I saw the article refers to the Prenda Law saga, I just looked it up and saw the main protagonists had been sent to jail. This line from Wikipedia made me chuckle as sounds like the exactly like a game of the prisoners dilema
In 2019, Steele and Hansmeier both pleaded guilty in Federal court to a range of criminal charges related to and including extortion and fraudulent conduct, with substantial sums of their criminal proceeds to be reimbursed. Steele received a reduced sentence of 5 years due to his cooperation and Hansmeier, who had not cooperated, was sentenced to 14 years. [13]
"Protagonist" doesn't necessarily have a positive judgment attached to it, does it? I.e. if the main player in a story is the bad guy, we still say "protagonist"?
Not sure, but in a good vs evil story I think it does. I naturally assumed due to the implucation of an antagonist a protagonist always meant the subject of the conflict (every plot has a conflict they say). But you might be right, I can see how it can simply mean the center of a story.
Have anybody discussed how this[0] could complicate things?
The developer of the popular tracker, Opentracker, has built in a feature where it throws in bogus but real IPs when you ask for seeders.
It reduces efficiency for people who are trying to download from seeders that don't exist, but also introduces deniability because if you ask the tracker for a list of seeders your IP being on that list could reasonably explained as it being one of the bogus IPs.
To verify that your IP is actually seeding you have to connect and try to download from it, but does the act of downloading from a peer change the situation so it is actually some kind of entrapment or at least commiting to have done a crime as part of the investigation?
> ... does the act of downloading from a peer change the situation so it is actually some kind of entrapment or at least commiting to have done a crime as part of the investigation?
No.
It certainly wouldn't be entrapment and it's not "a crime" for you to download files that you own the copyright for (or, in these types of situations, have been granted permission by the copyright owner -- whom you would typically be working on behalf of -- to download).
In my opinion, the addition of the "bogus IPs" is pretty pointless. Once you've gathered a list of seeders, it's trivial to actually connect to them and verify that they are sharing (portions of) the file.
In fact, I would think you'd have to do that in order to be able to affirm that the file was, in fact, being "shared". You couldn't honestly state that it was if you didn't verify that to be true.
I can't recall the name of it now but the firm that does this stuff on behalf of HBO (or did, when I worked at an ISP and received e-mails from them) connects to the "seeders" and downloads (part of) the file(s) from them to verify that they're actually illegally sharing copyrighted content.
I agree with you in spirit but part of the reason copyright trolling even still exist is down to the fact that many judges presiding over the cases lack even a basic understanding of how any of it works.
An IP is a terrible way to identify someone and the judges who actually know a thing or two have already learned that.
The copyright trolling industry has worked its hardest to try and goose the legal process in their favor at all junctures and the reality is most judges just don’t have the knowledge to properly adjudicate these cases so the technical nuance of bogus IPs just doesn’t matter. In most cases the copyright trolls just make declarative statements about what their tech discovered. Some cases by more informed defendants have been tossed because they were unwilling to disclose how the data was collected.
Ultimately if you stand up to the copyright trolls, they usually stand down. It’s not worth them to actually fight. They’re hoping for the drive-by payout.
Unfortunately for humanity, and to great joy among trolls and three letter agencies, IPv6 is by construction (perhaps accidentally but that doesn’t natter) an excellent way in practice to identify a device, household and therefore a person (or small liable group)
Non of the ISPs in my area are offering IPv6 prefix randomization - if I want not to be correlated, I need to switch ISPs. I am staying with IPv4 for now.
I think installgentoo has a few interesting things on it but hopefully you're not confusing it with the actual gentoo wiki: https://wiki.gentoo.org/wiki/Main_Page
Is there any evidence that this “YTS” that we’re talking about right now is the real YTS? Whoever was behind YTS got into legal trouble a few years ago and shut down his site, leaving the markets to lots of copycats with YTS-inspired designs and domain names.
The next generation tracker will have to be something like what doctors do with "assisted suicide" instead of "euthanasia":
Different independent entities, each performing an action that is legal, that in the end lets the user get the link.
The real solution is to use Tor-like network where you're using multiple intermediate proxy-servers located in different countries with different laws. And make that network extremely popular for lawful content. So when you're downloading Ubuntu, some of your traffic will transmit encrypted parts of copyrighted cinema. You have no idea what are you transmitting, you're just obeying protocol (which you should, because otherwise peers will throttle you) and downloading legal content.
At this point US have to make that network illegal, causing huge collateral damage. Note that even torrents are not illegal, so it would be quite a precedent.
>The real solution is to use Tor-like network where you're using multiple intermediate proxy-servers located in different countries with different laws
There are a number of Tor like anonymizing networks already, and they're all slow as hell and unable to handle bulk traffic. This idea has been raised many times and it's never worked out. Compromises have to be made, and if you want good anonymity/privacy then speed is usually the first thing to go.
>And make that network extremely popular for lawful content
There are already plenty of distribution paths for lawful content that can be fast because they don't have to hide in the shadows. Where is the value add? How will you get media companies to buy in? Almost no one is going to willingly buy in solely on the basis of "we need your traffic to help cover our illegal file distribution".
>So when you're downloading Ubuntu, some of your traffic will transmit encrypted parts of copyrighted cinema. You have no idea what are you transmitting, you're just obeying protocol (which you should, because otherwise peers will throttle you) and downloading legal content.
That's basically how I2P operates (you have to contribute disk and bandwidth to the network to store and serve files, and you don't have the key to decrypt unless you happen to request a resource that's already locally cached), and it's extremely slow. Not to mention the risk that you end up storing and distributing the really illegal stuff like child sexual abuse materials, not just pirated movies, which is far beyond most people's risk/comfort thresholds. You can't have a network like this "just" for pirate media without it being abused for darker purposes, and a lot of people are simply unwilling to support that.
>At this point US have to make that network illegal, causing huge collateral damage. Note that even torrents are not illegal, so it would be quite a precedent.
They don't have to make it illegal, just so unusable that the vast majority of people don't bother. Which it already is. Which is why we use torrents instead of already having a solution like what you describe. Not to mention that it doesn't have to be illegal for carriers to try and throttle/interfere with it under the guise of traffic shaping and fair use.
That’s only a temporary stopgap before they convince a court or change the law so that being part of that chain with intent to infringe copyright is enough to get you sued.
I wonder if YTS users could go after the operator in court for its illegal conduct, or for its use of their personal data in particular. I'm guessing the site being illegal isn't relevant unless they personally have their copyrights infringed, but I wouldn't be surprised if this use of individuals' data without consent is illegal, especially if the shakedown letters turn out to be fraudulent.
Unclean hands doctrine. You can't sue someone when the complaint at issue is you doing something wrong. You'd have to find someone that didn't infringe on anything, and even then you'd have to fight an uphill battle. In the absence of a contract saying the data can never be shared, it's unclear what the cause of action would even be.
It would be up to the courts if you've done anything wrong though - downloading a torrent file isn't illegal, per TFA. Who's to say you followed through with a torrent client to use it?
> The harm is your IP address and other information being provided to a company that's trying to extort you...
If you get sued, you've suffered damages and you have a cause of action. You'd need to show that YTS wrongly provided your information, but in the hypothetical where you in fact did nothing wrong, that seems theoretically doable.
You might have a malicious prosecution case against the party that sued you. I still don't see a cause of action or damages against a third party that provided information that they likely would have been forced to provide in discovery anyway.
Especially since the operator is a UK company, subject to GDPR. This kind of trade with personal data is one of the big things GDPR is supposed to protect against.
Most EU law will continue to apply until/unless it is specifically repealed. National laws that implement the EU law are usually required for each country to implement the law in accordance with its own legal codes and structures.
The UK is still inside most of the treaties until next year, as there is currently a "transition period" in effect, but even when that ends, a lot of EU law will still be part of UK law.
I would also expect that they can only remove it after the end of the transition period. Being able to remove market protections while still being in the single market would give them an unfair advantage.
The UK's Data Protection legislation was fairly strong before GDPR made improvements. GDPR is applied by each member state's own laws aligning with GDPR. Hence I believe, in this specific case, nothing has (or will) change as Brexit reaches its conclusion.
The GDPR still applies in the UK, even after brexit. The EU has kind of a weird system IMO.
The main EU body decides on a thing. Then each country in the EU reads the thing, and enacts legislation that does the thing. Notably, each country in the EU write their own legislation such that the main EU thing is satisfied. The EU itself doesn't make laws/legislation.
What is the legal drinking age in the United States? Trick question: the US has no legal drinking age. The interstate highway act stipulated that if the federal government is going to spend money to build freeways in a state, the state has to enact a drinking age of 21 years. There's a crapload of money tied up in this, so all 50 states have set the legal drinking age to 21 years.
So if a state seceded from the union, while many federal US laws would no longer apply, the legal drinking age of 21 years would still apply, because that is a state law.
The thing about the EU is that every law is like that. They're national laws that are mandated by the EU. The UK has a GDPR law, France has a GDPR law, Germany has a GDPR law, etc. Presumably the UK will go through its books at some point and make adjustments as they see fit, but that hasn't happened to the GDPR.
Per Wikipedia, "As the GDPR is a regulation, not a directive, it is directly binding and applicable, but does provide flexibility for certain aspects of the regulation to be adjusted by individual member states."
For most practical purposes, the transition treaty makes it as if the UK was still part of the EU until the end of the year.
I believe many member states did also implement it in local law, since they already had privacy laws and just adjusted them to be GDPR-compatible, but the GDPR would also apply directly.
I'm surprised there aren't torrent trackers that run on Tor available (or maybe I just haven't heard of them). Seems like it would be a perfect way to avoid both shutdown and the service's ability to identify its users. Am I missing something?
But the real danger with torrents is when you're actually sharing the data. Any of the IPs you connect to could be a malicious peer who will later track down your IP through legal channels and send you abusive notices.
I guess the way to protect yourself there is to torrent only over a VPN or through a seedbox.
End game then is VPN providers get sued for piracy. So people use VPN providers in uncooperative jurisdictions. Then VPNs eventually get coopted into sharing user information as IP owners invest more over time in copyright enforcement.
Yes, VPNs (or even Tor) can only work till a limit. Any technical solution can always be legislated as illegal and solved. So the real dispute is political and will be won or lost there. Right now though except in some places, ordinary masses are loath to be politically active or informed, and this suits the few in power very well.
> Yup. I use ProtonVPN on account of its Swiss jurisdiction and no-logs policy.
Can switzerland even be considered "non-cooperative"? I mean, most people probably think so because of their reputation as a an "offshore bank", but that's been eroded due to the passing of FATCA.
Switzerland is interesting from a copyright aspect in multiple ways:
- Downloading copyrighted material, even from obviously shady sources, is perfectly legal.
- Sharing said material with your friends, even if you obtained it from an obviously shady source, is perfectly legal.
- Sharing it with random strangers (as happens while torrenting) is not legal, but hard to prosecute, because:
- private companies collecting IP addresses to sue uploaders violate privacy laws, and thus commit a crime themselves (!) [1]
I didn't check, but I'd also assume:
- That ISPs and VPN providers aren't required (and quite likely even aren't allowed) to disclose the identity behind an IP address to a private entity
- That VPN providers (unlike ISPs) aren't required to maintain such logs, and thus typically don't.
For comparison, in Germany, downloading from "obviously illegal" sources is prohibited, further sharing a copy from such sources among friends is prohibited (and since breaking copy protection is prohibited too, having a DRM-free copy of the content is a pretty strong indicator that it comes from an illegal source - unless you got it from a Swiss friend...).
Yep, I'm gonna give a second request for what i2p is? Seems to be similar to tor? Can someone explain the differences? (Sorry for what might be a very elementary question)
Is there a single i2p universe or do you have separate self hosted instances. What does i2p offer that Tor doesn’t? Are there active sites or communities it is it just a routing layer?
It makes more sense in the context of a larger hypothetical infrastructure. If BitTorrent clients also had the option to publish their open port as a Tor hidden service, then they could register with a tracker that's also a hidden service, entirely over Tor; and then use the tracker to discover the Tor hidden-service addresses of other BitTorrent clients to connect to.
You could also run the BitTorrent Kademlia DHT on top of Tor, without any explicit tracker needed; just with Tor hidden-service BitTorrent client nodes publishing the hidden-service addresses of other client nodes to the DHT ring.
(I often wish that the Tor overlay network was IPv6-based; then "hidden-service addresses" could just be IPv6 addresses in a particular IPv6 public subnet, reserved to represent the Tor overlay network. Then client software wouldn't need to know anything about Tor in order to take advantage; making a client "only operate over Tor" would just be a matter of giving the client an IPv6 subnet mask to restrict what it was willing to connect to; or putting it in a network namespace that was so-restricted.)
I have toyed with DHTs successfully over Tor and it works work fine, but that's just peer discovery. If large data transfer doesn't go over Tor, you're still exposing your IP. If large data transfer does go over Tor you're potentially harming the network (even if it's just to onion service) by over using relays (and Tor actively discouraged BT use over the network). There are alternatives like Tribbler, but none popular enough.
Also onion service v3 addresses, which are entire ed25519 public keys, won't fit in an ipv6 address (haven't checked base 32/36/whatever for v2 onion addresses, but surely also won't fit in, say, a /64).
If the tracker itself is also on Tor, you don't need exit nodes, which are probably the most limited resource in the Tor design due to the legal challenges of running an exit node. And while normal Tor clients use a 3-layer design, a reduced number of layers might be good enough for torrent users. If the torrent client participates in the tor network, that would also help.
I believe a bit of both. I'm no expert on it, so my response here may not be completely accurate.
Tor relays, while more numerous than exit nodes, are still limited (we're discussing a custom onion service communication setup here, not using Tor for general purpose BT which would use exit nodes). Anyone can run one, and please do so if you have good bandwidth each way. Relays are opt in because not only does it open you up to lots of bandwidth usage, but Tor shouldn't default to running a relay for those that may be philosophically opposed. Relays pass all data through anonymously and encrypted, but some still may not feel comfortable doing it. So there are limited operators.
As for the nature of Tor itself, to keep both the client and onion service operator anonymous, they communicate through a rendezvous which means a Tor circuit for each side (each Tor circuit is 3 hops iirc). And geographic distance is intentionally disregarded, so it may traverse the world multiple times over.
I have considered running a private Tor network with directory servers replaced with a DHT, forcing everyone to be a relay, and then essentially running a private BT over that, but it'd need significant adoption to be viable. Also, there may be Tor limitations in huge numbers of relays (and definitely issues with slow relays), I haven't checked. Finally, in addition to traffic analysis attacks that always exist, it is believed iirc lately that federal agencies are sitting on Tor exploits (granted may only be for exits and/or Tor browser).
People seem to think this is some sort of betrayal, but anyone could have done it. The whole point of trackers is to allow anyone to get a list of peers who have the same torrent. If anything, this gives me a startup idea: archive.org, but for torrent swarms. Scrape public torrent sites, grab all their torrents, for each torrent connect to their associated tracker and grab their peer list periodically. You can even try connecting to them and grab a few bytes to confirm they're actually uploading. Now you have a list of IPs known to have committed copyright infringement. Sell this list to copyright trolls years/months later for $$$.
Super funny because this shows approximately five or six different people's downloads for my ip address from their porn tastes, movie language preferences, etc
And this is why I use the built-in reboot functionality on my (Asus) router: getting a new IP address every day helps improve privacy. I use Safari as my daily browser and have cookies blocked by default, allowing them only when I need to log into a site (e.g., posting a comment on HN or Reddit, banking stuff).
If anyone wants to track me they have to do browser fingerprinting or talk to my ISP about getting the PPPoE login logs for the IP in question.
> Except if they have a time and date, and IP, your ISP will know who that IP belonged to at that time. No fingerprinting necessary.
As I wrote IN MY POST:
> If anyone wants to track me they have to do browser fingerprinting or talk to my ISP about getting the PPPoE login logs for the IP in question.
If I really want to hide my activities I will use Tor, but for the day-to-day stuff of avoiding ad trackers a daily reboot and cookies-off setting is Good Enough™ (for me).
The people you really need to be worried about when it comes to torrenting if you're downloading illegal content, are anti-piracy groups. They will reach out to your ISP, and if they don't comply, they will sue them to comply. Most ISPs (at least the big ones) don't care enough to lose money on a lawsuit and they'll rather easily comply.
Changing your IP daily is not meaningful within the context of piracy on torrents.
reboot every 15 minutes is better, if your client is set up properly it willtolerate it. I know someone who does that by default for any BT sessions and it isnt very painful also look for a block list and keep up on IP addresses
Nice tool! At least now I know the egress IP of my Lightsail/EC2 instance running WireGuard has zero history when it comes to torrent traffic.
I always switch from my personal to a commercial VPN if I need to do anything that could be construed as questionable, or whenever I need both privacy as well as anonymity.
As others have already mentioned, some trackers poison the well with random IP addresses so that getting peer lists from trackers alone is not confirmation that that peer actually is sharing that torrent.
I've got to call bullshit on that site. It comes up with a "likes porn" tag, claims porn downloads, and has a huge VPN ad at the top. That's seems like sketchy, fake, scareware tactics to me.
AFAIK trackers would randomly put IP addresses into the peer lists that they return, to provide plausible deniability for everyone[1]. If the site just grabs the peer list without validating them (ie. attempting a connection), that might be responsible for the false positives.
That's extremely unlikely. It says last seen at 8:30 AM on Thursday which makes no sense. I have a dedicated VLAN that routed over a VPN for anything not 100% super legit.
You must be somebody else's VPN. As it were. There are plenty of uses for pwned machines. Since they are free, the uses don't even need to makes sense.
No, I ran a test through two linux VPSes that I control, and both of them show me downloading something I didn't. I'm reasonably sure that neither of my boxes were compromised, although if we want confirmation we can get someone who works at a hosting company to check with an IP that hasn't been routed in months. I posed a explanation in a sibling comment: https://news.ycombinator.com/item?id=24256890
A decade ago, I worked for an ISP and we got hundreds of emails a day that matched this pattern. The copyright trolls had this idea a long long time ago :).
I was always curious why the website told me to register, felt very suspicious. Some torrents are restricted to users, weirdly.
Not to mention the occasional shady popup ads.
The weirdest thing about YTS, is the high quantity of very low-quality movies it has. I mean things you would not watch even if it was free. It makes it impossible to really pick anything.
So in doubt and in paranoia, I would say that I have low trust for YTS.
One big draw is that they get around to rare movie requests in weeks to months for members. Their website is the most popular daily feed people sit on for the trickle of any thing good so they must be doing something right. Though I had to make a violentmonkey script [1] to auto hide all the b-grade dumps of late.
seedr.cc, bitport.io, zbigz.com, offcloud.com exist to solve exactly this problem. Downloading openly from public trackers is extremely risky. Even private trackers have been known to be monitored by DMCA agencies[0].
How is giving your credit card to these companies any more secure? For all i know they could be selling the user registration data with payment info to some lawyer.
The main question to ask her is why is YTS throwing their users under the bus? Were the operators of YTS threatened with lawsuits? Or is YTS being run as a honeytrap to lure unsuspecting users with the intention of eventually receiving copyright settlement money kickbacks?
Seems like the strategy here is to go after low hanging fruit (people who create user accounts and people who don't use a vpn) using scare tactics with no intention of actually prosecuting.
> Were the operators of YTS threatened with lawsuits?
7th sentence:
> The background to this ‘partnership’ appears to have its roots in cases where YTS itself was sued by attorney Kerry Culpepper for copyright infringement.
In 2019, Steele and Hansmeier both pleaded guilty in Federal court to a range of criminal charges related to and including extortion and fraudulent conduct, with substantial sums of their criminal proceeds to be reimbursed. Steele received a reduced sentence of 5 years due to his cooperation and Hansmeier, who had not cooperated, was sentenced to 14 years. [13]