Thursday, November 30, 2023

TorrentFreak's Latest News

 

ICANN Simplifies Requests For Hidden Domain Name Registration Data
Andy Maxwell, 30 Nov 09:01 AM

ICANNMuch like regular websites operated by governments, companies, organizations, and the general public, most internet-based piracy services can be accessed using a domain name.

From a user's perspective, domain names are more easily remembered than IP addresses and remain the same despite IP address changes behind the scenes.

Domain names also play an important role in conveying branding and as a result can be worth considerable sums of money. For companies enforcing their intellectual property rights, determining who owns a domain can prove invaluable as part of a wider investigation.

When the General Data Protection Regulation (GDPR) came into effect in May 2018, it aimed to protect the personal data of EU citizens. That included those whose names appeared in public WHOIS databases as registrants or owners of domains.

ICANN, the Internet Corporation for Assigned Names and Numbers, responded with restrictions that on one hand protected registrants' privacy, but on the other came at the expense of rightsholders' being able to conduct meaningful WHOIS-based investigations.

ICANN Accused of Hindering Rightsholders

Potential problems had been flagged way ahead but workable solutions remained elusive. Increasingly vocal rightsholders including the RIAA and MPA criticized WHOIS restrictions and piled on with other shortcomings; WHOIS proxy/shielding services that hide registrant information, for example, and the lack of an effective system to ensure the accuracy of collected data.

In an August 2023 joint submission to the United States Patent and Trademark Office (USPTO), Hollywood, the recording industry, TV companies, the gaming industry and publishers left little doubt that patience had run out.

ICANN failures?

RDRS: Registration Data Request Service

With WHOIS protocols set to be replaced by RDAP (Registration Data Access Protocol), a technology designed to improve Registration Data Directory Services (RDDS), this week ICANN launched RDRS, an all new service to simplify access to non-public domain registration data.

ICANN RDRS Launch

"Due to personal data protection laws, many ICANN-accredited registrars are now required to redact personal data from public records, which was previously available in 'WHOIS' databases," ICANN explained.

"With no one way to request or access such data, it can be difficult for interested parties to get the information they need. The RDRS helps by providing a simple and standardized process to make these types of requests.

"The RDRS can be an important resource for ICANN-accredited registrars and those who have a legitimate interest in nonpublic data like law enforcement, intellectual property professionals, consumer protection advocates, cybersecurity professionals, and government officials," ICANN added.

Probably Not What Rightsholders Are Pleading For

There appears to be little restriction on who can sign up for RDRS, something that already has some worried about what that could mean for their privacy. ComLaude confirms anyone can file a request but it doesn't necessarily follow that information will be provided.

RDRS is effectively a case management system for handling WHOIS data disclosure requests, rather than a database which can be interrogated, as WHOIS has been. Anyone can make a request, via the system, for certain non-public domain registration data. RDRS identifies the sponsoring registrar for the domain name and routes the request to them, subject to the registrar having signed up to be part of the system. Then, subject to applicable law, the registrar will make a determination on what, if any, requested data will be disclosed.

Some rightsholders may be disappointed that the system only covers gTLDs such as .com, .net, and .org, plus new gTLDs including .xyz, .online and .horse. Common ccTLDs deployed at pirate sites, including .ag, .am, .cc, .me, .pw, .re, .sx, and .to, are excluded from the system.

Hands-On Test

Kevin Murphy at Domain Incite took RDRS for a spin and posted his first impressions of the service.

"The system is defined largely by what it isn't. It isn't an automated way to get access to private data. It isn't guaranteed to result in private data being released. It isn't an easy workaround to post-GDPR privacy restrictions," Murphy explains.

"It is a way to request an unredacted Whois record knowing only the domain and not having to faff around figuring out who the registrar is and what their mechanisms and policies are for requesting the data."

Murphy also got the impression from interface settings that simply walking in off the street and requesting domain registration data might not be what ICANN has in mind. As a tool for rightsholders demanding so much more, it's certainly nothing like what they have in mind.

"The RDRS merely connects Whois data requestors — the default settings in the interface suggest that ICANN thinks they'll mostly be people with court orders — with the registrars in charge of the domains they are interested in," Murphy concludes.

From: TF, for the latest news on copyright battles, piracy and more.

Site Blocking Fallout Keeps GitHub Unusable for Some Indians
Ernesto Van der Sar, 29 Nov 11:52 PM

github barredLike many other countries around the world, India's copyright law allows rightsholders to limit access to pirate sites.

Major entertainment industry companies regularly obtain injunctions that require local Internet providers to block websites to prevent piracy.

In essence, these measures are straightforward as specific domains are identified for blocking. However, injunctions can be issued before infringements take place and can be dynamic or temporary, depending on the situation.

In the early years, blocking injunctions were used as a blunt instrument, instructing Internet providers to block legal platforms such as Vimeo, while GitHub and the Internet Archive also ended up in the crosshairs years ago.

GitHub Blocking Troubles

Accuracy-wise, some progress has been made over the years but that doesn't mean that overblocking is no longer an issue. Throughout this year, several GitHub users have reported persistent problems accessing the platform.

The issues related to GitHub appeared in January of this year, when several Indian developers noted that they could no longer use the site properly. The main Github.com domain was still accessible but raw.githubusercontent.com, where code is typically stored, was blocked.

This made it impossible for developers to work on projects and several applications that used GitHub-hosted code started to return errors.

"This URL has been blocked under the instructions in compliance with the orders of a Hon'ble Court," a typical error message read.

Since some pirate apps use GitHub it's possible that raw.githubusercontent.com was listed in a copyright-related injunction, resulting in massive overblocking. As far as we know, the court order in question hasn't been published but several ISPs were affected.

Problems Persist Despite Reversal

After some backlash, the underlying order was reportedly retracted, after which GitHub started working properly again for most Indians; but not for all. After nearly a year, there are still widespread reports from people who can't use the site.

The problem is discussed repeatedly on social media and local news outlets with users from ISPs such as JIO and Hathway complaining that raw.githubusercontent.com is not accessible.

"From the past few weeks I am unable to access raw.githubusercontent.com on my Jio network," one Redditor writes, with many others sharing a similar experience. On X, several users are reporting that they continue to have issues too.

github madras

Not all subscribers appear to be affected and other Internet providers don't appear to have the same issue. This suggests that the affected ISPs didn't properly unblock the URL earlier this year when the court order was retracted.

GitHub Responds

GitHub is aware of the problems in India. The Microsoft-owned platform informs us that it's investigating the issue to see if full access for all users can be restored.

"As the global home for all developers, we firmly believe that everyone should be able to contribute to the future of software development regardless of where they live," GitHub informed us.

"We are aware of reports that there may be issues with accessing the raw.githubusercontent.com domain in India and are investigating to determine how access can be restored."

Transparency / Speculation

The lack of transparency regarding Indian court orders and retractions doesn't help to solve the problem. To the public at large, it still isn't clear on what grounds GitHub was partly blocked.

One potential tie-in could be the PikaShow app. After becoming the official sponsor for the Afghani cricket team during last year's Asia Cup, Indian rightsholders pulled out all the stops to block the app.

Through an injunction, GitHub was ordered to disclose information on the developers behind the PikaShow account, but it's possible that a separate blocking order also targeted the site's raw.githubusercontent.com URL.

The above is pure speculation, which emphasizes the need for more transparency. That's especially important now that Indian authorities are requiring domain registrars to comply with blocking orders too if they want to continue operating in the country.

Meanwhile, the developers affected by the continuous blockade have to find ways around the technological restrictions. Luckily, that's not too hard for this tech-savvy audience.

From: TF, for the latest news on copyright battles, piracy and more.
270x90-blue

Are you looking for a VPN service? TorrentFreak sponsor NordVPN has some excellent offers.
 

©2023 TorrentFreak | Office 21338 PO Box 4336 Manchester, North West M61 0BW United Kingdom

 
Powered by Mad Mimi®A GoDaddy® company
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)