Mega Has Now Terminated 95,000 Users For Repeat Copyright Infringement

Founded by Kim Dotcom following the takedown of Megaupload in 2012, Mega’s rise has been nothing less than impressive.

Despite parting ways with the entrepreneur several years ago, the cloud storage platform has gone from strength to strength. Late 2013, the site was hosting around 0.6 million files, a figure that increased to 3.6 billion just a year later. In 2019, the site reported 63.8 billion files on its servers but for Mega, significant further growth is only ever a few moments away.

“Mega’s users upload approximately 65 million files per day, 750 files per second on average,” Mega revealed this week.

Mega Publishes 2020 Transparency Report

According to the company’s just-published transparency report, by September 2020 Mega was playing host to around 84 billion files, a ~32% increase over the previous reporting period. Those files were uploaded by more than 200 million registered users located in 200 countries, all of whom enjoy end-to-end encryption that hides the content of their files both from Mega and the wider world.

Mega offers features that can be compared to those at Dropbox, so it is an attractive proposition for people looking to back up their own content, documents, and other files. But while Mega is privacy-focused by design, users are still able to easily share their files with third-parties as long as their links contain a decryption key. When this is the case, some users treat Mega like any other file-hosting platform – in some cases to store and distribute copyright-infringing files such as movies, music, TV shows, and just about anything else.

Copyright Infringement & Content Removal

When shared openly with the public, these links to pirated content attract the attention of copyright holders which are then able to file a complaint with Mega to have them taken down. Mega says that complaints and resulting takedowns happen quickly – certainly within four hours but often in minutes.

Copyright holders have three options; the removal of a specified link to a file, the removal of all links to a file, or the removal of all links to and all instances of the file.

During the most recent reporting period spanning 12 months to September 2020, rightsholders filed 1.193 million takedown requests with Mega, which sounds like a lot but when compared to the overall storage maintained by the site, percentages are low.

During the months covered by the report, the total number of links and/or files taken down peaked at just 0.0006% of the site’s total files, having hit a low of 0.0002% of total files during the first quarter. (Note: Mega’s first reporting quarter is Q4 of the previous year)

Mega Transparency 2020

While Mega took down many more links/files during its last 12 month period than it did in any previous year since its inception, the report suggests that in terms of overall content, Mega has a very low ratio of infringing versus non-infringing content.

The chart below shows a general upward trend of links taken down in 2019/2020 but the almost flat red line since 2017 reveals that despite a worrying start back in 2013, the percentage of links/files that aren’t considered infringing on the service are now keeping ratios well and truly pinned back.

Mega Takedowns 2020

“The number of unique takedown requests submitted represents a very small percentage of the total number of files stored on Mega. In Q3 2020, the links taken down represented 0.0004% of the 84 billion files uploaded to Mega servers,” the company writes.

Also a factor is the volume of incorrect notices sent to the company by copyright holders. Mega doesn’t provide a specific number but does note that when users file counternotices, the majority are accepted by the company.

“This is probably because many content owners and agents trawl the Internet using robots which generate incorrect notices on behalf of copyright owners, and due to the failure of owners and agents to review the specific link content,” Mega notes.

Dealing With Repeat Infringers

After initially operating a “five strikes” policy, in 2015 Mega introduced a “three strikes” regime to deal with users who receive multiple copyright takedown requests against their account. The company’s policy applies to users who receive three valid complaints in any six-month period. While incorrect claims are disregarded upon successful appeal and don’t count towards a ban, users reaching this limit have their accounts terminated.

“As of 30th September 2020, Mega had suspended 94,966 users for repeated infringement,” the company notes, adding that the data reveals that “suspensions have declined to a very small % of the number of registered users.”

Mega copyright suspensions

As the image above shows, Mega terminated around 8,850 users during the last 12-month reporting period, which is way down from the peaks observed in 2013, 2015 (change to ‘three strikes’) and 2017, and relatively stable when averaged out over the past three years.

Suspending Other Accounts Due to Objectionable Content

While terminating 95,000 users in total for repeat copyright infringement offenses may sound like a lot, that figure is dwarfed when it comes to the action taken by the company against those who upload child exploitation and other objectionable content. Mega says that it has terminated 565,000 accounts for storing and sharing this type of content and in all cases account information was made available to law enforcement agencies.

“Although all files stored on Mega are encrypted prior to being uploaded to our system, and we therefore cannot access that content unless we are provided with the decryption key, Mega does have access to user registration information and the IP addresses used to access our services,” the company says in respect of handing user data over to the authorities.

“After 12 months, identifying information such as email and IP addresses is anonymized (except that email address records are retained for reference by the user’s contacts or where the user has participated in chats with other Mega users), but other related database records may be retained. This includes records of financial transactions relating to a user’s account where Mega is legally required to retain such information.”

Mega’s full transparency report can be found here (pdf)

From: TF, for the latest news on copyright battles, piracy and more.


BREIN Launches Anti-Piracy Campaign Targeting BitTorrent Uploaders

Anti-piracy group BREIN is at the forefront of the fight against copyright infringement in the Netherlands.

Many of its efforts have been focused on legal action against big targets such as The Pirate Bay and the IPTV market, with the group achieving notable legal precedents along the way.

Now, however, BREIN says it wants to strike at the heart of the sharing landscape by targeting users whose sharing habits play a key role in keeping content alive.

Frequent and Long-Term Infringers on the Radar

From December 15, BREIN says it will begin a long-planned project (‘FLU’ – Frequent and Long-Term Uploaders) to reduce the availability of movies, TV series, books and music on file-sharing networks.

Using specially developed software (AFLU: Analysis Program For Frequent and Long-Term Uploaders), BREIN will search for local BitTorrent users who regularly upload infringing content and/or share it for long periods of time.

The key criteria for receiving a notice is as follows:

– IP address has been observed sharing BREIN member companies’ content
– IP address belongs to a Dutch ISP
– In a four-week period, IP address has been seen at least twice in any relevant swarm, with an interval of at least seven hours

The focus, at least for now, will be on those who distribute multiple infringing uploads of content aimed at the Dutch market. BREIN says that it has a preference for original Dutch content but will also be interested in foreign-made Dutch-subtitled or dubbed content, distributed by users of torrent sites or apps like Popcorn Time, for example.

Casual Downloaders Are Not The Initial Targets

Similar anti-piracy campaigns over the years have sought to sow widespread fear among all file-sharers but BREIN is being very specific about its targets and goals. The project is not about targeting casual sharers but those who play a more important role in the sharing ecosystem.

“This project is not about incidental – so-called ‘hit & run’ downloaders, but about frequent BitTorrent uploaders. Habitual infringers who act not so much as a primary and large-scale source, which have already been and are being successfully enforced, but more as a lubricant, because they perpetuate the exchange of illegal content through their so-called ‘seeding’,” BREIN says.

“Without these types of users, the exchange [of files] will not work.”

With this strategy of going after a relatively small subset of users, BREIN appears to be deploying a tactic that has the potential to starve BitTorrent swarms of the crucial elements they need to survive. These users not only have a tendency to supply upload faster to other users but they also seed for longer, bringing health to swarms.

In a sharing climate that is disproportionately reliant on these types of sharers, with the vast majority of users simply grabbing whatever content they need without hanging around and contributing for too long, BREIN will be hoping to degrade the transitory experience of the masses by removing bandwidth thereby rendering downloading more laborious.

Indeed, BREIN advises that “the more often and longer [users] are in an infringing BitTorrent swarm as an uploader” the more likely they are to become of interest to BREIN. This message, should it gain traction, could be of real benefit to the project.

If BREIN succeeds this could be an interesting experiment, but first of all it needs to tie IP addresses to the key individuals themselves, a practice that is rarely easy or without costs, especially in the Netherlands.

Warning Notices Will Be Sent To More Prolific Sharers

BREIN’s plan is to send “informative warnings” to more prolific sharers for at least six months, targeting up to a maximum of 1,000 IP addresses per month. It hopes to utilize ISPs’ ability to match IP addresses to real-life identities in the hope they will pass notices on.

“We will always ask for the cooperation of the relevant ISPs to forward that e-mail. In case of refusal, we will request (or demand) the corresponding email addresses so that we can send the alerts ourselves,” BREIN says.

The big question is whether the anti-piracy group can rely on traditionally stubborn local ISPs to get involved in the process voluntarily. TorrentFreak approached BREIN for comment on whether any ISPs have already agreed to work on this project but Managing Director Tim Kuik said he prefers for ISPs to individually communicate whether they are willing to cooperate.

From the language used, however, it seems that BREIN could take legal action to compel ISPs to either cooperate or even hand over customer data.

Legal Action Against ISPs That Refuse To Coopeate

BREIN says it has already considered the possibility that some ISPs won’t be willing to cooperate and is prepared for legal action to force compliance.

“BREIN will, in that case, be forced to enforce cooperation through the court. In such a situation, BREIN will most likely be looking for a minimum [data retention] period from six months into enforcement against the uploaders in the target group whose IP addresses are found in the Bittorrent swarms,” BREIN explains.

Indeed, it seems the cooperation of the ISPs might be an important element here, and somewhat of a double-edged sword. On the one hand, ISPs might face a backlash from some customers for cooperating in an anti-piracy scheme. On the other, it appears that if ISPs pass on warnings on BREIN’s behalf, BREIN won’t be seeking to obtain any information that would personally identify those infringers.

“BREIN will only do so if providers do not want to cooperate by forwarding the notifications to the subscribers whose IP numbers were obtained by BREIN in the context of FLU,” the anti-piracy group says.

BREIN says it sought advice from a communications specialist and market research company Kantar when formulating the proposed warnings, something which suggests a persuasive approach over brute force, at least in the first instance.

Campaign Forms Part of a Government-Funded Study

An interesting aspect of BREIN’s campaign is that the associated market research project has received funding from the Ministry of Education, Culture and Science. The first phase, which measured the state of play before the notices, has already been completed.

Additional research will be carried out to assess the effectiveness of the warning notices as time progresses. If a positive effect is observed, the warnings will continue but BREIN warns that if its efforts don’t yield appropriate results, it will consider bringing enforcement measures to the table.

Processing of Personal Data

The documentation provided by BREIN indicates that the anti-piracy group has been extremely thorough in considering privacy concerns. Notably, BREIN says that following consultations with the Dutch Data Protection Authority, it was determined that a license is not required for such collection of data. Nevertheless, BREIN says it will only collect the information it needs, with the rest being discarded.

“The starting point with FLU is proportionality, which means that the personal data that is processed is only that necessary for the specific purpose BREIN wants to achieve with FLU,” BREIN says.

“To detect relevant Dutch IP addresses, BREIN uses special software developed on request. Several samples are taken on various titles every month. Irrelevant addresses are not saved. Data that is not used will be deleted and data that is being used will be deleted as soon as possible after sending the advisory warning.”

Specifically, BREIN will immediately anonymize all foreign IP addresses it obtains although it will do its best to avoid them capturing them in the first place. Dutch IP addresses will be stored for a maximum of six weeks but if those same IP addresses are spotted more than twice in a four-week period, BREIN will retain them for longer to facilitate the notice-sending element of the campaign.

What Happens After the Six-Month Campaign?

BREIN says that the research into the effectiveness of the project will be “highly dependent” on the levels of cooperation it receives from ISPs. Again, it is not yet clear whether any or all have agreed to cooperate. Presuming they do and infringement “significant diminishes”, FLU will be extended for another six months with research carried out to determine effectiveness.

If ISPs do not assist, or compliance with notices does not yield sufficient results, BREIN will then decide whether to move to enforcement.

“At the earliest after this initial six-month period, if necessary BREIN will scale up and take enforcement action against those users whose samples are found three or more times in a BitTorrent swarm. These are users who continue to seed content for a long period of time or who repeatedly download and upload infringing files every month,” BREIN adds.

Finally, BREIN has also laid out criteria for enforcement action, should it be deemed necessary.

– IP address has been observed sharing BREIN member companies’ content
– IP address belongs to a Dutch ISP
– In a four-week period, IP address has been seen at least three or four times in either a) different swarms, b) in the same swarm more than seven hours apart, or c) a combination of these variants.

The documents supporting the scheme can be found here and here (PDF, Dutch)

From: TF, for the latest news on copyright battles, piracy and more.


Music Leaking Site ‘Kingdom Leaks’ Announces Imminent Closure

According to the music industry, the main threat to artists and labels from a piracy perspective is the availability of stream-ripping platforms and tools. On the other hand, however, a much more traditional threat also remains an issue.

Recording labels have long lamented the fact that insiders and other people with access to new music have made it available to others in advance of commercial release. Whether those are promo copies, so-called ‘dubplates’ in the vinyl scene, or even CDs liberated from the packing department of a manufacturing facility, early leaks can cause headaches – especially when they make it online.

Of course, leaks appearing online has been the standard for two decades already. The availability of music releases on streaming platforms simultaneously across borders has helped dampen the problem but it still hasn’t eradicated it. In fact, some sites specialize in ensuring content gets online as quickly as possible.

Kingdom Leaks – Leaking Music For Seven Years

While there is no shortage of music leaking sites, Kingdom Leaks (in one form or another) has been around for roughly seven years. That’s quite a feat considering the content on offer. And, despite operating in a niche, the site still manages to pull in an estimated two million visits per month, with many users looking to grab music as far in advance of release as possible.

While this particular party was enjoyed by fans while it lasted, it’s clear that Kingdom Leaks will soon be pulling down the shutters for the last time.

“It is with a heavy heart and great sorrow that today I announce the shutdown of Kingdom Leaks. This was not a decision made lightly or abruptly, nor was this choice made because of legal pressure, a data breach, or anything of that nature,” site operator Lord Kingdom says in a final statement.

“The simple but unfortunate reason is this: mR12 and I have decided to move on, and there is no safe way to hand over the website to another party out of concern for the safety of everyone involved since the site’s inception 7 years ago.”

Shutting Down For Personal Reasons, Jan 1, 2021

While many site operators can run on to ripe old ages without a hitch, Lord Kingdom says he has other ‘real-life’ matters on the agenda that require him to move on, with Kingdom Leaks (KL) firmly behind him.

“With a baby on the way and getting married next year, this is something that I need to put in the past, officially,” he writes.

“This reality has left us at the following decision: we will be permanently shutting down our servers on January 1st, 2021. All user and site data, including that which is stored on PassTheLeaks, will be permanently deleted.”

Those familiar with the site will recognize PassTheLeaks as one of the domains offered as an option for people trying to download music from KL, which is presented via related service Filecrypt. The news that all of this content is set to be deleted will come as a disappointment to users but according to Lord Kingdom, the topic won’t be revisited and the decision to close “is final”.

Not Everyone is Disappointed That Kingdown Leaks is Closing

For many years, copyright holders and their anti-piracy partners have been working hard to have content uploaded by Kingdom Leaks delisted from Google. It will come as no surprise that the BPI takes the lead in the sheer volume of content targeted, closely followed by French music group SCPP and international music organization IFPI.

One of the other anti-piracy companies regularly trying to suppress KL is UK-based anti-piracy company AudioLock. If Kingdom Leaks keeps its word and closes down in just over a month’s time, AudioLock will have less work to do. Speaking with TorrentFreak, however, company founder Ben Rush says that he won’t be sad to see the site go.

“Kingdom Leaks has been around a long time and has a strong user base who are kept updated through various social media feeds of every new release. It covers a lot more rock and metal content than other similar sites and protects links from automated tools that take them down,” Rush says.

AudioLock’s owner says that Kingdom Leaks’ utilization of link encryption (Filecrypt) has meant that the site has been able to keep itself alive, driving its popularity but at the expense of artists who are struggling in the current climate.

“Now without the revenue from live events [due to COVID-19], we are seeing labels seeking to boost existing stream and download revenue by protecting it from piracy. This pressure combined with the site’s popularity will have made it a prime target,” he explains.

Kingdom Leaks Admin Asks Users To Consider Spotify

In what could be an important departing post, Kingdom Leaks admin mR12 (who is also a VIP uploader on The Pirate Bay) has penned an ‘essay’ on why people should be considering Spotify in their music consumption habits moving forward.

“As Kingdom Leaks comes to an unfortunate but inevitable close, you may be considering how your music needs will be sustainably met in the future. Many will understandably and reasonably move to other music blogs, other download sites, and with good cause,” he writes.

“I am not writing to condone these moves; however, I would like to argue, through a serious and practical consideration of the actual need that must be filled, that Spotify is the solution many people are looking for but simply don’t know it or haven’t given it enough consideration.

“I want to show that, yes, Spotify is worth $120 per year, and perhaps more importantly for those of you reading this, that Spotify is compatible with partial music piracy, which I believe is the most optimal and hassle-free solution for the vast majority of people.”

Time will tell how many soon-to-be-former users of KL find his arguments persuasive but Ben Rush is hoping that Kingdom Leaks’ passionate music-fan users will move to legal platforms rather than pirate sites.

“The harsh reality is that if these users want to have releases made by the labels and artists they enjoy, then they need to support them now. Without this support, there will be many labels who will no longer exist, and many artists unable to continue to create music,” he says.

“Show your appreciation and support to the labels and artists that mean so much to you. Secure their future by purchasing directly from the label itself or from legitimate platforms.”

It may have taken seven years but at this point (and if only partially), some kind of consensus appears to have been reached.

From: TF, for the latest news on copyright battles, piracy and more.


Streaming Site Shuts Down, Offers Unique Perspective on Anti-Piracy Pitfalls

Back in March we reported on an order handed down by a Paris court. It required France’s leading ISPs to prevent their customers from accessing around three dozen pirate sites.

In addition to blocking internationally famous torrent sites YTS and EZTV, the order also covered many locally important streaming sites, among them Time2Watch, a site that was once one of France’s top 300 sites, period. According to information made public by the site’s operators, this resulted in delisting activity by Google at the request of French anti-piracy group ALPA.

This prompted the site to switch domains but the mitigation action continued, with the site also losing two Twitter accounts. Interestingly, the site admits that although DNS blocks are often described as ineffective, when combined with domain issues the effect can be significant. In fact, through a combination of factors, Time2Watch decided to throw in the towel earlier this month, leaving some rather interesting information behind.

DNS Blocking – More Effective Against New Users Than Existing

According to Time2Watch (T2W), when it was blocked by ISPs and delisted by Google, traffic dropped by 20%. Blocking in France isn’t particularly tough, especially when compared to that deployed in the UK since it only targets DNS. However, T2W says that the mantra of “just change domain” or “change to a new DNS” doesn’t provide a solution when site-blocking by DNS is dynamic, i.e updatable by rights holders to include new domains.

When combined, these methods cause a site to die “little by little”, since when organic traffic gets hit again and again, sites are forced to resort to more and more advertising, not to mention lower quality advertising and money-making schemes that can be detrimental to users. This can develop into a downwards spiral as the pressure mounts, something that isn’t conducive to growth.

Anonymity and Measures For Prospective Site Operators

Running any type of pirate site has its risks but according to T2W, some streaming and torrent site operators aren’t taking the necessary precautions. Simply by using publicly available information, the site says it could’ve easily closed several down due to carelessness, if it was that way inclined – which it is not.

T2W doesn’t name names, but it points to people being careless with their pasts – Facebook pages, names, addresses, and Twitter accounts, for example. It also highlights the dangers of using past nicknames or avatars (especially ones that are unique) that can be linked to more recent pirate activity. In contrast, the site recommends using nicknames that are very common so they don’t stand out on Google.

In addition to using a good VPN at a minimum, the site also cautions against spilling out personal details to those who know about operators’ piracy activities. This friendliness may seem innocent enough at the time but could come back to haunt people.

“Don’t trust anyone. Do not go to Discord servers, do not try to be popular, do not brag to your friends or certain communities who know what you’re doing. Keep a low profile, share your files, and don’t commit an error that could fall on you even in the very distant future,” the advice reads.

The Myth that Cloudflare Protects Pirate Sites

Over the past couple of years, rightsholders have been complaining that CDN service Cloudflare helps to protect pirate sites, giving their operators anonymity. However, T2W says this is simply a lie.

“Cloudflare will not protect you, NOT FOR A SECOND. They will hand over the name of your host, and otherwise the IP address of your server, to any authority which requests it. And even in some cases your connection IP address, your account data, means of payment, etc,” T2W warns.

“One type of silliness that we see a lot for people who get into the business is to buy a server with their PayPal or bank account, usually at OVH, thinking that they will be safe with Cloudflare in front. Run away poor fools, while there is still time!”

In summary, T2W says that users of Cloudflare must only connect their ‘front-end’ server to the company and this should be a reverse proxy to the rest of the infrastructure, one that can be changed at any time.

Interestingly, T2W says that in choosing an actual host, the best advice comes from the MPA. Referencing a recent TorrentFreak article detailing the MPA and RIAA’s submissions to the USTR for its notorious markets list, T2W says that various hosts are nominated there for good reason.

The same can be said for domain registrars. Again, pointing to the industry groups’ complaints about Peter Sunde’s Njalla, T2W notes that the company made it to the list by “annoying them with their resistance.”

Time2Watch Disappears Into the Night

For those interesting in reading the entire ‘goodbye’ statement, it’s available here in French (pdf). However, those hoping for some kind of reincarnation will be disappointed, since that doesn’t appear on the agenda.

“Time2Watch has closed and will never reopen in any other form,” T2W’s statement reads.

“The database was destroyed as well as the site’s source code, and they were not transmitted to anybody, so impossible to see a Time2Watch return. All the sites you will see in the future resembling ours (with a domain name or a similar design) will only be clones that will hate your wallet.

“Beware of scams,” the team concludes.

From: TF, for the latest news on copyright battles, piracy and more.


MPA Hits MediaBox HD on Github: “Massive” Movie & TV Show Piracy

Preventing the general public from accessing movies and TV shows without paying for them is a monumental task that, if anything, feels even more difficult than it was 15 years ago.

In addition to hundreds, perhaps thousands of torrent and streaming sites, copyright holders also have to deal with the growing threat of premium IPTV, which grants access to every type of live TV under the sun for comparatively low prices.

Somewhere in the middle of this organized chaos, movie and TV show companies are trying to tackle pirate apps. Mostly Android and iOS-based, these consumer-friendly tools present content in easy-to-navigate interfaces, pulling content from not just their own sources but in many cases third-party file-hosting and IPTV/streaming suppliers, much as other pirate sites do too.

MediaBox HD Targeted By The MPA

One of the more popular tools in this growing niche is MediaBox HD. Available for both Android and iOS, the app is in demand by those looking to access premium content on their phones or, as is increasingly the case, a tablet or Android-based set-top box.

MediaBox HD

MediaBox HD’s popularity lies in its many features. Aside from a large free library of movies and TV shows, it supports services such as Real-Debrid for more reliable streaming, has Chromecast support, can offer subtitles and even allows for offline viewing. For groups like the MPA, however, these are all reasons to take the app down.

MPA Sends Copyright Complaint to Github

While MediaBox HD has its own site, at the time of writing it’s impossible to access the Android variant of its app from there. Rather than hosting the APK in the same location, the app’s developers chose to host the software on Github instead, meaning it was vulnerable to an easy takedown.

Teaming up under the banner of the Motion Picture Association (MPA), Paramount, Sony, Universal, Warner, Disney and Netflix, sent a copyright complaint to Github, calling on the platform to remove the piracy-facilitating software.

“We are writing to notify you of, and request your assistance in addressing, the extensive copyright infringement of motion pictures and television shows that is occurring by virtue of the operation of the APK software Mediabox HD, which is hosted on and available for download from your repository,” it reads.

“Specifically, at the URL, the Repository hosts and offers for download the APK, which in turn is used to engage in massive infringement of copyrighted motion pictures and television shows.”

MPA Demands Removal of MediaBox HD Under the DMCA

Attached to the MPA’s complaint but unpublished by Github, the movie and TV show group provides screenshots that claim to show that MedaBox HD streams copyrighted content to the masses resulting in “massive infringement.”

While providing various examples of alleged infringement, the MPA says that these are just the tip of the iceberg since the software goes much further by blatantly infringing other content owned by its members and copyrights held by others.

On this basis, the MPA states that infringement is “plainly is its predominant use and purpose”, citing case law including the MGM v Grokster litigation (2005), the Arista Records v Usenet dispute from 2005, and the 2009 lawsuit between Columbia Pictures and former isoHunt operator Gary Fung.

The MPA suggests that it doesn’t really mind on which basis Github removes the app, whether that’s under the DMCA’s takedown provisions, repeat infringer rules, or Github’s acceptable use policy. Interestingly, however, it does note that it is not trying to claim that the app’s code is copyright-infringing, merely that its sole purpose is to infringe.

“Please note that, by this notice, the MPA Members are not addressing copyright ownership of the APK’s specific lines of code; rather, they are addressing the use of the APK as a whole to provide unauthorized, infringing access to streaming video content, and requesting that you remove or disable access to the APK as a whole on your Repository,” the notice adds.

Github Complied With the Request

Unlike the dispute currently engulfing youtube-dl, which has put Github at odds with the RIAA, there appears to be no such confusion here. Following the request from the MPA, Github removed the MediaBox HD app and, as a result, the software is no longer available from official sources.

While MediaBox HD will likely solve this problem in due course, the attention from the MPA comes after the streaming software was featured in two earlier legal matters.

In September 2019, following a subpoena from the makers of the movie Hellboy, third-party app-store TweakBox took the decision to remove MediaBox HD (plus Popcorn Time and CotoMovies) from its platform.

A month earlier, a Pakistani man who operated a site that offered MediaBox HD, Showbox, Popcorn Time and similar software, agreed to pay a settlement of $150,000 to companies behind the movies The Hitman’s Bodyguard, London Has Fallen and Hunter Killer.

His site, the now-defunct, was forced to remove MediaBox HD and similar tools, despite not being their developer. The MPA hasn’t yet shown any public signs of seeking a settlement from the developers of MediaBox HD but given past history, that might only be a matter of time.

From: TF, for the latest news on copyright battles, piracy and more.


EU Commission Calls For Substantial Law Enforcement Boost to Fight Piracy

While cooperation across borders has been a regular feature of piracy and similar IP crime investigations across Europe, there is considerable momentum in Brussels to make better use of international resources.

Recent actions to tackle unlicensed IPTV providers, resellers and related infrastructure reveal that law enforcement entities are able to pool resources to shut down huge operations. But according to the EU Commission, more needs to be done.

Law Enforcement Needs to Give More Priority to IP Crime

In a paper published this week directed at the European Parliament and European Council, among others, the Commission details an intellectual property action plan designed to support the EU’s “innovative potential”. The 15-page document covers a wide range of IP-related topics, from general counterfeiting to pharmaceuticals, patents, and online piracy.

“As regards counterfeiting and piracy, the Commission sees a clear need to step up efforts. In 2016, imports of counterfeit and pirated goods into the EU amounted to as much as EUR 121 billion, which represents up to 6.8% of EU imports (against 5% of EU imports in 2013),” the paper reads.

“New forms of IP infringements have arisen on the internet, such as cyber theft of trade secrets (accounting for an estimated EUR 60 billion of losses in the EU, illegal internet protocol television (IPTV) and other forms of illegal (live) streaming. They raise particular challenges for manufacturing, the creative and cultural industries as well as the sports sector.”

Part of the problem, the Commission notes, is that IP crime doesn’t receive the necessary resources at the enforcement level, something that needs to be corrected in order for the EU to maximize its potential.

“The capacity of law enforcement authorities has to be substantially strengthened. Counterfeiting and piracy must become a higher priority,” the Commission notes, urging Member States and the European Council to include IP crime among the priorities for the next EU Policy Cycle.

EU Commission Promises to Reinforce Stakeholder Cooperation

Noting that all relevant stakeholders should continue their exchanges with Europol in order to further improve threat assessment and coordinated action against IP crime, the Commission says it will do its part to improve and increase cooperation between all players involved in or affected by infringement online.

At the top end, this will not only encompass numerous rightsholders but also intermediaries, including online platforms, social media companies, and the advertising industry. Enhanced cooperation will be sought from other entities too, such as those that may play a more passive role in piracy – payment services and domain name registrars and registries, for example.

This cooperation will form a part of what the Commission describes as the “EU Toolbox”, which among other things will clarify roles and responsibilities while identifying how stakeholders can work together. It will also promote new technologies such as image recognition, artificial intelligence and blockchain, to increase the effectiveness of the EU’s IP protection systems.

Protecting EU Companies From Unfair Competition

Noting that its large single market puts the EU in a special position to act as a “global standard-setter in IP”, the Commission says that must be accompanied by better protections against IP theft originating from non-EU countries.

Part of the effort to promote a global level playing field will come via the fledgling Counterfeit and Piracy Watch List, which late last year called out a broad range of alleged ‘pirate’ sites in the BitTorrent, cyberlocker, stream-ripping spaces.

The EU Commission’s paper can be obtained here (pdf)

From: TF, for the latest news on copyright battles, piracy and more.


Researcher Retains EFF To Fight DMCA Takedowns Sent By Proctoring Company

With millions of students working remotely due to the coronavirus pandemic, the use of so-called proctoring software has skyrocketed.

The stated aim of this software is to detect and prevent cheating in online tests but in order to do that, invasive systems are deployed. Proctoring software watches students through their webcams, records audio via their mics, and tracks any websites visited. On top, these tools examine body movements including eye-tracking, in an effort to identify potential cheaters.

While the companies behind proctoring software champion the benefits, criticism isn’t hard to find online. Nonetheless, Miami University student and security researcher Erik Johnson is finding it difficult to get his voice heard after US-based software company Proctorio began using copyright law to silence his work.

DMCA Takedowns on Twitter and Beyond

Proctorio requires students to install a Chrome extension so Johnson downloaded it and began publishing code snippets to Pastebin during September, linking to them on Twitter, while revealing the scale of the monitoring, among other things.

However, six weeks later he received an email from Twitter explaining that some tweets had been removed after the company received DMCA takedown notices from Proctorio alleging copyright infringement. The material disappeared from Pastebin too.

Earlier this month, Proctorio told Techcrunch that it stood by its takedowns, claiming that Johnson’s publication of code snippets represented a breach of copyright law. The EFF, on the other hand, described Johnson’s criticism – which included the citing of a source – as “a textbook example of fair use” and no different from quoting from a book.

DMCA Takedowns Continued Regardless

A week later, Johnson took to Twitter again with two more posts, one of which revealed he’d reposted the code that had been removed from Pastebin to his Github account. However, the image below shows that those tweets were affected too due to copyright complaints.


The tweets do, however, contain a link to Github but following yet another DMCA takedown request, that page has also been removed.

Battle Moves to Github

“The GitHub account ejohnson9912 is posting proprietary Google Chrome extension source code and documentation without a license or consent from Proctorio, thus infringing on our copyright,” the complaint to Github reads.

“Further, this infringement activity involved reverse engineering and unauthorized hacking through Google Chrome, violating Google Chrome’s terms of service. We request that the account be removed and/or access be disabled to the infringing materials.”

The DMCA complaint was filed with Github exactly a week ago and, as required, the coding platform removed the allegedly infringing material. However, it now appears that Johnson isn’t going down without a fight.

In a DMCA counter-notice filed yesterday, Johnson asks Github to restore his repository, claiming that Proctorio made an error when it failed to consider the fair use exemptions available to him under the DMCA. He further claims that the company mischaracterized his work.

“The disabled content consisted of code snippets used for purposes of research, education, commentary, and criticism regarding Proctorio’s product and its representations to the public. Proctorio’s complaint does not account for the fact that my use is protected by the fair use doctrine,” Johnson writes.

“Proctorio’s additional allegations of ‘reverse engineering and unauthorized hacking’ are both untrue and irrelevant to its claim of copyright infringement.”

It’s at this point things start to heat up. Presuming that Github reinstates the repo, Proctorio will then have to file a lawsuit against Johnson to have it taken down again, significantly raising the stakes. However, the researcher appears to have thought this through, with the help of some heavyweight backing,

“I consent to the jurisdiction of the Federal District Court for the judicial district in which my address is located, and I will accept service of process from the person who provided the DMCA notification or an agent of such person,” he writes.

“I can be contacted through my attorneys at the Electronic Frontier Foundation.”

From: TF, for the latest news on copyright battles, piracy and more.


Denuvo’s Anti-Piracy Protection Probably Makes Sense For Big-Selling AAA Titles

Mid-October, news began to surface that the systems of gaming giants Ubisoft and Crytek had fallen victim to a hacker attack.

Samples of the companies’ data first appeared on the dark web portal of ransomware group Egregor along with threats that the team could leak more confidential data in the days to come. Indeed, at the start of November, the source code for Watch Dogs: Legion reportedly hit the web.

Supposed Denuvo Contact Leaked

This week a new leak, apparently from the same haul, made an appearance online. Posted to various platforms including Twitter, the documents appear to reveal the financial costs of implementing Denuvo’s anti-tamper technology into Crysis Remastered.

The costs and effectiveness of Denuvo are hotly debated topics so this document, which appears to be authentic, casts an interesting light on the decisions faced by companies looking to protect their titles from piracy – if only for a while.

Crysis Remastered – The Costs of Denuvo

The ‘statement of work’ document begins by listing the headline price of Denuvo’s anti-tamper technology. There are two components – 60,000 euros for the first 12 months of anti-tamper plus another 80,000 euros if the company required ‘unique encryption’. This headline 140,000 figure could receive a discount in the event that the game was released before the end of March 2021, specifically on the Epic platform.

In the event, Crysis Remastered was released on September 18, 2020, meaning that the first year of protection from Denuvo was reduced to 126,000 euros. After the 12-month ‘protection’ period, the licensee will be given the opportunity to extend the contract, with each additional month costing an extra 2,000 euros.

In the meantime, however, additional costs can be incurred if Crysis Remastered turns out to be a particularly successful venture. In the event that the game receives 500,000 “cumulative first time activations” at any time during the licensing period, an additional one-off fee of 60,000 euros is payable to Denuvo.

Crysis Remastered Was Cracked a Month After Release

Just over a month following its release, Crysis Remastered was cracked by the group CPY, albeit after a couple of attempts to get things working as intended. So, considering that the title only enjoyed just over 30 days’ worth of protection, does that mean that Denuvo was a failure and therefore poor value for money?

That’s a big question but given that Denuvo’s current position is that it aims to protect games in the first days and weeks following release, claiming that Denuvo failed seems to be off the table. Whether it still represents good value for money also requires some guesswork, accurate figures for which are largely unavailable.

Waste of Time or Value For Money?

Nevertheless, since we know that Crysis Remastered was released in the Denuvo-discounted period before March 31, 2021, and we optimistically include the 500,000 copies sold clause relating to the first year, in this Denuvo protection will cost around 186,000 euros.

Reductions aside (some outlets are currently discounting the game), 500,000 copies sold at roughly $30.00 sounds a bit like $15m in revenue so, with the protection costing around 1.2% of gross, that doesn’t sound too bad. Indeed, at those prices, if the game enjoyed around 6,200 more sales during the first month from people who would’ve pirated had Denuvo not stopped them, the financial gamble seems pretty balanced, at least as far as this game is concerned.

Also, it’s worth pointing out that just because a game’s protection fails after a while, it doesn’t necessarily mean it won’t go on to commercial success. For reference, the first Crysis was pirated at least 940,000 times in the year following its release (2007/2008) but remained profitable and went on to sell at least three million copies. Times have changed along with the entire market since then, but it’s worth a mention.

Denuvo Provides Additional Services in the Package

As part of the deal, Denuvo reportedly sends its engineers to the developer during the initial integration and then provides remote troubleshooting support, right up until the launch of the title.

The company also carries out manual testing of the protected title and then scans for early piracy leaks post-launch alongside manual piracy monitoring with regular emailed updates.

Denuvo is Probably Here to Stay

While the leaked documents only relate to Crysis Remastered, it is by no means the only game with Denuvo protection. Of all games released since September, just four have been cracked, all of them taking roughly a month to hit pirate sites. To date, titles including FIFA 21, Watch Dogs: Legion have all ‘survived’ their first four weeks, with others such as Dirt 5 and Need For Speed Hot Pursuit Remastered creeping close to that target.

Whether those titles and the ones released more recently (Yakuza: Like a Dragon, Assassin’s Creed: Valhalla, and Football Manager 2021) will make it too remains to be seen but overall it seems that developers still have confidence in Denuvo and the insurance-type policy it provides.

Finally, it’s worth pointing out that Cyberpunk 2077, the most anticipated title of 2020, will release December 12 without any DRM whatsoever. It’s not clear what kind of deal Denuvo would’ve offered its developer but it is expected to become a smash-hit nonetheless.

The question of whether it could enjoy even more success with Denuvo may never be answered.

From: TF, for the latest news on copyright battles, piracy and more.


Anti-Piracy Coalition Seeks Powerful New Tools To Tackle IPTV Piracy in the EU

While groups such as the Alliance For Creativity and Entertainment are mentioned frequently for their widespread anti-piracy activities, the Europe-based Audiovisual Anti-Piracy Alliance (AAPA) is also engaged in key work to reduce online infringement.

Counting broadcasting giants BT, Sky, Canal+, beIN, DAZN, and OSN among its members, AAPA also plays home to major sports companies including the Premier League, Serie A, LaLiga and DFL. Not to mention powerful anti-piracy technology companies such as Irdeto, Nagra, and Viaccess-Orca.

With a key interest in preventing streaming piracy, much of it consisting of live events, AAPA members have played a crucial role in many recent pirate IPTV investigations but in common with other organizations with similar goals, the group would like additional tools to make its job easier and more effective.

Rapid Growth in Streaming Piracy Demands a Strong Response

According to AAPA, its members are concerned by the rapid growth and availability of unlicensed content online and as a result, are seeking assistance from the European Union.

One of the group’s first targets is Europe’s planned Digital Services Act (DSA), which rightsholders hope will include strict “know your customer” rules compelling hosting companies, domain registrars, and advertisers, to more closely vet their prospective clients. But for the AAPA, this is only the beginning.

No Additional Liability Exceptions, ‘Duty of Care’

Given the nature of its members, AAPA majors on the need to introduce measures to mitigate the growth of pirate IPV operations which, according to the group, represent a “low risk, high return” business model that is being exploited during the coronavirus pandemic as people tend to stay at home.

As the availability of illicit content availability soars, AAPA says there has been a lack of quality and response rate from online intermediaries to takedown notices. As a result, the European Commission’s intention to lay down “more stringent” rules is encouraging but “in no event” should that lead to new or broader liability privileges, exemptions, or protection regimes already provided for by existing law.

In respect of the DSA, the AAPA is seeking better tools to deal with piracy of live content, which it says is underserved by the current framework. The AAPA says that most of its members’ content is finger-printed and/or watermarked so it is possible to swiftly identify it. That means it may be treated differently, outside current limits.

“A proper ‘duty of care’ should apply to the so-called ‘passive platforms’, without putting into question current exemptions applicable to online intermediaries in the e-commerce Directive, it adds.

Takedown/Staydown, Rapid Live TV Piracy Blocking

In addition to the Know Your Customer proposals, AAPA is seeking the adoption of harmonized “notice and action” procedures, including broader criteria to justify takedown requests, the ability to send multiple links for removal in one notice to avoid delays in processing, and an obligation among platforms and providers to supply clear contact information where requests can be sent.

AAPA is also seeking new powers when dealing with live content, which represents a large proportion of its members’ repertoires. The group says there should be an obligation to implement a system for expeditious removal of live pirated content, which should be removed immediately or in any event, no longer than 30 minutes after a complaint.

Disputes over whether content should be taken down “should not result in the removal of illegal or potentially illegal content being delayed”, the group adds.

In common with other rightsholders that are required to issue repeat takedown notices for what is essentially the same content, AAPA is calling for a takedown/staydown regime, meaning that once content has been removed following an official notice, it should not subsequently reappear on the same platform.

Dealing With Repeat Infringers

Taking a lead from the United States, AAPA is seeking measures from the EU designed to prevent people from repeatedly infringing copyrighted content. The group is therefore calling for service providers to have clear and published anti-policies that contain deterrent measures for dealing with repeat infringers, including by restricting and/or blocking access to users who have been reported for uploading and even downloading illegal content.

Incorporating an additional element of ‘know your customer’, AAPA asks the EU to require that online platforms and services implement “layers of verification” to user accounts (one suggestion is ‘user-fingerprinting’ technology, to prevent pirate services from creating multiple accounts to evade suspensions and blocking.

Measures to Tackle ‘Off-Platform’ Infringement

According to AAPA, there are problems with platforms like YouTube and Facebook that go beyond pirated content stored on their platforms. In addition, these services also contain material, such as tutorial videos or comment sections, that direct users to off-site resources that allow for the consumption of unlicensed content. In these cases the Copyright Directive doesn’t apply, AAPA warns, so additional action is required.

“Measures should be taken at EU level to increase liability and duty of care of online content sharing platforms in this respect, regardless of whether such online content sharing platforms are considered as active or passive hosting service providers.”

Broader, More Flexible Injunctions Valid at the EU Level

Blocking injunctions that require ISPs to restrict access to named pirate sites and more recently servers involved in the supply of pirate IPTV services have been gaining traction around Europe. However, the AAPA believes that these could be more effective if, in the future, they are not only valid across borders but also have the ability to be issued repertoire-wide.

The suggestion appears to be based on the theory that an injunction obtained in one country of the EU should then be enforceable across all 27 countries, with the applicants’ entire catalog of content protected as a result.

“[A] central repository/database could be set up for site blocking injunctions issued by member states at the EUIPO. The latter could verify the details of the injunctions and provide translations into all official EU languages. This site-blocking record could then be used as a reference by rightsholders to have ISPs implement the blocking in their local territories,” the AAPA writes.

Auditing of Online Platform/Services’ Anti-Piracy Tools

Finally, while platforms such as YouTube and Facebook have implemented their own anti-piracy systems (such as Content ID), the AAPA’s members don’t appear to be 100% convinced they can be trusted or operated without bias. As a result, the group is demanding audits to weed out any potential issues.

“[C]ontent recognition tools deployed by online platforms to detect illegally uploaded copyright content should be made transparent to an independent authority (at national or European level) and regularly audited to make sure they do not include pro-piracy bias and that they cover the full spectrum of uploaded content with the same conditions,” the AAPA concludes.

From: TF, for the latest news on copyright battles, piracy and more.


YouTube “Failed to Provide Evidence” in Copyright Class Action Counterclaim

During the summer, Grammy award-winning musician Maria Schneider and Virgin Islands-based Pirate Monitor Ltd teamed up to file a class-action lawsuit targeting YouTube.

The complaint centered on allegations that YouTube’s copyright infringement mechanisms are deficient, claiming that the company refuses to grant “ordinary creators” access to its sophisticated copyright management tools known as Content ID.

During September, YouTube fought back stating that it already goes above and beyond its obligations under the law when dealing with infringing content. The sting in the tail came in the form of additional claims, from YouTube and its owner Google, that Pirate Monitor could not be trusted to use Content ID.

According to YouTube, Pirate Monitor deployed “authorized agents” to create bogus YouTube accounts that uploaded hundreds of videos which it later took down using copyright complaints. The alleged goal was to create the impression of mass infringement in support of the class action.

Pirate Monitor Fights Back

In a motion to dismiss YouTube and Google’s counterclaims, filed on Friday, Pirate Monitor states that YouTube provided no evidence to back up the general claims that the uploaders of the videos in question had anything to do with Pirate Monitor.

“The counterclaims contain no factual allegations indicating whether the unidentified individuals were, for example, employees, officers, agents, or independent contractors of Pirate Monitor, or the scope of their authority to purportedly act on Pirate Monitor’s behalf,” the motion reads.

“As a result, the Court should disregard Defendants’ conclusory allegation that the unidentified individuals were ‘authorized agents’ of Pirate Monitor as well as their improper references to the unidentified individuals as ‘Pirate Monitor’.”

Based on the allegation that the uploaders were “authorized agents” of Pirate Monitor, YouTube previously said that declarations made to the company at the point of upload (that the content was not infringing) amounted to fraud since they breached YouTube’s Terms of Service.

Pirate Monitor believes that such serious claims need to be backed up by hard evidence.

“A claim of fraud must satisfy the heightened pleading requirements of Rule 9(b) of the Federal Rules of Civil Procedure, and will be dismissed unless it ‘specif[ies] such facts as the times, dates, places, benefits received, and other details of the alleged fraudulent activity’,” the company writes, adding that information relating to “who, what, when, where and how” must be provided to the court.

“Because Defendants fail to offer any well-pleaded facts plausibly showing that the unidentified individuals are agents of Pirate Monitor; and were acting in the course of and within the scope of that agency relationship when they engaged in the conduct alleged in Defendants’ three counterclaims, those counterclaims fail as a matter of law and should be dismissed,” Pirate Monitor adds.

Counterclaims For Fraud & DMCA Abuse Should be Dismissed

Pirate Monitor takes a similar position on YouTube’s claims that the DMCA notices that took down allegedly-infringing content were also submitted fraudulently. At no point does Pirate Monitor deny that YouTube’s claims are untrue but simply states that platform has failed to meet the standards required for such claims to be considered.

Noting that “justifiable reliance” is a necessary part of any fraud claim under California law, Pirate Monitor insists that supporting facts must be sufficiently specific. The absence of such information in its pleadings is “fatal” to YouTube’s counterclaim, Pirate Monitor adds, noting that the video platform has not “alleged any facts showing they were justified in relying on the representations of individuals they cannot identify to this
day, let alone the particularized facts necessary to avoid dismissal..”

YouTube’s Demands For an Injunction Should Be Dismissed

In its counterclaim, YouTube demanded damages to compensate for Pirate Monitor’s actions and also requested a punitive damages award to compensate for the company’s “fraudulent conduct”.

The video platform further sought an injunction to prevent Pirate Monitor and its agents from submitting any additional DMCA notices with YouTube that wrongfully claim that content on the YouTube service infringes copyrights held by Pirate Monitor or anyone it claims to represent.

According to Pirate Monitor, these requests should all be dismissed as YouTube lacks Article III standing.

Again, this centers around YouTube’s failure to provide evidence, with Pirate Monitor pointing out that the request for injunctive relief is based on past wrongs, including the allegedly-fraudulent DMCA takedown notices for which YouTube has failed to support with “even a single fact showing a real and immediate threat that Pirate Monitor will
commit those alleged wrongs in the future.”

Given that it seems unlikely that YouTube simply pulled the serious allegations in its counterclaims out of thin air, at some point the supporting evidence against Pirate Monitor and/or its “agents” will probably be revealed at some point and could even prove pivotal to the case.

Schneider/Pirate Monitor’s Motion to Dismiss Counterclaims can be found here (pdf)

From: TF, for the latest news on copyright battles, piracy and more.