Thursday, February 29, 2024

TorrentFreak's Latest News

 

Pirate Sites With Malicious Ads Face Restrictions Under New Initiative
Andy Maxwell, 29 Feb 11:27 AM

malware-s1There was a time when visiting a pirate site was much like visiting any other. Keen to attract eyeballs wherever they might be, many of the world's biggest brands exchanged cold hard cash for an appearance on prominent pirate portals.

Over time and as the thorny issue of funding illicit platforms gained traction, companies including Ford, Toyota, Nissan, Mazda and Volvo came under increasing pressure. The same held true for other household names, such as tech giant Samsung, along with Nokia, Canon, Carlsberg, even Coca Cola.

These companies weren't deliberately placing ads on pirate sites, but their ads kept turning up on them nonetheless.

Goodbye Quality Brands

As brand protection became increasingly important during the previous decade, companies such as White Bullet provided intelligence on which sites to avoid, with similar lists deployed to facilitate the work of the UK's Infringing Website List, among others. In the United States, the formation of the Trustworthy Accountability Group (TAG) in 2015 saw advertisers and advertising agencies come together to clean up the system and prevent ad revenue from reaching pirate sites.

TAG enjoys considerable support; Amazon, Disney, Google, Meta, NBC, Sky, and Spotify, among others, sit on TAG's Leadership Council. Most were around in 2019 when TAG launched Project Brand Integrity, an initiative to prevent valuable brands' advertising ending up next to potato-quality copies of Hollywood movies and other unauthorized content.

Half a Decade Later, TAG Upgrades

While TAG says that v1.0 has performed well, on Wednesday it announced Project Brand Integrity 2.0. More easily scalable than its predecessor, PBI 2.0 still aims to defund pirate sites and protect advertisers from undesirable associations. If all goes to plan, it will be quicker to react and more responsive to domain hopping too.

"Project Brand Integrity 1.0 was incredibly effective but hard to scale, as it involved a time-consuming manual process of notifying advertisers when their ads were found on pirate sites," says Mike Zaneis, CEO of TAG.

"Although most advertisers took action when alerted to such misplacements, the money often had already changed hands, and the criminals quickly moved their efforts to new domains."

Excluded From Ads, Pirates Welcomed to Exclusion List

Also receiving an upgrade is TAG's database of pirate sites, which is shared within the industry to help advertisers avoid undesirable platforms. This 'exclusion list' is maintained and developed through intelligence sharing at TAG's AdSec Threat Exchange, where members collaborate with participating companies, utilize open source resources, and share information on pirate domains.

The resulting list aims to limit pirate sites' access to advertisers, thereby reducing their ability to generate revenue from advertising.

tag-pbi2

"Through PBI 2.0, TAG will leverage new partnerships with the industry's major ad tech intermediaries to cut off funding from pirate websites through a comprehensive pre-bid exclusion list, thus preventing pirate sites from monetizing stolen intellectual property (IP)," TAG says.

"By incorporating real-time intelligence on new pirate domains from TAG's Ad Sec Threat Exchange and TAG member companies, PBI 2.0 will protect brands while preventing ad dollars from reaching those illegitimate sites."

Malvertising Everywhere

In an interview with EMA last December, Michael Lydon, TAG's Vice President of Threat Intelligence, spoke of the constant battle against malvertising, a portmanteau of 'malware' and 'advertising.' Scam ads, auto-redirections, cloaking, and drive-by downloads all received a mention. Not exclusively in connection with pirate sites, though, the problem is much broader than that.

Given the nature of this pervasive adversary, TAG's v2.0 exclusion list will also combine data originally collected by anti-malware vendors, with the intelligence providing an enhanced view of pirate sites that combine free downloads with malicious or deceptive ads. Once that information is placed in the hands of advertisers, it's hoped that having two reasons not to fund pirate sites will be better than having just one.

Proactively Eliminating Malvertising

What kind of effect the project will have at the consumer end is unclear. One of the great ironies of the pirate site/malware debate is that by driving trusted advertisers away, anti-piracy groups not only removed revenue but also opened up the market for less inhibited advertising agencies to do more business with pirate sites.

Lower ad rates made available to pirate sites with fewer opportunities elsewhere, can lead to an elevated chance of risky ads, on web-based portals in particular. Since TAG's system will only make things worse and the rest of the internet isn't getting any better, some sites may need to be tackled more directly.

The good news is that plenty of solutions for disappearing bad ads, malvertising, endless trackers, and other stuff some sites just can't get enough of, are readily available for free. Since they don't discriminate, they're just as happy removing all hot girls in your area to the 80 advertising partners imposed on visitors by too many mainstream sites.

quad9

For those really averse to abusive advertising, moving away from ISP-provided DNS to Quad9's threat-blocking alternative is a good start.

For the more adventurous, a self-hosted DNS server like Pi-Hole, loaded with various hand-picked blocking lists, is something that few people think they need. At least until they see how even seemingly regular ads, not to mention things like smart TVs, can really abuse their trust.

pi-hole

Finally, uBlock Origin on top is an essential for every browser, and if all goes to plan, malvertising will be a thing of the past. Then, working from a nice clean sheet, unblocking the sites worthy of support seems the way to go, while enjoying the internet all over again.

From: TF, for the latest news on copyright battles, piracy and more.

Nintendo's Yuzu Lawsuit Aims to Pour Banana Peels Over All Emulators
Andy Maxwell, 28 Feb 04:55 PM

yuzu-tropicIt's not uncommon for people to wander into some corner of the overall emulation scene with a specific question: Are emulators legal?

While not necessarily true, the most common answer is: yes, emulators are completely legal but distributing the games (ROMs) is most definitely not, so don't request them here.

In response to questions from those interested in the DIY approach, gamers are often advised to rip only the games they actually own, or only download games they intend to rip, for which they already own the original.

The endless caveats that tend to go unmentioned are even more important. Nintendo knows them all but rarely strays from its fundamental position that, as far as its games and consoles are concerned, the process is illegal.

Nintendo Targets Company Behind Switch Emulator, Yuzu

Targeting developers who reverse-engineer and decompile code, to support an open source project, for which no money needs to be paid, is one way to view the lawsuit Nintendo filed this week. At the heart of the complaint is Switch emulator software Yuzu and Tropic Haze LLC, the United States company allegedly behind the project.

yuzu-github

Available on Windows, Linux, and Android, Yuzu claims to be the most popular open-source Switch emulator in the world. The software is completely free and readily available (caveats apply), but the games it plays are not part of the offer (see above).

Instead, users of Yuzu need to obtain Nintendo games from elsewhere, in most cases those pre-ripped by others and placed online for download.

In all cases, whether on physical cartridges or supplied as digital downloads, Switch games contain security measures designed to prevent copying or being run on unauthorized devices. Technological protection measures (TPM) are also present in the Switch console, which has layers of encryption to restrict access to vital cryptographic files known as 'prod.keys'.

Circumvention and Decryption

Just as Yuzu distances itself from pirated copies of Nintendo's games, Yuzu users must also independently obtain prod.keys, sourced from hacked Switch consoles and made available online.

After these keys are fed into Yuzu, Nintendo claims that the emulator uses them to unlawfully circumvent its technological measures, decrypting Switch game files before and during runtime. This allows copies of Switch games to be played on Windows, Linux, and Android, contrary to Nintendo's terms and conditions and in violation of the anti-circumvention provisions of the DMCA.

yuzu-code

"Only because Yuzu decrypts a Nintendo Switch game file dynamically during operation can the game be played in Yuzu. In other words, without Yuzu's decryption of Nintendo's encryption, unauthorized copies of games could not be played on PCs or Android devices," the complaint reads.

"With Yuzu in hand, nothing stops a user from obtaining and playing unlawful copies of virtually any game made for the Nintendo Switch, all without paying a dime to Nintendo or to any of the hundreds of other game developers and publishers making and selling games for the Nintendo Switch. In effect, Yuzu turns general computing devices into tools for massive intellectual property infringement of Nintendo and others' copyrighted works."

Tropic Haze LLC and Yuzu Lead Dev, Bunnei

Tropic Haze LLC is described as a Rhode Island company that develops and distributes Yuzu. Nintendo says the company uses a network of paid coders/developers who maintain the software and issue updates to improve the software's ability to replicate the gameplay experience offered by Nintendo's official products.

These individuals are described as agents of Tropic Haze LLC and Nintendo holds the company liable for their conduct. That includes Bunnei, the alleged lead developer of Yuzu, whose conduct receives significant attention in the complaint.

Nintendo's Laundry List of Allegations

Nintendo's first mention of Bunnei includes a claim that the developer "publicly acknowledged most users pirate prod.keys and games online" while the Yuzu website offers instructions to users on how to "unlawfully hack their own Nintendo Switch and how to make unauthorized copies of Nintendo games and unlawfully obtain prod.keys."

While advice doesn't amount to circumvention, Nintendo says it can show that Bunnei and other developers used Yuzu to decrypt and play Nintendo games. That required them to obtain prod.keys from a hacked console (circumvention violation under the DMCA), and make at least one unauthorized copy of a game (copyright infringement).

Nintendo says that agents including Bunnei are "fully aware" of the use of Yuzu by others "in performing circumvention, and in facilitating piracy at a colossal scale." Moreover, in addition to providing Yuzu and instructions to complete various tasks, the importance of decryption keys is acknowledged on the Yuzu website, along with links to various pieces of software designed to extract those keys.

Nintendo claims that decisions regarding new Yuzu features, which platforms to launch on, and which games to provide compatibility with, are made by Bunnei. Nintendo also provides a quote; when acknowledging that the Yuzu Quickstart guide can be confusing, Bunnei allegedly said, "users probably just pirate a yuzu folder with everything."

The Quickstart guide itself also contains the following: "[t]o start playing commercial games, yuzu needs a couple of system files from a HACKABLE Nintendo Switch console in order to play them properly."

Zelda: TotK Leak Provided Patreon Earnings Boost

The Legend of Zelda: Tears of the Kingdom was released by Nintendo on March 12, 2023, but was available to pirate online on May 1, 2023. Nintendo says 100% of the copies available were necessarily pirated copies and every user who obtained a copy did so without paying for the game.

Over one million copies of the game were downloaded and Nintendo claims that over 20% of download links referenced playing the game on an emulator, Yuzu included. Meanwhile, Yuzu's Patreon – where early builds of Yuzu are made available to members – had a sudden increase in membership.

yuzu patreon

Nintendo claims this was a direct result of the leaked Zelda: TotK being played on Yuzu and Bunnei understood that, not least since Yuzu has a telemetry feature that relays the titles of games being played.

"Indeed, Bunnei implemented a ban on discussing Zelda: TotK emulation in Yuzu's Discord server because so many Yuzu users were trying to seek support emulating it," Nintendo claims.

Nintendo notes that 7,000 patrons now generate around $30,000 per month for those who develop Yuzu, with early versions accessible via Patreon generating an additional $50,000.

Nintendo's Claims

Nintendo's claims are comprehensive. Trafficking in circumvention technology in violation of 17 U.S.C. § 1201(a)(2)) is supported by allegations that the defendant and its agents are aware that Yuzu is designed, implemented and used to circumvent encryption, while they market Yuzu for the purpose of circumventing TPMs.

A claim of trafficking in circumvention technology in violation of 17 U.S.C. § 1201(b)(1)), notes that Yuzu has "only limited commercially significant purpose or use" other than to circumvent protection measures.

Circumvention of technological measures in violation of 17 U.S.C. § 1201(a)(1)) relates to Bunnei and other developers circumventing Nintendo's protection measures themselves, while additional claims under the Copyright Act relate to Bunnei and the other developers dumping Nintendo games, copying them into Yuzu, and sending them to each other.

A final count alleging contributory and inducement of infringement relate to secondary liability for Yuzu users' alleged infringements. Overall, the complaint amounts to a comprehensive sweep against almost everything that the modern emulation scene relies on, without directly tearing out the beating heart of emulation itself. If successful, the truck loads of banana peels left behind could prove difficult for other projects to avoid, however.

Nintendo seeks significant damages and an injunction to restrain Tropic Haze LLC from infringing its rights moving forward. That raises a slightly puzzling matter evident throughout the entire complaint.

Nobody Positively Identified in the Complaint

Despite Bunnei's alleged importance, the only defendant listed in the complaint is Tropic Haze LLC and Nintendo provides almost no information about the company, including details of ownership or control, despite claiming that its sole business is to "develop and distribute unlawful circumvention software."

It necessarily follows that 'Bunnei' is not listed as a defendant, Doe or otherwise. In fact, the language used by Nintendo throughout the complaint suggests that it either has no idea of Bunnei's true identity or may have gone to considerable lengths to give that impression.

What lies behind this, if anything, is unclear, but there's a strong possibility that sooner or later, pressure to settle will likely enter the equation. Right now, there are no real names in the complaint, but that could be changed in an instant, at least if any are currently known.

Nintendo's complaint can be found here (pdf)

From: TF, for the latest news on copyright battles, piracy and more.

270x90-blue

Are you looking for a VPN service? TorrentFreak sponsor NordVPN has some excellent offers.

 
 
Powered by Mad Mimi®A GoDaddy® company

No comments: