Retelling a few funny stories about the early antics of Web Sheriff might be quite fun. At least until the realization that was around sixteen years ago when the internet wasn’t facing a serious threat of censorship and regulation.

So much has changed since then it would be difficult to recapture the essence of those stories today. However, the Web Sheriff’s plan to board and then scuttle The Pirate Bay stands out as a watershed moment in the development of alternate realities in the anti-piracy space.

Planned in absolute secrecy apart from a few press releases, it involved the formation of an elite unit to take down The Pirate Bay, once and for all. Led by a Sheriff, the team consisted of a construction worker, a cowboy, an intimidating fellow dressed head to foot in black leather, a policeman, a gentleman resplendent in full Indian regalia, and a lone GI bravely bringing up the rear.

Some say the imagery accompanying this bold anti-piracy operation aimed to disorientate and disrupt pirates by making them question their own sanity. Even to this day, some believe the campaign caused cognitive disruption and was responsible for inexplicable amnesia among pirates.

While everyone remembers the images, it’s perhaps telling that nobody can recall anything about the operation or its damaging effect on The Pirate Bay.

Yet, here we are a decade-and-a-half later, potentially witnessing something even bigger. A pair of genuine copyright complaints, sent by Web Sheriff to Cloudflare last week, are certainly disorientating. The fact that they caused Cloudflare to do something it rarely does, raises even more questions.

SmashyStream and Movielair Violated All the Laws

The notices sent to Cloudflare targeting SmashyStream and Movielair claim to protect the rights of EDGLRD, which according to the blurb on its website “is a new IP-based studio working with a network of leading artists, musicians & film directors.”

EDGLRD released a movie last September about an assassin on a mission to kill a demonic crime lord. It’s called Aggro Dr1ft, it co-stars Travis Scott, and was shot entirely in infrared. The trailer is headache inducing; yet somehow not as visually and mentally concussive as the takedown notices sent to Cloudflare.

The takedown notices cannot be described as DMCA takedown notices due to their format. However, they’re pretty much identical and right off the bat deliver a powerful statement. For the reasons directly underneath, that doesn’t hinder reporting.

The nature of the take down notices requires direct quotation here to avoid misrepresentation. They amount to a smörgåsbord of allegations made under the legal system of an unidentified country and read as follows:

• Infringed / Violated Rights : A. COPYRIGHT, B. PERFORMERS’ RIGHTS, C. MORAL RIGHTS, D. RIGHTS-OF-PUBLICITY, E. CONSUMER PROTECTION RIGHTS
• Infringing / Violating Materials : PIRATED COPYRIGHT MOTION PICTURE(S) AND / OR TELEVISION PRODUCTION(S) AND / OR OTHER AUDIO-VISUAL RECORDING(S) – ‘AGGRO DR1FT’
• COPYRIGHT INFRINGEMENT (UNAUTHORIZED EXPLOITATION & DIGITAL DISTRIBUTION OF COPYRIGHT MATERIALS)
• PERFORMERS’ RIGHTS INFRINGEMENT (UNAUTHORIZED EXPLOITATION & DIGITAL DISTRIBUTION OF COPYRIGHT MATERIALS EMBODYING RECORDED PERFORMANCES / PERFORMERS’ RIGHTS)
• MORAL RIGHTS INFRINGEMENT (UNAUTHORIZED EXPLOITATION & DIGITAL DISTRIBUTION OF COPYRIGHT MATERIALS EMBODYING MORAL RIGHTS)
• RIGHTS-OF-PUBLICITY INFRINGEMENT (UNAUTHORIZED EXPLOITATION & DIGITAL DISTRIBUTION OF COPYRIGHT MATERIALS IN CONJUNCTION WITH NAME AND / OR LIKENESS)
• CONSUMER PROTECTION RIGHTS VIOLATIONS (THROUGH MISLEADING & DECEPTIVE TRADE PRACTICES AND / OR FALSE ENDORSEMENTS & BOGUS AFFILIATIONS)
• BREACH OF ISP’S PUBLISHED TERMS OF SERVICE / ACCEPTABLE USE POLICY (BY REASON OF THE ABOVE INFRINGEMENTS & VIOLATIONS)
• BREACH OF SITE’S PUBLISHED TERMS OF SERVICE / ACCEPTABLE USE POLICY (BY REASON OF THE ABOVE INFRINGEMENTS & VIOLATIONS)
** TRADEMARK & GENERAL RESERVATION OF RIGHTS ** ALL REGISTERED, COMMON-LAW & PENDING TRADEMARK RIGHTS ARE HEREBY STRICTLY RESERVED (AS APPLICABLE) AND AS ARE ALL OTHER RIGHTS OF AN INTELLECTUAL PROPERTY NATURE (WHETHER EXPOUNDED HEREIN OR OTHERWISE).

Given that a notice in this format makes no attempt to comply with the requirements of the DMCA, some companies in the U.S. might choose to reject it. Nevertheless, it’s still made clear in the notices that access to infringing content needs to be prevented.

On that basis there’s no real reason not to take action and on that front, Cloudflare seems to agree.

Cloudflare Blocks Access to Movie ‘For Legal Reasons’

The ‘Error HTTP 451’ status code was approved by the Internet Engineering Task Force (IETF) back in 2015 as a more informative alternative to the ‘403 Forbidden’ code utilized by some ISPs engaged in blocking.

While still relatively rare, it has appeared more frequently of late when users outside the bloc attempt to access content subject to the EU’s General Data Protection Regulation (GDPR).

On rare occasions, ‘Error HTTP 451’ has been observed when pirate sites are subjected to blocking orders. In 2020, Cloudflare began showing the code when DDL-Music was blocked under the orders of a German court.

As the images below show, the takedown notices on the left, sent by Web Sheriff to Cloudflare last week, now lead to the Error HTTP 451 status codes on the right.

Both error pages link to copies of the takedown notices listed on the Lumen Database ( 1 , 2 ). That’s useful since they explain what prompted Cloudflare to implement blocking.

What’s So Special About These Notices?

As noted earlier, Error HTTP 451 status messages are a relative rarity for piracy-related content. What is even more unusual here, at least as far as we can determine, is that they relate to the specific URLs mentioned in the Web Sheriff takedown notices. Most if not all URLs on both sites appear to be available as normal.

The big question is why Cloudflare has responded in this way to a Web Sheriff complaint alleging violations of seemingly all IP-related laws in existence today, while (at least as far as we can determine) refusing to offer a similar service to the world’s largest movie studios?

At least in theory, how and where the websites are hosted could play a part (Cloudflare does block permanently hosted content following valid copyright complaints). At least one of the sites above uses infrastructure and/or content hosted in Malaysia, but that’s nothing out of the ordinary in itself, so other factors could be at play.

That seems to lead to an uncomfortable conclusion. While the combined might of the Web Sheriff and The Village People proved laughably ineffective against The Pirate Bay, a barrage of legal allegations – fired from a comically broad blunderbuss – appears to have prompted rarely-seen pinpoint blocking by Cloudflare.

People laughed at Web Sheriff’s earlier antics; they might not be laughing now.

From: TF , for the latest news on copyright battles, piracy and more.

When Italy passed new law on July 14, many believed that when the new Serie A football season began on August 8, IPTV pirates would draw their last breaths as legal football platforms burst back to life.

In the event, none of these things happened. For various reasons, Italy’s new blocking system wasn’t ready and was never likely to have been. Initial technical meetings on security matters, even blocking itself, still hadn’t taken place.

A meeting eventually went ahead on September 7; telecoms regulator AGCOM turned up, as did the government’s cybersecurity experts. Also in attendance, anti-piracy groups FAPAV and SIAE, representatives from the football league, plus Amazon and Google.

Those who didn’t take part included cloud providers, satellite broadcasters, and VPN companies. According to DDay.it, AGCOM told the meeting that more companies need to participate in the project and everyone needed to “hurry because there is a deadline to meet.”

With the new season now five weeks old, the new deadline remains unclear. As recently as late August, insiders said that the system would be up and running late September or early October. That isn’t going to happen, but there will be another technical meeting in October to talk about what should happen when it eventually does.

Piracy Shield: It Does What It Says

One thing running to schedule is the system’s name. Telecoms regulator AGCOM has opted for the self-explanatory brand ‘Piracy Shield’ accompanied by a shield-shaped fingerprint logo with Piracy Shield written on the front. A splash of pink perfectly matching the theme on TorrentFreak rounds things off nicely.

Interestingly, Italian tech news site DDAY managed to obtain some screenshots of Piracy Shield. Whether they depict the software in action isn’t clear but from a presentation perspective they are pretty basic, to say the least.

Information on how the system will operate also falls short of expectations, at least when compared to the media hype of the last few weeks and the inherently technical nature of sophisticated pirate IPTV operations.

“The platform will be automatic, and is a sort of Content Management System that manages tickets. Nothing sophisticated or complex,” DDAY reports.

“Rightsholders will have access to the dashboard via an account and will be able to create a new ticket where they enter a name, the IPs or domain names to block, and the digital proof, then a screenshot.”

Get it Right in 60 Seconds

The report suggests that once a ticket has been created, there will be just 60 seconds to cancel it. Once that time has expired, the blocking request will be sent to AGCOM where an unspecified automated system will first check to ensure that all fields have been populated as required.

While it would make more sense to fix deficiencies before they’re submitted to AGCOM, DDAY reports that AGCOM will not check any blocking requests before it validates them.

Once validated, AGCOM will instruct all kinds of online service providers to implement blocking. Consumer ISPs, DNS providers, cloud providers and hosting companies must take blocking action within 30 minutes, while companies such as Google must block or remove content from their search indexes.

Automation and APIs

Given that an entirely manual system would be hilariously inadequate, Piracy Shield will be accessible through APIs. These will allow rightsholders to automatically create tickets which, according to DDAY, will trigger an automatic block with no human intervention whatsoever.

Whether there are provisions for quickly correcting errors or taking action in the event of inadvertent overblocking is unclear. DDAY reports that during the meeting on September 7, someone asked who is responsible for the blocking ‘whitelist’ containing domains or IP addresses that should never be blocked because they’re crucial for the functioning of the internet.

“[At] the moment there appears to be no plans in this sense,” DDAY reports.

Similar concerns noted that while IP address and domain blocking will be executed immediately, subsequent unblocking for even legitimate reasons will be subjected to an extended manual process.

Don’t Worry About Security…..

When an unnamed person asked if it was possible to see Piracy Shield’s source code, the question was reportedly “glossed over” with assurances that other people will carry out penetration tests. That the source won’t be made available is standard practice for anti-piracy companies; they have a product and ‘trade secrets’ to guard.

That raises the question of who developed Piracy Shield. Media reports last month indicated that Serie A bought it and then gave it to AGCOM as a gift. We couldn’t find any mention of the developer, so we turned to the screenshots published by DDAY for any potential clues, preferably something unique.

Impossible to find using regular reverse image search engines, it appears the Piracy Shield ‘fingerprint’ logo doubles as a favicon. Chinese ‘internet-of-things’ search engine FOFA indexes favicons and from there it was trivial to see where Piracy Shield had a web presence recently.

SP Tech appears to be a reference to SP Tech S.R.L , a brand protection, content monitoring, anti-piracy startup that has strong rightsholder connections in Italy and whose name appears in numerous industry piracy reports.

FOFA helpfully links an SP Tech website to AGCOM thanks to this code snippet, which also mentions Piracy Shield to round things off.

From: TF , for the latest news on copyright battles, piracy and more.

Three-ish plus decades ago, telecoms companies were best known for installing analog telephones in people’s homes and sending paper bills through the mail to be paid by check.

Many later branched out into the lucrative mobile phone market, but as operators of wired telephone networks, major phone companies all over the world would soon become the gatekeepers of a brave new world – the internet. While that was exciting for a while, with little opportunity for added value, selling a commodity product like bandwidth can be a race to the bottom.

By providing bandwidth and profiting from the content that consumes lots of it, telecom companies today are able to add value to their base products and generate much more profit. In 2024, telephone company Compañía Telefónica Nacional de España will celebrate its 100th birthday. Under its modern-day branding, Telefónica is a telecoms and media empire with assets worth around $110 billion, significant interests in the pay-TV market, and lots of valuable content to protect from pirates.

Telefónica and NAGRA Boost Partnership

Anti-piracy company NAGRA has also undergone a transformation. From the 1950s onwards, NAGRA produced high-end portable tape-recording devices but is better known for the video scrambling system Nagravision, which aimed to prevent unauthorized reception of pay-TV signals and any subsequent recording. In that sense, NAGRA hasn’t changed its core market but thanks to the internet, content protection now faces significant challenges from increasingly sophisticated pirates.

This week Telefónica and NAGRA announced an expansion of their existing relationship as the former works to counter the threat from pirate IPTV services. As it expands its anti-piracy operations in Latin America, Telefónica said its fraud prevention team sought access to advanced anti-piracy technologies and case file histories. While Telefónica has its own intelligence sources, a solution offered by NAGRA proved attractive.

Pirate IPTV: Identify and Disrupt

A statement from Telefónica says that NAGRA’s product provides “innovative ways to identify, monitor and display pirate activity.” The system is supported by AI-powered analytics which will alert Telefónica to “illicit patterns of activity.”

Madrid-based Delia Álvarez, manager of Global Fraud Prevention at Telefónica, says the relationship with NAGRA will provide vital intelligence as it seeks to identify and disrupt global piracy networks.

“Content piracy is a major concern with a direct impact on our performance. To increase our effectiveness in this ongoing battle, we chose to expand our existing relationship with NAGRA,” Álvarez says.

“They have a proven, global capacity to identify and remediate pirate activity. Their threat intelligence provides further value to our Fraud Prevention teams as they seek to identify and disrupt large-scale piracy networks.”

NAGRA’s Active Streaming Protection framework ( pdf ) is already deployed at Telefónica and will supplement other content protection mechanisms such as watermarking.

“We are proud to extend our partnership with Telefónica to now include more anti-piracy services.” said Pascal Metral, VP Anti-Piracy Intelligence, Investigation & Litigation, NAGRA. “Helping our customers tackle one of the biggest threats to both their revenues and their significant investments in content is our core focus and we look forward to our services unseating pirates across the Telefónica ecosystem.”

Telefónica Developers

Those with an interest in software development will find Telefónica’s official source code platform on GitHub with an impressive 261 repositories to trawl for interesting gems.

These include GoSwiftyM3U8 , a framework for parsing and handling .m3u8 playlist files that also happen to be popular among IPTV pirates. There are many reasons why the company might be interested in App Logger for Android but seemingly fewer uses for its fork of CLA-Videodownloader , a web/REST interface for downloading YouTube videos onto a server.

Telefónica’s developers are also the creators of HomePwn , billed as a Swiss Army Knife for Pentesting of IoT Devices. VpnHood , meanwhile, is an “undetectable VPN for ordinary users and experts” that’s able to bypass firewalls and circumvent Deep Packet Inspection.

Finally, a big thanks to the ElevenPaths team at Telefonica Tech for FOCA (Fingerprinting Organizations with Collected Archives), a tool that regularly makes document metadata a more interesting read than the documents themselves.

From: TF , for the latest news on copyright battles, piracy and more.

In the wake of the 30+ year prison sentences handed down to the people behind Flawless IPTV, we’ve been exploring various aspects of the service’s operations and the extraordinary effort expended by the Premier League to bring Flawless down.

While no single facet of Flawless’ operations can explain why such punitive sentences were considered appropriate, the emphasis on the service’s efforts to undermine the Premier League’s ISP blocking program played no small part.

One of the key aims of the blocking program is to prevent football fans in the UK from watching games played in the UK at 3:00pm on Saturday. This ‘blackout’ only affects viewers in the UK; the plan at Flawless was to enable UK football fans to enjoy these games by offering 3:00pm games played in the UK yet only available legally in other countries.

ISP Blocking Program

By offering access to 3:00pm kick-off games, Flawless had a product that wasn’t available to buy in the UK. Fans loved the service but in the background, the Premier League was pulling out all the stops to prevent fans from accessing it.

Birmingham-based anti-piracy company Friend MTS was tasked with monitoring the internet for pirated Premier League streams. However, just like anyone else, the company needed to access the services offering those streams so that server locations could be identified and sent to ISPs Sky, Virgin, BT, TalkTalk, EE, and Plusnet for subsequent blocking.

Using covertly purchased Flawless subscriptions supported by watermarking technology, in 2017 Friend MTS was able to identify specific Sky viewing cards used by Flawless and trace those cards directly to Flawless kingpin Mark Gould. Sky responded by canceling the cards, but the cat-and-mouse game would continue.

A Mole Inside Friend MTS

Our 2019 article provided significant detail on the blocking program, including that information was being leaked from inside an anti-piracy company. We knew that company was Friend MTS, but only more recently did it become clear why the company rejected our requests for comment.

In April 2018, a person who identified themselves as ‘Bill’ opened a support ticket at Flawless. Claiming to work at Friend MTS, ‘Bill’ said that in return for payment via bitcoin, he would provide information from inside the company that would allow Flawless to identify the usernames and passwords of accounts used to obtain information on their service.

It later emerged that ‘Bill’ was Zak Smith, a Friend MTS employee who went on to supply Flawless with crucial information on the blocking system and other sensitive material from inside the company. Information handed over included a list of covert subscriptions and the payment methods used by the anti-piracy company to acquire them – PayPal accounts and scans/photographs of credit/debit cards, among others.

Blocking the Blockers

Using information already in Flawless’ possession, enhanced by the information detailed above, the IPTV provider was able to turn the tables by blocking Friend MTS IP addresses from the Flawless service. Not that the anti-piracy company was initially aware of that.

Through the development and use of a custom script, when the anti-piracy company attempted to access the Flawless service, to obtain IP addresses to be forwarded to ISPs for subsequent blocking, Flawless diverted those requests to servers operated by rival pirate IPTV services.

That meant that any IP address and related server/hosting information obtained during the sweep was actually related to services other than Flawless. When IP addresses were forwarded to the ISPs for blocking, rival IPTV providers were blocked, not Flawless itself.

The Beginning of the End

When arrests of those behind Flawless began in May 2018, information obtained from seized devices revealed the existence of ‘Bill’ and the information he’d supplied to Flawless. Knowing the information had come from inside Friend MTS, the company launched an investigation.

Comparisons were made between the times that data was leaked to Flawless and the company’s security systems which logged people in and out of the building, recording times and dates. With suspicion mounting that Bill was Zak Smith, attention turned to photographs ‘Bill’ had sent to Flawless.

In addition to confidential information, these photographs accidentally captured details of equipment and the office itself. ‘Bill’ was arrested under his real name on August 7, 2018, and pleaded guilty in February 2020. He was not sentenced with the others late last month, with reports indicating that a warrant had been issued for his arrest.

From: TF , for the latest news on copyright battles, piracy and more.