In recent years, YTS.mx has become one of the most-used torrent sites, serving millions of visitors every day.

The site can be used without registering an account. However, those who sign up get some extra features, such as an option to bookmark titles. These added benefits can be handy but we learned that having an account also comes with risks.

Movie Companies Target YTS Users

In recent months, a group of movie companies filed several lawsuits against alleged YTS users . In several of these cases, they relied on information that came directly from the YTS user database , including email addresses and download histories.

The information was shared by the YTS operator as part of a confidential settlement agreement. This revelation came as a shock to the affected users and was harshly criticized by other torrent sites, several of which decided to ban YTS torrents .

Pirate Release Warns Downloaders

Today, we can add another episode to this unfolding drama after a torrent for the documentary “ Rise of the Trolls ” appeared online with the addition of a rather unusual message. Roughly three minutes into the video, the following warning appears.

“If you have downloaded this from either YTS or Extratorrent you can expect problems with the authorities. They cooperate with the film industry, more information can be found on Torrentfreak,” it reads.

The shorturl suggests that the link might point to more information but when we tried to access it this morning it redirected to the shorturl homepage. However, we assume that it’s supposed to provide more detail on the YTS database sharing issue.

The torrent, shared by SimplyTheBOSS, was uploaded to various torrent sites and copied by even more. This includes the popular ‘ExtraTorrent’ site extratorrents.it, that was formerly operating as Extratorrent.ag.

This, understandably, raised questions among the site’s users as the comment below illustrates.

TorrentFreak wasn’t in any way involved or consulted on the matter and the warning itself deserves some nuance.

Nuance Required

ExtraTorrent has frequently been linked to YTS and some believe that it is operated by the same ‘group’ of people. However, we’re not aware of any ExtraTorrent database info that was shared with film companies. Such information hasn’t been brought up in lawsuits either.

Also, the warning in the video references problems with the authorities. This is not necessarily the case as the YTS-related lawsuits are all civil cases between film companies and the alleged pirates. There is no law enforcement agency involved, yet.

The warning is correct by stating that YTS cooperated with film companies but whether they still share database information is unknown. We previously learned that it was a one-time arrangement, but details about the ‘deal’ were never officially made public.

That said, many people have lost trust in the site, no matter what happens in the future, and this warning notice underlines that.

The Troll Threat

To find out more, TorrentFreak reached out to the uploader of one of the torrents but he or she preferred not to comment publicly on the matter. The same warning may also appear in other releases, but we have only seen it in the “Ride of the Trolls” torrent so far.

The makers of the documentary have nothing to do with the lawsuits but their title was likely chosen for a reason. The film companies that go after individual pirates are often referred to as “copyright trolls,” after all. Also, the documentary discusses topics such as online anonymity and freedom on the internet.

Finally, it is worth noting that anyone who downloads content via BitTorrent can potentially be tracked, no matter what site they use. Without a VPN, one’s public IP-address is visible to anyone, including copyright holders.

The YTS database information gave filmmakers extra evidence though. They used this in various lawsuits but also sent settlement offers to YTS users directly , using the listed email address.

From: TF , for the latest news on copyright battles, piracy and more.

Last month, the RIAA pulled the popular open source tool youtube-mp3 from GitHub.

The music group sent a takedown notice arguing that the software violated section 1201 of the DMCA, which prevents people from bypassing technical protection measures.

This enforcement action wasn’t well-received by the developer community . This included GitHub CEO Nat Friedman, who was ‘annoyed’ and personally offered his help to get the repository reinstated. This wasn’t a false promise, as youtube-dl returned today.

GitHub Reinstates Youtube-dl

“We are taking a stand for developers and have reinstated the youtube-dl repo. Section 1201 of the DMCA is broken and needs to be fixed. Developers should have the freedom to tinker. That’s how you get great tools like youtube-dl,” Friedman says .

GitHub has reinstated the repository after some changes were made. These changes include referrals to copyrighted music, which RIAA pointed out in its claim. However, the software still allows people to download files, including music tracks, from YouTube.

After a careful look at the “circumvention” allegations, GitHub now concludes that they are not valid. The company explains that it “received additional information” that allowed it “to reverse” the takedown.

No DMCA Anti-Circumvention Violations

“[O]ur reinstatement, based on new information that showed the project was not circumventing a technical protection measure (TPM), was inline with our values of putting developers first,” GitHub notes.

This new information comes from the Electronic Frontier Foundation (EFF), which responded to the RIAA’s takedown request on behalf of the youtube-dl developers. The EFF’s letter explains in detail how the software works and stresses that there is no advanced decryption involved, as we highlighted earlier .

“Youtube-dl stands in place of a Web browser and performs a similar function with respect to user-uploaded videos. Importantly, youtube-dl does not decrypt video streams that are encrypted with commercial DRM technologies, such as Widevine, that are used by subscription video sites, such as Netflix,” the letter reads.

The letter helped to convince GitHub that it wrongly granted the takedown request. And since other copyright issues pointed out by the RIAA were addressed as well, the company decided to reinstate the repository.

Developers First

In addition, the revolt from the developer community was a clear reminder that developers should come first. As such, GitHub also announced that it will overhaul the way it handles DMCA section 1201 claims. One key change is that content won’t always be removed right away.

This change doesn’t apply to regular DMCA takedown notices but to ‘circumvention’ claims specifically. From now on, these will all be manually reviewed and scrutinized by experts.

“When we see it is possible to modify a project to remove allegedly infringing content, we give the owners a chance to fix problems before we take content down. If not, they can always respond to the notification disabling the repository and offer to make changes, or file a counter notice,” GitHub explains.

$1M in Defense Fund

The developer platform will aid developers financially as well. The company announced that it will put $1 million into a defense fund to help open source developers on GitHub protect themselves from overbroad or unwarranted DMCA Section 1201 takedown requests.

In addition, it will also get more involved in the political side of things. Every three years the US Copyright Office reviews its DMCA anti-circumvention exceptions and GitHub will have its voice heard there as well.

“We are also advocating specifically on the anti-circumvention provisions of the DMCA to promote developers’ freedom to build socially beneficial tools like youtube-dl,” the company notes.

All in all, it’s safe to say that the RIAA’s takedown attempt has completely backfired. We previously reached out to the music group for comment on related youtube-dl issues, but this request remains unanswered.

The RIAA continues to issue similar DMCA circumvention requests to other companies, including Google. These argue that YouTube rippers violate the DMCA as they bypass YouTube’s “rolling cipher.” At GitHub, those won’t work anymore.

Youtube-dl Devs Are Happy

Sergey, one of the youtube-dl developers, tells us that he is happy with all the support they have received from the EFF, GitHub, as well as the public at large.

“EFF’s help was invaluable. We’d like to thank EFF and Mitch Stoltz personally for their incredible support and dedication. We’d also like to thank GitHub for standing up for youtube-dl and taking potential legal risks by allowing youtube-dl to keep the rolling cipher code,” he says.

“We’re also grateful to all the tremendous amount of support and offers received lately (we physically were not able to respond to everyone) and all youtube-dl users,” Sergey adds.

From: TF , for the latest news on copyright battles, piracy and more.

Every year copyright holder groups get the chance to share their list of “notorious” piracy actors to the US Trade Representative .

These recommendations serve as the basis for USTR’s annual report, which is a diplomatic tool to pressure companies and countries to take action.

In recent years this list has slowly expanded to include not only pirate sites and counterfeit markets, but also third-party intermediaries.

Focus on Intermediaries

The USTR follows this trend and has made online intermediaries a ‘focus issue’ this year. This was illustrated earlier this week when the RIAA and MPA ‘nominated’ several hosting services, domain registries, and advertisers.

These two groups are not alone as many other rightsholders have chimed in as well. This includes Spain’s top football league ‘ La Liga ‘ which submitted several recommendations that, for the public at large, are not typically associated with piracy.

“Our biggest concern consists of the illegal streaming of live sports competitions by people or companies that are not authorized to do so,” La Liga writes.

IPTV and Streaming Threats

The organization starts by highlighting several illegal IPTV services such as Megaplay, Seko IPTV, VolkaIPTV, ATN and King 365 TV, as well as IPTV playlist forums including IPTV URLs and IPTV SAT. These are the usual suspects one would expect.

The second category includes illegal streaming sites like Pirlo TV, BeIN Match and Yalla Shoot, as well as streaming link sites, such as Cable Gratis TV, Hulk Sport and Hulk Sport. Most of these are clearly infringing as well.

La Liga then moves into the intermediary area by highlighting hosting providers. According to the sports organization, these companies can help to prevent infringements but, in most cases, they don’t.

Uncooperative Hosting Companies

Rightsholders often complain about abuse by pirate sites and services but these complaints don’t have any effect.

“It should be noted that most of the Hosting Providers Companies ignore e-mails and letters referred to IPR infringements,” La Liga writes, after which it sums up the most relevant companies.

This list includes Namecheap, which is located in the US, as well as the Canadian e-commerce platform Shopify. US-based CDN provider Cloudflare gets a mention as well, together with the Russia-based Offshore-Servers and BlueAngelHost from Pakistan.

“Preventive actions are needed to avoid that IPR infringers can host illegal content so easily on the Hosting Provider Companies’ servers,” La Liga notes, while demanding “quick responses and effective solutions” from these intermediaries.

The sports league provides no details on what infringing content these companies host or what action they fail to take. However, it clearly demands a more active and aggressive anti-piracy stance.

eBay and Alibaba

The latter also applies to eBay and Alibaba. These companies are listed in the e-commerce category and reportedly offer illegal set-top boxes and IPTV deals.

While these are “somewhat cooperative” in terms of enforcement, according to La Liga, they can do more.

The list of notorious piracy markets continues with ‘cyberlockers’ such as Mega, MediaFire, and Uptobox. These can be used legally, the recommendation notes, but are often used to share pirated content as well.

Telegram

The latter also applies to social media and communication apps. La Liga calls out Telegram specifically in this regard, noting that it’s “extremely complicated and slow” to remove illegal content from the platform.

“We have detected that Telegram is increasingly being used to illegally share copyright-protected contents through certain channels. Those channels have significantly increased their users, La Liga writes.

These and other recommendations will be taken into account by the USTR which will issue its final list of “notorious markets” in a few months. Whether Namecheap, eBay, Telegram, and Shopify will be called out, has yet to be seen.

Over the past several years, copyright holders have repeatedly called on third-party intermediaries to increase their anti-piracy efforts. The USTR now follows this lead by making it a focus issue and these recommendations are part of the strategy.

However, it’s still an odd sight to see eBay and Namecheap being mentioned alongside The Pirate Bays of this world.

—

A copy of La Liga’s submission to the US Trade Representative is available here (pdf)

From: TF , for the latest news on copyright battles, piracy and more.

Dutch anti-piracy group BREIN aims to tackle all kinds of piracy, wherever and however it takes place online.

From popular P2P technologies such as BitTorrent through to streaming portals and the well-established protocols of Usenet, BREIN can be found working in the background to prevent people from distributing and obtaining content without permission.

This week, however, the company revealed it has been targeting one of the oldest and most basic file-sharing methods still in existence today.

BREIN Targets Open Directories

In an announcement Thursday, BREIN said it had been successful in shutting down several dozen ‘open directories’ which offered tens of thousands of eBooks to the public without permission from rights holders. As is often the case, BREIN contacted hosting providers with copyright takedown notices, taking the directories offline.

In some instances, where BREIN was able to identify those responsible, directory operators were given the opportunity to settle the complaint by taking their offering down, paying BREIN’s costs, and agreeing not to infringe copyright in the future.

So what are ‘open directories’ and how do they work?

An Ancient, Basic, Yet Intriguing Way to Offer Files

In a nutshell, ‘open directories’ are just that – directories (or folders, to use Windows terminology) filled with content that is easily accessible to users via the web.

Most of these directories are put in place by someone in charge of a website and/or server. With some free hard drive space available, the individual might choose to upload a bunch of family photographs, documents (or indeed an entire media collection) so that they can be accessed from anywhere or used to serve content to a website.

Neglecting to protect directories with a username and password, for example, renders them ‘open’ but, in many cases, these folders are left unsecured on purpose, placed on a regular server for sharing with others, or in some instances, on an unsecured third-party’s server which then acts as an unauthorized file ‘dump’.

None of this is particularly glamorous or technologically advanced but what open directories offer is a huge quantity of media accessible to anyone for downloading directly to their machines, using only a web browser.

Since by their very nature they don’t require a login, password, or special tools, the only obstacle is how to find these directories in the first instance. However, since they are a part of the web itself, the majority are discoverable using Google or a similar search engine.

Finding Open Directories is Easy

One of the most basic ways to find open directories is to Google the search term index / (or intitle:\”index.of\” ) followed by the type of content sought. The image below reveals Google’s results following the most basic of searches for directories referencing the image format JPG.

The very top result is indicative of the kind of unusual content one is likely to find with such an unsophisticated search. Found at ‘ e-hand.com/jpg/ ‘, the directory appears to consist of an image library showing deformed, injured, or otherwise non-regular hands.

Of course, images of wonky hands is a fairly niche topic so it’s likely that people will want to stretch their legs a little, using more sophisticated techniques to find content of interest. Again, Google is a great starting point and for those with the right skillset, elaborate search parameters can be combined to produce the required results.

For those who don’t have the necessary ‘Google-fu’ or simply can’t be bothered, there are tools that do all of the heavy lifting, such as the Google Open Directory Search , the Open Directory Search Tool , or more flashy examples such as File Pursuit . There are even communities dedicated to revealing what other searchers have found.

Warning: Open Directories Can Contain Anything

Finally, it’s worth pointing out while some open directories are goldmines of popular movies, music, TV shows plus rare and sometimes unusual personal content, they are also home to mountains of ‘junk’ that are only of interest to the person who put them there. In some cases, they can also contain material that some may find offensive due to its adult nature but there are other risks too.

Unlike some other indexes, these directories are totally unmoderated, meaning that the ‘game’ or ‘app’ you’re about to download could be infested with malware, have been maliciously mislabeled, or may take days to download only to yield nothing of interest. Importantly, open directories are not inherently ‘pirate’ either, they’re just shared folders that can and do contain just about anything.

The same can be said about open Google Drives, which can be found by pasting the search phrase site:drive.google.com +”drive/folders” into Google. These are not open directories in the pure sense of the term but still yield similar results, with the exception that all files are actually hosted (rather than just indexed) by Google.

In any event, the content on offer in many of these directories is often interesting to users despite it being potentially risky to offer, especially when entities like BREIN are on the prowl.

From: TF , for the latest news on copyright battles, piracy and more.

Every year the MPA and RIAA respond to a request from the Office of the US Trade Representative to submit their recommendations for the annual “notorious markets” list.

In many cases, the industry groups choose to nominate the world’s most popular pirate sites and services for a mention, including but not limited to The Pirate Bay, YTS, RarBG, 1337x, and Popcorn Time, for example.

More recently, however, the MPA and RIAA have begun mentioning ancillary companies that in their judgment are not necessarily pirate services in themselves but due to their provision of systems and infrastructure, are in a position to act affirmatively to reduce the effectiveness of pirate sites.

As reported this week, the MPA and RIAA has now chosen to nominate domain name companies and services including the Njalla privacy service associated with Pirate Bay co-founder Peter Sunde and the Tonic domain registry that is often favored by pirate services.

Pressure Has Been Building on Tonic Domain Registry

In September, the Alliance for Creativity and Entertainment (ACE), the global anti-piracy coalition made up of the major Hollywood studios, Netflix, Amazon, and dozens of other companies, obtained a DMCA subpoena compelling Tonic to hand over information held on major pirate sites including The Pirate Bay, YTS, 1337x, EZTV, Seasonvar, Tamilrockers, Lordfilms, and many others.

A month later, ACE was back in court again, this time obtaining a DMCA subpoena requiring Tonic to hand over information held on massive Germany-focused streaming site S.to.

The dust had barely settled when ACE returned to court once again, obtaining another subpoena forcing Tonic to give up the identities of the people behind torrent giant 1337x.to (again), streaming site BS.to, Kimcartoon.to, Vumoo.to, Ololo.to, Seriesflix.to, Kinox.to, Movie4k.to plus many more.

Back Once Again With Yet Another Demand For Information

It’s unclear exactly how many pirate sites utilize .to domains for their operations but ACE clearly sees the registry’s involvement as part of their infrastructure as a problem when it comes to its enforcement actions. As a result, a DMCA subpoena ACE obtained in recent days from a California court lists two dozen problematic platforms for which it seeks additional information.

The majority of the domains are focused on streaming movies and TV shows, with sites including Lordfilm, Ymovies, Pelis24, Series24, HDGo, HDSS, Flixtor, Soap2Day and Solarmovie all getting a prominent mention.

Also present in the demand for information is a selection of popular torrent indexes such as TorrentGalaxy, Monova, and Glodls. These make an appearance alongside sites operating in different niches such as popular Germany-focused piracy forum Boerse and proxy-centric platform Unblocked. DDL-Warez is also featured in the subpoena but at the time of writing appears to be down.

Sites Infringe Copyrights in Popular Movies and TV Shows

Along with each site is a claim that they infringed rights in a specific movie or TV show. These include the movies Frozen II, Dolittle, Wonder Woman, Harry Potter and the Chamber of Secrets, Beautiful Boy, Bird Box, Triple Frontier, and Scoob! In the cases of Series 24 and Flixtor, both stand accused of illegally offering the first episode in the TV series Watchmen.

The application was filed by Jan van Voorn, Executive Vice President and Chief of Global Content Protection for the Motion Picture Association.

“The ACE Members (via the Motion Picture Association, Inc.) are requesting issuance of the attached proposed subpoena that would order Tonic Domains Corporation to disclose the identities, including names, physical addresses, IP addresses, telephone numbers, e-mail addresses, payment information, account updates and account histories of the users operating the websites [listed below],” it reads.

A letter to Tonic Domains attached to the subpoena repeats a similar message.

At the same time, ACE also obtained a second DMCA subpoena claiming that the linking site Huho.to infringed its members’ copyrights in the movies Beauty and the Beast and It Chapter Two. The claim is that Huhu.to connects users of the popular ‘ Watched ‘ mobile application to cyberlockers containing infringing content so, as a result, its operator’s details should be handed over.

The anti-piracy coalition lists a number of sites where the movies were hosted including Clipboard.cc, GoUnlimited.to, Mixdrop.to, Upstream.to, Vivo.sx, Vidlox.me, and Clipwatching.com, but these sites don’t appear to be direct targets in the subpoena.

Documents supporting the DMCA subpoenas can be found here 1 , 2 , 3 , 4 (pdf)

List of Domains and Main Use (Both Subpoenas)

lordfilm.to – streaming
ddl-warez.to – down
boerse.to – piracy forum
pepecine.to – streaming
ymovies.to – streaming
pelis24.to – streaming
kinoz.to – streaming (kinox.to alternate)
monova.to – torrents
unblocked.to – proxy site
glodls.to – torrents
byte.to – DDL/streaming
enstream.to – streaming
series24.to – streaming
hdgo.to – streaming
ilgeniodellostreaming.to – streaming
movie-blog.to – DDL index
torrentgalaxy.to – torrents
goojara.to – streaming
supernova.to – streaming
levidia.to – streaming
flixtor.to – streaming
hdss.to – streaming
solarmovie.to – streaming
soap2day.to – streaming
huhu.to (subpoena 2)

From: TF , for the latest news on copyright battles, piracy and more.

Most developers can only dream of creating software that’s used by hundreds of millions of people across the globe.

Swedish programmer Ludvig Strigeus is one of the lucky few to have reached this milestone. Not once, but twice.

File-sharing veterans will remember Strigeus, who’s known online by his nickname Ludde, as the creator of uTorrent. However, he also singlehandedly laid the groundwork for the backend and frontend of Spotify, where he still works today.

Both applications reached an audience of hundreds of millions of users, albeit with different reputations in the music industry. The torrent client, while perfectly legal, is often associated with piracy, while Spotify now generates billions of dollars in revenue for music companies.

That said, the history of both pieces of software are intertwined. Both were originally coded by Strigeus and Spotify even owned the uTorrent client briefly, before it was sold to BitTorrent Inc. Spotify didn’t acquire uTorrent because of the technology, they wanted its developer .

This was the right move, as history has shown. Also for Strigeus, who is now worth hundreds of millions because of his stake in Spotify. And the developer’s achievements haven’t gone unnoticed among his peers either.

This week Strigeus was awarded the prestigious Polhem Prize by the Swedish Association of Graduate Engineers . The prize is awarded for high-level technological innovations.

The association mentions both Spotify and uTorrent and praises Ludde’s exemplary coding skills and excellence.

“With effective program code, Ludvig Strigeus has pushed the boundaries of what we expect from software in general. His ability to develop advanced applications with surprisingly little computing power is enormously impressive,” says Ulrika Lindstrand, President of the Swedish Engineers union.

This is a remarkable achievement by the 39-year-old developer, who is pleased with the recognition and the award.

“It is a fantastic honor for me to receive the Polhem Prize. I have always been driven to delve into technical details, learn new things and find smart solutions to difficult problems, rather than building something primarily to get many users,” Strigeus says.

“It feels really good that the programs I developed have spread enormously all over the world.”

The Polhem Prize is one of the oldest technology awards and was first issued in 1878 . Previous winners include Baltzar von Platen and Carl Munthers for their refrigerator invention (1925) and Håkan Lans who invented the GPS-based STDMA tracking system (1995).

In addition to the prestige, Strigeus also wins a golden Polhem medal and roughly $25,000. We doubt, however, that money is a major issue for the developer. Ludde is still very much preoccupied with coding and also did well in the brutal but prestigious Flareon challenge earlier this year.

From: TF , for the latest news on copyright battles, piracy and more.

Back in August, members of the Alliance for Creativity and Entertainment (ACE), an anti-piracy coalition featuring the major Hollywood studios, Netflix, Amazon, and more than two dozen other companies, filed a lawsuit against US company TTKN Enterprises, LLC.

Better known online as IPTV service Crystal Clear Media (CCM), TTKN and owners Todd and Tori Smith of Florida were accused by Disney, Paramount, Amazon, Warner, Universal, Netflix, Columbia and StudioCanal of operating a pirate service providing access to thousands of live and title-curated television channels in breach of their copyrights.

“Blatantly Infringing Service”

Citing blockbusters including Disney’s Frozen II, Warner Bros’ Harry Potter collection, Columbia Picture’s Bad Boys for Life, and Universal’s Mr. Robot, the companies alleged that TTKN/CCM’s operators had gone to great lengths to hide their roles in an operation that had illegally streamed these titles and more to the public. Domains including mediahosting.one, crystalcleariptv.com, ccmedia.one, ccbilling.org, cciptv.us, ccreborn.one, ccultimate.one, superstreamz.com, and webplayer.us, were mentioned as supporting the operation.

Describing CCM as a “blatantly infringing service”, the entertainment companies noted that despite being acutely aware that rival service Vaders had previously come to an untimely end for similar actions at the hands of the same plaintiffs, CCM continued to provide an illegal VOD service to the public. Furthermore, the service also continued to expand its reach via a network of resellers.

“Defendants’ reseller program plays a pivotal role in their infringing enterprise. Defendants’ resellers market and promote CCM as a substitute for authorized and licensed distributors,” the lawsuit claimed.

Alleging willful direct copyright infringement, the plaintiffs demanded the maximum statutory damages of $150,000 per infringed work plus the same amount per work as a result of CCM inducing others by “encouraging, and promoting” the use of CCM for copyright infringement purposes.

Parties Reach Settlement Agreement

While these kinds of cases have the potential to roll on for some time, it transpires the plaintiffs and TTKN/CCM plus named defendants Todd and Tori Smith have agreed to settle their dispute. The agreement was reached on November 2, 2020, and as a result, they are together asking the court to sign off on a judgment in favor of the plaintiffs, awarding a permanent injunction and damages.

In respect of the injunction, the defendants comprehensively agree not to distribute any copyrighted content owned by the plaintiffs or their subsidiaries in any manner, including via streaming. All operations of Crystal Clear Media must be completely shut down within five days of any injunction and its operators are barred from distributing or otherwise releasing any of its source code, domain names, trademarks and other assets.

“Defendants irrevocably and fully waive notice of entry of the Permanent Injunction, and understand and agree that violation of the Permanent Injunction will expose Defendant to all penalties provided by law, including contempt of Court,” it reads.

“Defendants consent to the continuing jurisdiction of the Court for purposes of enforcement of the Permanent Injunction, and irrevocably and fully waive and relinquish any argument that venue or jurisdiction by this Court is improper or inconvenient.”

Proposed Judgment Includes a Massive Damages Award

The original complaint included references to the now-defunct Vaders IPTV service that was also targeted by the same plaintiffs in a largely secret lawsuit in Canada. However, while the Vaders/Vader Streams matter ended in a $10 million damages award in favor of the studios, TTKN/CCM has agreed to pay substantially more than its former rival.

“Damages are awarded in favor of Plaintiffs and against Defendant TTKN Enterprises, LLC d/b/a Crystal Clear Media, in the total amount of forty million dollars ($40 million),” the proposed judgment reads.

While the proposed consent judgment and permanent injunction are yet to be signed off by Judge George H. Wu in a California court, the nature of the agreement means that is likely to be a formality in the days to come.

The proposed orders can be found here ( 1 , 2 , 3 pdf)

From: TF , for the latest news on copyright battles, piracy and more.

With more ways to stream online video than ever before, protecting video continues to be a key issue for copyright holders.

This is often achieved through Digital Rights Management, which is often referred to by the initials DRM. In a nutshell, DRM is an anti-piracy tool that dictates when and where digital content can be accessed.

Google is an important player in this area. The company owns the Widevine DRM technology which is used by many of the largest streaming services including Amazon, Netflix and Disney+. As such, keeping it secure is vital.

Widevine DRM

Widevine DRM comes in different levels. The L1 variant is the most secure, followed by L2 and L3. While the latter still protects content from being easily downloaded, it’s certainly not impossible to bypass, as pirates have repeatedly shown.

Despite its vulnerabilities, Google doesn’t want to make it too easy for the public at large. This became apparent a few hours ago when the company asked the developer platform GitHub to remove dozens of “Widevine L3 Decryptor” repositories.

The code, originally published by security researcher Tomer Hadad, is a proof-of-concept code Chrome extension that shows how easy it is to bypass the low-security DRM. Google was aware of this vulnerability and previously informed Krebs Security that it would address the issue.

Google Targets Widevine L3 Decryptor Code

One option would be to patch the security flaw but, for now, Google appears to be focusing on the takedown route. In a DMCA notice sent to GitHub, the company requests the immediate takedown of dozens of “Widevine L3 Decryptor” copies.

“The following git repository [sic] contain circumvention technology that enables users to illegally access video and audio works protected by copyright,” Google writes .

“This Chrome extension demonstrates how it’s possible to bypass Widevine DRM by hijacking calls to the browser’s Encrypted Media Extensions (EME) and decrypting all Widevine content keys transferred – effectively turning it into a clearkey DRM,” Google adds.

Google sees the code, which was explicitly published for educational purposes only, as a circumvention tool. As such, it allegedly violates section 1201 of the DMCA, an allegation that was also made against the youtube-dl code last month.

The takedown notice includes a long list of repositories that were all made unavailable by GitHub. This doesn’t cover the original code from Tomer Hadad, who already removed his version in late October, citing “ legal reasons .”

Google views this vulnerability as a serious matter and the company says that it has also filed a Sensitive Data takedown request to prevent the Widevine’s ‘secret’ private key from being publicly shared.

Sensitive Data Request

“In addition to this request, we have filed a separate Sensitive Data takedown request of this file: /widevine-l3-decryptor as it contains the secret Widevine RSA private key, which was extracted from the Widevine CDM and can be used in other circumvention technologies.”

That last mention is interesting as private keys, which are simply a string of characters, are not seen as copyrighted or private content by everyone.

“If you distribute your key with the software, then whatever form it is in, I would not consider it “private” at all,” a commenter on Hacker News points out.

Googling the AACS Key

This ‘key controversy’ is reminiscent of an issue that was widely debated thirteen years ago. At the time, a hacker leaked the AACS cryptographic key “09 F9” online which prompted the MPAA and AACS LA to issue DMCA takedown requests to sites where it surfaced.

This escalated into a censorship debate when sites started removing articles that referenced the leak, triggering a massive backlash.

At the time, the controversial AACS key was still readily available through Google’s search engine. In that regard very little has changed. Despite Google’s sensitive data takedown request, the Widevine RSA key is easy to find through its own search engine.

From: TF , for the latest news on copyright battles, piracy and more.

A recent survey commission by the Asia Video Industry Association’s Coalition Against Piracy ( CAP ) and conducted by YouGov revealed that around 53% of online consumers in Thailand use illegal streaming platforms or torrent sites to access otherwise premium content.

The survey also found that of those who admitted using such platforms, around 66% claimed to have canceled some or even all of their legal subscriptions as a result. This and other similar reports helped sound alarm bells in the country so, last month, authorities carried out a series of actions to shut down pirate sites.

Raids During October, Resurrected Sites Hit Again in November

On October 22, the Department of Special Investigation carried out raids targeting a number of illegal sites, shutting several down while seizing computer equipment. Among them were Kingiptv.cc, Doohdbox.com, and Hdplay.tv but it appears that the operators of these platforms weren’t immediately ready to throw in the towel.

According to local media reports , the three sites switched to new domains – Kingiptv.cc to Kingiptv.info, doohdbox.com to skyhdbox.com, and hdplay.tv to hdlive.site. This prompted further action by the authorities.

Lieutenant Colonel Wichai Suwanprasert, head of the DSI’s Bureau of Technology and Cyber Crime, says that his unit traced the whereabouts of the resurrected sites and subsequently raided four locations in Bangkok, Nakhon Pathom, and two areas in the central province of Samut Prakan.

In addition to shutting down the four streaming platforms, which together generated an alleged seven million baht per month (US$229,357), officers also seized computer hardware, mobile phones, bank books and ATM cards.

“These websites were streaming copyright material belonging to True Visions Group Co and the Motion Picture Association without permission,” said Police Lieutenant Col Wichai.

Earlier Collaboration Between the MPA and DSI

TrueVisions is a cable and satellite television operator in Thailand and as the group representing the major Hollywood studios and Netflix, the Motion Picture Association needs little introduction.

The MPA and DSI already have an operational relationship. Following an MPA request late 2019, the DSI shut down streaming portal Movie2free.com, arresting a 22-year-old man.

At the time, Movie2free.com was Thailand’s most popular pirate site and one of the most popular on the Internet, period. It had previously appeared in the MPA’s overview of “notorious pirate sites”, which was submitted to the United States Trade Representative.

Site-Blocking in Thailand

Back in August, the Department of Intellectual Property (DIP), the Ministry of Digital Economy and Society (DES), and the National Broadcasting and Telecommunications Commission (NBTC) announced new site-blocking provisions to deal more efficiently with the threat posed by pirate sites.

After a court hands down a blocking injunction, Internet service providers now have just 15 days to block domains, including new domains that are used by pirate site operators to circumvent blocking orders. Failing to do so so means an ISP can be fined under the Computer Crimes Act.

From: TF , for the latest news on copyright battles, piracy and more.