YouTube has always been a conduit for online movie and music piracy. Some copyright infringement is prevented by YouTube’s Content ID system. Although not perfect by any stretch, the fingerprinting technology does (usually) alert creators (who are lucky enough to have access to the tool) when their content is illegally uploaded. Unfortunately, YouTubers have found plenty of ways to circumvent this safeguard. Meanwhile, the powers that be at Google/YouTube just look the other way.
Pirates easily share links to full movies
One approach YouTube pirates use is to upload a short dummy clip, or movie scene, that includes a direct download link to the full movie in the description. While some lead to spam sites, many link to the full version–many stored on Google’s own Google Drive platform.
Some YouTube pirates are cheeky enough to include a disclaimer stating they “do not own any of the materials used,” but in the same breath, include a link to the entire film. They then have the gall to ask that donations be sent to their PayPal account.
Another method, demonstrated by the YouTube pirate below, is to upload a placeholder clip (with film’s title making it easy to search for and find) that includes onscreen instructions to look to the description below for a full download of the movie (stored on Google Drive).
Of course, there are still plenty of YouTube users who continue to upload full movies to their channels. They often tweak the files to bypass a porous Content ID fingerprinting system. Per the broken DMCA, it’s up to each and every creator/rights holder to scour the site to find these stolen movies and for many, many remain untouched.
Since the take-down burden remains with the indie filmmakers many don’t have the means to search out and remove the pirated movies. Ultimately, the proliferation of these pirated copies undermines their ability to earn income and pay off production debts. The piracy also threatens their ability to produce more films.
One has to ask (again), why can’t Google–with all its access to technology–detect such infringers and prevent them from sharing these pirate and/or spam links in the first place? Hint-it has no motivation to do so. The question then becomes, why hasn’t the DMCA caught up with the 21st century?
YouTube pirates also post links to encrypted messenger app Telegram to share stolen movies
There are other ways pirates use YouTube as means to advertise their offsite pirated content. Here’s a user that uploads a short clip from a popular film, in this case Carol, and posts a link in description. This time it’s not a Google Drive link, but one that leads to a user of Telegram.org, an encrypted messaging service. I clicked the link, opened messenger and found easy access to an account that’s uploaded and shared dozens of stolen movies.
More pirated movies found on Telegram….easy to find, thanks to YouTube.
Telegram is available as an app for Android or Apple IOS. It’s not surprising that pirated content flourishes here since apparently the messenger app is also home for Nazis and terrorists. I’ve send a DMCA notice per their FAQ to [email protected] but so far the infringing content (multiple reported films) remain accessible.
There are no easy answers to fix any of this, but making sites like YouTube more accountable for their role in disseminating pirated content by updating the antiquated DMCA seems like the place to start.
Writing about online piracy and Google is a bit like living in the movie Groundhog Day. Day after day reality repeats itself. However, unlike Groundhog Day, there are no minor changes in the timeline that lead to a different outcome. When it comes to Google Drive and piracy, the story remains the same, day after day, year after year.
I’ve written about Google Drive several times over recent years, highlighting its ongoing role in giving online pirates convenient (and free) storage to make it easy for them to “share” pirated movies. Aside from providing a safe haven for pirated content, Google also blatantly defies the “safe harbor” a DMCA requirement that infringing material be “expeditiously” removed…..In reality, it can take weeks for reported links to be removed from Google Drive.
(1) In general.—A service provider shall not be liable for monetary relief, or, except as provided in subsection (j), for injunctive or other equitable relief, for infringement of copyright by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider, if the service provider— (A) (i) does not have actual knowledge that the material or an activity using the material on the system or network is infringing; (ii) in the absence of such actual knowledge, is not aware of facts or circumstances from which infringing activity is apparent; or (iii) upon obtaining such knowledge or awareness, acts expeditiously to remove, or disable access to, the material;
(i) Conditions for Eligibility.— (1) Accommodation of technology.—The limitations on liability established by this section shall apply to a service provider only if the service provider— (A) has adopted and reasonably implemented, and informs subscribers and account holders of the service provider’s system or network of, a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider’s system or network who are repeat infringers; …
Here are some images from very the same Google Drive account reported multiple times in October of 2017 for several dozen infringing titles, and again in 2018 and 2019. Despite being reported for dozens of pirated movies (many of the same titles) over several years, the account remained online.
Graphic from 2017Graphic from 2019
Despite dozens of DMCA notices over years the account remains untouched
Now, in 2020, the same Google Drive account (folder beginning with OB4Q) remains active and has re-uploaded infringing links (this time as torrent downloads) to the very same films previously removed.
Not to beat a dead horse, but why is Google allowed to sidestep the DMCA safe harbor requirements? Like other big tech companies, Google seems to routinely operate above the law. I guess having a well-paid gang of lobbyists in Washington has its benefits eh?
For easy reference, here are some of my past posts about this notorious Google Drive account from 2017 through 2019:
Of course, Google Drive piracy doesn’t damage only indie filmmakers like me. Even the big guys seem ripe for the picking. Unlike Google’s YouTube, Google Drive doesn’t provide any Content ID technology that would allow content creators (some) means to protect their work from this rampant theft. Here’s a Google Drive account I came across recently featuring dozens of Disney films. So much for needing to pay to subscribe to Disney+ eh?
As many of you know all too well, successfully removing your pirated work from online sites is a time consuming task. Not only does you have to find the infringing content, but have to spend time crafting a DMCA notice to send to the service provider hosting the illicit links and/or files.
I recently was notified about some links shared by a Twitter account that led to some pirated movies. At first I attempted to use Twitter’s web form, but it REQUIRED me to log-on to a Twitter account in order to send a DMCA notice via their web form. Sorry.
I don’t think there’s anything in the law that requires DMCA senders to have an actual account with service provider???? For me, the most efficient approach was to send the take-down notice directly Twitter’s designated DMCA agent listed in the US Copyright Office directory of DMCA agents. Here’s what I found:
Ok, so there’s an email address ([email protected]) clearly listed (as required by law) and so I sent my DMCA notice to that email address. I quickly received an automated response from [email protected] telling me, essentially, that Twitter ignored my request and that I must use their web form instead.
Now, I didn’t send an email “attachment.” I sent an email with the language of the DMCA notice and the infringing links included in the body of the email.
Twitter surely does deal with massive numbers of DMCA take down requests daily, but that’s not my problem. Attempting to force notice creators to log into their system in order to access a clunky web form not only adds greater burden by eating up valuable time, but makes record keeping on much more difficult. Emails provide me with a record of both the reported links and the time/date I sent the notice to Twitter.
This is the kind of stuff that has been happening for a long time with the DMCA. Service providers do everything they can to erect roadblocks to creators who are trying to protect their work from online theft. While Twitter is not alone in this behavior–the real question remains–why are these companies allowed to repeatedly flout the law?
Meanwhile, even a small effort toward progress like the CASE Act, which would provide creators access to a modicum of relief via a small claims process, is being held up in the Senate by Ron Wyden at the behest of tech companies, some of which happen to be big donors.
Twitter’s DMCA “process” is simply one more in a long list of examples as to why the the DMCA doesn’t work. Big tech companies simply ignore the rule of the law and make efficient take-downs as difficult as possible on creators.
Web “security” provider Sucuri helps online pirates cloak criminal activities
As piracy has evolved and enforcement efforts increase, pirate entrepreneurs have been forced to set up shop in far offshore to avoid the long arm of U.S. law. What’s troubling is how U.S. companies help them evade the law by providing cover for their illegal piracy business while at the same time pocketing their own dirty profits in the process.
Follow along as I take an obstacle course–the type creators face every day trying to protect their work–to see the way U.S. companies–in this case GoDaddy owned Sucuri–help criminals cloak their activities and keep their illegal sites operating smoothly.
Start the hunt with Google Search
While Google claims to have cleaned up its act, the reality is that with a single search I quickly found a website featuring a cache of pirated movies. It wasn’t difficult.
No surprise, the 2nd Google result led directly to a site offering a cornucopia of pirated popular lesbian-themed films and television shows, both Hollywood and indie fare.
I chose an indie feature and with a click began my journey through the maze to uncover where the stream for the stolen movie was actually hosted.
Finding the actual source code is a huge pain….I was forced to click through a series of popup ads–after all, that’s how these online pirates make money. Finally, I used Firefox’s web developer tools to scan through the source code as the movie streamed and eventually uncovered the pirate link I was looking for.
When I clicked that link, I ended up at the actual full stream for the film.
You find the source. Now what?
Turns out the file is hosted on site called “gounlimited.to” but isn’t much help. As I discovered, and Torrent Freak has previously noted, this particular pirate website brags that it ignores the DMCA. and uses that fact as a selling point. Per Torrent Freak, this isn’t the operators only rodeo either, “Faced with a lack of stable ‘takedown resistant’ hosting providers to stream videos from, Bader decided to start one of his own, GO Unlimited.”
Of course, like all piracy sites, this operation is in the business of making money off stolen goods so its content is populated thanks to minions worldwide enticed by a cash rewards with payouts based on the number of eyeballs each illegal upload attracts. It’s the typical cyberlocker scenario. For the record, I will also be contacting PayPal to ask why they remain affiliated with this criminal operation, but I digress….
Since Go Unlimited brags about ignoring the DMCA and offers no contact information, the next step is to investigate registrar and host. The .to domain is popular among shady sites for a reason and information isn’t listed in the typical WHOIS database. The .to domain offers its own search, but offers little in the way of actual information. The registrar cares little about criminal enterprises.
What next? Turns out a U.S. based company, GoDaddy’s Sucuri is listed as the IP provider. Sucuri does business with a pirate website, but explains that its not responsible in its disclaimer (poor spelling aside) this way:
The Sucuri Firewall is a passthrough proxy WAF & CDN service. Sites using our service will point their DNS records at Sucuri IP’s, but all content is actualy (sic) hosted outside of the Sucuri network.
The excuse that they don’t “host” the content is a bit weak considering that the pirated data does flow through Securi servers on their way to the end user. Essentially the excuse goes like this, “We only provide the ingredients used to bake the cake, not the finished cake.”Pretty lame excuse. While perhaps legal, it certainly doesn’t seem moral. The question is, WHY do we allow U.S. companies to do business with sites that ignore U.S. copyright law?
In a further insult, Sucuri lists publisher Harper Collins as one of its customers. Ironic that Sucuri PR folks see no conflict of interest in servicing a piracy operator aside one of its potential victims. (Note book publishers and authors are suffering mightily due to e-book piracy).
So what’s the solution? Once again the DMCA needs to be updated for the 21st century. I’ve written about this issue extensively in the past, and you can read those thoughts here. Clearly, third parties who are knowingly complicit providing infrastructure for criminal enterprises need to be held to greater account when a client ignores the law.
Once again a possible path forward can be found by looking at the European Union. Last month a court in Italy ruled against Cloudflare, ordering the company to cease doing business with an illicit website.
The courts used the EU’s Electronic Commerce Directive 2000/31/EC, to justify its judgement against Cloudflare. The law cited provides a legal “framework” for electronic commerce. It’s time for U.S. lawmakers to enact similar safeguards for U.S. creators. Participating as a for profit player in the piracy ecosystem should not be a legal business model in the United States.
Unlike their counterparts in the U.S. who seem content with a creaky DMCA law more than 2 decades old, members of the European Council passed a directive to move copyright law into the digital age:
The Council today adopted a directive that modernises existing EU copyright law to pave the way towards a true digital single market. The new rules ensure adequate protection for authors and artists, while opening up new possibilities for accessing and sharing copyright-protected content online throughout the European Union.
It’s refreshing to see the rights of creators be taken seriously in spite of withering, and predictable, pushback from tech interests and their various astro-turf groups. Finally Google and others will actually have to arrange for proper licenses before monetizing the work of others.
Freedom on the internet, as in the real world, will continue to exist as long as the exercise of this freedom does not restrict the rights of others, or is illegal. This means that a user will be able to continue uploading content to internet platforms and that these platforms will be able to continue hosting such uploads, as long as the platforms respect the creators’ right to fair remuneration. Currently, the online platforms remunerate creators on a voluntary basis and only to a very limited degree, because they are not liable for the content they host and therefore have little to no incentive to strike deals with rights holders.
The directive will not censor. By increasing legal liability, it will increase pressure on internet platforms to conclude fair remuneration deals with the creators of work through which the platforms make money. This is not censorship.
Meanwhile, U.S. Congress remains under big tech’s thumb
Too bad our representatives in Washington seem uninterested in tackling this issue. It’s ironic to note that had Congress take action to rein in big tech, by establishing reasonable regulations mirroring those in the brick and mortar world, the institution itself would probably be a much more effective governing entity today. Instead our nation has spun into a miasma of social media manipulation and misinformation. Where Europe has stepped up, the US has fallen further and further behind.
Reasonable rules have always been the hallmark of civilized society and by allowing an entirely new online ecosystem to form (and fester) outside the bounds of legal scrutiny, a Pandora’s box was opened. It may be too late to close it
As an indie film and broadcast journalism veteran, I'll share my perspectives on issues of interest to the creative community and beyond--Ellen Seidler
