Movie Companies Identify Pirating YTS User as US Army Veteran

[Matrix]

 

A group of movie companies has named a US army veteran as a pirating user of the popular torrent site YTS. The site hasn't commented on how the movie companies got access to its user data but the site's operator stresses that people can take several precautions to increase their privacy.

 

 

In recent years, YTS.mx has become one of the most-used torrent sites, serving millions of visitors every day.

 

The site can be used without registering an account. However, those who sign up get some extra features, such as an option to bookmark titles. These added benefits can be handy but a few months ago we learned that they also come with risks.

Movie Companies Target YTS Users

At the start of the year, a group of movie companies filed lawsuits against alleged YTS users. In doing so, they relied on information that appeared to come directly from the YTS user database.

 

The timing of these lawsuits was interesting. They were filed around the same time the alleged operator of YTS signed a settlement deal with the same movie companies, agreeing to pay a substantial settlement fee.

 

This remarkable settlement allowed YTS to remain online. The movie companies, including the makers of films such as “Hellboy” and “Rambo: Last Blood,” demanded that the site removed their films, which is indeed what happened.

 

By targeting YTS users directly the filmmakers were looking for more settlements. Instead of merely targeting an IP-address they had more information too, such as an email address and a download history list, which presumably comes from the YTS database.

Army Veteran Named as Defendant

In one of these lawsuits, the defendant was recently identified as Mr. Mesot, a Hawaiian army veteran, who’s currently pursuing a degree in Electrical Engineering at the University of Hawaii.

 

“Upon information and belief, Defendant worked for over 20 years in the United States Army performing technical inspections and maintenance,” the movie companies state, providing more background information.

 

While the rightsholders already had the man’s email address months ago, they still needed a subpoena to compel Internet provider Charter to give up a name. The ISP shared this information recently which allowed the movie companies to officially name Mr. Mesot as the defendant this month.

YTS Database Information

In addition to tracking the defendant’s IP-address through public torrent swarms, the amended complaint also shows a copy of user database information, which appears to come from YTS.

 

 

“As shown in Exhibit ‘4’, Defendant used the YTS account to download a torrent file associated with the Work Rambo V Last Blood from one or more computing devices under his control on Nov. 30, 2019 at 01:29:50 UTC,” the complaint reads.

 

YTS has never officially confirmed that it shared user information with the movie companies but based on the provided evidence, it certainly appears that way.

YTS Shares Privacy Suggestions

When we reached out to the site last week the operator didn’t have any further details on the alleged handover of data. However, YTS indirectly confirmed it by pointing out that users can wipe their download history and take other privacy precautions.

 

“As for the user’s privacy, they do not have to confirm their e-mail address,” YTS informed us, noting that the address is only needed to recover a lost password.

 

“Also, from their profile settings, they have the option to disable their own downloads history, if they wish,” YTS added.

 

We can confirm it’s entirely possible to sign up for a YTS account with a non-existent email address. Also, there is an option to disable the download history in the profile settings.

 

 

“It is very important for any user to use a commercial VPN to download torrents. It is a must. Otherwise, they have a lot of problems,” YTS noted.

 

While a VPN can indeed help, it can still lead to trouble when movie companies have access to private data.

 

As we reported earlier this year, movie companies also sued a YTS user who was using a VPN.

 

In any case, signing up with YTS using an easily traceable email address doesn’t sound like a smart move.

 

A copy of the amended complaint naming Mr. Mesot as the YTS user who downloaded pirated content is available here (pdf)

 

  Source

[zanderthunder]

5 hours ago, Mach1 said:

“It is very important for any user to use a commercial VPN to download torrents. It is a must. Otherwise, they have a lot of problems,” YTS noted.

More importantly, a reliable no-log VPN with a kill-switch functionality. Or consider using Tor which is untraceable.

[coromonadalix]

@zanderthunder       vpn recommendations ?

[zanderthunder]

3 hours ago, coromonadalix said:

@zanderthunder       vpn recommendations ?

 

This post answers your question.
 

 

[lurch234]

17 hours ago, zanderthunder said:

Or consider using Tor which is untraceable.

 

Untrue. Do some research before giving out bad advice.

 

Quote

Tor vulnerabilities

Like any technology, Tor is not 100% secure, and attackers can still compromise Tor’s security. In 2014, a research team from Carnegie Mellon University gained control of enough servers in the Tor network to observe the relays on both ends of the Tor circuit and compare the traffic timing, volume, and other unique characteristics to identify which other Tor relays were part of which circuits. By putting the entire circuit together, the researchers were able to see the IP address of the user on the first relay and the final destination of their web traffic on the last relay, allowing them to match users to their online activity. (For those interested in a more technical explanation, the Tor Project analyzed the attack.) The FBI then used this attack to round up a number of criminals on the dark web as part of their Operation Onymous. Tor upgraded their relays to deal with the specific protocol used by the researchers, but correlation attacks (identifying users through the timing and volume of their traffic) are still possible.

Recently, Zerodium, an exploit vendor, discovered a new flaw in the Tor Browser that allowed attackers to run malicious JavaScript code. The Zerodium hack took advantage of a bug in the NoScript add-on to the Tor Browser. Both NoScript and the Tor Browser have been updated, and in Tor Browser v. 8.0 and later, the flaw is fixed.

These instances should not dissuade you from using Tor; rather they illustrate that even Tor is not 100% secure.

 

Source