In November 2023, the publisher of hit videogame Genshin Impact obtained a DMCA subpoena at a California district court to unmask an anonymous alleged infringer.

Cognosphere’s aim was to compel X/Twitter to “disclose the identity, including the name(s), address(es), telephone number(s), and e-mail addresses(es)” of an individual in control of four ‘X’ accounts: @HutaoLoverGI, @GIHutaoLover, @HutaoLover77, and @FurinaaLover.

The company claimed that the accounts had leaked unreleased material from Genshin Impact and the purpose of the subpoena was to tackle the alleged infringement. The subpoena was granted but X Corp pushed back and refused to disclose the requested information by the November 22, 2023, deadline.

Unmasking a Third Party, Anonymous Speaker

In a subsequent court filing , X Corp said that Cognosphere was attempting to “unmask third party, anonymous speakers via a subpoena issued under the DMCA.”

The company said it was concerned since it lacked information to show that its users’ rights were being protected. (Note: X refers to four users based on one person to one account. Cognosphere believes one person controls all four accounts)

“X Corp. [..] is not in a position to determine whether Cognosphere has made the required constitutional and evidentiary showings to unmask those speakers, and has thus stood on its timely free speech objections, such that the parties can obtain a determination from the Court,” the company informed the court.

X Corp. asked the Court to assess whether Cognosphere’s copyright claim is “sufficient to satisfy any First Amendment free speech safeguards applicable to the anonymous speakers” before balancing Cognosphere’s need for discovery against the anonymous users’ privacy rights.

Cognosphere described X Corp’s demands as “extraordinary” and said that a “protracted balancing exercise” was not constitutionally required.

X Corp’s Objections and Motion to Quash Denied

In response to an order from Magistrate Judge Peter H. Kang at the District Court (San Francisco Division) for the Northern District of California, back in March the parties filed a joint supplemental letter brief ( pdf ) .

In an order handed down this week, Judge Kang writes that after a review, the Court determined that the dispute could be resolved without the need for oral argument.

X Corp.’s motion to quash the subpoena on First Amendment grounds was denied. The reasons in support of that decision are explained by the court over 15 pages, with the key points raised by the Judge summarized below.

First Amendment Scrutiny

A recipient of a DMCA subpoena may file an objection if it believes it that compliance would require disclosure of material protected by the First Amendment and would conflict with the Federal Rules of Civil Procedure. Since X Corp. filed no objections on FRCP grounds, everything boils down to whether X Corp.’s First Amendment objection is sustainable.

First Amendment scrutiny of a DMCA subpoena includes an assessment of the type of conduct or speech at issue. Courts have identified “core” First Amendment expression to be political speech and religious speech; in this matter, the alleged posting of unauthorized copies of Cognosphere’s Genshin Impact artwork is neither. However, the unauthorized sharing of copyrighted works does qualify as speech, if only to a degree, so analysis is warranted.

The inquiry undertaken by the Judge considered whether Cognosphere had demonstrated a prima facie case on the merits of its copyright claim, and whether the subpoena was obtained in good faith and not for improper purposes. The Judge also considered the information sought and its relevance to Cognosphere’s core claim, and whether the information was obtainable from any other source. These factors were then balanced against the First Amendment interests at stake.

Conclusion: Motion to Quash Denied

The Court found that Cognosphere owns the copyrights to the content in question and that X Corp’s objections failed to undermine the publisher’s prima facie case of copyright infringement. Since Cognosphere acted in good faith and the information sought is directly relevant to the core of its claim, the Court found that Cognosphere’s need for discovery outweighs any First Amendment interests at stake.

The X account holder(s) did not appear at any point in this action, but that had no impact on the Court’s evaluation.

“The fact that the account holder(s) have not appeared in this action does not defeat justiciability and does not impact evaluation of the issues,” the order reads.

“As recognized by other courts, X Corp.’s interests are generally aligned with its users with regard to anonymity and thus, on behalf of its users, X Corp. may adequately raise First Amendment interests in opposing enforcement of the subpoena.”

The order denying X Corp’s motion to quash the DMCA subpoena is available here (pdf)

From: TF , for the latest news on copyright battles, piracy and more.

For years, Fmovies presented a major threat to Hollywood, one that seemed near impossible to defeat.

The site’s operators were linked to dozens of popular pirate sites, generating billions of visits annually.

While MPA’s anti-piracy flagship ACE tied the operation to Vietnam early on, effectively shutting it down took years. In addition to gathering intelligence, Hollywood’s diplomatic powers were required to force a breakthrough.

This summer, these efforts paid off handsomely. After the main Fmovies site fell apart in July , related streaming portals including Bflix, Aniwave, and Zorox fell like dominoes in the weeks after.

Taking Down The Mothership

The combined traffic of these platforms arguably makes the takedown operation the largest of its kind, ever. So, understandably, MPA and ACE took credit for helping the Vietnamese authorities achieve this feat.

MPA CEO Charles Rivkin, for example, noted that anti-piracy efforts are bigger and bolder than before, equating Fmovies to the piracy “mothership”.

“We took down the mothership here,” Rivkin told Variety last month. “There was a time when piracy was Whac-a-Mole… Today, we go after piracy at its root,” he said at the time.

Rivkin didn’t exaggerate the size or impact of the takedown. The Fmovies wreckage included dozens of high-profile streaming portals including Vidsrc.to, a popular video hosting platform used by many third-party sites.

“Vidsrc.to, a notorious video hosting provider operated by the same suspects was also taken down, impacting hundreds of additional dedicated piracy sites,” ACE reported last month.

Pirate Empire Strikes Back?

MPA and ACE were rightfully proud of their accomplishments but when dealing with pirates, new threats can emerge out of the blue. That’s precisely what’s happening this week, as Vidsrc.to has made a surprise comeback.

While the video hosting site looks the same as before, there are no obvious signs that the Fmovies team is behind it. Instead, the videos appear to be sourced from an unrelated competitor, Vidsrc.me.

Apparently, these new people managed to get their hands on this valuable domain name, using it to further the interests of another fleet of pirate streaming sites. And more domains may follow the same path.

Vidsrc.to Auctioned Off

Traditionally, when the MPA and ACE shut down sites, associated domain names are redirected to its “ Watch Legally ” page. In some cases domains expire and are not necessarily renewed.

According to domain records, Vidsrc.to expired in July. Information received by TorrentFreak suggests that it was picked up by an unknown party, and sold through Namecheap for several hundred dollars a few days ago.

From there the domain’s new owner brought the site back to its full glory. We can’t confirm who’s behind the comeback, but Vidsrc.to uses a video player from its former competitor, Vidscr.me.

More Loose Ends

TorrentFreak reached out to the MPA, seeking a comment on this comeback and the lack of a more permanent domain seizure, but we didn’t immediately hear back. The organization still has control over some older ‘pirate’ domains, including Hotfile and IsoHunt , but it appears the same doesn’t apply to these recent actions.

Vidsrc.to is not the only pirate site domain that’s available for purchase, however. Looking through Namecheap’s listings we also see that Tinyzone.tv can be purchased for $3,911 . This site reportedly had ties to Vietnam too, and was taken down by ACE last November.

The same applies to ev01.net. That movie streaming site domain briefly redirected to the ACE website. It eventually expired and can be purchased through Namecheap for those who can afford $13,911.

These loose ends can cause trouble in the future, but whether anyone will pick that domain up seems doubtful. The ev01.net domain previously redirected to ev01.to, which remains online today, and still uses the ev01.net branding.

All in all, it is clear that these domain-related loose ends can be a source of trouble. MPA and ACE may have taken down the mothership, but the piracy galaxy doesn’t appear to rely on a single Star Destroyer.

From: TF , for the latest news on copyright battles, piracy and more.

Last December when the MPA and other rightsholders renewed calls for site-blocking measures to be implemented in the United States, much of the focus was placed on Fmovies.

Before its recent sudden demise , Fmovies was considered the world’s largest illegal movie and TV show streaming site, yet some lawmakers in attendance at last year’s hearing had never heard of it before.

Fewer still would’ve heard of pirate IPTV service Magis TV, but for the MPA and enforcement coalition Alliance for Creativity and Entertainment, Magis TV is the source of a persistent headache for which there’s currently no cure.

China and Latin America

According to the MPA, Magis TV is believed to operate out of China. Its focus is on the Latin American market where millions consume content mostly via the platform’s ubiquitous, subscription-based Android app.

Cybersecurity firm ESET has linked the popular app to malware and botnets, but that doesn’t appear to have had any negative effect on Magis TV’s continued popularity.

Indeed, despite being under significant pressure from anti-piracy measures across the entire region, limiting Magis TV’s ability to operate has proven quite the challenge.

An order published in Argentina dated September 13, 2024, reveals that the country’s Internet Service Providers are now required to block dozens of Magis TV-linked domains for violating intellectual property law.

Telecoms body ENACOM is responsible for arranging the blocks

The original order in Spanish (translation above) runs to four pages, most of which list Magis TV-linked domains. As screenshots of those domains shows, there’s no obvious design consistency, which suggests that whoever operates them have received no specific instructions from the owners of the IPTV service.

Chaotic, perhaps usefully so

Some domains on the list claim to offer services to those considering becoming a reseller, so at least in theory they may have closer links to the service itself. In other cases, site operators may not have any direct connections beyond buying subscription credits at one price and then selling them on at another. That’s not to downplay their importance, but it does highlight the difficulties when it comes to enforcement.

In total, 69 domains (full list below) must be blocked to ensure they’re inaccessible from Argentinian territory but how effective that will be at limiting access to the service remains to be seen.

ACE Has Already Seized or Shut Down as Many Domains

The Alliance for Creativity and Entertainment has been working on the Magis TV problem for at least a couple of years. In the summer of 2022, a series of DMCA subpoenas targeting dozens of illegal streaming sites aimed to unmask their operators, including whoever is behind Magis TV.

In November that same year, another subpoena sought information from Zenlayer. Whether any, all, or none of these efforts bore fruit is unknown, but ACE soon started to take possession or exercise some type of control over dozens of domains with links to Magis TV. As is usually the case, many began diverting to the ACE anti-piracy portal.

Quietly commandeered, no official announcement from ACE

The lack of an official announcement to celebrate such a big haul was somewhat unusual. However, it seems likely that having assessed the situation, ACE may have concluded that the seizures wouldn’t provide the clean kill the coalition is known for.

The true scale of the problem hasn’t been revealed in public but an ACE report seen by TorrentFreak suggests a continent-wide problem.

Focused on piracy in Latin America, the report reveals that by the end of 2023, the anti-piracy coalition had taken down around 50 Magis TV websites in the region. Starting in Chile and heading north, up through Peru, into Ecuador, then Colombia, Venezuela, Dominican Republic, and finally back on home turf in the United States, sites were systematically taken down.

The only issue, albeit quite a significant one, is that ACE concluded that Magis TV and/or its affiliates, including an unknown number of resellers, were together operating over 370 websites.

Inevitable Site-Blocking

Ecuador has been blocking pirate sites since 2019 and earlier this year it began blocking Magis TV .

In August, ISPs in Ecuador added a further 183 Magis TV-linked IP addresses to the existing blocklist, followed by a dynamic blocking order last week, which allows a rightsholder to add new blocking targets without a court intervention.

As the image below shows (right), Ecuador has also managed to place warnings directly on the screens of pirates watching illegal streams, while Bolivia (left) issued direct warnings as far back as July 2022.

Limited blocking also takes place in Peru (magis-tv.app, magstv.com, tvmagis.com, magistv.news, magistv-app.net) and other countries in the region. But with domains both cheap and easy to replace, pirates at the consumer end of what is effectively a pyramid sales operation, will always be one step ahead.

ACE has been keeping up the pressure by obtaining new DMCA subpoenas in March and June 2024 , so presumably intends to tackle this problem by taking out those at the top.

If they are indeed based in China, that’s unlikely to be straightforward; yet, with enough patience and the right leverage , nothing is impossible.

The domains listed for blocking in the Argentinian order read as follows:

magistv-la.com, magistv.net, tvmagis.pro, magistv-app.net, magistv.video, magistvplus.com, magistv.app, tvmagis.com, magistvonline.com, magis123.com, magistv.film, magistvoficial.net, magistviptv.com, magistv.live, magistvlatin.com, magistvlatino.es, fullmagistv.com, magistvv.com – redirects to > tvsnipers.com, magistv-ecuador.com, magistv.agency, soportemagistv.com, panelmagistv.com, magistvstream.net, magistvmas.com, magistv-venezuela.com, comprarmagistv.app, magistv.ai, descarga-magistv.com, magispro.com, magistvgo.com, magislatamtv.net, magistvecuador.app, magistvinternational.com, magiscr.org, magistv.mx, magistvmexico.net, oficialmagistv.com, magistv.so – redirects to > magistv.film, magistvapk.app – redirects to> magis-tv.vip, comprarmagistv.com, magistvmex.com, magisapp.app, magistvperu.org, magistvusa.net, magistvoficial.com, magistv-app.net, renovarmagistv.net, panelmagistv.net, magistvgratis.com, magistvpty.com, getmagistv.com, magistve.com, magistvoficial.org, magistvpc.com, magistv.la, magistv.club, tvmagis.pro, magistv.stream, magis.com.ec, magistvtv.com, planesmagistv.com, magistvpremium.com, magistv-latino.net, magistvhn.com, magistvplus.com.co, magisapk.com, magis-cr.com, magistvoficialchile.com, magistvapp.app

To our knowledge, ACE has shut down at minimum the following domains:

magistvgroup.com, magistv.global, magistv.org.pe, magistvnicaragua.com, magistvperu.com, magistvusa.com, magistvapk.com, magistvecuador.com, magistvlatino.app, magistvdemo.com, magistvargentina.com, magistvrepublicadominicana.com, magistvchile.com, magistvpanama.com, magistvfacil.com, magistvbrasil.com, magisglobal.net, magistvcostarica.com, magistvpuertorico.com, magistvmexico.com, magistvuruguay.com, magistvglobal.com, magistvoficial.vip, magistvparaguay.com, magistvbolivia.com, magistvcolombia.com, bolivia.magistvgroup.com, cuba.magistvgroup.com, colombia.magistvgroup.com, argentina.magistvgroup.com, magistvfull.com, magistv.biz, magistv.services, magistv.solutions, magistv.fyi, magistv.us, magistvoficial.online, magistv.group, magistv.social, magistvoficial.digital, magist.vg, magistvvenezuela.com, magistv.es, magistvglobal.co, magistv.place, magistvrepublishedadomenica.com, magistv.store, magistv.asia, magistvoficial.services, magistv.life, magistvoficial.info

From: TF , for the latest news on copyright battles, piracy and more.

In August, Cox Communications filed a petition at the U.S. Supreme Court , requesting a review of a Fourth Circuit ruling that held the company liable for pirating subscribers.

The Internet provider ultimately challenges a $1 billion jury verdict in favor of major record labels, including Sony and Universal, arguing that it has far-reaching implications for Internet providers and the broader American public.

Cox wrote that, in its view, the lower court’s ruling stretches service provider liability too far and creates the “most draconian secondary-liability regime” in the country. As a result, ISPs find themselves ‘forced’ to terminate subscribers, who may have done little wrong.

Two Questions

This case is about who is responsible for Internet piracy. Is it only the users who actually share pirated material, or can ISPs be held responsible too, when they fail to properly respond to “repeat infringers”, as the DMCA prescribes?

The Fourth Circuit concluded that Cox “materially contributed” to the infringements of its subscribers because the company knew about this activity and didn’t terminate their accounts.

That leads Cox to present the following question to the Supreme Court:

“Did the Fourth Circuit err in holding that a service provider can be held liable […] merely because it knew that people were using certain accounts to infringe and did not terminate access, without proof that the service provider affirmatively fostered infringement or otherwise intended to promote it?”

The second question is indirectly related to the damages award. The jury awarded the maximum statutory damages of $150,000 per work, which is typically reserved for “willful” infringement. Cox questions whether simply knowing about subscribers’ copyright infringements is willful.

“Did the Fourth Circuit err in holding that mere knowledge of another’s direct infringement suffices to find willfulness under 17 U.S.C. § 504(c)?” the petition reads.

ISPs Back Cox

This case doesn’t only affect Cox, it has implications for all Internet providers. Yesterday, several other ISPs including Verizon, Frontier, Altice, and Lumen Technologies, filed an amicus curiae brief at the Supreme Court, backing the petition.

Several of these providers are involved in similar lawsuits, with potential damages running in the hundreds of millions, if not billions of dollars. This ‘threat’ created by the lower court’s ruling creates “extortionate pressure” and invites mass terminations, they argue.

“The decision […] imperils the future of the internet. It exposes internet service providers to massive liability if they do not carry out mass internet evictions.

“The extortionate pressure such lawsuits exert is acute. And the mass terminations they encourage would harm innocent people by depriving households, schools, hospitals, and businesses of internet access.”

The ISPs note that, as things stand, they are required to terminate connections of alleged pirates that may also be used by innocent others. This is all based on third-party accusations that, in large part, rely on automated processes which are not error free.

Twitter

The amicus brief stresses that the Fourth Circuit’s decision to hold Cox liable, directly contradicts the recent Supreme Court ruling in Twitter vs Taamneh . In that case, the Supreme Court rejected the claim that Twitter aided-and-abetted terrorist activity because it didn’t “consciously and culpably” participate in the illegal activity.

According to the ISPs’ brief, the same logic applies in this case. Cox was held liable for the piracy activities of subscribers, without taking any culpable action.

A service provider’s failure to stop bad actors from misusing its platform does not qualify as culpable action. To emphasize this point, the brief cites the Supreme Court’s own words.

“Under the common law, this Court explained, ‘communication providing services’ have no ‘duty’ ‘to terminate customers after discovering that the customers were using the service for illicit ends’.

“For that reason, the Court held that the social-media companies’ continued provision of routine communication service to terrorists was ‘mere passive nonfeasance’ that did not amount to culpable aid.”

In conclusion, the ISPs urge the Supreme Court to grant Cox’s petition and overturn the Fourth Circuit’s decision, emphasizing the need to protect ISPs from excessive liability and safeguard the internet’s future.

Law Professor Chimes In

It’s no surprise that these ISPs are siding with Cox, as they have a direct interest in the outcome of the case. However, they are not the only amici; Professor Alfred Yen from Boston College Law School also wrote in.

Professor Yen urges the Supreme Court to grant certiorari (Cox’s appeal) and rectify what he perceives as a flawed interpretation of contributory copyright infringement law by the Fourth Circuit. His only interest in this case is the “orderly and logical development of the law for the benefit of society,” his brief explains.

The brief also focuses on culpable intent. The Fourth Circuit concluded that Cox was ‘culpable’ because it provided internet service to subscribers, while knowing that those subscribers could likely continue to pirate.

The court specifically stated that “supplying a product with knowledge that the recipient will use it to infringe is exactly the sort of culpable conduct sufficient for contributory infringement.”

Professor Yen believes that this is wrong, as Cox could not conclude with “substantial certainty” that infringers would continue. Especially since Cox also operated a graduated response program, aimed at stopping piracy on its network.

Electric Shock

In addition, the brief notes that ‘certainty of injury’ does not always imply intent. There are many other services that are guaranteed to lead to injury, where intent is not in question.

“For example, the operator of a railroad knows with substantial certainty that this activity will eventually cause injury to someone. The same would be true for the electric company because eventually, someone will suffer an electric shock,” Professor Yen writes.

While the Fourth Circuit’s conclusion that Cox is liable might seem superficially attractive, the professor warns of far-reaching and dangerous consequences if it holds up.

Under the same logic, many other companies could be drawn into liability battles because they provide services to individuals who may use that service to infringe, ranging from electricity providers to ink sellers.

“The Fourth Circuit’s logic makes all of these service providers culpably responsible for infringement as long as they receive the same kinds of notice sent to Petitioners and continue providing service,” Professor Yen writes.

Moving Forward

The Supreme Court took both briefs under consideration, to see if these will eventually factor into the decision to hear the case or not.

The respondents in this case, a group of major record labels including Sony and Universal, were required to file their planned opposition brief yesterday. However, they were given a month’s extension previously, so that will come in later.

—

A copy of the amicus brief filed by the Internet providers is available here (pdf) . A copy of Professor Alfred Yen’s brief can be found here (pdf)

From: TF , for the latest news on copyright battles, piracy and more.

In a couple of weeks the UK’s BeStreamWise anti-piracy campaign will celebrate its one-year anniversary.

Launched last October, the campaign aims to deter citizens from consuming live sports from pirate IPTV services and other platforms offering illegal streams.

With the slogan “Illegal Streams Let Criminals In” companies including Sky, Premier League, FACT, and ITV, hope that consumers will weigh cheap prices against the risk of malware and fraud, before concluding that a legal subscription is the best option overall.

12 Months of Saving

For the last year, the battle for hearts-and-minds has mostly played out online. Friendly tabloids and other publications known for their considerable social media reach, have taken a real interest in the campaign; not just by amplifying the message but presenting it as a preparatory hors d’oeuvre before the main course apocalypse.

The latest phase of the campaign, reported by BeStreamWise late last week, aimed to protect pirates seeking out pirated match streams on social media.

“BeStreamWise will redirect consumers searching for illegal streams of the game this weekend to protect them from the dangers of digital piracy.

“The initiative has been arranged for the high profile north London derby, renowned for being one of the highest scoring games in the top division and famous for the long-standing rivalry between its clubs,” an announcement on the campaign site reads.

“Highlighting the risks of illegal streaming, which include identity theft, fraud, viruses and dangerous malware, BeStreamWise will target those looking to watch the game illegally for free via X and Reddit. Those who click on the link will find that instead of watching one of the most exciting clashes in this year’s football calendar, they will instead see a gentle brook babbling its way past the camera lens.”

Given that a gentle babbling brook is a type of stream , the imagery complements the main theme of the campaign perfectly. The stream on the BeStreamWise website is actually Burbage Brook in Padley Gorge in Derbyshire’s Peak District, but whether the replacement live stream displayed this particular brook is still unconfirmed.

Determined to See the Stream

Our efforts to find fake Premier League match links that led to the live brook stream were a complete failure. There was no sign of any on Reddit or X, or any sign that any had ever been posted.

A plausible explanation is that posting links publicly was never the plan; a better option would be to wait for someone to show interest or ask for a pirate link, then send the fake link via DM. That would mean no instabans from Reddit mods for spamming fake links and no chance of being instantly called out on X for watering piracy down.

Another explanation is that in our desperate quest to find the link, leading to the brook and then salvation, too much time was spent clicking links that promised Premier League matches but mostly led to phishing sites and malware. With BeStreamWise falling short of omnipresence, self-preservation offered the only chance of survival.

Beware Glossy Tweets, Underneath Evil Lurks

The image below represents a game of two halves. On our left, X.com (formerly known as Twitter) featuring a rather glossy tweet that promises an entire season of Premier League games for free. With Premier League branding and official club badges, it certainly looks promising and of course, that’s the idea.

Apparently compatible with every mainstream device, all that remains is for the user to click on the TinyURL shortlink and wait for the streams in all their glory. A much better approach is to find out where a link leads before clicking it , as demonstrated in the screenshot on the right.

Find out where links lead in advance; BeLinkWise (click to enlarge)

Redirect Checker is a useful service for anyone confronted with a shortlink, regardless of the circumstances. In this case, the shortlink (marked 1 in the first image) looks neater and offers an element of surprise by hiding the destination. In other cases, shortlinks hide trackers that undermine privacy; all should be stripped before being clicked.

Redirect Checker doesn’t discriminate; paste the URL in the box (2) and the previously obfuscated destination URL appears below (3). Once the URL is exposed, testing it on a site like VirusTotal is the recommended option for most people. Understanding the results of a scan isn’t vital since the presence of red text makes it clear not to continue.

Continue Anyway, Cautiously

For theatrical and dramatic purposes, we decided to click through regardless of the VirusTotal report, albeit with a pretty secure setup inside a virtual machine ready to be dumped if necessary.

On the left of the image below is the website that appeared after accessing the ‘final destination’ URL indicated by Redirect Checker. However, when clicking through visitors are taken to another domain (present in the white diagram) that in our case triggered a malware/riskware warning. Until this point, security software had remained silent.

More gloss, more red flags

The website seems to offer everything, but makes it quite clear that visitors MUST sign up for an account first. Pirate IPTV sites do something similar except they tend to be quite up front about a) what’s on offer and b) the need to communicate when payment takes place.

Bright Red Flags

The offer of free streams here is still hidden behind a registration wall. That’s not typical of a completely free pirate streaming service. Often reliant on ads, more eyeballs on the site is usually preferred to unnecessary, traffic-limiting restrictions.

Never, EVER, put personal details into a pirate site

Visiting VirusTotal at the first opportunity would’ve given a vital heads-up on why proceeding this far was always ill-advised and an unnecessary risk.

The benefits of checking are obvious in this case, but the same applies equally to any other site, operating in any other niche, even (or especially) links received via email. There are no big campaigns warning the public about the dangers of email, but it remains the primary route through which internet users are exposed to phishing operations that aim to empty bank accounts, with zero regard for the devastation that causes.

Malware is Real

While we had zero intention of going any further, having seen enough of these types of sites in the past, we sincerely doubt that Premier League streams were ever on offer. Insult to injury, on the other hand, most likely in plentiful supply. The price of a genuine subscription package might sting and take a large chunk of a fan’s disposable income, but it won’t take all of it and give nothing back.

The majority of people are unlikely to find themselves saved by a BeStreamWise intervention. Nor will they receive any basic security advice such as constantly running up-to-date anti-virus software and, if possible, an anti-malware solution on top.

Yet, without seeing evidence themselves, any security risks will likely find themselves waved aside by the masses in favor of free streams. Some will get away without experiencing too many problems, many others won’t be so lucky. Malware’s effect on piracy rates is more difficult to quantify; what we know is malware increases as piracy consumption goes up, make of that what you will.

From: TF , for the latest news on copyright battles, piracy and more.

Tracking BitTorrent pirates isn’t all that hard since IP addresses are openly broadcasted. With help from Internet providers, these addresses can then be linked to account holders.

ISPs don’t hand over this data voluntarily; they typically require a subpoena or court order before taking action.

In the United States, subpoenas are typically obtained by filing a copyright complaint in federal court against a “John Doe” who’s known only by an IP address. Most of these cases are filed against a single person, which makes it a relatively expensive process.

DMCA Shortcut

In recent years, some rightsholders have used a shortcut to bypass this costly process. Drawing inspiration from the RIAA’s early efforts to identify music pirates in the early 2000s, they use the DMCA subpoena process to obtain the personal details of suspected copyright infringers.

Unlike regular subpoenas, the DMCA equivalents are not reviewed by a judge and only require a signature from the court clerk. While several courts effectively banned the practice two decades ago, more recent attempts cite fresh interpretations and conflicting case law to support their requests.

Many courts granted these new requests, which required Internet providers to identify hundreds, if not thousands of alleged pirates.

Cox Successfully Intervenes

Most of these recent DMCA subpoenas progressed quietly, with little fanfare or pushback. That changed last year when a Cox subscriber, suspected of pirating the movie Fall , filed an objection in court.

The objection prompted Cox Communications to intervene. The Internet provider decided to challenge the use of the DMCA subpoena tool, as detailed in DMCA §512(h) . Similar to the earlier opposition against RIAA’s attempts, the ISP argued that DMCA subpoenas don’t apply to mere conduit providers, as defined under § 512(a).

Earlier this year, a district court judge in Hawaii sided with Cox. The court ruled that DMCA subpoenas don’t apply to mere conduit services, but do apply to other providers that store or link to infringing content directly. As such, the movie companies’ request for a subpoena was denied .

The rightsholders in this matter, film companies Voltage Holdings, Millennium Funding, and Capstone Studios, swiftly submitted a motion for reconsideration. Among other things, they countered that ISPs are not just ‘mere conduits’, since they can remove or disable ‘references or links’ to infringing content.

The Hawaii district court reviewed the opposition, but eventually ruled that the ‘DMCA shortcut’ will remain closed.

Movie Companies Take Case to Court of Appeals

The movie companies are not letting this issue go that easily. A few days ago, they filed a petition at the Ninth Circuit Court of Appeals, arguing that the district court’s interpretation of the DMCA was overly narrow and hinders their efforts to combat online piracy.

The 81-page petition presents a wide array of arguments. The movie studios argue that the district court’s interpretation, which relies on dated precedents, doesn’t reflect the realities of the modern Internet. They note that ISPs do play a role in facilitating piracy, even if indirectly, and should be subject to DMCA subpoenas.

“A careful reading of the full text of 17 U.S.C. §512 leads to the unquestionable conclusion that Congress intended for DMCA subpoenas to apply to §512(a) service providers despite the contrary conclusions of Verizon and Charter,” the petition reads.

Key Questions

The appeal touches on various DMCA nuances and how these have been interpreted by courts. Ultimately, two key questions are presented.

First, whether DMCA subpoenas can apply to residential ISPs under §512(a) and second, can ISPs be seen as information location tools. These fall under §512(d), which could make an ISP subject to DMCA subpoenas.

(1) Can a valid subpoena under 17 U.S.C. §512(h) be issued commanding a §512(a) residential Internet service provider (“ISP”) to identify subscribers that use the ISP’s service to share copies of pirated copyright protected content online to the entire world via the BitTorrent peer-to-peer network?

(2) Is a residential ISP a provider of information location tools as defined in §512(d) when it provides a subscriber with customer premise equipment (modems and/or residential gateways) and assigns the subscriber an Internet Protocol (“IP”) addresses and links other users to the subscribers’ assigned IP addresses where the subscriber shares pirated copies of copyright protected Works via the BitTorrent peer-to-peer network?

The first question zooms in on the statutory language of the DMCA which, according to the movie companies, suggests that Congress intended DMCA subpoenas to apply to ‘mere conduit’ providers too.

For example, it mentions that §512(e) of the DMCA, which applies to educational institutions, explicitly conditions that a §512(a) service provider should not receive more than two §512(c)(3)(A) notifications within three years.

The District Court, however, concluded that these notifications don’t apply to §512(a) providers because there is no material to take down. That’s a clear conflict, the movie companies note.

Alternative Angle

The second key question is whether ISPs such as Cox operate as information location tools under §512(d). That would make DMCA subpoenas a valid instrument as well. The petition argues that this applies directly to Cox.

“Cox assigns the IP addresses that are used by its subscribers to share pirated copies of Fall online. Cox links other users to the online location to obtain copies of Fall when it routes their data to and from that IP address. Accordingly, Cox is a §512(d) service provider.”

To support this angle, the rightsholders add that Cox can take technical measures in response to infringing activity.

“Cox can use measures to disable the link to the infringing material such as null routing the IP addresses, blocking the ports associated with BitTorrent activity from the subscribers’ endpoint, or filtering the BitTorrent content from the subscriber’s endpoint,” the petitions reads.

Landmark Appeal

The above is just a brief overview of some of the angles, questions, and arguments laid out in the petition. Much of it goes into great detail on the various DMCA sections, how these are linked, and what that means for the present case.

Whether the court agrees that there’s a statutory conflict has yet to be seen. However, the stakes are significant. If rightsholders can identify alleged pirates more easily, enforcement will likely ramp up.

Cox has yet to respond to the appeal. When it does, the ISP’s response will likely be mindful of the Supreme Court petition it filed in a separate copyright-related case, where a jury held the ISP liable for pirating subscribers.

—-

A copy of the petition, filed by Voltage Holdings, Millennium Funding, and Capstone Studios is available here (pdf) .

From: TF , for the latest news on copyright battles, piracy and more.

As Donald Trump used every available resource to ensure his tenancy at the most recognizable house in the United States was extended, some social media platforms had adopted an unorthodox approach to his accounts.

Despite receiving a number of takedown notices alleging copyright infringement in Trump’s tweets, and in some cases removing content in response to apparently valid claims, the president’s account wasn’t suspended or terminated as is often the case.

That allowed one of Trump’s team to post a tweet containing a short animation; a train sporting Trump’s campaign logo being pursued at some distance by rival Joe Biden on a railroad handcar failing to keep up. For reasons that remain unknown, the animator chose the 1982 hit ‘Electric Avenue’ by British singer-songwriter Eddy Grant as the animation’s soundtrack.

The animator didn’t ask Grant for permission and when the Trump team spotted the animation on Twitter, a decision was made to post it on Trump’s Twitter account, also without asking Grant for permission. Grant responded with a cease and desist notice and when that was ignored, Grant sued Trump and his team for copyright infringement.

Judge’s Opinion Was Just His Opinion?

In an ideal world, the failure of Trump’s motion to dismiss in September 2021 should’ve been seen as an opportunity to settle the case privately.

A very small slice of humble pie and some tea, perhaps, so that everyone could move on. Or even negotiating the terms of the settlement Grant offered in August 2020 before filing the lawsuit.

Instead, U.S. District Judge John Koeltl’s opinion and order, which painted a clear picture of how successful a fair use defense was likely to be in this matter, appears to have carried little weight with the defense. That was surprising.

Judge Koeltl had described the use of Electric Avenue as “wholesale copying” to support a political ad campaign, and noted that the defense had misunderstood “the focus of the transformative use inquiry.” The defense had also admitted that the animation was not fair use-friendly parody, but its less useful cousin, satire.

Judge Koeltl went to state that the defense had offered no justification at all for their “extensive borrowing” nor had they provided any evidence that use of the work had caused no market harm. In fact, such was the total disconnect between the use of Electric Avenue and the animation, the campaign could’ve chosen any other track, or indeed no track at all, to send the same message.

Four Year Legal Grind

What the defense were hoping to find isn’t clear but after failing to convince the court in October 2021 that Trump had “ Presidential absolute immunity ” in respect of Grant’s claims, the case dragged on for another three years, four years in total.

Exactly a year ago, September 15, 2023, the plaintiffs and defendants filed motions for summary judgment at a Manhattan federal court. The defendants informed the court that they would rely on a fair use defense, despite Grant’s legal team asserting that discovery had “revealed unequivocally” that the use of Electric Avenue was not transformative.

Fair Use Defense Fails, Defense Liable for Infringement

Judge Koeltl had formed the same opinion two years earlier and in an opinion and order dated September 13, 2024, he offers a reminder of his order handed down several years earlier.

“In an Opinion and Order dated September 28, 2021, this Court denied the defendants’ motion to dismiss. The parties have now filed cross-motions for partial summary judgment,” Judge Koeltl notes.

The Trump defendants asked the Court to dismiss part of the complaint based on their assertion that Grant lacked a valid copyright registration for the sound recording of “Electric Avenue.” The details are convoluted, but the bottom line straightforward; defendants’ motion to dismiss was denied.

The plaintiffs moved for summary judgment on the issue of liability. Oral argument was heard on September 6 and in his order, Judge Koeltl reveals that the plaintiffs’ motion is granted. The defendants are liable for damages because their fair use defense comprehensively fails.

Fair Use Analysis

“In this case, the Video has a very low degree of ‘transformativeness,’ if any at all. As this Court found in denying the defendants’ motion to dismiss, the Video ‘is best described as a wholesale copying of music to accompany a political campaign ad’,” Judge Koeltl notes, citing his opinion from 2021.

“The defendants also argue that the Video ‘transformed Grant’s original conception of Electric Avenue as a protest against social conditions into a colorful attack on the character and personality traits of a rival political figure’. Again, ‘the defendants’ argument misapprehends the focus of the transformative use inquiry.'”

The inquiry does not focus exclusively on the character of the animation, the Judge notes. Rather, “it focuses on the character of the animation’s use of Grant’s song.”

The defendants claimed that their use of the work gave them “no commercial advantage” but the Judge disagreed.

In this case, the defendants benefited commercially from using Electric Avenue without paying a licensing fee. While there was no direct profit motive, that was insufficient to overcome the lack of transformative use and the first fair use factor favoring Grant.

A Fair Use Full House For Grant

Once again citing his opinion and order from 2021, the Judge notes that the defendants conceded that Electric Avenue is a creative, published work, leading to the second factor favoring Grant.

The third fair use factor considers the amount and substantiality of the portion used in relation to the copyrighted work as a whole. This inquiry was also present in the opinion from 2021; in 2024, nothing has changed and still favors Grant.

The fourth factor asks “whether, if the challenged use becomes widespread, it will adversely affect the potential market for the copyrighted work.” In this matter the Judge writes that there is no public benefit as a result of the defendants’ use of Electric Avenue; they could’ve used any song, even created their own, or used no song at all.

“The plaintiffs’ ability to license “Electric Avenue” in the market for licensed music for videos—political or otherwise—would be affected by widespread, uncompensated use. Accordingly, the last fair use factor favors the plaintiffs,” Judge Koeltl concludes.

That leaves the question of damages; Grant previously requested $300,000, but it’s likely the defense will have done their own calculations and arrived at a vastly lower sum.

Judge Koeltl’s opinion and order can be found here (pdf)

From: TF , for the latest news on copyright battles, piracy and more.

Android-based set-top devices have saturated the market in recent years, and it’s not uncommon for households to have several; downstairs, upstairs, and probably at least one in a drawer.

These devices, including the ubiquitous Amazon Firestick, are mostly content agnostic and equally capable of streaming video from legal sources such as Netflix or BBC iPlayer, or from unlicensed IPTV platforms.

The problem for rightsholders and governments hoping to curtail consumption of pirated content, is that the devices themselves are overwhelmingly legal. It’s the presence of piracy software installed on devices and the nature of the content consumed that tips the scale one way or the other. As a result, no realistic blanket banning solution exists, although Brazil has come up with a partial solution.

Devices Illegal By Default

The set-top device situation in Brazil is relatively straightforward. Unless telecoms regulator Anatel (Agência Nacional de Telecomunicações) authorizes a device type for importation, distribution, and sale, that device cannot be used legally in Brazil.

Anatel says its conformity assessment ensures that consumers only have access to products (typically electronic devices such as cell phones, tablets, set-top boxes, routers, etc) that have been tested for quality and safety.

Set-top boxes without a Technical Conformity Certificate are illegal regardless of the content consumed. That eliminates a lot of red tape when Anatel decides to seize well over a million devices to curtail piracy, because all seizures are carried out on straightforward health and safety grounds.

For devices that enter the local market without certification, Anatel regularly reports various actions to remove them. In 2023, Anatel revealed its new anti-piracy lab, where intelligence meets site-blocking measures to disrupt supply and consumption of pirated content.

The Anatel Anti-Piracy Lab (Image credit: Anatel )

Most famously, the regulator said it had blocked 80% of all pirate set-top boxes in Brazil during October 2023. To this background of ongoing success, Anatel is now promoting a competition where hackers can test their skills to determine who has the best non-certified pirate set-top box blocking skills in Brazil.

Anatel Teams Up With Hackathon Brasil

If any cynics out there think that the real point of the hackathon is to shore up IPTV blocking measures in Brazil with fresh ideas and techniques, Anatel isn’t even trying to hide it.

“The National Telecommunications Agency (Anatel) and the Hackathon Brasil Community will hold the first TV Box Hackathon focused on developing innovative solutions for blocking irregular [non-certified] TV Boxes,” an announcement on the government’s website reads.

“The developer marathon will take place on September 28 and 29 and represents an important project for the industry, regulated sector and academia, highlighting Anatel’s role in the state of the art of technological innovation.”

A dedicated information page on Hackathon Brazil begins by outlining the prevalence of IoT devices and growing concerns over security.

Noting that devices without certification “pose risks to consumers and to Brazil’s telecommunications infrastructure,” more specific concerns include operating system vulnerabilities, malware, spyware (hidden screenshot capture and screenshare actions), plus the ability to execute code on other devices within a LAN.

The Mission, Should You Choose to Accept It

Whether those who choose to sign up will receive more detailed instruction is unclear, but the main goal isn’t difficult to understand.

So the challenge is this: by understanding how these non-approved devices work, you must develop an approach that is capable of interrupting the exchange of data that occurs between the devices and their users.

Given the difficulties Anatel faces in tackling millions of these devices, mostly located inside people’s homes, the winners of the hackathon are unlikely to find success by physically attacking a device with wire, solder, or a modified ROM. Any solution must scale but before that, there’s the question of how to gain mass access to devices.

The masters of access at scale are those who manage to build botnets using malware that users often willingly (although unknowingly) install themselves because they believe the software does something else. Coincidentally or not, for many years Brazil has been heavily targeted by botnets running on cheap, compromised Android set-top boxes.

According to a report from cybersecurity firm ESET, malware that disproportionately targets Brazil regularly arrives disguised as legitimate or illegitimate streaming apps.

Further research shows that the dangers cited by Anatel relate directly to this type of malware , including the ability to infect other devices in a network, typically cheap IoT devices with poor security. Cybersecurity companies charge millions of dollars to solve problems smaller than this.

Winners’ Rewards

Anyone interested in registering has until September 20th to fill in their details on the official Hackathon Brasil site and for those who come out on top at the end of the event, prizes are as follows:

When converted to United States dollars, the winners receive ~US$1200, second place ~US$530, and third place ~US$350, and after reading the small print and the event regulations ( pdf ) , a few things deserve to be highlighted.

This is a team event and the minimum team size is four. So if a four-person team wins by solving what appears to be a critical problem faced by Brazil on the security side, and national and international rightsholders on the other, all members stand to pocket $300 each. Come third with a six-person team and each member will receive just under $60.00, or $30 for each day’s work.

Intellectual Property Protection

Of course, everything doesn’t always have to be about money, why can’t we all just have fun for a couple of days and just enjoy ourselves? The answer lies in a concept known as ‘intellectual property’ and the value of that property to those who create it. While the odds are stacked against, the aim here is for the winners to create an extremely valuable piece of intellectual property.

The rules for the event state that all who register for Hackathon TV Box authorize the ‘ORGANIZING COMMITTEE’ (COMISSÃO ORGANIZADORA) to “ use, edit, publish, reproduce and disclose, through newspapers, magazines, television, cinema, radio and internet, VHS and CD-ROM, or in any other means of communication, free of charge and without prior or additional authorization, their names, voices, images, projects or companies, both nationally and internationally, for a period of 10 (ten) years. ”

The committee is defined as “members and directors of the Hackathon Brasil Community and ANATEL” with a note that “the safeguarding of intellectual property rights, the ideas, arrangements and methods will be the responsibility of the project’s own design team.”

Legal statements exist for a reason and the above seems to grant permission to “use” “free of charge” “the project” “nationally and internationally” “for a period of 10 (ten) years.”

It’s probably just a reference to image/publicity rights; definitely so if the project fails to deliver. In the event a miracle plays out, who knows?

From: TF , for the latest news on copyright battles, piracy and more.

Next Thursday, September 19, 2024, will mark the one-year anniversary of the raids on French datacenters that brought down file-hosting platform Uptobox.

Founded in 2011, Uptobox was a very popular site with over 34 million visits per month, a third of which were generated by French users. After being blocked by ISPs in mid-2023, enforcement action became more likely than not.

Around 20 police officers participated in the raids on cloud service providers Scaleway, OpCore, and OVH. Members of the Alliance for Creativity and Entertainment, including Columbia, Paramount, StudioCanal, Warner Bros, Disney, Apple, and Amazon, later confirmed that their complaint triggered the raids and the subsequent seizure of Uptobox servers.

Fighting Back

Unlike some other platforms accused of piracy, Uptobox has thus far bucked the trend of disappearing in response to a lawsuit, with Dubai-based owner Genius Servers Tech FZE (Genius) fully engaged in the legal process.

In April 2024, Uptobox attempted to have the entire case thrown out, arguing it wasn’t the piracy haven the plaintiffs were describing.

In a setback for Uptobox, the attempt ultimately failed, but owner Genius still hoped to have various seizure orders, that had granted the removal of its servers back in 2023, lifted by the court.

The company argued on various grounds, including that the seizures weren’t warranted due to the activities of Genius, and were a “manifestly disproportionate measure” that caused damage to Genius and users of the Uptobox service.

The plaintiffs presented a laundry list of objections, all of which are detailed in the order of the Paris court linked below. Ultimately, however, the appeal would run out of steam for reasons unrelated to the merits of the case.

Time Waits For No One

The decision handed down by the Paris judicial court on Thursday was first reported by Marc Rees at l’Informé; as he explains , Genius Servers’ efforts failed after the court ruled its requests inadmissible.

In a nutshell, demands by Genius to lift the seizure order and restore the servers were declared “time-barred” because they were simply filed too late.

The seizures were authorized in eight separate orders which targeted the headquarters and premises of Scaleway, Op Core and OVH. The only timely request by Genius concerned the seizures carried out at Scaleway. Subsequent requests in February 2024 encompassed Op Core and OVH, but the deadline had long since passed, having expired in October 2023.

The failed process is an expensive one for Genius. The court instructed the Dubai-based company to pay 8,000 euros in legal costs to each of the rightsholder claimants, to a total of 70,000 euros. The main case, whatever that may hold moving forward, will now continue.

The order of the Paris judicial court is available here (pdf)

From: TF , for the latest news on copyright battles, piracy and more.