Jump to content

Search the Community

Showing results for tags 'cloudflare'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

  1. Cloudflare has defeated a lawsuit from two wedding dress manufacturers that accused the company of failing to terminate the accounts of repeat copyright infringers. According to a California federal court, neither Cloudflare's CDN service nor its IP-address obfuscation system materially contribute to the alleged copyright infringements of its customers. Popular CDN and DDoS protection service Cloudflare has come under a lot of pressure from copyright holders in recent years. The company offers its services to millions of sites, some of which provide access to copyright-infringing material. Cloudflare prefers to remain a neutral service provider and doesn’t terminate clients based on DMCA notices. Instead, it forwards these to the hosting providers of its customers, only taking action when it receives a court order. Repeat Infringer Lawsuit This stance is not appreciated by all rightsholders and in 2018 the service was taken to court over the issue. The case wasn’t filed by major entertainment companies but by two manufacturers and wholesalers of wedding dresses. Not a typical “piracy” lawsuit, but it’s a copyright case that could have broad implications. In a complaint filed at a federal court in California, Mon Cheri Bridals and Maggie Sottero Designs argued that even after multiple warnings, Cloudflare failed to terminate sites operated by counterfeit vendors. This makes Cloudflare liable for the associated copyright infringements, they said. After a thorough discovery process, both sides submitted motions for summary judgment at a California federal court a few weeks ago. The wedding dress manufacturers argued that Cloudflare should have done more to stop pirates, while the CDN provider positioned itself as a neutral service provider that simply passes on traffic. Court sides with Cloudflare This week, United States District Judge Vince Chhabria ruled on the motions, resulting in a clear win for Cloudflare. The Judge only needed three pages for a combined ruling on the motions from both sides. The ruling clarifies that, in order to establish that a defendant is liable for contributory copyright infringement, several boxes must be ticked. This includes a finding that Cloudflare materially contributed to infringing activities. While there is no disagreement that some of Cloudflare’s customers may have used copyright-infringing material, the court doesn’t believe that the CDN provider can be blamed for this. Caching is Not Infringement With regard to Cloudflare’s CDN service, where the company cached infringing material on its servers, Judge Chhabria concludes that mere copying is not sufficient to prove material contribution. “For example, the plaintiffs have not offered any evidence that faster load times (assuming they were faster) would be likely to lead to significantly more infringement than would occur without Cloudflare. “Without such evidence, no reasonable jury could find that Cloudflare ‘significantly magnif[ies]’ the underlying infringement,” Judge Chhabria adds. The court further points out that even if Cloudflare did remove the infringing material from its servers, it would remain available on the original sites. This means that the infringement wouldn’t stop. IP-Address Shielding is Fine In addition to the catching feature of Cloudflare, the wedding dress manufacturers also argued that the CDN provider makes it harder to police copyright-infringing material as it shields the IP-address of copyright-infringing sites. Again, the court was not convinced, noting that IP-address obfuscation doesn’t make a difference to people who visit the infringing sites. Furthermore, Cloudflare forwards all infringing notices it receives to the appropriate hosting provider. As such, Judge Chhabria sees no evidence that Cloudflare makes it harder to go after pirate sites. “If Cloudflare’s provision of these services made it more difficult for a third party to report incidents of infringement to the web host as part of an effort to get the underlying content taken down, perhaps it could be liable for contributory infringement. “But here, the parties agree that Cloudflare informs complainants of the identity of the host in response to receiving a copyright complaint, in addition to forwarding the complaint along to the host provider,” the Judge notes. The ruling is an important victory for Cloudflare. Although wedding dresses are a relatively niche topic, many of the arguments in this lawsuit also apply to traditional pirate sites, which Cloudflare serves as well. — A copy of United States District Judge Vince Chhabria’s ruling on the motions for summary judgment is available here (pdf) Cloudflare Defeats “Repeat Infringer” Copyright Lawsuit in US Court
  2. Cloudflare has booked a partial victory in a piracy lawsuit filed by several models whose photos leaked online. The CDN provider previously offered its proxying service to the now-defunct website 'Thothub'. The court agreed with Cloudflare that there's no evidence for direct infringement, but the contributory copyright infringement claim remains intact. Earlier this year Texas-based model Deniece Waidhofer sued Thothub for copyright infringement after the site’s users posted many of her ‘exclusive’ photos. While Cloudflare isn’t new to copyright infringement allegations, this case has proven to be more than a nuisance. The company previously countered the claims with a motion to dismiss but Waidhofer and her legal team didn’t back off. In an amended complaint some of the most egregious allegations against Cloudflare, including the RICO conspiracy, were dropped. However, the copyright infringement claims remained and with two new cosplay models joining the action, the list of defendants expanded. Cloudflare denied these new allegations and submitted a motion to dismiss the copyright infringement claims. In addition, the company filed a separate motion for sanctions, accusing the defendants of fabricating a fatally flawed ‘infringement’ theory. Court Hands Down Mixed Order This week, US District Court Judge Fernando M. Olguin reviewed Cloudflare’s motion and released a mixed order. Judge Olguin dismissed the direct copyright infringement claims against Cloudflare but denied the motion to dismiss the contributory copyright infringement allegations. The three models argued that Cloudflare directly infringed their rights by making copies of the copyrighted works on its servers and deliberately marketing its service to pirate sites. After reviewing the arguments from both sides, Judge Olguin concluded that the direct copyright infringement claim is ungrounded. Even if Cloudflare temporarily stored the infringing material, the models don’t allege any “volitional” conduct. In a copyright infringement context, volitional conduct refers to a causal link. This means that Cloudflare’s actions should be the cause of infringing activity. That didn’t become apparent from the models’ complaints. No Direct Infringement (for now) This failure to include a causal link also applies to other direct copyright infringement allegations. This includes the suggestion that Cloudflare marketed its service to pirate sites. Again, this claim wasn’t backed up properly. “In short, plaintiffs have failed to sufficiently allege that Cloudflare engaged in volitional conduct. The court will thus dismiss plaintiffs’ direct infringement claim with leave to amend,” the court rules. This means that Cloudflare has defeated the direct copyright infringement claims, for now. The models are allowed, however, to file an amended complaint to fix the shortcomings that were highlighted by the court. Contributory Infringement Remains Cloudflare further asked the court to dismiss the contributory copyright infringement claims. According to the models, the CDN provider knew that infringing material was being made available using its system but failed to “take simple measures” to prevent further damage. These allegations were heavily contested by Cloudflare but, for now, the court believes that the facts presented in the complaint are sufficient to move the case forward. “Although Cloudflare challenges the veracity of the allegations in the [first amended complaint], on a motion to dismiss, the court must accept the factual allegations of the complaint as true,” the court concludes. There were more setbacks for Cloudflare, as the court also denied its request to sanction the models and their legal team. The company accused the rightsholders of including unsubstantiated and false claims. However, the court believes that this type of request can be considered at a later stage. Thothub Operators and Advertisers The piracy claims are limited to Cloudflare. The advertising company MultiMedia, also known as Chaturbate, is also listed as a defendant. The court granted MultiMedia’s motions to dismiss the contributory copyright claims, also with the option to amend. The RICO claims against the advertiser are dismissed with prejudice, but unfair competition claims remain intact. Finally, the models failed to identify the “Does” behind the Thothub site, so all claims related to the site’s alleged operators have been dropped from the lawsuit. — A copy of Judge Olguin’s order on the motions to dismiss and the motion for sanctions is available here (pdf) Cloudflare Books Partial Victory in ‘Thothub’ Piracy Lawsuit
  3. The internet infrastructure company wants to protect your inbox from targeted threats, starting with the launch of two new tools. Cloudflare, The internet infrastructure company, already has its fingers in a lot of customer security pots, from DDoS protection to browser isolation to a mobile VPN. Now the company is taking on a classic web foe: email. On Monday, Cloudflare is announcing a pair of email safety and security offerings that it views as a first step toward catching more targeted phishing attacks, reducing the effectiveness of address spoofing, and mitigating the fallout if a user does click a malicious link. The features, which the company will offer for free, are mainly geared toward small business and corporate customers. And they’re made for use on top of any email hosting a customer already has, whether it’s provided by Google’s Gmail, Microsoft 365, Yahoo, or even relics like AOL. Cloudflare CEO Matthew Prince says that from its founding in 2009, the company very intentionally avoided going anywhere near the thorny problem of email. But he adds that email security issues are unrelenting, so it has become necessary. “I think what I had assumed is that hosting providers like Google and Microsoft and Yahoo were going to solve this issue, so we weren’t sure there was anything for us to do in the space,” Prince says. “But what’s become clear over the course of the last two years is that email security is still not a solved issue.” Prince says that Cloudflare employees have been “astonished by how many targeted threats were getting through Google Workspace,” the company's email provider. That's not for lack of progress by Google or the other big providers on anti-spam and anti-malware efforts, he adds. But with so many types of email threats to deal with at once, strategically crafted phishing messages still slip through. So Cloudflare decided to build additional defense tools that both the company itself as well as its customers could use. On Monday, the company is launching two products: Cloudflare Email Routing and Email Security DNS Wizard. The tools let customers place Cloudflare in front of their email hosting provider, essentially allowing Cloudflare to receive and process emails before sending them through to the Microsofts and Googles of the world. This is somewhat similar to Cloudflare's long-standing role as a “content delivery network” for websites, in which the company is a proxy that can serve data or catch malicious activity as web traffic passes through. Cloudflare Email Routing makes it possible for individuals or organizations to manage an entire custom email domain, like @coolbusiness.com, from a single consumer email account, such as a personal Gmail address. The tool even lets you consolidate many addresses—[email protected], [email protected]—so they all forward to a single inbox. This way, small businesses in particular can get the benefits of a dedicated, custom email domain without having to manage a whole separate platform. The second tool, Security DNS Wizard, aims to make two email security features accessible for Cloudflare customers and easy to use. Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are two tools that are essentially a combination of caller ID and screening schemes for email: They aim to reduce email address spoofing by setting up public records that must match an email's sender information for the message to go through. This significantly reduces how easy it is for attackers to, say, send an email to employees that really looks like it comes from "Cool Business CEO." SPF and DKIM have been around for more than a decade, but they aren't ubiquitous, because they are difficult to set up without mistakes that can result in problems like legitimate emails getting lost. Cloudflare's goal with Email Security DNS Wizard is to make it easy for users to set up one or the other protection without any flubs. “These are both technologies that have been around for a long time, but the problem is they don’t get a lot of use, because they're extremely complicated and in some cases dangerous to set up,” Prince says. “We're hopeful that implementing this tech, making it easy, and making it free will dramatically expand the usage and decrease the amount of targeted phishing and domain abuse." Ultimately, Cloudflare plans to roll out a more comprehensive suite of services, called Advanced Email Security Suite, that will incorporate these two tools plus others. These initial offerings allow the company to get email flowing through its network, Prince says, so that it can study threats and patterns on a large scale. He adds that all Cloudflare email security products are carefully designed to leave crucial indicators intact for providers like Google and Microsoft. This way the tools aren't disrupting the important anti-spam and anti-abuse features that those services already have in place. And the goal is for existing Cloudflare offerings like browser isolation to work in tandem with the new email security features even when customers do click a bad link. As with many Cloudflare offerings, though, one byproduct of turning on these email security features is that customers will need to trust the company with their messages on top of all the other web data they already have flowing through Cloudflare. When asked whether there are privacy implications of this, Prince repeats what he has often said about Cloudflare's approach. “We think of customer data as a toxic asset. We don’t have a business around advertising, we don’t sell customer data,” he says. “We have privacy certifications and do external audits of our systems. But, yeah, we have to earn our customers' trust everyday." In a way, email is one of the last web security frontiers for Cloudflare. Whether customers are willing to share this final piece of themselves with the company will likely depend on how successful Cloudflare can be at making a dent in the very real, and maddening, risks that come with corporate email. Cloudflare Is Taking a Shot at Email Security (May require free registration to view)
  4. Copyright Holders Hold Cloudflare Liable for Failing to Terminate Repeat Infringers In a California court case, Cloudflare stands accused of failing to terminate customers repeatedly called out as copyright infringers. The case wasn't filed by Hollywood or the major record labels, but by two manufacturers of wedding dresses. They have now filed a motion for summary judgment, stating that the CDN provider could and should have done more to prevent copyright infringement. Popular CDN and Internet security service Cloudflare has come under a lot of pressure from copyright holders in recent years. The company offers its services to millions of sites. This includes multinationals, governments, but also some of the world’s leading pirate sites. Many rightsholders are not happy with the latter category. They repeatedly accuse Cloudflare of facilitating copyright infringement by continuing to provide access to these platforms. At the same time, they call out the CDN service for masking the true hosting locations of these ‘bad actors’. Cloudflare sees things differently. The company positions itself as a neutral service provider that doesn’t ‘host’ any infringing content and says it passes on information temporarily cached on its services. This means that if copyright holders report problematic URLs to Cloudflare, the company forwards the DMCA takedown notices to its customer. By doing so, Cloudflare is convinced that it operates in accordance with the law. Repeat Infringer Lawsuit That stance is not appreciated by all rightsholders and in 2018 the service was taken to court over the issue. The case wasn’t filed by major entertainment companies, but by two manufacturers and wholesalers of wedding dresses. Not a typical “piracy” lawsuit, but it’s a copyright case that could have broad implications. In a complaint filed at a federal court in California, Mon Cheri Bridals and Maggie Sottero Designs argued that, despite multiple warnings, Cloudflare failed to terminate sites operated by counterfeit vendors. This makes Cloudflare liable for the associated copyright infringements, they said. Cloudflare disagreed and filed a motion to dismiss. The company said that the rightsholders failed to state a proper claim, as the takedown notices were not proof of infringement, among other things. The California Federal Court disagreed, however, and allowed the case to move forward. Rightsholders Request Summary Judgment This ruling was good news for Mon Cheri Bridals and Maggie Sottero, which have now filed a motion for summary judgment. The companies argue that Cloudflare is liable for both direct and contributory copyright infringement, hoping to establish this as fact before trial. The wedding dress manufacturers explain that they sent Cloudflare numerous takedown notices. These notices identified allegedly infringing images that were hosted by Cloudflare’s subscribers and requested the company to take action to prevent further infringements. In response, Cloudflare forwarded these notices to its clients and their hosting providers, as is common policy. However, according to the rightsholders, this is not enough. “Cloudflare did not investigate the alleged infringement, did not request any information from its customers, did not remind its customers of Cloudflare’s infringement policy or threaten any type of disciplinary action […] and did not do anything to evaluate whether its customer was indeed engaged in infringing activities. “It did not matter whether Cloudflare received 1, 101, 10,000, or 1,000,000 infringement notices concerning a domain client – its response and handling of the complaints was always the same,” the dress manufacturers add. Cloudflare believes that it’s following the law. In the past, the company stressed that it doesn’t store any infringing material on its servers, so forwarding the notices is sufficient. “Cloudflare Can and Should Take Action” The wedding dress manufacturers clearly disagree and claim that the CDN provider could and should have taken simple steps to prevent infringements “[A]fter receiving numerous notices of infringement implicating a website client, Cloudflare could have taken simple measures to prevent further infringement, including evicting the infringing content from its cache servers and terminating caching services until the website proves compliance with Cloudflare’s anti infringement policies,” the companies write. “And while Cloudflare may not have control over the infringing content on a website’s origin host servers, it can and should do its part to curb infringement by not permitting repeat infringers to use its services to more effectively and quickly distribute infringing material to consumers in the United States.” With the motion for summary judgment, the copyright holders ask the court to rule that, because it failed to act, Cloudflare indeed is liable for the repeat infringements of its customers. If that is the case, the only remaining issue will be the scale of the damages claim. Potential for Broad Implications Cloudflare will likely disagree with these allegations but, at the time of writing, it has yet to respond in court. Previously, Cloudflare scrutinized the practices of the wedding dress manufacturers’ DMCA takedown partner, while describing the notices as invalid. This isn’t the first time that the repeat infringer issue has come up in US courts. Several movie companies successfully sued ISPs that failed to take action against repeat infringers. These ISPs didn’t host any copyrighted material either. While the present case doesn’t directly involve any pirate sites, it could have potentially far-reaching consequences. If the court rules that Cloudflare’s current policy is insufficient, it could be required to take stricter action against other sites as well. — A copy of the motion for summary judgment, submitted at a California Court by Mon Cheri Bridals and Maggie Sottero Designs, is available here (pdf) Copyright Holders Hold Cloudflare Liable for Failing to Terminate Repeat Infringers
  5. Cloudflare says it’s time to end CAPTCHA ‘madness’, launches new security key-based replacement It works great, but don’t expect CAPTCHAs to disappear just yet Photo by Amelia Holowaty Krales / The Verge Cloudflare, which you may know as a provider of DNS services or the company telling you why the website you clicked on won’t load, wants to replace the “madness” of CAPTCHAs across the web with an entirely new system. CAPTCHAs are those tests you have to take, often when trying to log into a service, that ask you to click images of things like busses or crosswalks or bicycles to prove that you’re a human. (CAPTCHA, if you didn’t know, stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.”) The problem is, they add a lot of friction to using the web and can sometimes be difficult to solve — I’m sure I’m not the only person who has frustratingly failed a CAPTCHA because I didn’t see that corner of a crosswalk in one image. In a blog, Cloudflare says it aims to “get rid of CAPTCHAs completely” by replacing them with a new way to prove you are a human by touching or looking at a device using a system it calls “Cryptographic Attestation of Personhood.” Right now, it only supports a limited number of USB security keys like YubiKeys, but you can test Cloudflare’s system for yourself right now on the company’s website. I tried it out, and it worked great. All I had to do was click the prominent “I am human (beta)” button on the site, then follow a few prompts to select my security key, then tap it, and then allow the site to access the make and model of the key. When I did, the system waved me through (though it just took me back to the blog). The whole process took all of a few seconds, and I have to admit that it was really nice not to puzzle over grainy images of busses and bus-looking objects. And in addition to the speed of it all, this new method could have a major accessibility benefit, as those with visual disabilities may not be able to complete CAPTCHAs in their current form. Here is the company’s “elevator pitch” of what’s going on behind the scenes to establish that you’re a human via its new method: The short version is that your device has an embedded secure module containing a unique secret sealed by your manufacturer. The security module is capable of proving it owns such a secret without revealing it. Cloudflare asks you for proof and checks that your manufacturer is legitimate. You can read a much more extensive explanation on the company’s blog. While it’s all an intriguing idea, it may not be the end to CAPTCHAs as we know it just yet. For one thing, you probably won’t see the prompt in many places, as Cloudflare says this is only an experiment right now, available “on a limited basis in English-speaking regions.” And in its current state, it only works with a limited set of hardware: YubiKeys, HyperFIDO keys, and Thetis FIDO U2F keys. Cloudflare promises it will “look into adding other authenticators as soon as possible.” That could possibly expand to your phone: Cloudflare suggests the possibility of tapping a phone to their computer to pass a wireless signature using NFC. Google can now treat both iPhones and Android phones as physical security keys; If Google and Apple got on board with Cloudflare’s method, it could significantly reduce the barrier to entry to using it, since smartphones are much more common than security keys. However, Cloudflare’s system may actually be a worse solution, according to one critic. As Ackermann Yuriy (CEO of the consulting firm Webauthn Works) points out, “attestation does not prove anything but the device model,” meaning that it doesn’t actually prove if someone using a device for authentication is, in fact, a human. Cloudflare essentially admits this itself in its own blog, saying that a drinking bird (those bird toys that dip their beaks into water repeatedly) could press a touch sensor on a security key, thereby passing the authentication test. If the point of CAPTCHAs is to prevent bot farms from overrunning websites, we may need to consider whether bot farms equipped with with jury-rigged security key devices (or worse) will take advantage. Cloudflare isn’t always positively associated with CAPTCHAs; in a recent example, the company moved from Google’s reCAPTCHA to a service from hCaptcha in April 2020, and some people weren’t fans: Lordy, if you thought clicking squares that show a traffic light was a pain, Google and Cloudflare have had a spat and the latter now has its own Captcha, which looks absolutely designed to put humans off bothering with sites that deploy it pic.twitter.com/odLTbZSAyZ — Kate Bevan (@katebevan) April 16, 2020 CAPTCHAs also assume that website owners want to allow relatively anonymous traffic, but anonymous identity may be irrelevant if an website has your actual identity through login information you’ve provided. And with the recent push against ad targeting, driven in large part by Apple’s huge new privacy feature in iOS 14.5 that asks users if they want to let each app track them around the web, it’s possible that website providers will move more toward logins anyway. Though it certainly sounds like a hassle to have to potentially deal with even more logins (which is much easier to do with a great password manager!), that shift could, counterintuitively, have the potential benefit of pushing us toward a passwordless future even sooner. If more services are pushing for direct logins, that could lead to more of them supporting security keys instead of a password. And more sites supporting security keys could put pressure on others to support them as well, like the trend we see toward two-factor authentication with phones. While we’re not at that passwordless future just yet, Cloudflare’s potential replacement for the CAPTCHA could be a first step in that direction. Source: Cloudflare says it’s time to end CAPTCHA ‘madness’, launches new security key-based replacement
  6. Cloudflare Doubts DMCA Takedown Company’s Fake Employee and Special Bots Cloudflare has faced quite a few copyright challenges in courts already, but a case filed by two wedding dress manufacturers is taking an unforeseen turn. At a Pennsylvania federal court, the CDN provider filed a motion to demand evidence from the companies' DMCA takedown partner, to find out more about a fake employee profile and its speedy takedown bots. Popular CDN and DDoS protection service Cloudflare has come under a lot of pressure from copyright holders in recent years. The company offers its services to millions of sites, some of which offer access to copyright-infringing material. Cloudflare prefers to remain a neutral service provider and doesn’t terminate clients based on DMCA notices. Instead, it forwards these to its customers, only taking action when it receives a court order. Repeat Infringer Lawsuit This stance is not appreciated by all rightsholders and in 2018 the service was taken to court over the issue. The case wasn’t filed by major entertainment companies, but by two manufacturers and wholesalers of wedding dresses. Not a typical “piracy” lawsuit, but it’s a copyright case that could have broad implications. In a complaint filed at a federal court in California, Mon Cheri Bridals and Maggie Sottero Designs argued that even after multiple warnings, Cloudflare fails to terminate sites operated by counterfeit vendors. This makes Cloudflare liable for the associated copyright infringements, they said. Cloudflare disagreed and both sides are now conducting discovery to collect evidence for an eventual trial. Among other things, the wedding dress manufacturers were asked to hand over detailed sales records. In addition, the CDN provider is also interested in the companies’ DMCA takedown partner XMLShop LLC. Cloudflare Wants DMCA Takedown Evidence Over the past few months, Cloudflare has tried to get further information on how XMLShop, which is also known as Counterfeit Technology, collects evidence for its takedown notices. These takedowns play a central role in the lawsuit and XMLShop and its employees could provide crucial information. Thus far, however, Cloudflare hasn’t been able to get what it wants. To resolve this issue, Cloudflare submitted a motion asking the court to compel the DMCA takedown company to comply with its requests for information. According to their filing, the company may be holding back important evidence. “Plaintiffs and XMLShop, who use the same counsel, appear to be using XMLShop’s status strategically as a ‘non-party’ to conceal relevant documents from Cloudflare. The Court should reject their gamesmanship,” Cloudflare informed the court. After serving two subpoenas, the takedown company only produced one document, Cloudflare notes. Meanwhile, the publicly available information on the company is highly confusing or even misleading. Who Works at XMLShop? For example, Cloudflare would like to question XMLShop’s employees, but the company hasn’t handed over an employee directory or payroll log that would reveal who works at the company. “XMLShop has not been forthright about its operations, leaving Cloudflare in the dark as to who else may be a witness with relevant knowledge,” Cloudflare writes. According to XMLShop’s attorney, the company only has one employee named Suren Ter-Saakov, but this claim is contradicted by its own website and Linkedin. “XMLShop’s own public statements contradict its counsel’s statement. Its website boasts ‘a big team of professionals working in three offices, located in Ukraine, the United States, and Dominican Republic. “And a LinkedIn profile for an individual named Blair Hearnsberger represents that she or he is the CEO at Counterfeit Technology,” Cloudflare adds. Fake Profile According to the takedown company’s attorney, this profile is fake and Blair Hearnsberger does not actually exist, but Cloudflare is not convinced. Therefore, it hopes that the court will compel XMLShop to verify who works at the company and in what roles. In addition to finding information on possible employees, Cloudflare also requests further information on the software that Counterfeit Technology used to find infringing content. Special Takedown Bots? The wedding dress manufacturers claimed that their takedown partner “scours the internet with special bots designed to locate and identify the unauthorized use” but it’s unclear how this technology works. Cloudflare would like to assess the software to see how accurate it is, especially since the company states that it spends only 10 seconds sending notifications of claimed infringement to all traffic sources. “Its use — and the reliability — of that technology is at least relevant to the predicate allegations of direct infringement it asserts. It is also relevant to Cloudflare’s contention that it never received any notifications of claimed infringement from Counterfeit Technology that were valid,” Cloudflare writes. The CDN provider asked the court to compel XMLShop to produce the subpoenaed documents. In addition, XMLShop should be held in contempt for failing to obey the subpoena and ordered to pay the legal costs Cloudflare incurred to submit the motion. This week, XMLShop responded to the request stating that it has already produced everything it could. It views the remaining requests as incredibly broad, since these ask for “sensitive” trade secret information. It is now up to the court to make a final decision. — A copy of Cloudflare’s memorandum in support of its motion to compel XLMshop to comply with the subpoena is available here (pdf).. XMLShop’s response can be found here (pdf). Cloudflare Doubts DMCA Takedown Company’s Fake Employee and Special Bots
  7. Cloudflare Page Shield: Early warning system for malicious scripts Cloudflare has released a new feature that aims to protect websites from Magecart and other malicious JavaScript-based attacks. A typical cyberattack is introducing malicious JavaScript onto a website to redirect visitors to malicious sites, display phishing forms, exploit vulnerabilities, and steal submitted payment information. To introduce malicious scripts on a website, threat actors will commonly add the malicious inline JavaScript to the web page, add an external malicious JavaScript dependency file under their control, or compromise an existing third-party script in a supply-chain attack. When JavaScript is loaded from an external location as a dependency, in many cases, they go unnoticed for a long time, especially when there is no outward change in a site's user experience. For example, Magecart attacks are conducted by introducing malicious JavaScript that steals credit card information submitted on a website. As this data is quietly transmitted to a remote location and purchases continue, as usual, users will not notice anything strange that they should report to the site. Due to this, Magecart attacks can quietly steal credit cards from visitors for many months, if not years, before they are detected and resolved. Page Shield to protect against malicious scripts Today, Cloudflare announced a new security feature called Page Shield that will detect attacks in end-user browsers caused by malicious JavaScript dependencies. "Our mission is to help build a better Internet. This extends to end-user browsers, where we’ve seen an alarming increase in attacks over the past several years. With Page Shield, we will help applications detect and mitigate these elusive attacks to keep their user’s sensitive information safe," Cloudflare announced today. With today's unveiling of Page Shield, Cloudflare is starting with a 'Script Monitor' tool that will report to Cloudflare every time a visitor on a protected site executes a JavaScript dependency file in their browser. Using these reports, Cloudflare will build a history of known scripts utilized on the site. When a new one is detected, alert the website administrator so they can investigate further. Script monitor detecting new JavaScript dependencies Using the Script Monitor, web admins can spot suspicious JavaScript files being loaded by visitors on their sites and quickly investigate whether they are malicious. While a good start, this does not protect visitors from existing JavaScript dependencies that have been modified in a supply-chain attack. For example, if a site has historically loaded a JavaScript file from https://www.example.com/js/harmless.js and a threat actor modified that file on example.com, Script Monitor would not detect the change, and the malicious code would be allowed to execute in a supply-chain attack. In the future, Cloudflare states that they plan on adding additional features that will issue alerts when the content of a script has changed of contains malicious signatures. Overall, this is an exciting tool for Cloudflare users to help detect if your site has been hacked to load malicious JavaScript files. However, this feature is only coming to Business and Enterprise subscriptions, and those in the Pro or Free services levels will not be able to benefit from the service. If you are interested in testing the new Page Shield feature, you can signup to join Cloudflare's beta test. Source: Cloudflare Page Shield: Early warning system for malicious scripts
  8. Jime234

    Changing Mobile Data DNS

    Hi, I wanted to change the DNS of the Mobile Data of my Android Smart Phone. Its a simple process to Change DNS of WiFi but Mobile Data is just something else.. I've searched and tried some apps to change DNS but then I don't know it worked or not, there is no way to check ! Has anyone here tried it ?
  9. Cloudflare's Speed Test promises better performance insights Cloudflare launched Speed Test some time ago; it is an online service that tests various networking related parameters such as the download speed, latency, or jitter. Speed tests are a dime a dozen on the Internet, and it is probably a good idea to start with Cloudflare's explanation as to why it launched its own Speed Test on the Internet. According to Cloudflare, it is all about the insights that its Internet speed test provides. Although there are a slew of speed testing tools out there, none of them give you precise insights into how they came to those measurements and how they map to real-world performance. With speed.cloudflare.com, we give you insights into what we’re measuring and how exactly we calculate the scores for your network connection. Best of all, you can easily download the measurements from right inside the tool if you’d like to perform your own analysis. Note: Performance data is collected and anonymized according to Cloudflare, but it is not sold. The company uses the data to improve its network. The code that Cloudflare uses is available on GitHub. Cloudflare Speed Test The speed test works similarly to other speed tests, e.g. Netflix Fast, in that it runs the measurements automatically when you connect to the site. The test takes a moment to complete as it will perform a number of operations including multiple file downloads. Cloudflare's announcement hints that Speed Test measures upload speed as well but disabled it because it received reports of incorrect measurements on "very fast connections". Speed Test displays the average download speed as well as the average latency and jitter at the top. There is also a graph that highlights performance over time. Below that is the device's IP address, and a map that displays the server location. The latency measurements and download measurements are provided as bar graphs and tabular data. Multiple tests are performed by Speed Test, and tables highlight each attempt and the measured performance. You may hover over i-icons and bars for additional information. The i-icons provide descriptions of the conducted tests for the most part while the bar overlays values such as min and max speeds. Interested users may download the speed data to the local system. A click on the download icon near the top downloads the data as a CSV file to the local system. You may open it in a compatible program, e.g. Microsoft Excel, afterwards. Closing Words Speed Test is a straightforward Internet performance testing service by Cloudflare that provides a good amount of information. Users may download the data to their systems and check out the code that Cloudflare uses. Some may have reservations against using Cloudflare's service because of the data collecting that is going on. Then again, most Speed Test sites appear to collect data, and some may even sell the data that they gather. Cloudflare's Speed Test promises better performance insights
  10. And Cloudflare customers get way better availability The Internet Archive, repository for some 468bn webpages, has become a fail-over service for Cloudflare customers, which could improve website availability for everyone. On Thursday, Mark Graham, director of the Wayback Machine at the non-profit Internet Archive, said the archive's web-focused warehouse, the Wayback Machine, will store snapshots of websites enrolled in Cloudflare's Always Online service to provide access to those sites in the event they go offline. Graham in a blog post today said the Wayback Machine has long archived URLs from a variety of different sources including its web crawler, its "Save Page Now" URL submission form, and other signals. Going forward, the Wayback Machine will also include websites enrolled in Cloudflare Always Online, a decade-old site availability service offered at no charge to Cloudflare customers (The Register being one of them). "What we're trying to do is make sure all of our customers' sites are available and reliable, no matter what happens to them," said Cloudflare CEO Matthew Prince in a phone interview on Thursday. Large customers, he said, have the resources to run their hosting infrastructure in a reliable way, but smaller ones may have a challenge when their hosting provider goes offline. "If we can't get to that content, then we can't serve it up across the network," said Prince, whose company, among other things, helps web publishers distribute cached web data via endpoints at the network's edge. Cloudflare has been trying to do this since 2010, shortly after the company was founded. "One of the things that we wanted to provide, especially for smaller customers, was a service that would allow them to remain online no matter what," said Prince. Early versions of the service "worked okay," he explained, but faced the challenge of making sure Cloudflare didn't cache internal or private information. And a lot of sites weren't easily cataloged. It was difficult, Prince said, to determine what Cloudflare could cache and what it could show if a website went offline. Initially, the company relied on watching where Google's crawler went and assuming it could cache those pages. That worked well enough for a time, when Google's traffic all hit Cloudflare's data center in Ashburn, Virginia, but over the past decade, Google's crawling infrastructure became more complicated. Five years ago, Prince said, Cloudflare built its own crawler to help fill in the gaps, but the project never got the attention it deserved. "We're not in the business of crawling websites, so it wasn't the smartest crawler out there," he said. About a year ago, a product manager at Cloudflare pointed out that the Internet Archive had an expansive copy of the web, so the network service biz began looking into whether the two organizations could work together. "Our hope is this will make the Internet Archive more thorough and better by giving it a more complete picture of the web [while also helping our customers]," said Prince. The updated Always Online service requires customers to provide the Internet Archive with some website information, such as a hostname and popular URLs, for crawling. Thereafter, if the site fails to respond to a network request, Cloudflare will answer with a status code in the 520 to 527 range. It will then try to provide a stale or expired version of the content cached from an edge data center that it can serve to the requesting website visitor. If that data can't be found, it will ask the Internet Archive for its most recent site capture and serve it with a banner indicating that the original website is inaccessible. In an email to The Register, Graham said the Internet Archive's arrangement with Cloudflare doesn't entail any financial or infrastructure support. "But we appreciate the support from the many individuals, organizations and companies that have provided support to date, and those that may support us in the future," he said. "In general terms, we focus on trying to be of service first and foremost." Graham acknowledged that storing the data from Cloudflare Always Online customers does add to the Internet's Archive's infrastructure costs. "We also benefit from learning about Web-based resources (via URLs) that we might not otherwise have known about, so the partnership helps us do a better job of archiving more of the public Web," he said. Source
  11. Anti-piracy coalition ACE is going after the operators of several pirate streaming sites. The members of ACE obtained a DMCA subpoena that requires Cloudflare to hand over the personal details and account information related to 37 domain names, including Flixtor.to, Myflixer.to, Watchserieshd.tv, HDSS.to and Soap2day.to. The online piracy ecosystem is constantly evolving. Ten years ago the entertainment industries were mostly concerned with torrent sites. Today, online streaming sites and services are the main challenges. To tackle this threat, some of the largest companies in the world bundled their powers. In 2017 they formed the Alliance for Creativity and Entertainment (ACE), which lists prominent members including major Hollywood studios, Netflix, Amazon, and other entertainment giants. ACE’s Ongoing Anti-Piracy Efforts The coalition has been very active both in- and outside of court. It has shut down various streaming sites and tools, including Kodi add-ons and builds, pirate streaming box vendors, and unauthorized IPTV services. These efforts often start with intelligence gathering. At ACE, a dedicated team of investigators is constantly trying to identify the people behind these sites and services. One way to do this is by subpoenaing Cloudflare for information. Late last week, ACE obtained such a DMCA subpoena at a California District Court. The subpoena specifically directs CDN provider Cloudflare to hand over all useful information it has on a wide range of popular pirate streaming sites. “The purpose for which this subpoena is sought is to obtain the identities of the individuals assigned to these websites who have exploited ACE Members’ exclusive rights in their copyrighted works without their authorization,” ACE wrote while requesting the subpoena. Targeting Flixtor.to, HDSS.to, Soap2day.to and others The legal paperwork lists 37 separate domain names, listed below. Several domains point to similar sites and the targets include Flixtor.to, Myflixer.to, Watchserieshd.tv, HDSS.to and Soap2day.to, which are all among the top hundred most-visited pirate streaming sites. Myflixer At the time of writing all these sites are still operational. Cloudflare doesn’t have to take any direct action against the targeted customers either, it merely has to hand over the requested information. Among other things, ACE is looking for the account holders’ names, IP addresses, and payment details. This information will be used “for the purposes of protecting the rights” of the Hollywood studios, Amazon, and Netflix. Cloudflare is legally required to comply with the subpoena. Previously, it was unknown what information the company typically hands over but the latest transparency report, published last week, provided further insight. Cloudflare to Share Names, IP-addresses, and More The CDN provider said that, in response to valid legal requests, it shares IP-addresses that are used to login to the site as well as the login times. In addition, it hands over ‘basic subscriber info.’ including names, email addresses, physical addresses, phone numbers, and payment details. How useful the provided information will be to ACE remains to be seen. However, it does show that the anti-piracy coalition is watching these sites closely. As such, it will likely do everything in its power to take them down. Finally, it is worth mentioning that several of the targeted domains are tied to the Donuts domain registry. For example, those with the .movie and .email extension. This is odd since Donuts has a voluntary agreement with the MPA, which is part of ACE, to suspend pirate site domains when they are properly reported. The MPA informed TorrentFreak that, in this case, they prefer to go for the Cloudflare subpoena route to support ACE’s investigations and the planned actions against the sites. Suspending the domains remains an option. — A copy of the letter ACE sent to Cloudflare informing it about the subpoena is available here (pdf). A full list of all the affected domain names is listed below. – flixtor.im – flixtor.is – flixtor.se – flixtor.vc – flixtor.it – flixtor.to – myflixer.site – myflixer.to – myflixer.com – xmovies8.pl – xmovies8.ac – xmovies8.com – xmovies8.si – xmovies8.tv – watchserieshd.tv – watchserieshd.cc – watchserieshd.io – gowatchseries.movie – gowatchseries.fm – gowatchseries.tv – series.movie – gowatchseries.video – 123movies2020.org – memovies.to – putlockers.email – top123movies.com – putlockers.me – putlockers.cr – 0123movies.su – hdss.to – moviesjoy.net – watchseries.movie – fmovie.sc – 1movies.is – soap2day.to – soap2day.se – soap2day.im Source: TorrentFreak
  12. Cloudflare doesn't remove anything in response to DMCA takedown notices unless it stores the content permanently. However, the company will hand over personal details of customers to copyright holders who obtain a DMCA subpoena. Over the past 12 months, Cloudflare was ordered to share information regarding more than 400 accounts. Popular CDN and DDoS protection service Cloudflare has come under a lot of pressure from copyright holders in recent years. The company offers its services to millions of sites. This includes multinationals, governments, but also some of the world’s leading pirate sites. Many rightsholders are not happy with the latter. They repeatedly accuse Cloudflare of facilitating copyright infringement by continuing to provide access to these platforms. At the same time, they call out the CDN service for masking the true hosting locations of these ‘bad actors’. Cloudflare sees things differently. The company positions itself as a neutral service provider that doesn’t ‘host’ any infringing content. They just pass on information that is cached on its services temporarily. This means that if copyright holders report Pirate Bay URLs to Cloudflare, the company takes no action other than forwarding the DMCA takedown notices to its customer. By doing so, Cloudflare is convinced that it operates in accordance with the law. Identifying ‘Infringing’ Customers Not all rightsholders agree with this approach and some have filed lawsuits to hold Cloudflare liable. Others have gone to court to obtain DMCA subpoenas, which require the CDN provider to hand over all personal details it has on allegedly infringing customers. We regularly report on these requests, which target torrent sites, streaming sites, and many other pirate portals. In its latest transparency report, Cloudflare reveals how many times it was asked to comply and what information was shared in response. Over the past 12 months, Cloudflare received 58 DMCA subpoenas and the company answered all but one. Together, these affected more than 1,000 domains and close to 500 Cloudflare customers. Previously it wasn’t clear what type of records the company could hand over, but the transparency report provides more information on that as well. What Information is Shared? To comply with the subpoenas, Cloudflare can share the IP-addresses that were used to login to the site as well as the login times. In addition, it can hand over so-called ‘basic subscriber info.’ “This basic subscriber data would include the information our customers provide at the time they sign up for our service, like name; email address; physical address; phone number; the means or source of payment of service,” Cloudflare writes. Whether copyright holders can do anything with this information remains a question. Many larger pirate sites are quite skilled at hiding the tracks that lead to their true operators. For smaller sites that may be different. Website Blocking The transparency report also touches on website blocking, which is another high-profile topic. While Cloudflare is very cautious with blocking, it may in some cases comply with law enforcement requests and foreign court orders. “If we determine that the order is valid and requires Cloudflare action, we may limit blocking of access to the content to those areas where it violates local law, a practice known as ‘geo-blocking’. We will attempt to clarify and narrow overbroad requests when possible,” Cloudflare writes. Cloudflare says it’s cautious because of “the significant potential impact on freedom of expression.” How many domains are blocked is not mentioned, but it does occasionally take action. For example, earlier this year the pirate site DDL-Music.to was blocked in Germany following a court order. Finally, we have to note that Cloudflare also offers hosting services to some clients. If that’s the case, it will remove content when appropriate. That happened three times over the past year, affecting one or two domain names. — Cloudflare’s latest transparency report is available here. Source: TorrentFreak
  13. Cloudflare Warp: beta clients for Windows and Mac are now available Internet company Cloudflare launched its 1.1.1.1 DNS service to the public on April 1, 2018. Besides using one of the easiest to remember IP addresses, Cloudflare promised that 1.1.1.1 would be one of the fastest DNS services, support DNS-over-HTTPS and DNS-over-TLS, and that it would honor user privacy. Cloudflare is one of the options in many, currently experimental, DNS-over-HTTPS implementations in web browsers (Chrome, Firefox) and operating systems (Windows). Cloudflare added optional filters to its service in April 2020 which block block access to undesirable sites on the DNS level. Cloudflare launched a companion app for its DNS service for Android and iOS in 2018, and extended the functionality with its WARP VPN service in 2019. The application enables the use of the company's DNS service on mobile devices, and users may also connect to the VPN service to improve protection further. Warp users get 100 Megabytes for free but need to subscribe for $4 per month for unlimited data. Warp and 1.1.1.1 apps were only available for mobile operating systems up until now. Cloudflare published the first public beta clients of the 1.1.1.1 programs for Microsoft Windows and Apple Macintosh devices this week. The download page reveals that the program is compatible with 64-bit Windows 10 version 1909 and newer versions of Windows, and Mac OS 10.15 or newer. Installation of the Windows client is straightforward; you need to accept the terms on first run before you can start using the client. Cloudflare Warp sits in the system tray area when it is launched. A click displays the main interface featuring a big toggle to connect or disconnect to the VPN network. Select the settings icon to switch between using Warp and 1.1.1.1, and only the DNS service 1.1.1.1. The latter may be more convenient than setting up the DNS information manually, but it is better to configure the DNS provider manually as you won't need to run the software on your system for that task. The preferences list some useful options. You can change the DNS protocol from WARP to either DNS-over-HTTPS or DNS-over-TLS, and enable 1.1.1.1 for Families functionality there if you want that. The few remaining options allow you to add networks that you want WARP to be disabled on automatically and to reset the encryption keys. The service worked fine during tests, but since it is labeled beta, it should only be run in test environments. Closing Words The beta Warp client for desktop systems enables you to connect to the WARP network and sue the 1.1.1.1 DNS service. It is easy to use but lacks plenty of options and features, e.g. kill-switch functionality, that dedicated VPN clients from established companies offer. It is a beta version on the other hand and there is a possibility that some options and features will be introduced before it hits stable. Cloudflare Warp: beta clients for Windows and Mac are now available
  14. Anti-piracy coalition ACE is continuing its crackdown on pirate sites, targeting several high profile actors. Represented by the MPA, the group requests a DMCA subpoena that requires Cloudflare to hand over personal information and account details relating to the operators of The Pirate Bay, YTS, 1337x, EZTV, Seasonvar, Tamilrockers, Lordfilms, and many others. As one of the leading CDN and DDoS protection services, Cloudflare is used by millions of websites across the globe. This includes many pirate sites. Copyright holders would ideally like the company to cease its ties with these platforms, but Cloudflare sees things differently. It positions itself as a neutral third-party intermediary that will only take action in response to valid court orders. Cloudflare DMCA Subpoenas Thus far, court orders that have required Cloudflare to block or terminate a pirate site have been very limited. More commonly, rightsholders obtain DMCA subpoenas from US courts requiring the CDN provider to hand over information it has on the operators of pirate sites. During the first half of 2020, Cloudflare received 31 of these requests which targeted 83 accounts. Many of these were adult sites or relatively smaller pirate portals. This month, however, the anti-piracy coalition ACE has upped the ante. Last week we reported that ACE had obtained a subpoena to go after several pirate streaming sites. This week the crackdown continues, with the anti-piracy coalition requesting Cloudflare to expose information associated with The Pirate Bay and many other high profile sites. ACE Targets The Pirate Bay and Other Top Pirate Sites The list of targeted sites (46 in total) includes several of the top torrent sites, including YTS, 1337x, EZTV, LimeTorrents, and Tamilrockers. Other high profile non-English targets such as Cinecalidad, Pelisplus, Gnula, Altadefinizione, and DonTorrent are listed as well. The subpoena is requested by the MPA’s Jan Van Voorn, who writes on behalf of ACE and its members Amazon, Columbia Pictures, Disney, Netflix, Paramount Pictures, and Universal City Studios. The requested information will help the anti-piracy group to investigate the sites in question. “The purpose for which this subpoena is sought is to obtain the identities of the individuals assigned to these websites who have exploited ACE Members’ exclusive rights in their copyrighted works without their authorization,” the request reads. “This information will only be used for the purposes of protecting the rights granted under Title 17, United States Code,” Van Voorn adds. Cloudflare Will Hand Over Personal Details At the time of writing the subpoena has yet to be signed off by a court clerk, but that is usually not a problem. ACE will then forward it to Cloudflare which will hand over the requested details, including names, IP-addresses, email addresses, physical addresses, phone numbers, and payment details. How useful the provided information will be to ACE remains to be seen. Many of the affected pirate sites should be aware of the possibility that their information can be shared, and could have taken precautions. Why Now? Aside from the many high profile targets in this legal request, ACE’s sudden attention to Cloudflare DMCA subpoenas is interesting by itself. In the span of just a few days, ACE has asked the company to identify the operators of more than 80 sites. Many of these sites, including The Pirate Bay, have been Cloudflare customers for years. Why ACE has decided to take action now, as opposed to years ago, is unknown. — A copy of ACE’s request for a DMCA subpoena, submitted to a California federal court, is available here (pdf). A full list of all the affected domain names is provided below. – yts.mx – pelisplus.me – 1337x.to F – seasonvar.ru – cuevana3.io – kinogo.by – thepiratebay.org – lordfilm.cx – swatchseries.to – eztv.io – 123movies.la – megadede.com – sorozatbarat.online – cinecalidad.is – limetorrents.info – cinecalidad.to – kimcartoon.to F – tamilrockers.ws – cima4u.io – fullhdfilmizlesene.co – yggtorrent.si – time2watch.io – online-filmek.me – lordfilms-s.pw – extremedown.video – streamkiste.tv – dontorrent.org – kinozal.tv – fanserial.net – 5movies.to – altadefinizione.group – cpasmieux.org – primewire.li – primewire.ag – primewire.vc – series9.to – europixhd.io – oxtorrent.pw – pirateproxy.voto – rarbgmirror.org – rlsbb.ru – gnula.se – rarbgproxied.org – seriespapaya.nu – tirexo.com – cb01.events – kinox.to – filmstoon.pro – descargasdd.net Source: TorrentFreak
  15. The RIAA is ramping up the pressure on a wide range of platforms allegedly involved in music piracy. Two DMCA subpoenas obtained against Cloudflare and Namecheap require the companies to hand over all information they hold on more than 40 torrent sites, streaming portals and YouTube-ripping services. Also included in the mix are several file-hosting platforms. Even erring on the side of caution with conservative estimates, there are at least hundreds of piracy-related sites on the Internet today that the RIAA would like to shut down. To have any chance of doing that, however, early work has to be done to collect various pieces of information. This can include the owners of the platforms’ domains, the IP addresses of their servers and where that hardware is physically hosted, plus any other specifics that may help to build a case or back site operators into a corner. As reported on a number of occasions here on TorrentFreak, one of the tools in the box of the RIAA and other rightsholders is the DMCA subpoena. Easily obtained from US courts without any oversight needed from a judge, DMCA subpoenas can be served on various companies, requiring them to hand over information on their allegedly-infringing clients. RIAA Obtains DMCA Subpoenas Targeting More Than 40 Domains When it comes to gaining access to information on sites and their operators, DMCA subpoenas aimed at Cloudflare are a popular choice. The company not only has access to the customer information handed over as part of the account creation and maintenance process but in some instances can also identify the true server locations/IP address of ‘pirate’ site servers. The same can be said of domain registrar companies such as Namecheap. Information on who bought the domain, when and how, plus how it has been used since can yield valuable information for many anti-piracy investigations. The RIAA recently decided to take advantage of both possibilities. Following two separate applications at a California court, the music industry group obtained DMCA subpoenas requiring both Cloudflare and Namecheap to hand over information on a large number of their allegedly-infringing customers. The Cloudflare subpoena contains 35 domains and the Namecheap subpoena 15 domains. However, due to a considerable overlap, when combined they target 41 domains. Targeting YouTube-Rippers Including the Giant Y2Mate.com Since the RIAA appears to have slowly but surely declared war on YouTube-ripping platforms and tools, it will come as no surprise that the subpoenas partially continue along that theme. Y2Mate.com, an insanely popular YouTube-ripping platform with more than 113 million visits per month according to SimilarWeb, features in both subpoenas. A notable element here is that the RIAA went through this exact process with both Cloudflare and Namecheap last May but is now back for a second bite of the cherry. One of the irritants here is that despite RIAA pressure, Y2Mate appears to have almost doubled its traffic, from 62 million visits per month last year to the current extraordinary levels. Like YouTube-DL recently, Y2Mate was also accused by the RIAA of circumventing YouTube’s “rolling cipher”. Next up is Notube.net, which bills itself simply as a YouTube converter. Back in April the site was enjoying around 24 million visits per month, traffic that has now steadied to around 16 million according to SimilarWeb. YouTubeConverter.io, which claims to offer a similar service, has around three million visitors while Ontiva.com and ListentoYouTube.online are relative minnows with around 350K visits each. Torrent Indexes and File-Hosting Platforms While the RIAA and the music industry as a whole consider YouTube-ripping sites and tools to be the number one piracy threat, the DMCA subpoenas also include more traditional targets. Major torrent site 1337x.to makes an appearance in the Cloudflare application which puts the RIAA in good company. As recently reported, anti-piracy group ACE has just obtained a similar subpoena requiring the Tonic domain registry to hand over details relating to the torrent site. Both of the subpoenas obtained by the RIAA also list TorrentDownloads.me, another popular torrent site. In these instances, the site is accused of participating in the infringement of tracks released by Ed Sheeran, Drake, and One Direction. Since music files are relatively small and can be squirreled away on file-hosting platforms, it’s no surprise that these also make the list. Anonfiles.com, which currently enjoys more than 7.5 million visits per month, is accused of hosting tracks by The Killers and Beyoncé. Ddownload.com, a site with around five million visitors and most popular in Germany, also makes an appearance along with Hexupload.net and DoUploads.net An Interesting Addition – A Platform for Buying & Selling Leaked Music Thesource.to appears to be something of an outlier in the RIAA’s list of targets. While most other platforms clearly offer direct access to music in the form of a download or stream, this platform claims to act as a marketplace for people to buy and sell unreleased music. “On THE SOURCE legit sellers can sell real exclusive unreleased music and serious buyers can purchase them. Everything in a secure and verified environment. You are a serious seller and you are sick of having to be online 24/7 hours and doing everything manually? Then we can make your life easier,” its advertising reads. “You are a serious buyer and you are sick of having to wait for every seller or middleman for hours or even for days? Then we can also make your life easier. THE SOURCE has game-changing systems which both serve sellers and buyers, just for example the integrated automated Satoshi system.” The site is paid-entry, currently for the sum of $10, but according to the RIAA’s subpoena application, someone posted the track Warlords by Childish Gambino there. The listed URL tends to suggest that someone was only offering to sell their “vault” but nevertheless, the subpoena was granted. The full list of all domains targeted in both subpoenas can be viewed below. Any domain marked with an asterisk appears in both subpoenas. The subpoenas themselves are also available for download. Domains Targeted in Cloudflare Subpoena 1337x.to pluspremieres.to thesource.to ddownload.com hiphopde.com* ontiva.com* anonfiles.com audioz.download dirrtyremix.es discografiaspormega.com douploads.net ghanamotion.com hd24bit.com hexupload.net intmusic.net iplusfree.org listentoyoutube.online mp3global.org musiconworldoffmx.com muzobzor.ru naijaonpoint.com* newalbumreleases.net ngleakers.co* rlsbb.ru rnbxclusive.vip sanet.ws songslover.cam* torrentdownloads.me* xclusivejams.nl zoop.su notube.net alegemuzica.top topmusic.uno* y2mate.com* youtubeconverter.io* Domains Targeted in Namecheap Subpoena getrockmusic.net hiphopde.com* hiphoptrendsnow.com ontiva.com* songslover.com* stannova.com toryextra.com vevosongs.com ddownload.com torrentdownloads.me* ngleakers.co* naijaonpoint.com* topmusic.uno* y2mate.com* youtubeconverter.io* The DMCA subpoenas can be found here and here (pdf) Source: TorrentFreak
  16. Niece Waidhofer and cosplay models Ryuu Lavitz and OMGcosplay are accusing Cloudflare of protecting and supporting pirate sites that host their leaked photos. Responding to the lawsuit, Cloudflare pointed out that it's a content-neutral service provider but the models argue that the CDN provider has made a cottage industry out of indulging pirates. Earlier this year Texas-based model Deniece Waidhofer sued Thothub for copyright infringement after the site’s users posted many of her ‘exclusive’ photos. Soon after the complaint was filed Thothub went offline. This prompted Waidhofer to shift priorities. In an amended complaint, submitted a few weeks ago, Thothub is no longer a defendant. Instead, the lawsuit now focuses on several sites and services that did business with the pirate site, including CDN provider Cloudflare. Cosplay Models Join Case Against Cloudflare Another significant change is that Waidhofer is no longer the sole plaintiff. She is now joined by two cosplay artists, Ryuu Lavitz and Margaret McGhee, better known as OMGcosplay. Together, these models have millions of online followers. When the original case was filed, Lavitz and McGhee hadn’t registered their photos at the Copyright Office. Both submitted their registrations for hundreds of works in September, after which they were able to join the case. In addition to removing Thothub as a defendant and adding two plaintiffs, some of the strongest allegations were stripped from the original complaint. Cloudflare is no longer alleged to be part of a RICO conspiracy but is accused of direct and contributory copyright infringement. The models claim that Cloudflare has carved out a competitive niche by serving illegal pirate sites that other large CDN companies like Akamai Technologies would not. It ‘helps’ these sites by concealing the real IP-address and by ‘storing’ their content, it’s alleged. Motion to Dismiss Cloudflare replied to these allegations by pointing out that it’s merely a middleman. The company has no knowledge of the traffic that passes through its network and doesn’t store content permanently, in most cases, but simply makes temporary “cache” copies. “Under Plaintiffs’ wildly expansive theory of liability, the owner of any computer connected to the Internet could potentially be exposed to unlimited liability,” Cloudflare argued, adding that the complaint doesn’t show bad “intent”. Based on these and various other deficiencies, the CDN provider asked the court to dismiss the case. However, the models disagree and recently submitted several counterarguments. ‘Cloudflare Helps Pirate Sites’ The models argue that Cloudflare was aware of the copyright infringements on Thothub, but chose not to do anything. Instead, it helped the site to cope with vast amounts of traffic so it could stay online. That’s what the site does for other pirate sites as well. “Cloudflare easily could have limited Thothub’s infringement simply by terminating service, or by not delivering URLs that it had already been notified contained infringing content. But Cloudflare stood behind Thothub instead, as it does regularly for pirates everywhere. Indeed, Cloudflare has made a cottage industry out of indulging pirates.” image (NSFW) The plaintiffs say that Cloudflare is liable for contributory copyright infringement. The company’s decision not to take action helped Thothub to stay online and operate more efficiently. That is enough to be held liable, the models argue, referencing the ALS Scan case against Cloudflare. “Cloudflare enabled Thothub to be operated securely on a vast scale. The law recognizes this as a material contribution that, with knowledge, creates liability,” they write. Thothub Alternatives Still use Cloudflare Without Cloudflare, Thothub’s site would have been “overrun and crashed.” Although it may have come back, that ‘simple measure’ would have made a difference, at least briefly. Cloudflare, however, decided not to act and it does the same for many similar sites today. “The Complaint identifies nearly two dozen other pirate sites — all Cloudflare clients — that are Thothub copycats, including one called Thothub.ru that is nearly a direct clone,” the plaintiffs write. In addition to contributory infringement, the models also accuse the company of direct infringement. They argue that the CDN provider made copies of Thothub files on its own accord and continued copying works after takedown notices were sent. The reply to Cloudflare’s motion to dismiss is filled with allegations that will eventually have to be backed up with evidence. In addition to focusing on the case at hand, it also references an EU report which concluded that 62% of the world’s top 500 pirate sites use Cloudflare. Daily Stormer and 8Chan And, as we predicted a few years ago, Cloudflare’s decision to ban The Daily Stormer is also being brought up. “Despite serving most of the world’s top pirate sites, on information and belief, Cloudflare has never voluntarily terminated services to a customer for repeat copyright infringement. Cloudflare has, however, voluntarily terminated services for other customer sites, including the American Neo-Nazi group Daily Stormer and the conspiracy website 8chan,” the reply reads. It is now up to the US District Court for the Central District of California to decide whether the case against Cloudflare should be dismissed, or if the models can pursue their claims at trial. — A copy of Cloudflare’s motion to dismiss the first amended complaint is available here (pdf) and the reply from the models can be found here (pdf) Source: TorrentFreak
  17. A Higher Regional Court in Germany has confirmed an injunction handed down against Cloudflare that prevents the CDN provider from facilitating access to pirate music site DDL-Music. The music industry welcomed the development, stating that a service that helps infringers evade prosecution through anonymization also acts illegally. CDN company Cloudflare has grown to become one of the most useful and important companies on the Internet, serving millions of websites that in turn serve countless millions of users of their own. One of Cloudflare’s key aims is to be viewed as a neutral intermediary but that status is being chipped away by elements of the entertainment industries. The problem is that some of Cloudflare’s customers are pirate sites but as a service provider, Cloudflare insists that passing on complaints should be enough. The music and movie industries, on the other hand, would like Cloudflare to either stop doing business with ‘bad players’ or take more responsibility for their actions. Cloudflare Won’t Compromise So Legal Action Followed Cloudflare is tied up in several lawsuits around the world, not for its own actions per se, but for the actions of some of its customers. In Germany there has just been a very interesting development, one that could have far-reaching consequences for how Cloudflare does business there. Back in February, Germany-based visitors to pirate music site and Cloudflare customer DDL-Music.to were served with a rare ‘Error 451’ by Cloudflare, meaning that the site had been made inaccessible for legal reasons. At the time, no other information had been made public but as the days passed, a clearer picture emerged. Complaint Filed By Universal Music GmbH Early June 2019, Universal Music GmbH (Germany) sent a copyright infringement complaint to Cloudflare after finding links on DDL-Music to tracks by German singer Sarah Connor. The files themselves were not hosted by DDL-Music but could be found on a third-party hosting site. Universal asked Cloudflare make the tracks inaccessible within 24 hours but Cloudflare didn’t immediately comply. In a subsequent response to Universal, Cloudflare denied being responsible for the activities of DDL-Music. It suggested that the label should confront DDL-Music directly, handing over an email address and details of the site’s hosting provider for contact purposes. What happened in the interim isn’t clear but in December 2019 a hearing took place at the Cologne District Court, during which the court found that Cloudflare could be held liable for the copyright infringements of DDL-Music, if the CDN company failed to take action. On January 30, 2020, the Cologne District Court went on to hand down a preliminary injunction against Cloudflare, advising that should it continue to facilitate access to the Universal content in question, it could be ordered to pay a fine of up to 250,000 euros ($270,000) or, in the alternative, the managing director of Cloudflare could serve up to six months in prison. Preliminary Injunction Made Permanent According to a statement issued late Thursday by German music industry group BVMI, the Cologne Higher Regional Court has now confirmed the judgment of the Cologne District Court. This means that Cloudflare must block access to the pirated music being offered on the website of DDL-Music. While Cloudflare will not be able to comply with that specific order (DDL-Music moved on a while ago) the principle stands. In Germany at least, Cloudflare can be held liable for the infringements of its users. “Cloudflare offers a so-called CDN (Content Delivery Network), which is misused by structurally copyright-infringing websites in order to evade legal prosecution through anonymization. The Cologne Higher Regional Court has now put a stop to this: It has obliged Cloudflare to block customer content that has been reported to it by rights holders, or otherwise block the customer’s entire website,” BVMI’s statement reads. Decision Welcomed By the Music Industry as a Tool to Fight Piracy According to BVMI, the decision of the court is particularly noteworthy since it’s the first time that a higher regional court has confirmed an injunction against “an anonymization service” that conceals the identities of the servers operated by pirate sites. This decision will make that more difficult in future, the group says. “The decision of the Cologne Higher Regional Court strengthens the position of rights holders in an important field and is a clear signal: A service that helps others to evade legal prosecution through anonymization is also illegal,” comments BVMI CEO, Dr. Florian Drücke. “The decision is a further success for our industry against offers on the Internet that cause considerable damage to creatives and their partners and whose business models are based on generating considerable income with third-party content without acquiring licenses for this content.” René Houareau, Managing Director of Law & Politics at the BVMI says the importance of the decision cannot be underestimated. “Little by little we are getting closer to the modern understanding of the responsibility of all players on the Internet – especially through ambitious court decisions like this one,” Houareau says. “An anonymization service may not allow third-parties to distribute illegal offers while disguising the identity of the servers of structurally infringing websites. In other words, excuses no longer apply in such cases. The services have to recognize more and more that some smoke screens no longer work.” The developments in Germany arrive on the heels of a similar court ruling in Italy, which also went against Cloudflare. Following a complaint from TV platform Sky Italy and Italy’s top football league Serie A, Cloudflare is now required to block the domain names and IP-addresses of a pirate IPTV service. In that matter, Cloudflare argued that it merely passes on traffic, but the court wasn’t convinced. Source: TorrentFreak
  18. An Italian court has ordered Cloudflare to block current and future domain names and IP-addresses of the pirate IPTV service "IPTV THE BEST." The order, which follows a complaint from the football league Serie A and Sky Italy, is the first of its kind in the country. Cloudflare put up a strong defense, arguing that it merely passes on traffic, but that didn't convince the court. In recent years, many copyright holders have complained that Cloudflare does little to nothing to stop pirate sites from using its services. The US-based company receives numerous DMCA notices but aside from forwarding these to the affected customers, it takes no action. Cloudflare sees itself as a neutral intermediary that simply passes on bits. This approach is not welcomed by everyone and, as a result, the company has been placed on the EU piracy watchlist alongside familiar pirate sites such as The Pirate Bay, Seasonvar and Rapidgator. Despite this callout, Cloudflare maintains its position. The company doesn’t want to intervene based on allegations from copyright holders and requests a court order to take action. These orders are very rare, but a few days ago the Court of Milan, Italy, set a precedent. Sky and Serie A Sued Cloudflare The case in question was filed by the TV platform Sky Italy and Lega Serie A, Italy’s top football league. The organizations requested a court order to stop various third-party intermediaries from providing access to “IPTV THE BEST”, a popular IPTV service targeted at an Italian audience. Since the IPTV service is a Cloudflare customer the US-based CDN provider was also sued. The copyright holders demanded Cloudflare and several other companies including hosting provider OVH, and ISPs such as Vodafone, TIM, Fastweb, Wind and Tiscali, to stop working with the pirate service. Last September, the Court of Milan sided with Sky and Serie A. It issued a preliminary injunction ordering the companies to stop working with the IPTV provider, regardless of the domain name or IP-address it uses. Cloudflare objected to the claim. In its defense, the company pointed out that it isn’t hosting any infringing content. As a CDN, it simply caches content and relays traffic, nothing more. In addition, the Italian court would lack jurisdiction as well, the company argued. Cloudflare’s Defense Falls Flat Despite the fierce defense from Cloudflare, which extended the case by more than a year, the court didn’t change its position. In a recent order, it explained that it’s irrelevant whether a company hosts files or merely caches the content. In both cases, it helps to facilitate copyright-infringing activity. This is an important decision because services like Cloudflare are hard to classify under EU law, which makes a general distinction between hosting providers and mere conduit services. The Italian court clarified that such classification is irrelevant in this matter. “The ruling is unique in its kind because it expressly addresses the issue of the provision of information society services that are difficult to classify in the types outlined by the European eCommerce Directive,” attorney Alessandro La Rosa informs TorrentFreak. Together with Mr. Bruno Ghirardi, his colleague at the law firm Studio Previti, La Rosa represented the football league in this matter. They worked in tandem with attorney Simona Lavagnini, who represented Sky Italy. ‘Unique and Important Ruling’ Lavagnini tells us that the ruling is important because it’s the first blocking order to be issued against a CDN provider in Italy. “The order is important because, at least to my knowledge, it is the first issued against a CDN, in which the CDN was ordered to cease the activities carried out in relation to illegal services, also including those activities which cannot qualify as hosting activities,” she says. “The recent order clearly says that the services of the CDN shall be inhibited because they help to allow third parties to carry out the illegal action which is the subject matter of the urgent proceeding, even if there is no data storage by the CDN,” Lavagnini adds. TorrentFreak also reached out to Cloudflare for a comment but at the time of writing the company has yet to respond. Cloudflare Blocking Becomes More Common While the attorneys we spoke with highlight the uniqueness of the ruling, Cloudflare previously noted in its transparency report that it has already blocked 22 domain names in Italy following a court order. It’s not known what case the company was referring to there, but it affects 15 separate accounts. The blocking actions will only affect Italians but in theory, they could expand. There are grounds to apply them across Europe or even worldwide, Lavagnini tells us, but that will likely require further clarification from the court. This isn’t the first time that Cloudflare has been ordered to block a copyright-infringing site in Europe. Earlier this year a German court ordered the company to block access to DDL-Music, or face fines and a potential prison sentence. In Italy, the CDN provider was also required to terminate the accounts of several pirate sites last year. However, in that case, Cloudflare was seen as a hosting provider due to its “Always Online” feature. Also, that court order didn’t mention geo-blocking or blocking in general. Source: TorrentFreak
  19. Cloudflare has denied that it's part of a RICO copyright infringement conspiracy. The CDN provider responded to the allegations from Texas-based model Deniece Waidhofer, who sued Cloudflare, Thothub and several advertisers. While Thothub has vanished, the lawsuit isn't going away just yet. Cloudflare is a CDN provider that doesn’t host any copyright infringing material, but several of the company’s customers do. This has resulted in various copyright infringement allegations, including lawsuits in the US, Europe, and elsewhere. While Cloudflare positions itself as a neutral intermediary that can’t do anything to stop pirate sites, not all courts agree. Just this month, courts in Germany and Italy ruled that Cloudflare must take action against copyright-infringing customers. Waidhofer vs. Thothub In the US, the company is also involved in various copyright infringement lawsuits. One of the most prominent was filed this summer by Deniece Waidhofer, a Texas-based model with millions of followers, who sells sexy pictures of herself online. Like many others, Waidhofer offers different subscription levels for her photos, charging up to $1,000 per month for the sexiest footage. That sounds like a profitable business, but as with all content published on the Internet, pirates can step in to ruin the party. Some of her ‘fans’ abuse the exclusive paid access to post her photos in public. This is done in many places, including specialized sites that focus on such exclusive leaks. Up until a few weeks ago, the website Thothub was one of the biggest players in this market. Copyright Lawsuit Involves Cloudflare Unhappy with the state of play, Waidhofer took Thothub to court. In a complaint filed at a federal court in California, she accused the site’s alleged operator – who goes by the name “Captain Thotcakes” – and the site’s members of direct copyright infringement. The claims also apply to several advertisers and Cloudflare, the CDN provider used by the site. Together, these parties are also charged with other claims, including violations of the Racketeer Influenced and Corrupt Organizations (RICO) Act. Soon after the lawsuit was filed Thothub went offline and it hasn’t come back since. This is an early victory for the model, but it doesn’t mean that the case is over. Cloudflare still has to defend itself against the allegations and a few days ago the company countered these in court. Cloudflare Wants Claims Dismissed In a 34-page filing, Cloudflare refutes the allegations. It asks the court to dismiss all claims, describing the lawsuit as a “frivolous” attempt to hold an innocent third-party intermediary liable. “Plaintiff’s attempt to turn the fact that a single website signed up for Cloudflare’s services online into a wide-ranging criminal conspiracy is frivolous,” Cloudflare writes. “Plaintiff’s effort to hold Cloudflare liable for copyright infringement that allegedly occurred on Thothub, simply because Cloudflare provided content-neutral infrastructure and security services, lacks any basis.” Cloudflare stresses that, in her complaint, Waidhofer herself emphasizes that the company’s role is limited to providing services such as infrastructure support, content delivery networking, and DDoS mitigation. Insufficient Evidence According to the CDN provider, the copyright infringement allegations can’t be backed up. For example, there is insufficient evidence to show that it purposefully contributed to any infringing activity. The RICO conspiracy claim fails as well, Cloudflare argues. This requires proof that the companies involved caused Waidhofer harm and that there is a close, direct, and causal connection with Cloudflare’s business activities. This is not the case here, Cloudflare argues, while pointing the finger at the model’s ‘fans’ who leaked the content. “Rather, her alleged injury stems from acts of her own subscribers and fans in ‘leaking’ her alleged images, and from acts of Thothub and its users in posting them online and making them available to others,” Cloudflare writes. Minimal Involvement The company says it did nothing to purposefully cause these infringements. Even if the company didn’t exist, the ‘pirate’ site could still operate through another CDN provider, or without one. “Cloudflare does not own or operate Thothub, cannot control what is posted on any given website, and lacks the ability to remove infringing content. Removing Cloudflare’s services would do nothing to remove the content.” With a timely Halloween reference, the company tries to emphasize its neutral role. “Cloudflare could not plausibly be considered the proximate cause of any harm flowing from the use of this type of service, any more than a Halloween supply company could be said to have ’caused’ a bank’s losses from masked robbers,” it adds. Based on these and a variety of other arguments, Cloudflare asks the court to dismiss all claims. This request is now with the court, which will likely hear Waidhofer’s response before making a final judgment. — A copy of Cloudflare’s motion to dismiss is available here (pdf) Source: TorrentFreak
  20. Texas-based model Deniece Waidhofer, known for selling access to sexy photos of herself online, is taking action against Thothub, a site that publishes leaked copies of her work. The site, its members, and services it works with, including Cloudflare, are accused of copyright infringement and being part of a RICO conspiracy, the suit alleges. The Internet has brought us many new creators and publishers, some of whom are able to make a decent living from their work. The stories about YouTubers who make millions are well known. These web-stars earn their money through advertising, but there’s also a group of creators that have a more direct approach. In recent years there’s been an influx of models who share their, often sexy, pictures and videos in exchange for a monthly subscription. These creators use platforms such as Patreon and Onlyfans to share and monetize their work. This is also the case for the Texas model (De)Niece Waidhofer, who has gathered a dedicated group of paying fans over the years. The exact size of her following is not known but with nearly two million Instagram fans, her appeal is obvious. Pirates Harm Business Model Waidhofer offers different subscription levels for her photos, going all the way up to $1,000 per month for the sexiest footage. That sounds like a profitable business, but as with all content that’s published on the Internet, pirates are a problem too. While there are plenty of people who are willing to pay for this type of content, pirates prefer to get it for free. These people gather on dedicated sites where they share the exclusive content with other users. On Thothub, for example, which describes itself as the world’s leading ‘free e-girl community porn site.’ Waidhofer is not happy with these sites and recently stopped sharing ‘VIP snaps’ because of this ‘leak problem.’ In an effort to stop the leaks, she also lawyered up and sued Thothub and third-party companies it works with, including CDN provider Cloudflare and advertisers Bangbros and Multi Media. Thothub, Cloudflare, and the Racketeering Conspiracy In the complaint, which was filed at a federal court in California, Waidhofer describes herself as a creator who sells photographs for herself in lingerie or costume. According to the legal paperwork, her earnings place her among the top 1% of all OnlyFans users. Thothub is messing with this successful business model by publishing the photos and additional unpublished nude works for free, the lawsuit alleges. “This is an action to stop a pirate website called Thothub, its Members, and co-conspirators from continuing to distribute digital content stolen from Waidhofer […] and to hold accountable Thothub and its co-conspirators for exploiting Waidhofer’s works and body for their own ends,” the complaint reads. Thothub not only uses the images without permission. The site and its members also exploit her as a sexual object, or in their own words, a ‘thot’. “Defendants display Waidhofer’s content on Thothub and describe her to millions of viewers as a dehumanized sexual object that lacks control and agency over her works and body, how her works and body are used, and by whom,” the complaint reads. Through the lawsuit, the model hopes to hold the site, its operator – who goes by the name “Captain Thotcakes” – and its members accountable for direct copyright infringement. The same also applies to Cloudflare, the CDN provider that’s used by the site. Allegations Against Cloudflare Cloudflare is also charged with other claims, including violations of the Racketeer Influenced and Corrupt Organizations (RICO) Act. “Defendant Cloudflare is a co-conspirator of Thothub that aids and abets Thothub’s criminal activity. Cloudflare contracts with Thothub to provide content delivery and security services for Thothub. In this role, Cloudflare makes unauthorized copies of creators’ stolen copyrighted works,” the complaint reads. Cloudflare isn’t only accused of copyright infringement. It’s also described as an anonymity shield that hides the true hosting location of Thothub. In addition, a lack of copyright enforcement makes the CDN provider popular among pirate sites, the complaint notes, pointing to a European Commission report which found that more than half of the top pirate sites used Cloudflare. “Cloudflare also acts as a lookout man for Thothub, masking Thothub’s true identity and server locations. This prevents creators from effectively enforcing their rights against Thothub. This is a major selling point for Cloudflare. “Cloudflare’s permissive approach to repeat infringement, and its willingness to pretend it can do nothing to stop the repeat infringement, is highly attractive for pirates like Thothub.” RICO Conspiracy Includes Advertisers According to Waidhofer, Cloudflare is part of a RICO conspiracy, together with Thothub, the site’s users, and the advertisers Bangbros and Multi Media. The complaint shows a screenshot of Thothub where the advertisers are prominently listed alongside a photo from Waidhofer. The complaint suggests that these companies, who also produce adult content, are immune from having pirated copies of their works published on Thothub in exchange for their financial support. “In exchange for their financial support, the Advertiser Defendants also receive a form of immunity or protection from Thothub against having their own digital content stolen and illegally distributed by Thothub and its associates,” the complaint reads. Through this lawsuit, Waidhofer hopes to shut down Thothub and hold it liable for the damage it’s done. The same also applies to the other defendants, including Cloudflare and the advertisers, which are claimed to be part of a racketeering conspiracy. Thus far none of the defendants has responded officially to the complaint. However, when we checked this morning, Thothub had removed all of Waidhofer’s images from the site. Instant update: Thothub is now down for maintenance with an ‘unknown’ ETA. A copy of the complaint filed at the US District Court at the Central District of California on behalf of Deniece Waidhofer is available here (pdf) Source
  21. At a moment when free speech online and moderation policies are more controversial than ever, Cloudflare is facing accusations that it’s providing cybersecurity protection for at least seven terrorist organizations—a situation that some legal experts say could put it in legal jeopardy. Cloudflare offers a wide-range of services that are fundamental to operating a modern website, such as DDoS protection that prevents a site from being overwhelmed by too many simultaneous requests. It’s a massive organization that claims to handle 10 percent of all internet requests and is reportedly preparing $3.5 billion IPO. On Friday, HuffPost reported that it has reviewed numerous websites run by terrorist organizations and confirmed with four national security and counter-extremism experts that the sites are under the protection of Cloudflare’s cybersecurity services. From the report: While private companies like Facebook place certain limits on speech in their terms of service, Cloudflare prefers to remain as hands off as possible. Being a Facebook user is a choice that anyone can make for themselves and the price of admission includes playing by its rules. But services like hosting, domain registration, and the kind of protection that Cloudflare offers go to the heart of the internet’s infrastructure. Going as far back as 2012, Cloudflare’s CEO Matthew Prince has pushed back on the idea that the company should police speech and today its policy is strictly to comply with legal obligations. At least, that’s its operational policy. The policy from its terms of use gives Cloudflare the right to terminate services “with or without notice for any reason or no reason at all.” Last year, Prince broke with his own standards and discontinued his company’s work with the neo-Nazi website the Daily Stormer. At the time, Prince wrote to employees in an internal email: “I think the people who run The Daily Stormer are abhorrent. But again I don’t think my political decisions should determine who should and shouldn’t be on the internet.” That doesn’t mean that Prince doesn’t consider terrorism abhorrent, which in the case of the Daily Stormer, he freely admitted, “I woke up this morning in a bad mood and decided to kick them off the Internet.” Since then, he’s remained an absolutist when it comes to free speech and neutrality towards customers. The issue that HuffPost raises is whether Cloudflare is providing “material support” to sanctioned organizations. Some attorneys told HuffPost that it may be in violation of the law. Others, like the Electronic Frontier Foundation, argue that “material support” can and has been abused to silence speech. Cloudflare’s general counsel, Doug Kramer, told Gizmodo over the phone that the company works closely with the U.S. government to ensure that it meets all of its legal obligations. He said that it is “proactive to screen for sanctioned groups and reactive to respond when its made aware of a sanctioned group” to which it may be providing services. HuffPost spoke with representatives from the Counter Extremism Project, who expressed frustration that they’ve sent four letters to Cloudflare over the last two years identifying seven terrorist-operated sites without receiving a reply. Kramer would not address any specific customers or situations when speaking with Gizmodo. He said that’s simply company policy for reasons of protecting privacy. Kramer did say that just last week the company had a political pressure group request that it discontinue its services for a website that had been linked to a “warlord” on the other side of the world. He said that some people in the country were under U.S. sanctions, but not the specific person that was identified by the group, and therefore it didn’t take action. I asked if Cloudflare ever continues to provide services for a sanctioned group at the request of a government agency, for example if that agency wants to continue monitoring a specific website. Kramer said he was “not aware” of the company ever having “a situation like that.” He did say that Cloudflare has never been sent a request from the U.S. government to discontinue services for any customer. He speculated that the reason for that is because it doesn’t provide hosting and if the government wants to take down a website they tend to go elsewhere. Kramer says the only requests tend to come from political pressure groups and individuals. As deplatforming and boycott pressure has become an increasingly effective political tool, we’re more likely to see groups targeting infrastructure services. It’s up for debate whether that’s a good thing or not, but it will likely be much more consequential than losing your verified checkmark on Twitter. More At [HuffPost] Source
  22. Cloudflare revealed the company's first VPN product today called Warp which it plans to launch as part of the company's 1.1.1.1 application soon. April 1st is probably the worst day to make announcements for products that do exist. Cloudflare apparently could not pass the opportunity to select April 1st, or 4/1, as the date to reveal Warp. The company launched a DNS service a year ago and with it the DNS applications 1.1.1.1 for Android and iOS. The service supported security features like DNS-over-TLS and DNS-over-HTTPS, a strict no IP address logging policy, the deletion of logs in a 24-hour period, and fast speeds especially compared to default DNS services operated by most ISPs. Cloudlfare calls Warp a "VPN for people who don't know what V.P.N. stands for". The explanation that Cloudflare gives is relatively weak: according to Cloudflare, it is the simplicity that makes it attractive to users who don't know about VPN services. The explanation is weak as Cloudflare's solution is not the first that offers a simple option to use a VPN. Warp encrypts all Internet traffic, respects end-to-end encryption, and does not require that users install a root certificate on their devices.Unencrypted Internet connections will be encrypted but only between the user's device and Cloudflare's server (similarly to how all VPNs handle this). The same is true for all respected VPN services. Cloudflare promises that Warp's performance, reliability, and focus on preserving power are what will set it apart from comparable services. We’ve built Warp around a UDP-based protocol that is optimized for the mobile Internet. We also leveraged Cloudflare’s massive global network, allowing Warp to connect with servers within milliseconds of most the world’s Internet users. With our network’s direct peering connections and uncongested paths we can deliver a great experience around the world. Our tests have shown that Warp will often significantly increase Internet performance. Warp will be offered as a free option that is included in the company's 1.1.1.1 application. Cloudflare is working on Warp+, a premium version of Warp that will be available for a "low monthly fee" for people who want more speed. It is not uncommon for companies to finance free versions of a product using premium offerings. Warp+ follows Cloudlfare's web-based servicing model. The company offers a base version of Cloudlfare for free and paid upgrades to unlock certain features. Cloudflare promises, in regards to the always hot topic privacy, that browsing data won't be sold or used for targeted advertising. user-identifiable log data is not written to disk. that users may use Warp without supplying their name, phone number or email address. that it will hire third-party auditors to make sure the service delivers what is promised. The service itself uses WireGuard combined with Cloudflare's Mobile SKD. Warp+, the premium version of Warp, will use Cloudflare's Argo next to that as well. Waiting list Android or iOS users can join the waitlist in the 1.1.1.1 application. Some may not see the option to join the waitlist yet as update propagation takes some time usually. Closing Words Warp's strengths are that it is backed by a company that operates one of the largest networks on the planet, and that it will become a part of the 1.1.1.1 on mobile for ease of use. Users don't have to sign up for it if they use the free version similarly to how Opera's browser VPN works. The difference is that Warp works globally while Opera's solution only in the browser. Desktop applications will be released at a later point in time. Warp won't convince users that distrust Cloudflare, but the success of the 1.1.1.1 application has shown that there is a huge market out there for such a product. Source: Cloudflare announces Warp VPN service (gHacks - Martin Brinkmann)
  23. 8chan has harbored a community of hate and three mass-shooters have now hosted manifestos on the platform. Cloudflare, a company that provides website security and internet infrastructure services, announced on Sunday that it would drop 8chan as a customer. "8chan has repeatedly proven itself to be a cesspool of hate," said Matthew Prince, Cloudflare CEO, in a statement published on late Sunday night. 8chan failed to moderate its content Prince said the site has failed to moderate its "hate-filled community." Because of this, 8chan, a forum and bulletin board, has now been the host of a third mass-shooter manifesto. Mass-shooters have uploaded manifestos explaining their actions on 8chan on three occasions before going out and committing terror attacks. The terror attack on two mosques in Christchurch, New Zealand, on March 15, 2019. Terror attack on a synagogue in Poway, California, on April 27, 2019. Attack at a Walmart store in El Paso, Texas, on August 3, 2019. The last shooting took place over the weekend, when a second mass-shooting also took place in the US, in Dayton, Ohio, although this has not been linked to 8chan. Nonetheless, both shootings have contributed to a growing voice of the US public against online communities and groups that keep harboring and radicalizing mass shooters. "The rationale is simple: they have proven themselves to be lawless and that lawlessness has caused multiple tragic deaths," Prince said. "Cloudflare is not a government" However, the Cloudflare CEO said the company struggled with the decision, as they felt they shouldn't be made to take decisions on what is good and bad on the internet. "Cloudflare is not a government," Prince said before arguing that law enforcement agencies should be the ones deciding when to ban this kind of sites from the internet, and not leave it to private companies to take these decisions. Cloudflare kicking 8chan off its infrastructure means the site is now open to DDoS attacks, among other things. Multiple hacktivists have announced online plans to attack the site after 12:00am PT on Sunday, when Cloudflare said it would drop the site from its servers. 8chan is still online, at the time of writing. The site's domain registrar has not announced a similar ban, meaning users will still be able to access the site, as the domain will still work. Second site kicked off Cloudflare after someone's death 8chan is the second controversial site that Cloudflare kicks off its infrastructure. In 2017, Cloudflare terminated The Daily Stormer, a neo-nazi news and propaganda site, after the website posted an article mocking a woman killed during white supremacy protests in Charlottesville, Virginia. Following Cloudflare's ban, the site was subsequentially banned and kicked off other platforms as well, but it has not gone down for good, continuing to operate to this day, albeit with some inconveniences and downtimes as it constantly switched web hosting providers and domain name registrars. Something similar is now expected to happen to 8chan, a website that users created from the old 4chan community and has a controversial history of its own. 8chan came to be after 4chan moderators started cracking down on violent content posted on their platform after the Gamergate sexism and harassment campaign -- with some harrassment against female gamers and journalists being called on and coordinated from the site's image boards. As a result, most of 4chan's most aggressive and extremist userbase found a new home on 8chan. "Unfortunately the action we take today won't fix hate online," the Cloudflare CEO said. "It will almost certainly not even remove 8chan from the Internet. But it is the right thing to do. Hate online is a real issue." Source
  24. Online security and content delivery company Cloudflare priced its shares at $15 per share on Thursday afternoon, $1 per share above its raised range. The company, which will begin trading on the New York Stock Exchange on Friday, first pitched its IPO between $10 and $12 per share, which it later increased to $12 to $14. At $15 per share, the company raised $525 million in its debut. Bloomberg first reported the pricing. The figure outstrips the company’s prior known fundraising. Cloudflare raised $332.1 million as a private company, with its most recent round totaling $150 million in March 2019. The company last had a private valuation of $3.25 billion. The San Francisco-based company’s debut on the public markets–it’s listing under the ticker symbol “NET”–comes on the heels of some potentially troubling revelations by the company. Cloudflare said in an updated filing on Wednesday that it “may have failed to comply with certain U.S. export-related filing and reporting requirements and may have submitted incorrect information to the U.S. government in connection with certain hardware exports.” “We identified that our products were used by, or for the benefit of, certain individuals and entities included in OFAC’s Specially Designated Nationals and Blocked Persons List (the SDN List), including entities identified in OFAC’s counter-terrorism and counter-narcotics trafficking sanctions programs, or affiliated with governments currently subject to comprehensive U.S. sanctions,” the company wrote in the filing. The news of the disclosure was first reported by the Wall Street Journal on Tuesday, but the company was still able to price above its target range. We’ll see how other investors feel about the company and its new valuation when it starts trading tomorrow. Source
  25. Cloudflare, a content delivery and Internet security firm, set an initial price range for its IPO this morning. The San Francisco-based company will target a per-share price of $10 to $12 when it goes public in the coming weeks. Selling an expected 35 million shares in its IPO, Cloudflare could raise as much as $420 million in the share sale. Add in the 5.25 million shares reserved for its underwriting banks, and the company could gross $483 million at $12 per share, the top of its range. According to its new S-1/A filing, Cloudflare anticipates having around 293 million shares outstanding when it goes public, valuing the firm between a little over $2.9 billion, and $3.5 billion. Given that the firm was last valued at $3.25 billion while private, it’s quite possible that the firm is hoping to raise its price range, giving it a higher valuation, and one larger than what its March 2019 Series E afforded it. Cloudflare has raised over $330 million during its life, including capital from Franklin Templeton Investments, Fidelity, Union Square Ventures, and NEA. Early investors include Pelion Venture Partners and Venrock. Financial Context Cloudflare generated $129.2 million in revenue during the first half of calendar 2019. That figure resulted in a gross profit of $100.0 million, giving the firm gross margins of 77.4 percent in the period. That’s perfectly fine for a software-style business, even if we have seen the occasional higher figure from companies like Slack. In the first half of 2019, Cloudflare posted revenue growth of 48.3 percent, along with a slightly higher net loss in dollar terms. The company’s net loss in percent-of-revenue terms fell from 37.3 percent in the first half of 2018 to 28.5 percent in the first half of 2019. Both figures, however, represent deteriorations from prior results, most especially the company’s 2017 results. In that year, Cloudflare grew revenue from $84.8 million to $134.9 million while losing just $10.8 million on a net basis. What’s driving the rise in losses measured in dollar, and not percent-of-revenue terms at Cloudflare? One answer is rising sales and marketing costs. In the first half of 2019, Cloudflare’s sales and marketing line item rose to 52 percent of revenue, the highest result listed including data going back to 2016. The company notes that sales and marketing headcount saw a “57 [percent] increase” from the first half of 2018 to the first half of 2019, for example. But as we noted in our first coverage of the company’s results, accelerating revenue growth and falling operating cash burn are an attractive pair. The above figures are largely what we already knew, but better framed today in the context of the firm’s prior, private valuation ($3.25 billion) and its new IPO price range ($2.9 billion to $3.5 billion). Has the firm generated material value gains since that Q1 2019 private market price; and if so, how much? If I was a gambling man, I’d wager $1 that we’ll see another S-1/A from Cloudflare with a new price range. Source
×
×
  • Create New...