When it comes to the protection of its intellectual property rights, the International Olympic Committee (IOC) is notoriously uncompromising. Hardly a surprise given the role the brand and other rights play in this global sporting event.

Non-Profits Always Worry About Piracy

With piracy always a concern to those at the top of the multi-billion dollar non-profit Olympic pyramid, those fears naturally filter down to other non-profit entities involved every four years.

Joining the International Olympic Committee (IOC) and International Paralympic Committee (IPC) is the Paris Organizing Committee for the 2024 Olympic and Paralympic Games (COJOP2024). In keeping with tradition, these bodies have been closely monitoring the piracy situation, with French news outlet L’Informe suggesting that a list of problematic pirate sites and services was already being prepared in April.

Action in Paris

In mid-July, the IOC, IPC and COJOP2024, commenced legal action against the leading French ISPs. This is a required step in the site-blocking process but offers no threat to the ISPs themselves. In common with a growing number of ISPs internationally, French ISPs don’t oppose site-blocking actions, not least since in many cases they stand to benefit due to broadcasting deals.

At the Paris Judicial Court last Wednesday, the trio obtained an ISP blocking order. In their application the rightsholders informed the Court that around 30 domains that had previously shown infringing behavior were accessible in France.

On that basis they argued that the Court should order the ISPs to implement blocking measures, to prevent their customers from watching unlicensed streams of Olympic events.

One of the problem streaming sites

With those likely to request blocking now very familiar with the process, the Paris court had no problem issuing a dynamic injunction. These are flexible orders that authorize blocking measures against services detailed initially, but can be modified as required in response to countermeasures, most commonly the deployment of new domains.

The Olympic organizations will simply have to inform telecoms regulator Arcom of any new domains, and those will be added to the blocklist, probably quite quickly.

The domains are listed at the end of this report but it appears that several are already redirecting or have moved to new homes.

As shown below, at least one of the targets has no DNS records and according to traffic data, may have been abandoned in June.

The measures as awarded will time out on September 8, to coincide with the end of the 2024 event.

The list of domains, as reported by L’Informe, reads as follows:

Crichd.tv
Crichdplayer.com
Kkzb8.net
Hplayer.ggapk.net
Worldcupfree.com
Redditsoccerstream.online
Bobres.net
Ip.sltv.be
App.kiwi-ip.tv
Dfwu.link
Ip1.mypsx.net
Supremtv.fr
Iceflashott.com
66768-task.cdn-o2.me
Ott.drmouad.uk
Fr.4k-ott.xyz
Necroiptv.vom
Neczmabfa.to
Lightnings.live
Necstraz.to
Neczbm.to
Wishiptv.com
Xcvip.wishiptv.com
Tv.expressiptv.xyz
Greenlinetv.xyz

From: TF , for the latest news on copyright battles, piracy and more.

The American copyright industry is one of the country’s primary exports, generating billions of dollars in annual revenue.

Whether it’s movies, music, software or other goods, U.S. companies are among the global market leaders.

To protect the interests of these businesses around the world, copyright holder groups can count on help from the U.S. Government. The annual list of ‘ notorious markets ,’ for example, is a well-known diplomatic mechanism to encourage other countries to up their enforcement actions and improve laws.

The same is true for trade deals and other policies, which often require trade partners to take action in favor of copyright holder interests.

The International Intellectual Property Alliance ( IIPA ), which represents the ESA, MPA, and RIAA, among others, has been the voice of major entertainment industries on this front. The Alliance regularly encourages the U.S. to further the international interests of its members, including in Africa.

The African Growth and Opportunity Act

A few weeks ago, the IIPA published its views on the latest eligibility review of the African Growth and Opportunity Act ( AGOA ). This process, led by the U.S. Trade Representative ( USTR ), determines which sub-Saharan African countries can enjoy certain trade benefits or, on the other end of the spectrum, be sanctioned.

This isn’t the first review of its kind; we have reported on similar efforts in the past and the most recent review features much of the same critique.

IIPA is concerned that South Africa isn’t doing enough to deter copyright infringement. There are also grave concerns that proposed “fair use” exceptions, which are partly modeled after U.S. law but go further on some issues, could lead to problems in the African country.

The critique from rightsholders hasn’t gone unnoticed by South Africa. President Ramaphosa previously sent the Copyright Amendment Bill (CAB) back to Parliament for a thorough review. That was four years ago and the South African Government is now making it clear that it doesn’t intend to let external forces dictate its law.

South Africa Defends Broad Fair Use Exceptions

This week, the Government sent a response to the USTR addressing IIPA’s critique. It points out that the copyright law hasn’t been implemented yet, so it wouldn’t make sense for the U.S. to use it as a basis for sanctions.

Technicalities aside, South Africa openly rejects IIPA’s critique. The copyright group’s arguments are not new; they were discussed during open review processes and considered by parliament, which simply disagrees with the notion that broad fair use exceptions are a problem.

Specifically, IIPA complained that the new law would create an “overbroad amalgamation of copyright exceptions that includes an expansive ‘fair use’ rubric” that’s “appended to a large number of extremely open-ended new exceptions and limitations to copyright protection, resulting in an unclear thicket of exceptions and limitations.”

In short, this means that the existing ‘fair dealing’ language will be extended with many ‘fair use’ exceptions, allowing the public to use copyrighted material without being punished for it. This can be for educational purposes, for example, but also for personal use as long as it passes the four fair use factors , which also are used in the US.

Regardless of the details, the South African Government says that it doesn’t plan to go back to the drawing board again.

“The issues IIPA has raised are not new and have been addressed previously and the public participation processes in Parliament recently have considered them again,” South Africa writes.

Unlike the IIPA, the Government of South Africa believes that its fair use proposal will benefit society as a whole. Better yet, it may even have a positive effect on the economy.

“Fair dealing in our current Copyright Act is outdated, limited and static, and does not address the digital world. Fair use, on the other hand, is progressive, dynamic and future proof and ‘digital-friendly’.

“Globally, research has found that fair use has not impacted negatively on the economy. On the contrary, there is evidence that shows that countries with open exceptions and fair use have high levels of innovation, economic growth and development,” South Africa adds.

US-Inspired and Innovation-Friendly

In its letter, the South African Government notes that more regimes are moving away from a closed list of fair dealing exceptions, to a more open system that can deal with future technologies and innovation.

The United States has set the example in this regard, with its fair use language that has been pretty much unchanged for nearly half a century.

“It is a fact that fair use was coded in the U.S. Copyright Act of 1976 and has not had to be amended, as it applies to new technologies as they arise,” South Africa writes.

“Other countries have also adopted fair use in their copyright laws and more countries are considering it, because it is ‘future-proof’ and benefits users and producers of information and knowledge. Its four factors give clarity to what can be used and reused.”

The letter makes it clear that the concerns of IIPA and other rightsholder groups have been noted, but no more than that. South Africa clearly wants to move forward and this direct pushback against the lingering demands of the copyright lobby shows that the time for negotiations and backroom meetings has passed.

The Copyright Amendment Bill was formally adopted by South Africa’s Parliament in February, and was sent to President Ramaphosa for approval.

—

A copy of IIPA’s original critique, submitted in early June, can be found here (pdf) . This includes many other points and issues that we didn’t discuss. South Africa’s repsonse is available here (pdf) .

From: TF , for the latest news on copyright battles, piracy and more.

App stores are littered with apps that promise free access to music, but only few live up to expectations. Musi is one of them.

The music app made headlines in 2016 when its founders, who were teenagers at the time, presented their brainchild in an episode of the Canadian edition of Dragons’ Den.

In essence, the software itself is relatively simple. Musi can stream music, which it sources from YouTube, and allows users to create and share playlists. It essentially uses YouTube as a music library, without showing the video.

This functionality directly rivals other streaming apps such as Spotify. However, since content is sourced from YouTube, costs associated with payments to labels are absent from the Musi equation, and that means it’s much cheaper to run.

This business model is a win-win for Musi’s operators and the platform’s users. Music industry insiders, on the other hand, are less pleased. They describe the app as “parasitic”, a reference to the app’s reliance on YouTube content, which it allegedly obtains by circumventing the platform’s technical protection measures.

For Dragon’s Den judge Joe Mimran, potential challenges to the business proved too much. While he was initially interested in investing $125,000 in exchange for a 15 percent stake in the company, the entrepreneur eventually walked away from the deal due to legal concerns.

“I was advised that when companies such as Musi get to a critical size, they could be sued for past use by the publishers,” Mimran informed the Financial Post in 2016.

Musi’s Millions

Musi didn’t throw in the towel after this setback. The app, which was already operational, continued to grow its user base in Apple’s iOS store. In the years that followed, it was downloaded dozens of millions of times.

Currently, Musi is ranked 5th in the App Store’s music category with over 3.5 million mostly positive ratings. That’s truly remarkable for a bootstrapped company that relied on YouTube, without any direct licensing deals in place with the major labels.

Earlier this year, a Wired piece highlighted Musi’s success, while also shedding some light on the legal concerns. The piece doesn’t offer any conclusions, but it suggests that the app is making many millions of dollars by operating in a ‘gray area’.

At the headquarters of global music industry body IFPI, legal matters are black or white, however. The group has had the Musi app in its crosshairs for a while. Information reviewed by TorrentFreak shows that legal pressure is building.

IFPI Reports Musi to Apple

TorrentFreak learned that IFPI reported the Musi app to the App Store last summer. Apple had already removed Musi years ago but later reinstated it. With this new request, the music group hoped for a better outcome.

Four days after IFPI submitted its complaint, U.S. legal counsel for Musi Inc. reached out to IFPI, refuting its claims. Musi’s lawyer argued that the app was merely providing access to publicly available music, stressing that it doesn’t store any content on its servers.

It’s not clear whether Apple took any position in this dispute. We do know that the company, which typically has rigorous copyright standards, didn’t remove Musi from the app store.

Apple’s inaction shows that the legalities surrounding the software are certainly not straightforward. IFPI continued to press on, however, and they eventually booked a small success, which was noticeable for Musi users too.

Secret Sauce

After the initial back and forth in July last year proved unsuccessful, IFPI reached out to Musi’s law firm again in September. Among other things, the music group specifically called out Musi’s “secret sauce” feature which, purportedly, provided access to pre-release music.

The exact contents of the letter are unknown but, in October 2023, Musi permanently removed the “secret sauce” feature.

Meanwhile, IFPI continued to hammer on the precarious legal situation it believes Musi to be in. The group has two main arguments, starting with the claim that the app circumvents YouTube’s technical protection measures.

In addition, it argues that Musi infringes its members’ rights by communicating their works through ‘new means’ to a ‘new audience’.

Musi Inc, however, continues to refute these claims though its legal team and maintains that it operates within the boundaries of copyright law.

Escalation to Apply Maximum Pressure

The communication between IFPI, Musi, and Apple continued into 2024 and the status quo remains. Apple has decided to leave the matter open for now and Musi continues to add over a million new downloads per month, frustrating IFPI.

Around February, the music group proposed to escalate the matter, encouraging its members to help out by putting pressure on Apple, while also involving YouTube in the matter. The plans are as follows, paraphrased:

– Music companies might want to complain to Apple about Musi, using their existing contacts at the company.

– In addition, they should motivate YouTube to take an active stance against the app’s developers, and complain to Apple as well.

– IFPI, for its part, should inquire among legal contacts to see whether there’s a basis for a lawsuit against Musi.

These plans would use existing business relationships to tackle the Musi problem. Whether any of these suggestions were followed up, and if so, to what extent, is unknown. The proposal is a few months old by now and from the outside there doesn’t appear to be much movement. That could easily change, of course.

After more than a year, users of the Musi app haven’t noticed anything new since much of the pressure is applied behind closed doors. In itself that’s an interesting observation, as it makes one wonder what else is going on.

It’s clear, however, that IFPI can garner the full power of its high-profile record label members. These are also the names that are likely to be listed on a lawsuit, if it ever comes to that.

From: TF , for the latest news on copyright battles, piracy and more.

To a greater or lesser extent and depending on region, rightsholders across all major industries are now regular participants in site-blocking actions.

Most blocking takes place to prevent access to movies and TV shows on static platforms such as torrent sites and streaming indexes, plus streaming platforms typically operated by IPTV providers offering live sports. These video-based sectors now account for the majority of blocking but the major recording labels, publishers, and video game companies are all still involved.

New Action By The Music Industry

In France, where rightsholders are taking small, incremental steps to make blocking easier and potentially more effective, the major recording labels have recently obtained permission from a Paris court to add even more domains to their ever-expanding blocklists.

First reported by French news outlet L’Informe , the blocking application was made under the umbrella of collection organization SCPP (Civil Society of Phonogram Producers), which represents major labels including Sony, Universal and Warner, plus hundreds of others .

The 40 targets are domains operated by familiar pirate sites or those that facilitate access to them. They include torrent9, cpasbien, yggtorrent, tirexo, zone-annuaire, and wawacity.

Also on the list, three proxy domains that until recently helped users to access the previously-blocked BitTorrent DHT index, Magnet DL. Since that site disappeared offline a few weeks ago, blocking these three proxies ( magnetdl.unblocked.id, magnetdl.uproxy.to, magnetdl.proxyninja.net ) will achieve nothing, but it’s possible that French ISPs will implement blocking regardless.

SCPP Evidence Supports Site-Blocking

Citing the decision of the Paris court, L’Informe reports that “SCPP established in a sufficiently convincing manner that the disputed sites, which are aimed at a French-speaking public, allow Internet users, via the aforementioned access paths, to download or continuously access protected works via hyperlinks without obtaining authorization from rights holders.”

Since in this context hyperlinking amounts to copyright infringement, the court agreed that ISP blocking is warranted. In the event that the sites switch to new or alternative domains to evade blocking, SCPP will be able to return to court to have those blocked too.

SCPP did just that in April and then again in May, to counter two recent rounds of circumvention by torrent9, cpasbien, and yggtorrent. This latest order comes in response to what appears to be a third, but certainly won’t be the last.

Deindexing Domains From Search Results

Search engine deindexing usually accompanies ISP blocking measures since the latter is believed to make the former more effective. For example, in a scenario where an ISP implements blocking measures against PersistentPirateSite.com, former users of that now-blocked domain may turn to Google hoping to discover the site’s new and unblocked domains. If all goes to plan, access to the site is restored.

In a combined blocking/deindexing scenario, domains blocked by ISPs are also removed from search results. It doesn’t necessarily follow that users searching for new domains will leave empty-handed, but deindexing does make the task harder for the less experienced. Using the latest order as an example, ISPs are required to block torrent9.sb, torrent9.rs, torrent9.ink, and nine others connected to a site of the same name.

With all of these domains now absent from search results, less experienced users who search for ‘torrent9’ will find dozens and dozens of almost identical domains, but no idea which – if any – lead to the real site. They may not even be aware that some may exist purely to spread malware and empty their wallets. The image below is just a small sample of the choices available.

I’m Spartacus! No… I’m Spartacus!

At this point it would be quite reasonable to conclude that the root of this problem isn’t deindexing at all, it’s a problem faced by those who prefer to get content for free rather than paying for it. On that basis, there will be no sympathy when instead of downloading an album, users silently install malware instead. Unfortunately, that becomes everyone’s problem.

Mitigating Piracy Should Not Increase Online Risks

The phrase “what’s illegal offline should be illegal online” is used to highlight disparity between laws in the physical world and those on the internet. Yet accepted standards in the ‘real world’ often tend to be higher than those applied online.

In this case, more savvy internet pirates will circumvent these recent blocks within seconds, negating any need to visit search engines, thereby avoiding the dangers associated with bogus sites. With every blocking measure, pirates are becoming even more savvy.

For those who are less savvy, the reverse is true. Forced to visit search engines, soon they will only see bogus platforms or at the very least, those sites will feature prominently in search results, appear more legitimate, and attract even more clicks. Increased traffic will likely lead to more revenue, increased visibility, and even more unwitting visitors than before.

When mitigating offenses in the ‘real’ world, solutions that expose people to even more risk are avoided. When dealing with the same online, the importance of not allowing site operators to generate revenue “that funds wider crime” is immediately forgotten, even when the measures themselves contribute to that.

Additional verification is needed but if a report concerning a Z-Library scam turns out to be accurate, the consequences of giving scam websites the oxygen to operate freely couldn’t be any more clear. When that happens without any progress being made in the reduction of piracy rates, there has to be a better way.

From: TF , for the latest news on copyright battles, piracy and more.

In terms of general internet security, there are few things worse than reports of yet another potentially massive leak of personal information.

Whether due to incompetence or deception, the bottom line is often the same; exploitation of data at the expense of those to whom it relates, and a further undermining of online safety to the detriment of all.

A report published by Cybernews.com claims that a Z-Library related scam lured 10 million people to a look-a-like site, where their personal information was held for nefarious purposes.

Key Claims

TorrentFreak has not seen the allegedly exposed database, so it necessarily follows that we’re in no position to confirm or reject any claim of authenticity. However, the general circumstances are familiar to us so with that as background, we’re able to provide some additional context.

Cybernews says its researchers discovered the database exposed on Z-Library lookalike site, z-lib.is, on June 27, 2024. It describes z-lib.is as a “malicious clone of Z-Library” and claims that the exposed database contains “almost 10 million users’ data.” The specifics are reproduced below verbatim.

Threat actors accidentally leaked usernames, email addresses, passwords, and Bitcoin and Monero wallet addresses of 9,761,948 users.

For many users, other data contains country codes, book requests, timestamps, comments, invoices, etc.

Researchers verified the validity of the data and confirmed that registered users were spammed with malicious links.

Researchers conclude with a high level of certainty that the data is authentic and filled out by users themselves

Z-Lib.is Previously Described as Malicious

Based on information publicly available for more than a year, Z-Lib.is is almost certainly malicious. In March 2023, the domain was reported alongside several others as fraudulent and a security risk by the official Z-Library team. They were very specific about the nature of the threat.

“These websites may steal your personal information and compromise your security,” Z-Library wrote.

The new report indicates that the data of almost 10 million users appears in the database. That is a very large number but on a base level, not impossible when considering traffic to the clone domains. Data shows that in February 2023 alone, Z-Lib.is had around 7.8 million visits. In the same month, the connected Zlibrary.to had around 9.1 million visits.

‘Data of 9.76 Million Users Leaked’

The claim that 9,761,948 people had their “usernames, email addresses, passwords, and Bitcoin and Monero wallet addresses” leaked in the database is less easily explained.

While it would be unremarkable for all users to have a username, an email address, and a password, it seems unlikely that details of Bitcoin and Monero wallets were handed over at anything like a similar rate. It’s of course feasible that the report didn’t intend to give that impression.

Yet if we assume that not every user handed over their crypto details (or even had any to hand over at all), that meets a challenge later in the report. It describes the leak as “extremely disturbing as it deanonymizes millions of crypto wallets and links related transactions to individuals who tried to access pirated content.”

Copyright Consequences, Punishment for Piracy?

After linking crypto with attempts to access pirated content, two further references to copyright infringement feature later in the report.

“The database backup was generated on June 20th, 2024. It contains user data and other information used in the operation, such as received Digital Millennium Copyright Act (DMCA) takedown requests and payments to access the website’s resources,” the report notes.

“Z-Lib users should expect that the exposed data will likely be used by authorities, cybersecurity researchers, cybercriminals, and potentially anyone who can benefit from it. The data is not widespread yet, but it is vital to take action to protect other accounts.

“Law enforcement and copyright holders may use the leaked data to take legal action against the website’s users,” the researchers add.

As stated at the beginning, we have no access to the database and no knowledge of what else it may contain. On that basis, predicting whether it might be useful for civil litigation or even criminal prosecution, would be premature. The report makes no mention of any implications for the operators of the website itself, but notes that there may be attempts to blackmail users.

The Cybernews report also warns that people could face targeted phishing campaigns for the purpose of stealing their cryptocurrency, and follows up with various tips for those who may be affected.

Whether any, all, or none of these dangers will surface any time soon is unknown. That being said, it does seem fairly ironic that Z-Library is seen as a platform for study and research, but the success of the scam relies on potential targets being oblivious to the threat, having done little or no research over the past year.

Of course, there’s as much misinformation as there is information right now, so research may prove difficult. The basics, on the other hand, are very predictable. No pirate site ever needs a user’s personal details and handing them over will never lead to anything good.

From: TF , for the latest news on copyright battles, piracy and more.

Free music is easy to find nowadays. Just head over to YouTube and there are millions of tracks, including many of the most recent releases.

The music industry earns billions of dollars through associated advertising but doesn’t like the fact that some people download the tracks for offline use.

A blunt solution would be to remove all music from YouTube. That would be easy enough, but only if losing massive revenue wasn’t a problem either. Instead, record labels and industry groups are countering the piracy threat with DMCA notices, lawsuits, and website blocking requests.

Italy’s Stream-Ripping Problem

Last year, EU research revealed that the popularity of stream-ripping services is in decline , perhaps in part due to these enforcement efforts. In Italy, however, the opposite is happening.

According to FPM, Italy’s Federation Against Music and Multimedia Piracy, stream-ripping is now the top source of music piracy, and it’s growing.

“[Stream-ripping] is the most widespread form of infringement of musical copyright and it accounts for 30% of total musical piracy in Italy,” FPM reports.

“This is a suddenly growing phenomenon: with an average of 10 million accesses from Italy per month, the illegal practice grew by 10% in the first quarter of 2024 alone.”

New Blocking Push

The good news for local music companies is that there are countermeasures available. While the music industry isn’t part of the state-of-the-art “Piracy Shield” solution, rightsholders can still request old-fashioned site-blocking measures.

FPM reported significant progress this week after local telco regulator AGCOM approved its request to block 11 domain names linked to six prominent stream-ripping services.

FPM’s request was made on behalf of the major record labels and was granted as part of AGCOM’s regular procedures, which add dozens of new blockades every month. These blockades should be noticeable, the group suggests, as they were recently responsible for a large percentage of Italy’s monthly stream-ripper visits.

Targeted domains

The circulated press release doesn’t mention the sites by name, but FPM and Enzo Mazza, CEO of Italian music industry group FIMI, was kind enough to share them directly.

One order targets various domains that use the popular YTMP3 brand. These include the domains ytmp3.nu, lumieremusic.net, ytmp3.im, and projectspark.ca. For good measure, www.lumieremusic.net, www.ytmp3.im, www.projectspark.ca are listed as ‘additional’ domains.

The five other orders target downmp3.yt, y2meta.app, x2mate.com, ytmp3.nu, and yt5s.io. These sites operate under various stream-ripper brands that are repeatedly used by copycats.

According to FPM, the sites recently had as many as three million visits per week, which is well above the average number of Italian stream-ripper visits over the past year. This is one of the main reasons the blocks were requested urgently.

FPM is pleased with the new blocking orders and thanks AGCOM for its cooperation, stating that the results have a clear impact on illegal access to music in Italy.

While the effectiveness of the blocking measures has yet to show up in the data, a brief look at AGCOM’s website shows that the domains targeted in this round are just the tip of the iceberg.

Other recent music-related targets include m3.urbanomp3s.com , beemp3.In , arcadefire.net , keepvid.online , z3.mp3juice.tools/it , id.mp3juices.vin , mp3juice.za.com , thenerdmentality.com , yt2mp3.mobi , yt8s.com , mp3juice.za.com , emp3juice.cc , mp3cielo.org , and many, many others.

From: TF , for the latest news on copyright battles, piracy and more.

Founded in 2010, Hikari-no-Akari (HnA) positioned itself as the go-to site for fans of Japanese music.

With anime booming across the globe, HnA’s audience didn’t stop at the border. And with over a million visits per month, rightsholders started to take notice.

HnA Targeted in Subpoena

Hoping to stop the infringing activities, the Recording Industry Association of Japan ( RIAJ ) and IFPI repeatedly reached out to HnA’s operator, without result. Similar inquiries, sent to the cyberlocker where the pirated music was stored, didn’t help either.

Faced with the status quo, the music industry groups, though Sony Music Japan, went to a U.S. federal court . There, they obtained a DMCA subpoena, requiring Cloudflare to share all information they have on the customer associated with hikarinoakari.com.

Additionally, the subpoena targeted the associated cyberlocker; hnadownloads.co. The latter domain received the bulk of its traffic from HnA and, according to music industry insiders, is operated by the same people.

Through the subpoena, the music company hoped to obtain additional information on the people behind these sites, including their names, IP addresses, and payment details. Any information obtained could then be used for follow-up copyright enforcement actions.

HnA Shuts Down

Cloudflare typically requires some time to respond to subpoenas, and it hasn’t done so yet. However, the HnA operators decided not to wait for any follow-up action, and reportedly shut down the site of their own accord.

Indeed, at the time of writing, hikarinoakari.com is not resolving, and the hnadownloads.co domain is listed as suspended.

According to a press release from RIAJ, there is no agreement or settlement. In fact, the music group still doesn’t know who’s behind the site. If they find out more, they will take appropriate steps.

“[T]he operator voluntarily closed the website immediately after the disclosure order. Based on the information to be disclosed by ‘Cloudflare’ in the future, our association plans to continue to hold the operator accountable and take legal action against similar illegal sites,” RIAJ writes.

Sharing Culture?

RIAJ estimates that HnA had more than 15 million visitors in 2024, of which roughly 75% were from outside of Japan. According to data from SimilarWeb, the U.S. was the runner-up in terms of traffic, followed by Chile.

While HnA and its users might have been under the impression that they were sharing culture, the music group sees things differently. The unauthorized sharing practices resulted in lower revenues for rightsholders, which is counterproductive, RIAJ explains.

“Going forward, our association will continue to work on ongoing anti-illegal measures to eradicate pirate sites in order to contribute to the development of music culture,” the group adds.

No concrete follow-up action is mentioned but, as an extra warning to the public at large, RIAJ notes that knowingly downloading pirated music is a criminal offense in Japan, even if it’s for personal use.

From: TF , for the latest news on copyright battles, piracy and more.

The positions of Apple and Google are very clear when it comes to piracy app availability in their respective stores. Whether created for iOS or Android, they are not allowed. Period.

With the theory neatly wrapped up, reality tends to take over and at that point, the bright lines become a little blurred. Right now there are apps on the App Store and Google Play which offer TV schedule/EPG-type functionality out of the box, exactly as advertised. However, a tap here and an adjustment there reveals new functionality mentioned nowhere in official product descriptions.

Stealth Piracy

A report late last week revealed that an iOS app called “Collect Cards: Store Box” which claimed to manage photos and videos, had hidden its true potential away for more than a year.

This wolf in sheep’s clothing was reportedly a full-blown pirate streaming app offering content from Netflix, Disney+, Amazon Prime, HBO Max, even Apple TV+ according to the report. Such was the app’s success, it made it the top #2 slot on the App Store in Brazil; through the use of geo-blocking, users of the app in the United States weren’t shown the illegal features, which limited the chances of being quickly shut down.

Tactics like these aren’t new. Piracy functionality has been hidden inside puzzle games and Shazam-like audio recognition apps, on both the App Store and Google Play. The music industry has complained that apps that don’t make any real effort to hide have also been able to evade vetting .

Apps and App Stores Discussion Paper

These issues and more are addressed in a new discussion paper released this month. Titled Apps and App Stores , the paper is based on the work of the EU’s Intellectual Property Office Observatory’s Expert Group on Cooperation with Intermediaries. The paper doesn’t represent the official position of the EUIPO but does provide an interesting overview of piracy-related problems in connection with mobile apps.

Mainstream app stores have systems in place to screen apps and their updates. In part this is to prevent infringing apps from being offered to the public, but developers can employ various evasion techniques to undermine that.

Evasion Techniques

As well as disguising piracy apps as something more benign, malicious code and/or infringing functionality can be hidden from the review process using encryption or delays. Additional code can be installed after the initial review, or following a subsequent update.

The paper also touches on apps behaving differently depending on the region and by changing when an app is made available. The report says that developers have been observed “hiding the app from their account and subsequently on the app store during certain days of the week to avoid detection from right holders.”

Rather than using encryption or other techniques that provide an element of stealth, other apps are said to operate right out in the open by simply claiming to be a legitimate service.

“[S]ome apps, purportedly disguised in a false appearance of legality, dissociate themselves from the illegal sharing of protected content they support, which is the core of their activities. These apps have terms and conditions highlighting their neutral nature with regard to the content used through their services, which do not reflect on the reality of the service provided,” the paper explains.

“This may lead app stores to require additional information and proof of the illegal nature of the app from right holders before making a decision on whether to block or remove the app in question.”

Third-Party App Stores

From the perspective of the average user, iPhone and iPad devices running iOS are restricted to content available from their respective app stores. For Android users, however, the app landscape is much more open. It’s likely that most users will be satisfied with Google Play, but on Android it’s trivial to allow apps not obtained from the official store to be installed on a device.

As the ‘stealth’ app issue demonstrates only too well, app store review processes are not bulletproof. However, users who ‘sideload’ apps using alternative app stores, or even randomly from anywhere else on the internet, expose themselves to apps (APK) that in many cases undergo no review whatsoever. While that doesn’t automatically make these apps unsafe, there’s nothing in place to ensure the opposite either.

The discussion paper notes that software is available from official app stores that may be able to identify potentially malicious apps and alert users to prevent installation. The paper also cites an article published by TF in 2023 in which we offered some basic tips on how to use beginner-friendly tools to reduce exposure to malicious Android software.

Don’t Install Any Mobile App Before Testing It

When users are 100% confident that the source of the app they wish to sideload is safe, there is almost nothing anyone can do to convince them otherwise. Other users may be more on the fence; while they may generally trust the source, a little persuasion wouldn’t hurt.

If reassurance arrives in the form of a VirusTotal report which declares that dozens of security companies tested the app and found nothing wrong, that’s merely a good start. The reality is that these companies are looking for certain types of behavior that piracy-focused apps tend not to display.

Since the topic offers the opportunity, today we’d like to mention a single piece of software that’s extremely easy to use, doesn’t cost a penny, and provides enough information to allow even a beginner to make an informed choice.

MobSF: Free and Easy to Use

Mobile Security Framework (or simply ‘MobSF’) is an all-in-one application that scans Android and iOS apps and provides a detailed security/malware analysis. If one has an APK file to hand, it’s simply a case of dragging the file into MobSF and waiting for the analysis to finish. That’s the first step and also the last, other than reading the generated report.

Installation instructions are available in MobSF’s GitHub repo for both Linux and Windows users , and for those without either, MobSF provides a live demo accessible via a web browser.

After scanning the app, a generated report begins with three or four pages of straightforward information, a few pieces of which we’ve quickly edited together in the image below. Item 3 actually appears first in the report and amounts to an overall score out of 100. A total of 37 means that the streaming app we tested has pretty big issues.

Item 2 provides basic information about the app including its name, filesize and hashes, while item 1 shows where the app had its most significant failings.

The reasons why the app failed are in the report and since even the most technical details receive a clear explanation, overall the report is pretty accessible, even if the exact terms aren’t immediately understood. More often that not, however, learning that an app can obtain the user’s GPS location, telephone number, contacts information, and for some reason has the ability to turn on the phone’s camera and microphone, is clear enough.

Even if very little is understood on the technical side, the report also supplies information about piracy apps unrelated to security, that most people never see but will definitely be intrigued to read.

For those already familiar with this type of report, MobSF also supports dynamic analysis with the assistance of an Android VM.

The discussion paper can be found here on the EUIPO website.

From: TF , for the latest news on copyright battles, piracy and more.

Offering pirate streaming services is a serious offense in the UK, where several people have received multi-year prison sentences in recent history.

These sentences haven’t deterred others from following in their footsteps. Illegal access to paid sports and TV content remains readily available, with vendors and operators profiting from these unauthorized subscriptions.

There has been no shortage of news reports covering IPTV piracy enforcement actions in the UK. These interventions range from remote warnings to house visits, and arrests are no rarity either.

Today, anti-piracy group FACT announced that it has successfully completed yet another sweep. In collaboration with rightsholders, including Sky, the group helped police to identity various ‘sellers’ of so-called pirate streaming devices.

The targets reportedly offered ‘fully loaded’ smart TV devices or Firesticks, which can be used in combination with pirate IPTV subscriptions.

FACT and the 40 IPTV Operators

FACT mentions that 40 illegal ‘IPTV operators’ were served with official warnings. They were either notified via mail by FACT and police, or visited at their home, where a cease-and-desist notice was delivered personally.

The term ‘IPTV operator’ isn’t explained in detail but since the 40 seemingly got off with a warning, it’s unlikely that they played a central part in the broader IPTV piracy ecosystem.

These interventions took place across the UK, including in London, South East England, West Midlands, North West, North East, North Wales and Scotland. According to FACT, it’s part of a larger campaign that aims to disrupt piracy operations.

Three Arrests

In addition to the warnings, police also executed three warrants, resulting in three arrests and house searches. All three suspects have since been released, but investigations remain ongoing.

“Three warrants were also served leading to the arrest of a 42-year-old man in Nottingham, a 51-year-old man from Widnes and a 52-year-old man in Stockton-on-Tees,” FACT reports.

The men were arrested on various grounds ranging from fraud offenses, to violations of the Copyright, Designs and Patents Act, possession of criminal property and possession of Class A drugs.

Several items were seized during the operation, including IPTV streaming devices which will be investigated further.

“Digital devices and ‘fully loaded’ smart TV devices or Firesticks were also seized from the addresses and are currently undergoing forensic examination by FACT,” the group adds.

For those keeping track of law enforcement action in the UK, including arrests and seizures, it’s worth pointing out that the arrests mentioned above have already been heavily publicized. Each arrest appeared in its own press release, around the time they were carried out early to mid-June .

Social Media Purge

Besides targeting suspects, Sky has been busy removing advertisements and social media posts that offer illegal IPTV subscriptions and ‘loaded’ Firesticks to customers in the UK and Ireland.

Since June, the media company reportedly removed over 3,000 listings from various social media platforms. Various ads were removed from Facebook, Instagram, TikTok, and X, while associated accounts were suspended.

FACT and Sky are happy with the results and thank the police for their cooperation. Both hope that this latest enforcement round will send a deterrent message, but it’s unlikely to be the last.

“The action taken by FACT, police and Sky across the country sends a strong message to those involved in illegal streaming operations that they will be identified, and they will face consequences,” Sky’s Matt Hibbert comments.

According to FACT CEO Kieron Sharp, the recent actions are only the beginning.

“FACT and our partners are steadfast in our commitment to disrupt these criminal operations. This is just the start of our enforcement efforts, with more actions planned,” Sharp concludes.

From: TF , for the latest news on copyright battles, piracy and more.