Monday, February 26, 2024

TorrentFreak's Latest News

 

Piracy Shield Cloudflare Disaster Blocks Countless Sites, Fires Up Opposition
Andy Maxwell, 26 Feb 11:48 AM

Logo piracy shieldFollowing a statement that Italy's all-new anti-piracy system had received top marks from telecoms regulator AGCOM for "working perfectly," on Saturday the truth came out in all its glory.

Piracy Shield has only been fully operational for a few weeks. So, expecting it to work flawlessly, right out of the box, was always unrealistic. There have been reports of unexpected behavior in the ticketing system, for example, plus other issues one might describe as relatively normal for a new system, or at least non-critical.

But while any unexpected behavior needs to be understood, the Piracy Shield system, i.e software, hardware, and sundry biological components, arguably had just one job to perform perfectly in its first month. Through meticulous care, prove the naysayers wrong by not blocking innocent sites and staying away from CDNs. A single IP address blocked in error can do damage anywhere but, on a platform such as Cloudflare, problems can multiple extremely quickly.

Like a Moth to a Flame

As reported less than two weeks ago, the first issue to cause elevated public concern was the blocking of Zenlayer CDN IP addresses. During the first two weeks in the public spotlight, that wasn't ideal or even an isolated incident.

Black spots = No connectivityPiracy Shield - ZenLayer Block - Error - 240222

When AGCOM and anti-piracy group FAPAV turned up on TV recently to announce an expansion of Piracy Shield blocking, the system was said to be "working perfectly" while reports to the contrary were labeled "fake news."

But even before those statements had time to fully sink in, along came Saturday afternoon, otherwise known as 'TTFN CDN'.

AS13335 Cloudflare – IP: 188.114.97.7

Around 16:13 on Saturday, an IP address within Cloudflare's AS13335, which currently accounts for 42,243,794 domains according to IPInfo, was targeted for blocking. Ownership of IP address 188.114.97.7 can be linked to Cloudflare in a few seconds, and doubled checked in a few seconds more.

The service that rightsholders wanted to block was not the IP address's sole user. There's a significant chance of that being the case whenever Cloudflare IPs enter the equation; blocking this IP always risked taking out the target plus all other sites using it.

Why blocking went ahead anyway has no good answers; from didn't check and don't understand to oops, too late…, how it managed to traverse the claimed checks and balances defies logic. Giorgio Bonfiglio, Principal Technical Account Manager at Amazon Web Services, warned of this specific risk last year. Some of the best advice available, pro bono, yet simply ignored.

"When I talked about the risks of the Piracy Shield last year I focused on the impossibility for an external observer to understand whether an IP is shared or not. I never expected they would block one of the top 5 CDNs in the world, an AS that does ONLY that," Bonfiglio wrote.

Block Party Erupts

On February 2, 2024, developer Marco d'Itri (aka rfc1036) published a pearl of wisdom on Twitter. On Saturday, a little over three weeks later, he was the first to publicly confirm that what shouldn't have happened, had obviously happened, to the surprise of no one.

be careful

it happened - piracy shield

Reports of sites suddenly going offline came in quickly. The IP address block went live at 16:13 and by 16:31, Italy was already covered head to foot in black spots indicating no connectivity (Source: RIPE via @auguzanellato).

RIP-188.114.97.7

EU citizens' right to receive and impart information without interference often enters site-blocking discussions. Such concerns were waved away in Italy because the above would never be allowed to happen.

Communication to the Public, By The Public

On X, @handymenny quickly pinpointed the source of his initial connectivity problem, and then went on to discover he was more affected than first thought. That appeared to pique his curiosity, so he decided to find out who else had been blocked.

His discoveries included the ODV Prison Volunteers Association, a charitable group with a key goal of improving communication between prisoners and their families. Elimobile.it, a telecoms company that relies on people communicating so that they a) buy SIM cards and b) can access Elimobile's video services, was also blocked.

4blox-piracy shield

Several schools also suffering downtime is not just a terrible look. The laws and regulations passed last year that authorize rapid blocking include a mandatory educational component for kids. If anyone can think of a statement that will resonate with kids, to explain why preventing football piracy has a negative effect on education, answers on a blackboard please.

Block Quietly Removed, But That Won't Be Enough

Around five hours after the blockade was put in place, reports suggest that the order compelling ISPs to block Cloudflare simply vanished from the Piracy Shield system. Details are thin, but there is strong opinion that the deletion may represent a violation of the rules, if not the law.

Another legal aspect of potential interest involves a general principle of EU law, one that requires authorities to strike a balance between the means used and the intended aim when exercising their powers.

IT enthusiast Ernesto Castellotti wasted no time deciding his course of action. Since his website was also unlawfully blocked on Saturday, he's sent a civil access request to AGCOM demanding all information held on file to show why that happened. He's also calling for the immediate resignation of the head of AGCOM "for demonstrated negligence in the implementation of the Piracy Shield project."

As far as we're aware, there has been no formal comment from AGCOM on Saturday's disaster.

Share information with TF in confidence here

Note: An earlier version of this article reported on a Bonfiglio tweet which appeared to estimate the number of sites potentially blocked on Saturday. We're informed the tweet used an Italian phrase that simply suggests a very large number. The direct translation lacked nuance and has since been removed.

From: TF, for the latest news on copyright battles, piracy and more.

Top 10 Most Pirated Movies of The Week – 02/26/2024
Ernesto Van der Sar, 26 Feb 12:09 AM

mean girlsThe data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only.

Downloading content without permission is copyright infringement. These torrent download statistics are only meant to provide further insight into piracy trends. All data are gathered from public resources.

This week we have three newcomers on the list. "Mean Girls" is the most downloaded title.

The most torrented movies for the week ending on February 26 are:

Movie Rank Rank last week Movie name IMDb Rating / Trailer
Most downloaded movies via torrent sites
1 (…) Mean Girls 6.0 / trailer
2 (2) The Beekeeper 6.5 / trailer
3 (…) The Zone of Interest 7.7 / trailer
4 (5) Land of Bad 6.5 / trailer
5 (6) Wonka 7.3 / trailer
6 (7) Oppenheimer 8.5 / trailer
7 (3) Aquaman and the Lost Kingdom 6.7 / trailer
8 (…) Red Right Hand 5.3 / trailer
9 (4 The Marvels 5.7 / trailer
10 (1) The Iron Claw 7.9 / trailer

Note: We also publish an updating archive of all the list of weekly most torrented movies lists.

From: TF, for the latest news on copyright battles, piracy and more.

Njalla: Hundreds of Suspended .TV Domains Could Soon Return to Life
Andy Maxwell, 25 Feb 05:33 PM

happy-pirateThe last time over 200 pirate sites went offline at the same time was…..well, probably never. Certainly, so many sites have never gone down and stayed down for four days straight in what still amounts to a relatively tight niche.

Yet that's exactly what happened this week, when at least 200 .TV domains were suddenly rendered useless. WHOIS records revealed that the domains had a status of 'serverHold' which indicates a domain with no presence in the domain name system.

Registry >> Registrar >> Domain Owner

The suspended domains were all registered at Sarek Oy, the Finland-based domain registrar with connections to former Pirate Bay spokesman, Peter Sunde. Those in need of a liberal, privacy-focused domain registrar, with a pedigree supported by thousands of news articles, countless interviews, TV appearances, and a full-blown movie, have fewer reasons than most to shop for domains elsewhere.

Site operators understand Peter and he understands their requirements, as other projects including Njalla demonstrate. Unfortunately, when everything went dark Tuesday/Wednesday with no sign of recovery by Thursday, lack of information from obvious sources seemed to have no solution.

When domains are placed on 'serverHold' that's the work of domain registries, not registrars, but domain owners still need to know where they stand.

Frustrations Build

One of those people is Jomo, the owner of Jomo.tv, which unlike most of the .TV domains currently suspended, isn't a pirate site.

"I use the affected domain for my tech blog and my email address. I have received zero information about what's going on, and I don't know if or when this is going to be resolved," Jomo told TF early on Friday.

"Njalla does not seem to know anything, the registry did not want to tell me anything and only referred to Sarek without any further info, and Sarek does not respond at all."

GoDaddy completed its takeover of registry services for .TV domains late 2022, after previous controller Verisign chose not to bid when .TV last came up for grabs. When attempting to contact GoDaddy for comment earlier this week, TorrentFreak's first email received an automatic response saying "Message blocked" while a second to a different address informed us that "The recipient's mailbox is full and can't accept messages now."

While frustrating for us, domain owners like Jomo had serious issues to contend with.

"It is extremely frustrating to not get any info or updates, in addition to being unable to send or receive any emails, and being unable to log in to several services. By now I'm sure some emails are lost forever as the domain has been unavailable for several days," Jomo added.

Problem Acknowledged on Friday

When no official updates were provided on Thursday, the situation was looking increasingly grim. Then on Friday, Jomo suddenly had luck reaching GoDaddy via TurnOn.tv.

"They actually replied fairly quickly," Jomo says, "but only told me to 'contact your sponsoring registrar, Sarek Oy.'"

After logging into his Njalla account, a new message appeared: "Some .tv domains have been put on serverHold by the registry and we are in contact with them to resolve the issue." There was no response to his support ticket filed earlier but at least the issue had been acknowledged.

sarek confirms

Then a few hours later, a ray of light appeared at the end of the tunnel.

'Technical Issue' Resolved With Registry

After three days without any useful information, Jomo received a response from Njalla, sometime Friday evening we believe.

"It is a technical issue. We've squared things out with the registry and we're just waiting for them to lift the serverHold," a message from Njalla reads.

"That will happen anywhere between in a few minutes till Monday, but we're hoping sooner than later of course. We apologize for the troubles it had caused."

At the time of writing, Jomo's domain still hasn't returned and when we last checked, the same was true for around 200 others. While there's optimism that all domains will eventually return to service, the episode leaves big questions unanswered.

The Information Age

Perhaps the most pressing question from a consumer perspective is the decision by the registry to suspend so many domains in one swoop with zero notice. The fact that so many domains are used by pirate sites does muddy the waters somewhat but as Jomo will confirm, non-pirate sites are affected too.

When a particular entity takes action to suspend domains, whose responsibility is it to keep customers informed? In this case the action was taken by the registry but when asked to provide information, the registry refused to supply it, referring questions back to the registrar instead.

Problems Over, or More to Come?

Then there's the question of the issue that prompted the suspensions; what was it and is it likely to reoccur? Should domain registrants avoid .TV domains? Without information to the contrary, rightly or wrongly some will draw that conclusion.

Of course, by offering domains with toughened privacy, Sarek Oy/Njalla find themselves disproportionately involved in legal proceedings where a plaintiff hopes to identify a domain operator but runs into firewall instead.

A live case in the United States required various domain registrars including GoDaddy, Namecheap and Sarek Oy, to take action against several app stores to prevent apps with 'Temu' branding being made available to the public.

As far as we can see, Namecheap, GoDaddy, and Sarek Oy were ordered to disable the platforms' domains but to date, only domains registered through Sarek remain both intact and online.

At least in part, that's to be expected and to some extent, the service as promised. Also to be expected are complications arising from an accumulation of these types of cases and similar disputes that come with the territory, the supply of which seems endless.

From: TF, for the latest news on copyright battles, piracy and more.

270x90-blue

Are you looking for a VPN service? TorrentFreak sponsor NordVPN has some excellent offers.

 
 
Powered by Mad Mimi®A GoDaddy® company

No comments: