Those who follow mainstream tabloid media in the UK and Ireland should be familiar with online streaming piracy by now; whether they like it or not.

The harms and threats of illicit streaming devices or using the preferred term in Ireland, dodgy boxes, have been discussed at length in hundreds of news articles. Additional reports on prison sentences for resellers of these services, make clear that these are serious offenses.

Intriguingly, despite all the attention, millions of people continue to use these ‘cheap’ pirate options. This logically means that there are plenty of active sellers who are still willing to take the risk.

Report Streaming Piracy Campaign

To address the ongoing problem, anti-piracy group FACT has teamed up with the Crimestoppers charity to launch a new social media campaign. Instead of simply warning the public, it’s now calling on people to “speak up” and report piracy peddlers 100% anonymously.

“Running over six weeks on Facebook and Instagram, the campaign aims to gather intelligence on individuals or groups involved in advertising or selling illegal streaming subscriptions, modified firesticks or so called ‘dodgy boxes’,” the groups announce in a press release.

“Digital piracy is a serious crime, often run by organized criminal groups. Information provided anonymously to Crimestoppers will be thoroughly investigated by FACT and could lead to further actions, including prosecution,” they add.

These types of ‘report piracy’ initiatives aren’t new. Crimestoppers has worked on similar campaigns with FACT in the past, with Crimestoppers’ accounts revealing that Sky paid the bills. Together with rightsholders and the UK Government, all three are involved in the BeStreamWise campaign as well, which also asks the public to ‘report a pirate.’

In other industries ‘piracy snitching’ is common too. Best known are the Software Alliance (BSA) initiatives, where people were offered hard cash in return for useful piracy intelligence. That could be handy to pay off credit card debt or to book ski trip, social media ads suggested.

No Bounty

The BSA’s bounty program was very successful according to an insider, who previously said that hundreds of people shared information. This reportedly helped to lower piracy rates at the corporate level.

The new piracy streaming campaign run by FACT and Crimestoppers doesn’t offer any hard cash. Instead, the groups are appealing for people to “do the right thing.” Pirate streaming operations are run by criminals, they suggest, and therefore pose a security threat to the public.

“This campaign is an important step in our ongoing efforts to combat illegal streaming in Ireland. By working with Crimestoppers, we aim to empower communities to act against digital piracy and protect themselves from the associated risks,” FACT CEO Kieron Sharp notes.

The potential harm to rightsholders’ profits remains largely unmentioned. Instead, a Crimestoppers spokesperson mostly focuses on the risk to consumers.

“The dangers to the family home are real for those who take the risk of using these criminal services. We should all pay our way fairly. Speak up if you know about the criminals involved. You’ll be helping to protect people from putting themselves in danger.”

Matter of perspective

Since the campaign exists to serve business interests, it makes sense that the focus is on consumer risks rather than corporate losses. Whether the public will be compelled to serve as informants has yet to be seen.

Most people are likely to agree that crime should be stopped but those who know about pirate streaming services may have a different perspective, as they are part of the problem.

This isn’t merely an informed guess. It’s one of the conclusions of a survey conducted by the UK Intellectual Property Office last year. It found that people were reluctant to report piracy for three main reasons.

A. They would not personally benefit from reporting someone.

C. The police have higher priorities to be dealing with than IP crime.

Of course, these reasons don’t apply to all people and the campaign may ultimately pay off. After all, this isn’t the first time that the public has been asked to help and, if other attempts yielded no results, it would be pointless to try again.

Those who do plan to share information are assured that they can do so 100% anonymously. Their IP-addresses and locations won’t be recorded so they won’t have to fear retribution from angry pirates or their customers.

From: TF, for the latest news on copyright battles, piracy and more.

This is a big deal. A US Appeals Court ruled that geofence warrants—these are general warrants demanding information about all people within a geographical boundary—are unconstitutional.

The decision seems obvious to me, but you can’t take anything for granted.

“Game of Thrones” and its prequel “House of the Dragon” have proven very popular in pirate circles.

The fact that episodes repeatedly leaked before their official premieres made them even more appealing.

This summer, HBO released the second season of House of the Dragon, and the series is already confirmed for a third. To the disappointment of some, however, there were no leaks this year. Or were there?

After the eighth and final episode was released in early August, there was some online banter about a ninth episode. Many people shared their visions of a hypothetical follow-up episode, enough to confuse those who were not up to speed on the inside jokes.

House of the Dragon S02E09

On pirate sites, meanwhile, confusion had also set in. As it turns out, House of the Dragon S02E09 had been uploaded to several reputable torrent sites; masquerading as the real deal, it came with an evil twist.

TorrentFreak spoke to one person who spotted the ‘episode’ in their list of torrents. The release ‘House.of.the.Dragon.S02E09.1080p.WEB.h264-ETHEL.mkv‘ came from a torrent site and was added through an RSS feed monitored by FlexGet.

On a superficial level the release mimics a genuine release. For example, the file size matched expectations and since the torrent originated from TorrentGalaxy, the source didn’t raise any red flags either.

The massive giveaway for hardcore House of the Dragon fans, of course, is that a ninth episode doesn’t exist. For others not yet completely up to speed on the length of the season, the glaring ‘error’ may simply pass them by. And it’s not difficult to accept that some people may be inclined to download and open the release regardless, which comes with something extra: a .LNK file.

Compromised LNK

Files with an LNK extension are pointers used by Windows to quickly open a file, folder, or application. When maliciously configured, which was indeed the case with this particular torrent, the .LNK triggered a Trojan horse disguised as a Dragon. That’s not something anyone wants on their computer.

Antivirus vendor McAfee previously warned about a rise in LNK files being used to spread malware. The small files seem harmless but can trigger other programs to run, inviting malware to penetrate the operating system with potentially disastrous results.

A quick glance at one of the VirusTotal scans for fake TV show torrents is self-explanatory. Antivirus vendors don’t all agree on what it is, but a “Fragtor” trojan is repeatedly mentioned.

Torrent Sites and HBO Respond

The person who ‘caught’ the torrent in their RSS feed didn’t fall for the scam. They also noticed that the rogue file had already been deleted by TorrentGalaxy. This makes sense, as the site typically deals with these malicious uploads relatively quickly.

In response to this and similar uploads, we’re informed that TorrentGalaxy has banned LNK files from being added to torrents. That should prevent this attack vector from being abused going forward, at least on that site.

Interestingly, HBO also noticed this bonus episode through its anti-piracy partner Marketly and took action in response. A takedown notice posted in the Lumen Database shows that the company asked Google to remove an “infringing” link to the non-existent release earlier this week.

HBO likely didn’t remove the torrent because it contained malware. The naming of the file must have triggered the anti-piracy filters, even though a ninth episode doesn’t exist.

Pirates are Popular Malware Prey

These types of malware torrents, disguised as pirated TV episodes, are not uncommon. In recent weeks, several others have appeared online, targeting other series as well. This makes sense, as pirates are popular prey.

Popular TV series are downloaded millions of times. Scammers take advantage by spreading malware disguised as new episodes, or even non-existent ones, hoping that people will fall for it.

At the time of writing, the fake 1080p release of House of the Dragon S02E09 is still being actively shared by roughly two dozen people. In total, it has been downloaded many hundreds, or even thousands of times.

While well-moderated torrent sites tend to remove these files quickly, they continue to float around elsewhere. And indeed, the aforementioned malware copies of House of the Dragon are still available on some sites today.

In the past, we have criticized some reports from rights holders that seemed to exaggerate the malware problems on pirate sites. However, the fact that these threats are sometimes blown out of proportion doesn’t mean that there are no issues at all. Pirates have always been a popular target for malware and viruses.

While hardcore pirates have probably learned to be cautious, people who randomly start searching for pirated content online can easily walk into malware traps.

From: TF, for the latest news on copyright battles, piracy and more.

The Alliance for Creativity and Entertainment (ACE) is arguably the world’s most active anti-piracy coalition.

The group systematically hunts down key piracy players on behalf of the major Hollywood studios and other prominent entertainment companies such as Apple, BBC, and Netflix.

It’s safe to say that ACE had a hand in the demise of most large piracy operations of recent years. The group took down several key players including the original 123movies, Openload, Rapidvideo, Vader Streams, Animeflix, and pirate release group EVO, to name a few.

The Fmovies Cabal

ACE has enjoyed numerous successes and continues to expand its operations. However, in the case of the sudden demise of Fmovies, arguably the largest pirate site shutdown in recent history, the group has remained remarkably quiet.

Fmovies began to unravel toward the end of June. Without an official explanation, the site stopped adding new movies and TV shows and it eventually went offline a few weeks later.

Details of the shutdown are still shrouded in mystery but as we highlighted earlier, ongoing enforcement efforts alongside political and diplomatic pressure may have played a role. The fact that the MPA visited Fmovies’ alleged home country, Vietnam, right when the trouble started, is definitely noteworthy.

What also stood out is that other pirate streaming sites, which were linked to Fmovies, all closed their doors at the end of July.

Disperse, Shutdown, and Redirect

A few days after Fmovies shut down, several ‘sister sites’ decided to throw in the towel as well. Instead of simply pulling the plug, these sites redirected to new pirate streaming portals, ostensibly operated by different people.

These simultaneous shutdowns took place at more than a dozen sites, some of which had millions of monthly visitors. They include flixtorz.to, movies7.to, and swatchseries.mx, which were redirected to theflixtor.to, mov2day.to, and 2flix.to respectively.

“The site has been closed. To continue watching free movies, you will be redirected to other site [insert domain here] (managed by other team),” a brief message on the domains explained.

The message suggests that the original operators wanted to signal that they are no longer involved. That’s odd, since the owners have always been anonymous, at least to the wider public. Maybe the message wasn’t intended for the sites’ users, but for anti-piracy groups who were getting close to the fire?

ACE Targets ‘Successors’

ACE and MPA have previously indicated that they know who’s behind Fmovies, having previously located the operators in Vietnam. The anti-piracy groups likely know a thing or two about the sister sites too, which were presumably operated from the same region.

What ACE thinks about the recent domain redirection efforts is unknown, but the group is certainly eager to find out more about the people behind these new pirate streaming portals.

This week, MPA obtained a DMCA subpoena requiring the .TO domain registry Tonic to share all information it has on the registrants of several domain names. This includes the websites that took over from Fmovies sister sites; theflixtor.to, mov2day.to, and 2flix.to.

The subpoena request follows a familiar format, asking for all usable personal information Tonic has on file.

“[Y]ou are required to disclose to the Motion Picture Association, Inc. (on behalf of the ACE Members) information sufficient to identify the infringers. This would include the individuals’ names, physical addresses, IP addresses, telephone numbers, e-mail addresses, payment information, account updates and account history,” it reads.

Whether this subpoena will result in any actionable data is unknown. By now, the operators of major pirate sites are well aware of the subpoena option, which is why they often use false information.

That said, ACE has had success with this strategy in the past, and even smaller traces, fake or not, might turn out to be useful. In any case, the subpoena indicates that whether these are new operators or not, ACE intends to press on.

—

– filmoflix.to
– papadustream.to
– animesuge.to
– vidsrc2.to
– flix2day.to
– 2flix.to
– theflixtor.to
– mov2day.to
– fboxz.to
– cinezone.to
– aniwave.to
– anix.to
– zoroxtv.to

From: TF, for the latest news on copyright battles, piracy and more.

This site will let you take a selfie with a New York City traffic surveillance camera.

EDITED TO ADD: BoingBoing post.

Making self-healing materials based on the teeth in squid suckers.

Blog moderation policy.

(This essay is late because I came home from worldcon with a wonderful prize--COVID19. It was a very mild dose and I'm better now but it put everything on hold for about a week.)

In the past I've blogged about how difficult it is to write the near future, ten years out (I used to have a working recipe); and then more recently about how the error bars on such predictions are getting longer: and most recently about how bad fifties SF is in a feedback loop with the real world, delivering dystopian outcomes through the medium of deeply superficial billionaires and their pet projects. But is that all that's making the near future hard to write about? What if it isn't just the postulated near future, but the readers themselves who I'm writing for, that are changing?

Predicting the outcome (or future state) of a system that is subject to feedback, not to mention manipulation by profit-seeking grifters, is notoriously difficult. And just as the outputs of a large language model like ChatGPT turn to utter horseshit if your input training data contains too much LLM-generated product, so do the outputs of any extrapolative model if you try to examine a future built by enterprising fools who are uncritically trying to make the near-future SF they grew up reading into reality.

This may be why today's world is so worryingly off-kilter from what we expected a decade ago. My old recipe for predicting the future was: 70% is here today (buildings, cars, people), 20% is not here but is on the drawing boards (faster chips, kids who will be new adults in 10 years time), and 10% is clearly inexplicable (nobody before 2014 really expected Russia to invade Ukraine, much less for Ukraine to invade Russia right back; nor did anyone seriously expect Brexit, or this specific viral pandemic we're collectively in denial of).

But the error bars have broadened as the zone has flooded with shit, and now we're dealing with maybe 60% here-already, 20% on-the-drawing-boards, and 20% random effusions of weirdness. US Presidential races this century are typified by third-party candidates, be they Ralph Nader or Jill Stein, but who the hell ordered Robert F. Kennedy Jr running on an anti-vaxx platform with brain worms and dumping a dead bear in Central Park to discredit urban cyclists? (Although sometimes it's hard to tell which bucket a particular development belongs in: I'm going to stick my neck out and suggest that Project 2025 belongs to the on-the-drawing-boards category insofar as it's the logical consequence of a particular political/demographic avalanche that began in the 1970s, but the politically naive could be forgiven for encountering it as an inexplicable, unprecedented, intrusion from the Taliban dimension.)

Anyway, all of that is just scene-setting for my real concern: the public understanding of fiction itself is changing, and with it, the types of fiction which are commercially (or even socially) viable going forward.

Three fictive seeds germinated during the 1970s, and we're now living in the fifty year old forest they gave rise to. Forests coevolve with ecosystems, and now we're seeing the consequences.

Those seeds were; Dungeons and Dragons (which sparked the whole field of Role Playing Games, which constitute a wholly new mode of fiction in which the story emerges through a collaboration between the GM and the players--the GM provides guidelines and mediates between the player characters and their environment, but doesn't dictate their lines): computer games (which are similarly interactive, but the map or procedural generative content is established before the players arrive): and the first of the big superhero movie franchises (notably the original Christopher Reeve Superman movies, which, starting from 1979, dragged Superman--and then the rest of the DC universe, with Marvel in its wake, out of the comic books and onto cinema and TV screens).

If you think I'm talking about interactive fiction, and that superhero movies are an odd exception (movies being famously not viewer-interactive), you'd be kinda-sorta right: but bear with me--the superhero genre itself is mythological in scale, mainly bases its world-building on the observed world around us (note the prevalence of masks and secret identities!), and it's an enormously popular vehicle for reader self-insertion fantasies and fanfic. And the explosive efflorescence of fanfic and remix culture is what I'm leading up to.

Back in the 1970s, we had a couple of TV channels and no internet and no alternative media distribution channels for non-commercial spin-offs like fanfic. In my teens I designed D&D scenarios: I drew maps by hand and typed notes on a manual typewriter. If I wanted to distribute copies I'd have had to pay for photocopying or used a stencil duplicator (both a significant barrier to a teen nearly a decade before I could buy my first word processor). If I wanted to watch SF on TV I had a very limited choice (loosely: imported Star Trek re-runs, Doctor Who, the very new Space:1999, and Blake's 7). Yes, there were cartoons, both imported Japanese animation and stuff from the studios that churned out content for the Saturday morning kids' TV viewing time--Hanna-Barbera and similar--but no anime franchises in the modern sense, and zero imported manga, nor western re-implementations of same. In the cinema we were lucky to get 2-3 SF/F choices a year until Star Wars broke big. We lived in the world before the arrival of the media franchises that fandom grew all over.

There was no equivalent of fanfiction.net, Archive of Our Own, or the other big aggregators for fanfic writing. Not even the shared universes amenable to self-insertion fantasies that kids take for granted these days--comic-reading nerds were weirdos back then.

Today, SF/F has taken over the media environment so thoroughly that about half the output of Hollywood seems to consist of SF blockbusters or superhero movies. Doctor Who is a big budget glitzy annual extravaganza on the BBC (and now Disney), and the announcement of a new doctor makes newspaper headlines in the UK. There are an estimated 20 million active D&D players in the USA at any given time, and a host of other smaller TTRPGs. San Diego ComicCon gets roughly 135,000 bodies through the doors of the conference center ever year because that's the fire limit and the city's transport infnrastructure can't cope with more. Formerly fringe fannish activities are now ubiquitous, from cosplay to live action roleplaying by way of writing fanfic about readers (or players) favorite characters.

And we're nearly two generations into this seismic cultural shift, from a limited range of fictions which are to be absorbed passively (there was no rewind or pause button on an over-the-air TV broadcast in the 1970s, and nobody normal could afford a videocassette recorder--the damned things cost a third of a year's average income and there were no rental stores back then).

Now here's a funny thing: readers (and viewers, and players) ask questions.

They ask questions about obscure aspects of the story that nobody in 1974 imagined anyone would be bothered by--"did Han or Greedo shoot first?" leads to "but what are bounty hunters doing in the Star Wars universe anyway?"--and subsequent flame wars ... then fifty years later the retcons and world-building to explain it have snowballed so much that they create an enormous TV franchise (The Mandalorian) complete with spin-offs (Ahsoka, etc) made on a budget that dwarfs the original movie. And in the process they add several dozen novels' worth of new characters, planets, situations, and explanatory world-building which in turn raise more "who shot first" level questions, but at a level that's somewhat impenetrable to anyone who hasn't followed the Star Wars universe obsessively since the very beginning.

The same process afflicts the Marvel and DC comics universes. And the various editions of D&D which can loosely be seen as representing a debate between different schools of TTRPG philosophy--what are we trying to do when we play role playing games?--never mind the overspill into computer games (which are essentially interactive choose-your-own-plot-line movies with added chewy metafictional stuff and tools for building your own extensions to the games).

Anyway: fans raised on interactive media rather than the static printed page or celluloid reel of film invariably argue in their own heads with the official story lines they're handed. And they sometimes write down their alternative takes on the stories--not just happy endings in place of tragedies, or attempts to fix what they perceive as broken plots or world building, but their own stories that try to make sense of the worlds of the imagination they've been presented with. Fans who write fanfic or play games from the original adversary's point of view in hope of getting a happy ending are not fans who accept the author's privileged position as narrator for granted.

I'm a living fossil, a fiction author who expects to define the parameters of a fictional universe, set it in prose, and present it to a reader to follow (or not, if they don't like it). I'm the author, they're passengers: I'm the final authority in my fictional worlds.

But there seems to be an emergent discourse in fandom about the legitimacy of the authorial position. If you're used to the ending of the story being maleable and varying depending on the choices you make as you play or experience it, traditional fiction can seem arbitrary, even dictatorial. "I wouldn't make that choice, so why should this viewpoint character?" is the sensibility.

Their skepticism extends to world-building too. This essay was in part triggered by a bizarre opinion I saw re-tweeted on Bluesky, asserting that the very act of world-building is "fascistic". To quote (filing off the serial numbers to spare the OP from a dogpiling):

I view worldbuilding as fairly fascist tbqh. Refusing to allow spaces for the reader's imagination to flourish. Removing the part of the contract between writer and reader that is communal and shared. Grabbing them by the hand as you try and map out a land that does not exist.

My take on this is that there is an implied contract between reader and writer ... but the commenter here has mistaken the Role Playing Game contract for the one that exists in static prose. Yes, RPGs are interactive and collaborative: the story emerges as the GM interprets the world for the players and the players express their characters' preferences. But the implied contract in static fiction between reader and author is entirely different--the world-building author of a novel is not dictating a game-player's reality, they're just setting out a proposition about their own fictional world which the reader is at liberty to ignore.

Most likely this tweet was a screech of angst-driven rage about the author of a favored work not leaving wide enough margins in their book for the reader to scribble their own headcanon annotations in: or maybe they're angry at large media franchises who pick obviously committee-driven explanations as retcons for prior material (midi-chlorians! Star Trek replicators!). It could also be an overreaction to the enormous inertia the large media fandoms have built up over decades and their pushback against anything that disagrees with their personal taste with "that's not canon". But it bears due consideration, because it's symptomatic of a shift in the attitude of readers to texts: that personal taste should dictate how the story unfolds, rather than it being fixed as ink on paper is fixed.

And now I'm trying to work out what this implies for my own writing.

One obvious corollary is that this new generation of readers (not you: if you're reading this blog then, like me, you're probably pale, male, and stale) are inclined to reject the immutability of a described reality that contradicts their own preferences. "The people in this story are not like me: I find this implausible so I'm leaving it a one-star review" is to be expected. But that's already the case (if you want substantiating evidence just read my Amazon or Goodreads one-star reviews). But there'll also be a lot of alienation at world-building that doesn't play to their pre-existing cognitive biases, or attempts to perform the traditional SF trick of making an interesting but unpalatable assumption and trying to portray a world in which that assumption is unexceptional.

Another corollary is that you can to some extent pre-empt the interactive fiction reader's sense of claustrophobia, of being hemmed in on all sides by a dictated reality, if you just leave them room to fanfic around the edges. Unreliable narrators are great in this respect--the reader can just tell themselves "oh, Bob is wrong again" and move on. (I think making Bob an overtly unreliable narrator early in the Laundry Files is one of the main reasons I've been able to continue writing that series for so long.)

And finally, bear in mind that younger readers may be approaching fiction from a fundamentally different direction to older readers: that they have expectations of maleability that us old farts didn't grow up with, and will not be sympathetic to narrative styles that dictate their (the reader viewpoint's) outlook.

A cursory skim through blocking records for Italy’s Piracy Shield system reveals that pirate IPTV servers can operate from almost anywhere.

Asia-linked servers and services make regular appearances in the AGCOM list with China, Hong Kong and Taiwan-based platforms causing issues for rightsholders all over the world.

Within China itself, enforcement actions take place far less often than rightsholders believe they should, but in Taiwan, raids are reported more frequently, with foreign rightsholders also likely to benefit.

IPTV App Sold Online Leads Investigators to the Source

In a report detailing events that culminated last month, Taiwan’s Criminal Investigation Bureau (CIB) says that searches of online auction platforms revealed sales of an app known as Qingtian TV / Sunny TV. In common with similar TV piracy tools, Sunny TV offered live TV streams culled from legitimate broadcasters, bundled together in a mobile app.

Organizations and TV companies with interests in that content include Taiwan’s Satellite Radio and Television Business Association, and members of Japan-based anti-piracy group CODA, which include TV stations TBS, Fuji TV, NTV and TV Asahi. Rightsholders estimate that over a two-year period, the market value of the content offered via the app amounted to at least one billion Taiwan dollars, around US$31.2m.

Their case was referred to the Taichung District Prosecutor’s Office in Taiwan and following an investigation, authorities targeted addresses in Taichung City and Yunlin County early last month.

Suspects Rented an Empty House

Along with others, one of the two main suspects, identified by CIB under the surname Li, reportedly rented an empty house in which to conduct business.

“The appearance of the place was low-key, like a house that had been abandoned for many years,” CIB says.

Photographs taken inside the house during the raid tell a different story.

Image credit: CIB

According to labels displayed next to the equipment post-seizure, the relatively small units in red cases are cable TV set-top boxes, while the units in black cases are marked ‘signal encoders’.

Image credit: CIB

CIB says 72 set-top devices and 72 signal encoders were seized, along with two servers, two hosts, six network switches, plus nine bank books and several mobile phones. In total, 279 pieces of equipment and other items were seized as evidence.

Structure of the Piracy Operation

CIB’s report indicates that Li and another suspect identified as Chen, were both arrested, noting that the latter is also suspected of “using various online markets to sell the illegal OTT software, and often changing accounts to avoid police investigation.”

CIB also references two additional suspects; who they are and what roles they played in the operation go unmentioned.

Finally, the law enforcement agency has published a diagram which provides an overview of the IPTV operation; from receiving, capturing and encoding streams for distribution, right through to consumption by end users. The original slide is in Chinese and our translations here aim to reflect the original as closely as possible.

Image credit: CIB

The prominent inclusion of Cloudflare in the slide doesn’t really come as a surprise, and appears to be part of a growing trend.

Placing the company’s name and logo within a piracy chain arguably lacks context. However, if informal talks on how to mitigate piracy are perceived to be going nowhere, moving the discussion into the public arena may serve to increase the pressure.

From: TF, for the latest news on copyright battles, piracy and more.

This is a fantastic project mapping the global surveillance industry.

In 2021, Germany joined a growing list of countries that have an institutionalized pirate site blocking scheme in place.

Several large ISPs teamed up with copyright holders and launched the “Clearing Body for Copyright on the Internet” (CUII), which is responsible for handing down blocking ‘orders’.

While CUII doesn’t rely on court judgments, there is some form of oversight. When copyright holders report a pirate site, a review committee first checks whether the domain is indeed linked to a website that structurally infringes copyrights.

What Sites are Blocked?

If a website overwhelmingly hosts or links to pirated material, the site can be nominated for a blocklist entry. This can apply to torrent sites, streaming portals, and direct download hubs, as long as piracy is front and center.

Germany doesn’t publish an official overview of the domain names subject to blocking. The decisions are public and often mention the target ‘site’ by name; domain names, URLs, and even the requesting rightsholders’ names are all redacted.

This ‘secrecy’ is not an oversight but a feature that’s codified in the agreement between rightsholders and Internet providers.

“The domains of the blocked [pirate sites], other domains and mirror domains, the applicants and their violated rights, as well as the names of the auditors are not mentioned,” it reads.

Transparency ‘Leak’

Secrecy surrounding blocked domains is frustrating for journalists and others who have a watchdog function. After all, without knowing which domains are blocked, it’s impossible to check for errors and overreach.

While there haven’t been any obvious errors that we’re aware of, access to information related to blocking would provide much needed transparency. With no information available from official sources, Damian, a 17-year-old German student, got together with some friends and embarked on a mission to fill in the blanks.

After sifting through the data and running domains though extensive DNS resolver tests, Damian launched CUIIliste.de, effectively lifting the blocking veil by exposing all URLs without redactions.

“The CUII blocks domains. Which ones exactly? The CUII does not reveal this. But don’t worry – that’s why we’re here. We’ll do our best to collect and publish all blocked domains,” the site explains.

275 (sub)Domains Blocked

Thus far, CUII has published 21 blocking recommendations on its official website, without disclosing any domains. According to CUIIliste, this resulted in 275 blocked domains, including subdomains.

The blocking transparency portal offers a searchable list of the domain names, which will be updated after new blocks are discovered. For the shadow library Sci-Hub, for example, all main domains (sci-hub.se, sci-hub.st and sci-hub.ru) are off-limits.

The 275 number is a bit inflated, however, as it includes many subdomains such as ww11.kinox.to. ww14.kinoz.to and ww15.kinos.to, which likely exist to counter blocking measures. If we delete all duplicates, we end up with a list of 104 domain names.

Transparency & No Censorship

According to CUII, the blocking efforts don’t amount to censorship, as they only target structurally infringing domain names. However, without transparency, that claim is difficult to verify.

Damian and his friends make this task easier and their goal doesn’t stop there. In addition to providing transparency, they also advocate against censorship and for freedom of expression. The German blocking efforts go against this, they argue.

“CUII is a private organization that blocks websites that it believes violate copyright law – without any court orders. In addition, their approach seems very non-transparent in my opinion,” Damian writes.

To address the alleged censorship part, the site also links to various options available to the public to circumvent the blocking efforts. This includes switching to third party DNS resolvers.

Netzpolitik reports that Damian spent his summer holiday working on the site. While this was a fun project, it has a serious undertone and is regularly disregarded by the mainstream press.

While it’s understandable that CUII doesn’t want to offer a portal with clickable hyperlinks to pirate sites, keeping the URLs secret is far from ideal. Or as the German news site Tarnkappe puts it: ‘It’s only metadata’.

When it comes to transparency, Germany and many other countries can learn a thing or two from Uruguay, which offers dedicated and complete transparency when it comes to pirate site blocking.

—

astrotheque.net
bs.to
buffsports.me
buffstreams.sx
burningseries.ac
burningseries.tw
canna-power.to
canna.to
cine.to
filmfans.org
filmpalast.to
harleyquinnwidget.com
harleyquinnwidget.live
harleyquinnwidget.net
israbox-music.com
israbox-music.org
israbox.com
isrbx.com
isrbx.me
isrbx.net
jokerguide.com
jokerlivestream.net
jokerlivestream.org
jokerlivestream.vip
kinos.to
kinox.am
kinox.bz
kinox.click
kinox.cloud
kinox.club
kinox.digital
kinox.direct
kinox.express
kinox.fun
kinox.fyi
kinox.gratis
kinox.io
kinox.lol
kinox.me
kinox.mobi
kinox.pub
kinox.sh
kinox.space
kinox.sx
kinox.to
kinox.tube
kinox.tv
kinox.wtf
kinoz.co
kinoz.to
megakino.biz
megakino.cab
megakino.co
megakino.ink
megakino.com
megakino.vin
megakino.ws
newalbumreleases.net
newalbumreleases.unblocked.co
newalbumreleases.unblockit.app
newalbumreleases.unblockit.bet
newalbumreleases.unblockit.blue
newalbumreleases.unblockit.buzz
newalbumreleases.unblockit.cam
newalbumreleases.unblockit.cat
newalbumreleases.unblockit.ch
newalbumreleases.unblockit.club
newalbumreleases.unblockit.day
newalbumreleases.unblockit.dev
newalbumreleases.unblockit.how
newalbumreleases.unblockit.ink
newalbumreleases.unblockit.is
newalbumreleases.unblockit.kim
newalbumreleases.unblockit.li
newalbumreleases.unblockit.link
newalbumreleases.unblockit.ltd
newalbumreleases.unblockit.me
newalbumreleases.unblockit.name
newalbumreleases.unblockit.nz
newalbumreleases.unblockit.onl
newalbumreleases.unblockit.uno
newerastreams.com
nsw2u.com
nsw2u.in
nsw2u.net
nsw2u.xyz
nswgame.com
romslab.com
s.to
sci-hub.ru
sci-hub.se
sci-hub.st
serienfans.org
serienjunkies.biz
serienjunkies.eu
serienjunkies.info
serienjunkies.org
serienjunkies.us
serienstream.to
streamkiste.tv
taodung.com
tazz.tv
tennis.stream
ziperto.com

From: TF, for the latest news on copyright battles, piracy and more.

1

Забраната на рекламата на хазарта беше събитие в медийния сектор. За някои забраната беше желана, за други – удар. Защо – в Капитал има обстоятелствена публикация. В нея дори има хипотеза, че се въвежда забрана, но скоро ще се наложи забраната да се отмени, ако настъпят промени в собствеността на някои медии.

Става известно, че НАП е издала отговор на питане по Закона за достъп до обществената информация/ЗДОИ. Отговорът на практика ограничава обхвата на забраната на рекламата на хазарта, приета през 2024 г. с последните изменения на ЗХ.

Според дефиницията в ЗХ „реклама на хазартни игри“    (§1, т.23) е „разпространявана във всякаква форма, с всякакви средства  информация, която директно приканва потребителите да участват в хазартни игри […] След отговора на НАП по ЗДОИ се оказва, че така дефинираната реклама на хазарта е забранена в по-малко случаи, отколкото си мислим.

2

Според чл.16 и 17 ЗХ Държавният надзор в областта на хазарта и свързаните с хазарт дейности се осъществява от изпълнителния директор на Националната агенция за приходите. Именно той “организира разясняването на законодателството в областта на хазарта и свързаните с него дейности по подходящ начин”. На сайта на НАП има информация какъв е начинът – запитвания във връзка с прилагане на законодателството в областта на хазарта се адресират към Централно  управление на НАП. Проектите на отговори на тези запитвания се изготвят от дирекция „Данъчно-осигурителна методология“ при ЦУ на НАП.

3

Изясняването на разпоредбите на ЗХ в конкретния случай е оформено като отговор на запитване по ЗДОИ. Въпросите, на които се иска отговор и на които НАП е отговорила по реда на ЗДОИ, са следните:

Има ли право инфлуенсър да рекламира съдържание (да се разбира продуктово позициониране) на лицензиран хазартен доставчик в Instagram – социална мрежа?

Попадат ли социалните мрежи – Facebook, Instagram, YouTube и TikTok в промените за забрана на хазарт в България или така обнародвания закон, не ги обхваща?“.

Имат ли право журналисти да рекламират хазартно съдържание (да се разбира продуктово позициониране), чрез PodCast на лицензиран хазартен доставчик в YouTube – социална мрежа?

Имат ли право медии да рекламират хазартно съдържание (да се разбира продуктово позициониране), чрез PodCast на лицензиран хазартен доставчик в YouTube -социална мрежа?

Как НАП определя, какво съдържание е допустимо, ако в него присъства продуктово позициониране на лицензиран хазартен доставчик (без то да бъде рекламирано) в социалните мрежи – Facebook, Instagram, YouTube и TikTok?

4

Отговорът на НАП завършва така:

“Следва да се има предвид, че в настоящия акт се обективира разбирането на Националната агенция за приходите по отношение на приложимото законодателство.

В тази връзка е възможно факти и обстоятелства, които могат да бъдат установени единствено в рамките на производство по извършване на конкретна проверка по ЗХ, да формират основание за третиране, различно от изложеното.

 В изпълнение на разпоредбата на чл. 15в, ал. 3, т. 1 от ЗДОИ, решението ще бъде публикувано в Платформата за достъп до обществена информация на Министерския съвет.

На основание чл. 40, ал. 1 от ЗДОИ, решението подлежи на обжалване пред съответния административен съд по реда на Административнопроцесуалния кодекс, в 14-дневен срок от датата на връчване или получаване на уведомление.”

Подлежи на обжалване по ЗДОИ решението за издаване/неиздаване на отговор, но не и решението по същество. Интересно е в каква правна форма НАП издава становищата си по приложението на ЗХ (когато няма запитване по ЗДОИ). Съответно дали и как се оспорва становището за разясняване на законодателството.

5

По същество запитването по ЗДОИ е фокусирано върху забраната на рекламата в социалните мрежи. ЗХ дефинира реклама на хазарт така: „разпространявана във всякаква форма, с всякакви средства  информация, която директно приканва потребителите да участват в хазартни игри […] (пар.1, т.23)

Според Чл. 10 ЗХ (Изм. – ДВ, бр. 42 от 2024 г.) (1) Забранява се рекламата на хазартни игри:

1. в радио- и телевизионни програми, с изключение на излъчването на тиражите на Държавно предприятие “Български спортен тотализатор” и тяхното анонсиране;

2. на обществени места, включително фасади на сгради;

3. в печатни произведения и електронни медии, включително и интернет страници;

4. върху имущество – държавна собственост и общинска собственост, с изключение на обекти, които имат издаден лиценз по реда на този закон; 5. върху външни рекламни съоръжения в повече от 5 на сто от общата рекламна площ на всеки доставчик на рекламни услуги чрез външни рекламни съоръжения

Ако се фокусираме върху онлайн рекламата, изрично забранени са две зони: “радио – и телевизионни програми” по т.1 и “електронни медии, включително интернет страници” по т.3, като първата зона напълно се съдържа във втората, по-широка зона. Ключовият въпрос е дали социалните мрежи се включват във формулировката “електронни медии, включително интернет страници”, където рекламата на хазарт е забранена.

НАП твърди, че ЗРТ има предвид платформите, когато казва в чл. 4, ал. 4 , че: „Не са доставчици на медийни услуги лица, които само разпространяват програми, за които редакционна отговорност носят трети страни“.

Всъщност не. Регламент 2024/1083 (Законодателен акт за свободата на медиите) казва изрично: “На цифровия медиен пазар доставчиците на платформи за споделяне на видеоклипове или доставчиците на много големи онлайн платформи могат да попаднат в обхвата на определението за доставчик на медийни услуги. Като цяло тези доставчици имат ключово значение за организацията на съдържанието, включително чрез автоматизирани средства или алгоритми, но не носят редакционна отговорност за съдържанието, до което предоставят достъп. Във все по-интегрираната медийна среда обаче някои доставчици на платформи за споделяне на видеоклипове или доставчици на много големи онлайн платформи започнаха да упражняват редакционен контрол върху дадена част или части от своите услуги. Поради това, когато такива доставчици упражняват редакционен контрол над част или части от своите услуги, те биха могли да бъдат квалифицирани както като доставчици на платформи за споделяне на видеоклипове или като доставчици на много големи онлайн платформи, така и като доставчици на медийни услуги.”

Накратко, YouTube и останалите платформи не са “лица, които само разпространяват” съдържание и чл.4 ал.4 ЗРТ не се отнася за тях – както приема НАП в отговора си:

считам, че може да се приеме, че по своята правна същност социалните платформи от типа на Facebook, Twitter/X, Instagram, TikTok  не са медии по смисъла на ЗРТ, поради което при спазване на законовите ограничения на ЗХ, по отношение на рекламата, няма причина за тяхното ограничаване, като водещо отново остава самото съдържание на представяната информация.
Гореизложеното е относимо и по отношение на „Youtube“ като платформа.
Базирайки се на последните изменения в ЗРТ, съгласно които: „Не са доставчици на медийни услуги лица, които само разпространяват програми, за които редакционна отговорност носят трети страни“, това е критерият за определянето и на съответната отговорност. В този смисъл няма пречка в YouTube да се представя информация с хазартно съдържание, при условие, че същата е съобразена с разпоредбите на § 1. т. 23 от Допълнителните разпоредби (ДР) на Закона за хазарта.

6

Специално внимание заслужава и отговорът за рекламирането на хазарт в социалните мрежи от инфлуенсъри – НАП отново отговаря, че няма причина такъв тип действия да бъдат окачествявани като забранена реклама по смисъла на ЗХ.

Без значение какво е инфлуенсър, основен аргумент отново е, че платформите не са медии. Както беше показано, Регламент 2024/1083 не дава основание за подобен категоричен възглед.

И отговорът за реклама, осъществявана от журналисти в мрежите, е аналогичен. Без значение какво е журналист – няма пречка от страна на журналисти, чрез PodCast в YouTube да представят информация с хазартно съдържание в масовите платформи за споделяне на информация по отношение на рекламата, съобразявайки разпоредбите на § 1. т. 23 от Допълнителните разпоредби (ДР) на Закона за хазарта (изм. – ДВ, бр. 42 от 2024 г.).

След такова изясняване на обхвата на забраната за реклама ще бъдат облагодетелствани тези, за които НАП е казал, че няма пречка. Така едно писмо по ЗДОИ може да се окаже икономически важно.

7

НАП изрично казва, че по конкретни случаи може да има и друго третиране. Но неяснотите остават – и те идват от самата лексика на измененията на ЗХ.

Би следвало законодателят да постъпи като в Изборния кодекс – и да определи какво е електронни медии и интернет страници по смисъла на ЗХ. Впрочем дори ако имаше препратка към легалната дефиниция за медии (медийни услуги) в Изборния кодекс, отговорът по ЗДОИ не би бил обоснован, защото понятието медии според ИК включва и медийните профили и канали в платформите.

Изобщо измененията на ЗХ е хубаво да се преразгледат, не само заради горните проблеми. В ЗХ пише още, че СЕМ осъществява надзор в медийното пространство, което наистина никой не знае какво означава и винаги може да е основание за оспорване.

РЕШЕНИЕ_№Р -ЦУ– 138 /17.07.2024 г. ЗДОИ

Free advertising-supported streaming television services, such as market leader Pluto TV, The Roku Channel, and Samsung TV Plus, offer a traditional linear TV viewing experience, via an app, at zero cost to the consumer.

Despite most internet users being constantly spoiled by the availability of free content, as a value proposition FAST services are undoubtedly impressive. Had something similar been available to the public a couple of decades ago, it would’ve been fascinating to see the effect on unauthorized content consumption. Thousands of TV shows and movies for free would’ve gone down a storm.

In reality, however, propositions like FAST take time to mature and need to make commercial sense. Whether FAST services will overtake subscription services as some are predicting remains to be seen, but the formula does seem to be working.

Yet among certain consumers, platforms like Pluto TV are even better when subjected to a few tweaks. These help a good product realize its potential to become something better, they suggest. Rightsholders disagree.

Pluto TV Plays On Pretty Much Any Device

Edge cases aside, Pluto TV does indeed play on pretty much all platforms but becomes much more pliable when iOS and Android apps are ditched in favor of an M3U8 playlist. Since Pluto TV doesn’t supply a playlist, using software such as TVHeadend, NextPVR Jellyfin, or Kodi to view channels, requires outside help.

Other solutions exist but none are as popular or stable as those offered by developer Matt Huisman. His software generates .m3u8 playlist files for many FAST services; all users have to do is copy the playlist’s URL from Huisman’s site, and then paste the URL into a device that can handle m3u8 playlists. By linking to a live remote file, any updates to the playlist are also updated locally.

Or at least that used to be the case. On Wednesday, Huisman revealed that his playlists for Pluto TV, Samsung TV Plus, Stirr, Plex and PBS, have run into trouble.

Copyright Complaint Filed at Cloudflare

Posted as an issue in the Pluto TV playlist repo on GitHub, the title reveals that after receiving a DMCA takedown notice, playlists for Pluto TV, Samsung TV Plus, Stirr, Plex and PBS, are no longer available.

No DMCA complaints were sent to GitHub. On this occasion, anti-piracy outfit Markscan, on behalf of Warner Bros., sent a DMCA takedown notice to Cloudflare. Despite the length of the notice and considerable attention to detail, Markscan appears to have omitted the basics.

The allegedly infringing URL appears clearly but, after detailing its relationship with Warner Bros. Discovery, Markscan’s “proof to show that our client is the owner of certain rights to the copyright work(s)” amounts to a link to the Warner Bros. website but no mention of any copyrighted works.

The anti-piracy outfit then asks Cloudflare to intervene “to get any infringing content removed,” and to ban Huisman from using Cloudflare ever again. The notice goes on to reference a URL that doesn’t exist and then swears (on penalty of perjury) that the information in the notice is accurate.

Huisman: I Can’t Be Bothered Trying to Fight This

Since the takedown notice failed to identify any infringing content, it’s impossible to know what specific content it intended to target, if that was ever the intention at all. Huisman is in the dark too.

“To be clear, this playlist only contained: image urls and the channel urls pointed to an external domain. You can see they don’t even mention what the copyright material is,” he explains.

“However, i cant be bothered trying to fight this. The playlist stuff is just a pain in the butt anyway and I don’t want to risk what I really enjoy (Kodi addons) for the sake of some playlists.”

After DAZN targeted the playlists in January, it appears that a deficient DMCA notice filed at Cloudflare has somehow managed to finish the job. Or maybe not.

From: TF, for the latest news on copyright battles, piracy and more.

Launched two decades ago, Webtoon Entertainment has established itself as one of the prime hosting platforms for short digital comics.

Partly owned by the South Korean company Naver, Webtoon rode the popular ‘webtoon’ wave all the way to the Nasdaq exchange, where it got a listing this summer.

With millions of creators on board, and roughly 170 million active monthly users, the webtoon company is seen as a growth story. While that may be the case, Webtoon’s first quarterly earnings report on August 8 wasn’t well received.

Webtoon’s Rough Start at Nasdaq

Instead of significant growth, revenues were more or less flat compared to a year ago. This was a disappointment to many investors and the stock price fell by more than 40%, ‘evaporating’ a billion dollars in market cap.

For the company’s management, it would’ve been easy to point at piracy as a contributing factor. However, piracy wasn’t mentioned once in the official earnings report. It did get a brief mention during the conference call; Webtoon CFO David Lee mentioned that piracy is a concern for all user generated content services.

Webtoon has a positive outlook on its future and attributed the ‘disappointing’ results to currency headwinds. When currency exchange rates are kept stable, the company noted that year-over-year growth was 11%, topping expectations.

Eye on Pirates

While Webtoon doesn’t use piracy as a scapegoat, the company certainly considers it as a serious challenge going forward. This was made apparent in a SEC filing published a few days ago.

“As the copying and distribution of content over the internet proliferates, the risk of piracy, gray market sales, illegal downloading, file-sharing or other infringement, misappropriation and other violation of our intellectual property is likely to continue to increase,” Webtoon Entertainment states.

“We take various measures to prevent and monitor unauthorized use of our content, including developing proprietary technology to detect piracy and other technological measures,” the SEC filing adds.

These mandatory statements don’t address any novel concerns. Piracy has always been a challenge for the company, which sends out millions of DMCA takedown notices every month in an effort to contain the problem.

Not all sites and services are receptive to these takedown requests, however. Webtoon occasionally has to step up its efforts and address ‘pirate’ threats more directly, through cease-and-desist letters accompanied by legal threats, for example.

Webtoon Subpoenas Cloudflare to ‘Expose’ Pirates

Most ‘pirate’ sites don’t share their full names and contact details online, so getting to these people can be a challenge. Luckily for Webtoon, DMCA subpoenas may be useful to gather additional information.

A few days ago, Webtoon filed a DMCA subpoena request at a Texas federal court, compelling CDN service Cloudflare to expose the personal details of customers connected to allegedly-infringing domain names.

The legal paperwork lists close to 200 targets. After merging several subdomains, we end up with roughly 170 unique domain names, including those related to popular sites such as Bato.to, Mangareader.to, and Mangas.in, which all have millions of monthly visits.

A declaration submitted by an attorney at Webtoon anti-piracy partner Remove Your Media, clarifies that the information requested will only be used to protect the publisher’s rights.

“The purpose of the accompanying subpoena is to obtain the identity of the alleged copyright infringer(s) in control of the internet domain(s)/website(s) listed in the subpoena. The information obtained will be used only for the purpose of protecting the rights granted to my client,” the declaration reads.

After reviewing the application, a court clerk signed the subpoena and Cloudflare now has until October 1st to respond. Judging from previous cases, the US-based Internet infrastructure company won’t contest the request for user details.

Effective, but Not Perfect

To what degree the information Cloudflare has on file will help Webtoon’s enforcement efforts has yet to be seen. Operators of pirate sites are known to use false identities and some are aware that their personal data can be discovered though DMCA subpoenas.

According to Webtoon’s previous experience, these legal efforts can certainly pay off. Last year, the company targeted 360 pirate domain names through a similar subpoena, which resulted in the shutdown of several sites.

Webtoon’s own reports suggested that 150 ‘sites’ went offline after they were targeted though the Cloudflare subpoena.

“After three months of hard work by Naver Webtoon, about 150 overseas illegal sites stopped operating. This is the result of Naver Webtoon’s action to issue a ‘Subpoena’ through a U.S. court, the first in the webtoon industry,” the company wrote in November.

Those shutdowns included many prominent pirate sites including Aquamanga.com, which had more than 60 million monthly visits at its peak.

Time will tell if the most recent subpoena produces similar results but as long as it leads to the shutdown of sizable pirate sites, Webtoon will likely continue these anti-piracy efforts moving forward.

—-

1manga.co
1manhwa.com
1stkissmanga.io
1stkissmanga.me
astrascans.org
asurahunter.com
asuratoon.com
bacakomik.my.id
bacakomik.net
bacamanga.id
bato.to
burningtoon.com
chapmanga.net
clover-manga.com
cn.webmota.com
coffeemanga.io
comic24hnn.com
cosmicscans.id
doombreaker.com
doombreaker.org
dsectcomics.org
earlym.org
emperor-scan.com
emperorscan.net
enryumanga.com
eztoon101.com
fecomicc.xyz
flamecomics.me
freecomiconline.me
freemanga.me
fcmanga.net
god-manga.com
haremscann.es
harimanga.com
hippo-manga.com
hivetoon.com
hwago.org
immortalupdates.com
infinitelevelup.com
jimanga.com
joji-manga.com
kaiscans.org
kanmanhuala.cc
kingofmanga.com
klikmanga.id
komik20.com
komikcast.cafe
komikcast.cz
komikdaily.my.id
komikid.com
komikindo.co
komikindo.moe
komiku.com
komikuwu.com
kumomanga.com
kunmanga.com
kunmanga.to
lectormiau.com
leerolymp.com
likemanga.io
lscomic.com
lami-manga.com
luminous-scans.com
luxmanga.net
mafia-manga.com
manga-lucky.com
manga-za.com
manga18.me
manga18fx.com
mangabtt.com
mangaclash.com
mangadass.com
mangadex.tv
mangadop.net
mangaeffect.com
mangaesp.co
mangaextreme.com
mangafire.to
mangafox.fun
mangagalaxy.me
mangahasu.se
mangaindo.org
mangakatana.com
mangakakalot.tv
mangakakalot.net
mangakakalot.nl
mangakomi.io
mangaku.io
mangamelo.tv
mangamew.com
manganelo.tv
mangapanda.in
mangapill.com
mangaread.org
mangareader.cc
mangareader.to
mangarolls.com
mangascan.cc
mangatale.co
mangatown.com
mangatv.net
mangatx.to
mangauwu.com
manhuafast.top
manhuazone.com
manhwa-thailand.com
manhwa18.cc
manhwabtt.com
manhwaclan.com
manhwafull.net
manhwanew.com
manhwatop.to
manhwatube.com
mcreader.net
mercenary-manga.com
miku-manga.com
manytoon.me
murim-manga.com
murimrpgsimulation.com
murimscan.run
nanomachinemanga.com
nanomachinenow.com
natsu.id
niadd.com
night-scans.com
ninemanga.com
nitroscans.online
oktoon.com
omniscient-readersviewpoint.com
paragonscans.com
ped-manga.com
popsmanga.com
quest-supremacy.com
questismmanga.com
ranker-manga.com
raw.senmanga.com
rawrmanga.com
read-lookism.com
readcomicmanga.com
readrealityquest.com
regressorofthefallenfamily.com
retsu.co
romantikmanga.com
rose-manga.com
shibamanga.com
solo-max.com
spy-manga.com
teamxnovel.com
templescan.net
tenshi.id
thebreakermanhwa.com
thegodofhighschool.online
thetowerofgod.com
thunderscans.com
toomtam-manga.com
toongod.cc
toonily.me
towerofgodmanhwa.com
tukangkomik.com
tusmangas.org
visortmo.ws
webtoonhatti.net
webtoonscan.com
weimanga.com
weakherochapters.com
windbreakermanga.com
xenon-manga.com
xn--72ca0fwcc.net
xn--vv4b11c.com
yaoiscan.com
zahard.xyz

From: TF, for the latest news on copyright battles, piracy and more.

Rolling Stone has a long investigative story (non-paywalled version here) about a CIA agent who spent years posing as an Islamic radical.

Unrelated, but also in the “real life spies” file: a fake Sudanese diving resort run by Mossad.

For companies reliant on sales of digital products delivered via the internet, any level of success is likely to face not just unlicensed competition, but rivals offering identical products with a price tag marked ‘free’.

How to tackle this threat depends on the product, the audience, and the location and nature of pirate sites and services active in the niche. Current thinking suggests that companies with synergies can benefit by pooling resources, with the Alliance for Creativity and Entertainment perhaps the most obvious example.

Kakao Entertainment’s approach to content protection is somewhat more bespoke. The company’s ‘P.CoK’ anti-piracy unit stands out for engaging pirates head-on. Most visible on social media, P.CoK claims to recruit webtoon fans as undercover operatives and recently offered rewards for those willing to blow pirates’ cover.

Kakao’s latest anti-piracy report reveals the results of various initiatives for the first six months of 2024.

P.CoK Anti-Piracy Whitepaper Vol.5

Having previously produced four comprehensive reports, Kakao’s fifth edition covers the period January to June 2024. During that period the company says that technical systems were enhanced while outreach to rightsholders, governments, and other stakeholders, helped in various ways.

“During the first half of 2024, Kakao Entertainment Illegal Distribution Response Team (P.CoK) expanded its monitoring countries and its scope, established its own identification system for illegal site operators, and engaged in more proactive initiatives to enhance copyright awareness,” the paper begins.

“P.CoK conducted various interviews with copyright industry stakeholders such as national governments, copyright agencies, content providers (CPs), investigative agencies, and creators.”

From these interviews, Kakao says it derived “important insights” regarding industry-level solidarity and the value of “collective responses to illegal distribution.”

Results for January-June 2024

During the first six months of the year, P.CoK says that its “sophisticated and tailored monitoring strategies” enabled it to identify the operators of 31 illegal sites/services with seven of those shutting down as a result.

One of those platforms was reader app Tachiyomi, interest in which soared when the project was initially taken down. The full report (available in Korean only) reveals communication from Kakao to Tachiyomi’s developer, apparently in response to what the company perceived as insufficient compliance.

Warning clarification….

The report also details actions currently underway against three major sites. None of are named in full, but for those desperate to know, the descriptions in the report should be sufficient to identify at least two.

Legal Action Pending Against Three Major Sites

Summary of key details/allegations contained in the report, including joint action featuring P.CoK and Japan-based anti-piracy group CODA:

Site ‘M’

• Site ‘M’ is the world’s No. 1 manga piracy site based on traffic and number of works
• Site ‘M’ has consistently failed to respond to warning letters from P.CoK
• P.CoK says it has identified three major operators, including the creator of Site ‘M’
• Joint Korea/Japan legal action in an unidentified country, targeting operator of Site ‘M’

***scans

• ***scans has an English-speaking translation group ranked in the top 5 in the world
• ***scans continuously carries out illegal translation / distribution
• Translated webtoons are often illegally distributed on YouTube and Facebook.
• ***scans has been taken over by an unnamed overseas comics company
• Company hired key managers of existing translation group, continues illegal distribution
• Legal action being prepared against ***scans and the company

***manhua

• ***manhua is a large Chinese site, distributing illegal translations throughout China
• Systematic illegal distribution through clone sites that are inaccessible in Korea
• ***manhua has ignored multiple warnings
• Civil lawsuit being prepared in cooperation with legal Chinese platforms

P.CoK’s Fifth Anti-Piracy White Paper is available here (pdf, Korean)

From: TF, for the latest news on copyright battles, piracy and more.

The inception and early years of The Pirate Bay are an intriguing chapter of the Internet’s history.

While most pirate site operators hid in the shadows, Pirate Bay’s founders were public figures who openly taunted the entertainment industries.

This chapter didn’t end as planned for Fredrik Neij, Peter Sunde, and Gotffrid Svartholm, who were eventually sentenced to prison. By then, however, they had already sparked a digital and political revolution, the impact of which is still felt today.

Some have argued that without the meteoric rise of the notorious torrent site, the entertainment industries would not have embraced services such as Netflix and Spotify so easily.

Pirate Bay TV Series

A few years ago, news broke that The Pirate Bay story was being turned into a TV series. Written by Piotr Marciniak and directed by Jens Sjögren, who also made the “I am Zlatan” documentary, production was in the hands of B-Reel Films, working for the Swedish broadcaster SVT.

American distribution company Dynamic Television scooped up worldwide rights. As far as we know, international deals have not yet been announced. The Swedish premiere on November 8 is coming closer, however, and a few days ago SVT released an official teaser.

The founders of The Pirate Bay – Anakata, Brokep and Tiamo – are played by Arvid Swedrup, Simon Greger Carlsson and Willjam Lempling. The teaser doesn’t give away much, but it’s interesting that one of The Pirate Bay’s infamous responses to legal threats features prominently.

The teaser quotes from Anakata’s response to a letter from DreamWorks, written twenty years ago. The movie company sent a DMCA takedown notice requesting the removal of a torrent for the film Shrek 2, but the reply was not what they had hoped for.

“As you may or may not be aware, Sweden is not a state in the United States of America. Sweden is a country in northern Europe. Unless you figured it out by now, US law does not apply here,” Anakata wrote.

“It is the opinion of us and our lawyers that you are ……. morons, and that you should please go sodomize yourself with retractable batons.”

TPB Founders Not Involved

The response was public information and made it into the series. Whether there will be any new revelations has yet to be seen, however, as none of the site’s founders were actively involved in production.

Instead, the producers used interviews with other people involved, plus the vast amount of public information available on the Internet. That includes the infamous responses to legal threats.

Time will tell how the producers and director have decided to tell this story. Production took place in Stockholm, Sweden, but also ventured to other countries, including Chile and Thailand, where Fredrik Neij was arrested and paraded in front of the press in 2014.

Pirating The Pirate Bay?

One interesting side story is the fact that the “rights” to the Pirate Bay series are now being ‘sold’. As mentioned earlier, Dynamic Television has the global distribution rights but they have yet to announce any international deals.

For now, it seems that ‘pirate’ releases may beat the official channels in quite a few countries, as unauthorized copies of the series are likely to surface on The Pirate Bay this fall; if only to make a point.

This shouldn’t come as a surprise to the makers and rightsholders, of course. We don’t expect many complaints either. After all, The Pirate Bay’s notorious track record is why these rightsholders are generating revenue today. And to bring things full-circle, they’re not sharing any of the money.

From: TF, for the latest news on copyright battles, piracy and more.

For many traditional newspapers reliant on sales of a physical product, the rise of the internet as an integrated publishing, distribution, and content consumption platform, disrupted almost everything.

With new opportunities came new challenges. Popularity of free-to-consume digital versions had a tendency to cannibalize print sales. Advertising revenue that once kept digital publications online, later began to diminish. That was partly explained by the rise of browser-based ad blocking software, itself a response to the rise of aggressive and intrusive advertising.

When publications of all kinds began putting content behind paywalls, accessible only by those with a paid subscription, that helped some publications to survive, even thrive in some cases. For readers unable or unwilling to commit to a subscription, technical solutions were available. Bypass Paywalls Clean (BPC) is probably the most famous of them all.

Publishers Run Out Of Patience

Available for Chrome and Firefox, BPC is an easily-installed browser extension that enables users to bypass paywalls and access content without paying for the privilege.

For publishers hoping to increase revenue where advertising had previously failed, the extension is seen as financially problematic. In April, a takedown notice targeted BPC on developer platform GitLab; the main repo was taken down and never reappeared.

On Monday, another takedown notice targeted BPC’s repo on GitHub. Unlike the GitLab notice, full details of who sent the complaint and the legal basis cited for BPC’s removal, we made available under GitHub’s transparency policy.

News Media Alliance (NM/A), an organization that represents the interests of 2,200 publishers of various kinds, initially wrote letters to GitHub. The organization explained that its complaint wasn’t a straightforward copyright infringement matter actionable under Section 512 of the DMCA.

Credit: News Media Alliance

The notification published yesterday signaled the end of that process and explains the basis for NM/A’s complaint.

“The NM/A represents over 2,200 news, magazine, and digital media publishers in the United States and internationally on all matters affecting the publishers’ ability to provide essential services to their communities,” the notice reads.

“N/MA’s members publish copyrighted content on websites protected by paywalls which the technology identified below [BPC] circumvents. NM/A submits this notice to further the interest of its members and to inform GitHub that the identified technology violates Section 1201 of the Digital Millennium Copyright Act (DMCA), which prohibits circumvention technology.”

The N/MA Complaint Against BPC

N/MA’s correspondence identified a total of four “unlawful products” titled bypass-paywalls-chrome, bypass-paywalls-firefox, bpc_updates, and bypass-paywalls-clean-filters, each in their own repository. While most takedown requests claim that the targeted content is an infringing copy of a copyrighted work, the N/MA complaint centers on software that facilitates access to copyrighted content, by circumventing technological measures.

“The precise paywall technology deployed by N/MA members differs from member to member, and from site to site, with some using [redacted by GitHub] and others using hard paywalls (where content is not available until such authentication),” N/MA explains.

“Regardless, N/MA members deploy password-protected sign-in technology to allow subscriber-only access to its protected content, either for all content or after a user has accessed a certain number of articles. These password requirements clearly suffice as technological protection measures within the meaning of the DMCA.”

N/MA goes on to claim that BPC provides access to paywalled content in one of two ways, depending on paywall type. One method seems to have been redacted while the other is left intact.

“For hard paywalls, it is our understanding that the identified Bypass Paywalls technology automatically scans web archives for a crawled version of the protected content and displays that content,” N/MA writes.

“Unlawful Anti-Circumvention Technologies”

The legislation at the root of the N/MA complaint is also detailed in the takedown notice.

“The ‘Bypass Paywalls’ technologies that GitHub, Inc. offers on its site are unlawful anti-circumvention technologies under the DMCA. See 17 U.S.C. § 1201(a)(1). As the DMCA makes clear, any technology or product designed to ‘circumvent a technological measure that effectively controls access to a [copyrighted] work’ is a prohibited anti-circumvention tool,” the notice states.

Under 17 U.S.C. § 1201(a)(3)(B), a technological measure “effectively controls access to a work” if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.

“The ‘Bypass Paywalls’ technology, by its own terms, is a technology created to ‘bypass’ our members’ paywalls. The technology, moreover, falls within the precise category of technologies that motivated the enactment of anti circumvention provisions in the first place.”

Anti-Circumvention Claim Taken as Valid

When rightsholders allege violations of the DMCA’s anti-circumvention provisions, GitHub carefully reviews those claims and where appropriate, provides repository owners with a time-limited opportunity to make changes to ensure compliance with the law.

While that included the owner of the four repositories mentioned earlier, GitHub determined that a total of 3,879 repositories were affected by the same claims.

In the absence of changes being made, GitHub processed the takedown notice against the entire network, which disabled 3,879 repositories, inclusive of the parent repository.

While this means there’s unlikely to be a future for BPC on GitHub, its future in general is unknown. Some projects can continue on other platforms but since BPC requires maintenance to function at its best, that may limit its options moving forward.

From: TF, for the latest news on copyright battles, piracy and more.

Публикувани са резултати от качествено и количествено проучване, реализирани в рамките на проект „Социална уязвимост и пропаганда“, изпълняван от „Фондация за хуманитарни и социални изследвания“.
Изследвани са основни характеристики и тенденции в нагласите на българското общество и различни социални групи и възприемането на посланията на хибридната пропаганда.

Благоприятни предпоставки за разколебаност на общественото мнение относно направения евроатлантически избор и степента на идентификация с него: в общи линии това е картината, която регистрират проучванията през последните 6-7 години. Според ориентацията по партии картината изглежда така:

Но като цяло данните за 2024 г. препотвърждават високата степен на подкрепа за европейската принадлежност на България и членството в Европейския съюз (61% срещу едва 16% неодобряващи).

Спада делът на активно информиращите се по вътрешно или външно политически теми (от 56% на 43%), за сметка на ръст в рядко или изобщо неследящите актуалните събития (21% през 2024 г., при 15% през 2023 г. заявяват, че не следят).

Целият доклад

This is yet another insecure Internet-of-things story, this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement this attack.

Research paper. Another news story.

Slashdot thread.

Creative Content Australia (CCA) has just released the 2023 edition of its Australian Piracy Behaviors and Attitudes survey.

Research for ‘wave 15’ was carried out nationally between October 3 and October 9, 2023, among 1,293 adult respondents (18+). The results of the survey arrive just a few months after the publication of broader research carried out on behalf of the Australian government.

Both reports broadly agree that around four-in-ten Aussies pirate (or have pirated) small to large amounts of content with varying frequency. The CCA survey reports a “continued downward piracy trend in recent years, noting that frequency was also down in 2023.

Reasons For Pirating Less: Convenient Access to Legal Content

A question directed at the 52% of respondents who claim have pirated less during the last year, reads as follows: Which of the following reasons best explain why you think you are downloading or streaming pirated content less than 12 months ago?

Source: CCA Piracy Behaviors and Attitudes Survey 2023 (pdf)

Cited by 64% of respondents from the ‘pirating less’ category, “I have access to enough content via paid services” predictably takes the top slot, showing that meeting or exceeding consumer demands is the most effective anti-piracy mechanism there is.

In second position, “It takes too much time and effort to find pirated content these days” was cited by 36% of respondents. This suggests that when having “enough content via paid services” (#1, 64%) is combined with frustrated access to pirated content (#2, 36%), all respondents who pirated less over the last year responded positively when presented with easily accessed legal content.

Does Site-Blocking Have an Effective Counterpart?

The fifth most-cited reason for pirating less is directly related to “too much time/effort to find pirated content” mentioned above. Pirated content has only become harder to find due to outside interference and in Australia, site-blocking is persistent. That 19% of the ‘pirating less’ group cited site-blocking as a reason isn’t a particularly big surprise.

However, since respondents were able to select more than one reason from the list, if the 19% who cited site-blocking responded consistently, they likely would’ve selected “too much time/effort” as well. The figures show that 36% selected the latter, while site-blocking alone managed just 19%, or close to half the number claiming that piracy fails the time/effort test.

Given that unblocked pirate streaming portals are easy to find, tend to carry all content, and don’t require payment or an account, even services like Netflix would struggle to compete on the ‘time and effort’ front. So if we rule out extra convenience offered by legal platforms, that raises the possibility of other anti-piracy measures accounting for the 17% gap between 19% (blocking) and 36% (time/effort).

Removal of blocked sites from Google search results may be a candidate, likewise anti-piracy measures on social media. Here, however, the data is too limited to draw any firm conclusion.

Before moving on, the third most popular reason cited by the ‘pirating less’ group is “I felt bad about pirating.” That 22% felt guilty about some aspect of not paying for content seems perfectly reasonable; at least if we ignore the fact that they didn’t feel guilty enough to stop altogether.

Cybersecurity: Hacking, Malware, and….Poor Viewing Quality?

Creative Content Australia operates its main site, Content Cafe, and also The Price of Piracy, which carries messaging that dovetails perfectly with StreamSafely in the United States, and BeStreamWise in the UK.

In addition to promoting its ‘Spin the Pirate Wheel’ campaign, a conclusion drawn from the survey also features on the front page.

Image credit: The Price of Piracy (homepage)

Since “2 million” appears nowhere in the survey, we have to assume this is an extrapolation of the responses provided by pirates.

According to the footer of slide 45, which covers “pirates experiencing cyber security issues such as hacking,” the base was those who experienced a blocked site, of which 92 were ‘persistent pirates’ (one or more pirate activities per week) and 143 were deemed ‘casual’ (one or more activities monthly or less often) – 235 pirates in total.

The question asked was actually quite specific: “Have you ever experienced any of the following when you have accessed pirated content on any device via apps / add-ons?”

In this context the inclusion of ‘poor viewing quality’ as a cybersecurity issue is bewildering on so many levels it’s difficult to know where to begin. Devices running slowly (#2 most popular response) can be attributable to anything, and the same goes for #5 ‘Your device crashing’, and #6 ‘Another internet device crashing’.

If we accept that age-inappropriate content made available on pirate sites is a cybersecurity issue, we can see that roughly a third said they’d seen such material playing on their device. Yet the closest option to answer doesn’t seem to take into account that ‘age-inappropriate’ content playing on a users’ device may be result of the user requesting it.

In any event, the option applies to none of the respondents in the survey because every last one is an adult. The content may very well be inappropriate, but not on age grounds.

Hacking, Malware, ID Theft, Fraud, Botnets

Seeing ‘poor viewing quality’ appearing here as the leading cybersecurity issue faced by the greatest number of pirates, isn’t a surprise. In an earlier report from the UK, which we had to fight to obtain, popups were included to push general malware claims over the line. For reference, EU law forces popups on most EU internet users every day.

Surveys, research, and similar studies are currently going to huge lengths to construct a framework of fear around the threats associated with app-based piracy services. The purpose, of course, is to stop people from pirating content.

The truth is that scare campaigns will only ever enjoy limited success, while cold hard facts can be more terrifying and only need to be read once. When presented by a neutral security company like ESET, the impact of specific facts is obvious.

Click to enlarge

In the final slide, a comparison is made between the cybersecurity issues pirates say they have experienced, versus the security issues faced by non pirates.

Campaigns to steer people away from pirate sites and services due to security risks are reaching saturation point and that could carry a risk of desensitization.

Other than telling consumers of pirated content to simply avoid pirate sites, there’s still no harm prevention component, despite many governments having been briefed on various threats but no obvious signs of anything being done.

There’s no need to overcomplicate things. Name the apps, version numbers and hashes, have a neutral security vendor analyze and then report the harms in terms everyone can understand, and publish the evidence online for everyone to consume and discuss openly.

The 2023 Australian Piracy Behaviors and Attitudes survey is available here (pdf)

From: TF, for the latest news on copyright battles, piracy and more.

In recent years, rightsholders of major sports events have repeatedly complained that piracy of live sports is getting out of hand.

Ideally, they would like to see updates to current legislative frameworks, so the problem can be targeted more efficiently. Site-blocking is high on the list of preferred options, particularly in the United States.

While ISP blocking is still a debated issue among U.S. lawmakers, the country’s enforcement authorities have a more direct option; domain name seizures. With the appropriate legal paperwork, the DoJ’s Homeland Security Investigations (HSI) has sporadically targeted ‘pirate’ domain names for more than a decade.

Streameast Domain Names Seized

This weekend, the feds appear to have carried out another round of seizures, this time targeting the pirate sports streaming website Streameast. This site, which has a strong focus on ‘American’ sports, has over 15 million monthly visitors, who were all sidelined by surprise.

Instead of the usual homepage with links to the latest streams of sporting events, Streameast’s visitors – most of which come from the U.S. – were welcomed by a domain seizure banner.

“This domain name has been seized by Homeland Security Investigations (HSI) pursuant to a warrant issued by the United States District Court for the Eastern District of Louisiana,” the banner reads.

“It is unlawful to reproduce or distribute copyrighted material including sporting events, television shows, movies, music, software, or games without authorization. Individuals who do so risk criminal prosecution under Title 18.”

The seized domain names include the main one; thestreameast.to, as well as popular backup domain options such as streameast.io, streameast.xyz, and streameast.live.

Streameast Makes ‘Instant’ Comeback

The authorities have yet to officially confirm the action, which can typically take a few days. However, all available signs suggest that this is a legitimate law enforcement action. For example, the nameservers were all changed to “seizedservers.com”.

Whether the seizures will be effective in shutting down the Streameast operation is up for debate, however.

Soon after the domain seizures started to populate across DNS servers, the site’s operators informed their followers on Discord that the site has no intention of throwing in the towel. Quite the opposite, the site remains available though alternative domain names.

“As you may know, many of our domains were seized by the US government last night. As the only free streaming site in the world that truly values user experience and quality, it was no coincidence that this happened to us,” Streameast admin ‘Quick’ writes.

There are many fake, fraudulent, and scammy alternatives that remain online but only ‘legitimate’ Streameast domains were targeted, according to the site’s operators. While this came as a disappointment, there was a backup plan in place.

The Streameast team says that it has hundreds of domain names ready to deploy, some of which came into play this weekend. More domains will follow, and the team vows it will continue until ‘affordable’ sports streaming options are available for everyone.

“They need to see that they can’t stop us this way. We own over 400 domains in total, and we will be activating and sharing most of these with you throughout the week,” they write.

“We will never give up the fight. Our fight will continue until sports become affordable for everyone. We promise that once this is achieved, we will permanently shut down all Streameast services,” Streameast adds.

Why, and Why Now?

The Streameast team kept their word and in addition to streameast.co, they also activated streameast.ec, streameast.fi, streameast.ms, streameast.ph, streameast.ps, streameast.sh, and streameast.sk. These domain names may also be seized in the future, but for now, they remain online.

Why Streameast was singled out as a target on this particular weekend is unknown. Typically, U.S. law enforcement plans their domain seizure operations around major sporting events, as happened with the Super Bowl and the FIFA World Cup. There was a big UFC PPV event over the weekend, but those take place each month.

With the Paris Olympics, there was a major sporting event earlier this month, but these seizures are a bit late for that.

As far as we know, there are no indictments against people associated with the site. That said, it is still early days and more information may come out later in the week. With Streameast being as defiant as it is, we don’t expect this to be the end of the enforcement efforts.

—

From: TF, for the latest news on copyright battles, piracy and more.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only.

Downloading content without permission is copyright infringement. These torrent download statistics are only meant to provide further insight into piracy trends. All data are gathered from public resources.

This week we have two newcomers on the list. “Twisters” is the most shared title.

The most torrented movies for the week ending on August 19 are:

Note: We also publish an updating archive of all the list of weekly most torrented movies lists.

From: TF, for the latest news on copyright battles, piracy and more.

If 2009 sounds like it happened half a lifetime ago, many 30 year-olds would likely agree.

At the time the UK government was taking advice from the entertainment industries on how to tackle surging piracy via the BitTorrent protocol.

Presented as an entirely proportionate and reasonable response for dealing with habitual downloaders, disconnecting entire households from the internet loomed ominously on the horizon.

Yet in 2007, the band Radiohead had ventured quite bravely in the opposite direction, arguing that piracy shouldn’t be punished and file-sharing should be embraced. When the band released the album ‘In Rainbows’ online, its price tag competed with ‘free’ on terms that even pirates could understand.

The debate over Radiohead’s ‘pay-what-you-want’ model went global. Praised by some for allowing everyone to afford music, it faced heavy criticism from those who felt that the price devalued music, and would lead to artists – especially less successful ones – suffering the financial consequences of competing with free. Despite the polarized views, Radiohead hadn’t quite finished.

Music Industry & Government Had it All Wrong

In May 2009, Brian Message, a partner in Radiohead’s management company, did the unthinkable. After describing the plan to kick file-sharers (and their families) off the internet as unworkable, Message suggested a radically different approach.

“We believe file-sharing by peer to peer should be legalized. The sharing of music where it is not for profit is a great thing for culture and music,” Message said.

That wasn’t what the labels wanted to hear, to put it mildly. With the benefit of hindsight, legalization probably wasn’t the right solution to support what eventually followed, but anyone could see that the status quo simply wasn’t working.

Was It Really Happening?

In early August 2009, after Radiohead’s Thom Yorke had dropped hints about a “great idea” and a secret distribution plan, things were about to start get interesting again. Whether it was the band, people working for them, or someone else, when the yet-to-be-released Radiohead track ‘These Are My Twisted Words’ was uploaded to private torrent site What.cd, Radiohead and file-sharing were suddenly back in the news again.

For many file-sharers, Radiohead’s approach felt like someone was actually listening; an outreach of sorts, acknowledgement from people who mattered that things needed to change. In the end, changes implemented by the music industry were a revelation. Not only did the industry prove itself wrong by successfully competing with free, it had managed to do so without resorting to brute force.

The idea that file-sharers, fans, will only return to buying any type of content if there’s a credible threat of force, has never made sense to us here at TF. Loyal consumers are happy consumers; happy with the product, happy with the service, and happy with the price. Get any one of those wrong and consumers become unhappy; any plan to cheer them up by a) not fixing the problem and b) resorting to threats, will fail – period.

Radiohead not only understood this better than most, the band actually dared to try something different. Less than a week after the ‘leak’ of ‘These Are My Twisted Words’ on What.cd, Radiohead’s Jonny Greenwood took to the band’s Dead Air Space blog.

The Air Space blog, saved from extinction by the Internet Archive

In his post, Greenwood announced ‘These Are My Twisted Words’ officially for the first time. He then invited people to download it for free, including via a torrent hosted on Mininova, once one of the world’s most popular torrent sites.

And Back to Reality

For Mininova, the Radiohead release symbolized hope. Legal troubles with Dutch anti-piracy group BREIN meant that the site needed to change drastically or face extinction. In our 2009 article, co-founder Erik Dubbelboer celebrated Radiohead’s use of the site’s fledgling content distribution service and called on more artists to do the same.

By November 2009, the only content that remained on Mininova was content uploaded to the new distribution service. After losing its dispute with BREIN, Mininova was ordered to delete all other content, which in time led to the site’s demise. In common with similar sites, Mininova already had a policy of responding to rightsholders’ takedown notices but when a Dutch court found that insufficient, the end was nigh.

TorrentFreak also has a takedown policy. Our policy is to create all of our own content, obtain licenses for images where applicable, and if required, adhere to fair use norms. Because the policy works and nothing is infringing, nothing ever needs to be taken down. Unfortunately, some rightsholders and anti-piracy outfits occasionally disagree; on the plus side, on every occasion they are always wrong.

Wrongfully Targeted Yet Again

Around eight years ago, an industry shake-up saw Radiohead’s back catalog move from Parlophone to XL Recordings, which now operates as part of Beggars Group Digital. With assistance from anti-piracy company MUSO, attempts are now being made to purge Google’s search indexes of all links to unauthorized copies of Radiohead’s music.

A single notice dated August 8, 2024, presented here courtesy of the Lumen Database, is huge. Weighing in at over 9,600 URLs, hidden deep inside is one of our URLs which, according to the notice, should be disappeared by Google for the remainder of eternity, for violating copyright law.

That article contains no copyrighted material apart from our own, and doesn’t link to any infringing content either.

Coincidentally, the same generally applies to the takedown notice itself. Despite claiming to contain close to 10,000 pirate URLs across 1,643 domains, Google’s assessment indicates that just 4.5% are actually infringing.

Rightsholders never got to target individuals in the manner suggested 15 years ago, and that is a good thing; a very, very good thing considering the complaint detailed above. More importantly, people without internet can’t access YouTube, for example, which now generates billions of dollars in revenue for the music industry.

Instead, the focus today is on making life difficult for pirate sites, via site-blocking measures and by generating takedown notices on an industrial scale. When it comes to the latter, all people can do is try not to get caught in the crossfire, pray occasionally, and put faith in Google to shield your own copyrighted works from being rendered unfindable.

That’s exactly what Google did here, having done so many times before.

From: TF, for the latest news on copyright battles, piracy and more.

Over the past two years, AI developments have progressed at a rapid pace.

This includes large language models, which are typically trained on a broad datasets of texts; the more, the better.

When AI hit the mainstream, it became apparent that rightsholders are not always pleased that their works were used to train AI. This applies to photographers, artists, music companies, journalists, and authors, some of whom formed groups to file copyright infringement lawsuits to protect their rights.

Book authors, in particular, complained about the use of pirated books as training material. In various lawsuits, companies including OpenAI, Microsoft, Meta, and NVIDIA are accused of using the ‘Books3’ dataset, which was scraped from the library of ‘pirate’ site Bibliotik.

After the Books3 accusations hit mainstream news, many AI companies stopped using this source. Meanwhile, anti-piracy companies helped publishers to take the alleged rogue libraries offline to prevent further damage.

These enforcement efforts aren’t limited to Books3 either, or the English language for that matter; earlier this week anti-piracy group BREIN reported that it helped to remove a Dutch language dataset.

Authors sued NVIDIA

Earlier this year, several authors sued NVIDIA over alleged copyright infringement. The class action lawsuit alleged that the company’s AI models were trained on copyrighted works and specifically mentioned Books3 data. Since this happened without permission, the rightsholders demand compensation.

The lawsuit was followed up by a near-identical case a few weeks later, and NVIDIA plans to challenge both in court by denying the copyright infringement allegations.

In its initial response, filed a few weeks ago, NVIDIA did not deny that it used the Books3 dataset. Like many other AI companies, it believes that the use of copyrighted data for AI training is a prime example of fair use; especially when the output of the model doesn’t reproduce copyrighted works.

The authors clearly have a different take. They allege that NVIDIA willingly copied an archive of pirated books to train its commercial AI model, and are demanding damages for direct copyright infringement.

Trial in Two years…?

This week, the authors and NVIDIA filed a joint case management statement at a California court, laying out a preliminary timeline. This shows that both parties intend to take their time to properly litigate the matter.

The authors expect that the parties need until October next year to gather facts and evidence during the discovery phase. An eventual jury trial is penciled in a full year later, November 2026.

NVIDIA doesn’t have a hard trial deadline in mind but stresses that the fair use issue is key, and should be addressed early and efficiently. For starters, the company intends to file a motion for summary judgment within a year, after which both parties should have more clarity.

Facts, Figures, and Statistical Correlations

Aside from the timeline, NVIDIA also shared its early outlook on the case. The company believes that AI companies should be allowed to use copyrighted books to train their AI models, as these books are made up of “uncopyrightable facts and ideas” that are already in the public domain.

The argument may seem surprising at first; the authors own copyrights and as far they’re concerned, use of pirated copies leads to liability as a direct infringer. However, NVIDIA goes on to explain that their AI models don’t see these works that way.

AI training doesn’t involve any book reading skills, or even a basic understanding of a storyline. Instead, it simply measures statistical correlations and adds these to the model.

“Training measures statistical correlations in the aggregate, across a vast body of data, and encodes them into the parameters of a model. Plaintiffs do not try to claim a copyright over those statistical correlations, asserting instead that the training data itself is ‘copied’ for the purposes of infringement,” NVIDIA writes.

Put differently, NVIDIA argues that its AI models don’t use the books the way humans do; neither do they reproduce them. It’s simply examining the ‘facts and ideas’ in the books, ‘transforming’ their original purpose to build a complex AI model. That qualifies as fair use, they state.

“Plaintiffs cannot use copyright to preclude access to facts and ideas, and the highly transformative training process is protected entirely by the well-established fair-use doctrine.

“Indeed, to accept Plaintiffs’ theory would mean that an author could copyright the rules of grammar or basic facts about the world. That has never been the law, for good reason,” NVIDIA adds.

Fair Use Battle

According to NVIDIA, the lawsuit boils down to two related questions. First, whether the authors’ direct infringement claim is essentially an attempt to claim copyright on facts and grammar. Second, whether making copies of the books is fair use.

The chip company believes that it didn’t do anything wrong and cites several cases that will likely appear in its future filings. They include the Authors Guild v. Google lawsuit, where the court of appeals concluded that copying books to create a searchable database was fair use. As a result, Google Books still exists today.

NVIDIA is not the only company that will rely on a fair use defense in response to AI-related copyright infringement claims. Many other companies are taking the same approach so whether it succeeds will prove key for the future of AI model development.

What makes these matters more complex is that AI models and technologies have different applications; so what may be fair use in one case, could be copyright infringing in another.

For example, earlier this week, a California federal court ruled that a copyright lawsuit filed by visual artists against DeviantArt, Midjourney, Runway AI, and Stability AI, can move forward. These defendants are also accused of copyright infringement, but the lawsuit deals with images, and image outputs instead.

Given the parties involved and the potential damages at stake, these lawsuits will keep the courts busy for years to come. Even after the first ‘final’ verdicts come in, there will be appeals, and some questions may eventually end up at the Supreme Court.

Meanwhile, the actions of NVIDIA and other AI companies will be closely monitored by copyright watchers. This includes recent press reports accusing NVIDIA, among others, of scraping both videos and transcripts from YouTube, to train their respective models.

—

A copy of the joint case management statement in Nazemian vs. Nvidia is available here (pdf)

From: TF, for the latest news on copyright battles, piracy and more.

After filing copyright lawsuits against early peer-to-peer file sharing services and emerging mostly victorious, the global music industry found that any depressant effect, on pirate content availability and consumption, was insufficient.

Content was soon being consumed by an expanding pool of internet users, and relentless demand was met being met by increased availability and supply. Since robust peer-to-peer networks had few issues taking care of mass distribution, music industry lawyers switched to suing tens of thousands of music pirates instead. That eventually became unpleasant for everyone and as an anti-piracy strategy, also insufficient.

We Can Do This The Easy Way, Or The Hard Way. No Pressure

Having sued piracy platforms and their users, attention turned to residential ISPs. Approached as potential allies, progress over the years was rarely much more than a mixed bag. When it became increasingly clear that cooperation would involve ISPs suppressing their own customers – those that the music companies had previously failed to suppress – lawsuits against the internet’s gatekeepers were inevitable.

After music giant BMG sued Cox Communications for failing to take action against repeat infringer customers, the matter was settled in BMG’s favor via a “substantial settlement.” With big money at stake, repeat infringer lawsuits are now widespread in the United States; in 2022, BMG hit the owners of Optimum with a similar lawsuit carrying a billion-dollar payload.

The Hard Way It Is Then

Filed in the Eastern District of Texas, the complaint featured plaintiffs BMG Rights Management, UMG Recordings, Capitol Records, Concord Music Group, and Concord Bicycle Assets.

The defendants, Altice USA and CSC Holdings, were described as the operators of one of the largest ISPs in the United States. Sold under ‘Optimum’ branding and available in at least 21 states, high-speed connections made available by the defendants were allegedly being used by thousands of persistent pirates responsible for millions of infringements.

The plaintiffs informed the court that efforts to encourage the ISP to suspend or disconnect alleged infringers, had come to nothing.

“Rather than work with Plaintiffs or take other meaningful or effective steps to curb this massive infringement, Altice chose to permit infringement to run rampant, prioritizing its own profits over the Plaintiffs’ rights,” the complaint continued.

With David Bowie, Justin Bieber, Katy Perry, Keith Urban, and Lady Gaga among around 8,000 artists suffering the consequences of the alleged inaction, the stage was set for a billion dollar showdown.

After 18 Months of Litigation, Case Dismissed – Permanently

If obtaining a settlement was the plan, the next 18 months of litigation failed to give much away. The discovery process, for example, led to claims that certain materials were being withheld based on unsupported assertions of privilege. Deposition notices served on the CEOs of both BMG and Concord were challenged and eventually quashed.

Anti-piracy company OpSec Online, which had been hired by the plaintiffs to track infringement carried out on BitTorrent networks, was required to hand over considerable amounts of data. That included copies of its source code (23,693 files) and more than a million pages of documents.

Altice also sought to obtain information from the RIAA relating to repeat infringer lawsuits targeting other ISPs. Then on Wednesday this week, the parties suddenly advised the court that the lawsuit was over.

Having been dismissed with prejudice, the matter won’t see the light of day again, but the filing itself offers no information to explain why. Similar cases against other ISPs were dismissed just hours before trial, so that seemed the most likely outcome here.

Parties Agreed to Settle

Confirmation that the parties did indeed settle can be found in Altice SEC filings.

“On July 1, 2024, we and the BMG Plaintiffs settled this lawsuit and as part of the settlement we expect a stipulation of dismissal with prejudice to be filed by the parties on or before August 20, 2024. The settlement amount was accrued for as of June 30, 2024,” the document reveals.

No specific settlement figure is mentioned by Altice, but the company does reference its ongoing legal battle with Warner, Sony, and other members of the RIAA, which makes similar ‘repeat infringer’ claims while also seeking massive damages.

“We intend to and are vigorously defending against the claims in the Warner Matter. In addition to contesting the claims of liability, we have an affirmative defense under the Digital Millennium Copyright Act that, if successful, would preclude or limit monetary damages against us in connection with some or all of the Warner Plaintiffs’ asserted claims. There can be no assurance as to the outcome of this litigation,” the filing warns.

The stipulation of dismissal (with prejudice) is available here (pdf)

From: TF, for the latest news on copyright battles, piracy and more.

Сайтът

Съобщение на Ивайло Мирчев в социалните мрежи информира, че МВР е свалило novonachalo.com – нов сайт за политическа сатира, създаден от активисти на Да! България (наши активисти, пише Мирчев). От хостинг компанията съобщават, че сайтът е спрян по разпореждане на МВР (ГДБОП) и всякакви допълнителни въпроси да се отнасят към тях. Това е станало в 14.03 ч. на 14.08.2024 г. Има приложена кореспонденция на Мирчев с доставчика в потвърждение на казаното, изяснява се впоследствие, че това е СуперХостинг.

Малко по-късно сайтът тръгва отново, този път се хоства извън обсега на действие на ГДБОП – на сървър извън България.

Междувременно министърът на вътрешните работи Калин Стоянов е намерен от журналисти и казва няколко неща: че ще даде подробна информация на другия ден, че сайтът се е асоциирал с двама политици, които са се разкрили по този начин (посочва Мирчев и Божанов), и че сайтът е фалшив. На въпроса защо е фалшив министърът отговаря с два въпроса: “Аз да съм част от някоя партия? Според вас фалшива новина ли е това?”

Съдържанието

Сайтът е вдъхновен от загадъчното ново начало, заявено от Пеевски, определен е от Мирчев като политическа сатира и съдържа както истински клипове с участието на Пеевски или свързани с Пеевски, така и пародийни материали, интервюта и други подобни. Очевидно не е опасен за националната сигурност. Бегло проследяване не показва сайтът да съдържа реч на омразата или лични данни или други предвидени от закона тайни. Единствената индикация за причините за свалянето е изказването на министъра, че сайтът е фалшив.

Безусловно е прието, че сатирата и пародията не са част от дезинформацията, вж например Кодекса на ЕС. Не е дискусионно, следователно, че материали с пародиен характер не се третират като незаконно съдържание.

Правното основание и причините

От началото се знае (от доставчика), че доставчикът е свалил сайта по искане на ГДБОП. Не се знае на какво правно основание. Тази информация е поискана писмено и от ГДБОП, и от министъра и има поет ангажимент от министъра за подробна информация.

Мерки по отношение на съдържание онлайн могат да се вземат, ако то е незаконно, тоест не е в съответствие с правото на Съюза или правото на съответната държава членка. Пародиите не се включват в обхвата на понятието дезинформация, така че остава неясно каква разпоредба от правото на Съюза или българското право е нарушена. Няма данни и това да е установено със съдебен акт.

Според Законодателния акт за цифровите услуги

И на финала – за пресконференцията на министъра

Вместо очакваната информация за правното основание и причините на свалянето на сайта, министър Калин Стоянов се е фокусирал върху обаждане на Божанов до ГДБОП. От известната ни кореспонденция между Да!България и доставчика на хостинга се вижда, че именно доставчикът насочва Мирчев да се обърне към ГДБОП за правното основание и причините за премахване на съдържанието – което е право на въпросните хора от Да!България (вж по-горе рецитал 54 от регламента).

Патетичното твърдение на министъра, че ГДБОП са си свършили работата, няма да може да мине без уточнението, че борбата със сатирични сайтове не им е работа.

Министърът е заявил, че трябвало да се прави разлика между свобода на словото и сайтове за разпространение на фалшива информация и манипулация. Само че пародията е извън обхвата на понятието за дезинформация, а поне засега друга причина за сваляне на сайта не се съобщава.

Случаят е в развитие, трябва да се следи по много причини. Когато Румен Петков като министър на вътрешните работи караше доставчиците да свалят съдържание, някои сваляха, а някои не сваляха, като привличаха външни експерти по въпроса незаконно ли е съдържанието, както е настоявал Румен Петков. Зависи колко убедителни са доказателствата за незаконност на съдържанието.

АЕЖ: Свалянето на сатиричен сайт от МВР е опасен прецедент

Също са обърнали внимание върху отговорността на доставчика да прецени законосъобразността на разпореждането.

As the expression goes, "Time flies when you are having fun", meaning you do not normally account for the passage of time when you are distracted and enjoying yourself. The expression is a well established English idiom, though today for a moment the Debian Project pauses to reflect on that expression.

It has been 31 years now that we have been around.

It has been 31 amazing years of fun and amazement in watching the world around us grow and ourselves grow into the world.

Let us tell you, we have had a great time in doing so.

We have been invited to nearly every continent and country for over 25 Debian Developer Conferences, we have contributed to the sciences with our Debian Pure Blends; we have not given up on or discounted aged hardware with Long Term Support (LTS); we have encouraged and sponsored diversity with our Outreach Programs. We have contributed to exploration of this lovely planet and the vast vacuum of space (where no one hears Developers scream).

There is more to what we have done but from a cursory glance, we seem to have done it all.

But we never noticed it.

Time does fly or "escape irretrievably" when having a good time and making progress, though our pause at this moment is that we have also had a few moments of honest self-evaluation and reflection. Over the years the project has lost some significant loved ones who were dear to us - you may have called them Developers while we called them Friends, we called them Mentors, we hurt, we grieved, and in their memories we keep moving forward.

The course of the project has seen a few tragedies, has seen heated discourse in the public domain, has addressed and weathered concerns, and has still continually grown.

And we did that in the public sphere, because at the core this is an open project. Our code is public, our bugs and failings are public, our communications are public, our meetings are public, and our love of FLOSS is most definitely public.

And now more that ever the Debian Project realizes that the "we" that is sprinkled throughout this letter is just another way of saying: "you". You, the user, contributor, sponsor, developer, maintainer, bug squasher; all of you make the WE that is Debian. So what are WE waiting for? Lets celebrate!

Join the worldwide celebration or find an event local to you by visiting our DebianDay events page - see you there!

Widening discussions on the seemingly limitless potential of AI suggest profound implications for most jobs in the future.

Of those with the greatest chance of surviving the AI revolution, fighting crime online must be one of the stronger candidates. With piracy close to ubiquitous, work opportunities exist, to put it mildly.

The realm of content protection may yet have an AI savior waiting in the wings, but until a model can accurately determine fair use and conduct complex, error-free investigations, humans retain the upper hand. Meanwhile, the entertainment industry has more content protection work than ever before, much of it with an ideal completion date of yesterday.

Larissa Knapp, the new head of content protection at the MPA, will undoubtedly meet challenges like these head on. This week the former FBI official revealed the culmination of an investigation in the United States where basic mistakes may have contributed to the services’ downfall. The press release itself includes some interesting presentational changes.

US-Based IPTV Services Shut Down

The anti-piracy profiles of the MPA, and more recently ACE, are without parallel in the United States. At least in part, high-profile lawsuits and in some cases criminal actions, have dampened pirates’ enthusiasm for becoming the next ‘victim’ of Hollywood’s piracy grinder. As a result, actions against IPTV providers in the U.S. are relatively rare.

On Wednesday, however, ACE announced the shutdown of at least four branded IPTV services on home soil; AnytimeTV (the most prominent), Cobra Servers, Elite Servers, and Lost Highway Media. Customers of some of these services have been complaining about their sudden disappearance since early June.

According to ACE, when combined these platforms had “thousands of subscribers” and “hundreds of thousands of domain visits annually.” The big question is whether the profit made on subscriptions will be enough to pay off ACE.

$2m+ Settlement Agreed

The closure of these services will be governed by a settlement agreement between ACE and three U.S.-based IPTV operators. ACE has mentioned reaching settlement agreements with platform owners in the past, but in this matter the financial aspect is given a much higher profile than usual.

ACE reports that the three operators have agreed to pay over $2 million in compensation; through unofficial channels TF has previously heard of settlement offers in the hundreds of thousands, but with so many cases, the sample is too small to predict the true range.

“These landmark settlements should serve as a warning to illegal streaming operators about the severe penalties they will face for breaking copyright law, including legal actions, substantial financial settlements and fines, and jail time,” Knapp says.

In most cases, settlements require domains used in connection with pirate services to be signed over to the MPA. Those specifically mentioned by ACE in this matter include anytimetv.us, anytimewebhosting.com, elite-servers.com, losthighway-media.com, and webhostsupply.com. Some already divert to the ACE seizure page.

Paying the Price for Zero Security

Groups like ACE never reveal exactly what makes one service more likely to face enforcement measures than another. Nevertheless, factors such as size or strategic position in the piracy market are typically weighed against prudent use of resources and prospects of success. Political considerations and matters related to overarching strategy may influence decisions too, but in some cases, enforcement action simply makes sense.

Services increasing in popularity, such as those recently shut down, may require more urgent attention. When that can take place on home soil, enforcement is likely to be more effective. When the domain anytimetv.us appeared in the mix, that may have made things much more interesting.

Unlike foreign domains, WHOIS records for .us domains cannot be hidden, with registrars facing potential repercussions for not following the rules. That’s why pirate sites usually avoid .us domains and prefer options such as .to, where the opposite is true.

In this case, public WHOIS records for anytimetv.us included a real name and a real physical address. With those details established, related information becomes easier to find.

On LinkedIn, for example, one service was presented by its owner as a regular business, using a name that can be cross-referenced with WHOIS records and other online databases. Similarly, engagement on Trust Pilot and other review platforms suggested that potential enforcement was hardly considered, if it was considered at all.

Whether ACE offered one or any of these services an early opportunity to shut down is unknown. What we can say with absolute certainty is that at least one of them was compromised years ago when legal action targeted an entity responsible for supplying their streams. A company name, banking details, and details of monthly payments made for streams, were obtained by an anti-piracy group as part of a much larger haul, which eventually entered the public domain.

Given the sheer number of platforms ACE has shut down since 2017, running a pirate IPTV service so openly with the above as background, makes zero sense. Even if we entertain the idea that identities, addresses, and profiles on social media, are simply elaborate fakes placed online for misdirection purposes, the bottom line still tells exactly the same story: services shut down and profits confiscated. And that’s just the lucky ones.

From: TF, for the latest news on copyright battles, piracy and more.

From the Federal Register:

After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+.

These algorithms are part of three NIST standards that have been finalized:

• FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard
• FIPS 204: Module-Lattice-Based Digital Signature Standard
• FIPS 205: Stateless Hash-Based Digital Signature Standard

NIST press release. My recent writings on post-quantum cryptographic standards.

EDITED TO ADD: Good article:

One – ML-KEM [PDF] (based on CRYSTALS-Kyber) – is intended for general encryption, which protects data as it moves across public networks. The other two –- ML-DSA [PDF] (originally known as CRYSTALS-Dilithium) and SLH-DSA [PDF] (initially submitted as Sphincs+)—secure digital signatures, which are used to authenticate online identity.

A fourth algorithm – FN-DSA [PDF] (originally called FALCON) – is slated for finalization later this year and is also designed for digital signatures.

NIST continued to evaluate two other sets of algorithms that could potentially serve as backup standards in the future.

One of the sets includes three algorithms designed for general encryption – but the technology is based on a different type of math problem than the ML-KEM general-purpose algorithm in today’s finalized standards.

NIST plans to select one or two of these algorithms by the end of 2024.

IEEE Spectrum article.

Slashdot thread.

Late 2019, Internet provider Cox Communications lost its legal battle against a group of major record labels, including Sony and Universal.

Following a two-week trial, a Virginia jury held Cox liable for its pirating subscribers. The ISP failed to disconnect repeat infringers and was ordered to pay $1 billion in damages.

Cox challenged the verdict through several routes and earlier this year booked a partial victory. The Fourth Circuit Court of Appeals confirmed that the ISP was contributorily liable for pirating subscribers, but reversed the vicarious copyright infringement finding. A new trial will determine the appropriate damages amount given these new conclusions.

Following this ruling, Cox asked for the damages question to be put on hold, as there were other matters pending. Among them, a planned Supreme Court petition filed a few hours ago.

Cox Files Supreme Court Petition

In a public statement today, Cox warns that the current ruling jeopardizes internet access for all Americans, as it forces ISPs to terminate the accounts of subscribers who are repeatedly accused of sharing copyright-infringing content.

“Terminating internet service would not just impact the individual accused of unlawfully downloading content, it would kick an entire household off the internet,” Cox notes.

“This would have a particularly devastating impact on rural communities with only one service provider or where an alternative provider offers slow or unreliable connections — termination would leave a household with no viable access to the internet.”

After the Cox case was docketed, similar lawsuits were filed against other Internet providers, including Grande, Verizon, RCN, Bright House, Frontier and others. Some complaints were settled and others remain pending.

These cases have already changed how Internet providers handle repeat infringers on their networks and “terminations” are now more common. According to Cox, however, the current verdict goes too far.

Draconian Liability Regime

In its petition Cox writes that, in its view, the lower court’s ruling stretches service provider liability too far. As a result, ISPs find themselves ‘forced’ to terminate subscribers, who may have done little wrong.

“Cox Communications — which provides internet service to millions of homes and businesses — must either terminate internet connections previously used for infringement or else face liability for any future infringement.

“In doing so, the court installed the most draconian secondary-liability regime in the country, one that departs from three other circuits, defies this Court’s precedents, and threatens mass disruption across the internet,” Cox warns.

The Supreme Court petition aims to place the ‘repeat infringer’ issue into perspective, noting that pirating accounts represented roughly 1% of its total subscribers. Of this group, Cox was able to motivate 95% to stop.

The remaining ‘repeat infringers’ were able to continue. The music companies argued that the ISP could and should have terminated these accounts, some 57,000 in total, but Cox believes this is a step too far.

Universities, Hotels and Military Housing

Cox argues that subscribers shouldn’t lose their internet access based on unadjudicated third-party accusations; especially since the repeat infringers included business accounts with many simultaneous connections.

“In practice, the accounts that continued to rack up notices without termination were regional ISPs, universities, hotels, military housing, and other business accounts used by hundreds or thousands of individual users,” the petition reads.

Disconnecting universities and hospitals could have devastating consequences but Cox also continued to provide its services to many regular subscribers, who also continued to pirate.

While these examples are less dramatic, the company argues that disconnecting regular subscribers can also have serious consequences.

“Even with respect to individuals who did, in fact, infringe, loss of internet access is very heavy punishment for illegally downloading two songs. A person without internet might lose their job or have to drop out of school.”

Cox hopes that the Supreme Court will take on the case and limit secondary liability for Internet providers. The current Fourth Circuit ruling weighs heavily in favor of rightsholders, to the detriment of ISPs and their subscribers, the petition argues.

Two Questions

In recent weeks, Cox has put considerable effort into explaining its position to the press. When doing so, there was a strong focus on the potentially devastating impact on Internet users.

While this is undoubtedly an important issue, the matter at hand is ultimately about service provider liability. And the key questions presented to the Supreme Court don’t directly involve hospitals in rural areas.

This case is about who is responsible for Internet piracy. Is it only the users who actually share pirated material, or can ISPs be held responsible too?

The Fourth Circuit concluded that Cox “materially contributed” to the infringements of its subscribers, because the company knew about this activity and didn’t terminate their accounts.

That leads Cox to present the following question to the Supreme Court:

“Did the Fourth Circuit err in holding that a service provider can be held liable […] merely because it knew that people were using certain accounts to infringe and did not terminate access, without proof that the service provider affirmatively fostered infringement or otherwise intended to promote it?”

The second question is indirectly related to the damages award. The jury awarded the maximum statutory damages of $150,000 per work, which is typically reserved for “willful” infringement.

Cox questions whether simply knowing about copyright infringements of subscribers is willful, if the company didn’t know that its own conduct was illegal.

“Did the Fourth Circuit err in holding that mere knowledge of another’s direct infringement suffices to find willfulness under 17 U.S.C. § 504(c)?” the petition reads.

Landmark Case

If the Supreme Court decides to take on this case, it will undoubtedly result in a landmark decision. The music companies also indicate that they may present their own petition to the court, which will make the matter even more crucial.

Both sides are expected to garner support from third parties, which are expected to file supporting briefs on their behalf. After that, the Supreme Court will have to decide whether to take on the case.

Whatever the ultimate outcome, Internet providers could certainly benefit from extra clarity on the “repeat infringer” problem. Whether they will like the eventual outcome, remains to be seen.

—

A copy of Cox Communication’s Supreme Court petition is available here (pdf)

From: TF, for the latest news on copyright battles, piracy and more.

Palo Alto Networks published its semi-annual report on ransomware. From the Executive Summary:

Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762 new posts. This averages to approximately 294 posts a month and almost 68 posts a week. Of the 53 ransomware groups whose leak sites we monitored, six of the groups accounted for more than half of the compromises observed.

In February, we reported a 49% increase year-over-year in alleged victims posted on ransomware leak sites. So far, in 2024, comparing the first half of 2023 to the first half of 2024, we see an even further increase of 4.3%. The higher level of activity observed in 2023 was no fluke.

Activity from groups like Ambitious Scorpius (distributors of BlackCat) and Flighty Scorpius (distributors of LockBit) has largely fallen off due to law enforcement operations. However, other threat groups we track such as Spoiled Scorpius (distributors of RansomHub) and Slippery Scorpius (distributors of DragonForce) have joined the fray to fill the void.

The press is reporting a critical Windows vulnerability affecting IPv6.

As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets.

Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it with an “exploitation more likely” label, which means that threat actors could create exploit code to “consistently exploit the flaw in attacks.”

Details are being withheld at the moment. Microsoft strongly recommends patching now.

More than twelve years have passed since Megaupload became the prime target in a high-profile law enforcement operation, which led to the collapse of Kim Dotcom’s file-storage empire.

While time moved on, the New Zealand-based ‘Internet personality’ was still waiting to hear whether he would be extradited to the United States where a criminal prosecution is pending.

With the stakes this high, no legal resources are being spared. Many millions of dollars have been poured into this legal battle since 2012, and the end is still nowhere in sight.

In 2020, the Supreme Court of New Zealand ruled that Kim Dotcom and his colleagues could indeed be extradited to the United States. However, this still wasn’t set in stone, as judicial reviews and appeals were still pending.

Megaupload defendants van der Kolk and Ortmann eventually opted for a deal. The pair pled guilty but were allowed to serve their respective 30 and 31-month prison sentences in New Zealand. Dotcom, meanwhile, vowed to ‘fight on’.

“I’m now the last man standing in this fight and I will continue to fight because unlike my co-defendants I won’t accept the injustice we have been subjected to,” Dotcom said two years ago.

Justice Minister Signs Dotcom Extradition

In recent years, Dotcom hasn’t shied away from the public eye, often sharing controversial takes on political and societal events. In the background, however, potential extradition loomed, before reaching its conclusion earlier today.

According to Stuff, New Zealand Justice Minister Paul Goldsmith informed Kim Dotcom that he will be deported to the United States to stand trial.

“I have received extensive advice from the Ministry of Justice on this matter,” Goldsmith said. “I considered all of the information carefully, and have decided that Mr Dotcom should be surrendered to the US to face trial.”

“As is common practice, I have allowed Mr Dotcom a short period of time to consider and take advice on my decision. I will not, therefore, be commenting further at this stage,” the Justice Minister added.

Dotcom has always denied the charges and has left no stone unturned in support of his defense. This means that the latest extradition decision will be challenged as well.

‘I Have a Plan’

The Ministry of Justice confirmed the extradition order earlier today. Dotcom revealed the decision on social media earlier in the week, describing New Zealand as an “obedient U.S. colony”.

“[T]he obedient US colony in the South Pacific just decided to extradite me for what users uploaded to Megaupload, unsolicited, and what copyright holders were able to remove with direct delete access instantly and without question. But who cares? That’s justice these days,” he wrote on Tuesday.

Today, Dotcom followed up, stating that he has “a plan,” “loves New Zealand,” and doesn’t intend to leave the country.

The nature of Dotcom’s plan is unknown but if the past twelve years are any indication, he won’t let any adverse decision pass without a fight.

From: TF, for the latest news on copyright battles, piracy and more.

This is a current list of where and when I am scheduled to speak:

• I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is on the 24th.

The list is maintained on this page.

Interesting paper: “Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data”:

Generative, multimodal artificial intelligence (GenAI) offers transformative potential across industries, but its misuse poses significant risks. Prior research has shed light on the potential of advanced AI systems to be exploited for malicious purposes. However, we still lack a concrete understanding of how GenAI models are specifically exploited or abused in practice, including the tactics employed to inflict harm. In this paper, we present a taxonomy of GenAI misuse tactics, informed by existing academic literature and a qualitative analysis of approximately 200 observed incidents of misuse reported between January 2023 and March 2024. Through this analysis, we illuminate key and novel patterns in misuse during this time period, including potential motivations, strategies, and how attackers leverage and abuse system capabilities across modalities (e.g. image, text, audio, video) in the wild.

Blog post. Note the graphic mapping goals with strategies.

Consumer Reports has a new study of people-search site removal services, concluding that they don’t really work:

As a whole, people-search removal services are largely ineffective. Private information about each participant on the people-search sites decreased after using the people-search removal services. And, not surprisingly, the removal services did save time compared with manually opting out. But, without exception, information about each participant still appeared on some of the 13 people-search sites at the one-week, one-month, and four-month intervals. We initially found 332 instances of information about the 28 participants who would later be signed up for removal services (that does not include the four participants who were opted out manually). Of those 332 instances, only 117, or 35%, were removed within four months.

It’s possible to cancel other people’s voter registrations:

On Friday, four days after Georgia Democrats began warning that bad actors could abuse the state’s new online portal for canceling voter registrations, the Secretary of State’s Office acknowledged to ProPublica that it had identified multiple such attempts…

…the portal suffered at least two security glitches that briefly exposed voters’ dates of birth, the last four digits of their Social Security numbers and their full driver’s license numbers—the exact information needed to cancel others’ voter registrations.

I get that this is a hard problem to solve. We want the portal to be easy for people to use—even non-tech-savvy people—and hard for fraudsters to abuse, and it turns out to be impossible to do both without an overarching digital identity infrastructure. But Georgia is making it easy to abuse.

EDITED TO ADD (8/14): There was another issue with the portal, making it easy to request cancellation of any Georgian’s registration. The elections director said that cancellations submitted this way wouldn’t have been processed because they didn’t have all the necessary information, which I guess is probably true, but it shows just how sloppy the coding is.

People being arrested for pirate IPTV activities isn’t anything new, not in the UK or indeed anywhere else, but it is mentioned a lot more than before.

The terminology currently used to describe offenders seems to have changed too. Last month it was reported that 40 illegal ‘IPTV operators’ were served with official warnings, some via an in-person visit by police and anti-piracy group FACT.

For smaller players, subscription resellers, for example, the strategy makes complete sense. Yet the idea of having a similar doorstep chat with known wholesale suppliers doesn’t add up at all. Ambiguities such as this make it more difficult to determine the significance of new developments, all of which are currently reported by UK tabloids on a single level – extreme – regardless of the facts.

Five years ago, events were significantly less distorted, meaning that big events stood out as they should.

Action Takes Out Two Alleged IPTV Operators

In March 2019, raids in London carried out by police, Trading Standards, and anti-piracy outfit Federation Against Copyright Theft (FACT), targeted what was described as a “£3 million fraud operation” to “download, encrypt and widely distribute TV content from Sky, Virgin and BT.”

While the terminology could’ve benefited from a tweak or two, this had all the hallmarks of a raid against an actual provider of illegal streams, which is still relatively rare in the UK. Confirmation that searches of shop premises and homes had uncovered equipment valued at £100k – computers, servers, and set-top boxes – that reportedly enabled the operation, left little doubt that this was important news.

Two men were arrested on suspicion of fraud, with police claiming that the suspects generated £600,000 per year from their activities. A list of 3,000 subscribers to their services found in the shop, was reportedly in the hands of the authorities. As is usually the case, we asked a few questions about the event at the time to guide our reporting but, as is mostly the case, answers never arrived.

Five Years Later, Suddenly More News

In an announcement to the press on Tuesday, it was revealed that two brothers had been sentenced to “a total of 11 years in prison” for “operating an illegal streaming service” that offered subscriptions to premium television content, including Sky.

Amir Butt, aged 56 from Ilford, was sentenced to seven years in prison while his brother, Ammar Hussain, aged 39 and also from Ilford, was sentenced to four years.

Given the length of Butt’s sentence, clarity is obviously important. However, while the announcement clearly states that Hussain was “found guilty of conspiracy to defraud over a seven-year period” (August 2012 to March 2019), the offense or offenses for which Butt received a significantly longer sentence seem to be missing. (separation of statements below for illustration purposes).

Of course, we could assume that all seven years were for conspiracy to defraud but at minimum, that wouldn’t account for Butt failing to appear, or indeed any other offenses, such as they exist. Offenses are normally described in fine detail, but not here.

The next paragraph covering the raids in March 2019 also raises questions. It notes that Butt was arrested at his home address and Hussain was arrested at a shop in Ilford, which had operated under various company names over the years including Tech & Sat Ltd, Techsat, and Tech + Sat.

“The pair sold annual subscriptions, which provided access to a range of sports and entertainment content, for £200 each,” the statement continued.

Other details presented to the media five years ago have been changed or reassessed, made less specific, or even removed.

Scale of the Fraud Diminishes

Having previously claimed to have seized a list of 3,000 subscribers, the announcement yesterday adjusted to “they were believed to have thousands of customers.”

The £3 million “fraud operation” is now described as “depriving legitimate tv providers in excess of £1m.” An early claim of “£600k per year” in revenue now reads “hundreds of thousands of pounds in revenue,” presumably in total.

It would be naive to believe that all evidence meets prosecution standards, so reductions should never come as a surprise. Equally, generating hundreds of thousands of pounds selling illegal access to a legitimate service’s content, is still a very serious offense, one that has custodial sentence written all over it.

The Nature of the Operation Remains Unclear

But even more difficult to square is the following statement:

Cash and a substantial amount of equipment, including Sky set-top boxes and viewing cards, were seized from the addresses for further forensic analysis.

Given that Sky set-top boxes are clearly visible in Google Street View images of the shop, the fact that some were seized along with some cash is hardly a surprise.

What the statement does not say is that the equipment was actually used to “download, encrypt and widely distribute TV content” nor does it make any attempt to reveal what the forensic analysis actually found.

These details are extremely important when attempting to weigh the significance of any enforcement action. The strong suggestion earlier, that a provider had been shut down, would mean actual content being removed from the market. Removing a reseller, no matter how big, would leave the supply intact and a gap in the market easily filled with minimal effort.

Unlike in the United States, where court records are mostly freely available, in the UK there’s a much greater reliance on press releases issued by those directly and commercially involved, despite prosecutions being funded by the public purse. Requests to see actual court records are always denied.

Prison Sentences For Two, One Had Better Things to Do

There’s no question that in appropriate cases, convictions are critical to deter criminality; indeed, during the last 24 hours all information we’ve managed to uncover suggests that custodial sentences were entirely appropriate and almost inevitable. Yet another surprise here is that the trial actually took place nearly a year ago and ran for four weeks.

While that indicates a plea of ‘not guilty’ for Hussain, it appears that Butt may have had something more important to do; for reasons that aren’t explained, he failed to appear for his own trial.

That somehow led to Butt being found guilty first, for whatever crime or combination of crimes that justified a sentence almost double that of his business partner, Hussain, who received his four-year sentence at Snaresbrook Crown Court just this week.

Finally, it’s worth highlighting that the overwhelming majority of news related to IPTV in the UK is managed as part of the BeStreamWise anti-piracy campaign. Viewed through that prism, there’s a clear incentive to only report news in a way that supports the campaign, rather than reporting the details as-is, warts and all.

From: TF, for the latest news on copyright battles, piracy and more.

Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies:

From CNN:

In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit highly detailed driving data about each time a driver used their vehicle,” according to the AG’s statement.

General Motors sold this information to several other companies, including to at least two companies for the purpose of generating “Driving Scores” about GM’s customers, the AG alleged. The suit said those two companies then sold these scores to insurance companies.

Insurance companies can use data to see how many times people exceeded a speed limit or obeyed other traffic laws. Some insurance firms ask customers if they want to voluntarily opt-in to such programs, promising lower rates for safer drivers.

But the attorney general’s office claimed GM “deceived” its Texan customers by encouraging them to enroll in programs such as OnStar Smart Driver. But by agreeing to join these programs, customers also unknowingly agreed to the collection and sale of their data, the attorney general’s office said.

Press release. Court filing. Slashdot thread.

Library Genesis (LibGen) is one of the oldest shadow libraries on the Internet, offering free access to millions of books and academic papers people otherwise have to pay for.

The site’s origins reportedly trace back to the Soviet Union’s underground publishing culture ‘samizdat,’ which was used to bypass state censorship in the last century.

LibGen launched around 2008 as a digital version of the same concept. In addition to bypassing ‘local’ censorship, it’s widely used to circumvent the paywalls of major international publishing companies, serving as a popular ‘pirate’ site for (text)books and academic works.

Rightsholders have attempted to take the site offline several times over the years, but none led to concrete results. Today, Libgen.rs, Libgen.is and Libgen.st remain online, but downloading pirated books turns out to be quite a challenge.

Inactive LibGen Admin and Downloads?

Starting last weekend, regular LibGen downloads suddenly stopped working. The outage suggests that there’s a problem with the storage servers, but there’s no official explanation.

The lack of communication doesn’t come as a complete surprise. A few months ago, the site already appeared to have some internal struggles. The person in charge of the site’s coding has reportedly been ‘inactive’ for a while.

This personnel issue may explain the database errors and technical trouble that resulted in broken functionality a few months back. It may also explain why new torrents are not being added on a weekly or daily basis. Presently, the latest torrent archive on the site dates back to April.

Whether these earlier reports are related to the current download problems is unknown, but without any official update or mention from the people behind the curtain, it could mean that LibGen is no longer actively managed.

Legal Troubles

Technical issues can admittedly have various causes. Aside from a lack of manpower, it’s also possible that servers were targeted by complaints from rightsholders. This seems less likely, however, as most parts of the website remain online.

LibGen has previously been the subject of legal action, however. Through court orders, LibGen is now blocked in several countries, but taking the operation permanently offline has proven quite the challenge, not least since the identities of its operators are unknown.

Last year, LibGen was also targeted in U.S. court by several prominent textbook publishers including Cengage, Macmillan Learning, and Pearson Education. The companies requested millions in damages and an injunction to shut down various domain names.

LibGen hasn’t responded to this complaint in court, and a request for a default judgment is currently pending. If that’s granted, LibGen can lose control over some of its domain names.

There is no indication that the current download problems are related to this court case, however. The domain names in question still work.

LibGen has many millions of monthly users, some of whom have shared their frustrations on social media, including on Reddit. This includes many students, who were hoping to pirate textbooks ready for the start of the school year, which is no longer an option today via any of the official domains.

Time will tell whether this is the end of LibGen, or just a temporary hiccup.

Update August 21: After the issues persisted for days, downloads are reportedly working again. Downloading copyrighted content without permission is not advised and against the law.

From: TF, for the latest news on copyright battles, piracy and more.

At the height of the cyberlocker boom in the early 2010s, Uptobox was already an established name.

The platform remained online despite a fierce anti-piracy crackdown that led to the demise of Megaupload, Hotfile, and many other file-hosting services.

Uptobox faced some trouble with payment providers but still managed to grow in the decade that followed. Like many other sites of this kind, it was frequently abused by pirates to share copyrighted content. To address this, Uptobox had a takedown policy to swiftly remove those files in response to rightsholders’ reports.

Uptobox Blocked and Raided

Takedowns couldn’t prevent the site from being targeted in a site blocking order in France, where roughly a third of the site’s 30 million monthly visits originated. The site didn’t agree with this decision and, as a countermeasure, informed users how the DNS blockades could be circumvented.

For the less technically inclined, Uptobox vowed to contest the site blocking measures in court. However, before it could do so, rightsholders including Columbia, Paramount, StudioCanal, Warner Bros, Disney, Apple, and Amazon, showed that they were a step ahead.

In September 2023, French cloud hosting providers Scaleway and OpCore pulled the plug on Uptobox’s servers. Initially, it wasn’t clear who was behind the action, but it later transpired that the Alliance for Creativity and Entertainment (ACE) was a driving force behind it.

The server shutdowns were backed by a court order and ACE pointed a finger at two French nationals, who operated the platform from the Dubai-based company ‘Genius Servers Tech FZE’.

Uptobox Challenges Blocking Order

While Uptobox initially remained quiet, it didn’t plan to throw in the towel so easily. The company was very critical of the shutdown, not least since it was partly based on the EU’s ‘Piracy Watch List,’ which relies heavily on input from rightsholders and is not a legal determination.

In recent months, Uptobox pushed back by challenging the blocking action in a Paris court. While Genius Servers hoped to turn the case around, Marc Rees at l’Informé reports that this initial attempt failed. Last Friday, the Paris judicial court denied Uptobox’s request to lift the blocking measures.

In its defense, Uptobox explained that it had a proper takedown policy, under which 98.9% of the links reported by movie industry groups were promptly removed.

Genius Servers further argued that 70% of the files on its site were never downloaded, and that another 15% were downloaded less than 10 times. The company also stressed that Uptobox had never encouraged its users to store pirated content on its platform.

The court wasn’t convinced by these arguments, in part because they were based on information that was gathered after the fact. The company didn’t share the underlying database for review either.

Rightsholders Paint a Pirate Picture

Instead, the court went along with evidence presented by rightsholders, including a report compiled by a representative from the Association for the Fight against Audiovisual Piracy (ALPA).

The report revealed that ALPA uploaded a copyright infringing file last year to test the takedown policy. While the uploaded content could indeed be removed, the representative was able to re-upload the same content later, without any countermeasures.

ALPA further found that in a random sample of 25,504 active French-language links that were available in February 2023, the majority (84%) “referred to infringing works”. The millions of Uptobox.com takedown notices that were processed by Google further corroborates the ‘infringing’ nature, the court heard.

The same also applies to Uptobox sister site Upstream, which was blocked by the same court order due to its association with pirated content.

Takedowns are not Enough

The rightsholders arguments were sufficient for the Paris court to keep the existing blocking measures in place.

“It is clear from all these elements that the Uptobox service was used predominantly to illegally make content available to the public, violating copyright and related rights, and that the operator knew or should have known this,” the court concluded.

An important aspect of the judgment is that simply processing takedown notices was deemed insufficient. Uptobox did remove pirated files but, according to the court, it had an obligation to do more. For example, by sanctioning repeat infringers, or by making sure the pirated content couldn’t be re-uploaded so easily.

Specifically, the court writes that Uptobox “does not take any proactive measures to prevent counterfeiting on its platform, such as combating the re-uploading of deleted files, matching files, or providing contact tools for rightsholders”.

According to the court’s reading of EU law and jurisprudence, including the CJEU’s Cyando/YouTube ruling, these additional measures are required.

Finally, the court found that Uptobox’s freedom to conduct a business, which is a fundamental EU right, was not violated as Uptobox is seen as a predominantly infringing service. The copyrights of users, who may have shared private files on the platform, does not get in the way of the blocking order either, the court ruled.

From: TF, for the latest news on copyright battles, piracy and more.

For pirate IPTV blocking orders to be effective, the time between spotting a domain or IP address to be blocked, and the blocking actually taking place, needs to be as short as possible.

For legal, practical, and technical reasons, the gap seems unlikely to shorten to the extent most rightsholders would like, but in general the process seems to be heading in that direction.

In an order dated July 26, top tier French football leagues Ligue 1 McDonald’s and Ligue 2 BKT requested blocking of dozens of domains linked to the provision of pirated live match streams. On August 2, the Paris Judicial Court issued a blocking order, having taken just a week, including a weekend, to process an application that could’ve taken weeks or months just a few years ago.

Permission to Tackle Piracy That Hasn’t Happened Yet

The 2024/25 first and second division football championships don’t even start until August 17, so the new order aims to tackle piracy that hasn’t happened yet. In the UK, the Premier League has been taking a similar approach for years, with the High Court – and now the Paris Court – weighing piracy services’ past behavior against the likelihood of piracy resuming when the new season begins.

“LFP welcomes this decision by the Paris Judicial Court, which makes it possible to combat piracy of the Ligue 1 McDonald’s and Ligue 2 BKT championships in their entirety,” LFP said in a statement welcoming the new order.

“While this decision is the fourth blocking injunction obtained by the LFP since the creation of the system to combat sports piracy in January 2022, it is the first to have been obtained before the start of a season, on the basis of findings of serious and repeated infringements of the LFP’s audiovisual exploitation rights during the previous season.”

Reacting to Countermeasures

Without the ability to respond quickly to countermeasures deployed by pirate sites and services, blocking orders would risk outliving their usefulness before the end of the first match. However, under Article L. 333-10 of the French Sports Code, LFP has access to a powerful tool; after referring the matter to telecoms regulator ARCOM, new sites and services illegally broadcasting LFP content can be swiftly added to the existing blocklist.

On the website of the Paris Court, the domains authorized for blocking in the August 2 order initially appear somewhat chaotically, despite being the most important part of the order.

Fortunately, the list is repeated much more clearly at the end of the order so skipping directly to the end is advised. That being said, for reasons that don’t stop at sheer volume of domains, the need for clarity and pinpoint blocking will only increase moving forward.

Most of the complexities are directly connected to moves made by pirate sites as they attempt to avoid blocking, with any resulting confusion or uncertainty probably considered a bonus.

Domains and Subdomains

The domain list is quite specific when detailing exactly what should be blocked. For example, the domain lol-foot.ru appears along with the subdomain www.lol-foot.ru which currently lead to the same page, but that could be subject to change. The domain www.tv1337.buzz currently points to the same domain that lol-foot.ru and www.lol-foot.ru now redirect to (euro2024direct.ru)..

Sportplus.live and www.sportplus.live appear to redirect to a subdomain of sportplus.live that changes depending on the visitor’s geographical location. In the order fr22.sportplus.live is specified for blocking, but it would be trivial to switch that to almost anything else.

When visited directly, some domains on the list give the impression that they’re non-functional. That hasn’t stopped LFP from finding out that’s not actually the case, but it’s nevertheless interesting to see some of the tactics deployed.

When tested a few hours ago, visitors to bobres.net were greeted with nothing due to a lack of DNS records, while www.bobres.net (listed for blocking) remained fully functional. Another domain, kiwi-ip.tv, appears broken but the subdomain identified by LFP (app.kiwi-ip.tv) has a DNS record mapping it to ip.sltv.be. This domain/subdomain is also listed in the court order but visitors using a browser won’t find much since it’s probably configured for set-top boxes.

Visitors to ardenty.xyz might conclude that the domain is still parked but as LFP has clearly discovered, ahgs.ardenty.xyz is very much alive. The list goes on, and is always subject to change.

Careful….

Finally, it’s worth highlighting three similar domains/subdomains in the list that if blocked at the main domain level, risk affecting any number of innocent parties.

The domains/subdomains kooralive.pp.ua, www.kooralive.pp.ua, and www.kooralive1.pp.ua, all use pp.ua which appears to be a service offering free domains and currently has at least 270 subdomains.

Targeted blocking of the subdomains kooralive, www.kooralive, and www.kooralive1 should present no issues but if pp.ua was targeted in error, that would wipe out at least 270 services and probably more.

The list of fully-qualified domains (FQDN) as they appear in the order are listed below with the main domains and other related data appearing in the table underneath.

lol-foot.ru, www.lol-foot.ru, www.tv1337.buzz, sportplus.live, www.sportplus.live, fr22.sportplus.live, play-iptv.com, m3u.sf-m3u.me, premiumiptv.me, fbxc.cc, crackstreams.sbs, www.crackstreams.sbs, hes-goals.tv, www.hes-goals.tv, kooralive.pp.ua, www.kooralive.pp.ua, www.kooralive1.pp.ua, rojadirectaenvivo.re, www.rojadirectaenvivo.re, www.seehdgames.co, seehdgames.co, pre.soccerstreamslinks.com, vl.streameast.top, tarjetaroja.ws, www.tarjetaroja.ws, totalsportek.ai, www.totalsportek.ai, nbatvhd.online, www.nbatvhd.online, sportsbay.dk, www.sportsbay.dk, telerium.run, www.telerium.run, popcorniptv.com, ahgs.ardenty.xyz, www.bobres.net, ip.sltv.be, app.kiwi-ip.tv, dfwu.link, ip1.mypsx.net, supremtv.fr

From: TF, for the latest news on copyright battles, piracy and more.

Rightsholders around the globe are actively fighting piracy, but few are as vocal as Miguel Angel Loor, the boss of Ecuador’s football league LigaPro.

The football boss has repeatedly spoken out against pirate services, particularly MagisTV, and continues to do so. Meanwhile, no remedy is left unused to tackle the problem.

Critics have argued that by focusing so much attention on the pirate service itself, public campaigns might be counterproductive. For example, displaying ‘anti-MagisTV’ banners during official football matches could introduce people to this pirate service, instead of scaring them away.

Blocked IP-addresses Put Users at Risk?

LigaPro clearly has a different outlook. The league’s boss continues to speak out against piracy as a whole, and doesn’t shy away from mentioning names. Earlier this month, the league managed to reinforce local pirate site blockades by adding 183 new IP-addresses to the MagisTV piracy blocklist that was already in place.

“The granting of the IP address blocking order is a legal victory for the legitimate rights holders and the thousands of customers who pay formally for their various content services,” a statement in response to the order explained.

In addition to blocking additional IP-addresses, the court reportedly warned that anyone who attempts to access the blocked IP-addresses, is subject to penalties and fines for copyright infringement. How those ‘attempted’ copyright infringements will be validated and enforced remains conveniently unexplained.

It’s possible that the added warning for users is mostly intended as a deterrent. In any case, it’s clear that local authorities are sympathetic to LigaPro’s concerns, especially now that the new season is underway.

More Sites and IPs Blocked

Last Friday, a another court order came in, requiring local Internet providers to block eight additional websites and 24 IP addresses. This includes a MagisTV-branded site, but also other alleged pirate streaming sites and apps, such as futbollibretv.pe, tele-latino.net, and rojadirectaenvivo.pl.

Interestingly, the full list of targets includes URLs that are part of larger non-infringing websites. For example, buyiptvsmarters.myshopify.com is a Shopify subdomain that links to a pirate IPTV subscription page. Another sub-target is xc.softonic.com/android, which appears to be a pirate app distributed via the otherwise legal platform Softonic.

It’s not clear whether LigaPro or other rightsholders attempted to have these pages removed through the regularly available takedown procedures, before obtaining the court order. Needless to say, blocking the associated IP-addresses will likely result in overblocking if that’s taking place.

MagisTV Trademark

Aside from the blocking efforts, rightsholders have also pushed back against MagisTV on another front. Apparently, the company ‘Shenzhen Geshan Technology’ has repeatedly tried to register a MagisTV trademark (Magis TV Mas Grafica) in Ecuador.

These applications were successfully objected at the trademark office by LigaPro, most recently with help from Paramount Pictures and DIRECTV.

“Incredibly, they are trying to register the ‘trademark’ in [Ecuador] for the SECOND time. The first time was already denied. Now, LigaPro again opposed, together with Paramount Pictures and Directv, and our opposition has been granted,” LigaPro’s boss wrote on X.

Backlash & Reckless Play?

Miguel Angel Loor’s public opposition of MagisTV and other pirate services seems relentless. LigaPro’s boss recently revealed that local Internet providers are now on board to help out. Whether that entails more than complying with court orders is unknown, but MagisTV was again prominently mentioned.

These anti-piracy messages are welcomed by rightsholders, but they elicit quite a different response from many ordinary citizens, some of which respond with mocking and defiant replies. These retorts typically complain about expensive legal options, and some are showing off how they continue to pirate.

LigaPro’s boss has noticed these responses and, while most are ignored, he replied to a user who showed that he was already using MagisTV as usual, through a VPN.

According to Loor, “this guy” supports a pirate service that ultimately generates revenue, which “surely” funds other types of crime including sexual exploitation. No source was provided for this claim. Loor added, however, that VPNs are not all risk-free either (if the company running it has malicious intentions).

“[T]his guy is VOLUNTARILY giving away all the data on his phone without realizing that the passwords and everything he sends will be exposed with the VPN. But hey, keep fighting against what is legal and correct,” Loor added.

Of course, these remarks were met with a barrage of other responses, criticizing LigaPro and showing off pirate apps and services. Instead of reaching some kind of consensus or agreement, both sides are becoming more extreme.

And so the ball keeps rolling.

From: TF, for the latest news on copyright battles, piracy and more.

Really interesting article on the ancient-manuscript scholars who are applying their techniques to the Voynich Manuscript.

No one has been able to understand the writing yet, but there are some new understandings:

Davis presented her findings at the medieval-studies conference and published them in 2020 in the journal Manuscript Studies. She had hardly solved the Voynich, but she’d opened it to new kinds of investigation. If five scribes had come together to write it, the manuscript was probably the work of a community, rather than of a single deranged mind or con artist. Why the community used its own language, or code, remains a mystery. Whether it was a cloister of alchemists, or mad monks, or a group like the medieval Béguines—a secluded order of Christian women—required more study. But the marks of frequent use signaled that the manuscript served some routine, perhaps daily function.

Davis’s work brought like-minded scholars out of hiding. In just the past few years, a Yale linguist named Claire Bowern had begun performing sophisticated analyses of the text, building on the efforts of earlier scholars and on methods Bowern had used with undocumented Indigenous languages in Australia. At the University of Malta, computer scientists were figuring out how to analyze the Voynich with tools for natural-language processing. Researchers found that the manuscript’s roughly 38,000 words—and 9,000-word vocabulary—had many of the statistical hallmarks of actual language. The Voynich’s most common word, whatever it meant, appeared roughly twice as often as the second-most-common word and three times as often as the third-commonest, and so on—a touchstone of natural language known as Zipf’s law. The mix of word lengths and the ratio of unique words to total words were similarly language-like. Certain words, moreover, seemed to follow one another in predictable order, a possible sign of grammar.

Finally, each of the text’s sections—as defined by the drawings of plants, stars, bathing women, and so on—had different sets of overrepresented words, just as one would expect in a real book whose chapters focused on different subjects.

Spelling was the chief aberration. The Voynich alphabet—if that’s what it was—appeared to have a conventional 20-odd letters. But compared with known languages, too many of those letters repeated in the same order, both within words and across neighboring words, like a children’s rhyme. In some places, the spellings of adjacent words so converged that a single word repeated two or three times in a row. A rough English equivalent might be something akin to “She sells sea shells by the sea shore.” Another possibility, Bowern told me, was something like pig Latin, or the Yiddishism—known as “shm-reduplication”—that begets phrases such as fancy shmancy and rules shmules.

It’s no secret that Russia would like to have credible alternatives to the world’s most popular websites, software, and operating systems.

Having to rely on the United States for software including, Windows and Photoshop, is painful enough. However, Russia’s relationship with YouTube appears to be much more complicated. Having avoided the fates of Facebook and Instagram, which found themselves labeled “extremist” and banned from Russia, this summer YouTube began feeling the heat.

In July, Russia ordered Google’s CEO to unblock 200 pro-Kremlin YouTube channels, arguing that the restrictions “fundamentally violate the key principles of free dissemination of information.”

In parallel, Russia criticized YouTube for not removing over 61,000 videos containing “fakes about a special military operation” while successfully removing at least 5.6 million VPN-related links from Google Search for providing access to information previously banned in Russia.

Confusion as a Strategy, Movies as a Weapon

Accusing its rivals of exactly the same things Russia’s government does by default is meant to be disruptive. In the United States, where freedom of speech is almost absolute, allegations of censorship are always likely to stir controversy. Russia is acutely aware of other hot-button issues, and routinely exploits those too.

Piracy of Hollywood movies has been mentioned regularly by officials since February 2022, with the government and industry blowing both hot and cold on the possibility of sanctioned mass piracy, at a time when blatant piracy was clearly ongoing.

On RuTube, a video platform the Kremlin touts as a YouTube challenger, piracy of Hollywood content has always been problematic. Owned by Gazprom-Media, RuTube has publicly stated that pirated foreign content is quickly removed. RuTube does indeed respond to takedown notices, apart from those times when it apparently does not.

On full display, no apologies, no excuses

For the last two years, the mass presence of Hollywood movies on RuTube may be a sign that rightsholders’ takedown notices have dried up. Whatever the reason, the latest blockbusters are certainly popular with the masses; although Russia’s cinema owners, at least those still in business, see things a bit differently.

Promoted By The State, RuTube Promotes Piracy

In the summer of 2023, many of the big movies and TV shows released in the West began appearing more frequently on RuTube. In comments to the media, RuTube suggested that it had been taken by surprise at the sudden influx. Netflix titles including The Witcher and Black Mirror would be removed immediately, RuTube said, at least in the event rightsholders requested removal.

Later that year, the Warner Bros. blockbuster ‘Barbie’ quickly appeared on RuTube, as did Universal’s ‘Oppenheimer’. Both are still available for viewing today, supported by a May 2024 RuTube campaign in the Moscow Metro that used images from the movies to advertise the fact. With over two million views on the most popular copies, that appears to be paying off.

At a recent briefing at the Foreign Ministry, the Russian people were asked to prioritize use of RuTube.

“We urge everyone to master this video hosting service [RuTube] and post their materials there,” said Andrei Nastasin, Deputy Director of the Information and Press Department at the Foreign Ministry.

RuTube Doubles its Traffic in 12 Months

Data from the research company Mediascope, made public around a week ago following a request from local news outlet Vedomosti, revealed that RuTube had doubled its traffic in the last 12 months.

Anti-piracy advocate Maxim Ryabyko at the Association for the Protection of Copyright on the Internet, said that piracy of Western content was likely to be a factor in RuTube’s growth. RuTube, on the other hand, declined to comment.

Coincidentally or not, life in Russia then became much more difficult for RuTube’s competition in the United States.

YouTube’s ability to provide fast, uninterrupted streams in Russia, first took a hit around July 12. Telecoms provider Rostelecom spoke of the need to slow down YouTube due to “technical problems” with Google’s servers in Russia, noting that “growth in traffic” had led to a “serious overload” of equipment serving YouTube videos.

“This may affect the download speed and playback quality of YouTube videos for users of all Russian operators,” Rostelecom said, as quoted by the Moscow Times.

YouTube’s Throttling……

Google’s server difficulties appear to have been caused by outside meddling. Russian authorities had ordered all major telecoms companies to throttle YouTube video playback to 128 kilobits per second. On August 8, a wave of complaints across Russia indicated that YouTube was either unusable or totally offline.

In parallel, the Signal messaging service began experiencing severe issues, with telecoms regulator Roskomnadzor later confirming that Signal had been restricted due to “violations of the legislation on combating terrorism and extremism.”

The fact that the Ukrainian military had taken the Kremlin completely by surprise with a sudden surge deep into Russian territory with tens of thousands of troops, wasn’t mentioned as a contributing factor.

After YouTube’s Throttling, Now RuTube’s Deletion

For reasons that are yet to be fully explained, YouTube’s throttling led to a surprise for RuTube late Friday evening. The video service the Kremlin had put so much faith in, suddenly discovered that its iOS app was no longer available from Apple’s App Store. Previously operational search engine links led to a ‘connecting’ message on the App Store, but nothing else.

Connecting…..

RuTube informed its users of the situation via a message on Telegram late Friday evening.

“We have been the most downloaded app in the App Store for a long time, but now we have to announce that our app has been removed from the App Store. This was a result of sanctions from an American company, which made it difficult for users to access our services through a mobile app,” RuTube wrote.

“We understand that this creates inconvenience for you, our users, and brings certain difficulties in using the platform. We appreciate your support and understanding during this difficult time. We will promptly inform you of any news and changes through our official channels. RuTube has been advocating for freedom of speech on our platform until the very last moment, and we will make every effort to ensure the return of the RuTube app to the App Store as soon as possible.”

While there has been no further commentary from RuTube, it appears that similar problems may also exist on Google Play. TorrentFreak’s attempts to access the app on Sunday, both directly and via the main link in Google Search, led only to the message shown below.

RuTube appears to have gone

RuTube’s claim, that the removal is sanctions-related, has not yet been officially confirmed. However, if a copyright holder had presented Apple and Google with a huge list of Hollywood movies being made available via the RuTube app, removal of the app would not come as a surprise.

Even though it claims otherwise, RuTube may not care too much about the DMCA, at least as it currently applies on Russian soil. Unfortunately, its apps are distributed by U.S. companies, which may prove a hindrance in its quest for additional growth.

From: TF, for the latest news on copyright battles, piracy and more.

How did I not know before now that there was a market for squid oil?

The squid oil market has experienced robust growth in recent years, expanding from $4.56 billion in 2023 to $4.94 billion in 2024 at a compound annual growth rate (CAGR) of 8.5%. The growth in the historic period can be attributed to global market growth, alternative to fish oil, cosmetics and skincare industry, sustainability practices, regulatory influence.

Blog moderation policy.

Yet another SQUID acronym:

SQUID, short for Surrogate Quantitative Interpretability for Deepnets, is a computational tool created by Cold Spring Harbor Laboratory (CSHL) scientists. It’s designed to help interpret how AI models analyze the genome. Compared with other analysis tools, SQUID is more consistent, reduces background noise, and can lead to more accurate predictions about the effects of genetic mutations.

Blog moderation policy.

Music piracy has been around for decades and there are no signs that it will disappear anytime soon.

While legitimate subscription streaming services are commonplace today, some people prefer to download or rip music instead; particularly people with limited financial means. That’s a problem for labels and music publishers alike.

According to the RIAA, the U.S. economy loses billions of dollars annually due to piracy. This estimate is difficult to prove, of course, but ‘lost’ revenues are not the only concern. Specialized pirate sites and services frequently feature pre-release leaks too.

These leaks frustrate labels and artists and not just for financial reasons. Many musicians work months if not years on their tracks; seeing these being paraded on pirate sites, before their official release, stings.

Warner’s World-class Anti-Piracy Unit

Warner Music Group is well aware of the leak vulnerability. The company has taken action against various piracy threats in the past and, outside the public eye, the music company is building a dedicated anti-piracy unit.

The unit in question is not mentioned on Warner’s official site, but it did appear in a recent job offering, where Warner Music is looking for an Anti-Piracy/Content Protection coordinator.

“We’re looking for someone who thrives on searching the depths of the internet to find when and where unreleased music first pops up. We want someone to help our artists maintain control of their release plans.”

“This person will be the next piece in building a world-class anti-piracy unit,” Warner Music adds.

To find out more about the scope and goals of this team, we reached out to Warner Music directly. However, the company didn’t immediately respond to our inquiry. Luckily, the job description itself provides some more background.

Tracing Leaks & Spotting Pirates

The anti-piracy coordinator role is quite broad. It involves protecting digital and physical releases as well as merchandise. These protection efforts are in part guided by release schedules. After all, new releases have the most value, and deserve stellar protection.

Within releases there is also a priority ranking. The anti-piracy coordinator is expected to communicate these high-priority releases with third-party anti-piracy services, so these can tailor their takedown efforts accordingly.

The position also requires some familiarity with piracy services, and accompanying research capabilities. It involves managing leak alerts, as well as discovering new piracy platforms and services that pose a threat.

The job offering provides the following examples of typical work that the anti-piracy coordinator has to carry out.

– Monitor and protect all forms of Warner Music Group’s intellectual property
– Work with our label partners on priority release schedules
– Coordinate priority releases on a weekly basis with third-party anti-piracy services
– Receive and create leak alerts for infringing uploads
– Discover new platforms that infringe on WMG’s intellectual property
– Contribute to a growing team of global content protection specialists

Artificial intelligence isn’t mentioned once. That makes sense, as it’s not typically associated with piracy, but more with general copyright infringement, which is likely handled by the broader legal department.

Requirements

The job application provides a rough idea of what the anti-piracy unit does, but it’s likely just a fraction of its full scope. The required skills for the job don’t give away anything either and are quite mundane.

Candidates need a “strong attention to detail”, “work well independently”, have “excellent written and oral communication skills” and comfort with Word, Excel and PowerPoint-type software. A college degree and some anti-piracy experience would be a bonus.

For anyone interested, the job listing is still open and can be accessed through Warner Music Group’s official website.

From: TF, for the latest news on copyright battles, piracy and more.

initLab стана на 14 години.

Отпразнувахме го подобаващо, с разни занимания, включващи пиене, свирене и бордови игри. Имаше хора, които са членове отдавна, имаше хора, които идваха за пръв път, та си беше весело.

Хубаво е, че лабът съществува толкова години. Това е едно от малкото места, на които хора могат да се съберат и да свършат нещо интересно, в почти произволна посока, без някакви особени ограничения и задължения, просто за удоволствието и знанията. През годините са организирани толкова събития, че ми е трудно да ги изброя (във времената, когато бях в управителния съвет си спомням колко дълъг ставаше отчетът за дейността, просто защото целогодишно се случват някакви неща). Без initLab щеше да е доста по-трудна организацията на OpenFest, на доброволците, които ходим на FOSDEM, study групите за Rails Girls, както и на много знайни и незнайни други проекти.

Около свиренето си припомних, че в лаба има един много забавен ефект (така де, любимо звучащия ми дисторжън на тоя свят), и в събота отидох да подрънча малко. Резултатите са (средно зле), нещо с полка ритъм и частта от нещото без distortion, която за някои хора може да е по-слушаема.
(частта без distortion е от края и е по-зле, понеже вече малко ме боляха ръцете, поотвикнал съм)

(също обмислям да проходя някакви лекции в лаба в следващите месеци, понеже имам три започнати и трите не ми харесват изобщо, и се чудя дали ако ги изговоря с някакви други хора може да се получат)

On Saturday 3 August 2024, the annual Debian Developers and Contributors Conference came to a close.

Over 339 attendees representing 48 countries from around the world came together for a combined 108 events made up of more than 50 Talks and Discussions, 37 Birds of a Feather (BoF – informal meeting between developers and users) sessions, 12 workshops, and activities in support of furthering our distribution and free software (25 patches submitted to the Linux kernel), learning from our mentors and peers, building our community, and having a bit of fun.

The conference was preceded by the annual DebCamp hacking session held July 21st through July 27th where Debian Developers and Contributors convened to focus on their Individual Debian-related projects or work in team sprints geared toward in-person collaboration in developing Debian.

This year featured a BootCamp that was held for newcomers with a GPG Workshop and a focus on Introduction to creating .deb files (Debian packaging) staged by a team of dedicated mentors who shared hands-on experience in Debian and offered a deeper understanding of how to work in and contribute to the community.

The actual Debian Developers Conference started on Sunday July 28 2024.

In addition to the traditional 'Bits from the DPL' talk, the continuous key-signing party, lightning talks and the announcement of next year's DebConf25, there were several update sessions shared by internal projects and teams.

Many of the hosted discussion sessions were presented by our technical core teams with the usual and useful meet the Technical Committee and the ftpteam and a set of BoFs about packaging policy and Debian infrastructure, including talk about APT and Debian Installer and an overview about the first eleven years of Reproducible Builds. Internationalization and localization have been subject of several talks. The Python, Perl, Ruby, and Go programming language teams, as well as Med team, also shared updates on their work and efforts.

More than fifteen BoFs and talks about community, diversity and local outreach highlighted the work of various team involved in the social aspect of our community. This year again, Debian Brazil shared strategy and action to attract and retain new contributors and members and opportunities both in Debian and F/OSS.

The schedule was updated each day with planned and ad-hoc activities introduced by attendees over the course of the conference. Several traditional activities took place: a job fair, a poetry performance, the traditional Cheese and Wine party, the group photos and the Day Trips.

For those who were not able to attend, most of the talks and sessions were broadcast live and recorded and the videos made available through a link in their summary in the schedule. Almost all of the sessions facilitated remote participation via IRC messaging apps or online collaborative text documents which allowed remote attendees to 'be in the room' to ask questions or share comments with the speaker or assembled audience.

DebConf24 saw over 6.8 TiB (4.3 TiB in 2023) of data streamed, 91.25 hours (55 in 2023) of scheduled talks, 20 network access points, 1.6 km fibers (1 broken fiber...) and 2.2 km UTP cable deployed, more than 20 country Geoip viewers, 354 T-shirts, 3 day trips, and up to 200 meals planned per day.

All of these events, activities, conversations, and streams coupled with our love, interest, and participation in Debian and F/OSS certainly made this conference an overall success both here in Busan, South Korea and online around the world.

The DebConf24 website will remain active for archival purposes and will continue to offer links to the presentations and videos of talks and events.

Next year, DebConf25 will be held in Brest, France, from Monday, July 7 to Monday, July 21, 2025. As tradition follows before the next DebConf the local organizers in France will start the conference activities with DebCamp with particular focus on individual and team work towards improving the distribution.

DebConf is committed to a safe and welcome environment for all participants. See the web page about the Code of Conduct in DebConf24 website for more details on this.

Debian thanks the commitment of numerous sponsors to support DebConf24, particularly our Platinum Sponsors: Infomaniak, Proxmox, and Wind River.

We also wish to thank our Video and Infrastructure teams, the DebConf24 and DebConf committees, our host nation of South Korea, and each and every person who helped contribute to this event and to Debian overall.

Thank you all for your work in helping Debian continue to be "The Universal Operating System".

See you next year!

About Debian

The Debian Project was founded in 1993 by Ian Murdock to be a truly free community project. Since then the project has grown to be one of the largest and most influential open source projects. Thousands of volunteers from all over the world work together to create and maintain Debian software. Available in 70 languages, and supporting a huge range of computer types, Debian calls itself the universal operating system.

About DebConf

DebConf is the Debian Project's developer conference. In addition to a full schedule of technical, social and policy talks, DebConf provides an opportunity for developers, contributors and other interested people to meet in person and work together more closely. It has taken place annually since 2000 in locations as varied as Scotland, Argentina, Bosnia and Herzegovina, and India. More information about DebConf is available from https://debconf.org/.

About Infomaniak

Infomaniak is an independent cloud service provider recognized throughout Europe for its commitment to privacy, the local economy and the environment. Recording growth of 18% in 2023, the company is developing a suite of online collaborative tools and cloud hosting, streaming, marketing and events solutions. Infomaniak uses exclusively renewable energy, builds its own data centers and develops its solutions in Switzerland, without relocating. The company powers the website of the Belgian radio and TV service (RTBF) and provides streaming for more than 3,000 TV and radio stations in Europe.

About Proxmox

Proxmox provides powerful and user-friendly Open Source server software. Enterprises of all sizes and industries use Proxmox solutions to deploy efficient and simplified IT infrastructures, minimize total cost of ownership, and avoid vendor lock-in. Proxmox also offers commercial support, training services, and an extensive partner ecosystem to ensure business continuity for its customers. Proxmox Server Solutions GmbH was established in 2005 and is headquartered in Vienna, Austria. Proxmox builds its product offerings on top of the Debian operating system.

About Wind River

Wind River For nearly 20 years, Wind River has led in commercial Open Source Linux solutions for mission-critical enterprise edge computing. With expertise across aerospace, automotive, industrial, telecom, and more, the company is committed to Open Source through initiatives like eLxr, Yocto, Zephyr, and StarlingX.

Contact Information

For further information, please visit the DebConf24 web page at https://debconf24.debconf.org/ or send mail to [email protected].

Receiving and imparting advice allows humans to benefit from the experiences of others, without ever having to suffer the consequences of making the same mistakes themselves.

While that’s a great theory and a lovely thought, it’s a poor substitute for knowing that today’s disaster is your own work and yours alone. What’s infinitely worse than that is blindly allowing strangers on the internet to make big decisions, and then having to live with the consequences of their poor advice knowing the blame lies closer to home.

Stay Safe, Trust No One

Case in point, ‘staying safe online’, which according to Google’s autocomplete is a popular question when people are preparing to download anything, from music to PC games, to general software and Android APKs.

Anyone who opted for the ‘safest site’ to ‘download free mp3’ today, but ignored copyright concerns and the first few results linking to legal services, may have landed on a site with links to a few YouTube download sites. However, the ‘recommended’ option at the top of the list is to install free software that ‘claims’ to download from Spotify instead.

The .exe triggered no warnings when scanned using Windows Defender, MalwareBytes, and BitDefender. When checked it remotely, using a handful of online security tools, a different picture emerged.

A decision was made not to install the software and that turned out to be a good thing. Most of the time, installing any type of software from unknown sites should be avoided and here, any benefit would’ve been eliminated ten times over by whatever came next.

Beware of Deception

While the Baader-Meinhof phenomenon might explain an ‘unusually’ large number of people asking for “the safest site” this week, they were definitely there; on X, Reddit and other platforms, seeking out everything from manga to mainstream movies.

As usual, responses to the impossible question varied. Typically, some site or another in vogue at the moment receives a mention; that happened on one occasion this week and the chat ended there.

On rare occasions, someone will take the time to point out that research is advised but, for many people, that sounds like a tedious way of not getting content immediately. We didn’t see any of those this week, unfortunately.

Occasionally, since it tends to get frowned upon these days, someone will post a link to a site. In one case last week, someone posted a direct link to an Android APK.

In response to that post, a seemingly unconnected user agreed that this particular app provides access to everything and helpfully provided a link to a site where all of those details were available. That included the name of the app, a nice logo, its file size (around 30mb), version number, package name, and details of OS version compatibility.

As highlighted by the poster, the page also listed all relevant file hashes and a signature, so that any prospective users could do all the relevant checks, to confirm it’s 100% safe. How many people actually check those things is unknown but, in this case, the hash linked to details of an app on VirusTotal with a clean bill of health. However, the APK delivered by the site had a completely different hash.

Pirated Content Still On Offer…Good?

Many people believe that if an app works, that’s always a good sign. The reality is that if the app doesn’t work, people will uninstall it, and that’s the last thing nefarious app distributors want.

In this case, the app did work, albeit in a secure environment. But ordinarily it would’ve been installed on someone’s Android phone, where it would’ve been very happy indeed.

As F-Secure explains: An SMS-Worm is a type of worm that distributes copies of itself to new victims – in this case, mobile phones – over the Short Messaging System (SMS) of mobile telecommunications networks. An SMS-Worm may be able to automatically send a copy of itself to every contact listed in the mobile phone’s Contacts list.

Alternatively, the SMS may contain a link to a website. On clicking the link, the user may inadvertently download the worm’s executable code onto their mobile phone, thereby infecting themselves. For this method to work, the mobile phone would need to have Internet-access capability.

Other slightly worrying behaviors included an attempt to harvest all hostnames from the local network, presumably just to check out what other services might be available. Merely out of curiosity? Probably not

At some point, the app tried to connect to an IP address and domain names which according to records are connected to Hola/Luminati. That raises the prospect of devices subsequently becoming part of a network where the user’s connection can be used by someone else.

There’s no suggestion that those services are aware of anything malicious, a quality they’re likely to share with people who install *any* Android software without knowing what it does first, even though it’s free to find out.

Androguard: Reverse engineering and pentesting for Android
ANY.RUN: Free Malware Reports and Database
APKHunt: Comprehensive static code analysis for Android
APKLab: Android Reverse-Engineering Workbench
APKLeaks: Scanning APK file for URIs, endpoints & secrets
APKtool: A tool for reverse engineering Android APK files
Hybrid-Analysis: Free Automated Malware Analysis
Frida: A world-class dynamic instrumentation toolkit
Genymobile/scrcpy: Display and control your Android device
MobSF: Security research platform for mobile applications
Oracle VM VirtualBox
Sixo Online APK Analyzer
URLscan: Website scanner for suspicious and malicious URLs
VirusTotal: Analyse suspicious files, domains, IPs and URLs to detect malware
Wireshark: The world’s most popular network protocol analyzer

From: TF, for the latest news on copyright battles, piracy and more.