Enlarge (credit: Aurich Lawson | Getty Images)

“Women, life, freedom” became the protest chant of a revolution still raging in Iran months after a 22-year-old Kurdish woman, Mahsa Amini, died while in custody of morality police. Amini was arrested last September for “improperly” wearing a hijab and violating the Islamic Republic's mandatory dress code laws. Since then, her name has become a viral hashtag invoked by millions of online activists protesting authoritarian regimes around the globe.

In response to Iran's ongoing protests—mostly led by women and young people—Iranian authorities have increasingly restricted Internet access. First, they temporarily blocked popular app stores and indefinitely blocked social media apps like WhatsApp and Instagram. They then implemented sporadic mobile shutdowns wherever protests flared up. Perhaps most extreme, authorities responded to protests in southeast Iran in February by blocking the Internet outright, Al Arabiya reported . Digital and human rights experts say motivations include controlling information, keeping protestors offline, and forcing protestors to use state services where their online activities can be more easily tracked—and sometimes trigger arrests.

As getting online has become increasingly challenging for everyone in Iran—not just protestors—millions have learned to rely on virtual private networks (VPNs) to hide Internet activity, circumvent blocks, and access accurate information beyond state propaganda. Simply put, VPNs work by masking a user's IP address so that governments have a much more difficult time monitoring activity or detecting a user's location. They do this by routing the user's data to the VPN provider's remote servers, making it much harder for an ISP (or a government) to correlate the Internet activity of the VPN provider's servers with the individual users actually engaging in that activity.

Abonnez-vous à notre chaîne YouTube pour ne manquer aucune vidéo !

L'article Le VPN de Mozilla devrait bientôt sortir en France est apparu en premier sur Numerama .

Voitures, vélos, scooters... : la mobilité de demain se lit sur Vroom ! https://www.numerama.com/vroom/vroom//

L'article VPN : quels sont les principaux critères à prendre en compte lorsque l’on prend un abonnement ? est apparu en premier sur Numerama .

Voitures, vélos, scooters... : la mobilité de demain se lit sur Vroom ! https://www.numerama.com/vroom/vroom//

L'article Le VPN Surfshark lance son Cyber Monday avec une offre à moins de 2 euros par mois est apparu en premier sur Numerama .

Millions of Internet users around the world use a VPN to protect their privacy online.

Another key benefit is that VPNs hide users’ true IP-address, making them more anonymous . This prevents third-party monitoring outfits from carrying out unwanted snooping.

This is one of the reasons why many torrent users have a VPN installed. Instead of displaying their own IP-address in torrent swarms, the VPN IP-address will show up. And when the provider doesn’t keep any logs, that address can’t be traced back to a single user.

Lawsuit Targets Pirating VPN Users

Such a setup seems secure, but it hasn’t prevented the makers of the action movie ‘Angel Has Fallen’ from suing several anonymous VPN users. In a recent lawsuit filed at a federal court in Colorado, the company lists fourteen alleged pirates that used an IP-address of the VPN service Private Internet Access, also known as PIA .

“Upon information and belief, Defendants DOES 3-5, 7-10 and 12-17 registered for paid accounts for Virtual Private Network (‘VPN’) service with the Colorado Internet Service Provider Private Internet Access,” the complaint reads.

The lawsuit in question lists the defendants as Does, which means that their true identities are unknown. However, attorney Kerry Culpepper, who represents Fallen Productions in this matter, hopes to find out more through third-party subpoenas.

Info From YTS User Database

The case relies in part on information from the YTS user database that was shared by the operator of the site earlier this year, as part of a settlement. This includes download details of several users, as well as their IP-addresses and email addresses.

The attorney has requested subpoenas to compel email providers, Internet providers, and Private Internet Access for more personal information. In the past, we have seen that Microsoft and ISPs such as Comcast will hand over what they have, but with a VPN this isn’t as straightforward.

PIA’s Confirmed No-Log Policy

PIA has a so-called ‘no logs’ policy which means that it can’t link a VPN IP-address and a timestamp to a unique user. This policy has been repeatedly tested and confirmed in courts.

Culpepper informs TorrentFreak that he will request a subpoena regardless. He argues that the use of a VPN shows that people were aware of their illegal activity.

“It is relevant because it shows they tried to hide their activities. It shows consciousness of the illegal activities,” Culpepper says, while pointing out an article where PIA warned YTS users that they were at risk.

PIA’s Jurisdiction Angle

In addition, by signing the terms of service, PIA users also subject themselves to the jurisdiction of Courts in Colorado. This is relevant in this case because not all defendants are from the western U.S. state.

“Most importantly, if they signed up for an account with PIA they agreed to jurisdiction in Colorado no matter where they are. Most of the PIA users were not in Colorado,” Culpepper notes.

All defendants are accused of downloading a torrent titled “Angel Has Fallen (2019) [BluRay] [720p] [YTS.LT],” as well as other copyright-infringing content that isn’t specified.

Defendants Still at Risk

According to the complaint all defendants have received at least one DMCA notice. Fifteen of them were also contacted repeatedly on their known email address with cease and desist notices and settlement offers, but these were ignored.

With this lawsuit Fallen Productions hopes to uncover the identities of the people behind these IP- and email addresses.

TorrentFreak contacted PIA for a comment on the lawsuit. The company said that it hasn’t received a subpoena yet and reiterated that it can’t identify individual users.

“Private Internet Access has not received a subpoena in regards to this case. Even if we do, our response will be the same as always: PIA does not log VPN user activity,” a PIA spokesperson informed us.

That was also confirmed in more detail earlier this year in our annual VPN overview.

“There are no logs kept for any person or entity to match an IP address and a timestamp to a current or former user of our service,” PIA said at the time .

That said, defendants are still at risk, as their email addresses are known as well. That doesn’t prove anything, as YTS allowed members to sign up with a fake email, but it could lead to people being identified eventually, without PIA’s involvement.

If anything, this case shows that using a VPN only offers limited anonymity. When people use a VPN irregularly and leave other information behind, such as email addresses, they may eventually be exposed anyway.

—

A copy of Fallen Production’s complaint, filed as the US District Court in Colorado, is available here (pdf)

From: TF , for the latest news on copyright battles, piracy and more.

Blocking of regular piracy websites has been a feature of anti-piracy enforcement in Europe for almost 15 years.

The way these blocks are achieved is broadly similar, with entertainment industry companies filing “no-fault” injunctions against Internet service providers who stand before the courts accused of facilitating the copyright-infringing activities of their subscribers.

Once this infringement has been identified and the ISPs put on notice by the courts, they are required to block access to the sites in question, using basic DNS techniques or in the UK, for example, more sophisticated methods that require a VPN or similar tool to tunnel through.

IPTV Blocking – A More Sophisticated Beast

In recent years, live sports groups such as the Premier League and UEFA have obtained similar injunctions that are more complex. These ‘dynamic’ blocking efforts require intricate work by the organizations’ anti-piracy partners, who identify the IP addresses of specific ‘pirate’ servers, including those that can be changed at short notice, in order for ISPs to block them at match times.

While unpopular, there is nothing particularly surprising about these efforts. Content companies have obtained the necessary legal permissions and have a right to protect their businesses. And for the ISPs, it should be a simple case of them ‘firewalling’ the IP addresses in question so that subscribers cannot access them directly to watch live matches. However, it seems pretty clear that something else is going on too.

ISPs’ Vested Interest in Stopping Pirates

Now that they are both broadcasters and ISPs, companies including Sky have a vested interest in stopping piracy. This means that while blocking injunctions against ISPs used to be fiercely contested, that’s no longer the case. In fact, in a recent blocking case brought by UEFA in Ireland , it was revealed in court documents that Sky actually supported the action, despite being a defendant.

While that’s the company’s prerogative, something more worrying was mentioned in the same case. It appears that in this matter, Sky or others acting on its behalf, have been monitoring the traffic of Sky subscribers who accessed the servers of pirate IPTV providers.

Perhaps Not the ‘Dumb Pipe’ ISPs Are Usually Portrayed As

In the order obtained by UEFA in the High Court of Ireland in September, comments made by Justice David Barniville revealed that the activities of Sky subscribers were used to support the application by UEFA to have pirate services blocked.

“I am satisfied that the [blocking] Order is necessary for the purpose of protecting the Plaintiff’s copyright against infringement. I note from the evidence, and accept, that there has been a significant shift away from the use of websites in more recent years in favor of devices and apps, in particular, set top boxes that can be watched on televisions in people’s living rooms,” Justice Barniville wrote.

“The affidavit of Jiajun Chen provides a confidential traffic analysis which evidences the use of the Sky network by Irish viewers to watch online illegal UEFA content.”

That the traffic analysis itself is “confidential” feels just a little ironic, given that it apparently reports on communications that should have been confidential too.

In this case, Mr. Chen appears to have obtained access to at least part of the Internet habits of some Sky subscribers. Any requests made from customers’ connections usually go straight from their devices via the ISP to the ‘pirate’ servers in question, meaning that only Sky should be in the middle. Reading between the lines, Sky appears to have monitored, logged, and made available information related to these communications to support the application of the plaintiff.

Worryingly, this monitoring of customers’ traffic has been going on for some time , since it was briefly covered in previous blocking injunctions obtained by the Premier League. Precisely what information is being held is unclear but if it relates to attempts to access ‘infringing servers’, any and all data (if only metadata) is available to ISPs.

No Expectation of Communications Privacy?

Putting aside the issue of copyright infringement for a moment, this type of monitoring behavior is unlikely to sit well with the customers of ISPs who either demand or at least expect privacy. Neither does it sit well with Ed Geraghty , a Senior Technologist at UK-based charity Privacy International.

“Censorship and monitoring of the Internet, generally, leads to chilling effects and violates our human right against arbitrary interference to our privacy, home, and correspondence. This is just another example that despite cries to the contrary from industries and governments alike, the Internet is a heavily surveilled and highly regulated space, where tracking is rampant,” Geraghty informs TorrentFreak.

“In recent years there have been great strides in the roll out of end-to-end encryption and the safety and privacy it can offer the content of our communications whilst in transit, but fundamentally there’s still – necessarily – huge amounts of metadata attached to our every interaction online.”

What Can Be Done to Prevent ISP Monitoring?

While some will argue that privacy shouldn’t apply when subscribers are reportedly breaking the law, the big question relates to the slippery slope. If subscribers’ activities are apparently being monitored for one type of traffic today, how long before other types of traffic are considered fair game too? Preventing this, privacy experts insist, is not just possible but also necessary to prevent Internet surveillance from getting out of hand.

“Depending on which point the ISPs are monitoring, there are various ways you can attempt to obscure your traffic – for instance, using third-party DNS over HTTPS, or a VPN – but be aware that this is merely shifting who can see your traffic away from your ISP to someone else,” Geraghty adds.

Given their simplicity and wide availability, the use of VPNs to prevent monitoring is a natural choice and something that has been gaining traction in recent times. David Wibergh from OVPN says he believes that Sky is proposing the “black holing” of IP addresses instead of blocking DNS queries, which is problematic in itself.

“As IP addresses are typically in temporary use and could be used by several sites simultaneously, it can lead to unexpected and obtrusive blocking of content that has nothing to do with piracy,” Wibergh says.

“By using a VPN provider you remove the internet providers’ capabilities of performing blocking, surveillance and traffic analysis, as the only traffic originating from you is towards the VPN provider’s server. It’s crucial to choose a VPN provider that is trustworthy as VPN providers are able to perform the same form of traffic shaping as the ISP. But even if there is a risk that VPN providers log; it’s a guarantee that your ISP logs. ”

Daniel Markuson, Digital Privacy Expert at NordVPN , says that perceived privacy intrusions like these will only will lead to more uptake.

“Blocks of services and the subsequent discoveries of traffic monitoring and trade will lead to an increased demand for VPNs,” Markuson says.

“Whenever a government announces an increase in surveillance, internet restrictions, or other types of constraints, people turn to privacy tools. We saw similar spikes in different regions: for example, when the US repealed net neutrality, or the UK passed the law dubbed ‘ The Snoopers’ Charter ‘.”

Finally, a simple, obvious, but nevertheless important comment from Harold Li, Vice President of ExpressVPN , that applies to all Internet users concerned about the privacy of their communications.

“The onus is still on consumers to take action and protect themselves,” he concludes.

From: TF , for the latest news on copyright battles, piracy and more.

Enlarge / Multitudes are working from home. This changes how business' networks work. (credit: zf L / Getty Images)

We're 10 months into 2020, and businesses are still making adjustments to the new realities of large-scale telework (which, if you're not in the IT biz, is just a fancy term for "working from not in the office"). In the Before Times, telework was an interesting idea that tech companies were just starting to seriously flirt with as a normal way of doing business—whereas now, most businesses large or small have a hefty fraction of their workforce staying home to work.

Unfortunately, making such a sweeping change to office workflow doesn't just disrupt policies and expectations—it requires important changes to the technical infrastructure as well. Six months ago, we talked about the changes the people who work from home frequently need to make to accommodate telework; today, we're going to look at the ongoing changes the businesses themselves need to make.

We’re going to need a bigger boat pipe

• 

  This small business was hurting very badly on the afternoon shown—it's blowing through its 20Mbps upload pipe nearly nonstop for a half-hour straight during the peak of the workday. [credit: Jim Salter ]

The most obvious problem that businesses have faced—and are continuing to face—with a greatly multiplied number of remote workers is the size of the company's Internet connection. If you need a quarter—or half, or three quarters—of your workforce to remote in to work every day, you need enough bandwidth to accommodate them.

Read 27 remaining paragraphs | Comments

Internet provider Charter Communications is one of several companies being sued for turning a blind eye to pirating subscribers .

These lawsuits, filed by dozens of major record labels and music companies, allege that Internet providers fail to terminate accounts of repeat infringers.

Discovery Disputes

With a potential billion-dollar damages claim the case is being fought tooth and nail by both sides. It’s currently in the discovery process where both parties request relevant documents and information from the other side to make their case.

This often results in disputes where one party asks for more than the other is willing to provide. This is also the case here. In order to resolve these disagreements, the court was asked to chime in, which happened last week.

Music Companies are Interested in VPN Use

One of the contested issues is a request from the music companies for detailed information about the VPN use of Charter subscribers. Specifically, if and how often subscribers used a VPN to conceal their piracy activities.

The music companies want to know more about this so they can determine “the extent to which “Charter was aware of its subscribers’ use of VPNs to avoid detection, and whether it took any steps to investigate repeat infringers that accounted for these obfuscating tactics.”

Charter Objects

This is a broad question which Charter immediately objected to. According to the ISP, answering it would require the company to review all documents associated with any subscriber. Instead, it would like to limit it to the customers who have been accused of copyright infringement.

The court agrees with the ISP. In an order issued by a Colorado district court last week, special master Regina Rodriguez fails to see the importance of the requested data.

“On the record before me, I find subscriber use of VPNs to be of only marginal relevance to the claims at issue here.”

Hypothetical Smoking Gun?

The music companies hoped to find a smoking gun. They argued that there may be a document somewhere showing that Charter knows its subscribers often use VPNs to avoid being caught pirating, and that Charter did nothing about it.

This lack of action would then be a sign that the ISP’s repeat infringer policy isn’t working. Or as they put it to the court:

“If, for example, Charter created a report describing generally how its subscribers use VPNs to avoid detection for infringement, but it nevertheless did not try to curb improper use of VPNs, that would be highly probative evidence related to whether Charter reasonably implemented a repeat infringer policy,” they argued.

The court agrees that this information could, hypothetically, lead to useful info, but it finds that possibility is outweighed by the trouble Charter has to go through.

“While a document such as the hypothetical one Plaintiffs propose may be of some possible relevance to Plaintiffs’ claims, it appears that such relevance is attenuated and speculative such that it does not overcome the burden identified by Charter of ‘searching every communication’,” special master Regina M. Rodriguez writes.

Charter Will Share Some VPN Info

This doesn’t mean that Charter won’t share any VPN-related information at all. When VPNs are mentioned in communications regarding subscribers who were accused of copyright infringement, the ISP will share it.

In addition, Charter agreed to produce work log notes and internal correspondence, which will also include all VPN references. This is sufficient, the court’s special master concludes, denying the request for any further information on VPNs.

How Useful Are VPN Details?

What’s perhaps most intriguing about this discovery dispute is the fact that the music companies plan to use VPN usage as evidence. Thus far, this angle has never been brought up in any related cases.

We also wonder how useful this information can be. If Charter is indeed aware that some of its users use VPNs to conceal pirating activity, how can it respond to this?

An ISP can’t see if a VPN is being used for illegal purposes, so without an explicit admission from a subscriber, Charter can’t take any action. Simply banning all VPN users would be a bit much, as VPNs have numerous legal uses as well.

—

A copy of the discovery dispute order from special master Regina Rodriguez is available here (pdf) .

From: TF , for the latest news on copyright battles, piracy and more.

TuneIn is one of the most prominent providers of radio content in the world.

Available for free or on a premium basis, its site and associated app provide access to more than 100,000 stations and podcasts. Unless you happen to live in the UK, which is now dramatically underserved by the company.

Sued by Labels in the UK For Mass Copyright Infringement

In 2017, Sony Music Entertainment and Warner Music Group sued the US-based radio index in the High Court of England and Wales, alleging that the provision of links to stations unlicensed in the UK represented a breach of copyright.

One of the most interesting aspects of the case is that TuneIn is marketed as an “audio guide service”, which means that it indexes stations that are already freely available on the web and curates them so that listeners can more easily find them.

When stations are more easily found, more people listen to them, which means that TuneIn arguably boosts the market overall. Nevertheless, the labels claimed this was illegal and detrimental to the music industry in the UK on licensing grounds.

Decision by the High Court Handed Down in 2019

In November 2019, the High Court sided with the labels, ruling that unlike Google – which TuneIn had attempted to compare itself to – TuneIn did “much more than that”, in part due to its curation and search features in respect of those stations.

“I find therefore that the activity of TuneIn does amount to an act of communication of the relevant works; and also that that act of communication is to a ‘public’, in the sense of being to an indeterminate and fairly large number of persons,” Judge Birss wrote in his decision.

When TuneIn supplied UK users with links to radio stations that were not licensed for the UK or were not licensed at all, the Judge said the company infringed the labels’ rights . On the other hand, he also determined that when TuneIn supplied UK users with links to radio stations that are already licensed in the UK, the company did not infringe Sony or Warner’s copyrights.

TuneIn sought to paint this latter point as a victory but that still meant that it had breached copyright on a large scale as the majority of stations indexed by TuneIn and supplied to the UK market did not fit into this scenario.

Appeal and Subsequent Geo-Blocking of the UK

In December 2019 it was revealed that the High Court had granted permission for both sides to appeal. Pending an outcome in that matter, TuneIn’s service in the UK apparently remained unchanged but during the past few days, users of the service reported a major shift in the type and amount of content being provided to UK users.

In response to the apparent decimation of its offering, TuneIn took to Twitter to address the complaints.

“Due to a court ruling in the United Kingdom, we will be restricting international stations to prohibit their availability in the UK, with limited exceptions. We apologize for the inconvenience,” the company wrote.

TorrentFreak contacted TuneIn to ask why this action had been taken now and to receive an indication of precisely how many channels had been blocked and their nature. However, at the time of publishing the company had failed to offer a response, leaving customers – some of whom pay for a premium service – to simply guess where their favorite stations had gone and when (or even if) they would ever return.

With TuneIn staying completely silent on the important details, it’s impossible to know whether the company will obtain appropriate licensing to reinstate the lost channels in the future. In the meantime, listeners now have access to a fraction of the channels previously available on the TuneIn site and app.

Geo-Blocking Measures Easily Circumvented

As pointed out by a reader last evening, in common with many services that restrict output in various regions, TuneIn’s blocking efforts are not comprehensive and can be easily circumvented by listeners in the UK.

It transpires that with the use of a decent VPN , one that’s able to switch the user’s virtual location out of the UK and to some other country, the blocked channels/stations are restored to their former glory and accessible in exactly the same way as before. The precise blocking method being used by TuneIn isn’t clear but it’s nowhere as stringent as that deployed by Netflix, for example.

An aspect of TuneIn’s blocking that shouldn’t be overlooked is a ‘feature’ of the service itself. TuneIn is a catalog of streams that are already freely available on the Internet. This means that TuneIn acts only as a middleman, indexing stations and making them searchable. While this function is extremely convenient for users, those locked out by TuneIn may only have to do a little research to regain access to their favorite stations.

A Little Manual Work

Since the company appears to be keeping quiet on the precise details for the moment, it’s hard to conclude whether TuneIn went through its entire station list with a fine toothcomb so that only unlicensed channels were blocked, or whether it erred on the side of caution and blocked everything that it couldn’t be sure of.

Presuming the latter is the case (licensing can be difficult to determine), it’s likely that there will be some element of over-blocking and that some channels that shouldn’t have been blocked will now be inaccessible in the UK via TuneIn. This is a particular irritant to listeners of stations that carry no content owned by the labels that brought the lawsuit.

In these cases, interested users can bypass TuneIn altogether by visiting the website associated with the station they were listening to, which tend to have their own embedded audio players. However, if visiting multiple sites is inconvenient, some stations publish a URL that can be opened in software such as VLC or other radio apps such as XiaaLive , which also has its own searchable station catalog.

Some radio station homepages do not clearly publish their stream URLs but by right-clicking the related audio player in Chrome, for example, it’s possible to view the page’s source code which usually contains the URL of the stream when searching for the term ‘http’ or ‘https’.

Experienced users will spot the correct URL quickly but for the less tech-savvy, trial and error or dedicated tools will help. Once a list of URLs is obtained, these can be saved in a VLC playlist, for example, completely negating the need for the TuneIn software.

Blocking the Messenger Not the Message

While TuneIn may have been largely knee-capped in the UK in terms of international stations, the High Court action has done absolutely nothing to prevent the blocked radio stations from transmitting on the Internet. None of them have anything to do with TuneIn itself as they are operated by third-parties.

What the action has achieved, therefore, is to selectively tear up TuneIn’s UK ‘phonebook’. What it hasn’t done is tear up every phonebook available, nor has it taken down a single station indexed by TuneIn, which remain fully operational via their own websites and URLs. It’s a little harder to find them now but hardly a massive undertaking.

From: TF , for the latest news on copyright battles, piracy and more.