Plex Asks GitHub to Take Down ‘Reshare’ Repository Over Piracy Fears

Plex is a multi-functional streaming platform that allows users to watch, organize, and curate their favorite media entertainment. Sharing Plex libraries is also an option; one that comes with piracy concerns. In an effort to “avoid the growth of piracy,” Plex asked GitHub to remove a repository that allows people to reshare libraries that were not originally theirs. TorrentFreak reports: The Swiss company, which is headquartered in the U.S., asked GitHub to remove a “Plex Reshare” repository, alleging that it may contribute to its piracy problem. “Plex Reshare” doesn’t host any copyright-infringing material and, as far as we’ve seen, it doesn’t reference any either. Its main purpose is to allow Plex users to make shared Plex directories browsable on the web, which allows people to “reshare” them without being the original owner. “The reason behind this project is to make available your PLEX shares to other friends unrelated to the person who owns the original library,” Plex Reshare developer Peter explains.

While the repository doesn’t host or link to copyright-infringing material, Plex argues that it can be used to ‘grow’ piracy. “We have found infringing material in your website which indeed is OTHER ‘Plex Server’. The material that is claimed to be infringing is to be removed or access to which is to be disabled immediately and avoid the growth of piracy,” the takedown notice reads. The first part of the sentence is somewhat confusing. Plex-reshare is not a Plex server but the company may use “OTHER Plex Server” as an internal classification category. In any case, Plex alleges that the repository can contribute to the growth of piracy on its platform.

Citing the Online Copyright Infringement Liability Limitation Act, Plex urges GitHub to take immediate action, or else it may be held liable. It’s not clear what this liability claim rests on, as there are no actual copyright infringements mentioned in the takedown notice. Despite the broad nature of this claim, GitHub has indeed taken the repository offline, replacing it with a DMCA takedown reference. This likely wasn’t a straightforward decision as GitHub is known to put developers first with these types of issues. In this case, it took more than three weeks before GitHub took action, which is much longer than usual. This suggests that GitHub allowed the developer to respond and may have sought legal advice from in-house lawyers, to ensure that the rights of all parties are properly considered. The report notes that the Plex-reshare code is listed on Docker Hub as well, which means it may face a similar fate.

Read more of this story at Slashdot.

Cox Communications Wins Order Overturning $1 Billion US Copyright Verdict

Internet service provider Cox Communications has been cleared of a $1 billion jury verdict in favor of several major record labels that had accused it of failing to curb user piracy. “The 4th U.S. Circuit Court of Appeals in Richmond, Virginia, ruled on Tuesday that the amount of damages was not justified and that a federal district court should hold a new trial to determine the appropriate amount,” reports Reuters. From the report: A Virginia jury in 2019 found Cox, the largest unit of privately-owned Cox Enterprises, liable for its customers’ violations of over 10,000 copyrights belonging to labels including Sony Music Entertainment, Warner Music Group, and Universal Music Group. The labels’ attorney Matt Oppenheim said that the appeals court “affirmed the jury’s verdict that Cox is a willful infringer,” and that “the evidence of Cox’s complete disregard for copyright law and copyright owners has not changed.” “A second jury will get to hear that same compelling evidence, and we fully expect it will render a significant verdict,” Oppenheim said.

More than 50 labels teamed up to sue Cox in 2018, in what was seen as a test of the obligations of internet service providers (ISPs) to thwart piracy.
The labels accused Cox of failing to address thousands of infringement notices, cut off access for repeat infringers, or take reasonable measures to deter pirates. Atlanta-based Cox had told the 4th Circuit that upholding the verdict would force ISPs to boot households or businesses based on “isolated and potentially inaccurate allegations,” or require intrusive oversight of customers’ internet usage. Other ISPs, including Charter Communications, Frontier Communications and Astound Broadband, formerly RCN, have also been sued by the record labels.

Read more of this story at Slashdot.

Bulgaria Approves Draft Law That Turns Pirate Site Operators Into Criminals

A draft law that aims to criminalize and prosecute those who “create conditions for online piracy” has been approved by Bulgaria’s Council of Ministers. The proposed amendments are Bulgaria’s response to heavy criticism from the United States, most publicly via the USTR’s Special 301 Reports. It’s hoped that prison sentences of up to six years will send a deterrent message. TorrentFreak reports: Last week the Council of Ministers approved draft amendments to the Criminal Code that aim to protect authors, rightsholders, and state revenue. “Crimes against intellectual property should be perceived as acts with a high degree of public danger, not only considering the rights and interests of the individual author, which they affect, but also considering the financial losses for the holders of these rights, which also affects the revenues in the state budget,” the explanatory notes read.

The stated aim of the bill is to solve identified weaknesses by upgrading substantive law to counter computer-related crimes against intellectual property. The text references those who “build or maintain” an information system or provide a service to the information society for the purpose of committing crimes. The notes offer further clarification. “The bill aims to prosecute those who create conditions for online piracy — for example, by building and maintaining torrent tracker sites, web platforms, chat groups in online communication applications for the online exchange of pirated content, and any other activities that may fall within the definition of ‘information society service’ within the meaning of the Electronic Commerce Act (pdf) and which are carried out with the specified criminal purpose.”

The Bulgarian government notes that the amendments are part of its response to criticism in the USTR’s Special 301 Report. [When countries are placed on the USTR’s ‘Watch List’ for failing to combat piracy, most can expect years of pressure punctuated by annual Special 301 Reports declaring more needs to be done. Bulgaria was on the Watch List in 2015 when the USTR reported “incremental progress” in the country’s ability to tackle intellectual property infringement, albeit nowhere near enough to counter unsatisfactory prosecution rates. In 2018 the United States softened its position toward Bulgaria, removing it from the Watch List on the basis that the government would probably deliver.] The fact that Bulgaria has been absent from the ‘Watch List’ for the last five years is down to “specific commitments” made by the authorities, with progress being monitored closely by the United States in respect of Bulgaria’s future status. The draft approved by the Council of Ministers last week envisions sentences of up to six years imprisonment and a fine of up to $5,600. According to the draft, there is no intent to prosecute individual users who simply consume pirated content.

Read more of this story at Slashdot.

BitTorrent Seedbox Provider Handed Criminal Conviction Over Users’ Piracy

A man who rented out servers configured for BitTorrent file-sharing use has been handed a three-month suspended sentence in Denmark. Known as ‘seedboxes’, these pre-configured servers are not illegal per se, but when customers used the devices to break copyright law on known pirate sites, rightsholders held the server provider liable. TorrentFreak reports: Local anti-piracy group Rights Alliance (Rettigheds Alliancen) mitigates all types of piracy but for the past few years, has maintained a keen focus on torrent sites. Working in partnership with the Danish government’s SOIK IP-Task Force, Rights Alliance forced several sites to close down and successfully prosecuted site operators, staff members, and users who uploaded content to those sites. In 2021, Rights Alliance targeted specialized servers that not only supply content to torrent sites but also play a role in boosting download times while improving security.

In 2021, news broke that six people had been arrested in Denmark due to their alleged connections to several local torrent sites. Among them was Kasper Nielsen of internet services company HNielsen Networks, a supplier of servers under various brands that could be configured for ‘seedbox’ purposes. Available information indicated that the servers had been used by an unknown number of users to share content on private torrent sites ShareUniversity, Superbits and DanishBytes. […] When Rights Alliance filed its criminal complaint against HNielsen Networks, the anti-piracy group referenced the landmark Filmspeler case which involved the sale of piracy-configured media players.

According to statements published by Rights Alliance and NSK (Saerlig Kriminalitet) Denmark’s Special Crime Unit, Nielsen was convicted yesterday for selling seedboxes in the knowledge they were being used by others to share movies, TV shows, eBooks and other content, without permission from rightsholders. “On February 28, the Court in Aalborg ruled against the Danish owner behind a seedbox company for, in the period November 2020 to May 2021, having sold seedboxes and server capacity to an unknown number of people, knowing that they were used for illegal sharing of no less than 3,838 copyright-protected works on the Danish and Nordic file sharing services ShareUniversity, Superbits and DanishBytes,” Rights Alliance reports. Nielsen was handed a three-month conditional (suspended) sentence and a confiscation order for DKK 300,000 (around $42,600), the amount users had paid his company to access the seedbox servers. The 35-year-old must also pay compensation of DKK 298,660 to Rights Alliance. “Providers of seedboxes have a responsibility to ensure that their services are not used for illegal uploading and downloading of copyrighted content, which the Rights Alliance can clearly see that they are doing,” says Maria Fredenslund, Director of Rights Alliance. “Therefore, this case helps to send a signal to other providers that you cannot deliberately sell services to the illegal market.”

Since Neilsen took a plea deal at an early stage, none of the claims made by Rights Alliance were needed to be proven in court. “The 3,838 figure and any evidence related to ‘knowledge’ of infringement carried out by seedbox customers on the sites, were accepted as true,” reports TorrentFreak.

Read more of this story at Slashdot.

Major Private Torrent Sites Have a Security Disaster to Fix Right Now

At least three major torrent sites are currently exposing intimate details of their operations to anyone with a web browser. TorrentFreak understands that the sites use a piece of software that grabs brand-new content from other sites before automatically uploading it to their own. A security researcher tried to raise the alarm but nobody will listen. From the report: To get their hands on the latest releases as quickly as possible, [private torrent sites, or private trackers as they’re commonly known] often rely on outside sources that have access to so-called 0-Day content, i.e, content released today. The three affected sites seem to have little difficulty obtaining some of their content within minutes. At least in part, that’s achieved via automation. When outside suppliers of content are other torrent sites, a piece of software called Torrent Auto Uploader steps in. It can automatically download torrents, descriptions, and associated NFO files from one site and upload them to another, complete with a new .torrent file containing the tracker’s announce URL. The management page [here] has been heavily redacted because the content has the potential to identify at least one of the sites. It’s a web interface, one that has no password protection and is readily accessible by anyone with a web browser. The same problem affects at least three different servers operated by the three sites in question.

Torrent Auto Uploader relies on torrent clients to transfer content. The three sites in question all use rTorrent clients with a ruTorrent Web UI. We know this because the researcher sent over a whole bunch of screenshots and supporting information which confirms access to the torrent clients as well as the Torrent Auto Uploader software. The image [here] shows redactions on the tracker tab for good reason. In a regular setup, torrent users can see the names of the trackers coordinating their downloads. This setup is no different except that these URLs reference three different trackers supplying the content to one of the three compromised sites.

Rather than publish a sequence of completely redacted screenshots, we’ll try to explain what they contain. One begins with a GET request to another tracker, which responds with a torrent file. It’s then uploaded to the requesting site which updates its SQL database accordingly. From there the script starts checking for any new entries on a specific RSS feed which is hidden away on another site that has nothing to do with torrents. The feed is protected with a passkey but that’s only useful when nobody knows what it is. The same security hole also grants direct access to one of the sites tracker ‘bots’ through the panel that controls it. Then there’s access to ‘Staff Tools’ on the same page which connect to other pages allowing username changes, uploader application reviews, and a list of misbehaving users that need to be monitored. That’s on top of user profiles, the number of torrents they have active, and everything else one could imagine. Another screenshot featuring a torrent related to a 2022 movie reveals the URL of yet another third-party supplier tracker. Some basic queries on that URL lead to even more torrent sites. And from there, more, and more, and more — revealing torrent passkeys for every single one on the way.

Read more of this story at Slashdot.

Torrent Site User Who Transferred 120TB of Pirated Content Avoids Prison

A torrent site user accused of downloading and uploading at least 120TB of movies, TV shows, eBooks, music and software, has avoided an immediate prison term. The 28-year-old was arrested as part of a police operation against DanishBytes. A member of the same site was sentenced earlier this month after he uploaded Netflix content obtained using hacked credentials. TorrentFreak reports: Early November 2021, Denmark’s Public Prosecutor for Special Economic and International Crime (SOIK) announced that six people had been arrested following criminal referrals by Rights Alliance. All were members and/or operators of ShareUniversity and DanishBytes. Prosecution of site operators is not uncommon but when it’s deemed in the public interest, pirate site users can also face charges. Every case is unique so criteria differ, especially across national borders, but when evidence shows large volumes of infringement, successful prosecutions become more likely. That was the case when a former DanishBytes user was sentenced last week. According to Danish anti-piracy group Rights Alliance, the 28-year-old man was a regular site member and wasn’t involved in running the site. That being said, evidence showed that for the period January 2021 to November 2021, he downloaded and/or uploaded no less than 3,000 copyrighted works, including movies, TV shows, music, books, audiobooks and comics.

Information released by the National Unit for Special Crimes (NSK), a Danish police unit focused on cybercrime, organized crime, and related financial crime, reveals that the user’s traffic statistics interested prosecutors. “During the period, the man downloaded no less than 100 TB and uploaded no less than 20 TB of copyrighted material,” NSK says. BitTorrent trackers operating a ratio model usually insist on a better ratio of downloads to uploads but DanishBytes’ situation was out of the ordinary.

The site launched in January 2021 in the wake of other sites being shut down, so had to get going from a standing start with no users. Even when arrests were being made, the site still had a relatively small userbase, which can limit opportunities to upload more. That may have been a blessing in disguise. Faced with the evidence, the man decided to plead guilty and was sentenced last week at the Court in Vibourg. In common with similar prosecutions recently, he received a suspended conditional sentence of 60 days’ probation, 80 hours of community service, and confiscation of his computer equipment. The case against the DanishBytes user began with a Rights Alliance investigation and a referral to the police. As part of his sentence, the man must pay the anti-piracy group DKK 5,000 (US$600) in compensation but Rights Alliance director Maria Fredenslund is focused on the deterrent effect of another successful prosecution.

Read more of this story at Slashdot.

US Navy Forced To Pay Software Company For Piracy

The U.S. Navy was found guilty of piracy and is ordered to pay a software company $154,400 for a lawsuit filed back in 2016. Gizmodo reports: The company, Bitmanagement Software GmbH, filed a complaint against the Navy, accusing the military branch of copyright infringement. GmbH claimed they had issued 38 copies of their 3D virtual reality software, BS Contact Geo, but while they were still in negotiations for additional licenses, the Navy installed the software onto at least 558,466 machines between 2013 and 2015. In the court filing (PDF), GmbH claimed, “Without Bitmanagement’s advance knowledge or consent, the Navy installed BS Contact Go onto hundreds of thousands of computers. Bitmanagement did not license or otherwise authorize these uses of its software, and the Navy has never compensated Bitmanagement for these uses of Bitmanagement’s software.”

The company sued the Navy for nearly $600 million for “willful copyright infringement” of the software which, according to the vendor’s website, is a 3D viewer that “enables you to visualize and interact with state of the art 2D/3D content,” and is based on digital data captured from “various sources (land surveys, CAD, satellite imagery, airborne laser scanning, etc).” The court filings stated that after GmbH filed the lawsuit in July 2016, the Navy uninstalled the BS Contact Geo software from all of its computers and “subsequently reinstalled the software on 34 seats, for inventory purposes.” GmbH wrote in the court filing, “The government knew or should have known that it was required to obtain a license for copying Bitmanagement software onto each of the devices that had Bitmanagement software installed. The government nonetheless failed to obtain such licenses.”

Read more of this story at Slashdot.

Court Upholds Piracy Blocking Order Against Cloudflare’s 1.1.1.1 DNS Resolver

The Court of Rome has confirmed that Cloudflare must block three torrent sites through its public 1.1.1.1 DNS resolver. The order applies to kickasstorrents.to, limetorrents.pro, and ilcorsaronero.pro, three domains that are already blocked by ISPs in Italy following an order from local regulator AGCOM. TorrentFreak reports: Disappointed by the ruling, Cloudflare filed an appeal at the Court of Milan. The internet infrastructure company doesn’t object to blocking requests that target its customers’ websites but believes that interfering with its DNS resolver is problematic, as those measures are not easy to restrict geographically. “Because such a block would apply globally to all users of the resolver, regardless of where they are located, it would affect end users outside of the blocking government’s jurisdiction,” Cloudflare recently said. “We therefore evaluate any government requests or court orders to block content through a globally available public recursive resolver as requests or orders to block content globally.” At the court of appeal, Cloudflare argued that DNS blocking is an ineffective measure that can be easily bypassed, with a VPN for example. In addition, it contested that it is subject to the jurisdiction of an Italian court.

Cloudflare’s defenses failed to gain traction in court and its appeal was dismissed. DNS blocking may not be a perfect solution, but that doesn’t mean that Cloudflare can’t be compelled to intervene. […] Cloudflare believes that these types of orders set a dangerous precedent. The company previously said that it hadn’t actually blocked content through the 1.1.1.1 Public DNS Resolver. Instead, it implemented an “alternative remedy” to comply with the Italian court order.

Read more of this story at Slashdot.

RIAA Flags ‘Artificial Intelligence’ Music Mixer As Emerging Copyright Threat

The RIAA has submitted its most recent overview of notorious markets to the U.S. Trade Representative. As usual, the music industry group lists various torrent sites, cyberlockers and stream-ripping services as familiar suspects. In addition, several ‘AI-based’ music mixers and extractors are added as an emerging threat. TorrentFreak reports: “There are online services that, purportedly using artificial intelligence (AI), extract, or rather, copy, the vocals, instrumentals, or some portion of the instrumentals from a sound recording, and/or generate, master or remix a recording to be very similar to or almost as good as reference tracks by selected, well known sound recording artists,” RIAA writes.

Songmastr is one of the platforms that’s mentioned. The service promises to “master” any song based on the style of well-known music artists such as Beyonce, Taylor Swift, Coltrane, Bob Dylan, James Brown and many others. The site’s underlying technology is powered by the open-source Matchering 2.0 code, which is freely available on GitHub. And indeed, its purported AI capabilities are prominently in the site’s tagline. “This service uses artificial intelligence and is based on the open source library Matchering. The algorithm masters your track with the same RMS, FR, peak amplitude and stereo width as the reference song you choose,” Songmastr explains.

Where Artificial Intelligence comes into play isn’t quite clear to us. The same can be said for the Acapella-Extractor and Remove-Vocals websites, which the RIAA lists in the same category. The names of these services are pretty much self-explanatory; they can separate the vocals from the rest of a track. The RIAA logically doesn’t want third parties to strip music or vocals from copyrighted tracks, particularly when these derivative works are further shared with others. While Songmastr’s service is a bit more advanced, the RIAA sees it as clearly infringing. After all, the original copyrighted tracks are used by the site to create derivative works, without the necessary permission. […] The RIAA is clearly worried about these services. Interestingly, however, the operator of Songmastr and Acapella-Extractor informs us that the music group hasn’t reached out with any complaints. But perhaps they’re still in the pipeline. The RIAA also lists various torrent sites, download sites, streamrippers, and bulletproof ISPs in its overview, all of which can be found in the full report (PDF) or listed at the bottom of TorrentFreak’s article.

Read more of this story at Slashdot.

Court Orders Telegram To Disclose Personal Details of Pirating Users

The High Court in Delhi ordered Telegram to share the personal details of copyright-infringing users with rightsholders. The messaging app refused to do so, citing privacy concerns and freedom of speech, but the court waved away these defenses, ordering the company to comply with Indian law. TorrentFreak reports: Telegram doesn’t permit copyright infringement and generally takes swift action in response. This includes the removal of channels that are dedicated to piracy. For some copyright holders that’s not enough, as new ‘pirate’ channels generally surface soon after. To effectively protect their content, rightsholders want to know who runs these channels. This allows them to take action against the actual infringers and make sure that they stop pirating. This argument is the basis of an infringement lawsuit filed in 2020.

The case in question was filed by Ms. Neetu Singh and KD Campus. The former is the author of various books, courses, and lectures, for which the latter runs coaching centers. Both rightsholders have repeatedly complained to Telegram about channels that shared pirated content. In most cases, Telegram took these down, but the service refused to identify the infringers. As such, the rightsholders asked the court to intervene. The legal battle culminated in the Delhi High Court this week via an order compelling Telegram to identify several copyright-infringing users. This includes handing over phone numbers, IP addresses, and email addresses.

The order was issued despite fierce opposition. One of Telegram’s main defenses was that the user data is stored in Singapore, which prohibits the decryption of personal information under local privacy law. The Court disagrees with this argument, as the ongoing infringing activity is related to Indian works and will likely be tied to Indian users. And even if the data is stored elsewhere, it could be accessed from India. Disclosing the personal information would not be a violation of Singapore’s privacy law either, the High Court adds, pointing out that there is an exception if personal details are needed for investigation or proceedings.

Telegram also brought up the Indian constitution, which protects people’s privacy, as well as the right to freedom of speech and expression. However, that defense was unsuccessful too. Finally, Telegram argued that it is not required to disclose the details of its users because the service merely acts as an intermediary. Again, the Court disagrees. Simply taking infringing channels offline isn’t good enough in this situation, since infringers can simply launch new ones, as if nothing had happened.

Read more of this story at Slashdot.