Friday, August 21, 2020

TorrentFreak's Latest News

 

Anti-Piracy Outfit Hires VPN Expert to Help Track Down The Pirate Bay
Andy Maxwell, 21 Aug 08:08 PM

The Pirate BayTracking down, prosecuting, blocking and otherwise trying to prevent The Pirate Bay from operating has become an entertainment industry project for the last 15 years.

The torrent site has faced more adversaries than any other on the planet yet today the site remains stubbornly online. Exactly where and operated by whom remains either a mystery or a topic of speculation.

After a period of what seemed like calm, this year it became clear that the site's old enemies, Swedish anti-piracy group Rights Alliance, were again working to get closer to the site and its operators.

We've covered the back story in detail but in summary, the site is alleged to have used Swedish VPN provider OVPN to hide its true location and Rights Alliance is now engaged in legal action to get its hands on whatever information the VPN provider may hold.

A No-Logs VPN Provider Has Nothing to Hand Over

From the beginning, OVPN has insisted that it is a no-logs provider, meaning that it should be impossible for anyone to identify who was using its service to either surf the Internet or, in The Pirate Bay's case, use the platform as an anonymous exit point to hide its true location.

The battle is playing out in court in Sweden, with OVPN insisting that it has no useful data to hand over and Rights Alliance insisting that it has. Thus far the court seems to have leaned towards OVPN's claims, that it carries no logs and as such cannot hand over any information. However, the anti-piracy veterans at Rights Alliance, who have years of experience under their belts, are refusing to let the matter drop.

Expert Witness Who Penetration Tests Top 10 VPN Providers

The most recent move, playing out this week, is that Rights Alliance has provided testimony from an expert witness, one that has masses of experience in the VPN field.

The name 'Cure53' may not sound familiar to regular Internet users but the cyber-security company is well known for its first-class abilities in penetration testing. So much so, in fact, that the company has audited some of the most popular VPN providers in the world, including Mullvad, Surfshark, and TunnelBear.

Given its experience in the field, it's no surprise that Rights Alliance has also sought the expert opinion of someone involved in Cure 53 to assess this VPN-related matter. Importantly, there doesn't appear to be any conflict of interest here, since the conclusions drawn are purely technical in nature and rely on experience and general facts, something we will touch on later.

Security Expert: OVPN May Have Info About The Pirate Bay

The expert opinion, which appeared in court documents reviewed by TorrentFreak this week, is from Jesper Larsson, who works at security company Ox4a but is involved with Cure 53 where he "regularly" performs penetration tests against the "ten largest VPN Providers in the world."

His testimony reveals that he has been commissioned by Sara Lindbäck of Rights Alliance to comment on how a VPN service works and specifically, what information might potentially be stored at OVPN in relation to The Pirate Bay.

"It is clear on OVPN's website that it strives to protect its users; privacy by storing as little user data as possible in their databases," the testimony filed with the court and obtained by TorrentFreak reads.

"Although [OVPN] strive to store as little data as possible, there must be data connecting users and identities to make the VPN service work. In this case, a user has paid for a VPN account with the ability to connect a public static address to OVPN which the user has then chosen to link to the file sharing site 'the piratebay', i.e the user has configured his VPN account to point to the given domain."

As previously reported, the alleged use of OVPN by The Pirate Bay differed from that of a regular user. Instead of anonymizing a home connection, the site reportedly used the provider's Public IPv4 add-on. While that tool is covered by exactly the same no-logging policy, in this case a static IP address was connected to the service by a specific customer. The word 'static' is crucial here and also a recurring theme.

"For this type of configuration to be possible, data about the configuration must be stored at OVPN at least during the time when the account is active," Larsson continues.

"It should be considered extremely likely that the user or identity associated with the above configuration is stored in a user database where a given user can be connected to the VPN configuration, configuration regarding where the static IP address should be pointed to, and payment information that should describe how long a given account is active and which payment method the user has used.

"OVPN should thus be able to search its VPN servers for the given IP address, or alternatively search in their user databases or in backups of these to locate a given user or identity," the security expert adds.

As a technical assessment from an outsider, there is nothing at all wrong with this testimony. However, our earlier conversations with OVPN when reporting on the Rights Alliance/movie company case have already revealed that the matter is not so straightforward and there are significant caveats to be considered.

Static IP Addresses Can Be a Privacy Issue for VPN Users of All Kinds

Many top VPN providers provide exit IP addresses that are shared by many of their users. This means that a single public IP address could relate to tens, hundreds or even thousands of users. This provides an enhanced level of anonymity when a provider also carries no logs.

For various reasons, however, some users require an IP address that doesn't change which, as we reported recently, can make users much easier to identify. This is because a static IP address doesn't typically doesn't change (or rarely changes) so if a VPN user has been allocated a dedicated IP they can, in theory, be easier to trace.

In the case of OVPN and The Pirate Bay's alleged use of the service to connect to a static IP, this aspect has already been covered.

"[W]e can not provide any information as to who had a specific Public IPv4 address at a specific date, as users are free to change Public IPv4 address at will, and another user might have been using that Public IPv4 address at that time," OVPN said about this aspect of its service.

However, if someone made a request right now about a connection that is live right now, it may be able to provide some information. After all, the connection is live and logs aren't necessary to see that.

"We can see who is allocated a static IP address right at this moment, but we can't go back in time and check who had it at a specific date," OVPN's David Wibergh informs TF, appearing to echo the statement of the expert who said, "..data about the configuration must be stored at OVPN at least during the time when the account is active."

OVPN: Searching Backups Won't Reveal The Information

The security expert's report suggests that OVPN could go through its backups to locate a user, in this case The Pirate Bay. Interested by this prospect, we asked Wibergh about the company's backup regime – could this reveal information about The Pirate Bay and its location in cyberspace? Apparently not.

"We take backups of our production database multiple times per day in order to prevent any possible data loss. The backups however are automatically deleted after a few days, so the backups that actually could show which user account was allocated the IP address were already deleted when the injunction was filed," he explained.

Could a User Account Be Connected to The Pirate Bay?

At this point, with The Pirate Bay now presumably long gone, with logs non-existent and backups long-deleted, a username on its own may not be particularly useful. However, if we work on the theory that one could be retrieved, it would be down to the specific user of the service whether they could be traced from that.

OVPN says it doesn't require users to provide an email or physical address and is happy to accept Bitcoin or cash but, as a privacy company, it won't tell us anything about a specific user, even if that alleged user is connected to The Pirate Bay.

Finally, it's worth repeating once again that the complications in this case, at least in respect of VPN security, is that The Pirate Bay's alleged use of OVPN required the allocation of a static IP address. When regular users of decent no-logging VPNs are allocated a dynamic IP address or one that's shared by countless other users, these issues should not raise their head.

From: TF, for the latest news on copyright battles, piracy and more.

Copyright Holders Intervene to Support Canadian Pirate Site Blocks in Court
Ernesto Van der Sar, 21 Aug 11:10 AM

canada flagTwo years ago, Canadian broadcasting giants Groupe TVA, Bell, and Rogers took the relatively small pirate IPTV service GoldTV to court.

What started as a simple copyright lawsuit soon became much more than that. With the pirate service failing to respond in court, the rightsholders requested an injunction to require local ISPs to block several related domain names.

This request met pushback from some ISPs but to no avail. Late 2018, Canada became the first North American country to require an ISP to block a pirate site or service.

Site Blocking Appeal

This blockade is still in place today but Internet provider TekSavvy has continued to object. The company filed an appeal at the Federal Court, which is ongoing. This raised the interest of several third parties, who all want to have their say in this important matter.

Earlier this month, the .CA domain registry and CIPPIC filed their interventions, arguing that blocking injunctions violate the Copyright Act and Telecoms Act.

On the other side of the spectrum, several copyright holders also asked the court to be heard. This request was approved under the condition that they would file a joint submission.

Copyright holders Intervene

TorrentFreak obtained a copy of the memorandum, submitted on behalf of the Premier League, Music Canada and the Publishers Association, among others. As expected, they back the blocking efforts.

In their submission, the copyright holders paint a grim picture of an Internet that's full of illegal activity. This includes pirate sites and services that are nearly impossible to stop. Site blocking is one of the only options they have to counter the threat.

"Offenders operate under cloaks of anonymity, operating download and streaming sites and servers typically from outside Canada, flouting court orders, and undermining the rule of law. Voluntary takedown requests are ignored or deteriorate into a futile game of whack-a-mole," the submission reads.

"Claimants have few if any direct means of enforcing court orders against such offenders. Blocking orders to be implemented by Internet service providers ('ISPs') are one of the only means available to disrupt these and other illegal business models."

In isolation, these comments will do little to convince the court, but they represent just the introduction to a series of legal arguments. TekSavvy's appeal challenges whether the court has jurisdiction over this matter, but the rightsholders believe that this critique is unwarranted.

The blocking order is in line with international treaty obligations, they counter. In addition, they don't see the Copyright Act as a stumbling block either.

No Net Neutrality for 'Unlawful' Traffic

The same is true for net neutrality. Canada's net neutrality policy doesn't allow Internet providers to block domains or specific traffic types. However, the copyright holders note that this doesn't apply to 'unlawful' traffic.

"Although the precise scope of net neutrality is not universally agreed upon or well-defined, it is clear that the international consensus is that it does not operate to
protect unlawful conduct.

"There is no basis to suggest that Canada has diverged in that respect from analogous jurisdictions," the copyright holders write.

Copyright Trumps Freedom of Expression

Aside from the jurisdictional matters, TekSavvy and other interveners also raised concerns about freedom of expression, which is a human right. The copyright holders, for their part, counter that copyright is a human right as well.

They don't believe that freedom of expression is at stake here, but even if it is, copyright would weigh stronger in this particular case.

"Even if free expression interests were engaged, which they are not, they would be outweighed in this case by the harm to expression from massive global piracy of creative industries.

"Courts around the world with strong freedom of speech rights have found that blocking orders do not violate those rights," the intervention adds.

Based on these and other arguments the copyright holders ask the court to uphold the federal court ruling and keep the blocks in place. It is now up to the court to go over all submissions which will then lead to a final decision.

Whatever the outcome, the case is no longer just limited to the GoldTV service. It will determine if other 'pirate' sites and services can also be blocked in the future, which has the potential to impact millions of people.

A copy of the intervening memorandum of fact and law, submitted on behalf of the copyright holders, is available here (pdf).

From: TF, for the latest news on copyright battles, piracy and more.

 
 
Powered by Mad Mimi®A GoDaddy® company

No comments: