Monday, May 8, 2023

TorrentFreak's Latest News

 

Poking Nintendo: Why the 'Lockpick' DMCA Blitz Should Surprise Absolutely No One
Andy Maxwell, 08 May 11:14 AM

lockpickNintendo's N64 console went on sale in Japan in June 1996, selling for ¥25,000 (around US$185). By the end of day one, all 300,000 units had sold out.

For hardcore gamers in Europe facing a release date eight months away, importing an N64 was a tempting but expensive option. Adjusted for inflation, imported Japanese N64s changed hands for the equivalent of $1,400 in today's money; a copy of Super Mario 64? A snip at $165.

Months before the console was finally released in Europe, N64 went on sale in the United States. Imported into the gray market in Europe, US cartridges were cheaper than their Japanese counterparts. Unfortunately, Japanese console owners soon found that while US cartridges would play on their machines, Nintendo had ensured that they wouldn't physically fit in the slot.

The restrictions could be removed by dismantling the N64 but removing Nintendo's security screws required a special tool that was difficult to source. Jumping through these hoops to play a genuine cartridge on a genuine console not only felt ridiculous but probably amounted to a breach of license/copyright. Had Nintendo's slot shenanigans been in digital form today, circumvention would likely constitute an offense under the DMCA.

Yet, despite Nintendo deploying tactics equivalent to these across many consoles spanning decades, some people appeared surprised by news of Nintendo's latest circumvention crackdown. The gaming giant couldn't prevent its special screws from being removed in private homes but, since the modern equivalent is playing out in public, action was always inevitable. Only the timing was in question.

Nintendo Targets Lockpick_RCM & Lockpick

News of Nintendo's decision to target Lockpick_RCM & Lockpick first appeared in a tweet posted by Simon Aarons. In common with many others, Aarons forked the tool on GitHub, and when Nintendo filed a DMCA notice to have Lockpick taken down, he received an early heads-up and decided the internet deserved one too.

lockpick-tweet

In layman's terms, Lockpick_RCM & Lockpick allow Switch owners to extract encryption keys for use in other software including hactool, hactoolnet/LibHac, and ChoiDujour.

At that point, there's a fork in the road. The road on the right leads to homebrew and emulation, which developers and some parts of the modding community insist is the only way. The road branching to the left is somewhat darker, leads to piracy, and puts Lockpick and those dependent on it in jeopardy.

Nintendo Doesn't Mention Emulation Directly

Some believed this ambiguity was enough to keep Nintendo at bay but, as this tweet attempts to explain with the help of ChatGPT (and forgiving the first Bowser reference), Nintendo now fears the worst.

lock-description

The DMCA notice submitted to GitHub is yet to be officially published, and at the time of writing, the repos haven't been taken down either. GitHub often grants developers a short period of time to address complaints filed by rightsholders, to avoid entire repos being unnecessarily removed. According to Nintendo's take on events, not much can be done short of removing all functionality.

The company explains that the Switch contains multiple technological protection measures, including those that permit the console to interact exclusively with legitimate Nintendo video game files. In summary, this prevents users from playing pirated copies of Nintendo's games on Switch devices but also prevents users from copying and playing games on devices that are not Nintendo Switch. An emulator reference, presumably.

Nintendo: Circumvention of TPMs is Illegal

"The reported repository offers and provides access to circumvention software that infringes Nintendo's intellectual property rights. Specifically, the reported repository provides Lockpick to users," the complaint reads.

"The use of Lockpick with a modified Nintendo Switch console allows users to bypass Nintendo's Technological Measures for video games; specifically, Lockpick bypasses the Console TPMs to permit unauthorized access to, extraction of, and decryption of all the cryptographic keys, including product keys, contained in the Nintendo Switch."

In discussions over the weekend, some users highlighted that the keys in question are extracted from their own devices, devices they paid for and therefore own. They also note that pirates are unlikely to extract their own keys, but by effectively declaring that emulation/homebrew fans can't extract keys from their own devices, Nintendo will force them to obtain keys in other ways.

While the prediction concerning key acquisition seems valid, in the unlikely event Nintendo addresses key ownership, licensing agreements would almost certainly tilt in favor of the gaming company. In practical terms, citing the DMCA's anti-circumvention provisions is more than enough.

"The decrypted keys facilitate copyright infringement by permitting users to play pirated versions of Nintendo's copyright-protected game software on systems without Nintendo's Console TPMs or systems on which Nintendo's Console TPMs have been disabled," Nintendo informs GitHub.

"Trafficking in circumvention software, such as Lockpick, violates the Digital Millennium Copyright Act of the United States (specifically, 17 U.S.C. §1201), and infringes copyrights owned by Nintendo."

After Several Years, Why Did Nintendo Act Now?

At this point, it's worth highlighting that Lockpick was first uploaded to GitHub on December 8, 2018, with Lockpick_RCN uploaded on March 4, 2019. Despite functionality being clear from the start (and a naming convention suggesting that circumvention of digital locks was always the aim), it's taken Nintendo four years to take action. So why now?

Absent any comment from Nintendo, only speculation remains. However, if one was attempting to compile a shortlist of credible reasons, people playing Zelda: Tears of the Kingdom on PC almost two weeks before the game is officially released on Switch, would be extremely difficult to beat.

zelda-pc

Not only does this example supply motivation to act in spades, there's almost a need to justify it beyond the explanation in the takedown notice.

Regardless of any objections over the right to maintain emulators or arguments over legitimate reverse engineering and related fair use defenses, this isn't a case of Nintendo being massively unreasonable, it's Nintendo reading the law, liking the odds, and then recalling that anti-circumvention notices cannot be countered.

In addition to the repos mentioned above, Nintendo's notice also requests the removal of around 80 forks. If every last trace of Lockpick is eventually removed from GitHub, that shouldn't come as a surprise. It was always inevitable; someone just had to poke the bear in both eyes at exactly the right time.

From: TF, for the latest news on copyright battles, piracy and more.

La Liga Asked GitHub to Shut Down Football Streaming App 'Nodito'
Ernesto Van der Sar, 07 May 10:42 PM

noditoWith millions of fans all over the world, Spanish football league 'La Liga' is one of the most popular in the game.

In common with similar sports organizations, La Liga has a dedicated anti-piracy team that actively tracks and reports unauthorized live streams.

This sounds like a straightforward task but, in reality, it often turns into a perpetual stream of takedown notices. After all, the operators of piracy sites and apps have no intention of abiding by the law and pull out all the stops to avoid getting caught.

La Liga vs. Nodito

A recent takedown notice from La Liga illustrates this problem quite well. A few days ago the league sent a takedown notice to GitHub, asking it to remove an APK file that belongs to the user Nodoapps, known for the Spanish football streaming app Nodito.

"The National Professional Football League has among its main objectives the fight against piracy in the digital environment, in particular, the protection of its rights and those of its member clubs, and spends enormous human and technological resources to detect such misuse," the notice starts.

La Liga explains that since the app links to live streams of First and Second Division games published without permission, GitHub should take the code offline.

"This user does not have any right to this type of links with illegal broadcasts, so the conduct described supposes a violation of said exploitation rights of audiovisual content of the National League Championship in its First and Second Divisions."

The takedown notice was effective in the sense that GitHub acted swiftly. As a result, people who try to download the APK file through that link now see a 404 error instead. That doesn't really solve the problem though.

New GitHub Link

Soon after the above-mentioned URL was reported and disabled, the same user began promoting a new GitHub download link through Nodoapps' official linktree page. Simply putting the APK file in a 'gg' subfolder did the trick.

github

La Liga's anti-piracy team is likely be aware of this and will probably send a new takedown notice to GitHub, asking the company to take this down as well. But even if all piracy was eliminated from GitHub overnight, the problem isn't going away.

By now, the Nodito app is being shared all over the web on dedicated APK-sharing sites. The developers also posted a copy on Google Drive, which will likely be updated to a new URL once it's removed.

Whack-A-Mole

The above shows how difficult it can be to effectively take down a pirate streaming app that doesn't rely on a single domain. In fact, the developers have previously shown that they don't mind rebranding the entire app if the situation calls for it.

Nodito isn't the first streaming tool Nodoapps released. The software was previously known as "NogoGO," until its site was hit by a DMCA takedown notice.

"We wanted to inform you that access to the NodoGO site has been removed due to a DMCA problem. As a result, the app disappeared and it's no longer accessible to any user," Nodoapps announced two weeks ago

"That is why we have had to create a new application called NODITO […] that we will share in our social networks," the team added.

nodomessage

And indeed, in addition to the download options listed at Linktree, Nodoapps also promotes download options for the APK file on its official Telegram channel, Instagram, Twitter, and elsewhere.

Scammers Enter the Game

By now, the Nodito brand has taken on a life of its own, which can make it hard to spot which versions are official and which aren't. This provides an opportunity for scammers to enter the game, and indeed, an unofficial "Nodito" made its way to the Google Play Store recently.

This app has been downloaded over 10,000 times in just a few days but according to Nodoapps' official developers, it should be avoided at all costs.

"It is a scam, they ask for your phone number to 'supposedly' verify themselves but all they do is send you SMS. All they do is take advantage of Nodito's name," Nodoapps writes.

These types of scams are hard to avoid. Nodoapps knows from experience that sending a takedown notice may temporarily solve the problem, but dealing with scammers is a game of whack-a-mole too.

From: TF, for the latest news on copyright battles, piracy and more.

 
 
Powered by Mad Mimi®A GoDaddy® company

No comments: