U.S. firms enable scammers to bait consumers and steal personal info
Spam and scams have become a way of life. Every day my in-box is full of emails warning that my Apple, PayPal or Wells Fargo credentials have been compromised and instructing me to click a link to restore my good standing. Of course, I’m well aware these are scams but clearly there are many who aren’t.
The same thing holds true with websites. It’s a well-known fact that for many–if not most– piracy peddlers, online malware supplies their lifeblood, their income. The Digital Citizens Alliance* just release a new study highlighting the role U.S. companies are playing in support of this scourge.
In the case of content theft, the pirated movies, TV shows and music is the draw. Bad actors dangle free content, consumers take the bait, and the end result is millions of identities at risk and billions of dollars stolen. Then these computers are taken over to wreak more havoc, causing a nightmare for everyone from Internet users to advertisers who get defrauded, to corporations blackmailed into paying off hackers who threaten to use those rogue computers to launch attacks.
While these rogue sites are run by overseas operators, the DCA found that many are hosted by companies headquartered here in the United States. The study singles out two U.S.-based firms, CloudFlare and Hawk Host as routinely offering up services to malware infested sites.
CloudFlare helps these criminals mask their locations by shrouding their network hosting and domain info:
In order to utilize CloudFlare’s CDN, DNS, and other protection services customers have to run all of their website traffic through the CloudFlare network. The end result of doing so is masked hosting information. Instead of the actual hosting provider, IP address, domain name server, etc., a Whois search provides the information for CloudFlare’s network.
When researchers at the DCA contacted CloudFlare for comment, they received the typical boiler-plate, we aren’t responsible for our customers response:
CloudFlare’s service protects and accelerates websites and applications. Because CloudFlare is not a host, we cannot control or remove customer content from the Internet. CloudFlare leaves the removal of online content to law enforcement agencies and complies with any legal requests made by the authorities. If we believe that one of our customers’ websites is distributing malware, CloudFlare will post an interstitial page that warns site visitors and asks them if they would like to proceed despite the warning. This practice follows established industry norms
-DCA
The DCA’s investigation into Hawk Host highlighted the same scenario. Use pirated films and music to attract visitors and entice them to download malware (before they can download the pirated content). The response from Hawk Host was somewhat different in that their tech support staff agreed that the malware sites reported by the DCA were indeed violating the companies terms of service and should be closed. According to the report:
After an exchange of information, Hawk Host agreed the sites did violate their policies and told Digital Citizens the sites would come down. Cody Robertson (Chief Technical Officer) said the sites “clearly violate our TOS / AUP.” He did add that it would be impossible for Hawk Host to audit all of the 100,000-plus sites they host and that they would continue to rely on abuse reports. Hawk Host’s swift action is an encouraging sign and Digital Citizens is hopeful that the company will continue to take steps to protect Internet users from malicious content.
This is a step in the right direction. For many websites, piracy is a means to and end and in order for win the fight against it, the problem must be tackled on many fronts from search, to infrastructure, to income. The threat of the public being victimized by malicious malware only adds to the damage done by online pirates. You can read the entire DCA report here.
YouTube users claim Fair Use as a defense for uploading full copies of pirated movies
There was a lot of talk about fair use and takedown abuse at last week’s U.S. Copyright Office Section 512 roundtables in San Francisco. Many of those who spoke, bemoaned how poor, innocent uploaders were victimized, time after time, by malicious DMCA takedowns.
It’s a tried and true talking point, convenient, but disingenuous all the same. Some of us, myself included, tried to make the point that creators, whose work is routinely (and massively stolen), are often (doubly) victimized bymalicious fair use claims.
I thought I’d share an example of this that occurred just this week on YouTube. On Tuesday a full-copy of the Swedish indie film “Kyss Mig” (all 147 minutes of it) was uploaded to YouTube by a user aptly named “Free Movies.” As an added flourish, the user-name included the notation, “free movies bitches.”
In this instance YouTube’s Content ID system worked as intended. The Content ID user (an indie film distributor) had set the system to block uploads of a certain length in its territories. Even though the video was a full, pirated copy of the film, it wasn’t taken down, it was simply blocked. So far, so good right?
Wrong…This YouTube user didn’t seem to think the rights holder had the right to block the full, infringing copy and promptly disputed the block. S/he stated the reason as being:
Approval from copyright Holder is not required. It is fair use under copyright Law.
The user also added a note: “I don’t need to explain.” Clearly Free Movies didn’t bother to read YouTube’s information on disputing a claim or its explainer on fair use.
Despite all the testimony at last week’s roundtable about fair use–and how copyright holders seek out to punish those who claim it using malicious takedowns–it’s worth pointing out, yet again, that for every legit “fair use” claim, there are also false, and rather malicious, abuses of that defense. It’s a fact conveniently overlooked by the anti-copyright apologists.
Bogus “fair use” claim on YouTube
Take a gander below at the actual screen caps documenting this bogus “fair use” claim. Hopefully, officials considering DMCA reforms will acknowledge that creators can be twice victimized by abusive fair use claims.
I did in fact “reinstate” the claim (on behalf of the indie distributor I work for) so we’ll have to wait and see if this user goes on to file a counter-notice. If s/he does so, the film, in its entirety, will return to YouTube even though it’s CLEARLY infringing because we don’t have the financial resources to enforce the removal in federal court.
I’ve had the same thing happen after full pirated copies of our film were uploaded to YouTube. For creators trying to protect their work it’s a lose, lose…Perhaps YouTube should require it’s users to review “fair use” and “copyright” before they are allowed to uploaded content of a certain length? Why should creators be twice victimized while uploaders walk away unscathed?
139 DMCA NOTICES LATER, NOTHING CHANGES FOR THE GOOGLE DRIVE ACCOUNT
As I wrote previously, Google seems to ignore its own pledge to disable accounts of repeat (piracy) infringers. Today I sent another 31 DMCA takedown requests this week (170 over several months) reporting this same account for copyright infringement on behalf of indie film distributors I represent. So far, Google has removed 139 pirate links since last Aprilyet the account remains online sharing links to several hundred pirated films. I ask again, why is this account still active? After all, isn’t eligibility for protection under “safe harbor” dependent upon implementing a reasonable repeat infringer policy?
(i)Conditions for Eligibility.—
(1)Accommodation of technology.—The limitations on liability established by this section shall apply to a service provider only if the service provider—(A)has adopted and reasonably implemented, and informs subscribers and account holders of the service provider’s system or network of, a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider’s system or network who are repeat infringers; and(B)accommodates and does not interfere with standard technical measures.
All these DMCA notices were reporting links from one Google Drive account
Respect copyright laws. Do not share copyrighted content without authorization or provide links to sites where your readers can obtain unauthorized downloads of copyrighted content. It is our policy to respond to clear notices of alleged copyright infringement. Repeated infringement of intellectual property rights, including copyright, will result in account termination. [emphasis added] If you see a violation of Google’s copyright policies, report copyright infringement.
Of course Google no one at Google will respond to queries, so I guess creators are left, once again, to ask “How much is enough?”
The threat of malware could turn people away from piracy
Last week the Digital Citizens Alliance (DCA)* released a study that found websites offering free, pirated content were rife with malware. According to the report, 33% of content theft sites exposed users to malware. Every month 12 million U.S. visitors to these sites open themselves up to the theft of personal data, or worse.
To assess the impact that this malware threat might have on American’s web surfing habits the DCA conducted two surveys on December 10-13.
The first examined behavior and opinions of 1,000 Americans, while the second focused on 500 Americans aged 18-29 (an age group more likely to partake in piracy). The main takeaway–once people realize malware is a threat–is that respondents would be much less likely to visit these sites.
Fifty-three percent of Americans aged 18-29 acknowledge having visited content theft sites, nearly three times as much as the overall population.
Seventy percent said that they knew these websites illegally offered content, while 13 percent said they knew it was “wrong” but weren’t sure if it was illegal or not.
Sixty-three percent said that if visiting these content theft websites exposed them to malware they would steer clear of them in the future.
Figures for all age groups show an even great aversion to the malware risk with 82% reporting they’d steer clear of such websites. This, coupled with the growing influence (and traffic) of legit streaming sites like Netflix give some cause for optimism in the ongoing battle against online pirate profiteers. Below are more results from the survey.
*Disclosure-I’m a member of the Digital Citizens Alliance Advisory Board
MUSO’s Global Piracy Insights Report 2016 – Click for more
A report in today’s Torrent Freak noted that content protection firm (anti-piracy) firm Muso recently released its annual Global Piracy Insights Report for 2016 so I was prompted to take a look to see what what’s new on the piracy landscape. According to the report there’s been a, “massive shift towards direct downloads for music content – growing by 31% in 2015” In addition the report found that “28% of all visits to piracy sites in 2015 were through mobile devises, up 8% during the year.”
Viewing habits for pirated movie watchers also seems to have shifted over the past year as more and more users to viewing streamed content instead of downloading torrents. The study examined traffic from 14,000 pirate websites, encompassing 141 billion visits, and according to an analysis of the report on Advanced Television, discovered this trend:
Out of a total 78.49 billion film and television piracy site visits, 73.69 per cent (57.84 billion) were visits to streaming sites…the second most popular piracy delivery type was torrents, capturing 17.24 per cent of audience visits.
The report is available to subscribers only so I cannot delve deeper into the figures but I’m not surprised to see streaming gain a growing foothold as the favored viewing platform. Pirates, like the rest of us, have grown accustomed to watching shows streaming on Netflix, HULU and Amazon. It’s no wonder the same patterns persists when watching pirated fare.
For those who care about the impact of piracy on musicians, comes this unfortunate news:
2015 saw a 25% rise in the use of YouTube ripper sites, used primarily for downloading mp3’s from YouTube music videos. The ripper piracy from mobile devices overtook piracy from desktop devices, growing by 46% last year. The usage of these sites is far larger than many realise, in fact making up 17.7% of all visits to piracy sites for music content.
One piece of apparent good news from the report is that, according to MUSO researchers, “…piracy levels remained relatively throughout the year, with a 5% overall decline.”
Andy Chatterley, MUSO CEO ultimately focuses on what can be gained by studying these trends noting the report as helping creators develop a framework by which nudge consumers in better (legal) directions:
This report gives a complete picture of the piracy landscape and identifies key insights into piracy audience and behaviour. The Global Piracy Report is hugely valuable to right holders and for the first time looks at all forms of piracy traffic and not just p2p usage. In understanding the scale and mechanism of the audience we can be better informed to re-connect this audience to legal content.-MuSO press release
The report also found that streaming piracy in both the United States and UK was trending down, “likely to be due to legal music and video streaming services such as Spotify and Netflix.” But, before celebrate too much it also noted that in many countries, streaming piracy is actually increasing. What’s that old saying, two steps forward, one step back?
As an indie film and broadcast journalism veteran, I'll share my perspectives on issues of interest to the creative community and beyond--Ellen Seidler
U.S. firms enable scammers to bait consumers and steal personal info
