this cipher, Yout bypasses a valid access control, the RIAA notes.

The YouTube Whisperers

Both sides clearly have an opinion on how and why YouTube implemented its rolling cipher code. However, YouTube itself is not a party to the lawsuit, nor has it filed an amicus brief to explain its technology.

Yout’s lawyer previously argued that there is a legal vacuum where the court has to guess YouTube’s intentions, instead of moving the case forward so YouTube itself can be heard.

“There is a question as to what YouTube intended with these measures. We don’t know because YouTube isn’t here,” Yout’s lawyer argued in a previous hearing.

The RIAA, however, argues that YouTube’s intent is irrelevant. The music group maintains that the DMCA only cares about whether a measure “effectively controls access” in its ordinary operation, not what the engineers were thinking when they wrote the code.

Suno & Udio Settle: Yout Continues

Interestingly, both Suno and Udio settled their legal disputes with several major music labels recently, opting for licensing deals instead.

Udio settled its copyright dispute with Universal Music Group in October, followed by a similar agreement with Warner Music Group in November. Earlier this week, Suno followed suit, announcing a “landmark” partnership with Warner Music Group.

These settlements were agreed upon after Suno and Udio submitted their amicus brief in the legal battle between Yout and the RIAA. This means that their critique and the responses from both Yout and the RIAA still stand. Whether the Court of Appeals agrees remains to be seen.

—

A copy of Yout’s response to the brief of Suno and Udio is available here (pdf). RIAA’s response can be found here (pdf).

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Sunday 30 November 2025 at 3:15 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of October): 5,009

RIP Matrix

Despite a stream of news reports that seem to suggest the opposite, there are more examples of pirate site operators surviving unscathed than there are public catastrophes.

That’s to be expected when facing finite anti-piracy resources, yet some individuals do seem to fly under the radar with very little effort. Others prefer to weigh the likelihood of enforcement against available resources and confidence in their personal skill set. For some, the strategy has proven successful, but thanks to a volatile mix of unpredictable variables, some suddenly find things going in the opposite direction.

The warning signs are often glaringly obvious to those viewing from the periphery, but for those involved, up close they may be almost invisible.

The Rise and Fall of NunuTV

Operating from July 2021 to April 2023, NunuTV (NooNoo TV) quickly gained a reputation for illegally streaming domestic and international titles to the pirating masses.

Reportedly servicing tens of millions of visitors every month, the site’s popularity was never in doubt. Neither did it go unnoticed by those increasingly concerned by its meteoric growth. Rightsholders claimed that the site facilitated over 1.5 billion views of pirated movies and TV shows, with damage to the entertainment industries estimated at five trillion Korean won (US$3.7 billion).

Whether that figure was wildly overblown or about right wasn’t the main concern. South Korean media companies and groups clearly felt strongly enough to join forces under the Video Copyright Protection Council (VCPC) to put an end to it. Facing a “stronger together” strategy in respect of legal action and the aggressive pursuit of site-blocking measures, NunuTV’s response to the latter was predictable and extremely persistent.

Blocked / Unblocked / Arrested

Every time a NunuTV domain was blocked, the site would reappear on an almost identical domain, usually with a number tagged on the end that increased incrementally; noonootv1 became noonootv2, noonootv24 became noonootv25, a pattern that continued to noonootv30 and several beyond.

Blocked / Unblocked

In the background, few if any other sites were mentioned in public as potential targets. The profile of the site meant that if rightsholders and the authorities saw value in sending a deterrent message, one option stood out above all others.

When the government announced the formation of a dedicated piracy investigation unit and VCPC became even more vocal, momentum seemed to shift. NunuTV shut down in April 2023, suggesting that the “outrageous” cost of bandwidth and anti-piracy measures had detracted from keeping the site alive. A successor site, NunuTV Season 2, enthusiastically emerged soon after, but it didn’t last.

In November 2024, a notice posted to GitHub revealed that Korean authorities had shut down TVWiki, a streaming piracy site with millions of monthly users. The site’s alleged operator who, according to reports, was also behind streaming platform OK Toon, was arrested by a special unit operating under the Ministry of Culture, Sports and Tourism.

The Shutdown Notice (translated)
 

A takedown notice hosted on GitHub revealed that the individual behind TVWiki and OKToon was also the operator of NunuTV. Identified in court records only as ‘Person A’, he had conveniently used the new sites to fill the void left by the original shutdown.

All three websites generated revenue from illegal gambling platform banner ads, a known aggravating factor but still quite lucrative. Authorities went on to seize assets worth 2.6 billion won (US$1.9 million), a haul that included luxury vehicles and 14 bitcoin.

Initial Sentence and a Roll of the Dice

At sentencing, the Daejeon District Court commented on the severity of the crime, and the negative impact it had on copyright holders’ revenues. Five trillion Korean won wasn’t realistic or representative of the actual damages suffered and the length of the sentence reflected that.

Initially sentenced to serve three years in prison, with the Court recognizing the 31-year-old’s admission of guilt as a positive factor, the outcome could’ve been significantly worse. Nevertheless, Person A lodged an appeal and even enjoyed partial success.

Earlier this month, the original sentence was overturned at the Daejeon District Court. Judge Park Eun-jin reduced the confiscation amount, detailed in the original sentence, from 700 million Korean won (~US$478,000) to 374.7 million Korean won (~US$256,000), accepting a claim by the defendant that some of the alleged profits may have been attributable to third parties operating separate sites, as Chosun Daily reports.

However, while the court was willing to reduce the financial penalty, it took a very different view on the prison term.

Gamble Fails to Pay Off

While the operator succeeded in saving some money, the appeal process drew attention to his history of recidivism. The court pointed to Person A’s prior convictions, indicating a pattern of criminal behavior.

“A had previously received actual prison sentences for crimes related to sports gambling sites and aiding the distribution of obscene materials, yet committed this crime,” the appellate court noted.

“When the investigation began, A closed the site and opened another, showing that the methods, means, and duration of the crime have escalated. Considering the need for strict punishment to prevent recidivism and the fact that the victimized broadcasters have petitioned for severe punishment, the original sentence was excessively lenient and unjust.”

With that, the original sentence was extended by 50%, from three years in prison to four years and six months.

Rightsholders will likely be satisfied that a clear message has been sent. Whether it will be received and acknowledged remains to be seen, but if there are gaps unfilled by locals in a national market, it’s usually just a matter of time before more elusive targets take up the slack.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Saturday 29 November 2025 at 2:30 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of October): 5,009

RIP Matrix

Founded in 2019, pirate streaming service aggregator OnionPlay has been around for half a decade already.

While the site had to switch domain names occasionally, OnionPlay maintained its core identity while its user base continued to grow.

Discord Deletes OnionPlay Channel

At a time when pirate streaming sites are under heavy pressure from the MPA and its anti-piracy branch ACE, staying online can be quite a feat. This pressure also affected OnionPlay to some degree, as it suddenly lost its main Discord channel at the end of October.

OnionPlay’s owner and operator, who uses the online handle “TexasHomie,” was told that the channel was shut down after copyright-infringing links were posted in violation of Discord’s rules.

As a result, two years of community-building work disappeared overnight but TexasHomie didn’t throw in the towel. Inside two weeks, a new Discord channel was active.

Back on November 12
 

At the same time, OnionPlay traded in its .mx domain name for a new .bz variant. While business seemed to continue as usual, a new filing at federal court in California would soon reveal who was behind the Discord shutdown.

MPA/ACE Demanded the Discord Shutdown

On November 14, the Motion Picture Association (MPA) requested a DMCA subpoena on behalf of its member studio Warner Bros. These subpoenas can be signed off by a court clerk, provided that the requester has sent a DMCA notice to the intermediary involved.

In this case, the MPA seeks information from Discord, and their legal request includes a copy of a DMCA notice in which ACE complains about links that were posted in OnionPlay’s old Discord channel.

From the takedown notice
 

The DMCA notice was sent late October, shortly before the OnionPlay channel was taken down by Discord. As shown above, the email came with an exhibit mentioning “OnionPlay” by name and urged Discord to take the channel offline.

“We request Discord’s assistance to (i) remove or otherwise disable access to the channels and servers identified above; and (ii) take steps to address Piracy Contents on the Discord platform,” the takedown notice, signed by MPA’s Larissa Knapp, informed Discord.

Discord complied with the takedown notice, but that was not the end of the matter. With the recent DMCA subpoena, the movie industry group now hopes to unmask the owner and operator of the site.

Discord Subpoenaed to Unmask TexasHomie

The legal paperwork includes two examples of infringing links that were allegedly posted by a Discord user. One links to a pirated copy of the season 2 finale of “Peacemaker” and the other links to a pirated stream of the movie Weapons.

Examples from the subpoena request
 

The MPA specifically requests Discord to identify the user behind ID ‘417142124228771850,’ which it had previously linked to “TexasHomie”.

“Warner Bros. (via the Motion Picture Association, Inc.) is requesting issuance of the attached proposed subpoena that would order Discord, Inc. to disclose the identities, including the names, physical addresses, IP addresses, telephone numbers, and e-mail addresses, of the individual(s) that operate the Discord account with the following User ID: 417142124228771850”

The request notes that information obtained through the subpoena will only be used to identify the alleged infringer so that Warner Bros. can protect its rights. This was sufficient for the court clerk, who signed off on the subpoena on November 17.

The DMCA subpoena
 

As shown above, Discord has until November 28 (tomorrow) to comply with the subpoena and hand over the information to the MPA.

TexasHomie Remains Calm and Collected

The DMCA subpoena is a useful tool for the MPA, but whether it will result in actionable information has yet to be seen. The MPA and ACE have tried to get information on OnionPlay’s operator before, with subpoenas targeting Cloudflare and the .to registry, presumably without effect.

TexasHomie informs TorrentFreak that he was not aware that the MPA was behind the shutdown of the Discord channel. Nor has he been informed that Discord was asked to disclose his personal information.

OnionPlay’s operator doesn’t appear to be particularly worried either and notes that he keeps his online and offline identities separate.

“I’ve always operated behind VPNs, privacy layers, separate identities—the usual precautions when you spend enough years around the internet and IT infrastructure. It’s not about being shady; it’s about minimizing noise and keeping my real life cleanly separated from my online projects,” TexasHomie notes.

“I’ve dealt with plenty of takedown notices and all the usual headaches, but when you work with the right hosting providers and understand how the infrastructure works, you learn how to manage things calmly and professionally.”

TexasHomie takes pride in the fact that he has managed to keep OnionPlay going in a rather competitive streaming landscape. Community input is taken seriously, he notes, adding that OnionPlay is mainly an old-school “passion project” that requires quite a bit of manual work.

Needless to say, this is a high-stakes passion project that can have criminal repercussions if the operator’s identity is unveiled. These are life-altering risks, making this Discord subpoena all the more important.

—

A copy of the subpoena issued by the U.S. District Court for the Northern District of California on November 17 is available here (pdf)

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Friday 28 November 2025 at 4:13 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of October): 5,009

RIP Matrix

In October 2019, an international police operation brought an abrupt end to Share-Online.biz, the largest file-hosting platform in Germany at the time.

The raids, which targeted data centers in the Netherlands and France as well as residential addresses in Germany, resulted in the seizure of many servers and the shutdown of a platform that served more than a million registered users.

Files stored on Share-Online were typically promoted through third-party sites such as DDL-Warez, Boerse, Movie-Blog, and MyGully. As a host/cyberlocker, Share-Online did not actively promote pirated content to the public.

Suspended Prison Sentence for ‘Neutral’ Host

That seemingly neutral stance did not prevent a criminal investigation or the subsequent prosecution of the site’s operator. This week, the Aachen Regional Court sentenced the defendant to a two-year suspended prison term.

While the suspended sentence means the unnamed defendant will not serve prison time, the legal precedent is significant. Historically, cyberlockers have operated in somewhat of a legal gray area, claiming they are neutral service providers who merely offer storage space.

The Aachen court rejected this defense, FAZ reports, concluding that the operator facilitated copyright infringement with a profit-motive.

Seizure banner(2019)
 

Details on the ruling are scarce, and we have yet to see a copy of the verdict. However, according to the Alliance for Creativity and Entertainment (ACE), which supported the anti-piracy action, it is a key victory.

“This ruling makes clear that operators of ostensibly neutral platforms cannot rely on liability privileges or professed ignorance. For a platform like Share-Online, it is not sufficient to merely acknowledge abuse notifications from rights holders,” says Geerart Bourlon, MPA’s Vice President of Content Protection and Legal Counsel.

“Anyone whose business model promotes or supports copyright-infringing acts is not only liable for injunctive relief and damages but also commits a criminal offense,” Bourlon adds.

What Happened to the €50 Million?

The MPA/ACE press release specifically credits Gregory Skavron, the prosecutor at the Nordrhein-Westfalen Cybercrime Unit (ZAC NRW). However, there is no mention of the now-bankrupt German anti-piracy outfit GVU, which carried out the investigation of Share-Online.

Similarly, while the press release prominently features the €50 million revenue figure to illustrate the scale of the piracy operation, what happened to this money isn’t made clear. Were any of these funds actually recovered? And if so, were rightsholders compensated?

The absence of any mention concerning damages suggests that, while the “revenue” was massive, the actual recoverable assets may have been much lower or hidden from law enforcement.

The “User” Threat Evaporates

Finally, it is worth mentioning that a spokesperson of the cybercrime police previously suggested that Share-Online users were also at risk, with high-volume uploaders as the prime target.

“If identification is possible, subsequent investigations against the uploaders and possibly also against downloaders are realistic scenarios. For reasons of capacity, we will certainly proceed in a layered manner in the investigations and, in due course, may initially focus on the top uploaders,” the spokesperson said in 2020.

This threat never materialized, as far as we know. This may be in part due to the complex investigation that spanned many terabytes of files. If it takes six years to convict the operator, going after uploaders may have turned out to be too much.

Ultimately, the Share-Online outcome is somewhat of a mixed bag for rightsholders. The movie industry secured a major legal victory and defeated the “neutral host” defense. However, the fact that the site’s operator, who presumably earned millions, can avoid a prison sentence must be seen as a disappointment.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Thursday 27 November 2025 at 12:42 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of October): 5,009

RIP Matrix

A new legal framework to tackle online infringement in Greece went live just a couple of months ago, and reports of prosecutions are already coming in.

Early September, it was reported that a man from Sparta faces prosecution and a fine of up to 6,000 euros for two IPTV piracy offenses.

The suspect, reportedly a café owner, was targeted at his workplace on a Saturday, allegedly in front of customers. One told local media that they believed that complaints of the café engaging in “unfair competition” preceded the untimely visit.

New Operation Much Larger in Scale

The Cybercrime Prosecution Directorate launched their operation in the early hours of November 19. The Athens-based unit targeted a network that sold illicit access to premium pay-TV via IPTV subscriptions.

The raid, conducted on Santorini, one of the Cyclades islands, resulted in the arrest of a 48-year-old, who, from police reports, appears to be a reseller for a larger network. Customers were reportedly charged €50 for 3 months subscription or €100 for 6 months. Sales and management were handled by the 48-year-old via an online platform known as a ‘panel’, while remote and in-person support were available as part of the service.

The impact of the raid was visible on the islands, locals said. According to a local report, hundreds of users in hotels, cafes, and residences on Santorini and beyond, found themselves suddenly without access to cheap TV. Apparently few areas were untouched by the disruption, such was local reliance on illegal streams.

Arrest and Seizure of Evidence

The identity of the main suspect has not been released but as the focus of an early prominent case, facing charges of commercial exploitation of illegal IPTV subscriptions, the outcome is unlikely to be especially pleasant.

During a search of the suspect’s home, police seized a modified IPTV device configured to illegally receive subscription channels from at least two unnamed companies, a laptop computer, a mobile phone, and €4,820 in cash. The seized digital evidence has been sent to the Criminal Investigations Directorate for laboratory analysis.

End Users Face an Uncertain Wait

The most significant tactical aspect of the operation may have been the choice of target and in particular, their customer base. If the reports are true, many may have operated from various commercial premises, such as hotels and cafes. This means they too could face significant fines of up to 5,000 euros, way above the 750 euro penalties reserved for individual users.

Almost 70 targets is significant too, a number exceeded only in Italy, where people are fined by the state before their details are shared with DAZN and Serie A who request damages on top.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Wednesday 26 November 2025 at 6:21 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of October): 5,009

RIP Matrix

Plex is starting to enforce its new rules, which prevent users from remotely accessing a personal media server without a subscription fee.

Previously, people outside of a server owner’s network could access the owner’s media library through Plex for free. Under the new rules announced in March, a server owner needs to have a Plex Pass subscription, which starts at $7 per month, to grant users remote access to their server. Alternatively, someone can remotely access another person’s Plex server by buying their own Plex Pass or a Remote Watch Pass, which is a subscription with fewer features than a Plex Pass and that Plex started selling in April for a $2/month starting price.

Plex’s new rules took effect on April 29. According to a recent Plex forums post by a Plex employee that How-To Geek spotted today, the changes are rolling out this week, with a subscription being required for people using Plex’s Roku OS app for remote access. The Plex employee added:

This requirement change for remote streaming will come to all other Plex TV apps (Fire TV, Apple TV, Android TV, etc.) and any third-party clients using the API to offer remote streaming in 2026.

Plex started as a Mac port of the Xbox Media Center project in 2009 before evolving into a media server company and, more recently, a streaming service provider. Its new remote access rules will be a test for the company, which has been challenging long-time users with numerous changes over the past year, including a Plex Pass price hike, a foray into renting out officially licensed movies, and the introduction of social features and a mobile app redesign.

Plex has previously emphasized its need to keep up with “rising costs,” which include providing support for many different devices and codecs. It has also said that it needs money to implement new features, including an integration with Common Sense Media, a new “bespoke server management app” for managing server users, and “an open and documented API for server integrations,” including custom metadata agents,” per a March blog post.

In January 2024, TechCrunch reported that Plex was nearing profitability and raised $40 million in funding (Plex raised a $50 million growth equity round in 2021). Theoretically, the new remote access rules can also increase subscription revenue and help Plex’s backers see returns on their investments.

However, Plex’s evolution could isolate long-time users who have relied on Plex as a media server for years and those who aren’t interested in subscriptions, FAST (free ad-supported streaming TV) channels, or renting movies. Plex is unlikely to give up on its streaming business, though. In 2023, Scott Hancock, Plex’s then-VP of marketing, said that Plex had more people using its online streaming service than using its media server features since 2022. For people seeking software packages more squarely focused on media hosting, Plex alternatives, like Jellyfin, increasingly look attractive.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Wednesday 26 November 2025 at 12:56 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of October): 5,009

RIP Matrix

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only.

Downloading content without permission is copyright infringement. These torrent download statistics are only meant to provide further insight into piracy trends. All data are gathered from public resources.

This week we have two newcomers on the list. “One Battle After Another” is the most shared title.

The most torrented movies for the week ending on November 24 are:

Note: We also publish an updating archive of all the list of weekly most torrented movies lists.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Tuesday 25 November 2025 at 6:34 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of October): 5,009

RIP Matrix

The long-running legal battle between News-Service Europe (NSE) and anti-piracy group BREIN has quietly come to an end.

NSE was once one of the largest Usenet providers, but its legal troubles started in 2009, when BREIN took legal action on behalf of the movie and music industries.

In an early verdict in 2011, the Court of Amsterdam concluded that NSE willingly facilitated online piracy through its services. As a result, the company was ordered to remove all pirated content and filter future posts for possible copyright infringements.

According to the Usenet provider, this filtering requirement would’ve been too costly to implement, so it shut down its service while it appealed the case.

Supreme Court Win for NSE

After several more years of litigation, the Amsterdam appeals court ruled that NSE wasn’t liable for users’ pirating activities after all, but NSE was required to offer a responsive and effective notice and takedown procedure, possibly with additional measures.

Unhappy with the outcome, BREIN decided to take the matter to the Dutch Supreme Court. While NSE was no longer a threat, the case could prove crucial for many other Usenet providers.

In 2023, the Supreme Court confirmed that the Usenet provider shouldn’t be held liable for pirating users. The fact that NSE had a decent takedown procedure and no apparent knowledge of infringement weighed in its favor.

The Court also confirmed that NSE didn’t curate any content, nor did it specifically promote copyright infringement.

NSE Seeks Millions in Damages

The Supreme Court ordered BREIN to pay the legal costs. For NSE, however, the victory was bittersweet, as the company had already thrown in the towel well over a decade earlier.

In a final effort to recoup some of its claimed losses, NSE sued BREIN for damages last December. Exact details were not revealed, but the claim could’ve easily reached millions of euros.

While NSE shut down voluntarily, the company says that it saw no other option at the time due to BREIN’s legal pressure. As a result, the entire NSE team lost their jobs.

In its initial response, BREIN looked forward to the new legal battle with confidence. BREIN director Bastiaan van Ramshorst said that NSE willingly decided to shut down its service in 2011, instead of engaging in court-mandated negotiations.

NSE and BREIN Settle

This latest lawsuit could’ve easily added a few more years to the legal battle. However, it won’t come to that, as NSE and BREIN have decided to settle their differences once and for all.

Last Friday, the parties issued the same brief press release. This effectively confirms the end of the 16-year legal battle without adding any further detail.

“Last week the parties reached a settlement, which allowed them to avoid further escalating litigation costs. Both sides are pleased with the outcome and have agreed not to disclose the details of the arrangement,” NSE and BREIN announced.

The announcement
 

This type of tight-lipped announcement suggests that the parties reached a compromise. Since NSE is a defunct entity with no operational future, financial compensation seems the only logical incentive for them to drop the multi-million euro claim.

NSE had little to lose at this point, but, for BREIN, the settlement means that it no longer has to face a claim for ‘millions’ in damages. The details of this agreement will remain secret, which underscores that it remains a sensitive issue after all these years.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Tuesday 25 November 2025 at 6:33 pm AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of October): 5,009

RIP Matrix

For years, powerful rightsholders and media groups have demanded urgent and decisive action from the European Commission to tackle IPTV piracy of live sports and events.

From the MPA, to the Premier League, Sky, LaLiga and Serie A, the message couldn’t have been clearer or more consistent. It didn’t change after the EC’s rejection of their call for urgent legislative measures in 2022, and remained intact following a consultation and advice early 2023 on a ‘toolbox’ of existing measures.

EC Publishes Assessment of the Effects of Recommendation

In May 2023, the European Commission (EC) issued a Recommendation aimed at tackling online piracy of sports and other live events. It encouraged measures concerning the processing of takedown notices, dynamic injunctions, cooperation between stakeholders, and increasing the availability of legal alternatives.

Aiming to build upon existing legal frameworks such as the InfoSoc Directive, IPRED, and the Digital Services Act (DSA), it was detailed and comprehensive, without being especially urgent.

Some two-and-a-half years later, an assessment of the effects of the Recommendation were published by the EC last week. The report evaluates the progress made by Member States, national authorities, and stakeholders in implementing the various measures outlined in May 2023. Monitoring was carried out by the EUIPO Observatory using Key Performance Indicators (KPIs) concerning piracy volume, processing of takedown notices, use of blocking injunctions, and availability of legal offers.

Ensuring Prompt Execution of Takedown Notices

Recommendation: Hosting services should process takedown notices sent by rightsholders as quickly as possible, to help protect vulnerable live events which have most of their value built into the event itself.

Assessment: Only limited progress was reported. ‘Online platforms’ including social media, online marketplaces, and search engines, were generally more responsive due to their obligations under the DSA. Responses from other intermediaries such as Dedicated Server Providers (DSPs) and Content Delivery Networks (CDNs) were much slower, highlighting a significant gap in response times when compared to online platforms.

Further Action: According to the report, there’s a need for increased cooperation with intermediaries, including working towards technical solutions to automate processing of takedown notices. The Commission says it will examine the role of intermediaries within the DSA Board discussions.

Rightsholders’ Use of Blocking Injunctions in Member States

Recommendation: Authorized under Article 8(3) of the InfoSoc Directive and Article 11 of IPRED, Members States should facilitate use of dynamic/live blocking injunctions, with appropriate safeguards, against infringers and intermediaries whose services are used to infringe copyrights.

Assessment: The Commission notes that while injunctions are useful, implementation across Member States shows significant variation. At the extremes, some countries have very robust systems in place while others have no system at all. The Commission says there’s not only a need for much broader adoption across the EU, but also more consistent application.

Further Recommendation on Injunctions: Member States are ‘encouraged’ to provide for injunctions against intermediaries, who, regardless of their lack of liability, offer services that are misused for illegal streaming of live sports.

Assessment: Noting efforts in France and Belgium that have blocked CDNs, VPNs and DNS providers, and work in Italy to facilitate the same, the EC also highlights LaLiga’s work in Spain “against ISPs and CDNs“. Under the DSA, some intermediaries may be exempted from liability, the EC adds, but the DSA does not preclude them from being blocked regardless.

Since these are recent developments, “there is not yet sufficient data to assess the efficiency of dynamic injunctions addressed to those intermediaries,” the report concedes, adding that “a number of end-users, have complained about a few instances of over-blocking.”

The Recommendation appears to have prompted some Member States to reassess their legal frameworks or engage in policy discussions to strengthen enforcement measures. Some Member States have clarified legal standing for sports event organizers, allowing them to pursue injunctions in their own right. Some rightsholders are demanding that blocking injunctions are recognized across borders.

Discussions about the possible introduction of dynamic injunctions have been discussed in a few Member States, but not have not yet materialized. In others, there are no developments to report “prompting concerns” from certain stakeholders, the EC reports.

Further action: The Commission will consider whether new measures are needed to ensure a wider and more consistent use of dynamic injunctions across Member States.

Cooperation between Rightsholders and Intermediaries / Public Authorities

Recommendation: Encourage cooperation between rightsholders and intermediaries to identify the source of unauthorized retransmissions and take measures to prevent repeat misuse.

Assessment: Cooperation agreements to fight piracy exist across Member States, some concluded directly between the parties and others with assistance from public authorities. Agreements between rightsholders and ISPs on blocking measures and issues related to content blocking/removal appear to be most common.

In 2024, participating rightsholders reported 49 voluntary cooperation agreements with intermediaries, rising to 62 in 2025. Cooperation with Dedicated Server Providers (DSPs) account for around two-thirds of agreements (42), with online platforms (18) quite a distance behind. Perhaps unsurprisingly, agreements to identify the source of infringement are far less common; just two were reported.

In general, cooperation has improved, with voluntary agreements becoming more common. The majority of infringement notices resulting in suspension of access to infringing streams were issued in the context of cooperation agreements, with 55% of those proving successful. However, some rightsholders complained that most cooperation agreements still rely on manual processing of infringement notices, which limits effectiveness when applied to live sports.

The Recommendation encourages Member States to actively engage in the exchange of information when sites and services are blocked as part of an injunction. Under the DSA, orders issued by authorities to act against illegal content must be shared by a Member State’s Digital Services Coordinator (DSC) with their counterparts in other Member States.

This system is considered directly relevant to tackling piracy of live events but is not yet fully operational. However, the network is described as a “crucial initiative” through which valuable information is exchanged between participating authorities.

Raising Awareness and Improving Availability of Legal Offers

Recommendation: Increase users’ awareness of legal content, increase the availability, affordability, and attractiveness of live event commercial offers.

Assessment: The report notes that submissions focused solely on live sports events. Several rightholders and sports event organizers have reportedly made efforts to make their offers more accessible, including “setting up a website which allows users to obtain information on where a specific sporting competition is available.”

Yet in noting the following, it seems that readily available information proved elusive enough to prevent an assessment.

“[T]he data submitted by sports event organisers and rightholders to the EUIPO does not allow to fully assess the progress made in terms of the availability of sports events or the affordability and attractiveness of commercial offers,” the report notes.

“Consumers responding to the call for evidence consider that this remains an area of concern, arguing that the availability of affordable legal offers remains low and legal offers are fragmented,” the report notes.

Some national authorities identified pricing of legal offers, fragmentation, and territorial availability, as “possible obstacles” faced by users attempting to access legal live content, “which often requires users to obtain multiple paid subscriptions.”

Overall Conclusions

The European Commission’s assessment concludes that while the Recommendation has encouraged positive developments, its overall impact is limited.

Despite signs of increased awareness and cooperation, piracy by volume has not reduced and remains a problem. While online platforms are seen as effective when processing takedown notices, DSPs reportedly lag far behind when it comes to suspension of pirate streams. Notices sent to CDNs and reverse proxies are increasing but are not effective.

“In addition, an increasing number of notices are being addressed to other intermediaries, including CDNs and reverse proxies, which are not subject to the DSA rules on notices. In this context, the assessment underlines that cooperation agreements have led to a better and quicker response by the relevant intermediaries.”

The assessment also highlights tension between protection from liability for intermediaries and the demand for more effective responses to piracy. Intermediaries are not required by law to proactively police illegal content, but the assessment nevertheless implies that even within existing legal frameworks, going beyond current obligations would make a significant difference.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Tuesday 25 November 2025 at 3:59 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of October): 5,009

RIP Matrix

Services offered by U.S tech giant Cloudflare improve the performance and security of millions of websites, amounting to a significant contribution towards the health of today’s internet.

Those hoping to benefit from Cloudflare’s services find few, if any, barriers to entry. Typically a working email address is sufficient to gain access, meaning new users can protect their websites in a matter of minutes.

Cloudflare Held Liable For Anonymous Users

Frictionless onboarding is popular with users and good for Cloudflare’s overall business. For Japanese manga publishers Shueisha, Kodansha, Kadokawa, and Shogakukan, the absence of identity verification is a gift to pirate site operators. Not only are they allowed to remain personally anonymous, their websites’ IP addresses can be hidden and exchanged for Cloudflare’s, making enforcement more difficult.

A decision handed down this week by Judge Aya Takahashi at the Tokyo District Court, holding Cloudflare liable for infringement carried out by its customers, concerns a lawsuit filed by the publishers in 2022.

The companies said that the anonymity afforded by Cloudflare to site operators and their websites, provides an attractive environment for piracy of their content to thrive. When the publishers’ repeatedly complained, Cloudflare should’ve taken the strongest of action against such abuse, including terminating the accounts of known pirate sites.

Liability and Future Growth

Judge Takahashi agreed that the lack of identity verification was a piracy-enabling factor but Cloudflare’s inaction amounted to a failure to acknowledge responsibility.

“(Cloudflare) failed in its duty to stop providing the service,” Judge Takahashi said.

Liability in this instance led to a damages award against Cloudflare of 500 million yen, around US$3.2 million. In the bigger picture, the money is less important to Cloudflare than new liability and what that might mean for the growth of its business.

In this instance, the court did not issue an injunction to restrain Cloudflare moving forward. However, the finding of liability is unacceptable to Cloudflare so it intends to file an appeal and continue the fight.

“We appreciate the efforts of the Tokyo District Court, which spent a great deal of time and effort reviewing and ruling on this complex case. While we respectfully disagree with the court’s decision, we also express our dissent,” the company said in a statement sent to legal news outlet Bengo4.

Cloudflare maintains its long-held position that as a CDN, it delivers data and doesn’t host anything. Since the pirated content is hosted elsewhere, that’s where it will remain, regardless of any action at Cloudflare.

Cloudflare Ups the Stakes, Warns of Global Implications

Cloudflare’s pursuit of a decision aligned with its own interests, will see the publishers defend their hard-won position with similar determination. For the former, the decision in Japan isn’t just a local storm, it’s a threat to intermediaries and sets a global precedent with far-reaching implications.

“Holding CDNs like Cloudflare legally liable for content they do not host removes the limitations on liability that have underpinned the growth of the global internet. This ruling is the first of its kind in the world and could have serious implications for the efficiency, security, and reliability of the internet not only in Japan but around the world,” the company says.

While a robust defense of its position is to be expected, Cloudflare seems to be especially vocal – and critical – not just of the decision, but how it will hurt Japan’s progress moving forward.

Describing the ruling as “undermining transparency, fairness and due process,” Cloudflare said the trial questioned whether Japan’s judicial system supports its aspirations for growth in tech.

“This ruling is contrary to the legislative intent of promoting Japan’s technological growth and risks stifling technological innovation among Japan’s emerging technology companies,” Cloudflare added.

If the decision stands, to avoid liability Cloudflare says it would need to terminate CDN services based on takedown notices, rather than under the formal instructions of a competent court.

The Publishers’ View the Decision in a Different Light

Yuki Hirai is an attorney at Sakurazaka Law Office, where he leads the case on behalf of the publishers.

In recent comments to the USTR, Cloudflare suggested that a negative outcome against the publishers would “necessitate U.S. CDN providers to limit the provision of global services.”

In comments to TorrentFreak, Attorney Hirai disputes that, noting that Cloudflare’s argument “distorts the essence” of the case.

“This ruling concerns responsibility for providing high anonymity and ignoring infringement notices, not the provision of the service itself nor other CDN service provider,” he explains.

“Cloudflare also argues that to avoid their legal liability, it would need to suspend CDN services for a website based on a notice rather than a formal order from an independent court, significantly increasing the potential for abuse. However, this judgment states, citing several reasons, that our infringement notice properly shows the URLs to the infringing content, and that upon viewing those URLs, it was immediately obvious they were pirate sites.”

Attorney Hirai says Cloudflare’s arguments are “highly self-defensive and contain numerous errors.” The publishers true aims are actually quite straightforward.

A Decision That Aligns With Cloudflare Policy

“What we are demanding is a very general act of ceasing to aid such crimes. Restricting the provision of global services is not the solution we seek, nor is it aligned to this judgement,” Hirai explains.

“What we are seeking is for Cloudflare to promptly cease providing services once the sites are notified as pirate sites, and to implement appropriate measures such as identity verification to prevent repeat infringers.

“These requests from us also align with Cloudflare’s policy in its statement to media outlets, of ‘not hesitating to cooperate in combating piracy’”

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Monday 24 November 2025 at 2:53 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of October): 5,009

RIP Matrix

Anna’s Archive is a meta-search engine for shadow libraries that allows users to find pirated books and other related resources.

In late 2023, the search engine expanded its offering by making data from OCLC’s proprietary WorldCat database available online.

Anna’s Archive scraped several terabytes of data and published over a billion unique metadata records. The records contain no copyrighted books or articles, but they help ‘shadow’ archivists track books already in the collection and which ones have yet to be added.

OCLC Sued Anna’s Archive

This ‘metadata’ heist was a massive breakthrough in the site’s quest to archive as much published content as possible. OCLC responded with a lawsuit at an Ohio federal court, accusing the site and its operators of hacking, unjust enrichment, and breach of contract.

The non-profit previously sought $5.3 million in damages against Anna’s Archive, in part to cover significant hardware and staffing costs incurred in response to the alleged hacking.

In the months that followed, no one came forward to represent Anna’s Archive in court. OCLC did name an archivist from the Seattle area as the potential operator, but they denied any involvement with the site and were eventually dropped from the case.

Without any defendants showing up, OCLC requested a default judgment to recoup the millions it believed it deserved. The federal court was initially reserved and referred several questions to the Ohio Supreme Court. After these questions were denied, OCLC returned with a renewed motion.

Million Dollar Retreat

The Ohio federal court previously expressed concern that a ruling on the default judgment would set a precedent beyond what was actually needed. To address this concern, OCLC stripped its demands back to the bare minimum.

OCLC dropped eight of its twelve claims to simplify the court’s decision. In addition, it dropped its claim for $5.3 million in damages, requesting only an injunction and a declaration that Anna’s Archive violates the law.

Renewed motion
 

The remaining claims are breach of contract, unjust enrichment, tortious interference of contract, and trespass to chattels, for which OCLC requests a default judgment.

Enforcement by Proxy

OCLC’s new approach aims to make it easier for the Ohio federal court to approve its request. It also signals that the company already had little hope that it could recoup any damages, let alone millions.

Instead, the WorldCat publisher hopes that an eventual default judgment and an injunction would motivate third-party intermediaries to take the site offline.

“OCLC hopes to take the judgment to website hosting services so that OCLC’s WorldCat data will be removed from Anna’s Archive’s websites,” the motion reads.

While the motion’s text refers to ‘hosting services,’ the filing’s service list is more specific. OCLC is serving the legal paperwork directly on domain registrar Tucows, hinting that the registrar is a potential target for follow-up enforcement.

Hosting services

OCLC is asking the Ohio federal court to grant a broad permanent injunction that would:

• Ban future harvesting: Prohibit any further scraping of WorldCat.org or OCLC’s servers.
• Block distribution: Forbid the use, storage, or sharing of the data on Anna’s Archive.
• Stop incitement: Prevent the site from encouraging others to scrape or distribute the material.
• Force deletion: Require the destruction of all existing copies of the data, including torrents.

Footnote & Future Action

Relying on help from third-party intermediaries to take action against rogue sites is not unique, OCLC notes. In a footnote it links to a recent TorrentFreak article, revealing that Google has removed hundreds of millions of Anna’s Archive URLs from its search index.

“Enforcing a judgment in this manner would not be uncommon or unexpected as far as Anna’s Archive is concerned. Recently, Google removed over 749 million Anna’s Archive URLs from its search results to stem Anna’s Archive’s large-scale copyright infringement,” the footnote reads.

The footnote
 

Of course, there was no court order in Google’s case, it was legally obliged to take action in response to DMCA takedown notices. These typically address copyright complaints, which don’t automatically apply to the metadata that’s at stake here.

With most of the complex state law questions sidelined, and the monetary demands off the table, Judge Watson has several issues to consider before arriving at a decision concerning a potential judgment and injunction.

Crucially, OCLC attempts to sidestep the court’s previous concerns about its ‘browsewrap’ contract by arguing that the operators of Anna’s Archive are ‘professional hackers.’

The motion argues that it is ‘implausible’ that such sophisticated hackers were unaware of the site’s terms of service, regardless of whether they explicitly clicked on an ‘I agree’ button.

If the court sides with OCLC, the eventual order is expected to trigger a game of infrastructure whack-a-mole, presumably starting with Anna’s Archive’s hosting company.

—

A copy of OCLC’s renewed motion for a default judgment against Anna’s Archive is available here (pdf).

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Sunday 23 November 2025 at 3:34 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of October): 5,009

RIP Matrix

Pirate sites have proven to be quite a headache for Cloudflare and have landed the San Francisco-based tech company in court on several occasions.

These legal battles include a case in Germany, where the local branch of Universal Music sued Cloudflare for offering its services to pirate site DDL-Music.

The origins of this case date back to June 2019, when the German branch of Universal Music sent a copyright infringement notice to Cloudflare, listing DDL-Music links, which in turn linked to third-party sites that hosted tracks from Sarah Connor.

The lawsuit didn’t make any headlines, at least not initially. But when Cloudflare displayed an ‘Error 451’ to DDL-Music users in early 2020, it was clear that something was up. Error 451 is still relatively rare and typically reserved for cases where content has been made inaccessible for legal reasons.

In this case, Universal had obtained a preliminary injunction against Cloudflare that required the company to stop providing its CDN services to the pirate site. Failure to comply could’ve invoked a fine of up to 250,000 euros or even a six-month prison sentence for Cloudflare’s managing director.

Cloudflare was disappointed with the outcome and decided to appeal. The case eventually made its way to the Cologne Higher Regional Court, which largely confirmed the liability finding in 2023. That was another setback for Cloudflare which appealed to Germany’s highest court.

High Stakes, Highest Courts

The Federal Court of Justice (Bundesgerichtshof) took on the appeal in what has become a landmark case. The Court’s ruling is expected to be leading when it comes to the liability of CDN services for the copyright-infringing actions of customers.

Realizing the potential for broad repercussions, Germany’s highest court is actively seeking advice from the EU’s highest judicial body: the Court of Justice of the European Union (CJEU).

Specifically, it asks the EU’s top court to provide guidance on two key questions that affect the potential liability of linking sites and CDN providers.

The questions were formally submitted earlier this year and were posted in the Official Journal of the European Union this week.

The referred questions

Q1: Storing vs. Linking?

The German questions were translated into English and other languages, but not in a way that they are easy to grasp for the public.

The first question touches on the linking vs. hosting argument that’s common in piracy disputes. In this case, DDL-Music did not host the music files itself. Instead, it provided links to third-party cyberlockers like Nitroflare.

The German judges seem conflicted about the definition of copyright infringement when it comes to linking.

Generally speaking, the German Federal Court operates under the assumption that to “make a work available” to the public, the infringer must have control over the file within their own “access sphere” (e.g. their website/server).

However, there are also EU rulings that found linking can sometimes constitute a “communication to the public” and the German court asks the CJEU to clarify: Can a site operator be liable for “making a phonogram available” if they simply hyperlink to it?

Q2: Hosting or Caching?

The second question is arguably even more complex and harder to grasp. Not just due to the legal jargon, but also because of the implications concerning the liability of CDN providers.

With the second question, Germany’s Federal Court seeks clarification on the legal status of Cloudflare’s CDN infrastructure. It effectively asks if it classifies as a hosting provider or a caching service.

Cloudflare sees its CDN mostly as a caching service, which operates as a neutral intermediary that should not be liable for the bits that it passes on. Universal Music, however, disagreed and pointed out that some files are cached by Cloudflare for up to a year.

If Cloudflare is seen as a hosting service, Germany’s Federal Court would like to know if the liability criteria previously determined in the landmark YouTube vs. Cyando case also apply here.

In that matter the CJEU ruled that platforms such as YouTube are not liable for pirated content uploaded to their service. Liability only comes into play if a service actively and deliberately contributes to the infringement.

Finally, if the YouTube standards don’t apply, the German court wants to know exactly what criteria should be used to determine if a CDN is directly liable for the pirated content it delivers.

Going forward

The questions are now in the hands of the CJEU, which is expected to share its view on the matter next year. Given the stakes involved, the matter will be followed closely by Internet infrastructure providers and rightsholders alike.

The final verdict is also expected to provide more insight into a technical debate regarding “Time to Live” (TTL) caching settings.

In its referral order, the German court noted that while Cloudflare’s servers could theoretically cache a file for a year or longer, this doesn’t necessarily mean the company has abandoned its role as a neutral intermediary.

The German judges appear open to the idea that “temporary” storage shouldn’t be measured in time, but by its function. If a file is stored for a long time purely to improve loading times or security, it might still qualify as “caching” rather than “hosting”.

However, if the CJEU decides that long-term storage is indeed active hosting, Cloudflare could lose its liability shield. This would effectively require CDN services to make sure that content hosted (or linked) by customers is rendered inaccessible when rightsholders complain.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Saturday 22 November 2025 at 4:22 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of October): 5,009

RIP Matrix

For many pirate sites and apps, ad revenue is the only viable lifeline. This is why the advertising industry is an important ally in the fight against piracy.

Over the years, several ad-focused anti-piracy initiatives and partnerships have tried to prevent branded ads from appearing on these sites.

This includes a European Union-led Memorandum of Understanding (MoU) in which several leading advertising companies, including Google, signed up to play their part. The origins of this agreement date back to 2016, and the EU Intellectual Property Office (EUIPO) has monitored progress ever since.

The latest report on the state of the pirate advertising landscape was published this week. As in previous years, the EUIPO commissioned UK-based research firm White Bullet to provide a detailed overview of what types of ads appeared on pirate sites throughout 2024.

The report: Online Advertising on IPR-Infringing Websites and Apps 2024
 

The report looked at advertisements on 7,250 websites and 398 mobile applications across 18 EU member states. All ‘pirate’ sites and apps provided access to copyright-infringing content and were classified as either “illegal” or “high-risk”.

White Bullet compiled a similar advertising report for EUIPO in 2021, which makes it possible to measure progress over the past four years.

Major Brand Ads Surge 567% on Pirate Sites

The headline figures reported by EUIPO this week suggest that advertising volume on piracy sites grew rapidly throughout last year. Globally (EU+UK+US), the monitored websites generated 28.3 billion ad impressions over the year, with a 92% increase in impressions from the first to the fourth quarter.

More concerning, perhaps, is that adverts run by major brands are still common on pirate sites. No names are mentioned in the report, but EUIPO notes that advertising impressions from major brands increased 567% between 2021 and 2024.

Overall, branded advertising accounted for 61% of ad impressions on monitored websites and 96% on the monitored apps. This includes ads for both major and less-well known brands.

The EUIPO highlights this significant increase in its “main conclusions” alongside some other concerning developments.

EUIPO’s main conclusions
 

The report explicitly links this resurgence of major brand ads to a breakdown in industry cooperation, noting that education campaigns for advertisers were halted right before the spike occurred.

“The massive growth in Major Brand advertising on IPR-infringing websites may be correlated with the 2023 termination of several coordinated outreach programmes focused on educating brands that had been placing advertising on IPR-infringing websites,” EUIPO’s report reads.

It’s all Relative

While the headline numbers reported by EUIPO are correct, they deserve some nuance. The number of ad impressions on pirate sites by major brands did not increase 567%; not by a long shot.

What the report found is that major brand ads went from just 3% of all ad impressions on websites in 2021, to 20% of all ad impressions in 2024. While that technically represents a 567% increase in market share, the number of displayed ads tanked at the same time.

Across all monitored countries, ad impressions on pirate sites crashed from 146.1 billion in 2021 to 28.3 billion in 2024. So, the total number of ads on these sites fell by roughly 80%.

While the “567% increase” statistic is technically accurate when looking at relative market share, the increase is largely driven by the collapse of low-quality, non-brand ads. In real terms, the number of major brand ads served increased by roughly 30%.

Fraud & Malware Increase/Decrease

The same logic applies to a reported surge in fraud and malware advertising, which was also highlighted in the EUIPO’s main conclusions.

“The report also notes a 250% increase in fraud and malware advertising from 2021 to 2024, showing that infringing websites not only exploit brand reputations but also expose users and advertisers to broader digital risks,” EUIPO writes.

Again, this 250% increase is relative. Looking at the absolute numbers, fraud and malware ads actually decreased by roughly 1.8 billion impressions from 2021 to 2024. That’s roughly a ~31% reduction in malicious ads.

The above makes it clear that absolute and relative comparisons can show an entirely different picture. This is largely attributable to a key change that took place over the past few years, which, strangely enough, is not mentioned in EUIPO’s main conclusions.

EU: Pirate Ad-Impressions & Revenue Plunged

The fact that the EUIPO report found an unprecedented 80% drop in pirate site ads receives very little attention. Yet, the numbers clearly show that, in the 18 monitored EU Member States, pirate site ad impressions also plunged: from 70.3 billion in 2021 to 14.4 billion in 2024.

The report links this drastic decline to an increasingly fragmented landscape of pirate sites, leading to lower traffic numbers overall. That sounds like a welcome result, but in the report the finding receives no obvious emphasis.

The same applies to the associated decrease in advertising revenue for pirate sites. The report notes that the advertising revenues from the monitored countries dropped 78%, from €102.5 million in 2021 to €22 million last year.

The Missing Number: €8.29 per day

While the EUIPO focuses mostly on the relative increases of major brand ads and fraud advertisements, one key number was not highlighted. That is, the average estimated revenue these 7,250 sites generate per day from visitors in the 18 monitored EU countries.

That number is not reported, but if we crunch the numbers, we see that the average pirate site generates roughly €8.29 per day from these EU users.

The EUIPO report puts the global revenue of these sites at ~€91 per day. This leads to the logical conclusion that the EU advertising traffic only represents a fraction of the total income of these sites. That’s worth calling out, we think.

—

The full report, which includes many more data points and intriguing statistics, is available here (pdf).

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Friday 21 November 2025 at 3:45 am AEST (my time).

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of October): 5,009

RIP Matrix