With millions of visitors every day ExtraTorrent is one of the most-visited torrent indexes on the Internet.

The site is a thorn in the side of the entertainment industries who have labeled it a “rogue site” on numerous occasions. In recent weeks, however, more concrete actions have been taken.

In September, ExtraTorrent suffered a massive blow when City of London Police convinced its registrar to seize their .com domain. ExtraTorrent was not happy with this decision and threatened legal action.

The registrar eventually decided to redirect the .com domain to the new .cc TLD, but still refuses to return it.

Smelling blood, the MPAA jumped in last week by sending a DMCA request to Google, asking the search engine to remove ExtraTorrent’s new homepage from its search results. The Hollywood group sent a targeted DMCA notice listing only two URLs including ExtraTorrent.cc.

Interestingly, Google refused to take action and decided to keep the site listed, presumably because the copyrighted content referenced by the studios was no longer linked there. Needless to say, ExtraTorrent’s staff was delighted with Google’s backing.

“We are happy to know that Google took the right decision,” ExtraTorrent’s Sam told TorrentFreak earlier this week, when we asked for a comment on Google’s refusal.

“MPAA thought that we would be vulnerable after the domain drama, and that the time was right to go after us using the same tactics London police used with our old clumsy registrar. However, they forgot that Google is not like our old registrar and that they are not as easily manipulated,” he added.

ExtraTorrent.cc not removed

However, just when we were about to publish our findings today we noticed that the new ExtraTorrent.cc domain had disappeared after all. The search giant hadn’t backpedaled on its earlier decision, but it turns out the MPAA wasn’t the only one going after ExtraTorrent’s new home.

On Monday, Fox also sent a takedown notice to Google. This notice listed only one URL – extratorrent.cc – and no less than 110 copyrighted movies and TV-shows including Family Guy, Homeland, Avatar and Life of Pi.

While the DMCA notice doesn’t list any links to individual pages where .torrent files can be downloaded, Google has removed ExtraTorrent’s homepage from its search results after this second request.

Talking to TorrentFreak, ExtraTorrent says they are disappointed that Google gave in so quickly. They are considering contacting the search engine to file a counter notice to get the domain reinstated.

Whether the delisting of the homepage will have a pronounced affect on ExtraTorrent’s traffic has yet to be seen, but Hollywood certainly believes this will be the case. As we have pointed out in the past, with precision attacks the MPAA and individual movie studios are increasingly asking Google to remove the homepages of “pirate” sites.

Thus far results have been mixed. Kickass.to, EZTV and 1337x’s homepages are no longer appearing in Google’s search results, but Google refused to delist ThePirateBay.sx and Torrentz.eu as these URLs don’t link directly to copyrighted works.

Unfortunately for ExtraTorrent the Google ban and the domain issues are not the only pushback they’re facing at the moment.

The site is also being blocked by Internet providers in several countries including Italy and Belgium. To help users circumvent these blockades, ExtraTorrent just launched a dedicated proxy on Extratorrentlive.com.

For the time being, the proxy’s homepage is still indexed by Google….

Source: Google Removes ExtraTorrent Homepage From Search Results

Paranoia can be high in the file-sharing world so it will come as no surprise that there are regular rumors that site X or user Y cannot be trusted. While it’s almost certain that on some sites there are staff members who don’t have the community’s best interests at heart, evidence of serious foul play is a rare occurrence.

Today, however, the owner of a file-sharing discussion forum confirmed that his site was actually a pirate honeypot, setup with the aim of gathering otherwise confidential information on uploaders, file-hosts and web companies involved in the piracy ecosystem. Adding insult to injury, that site and the admin’s services have been acquired by a U.S.-based anti-piracy company.

WDF, real name unknown, is the founder of UploaderTalk.com, a web forum designed to attract individuals who like to make money from uploading files to file-hosting sites. Part of the idea is that they join the site and interact with others with similar aims, such as representatives from file-hosting sites touting their affiliate schemes.

UploaderTalk was founded pretty much a year ago today after WDF was banned from a similar but much larger site called WJunction, probably the largest uploader/file-hosting hangout anywhere on the web.

However, WDF wasn’t any old member. After joining up to WJunction in September 2011, WDF later became a moderator then super moderator on the site, meaning that he had access to a lot of private information such as email and IP addresses. The implications for file-hosting sites and uploaders hardly need to be pointed out.

It’s not clear why WDF was eventually removed from WJunction but there was clearly some kind of falling out. Shortly after WDF’s departure around 12 months ago internal leaks of information from WJunction were published on the web, ostensibly from some kind of third party hack.

UploaderTalk reported on these leaks regularly including the November 2012 revelations by Robert King of the StopFileLockers anti-piracy campaign which claimed to contain the identities of WJunction’s owners and backers.

UT, as UploaderTalk became known, was never destined to challenge WJunction as the leading site of its kind. However, in addition to its regular readers, over the past 12 months the site gathered nearly 1,000 fully signed up members of the uploading and file-hosting community. For them today’s announcement will be an unpleasant one.

“UT is now closed. UT was set up for a number of reasons. But mostly to be a sounding board, proof of concept.[.].and to collect data,” WDF said in a statement today.

“That’s right the biggest swerve ever. I, WDF, work for the anti-piracy people! I have collected information on many of you. I collected info on file hosts, web hosts, websites.”

The official announcement from WDF confirmed what many people have suspected for some time – that WDF had been playing on both sides of the fence.

“How is it I was able to protect some sites and people? Because I was working for the other side!” WDF said.

“How is it I knew so many things? Well think about it, I suckered shitloads of you. I built a history, got the trust of some very important people in the warez scene collecting information and data all the time.”

It’s unclear what WDF intends to do with the information obtained so far but for now it has to be presumed that he will be sharing it with his new employer, NukePiracy LLC, a company registered on October 2013 in Nashville, Tennessee.

“So what happens now? I am already working with a different ID, a new persona, and still collecting data. You never know who I will be or where I will turn up. I work for Nuke Piracy now, this is very bad for anyone profiting from piracy,” WDF concludes.

Source: File-Sharing Site Was A Year-Long Pirate Honeypot

Let’s start off by saying that no VPN service can ever guarantee your anonymity 100%. That said, there is good reason to believe that the most secure encryption schemes are nearly impossible to crack.

In theory, however, there’s always a possibility that certain agencies are operating several steps ahead of the game. For example, the NSA and others might be capable of cracking more advanced encryptions when data streams are stored for future decoding.

And then there’s the possibility of VPN providers being forced to hand over customer data. While no-logging policies protect against traditional court orders, things get more complicated when government agencies issue gag orders, such as those contained in United States national security letters.

To explore these issues TorrentFreak talked to BlackVPN, IPredator, Private Internet Access, VikingVPN and TorGuard.

Below is an overview of the responses we received. On the one hand they address which encryption schemes are still safe, and which ones should be avoided. Separately, the U.S. based providers shared their thoughts on the discussions regarding national security letters.

Does encryption still work?

The first question is whether encryption still works. A few weeks ago many VPN users got concerned after they read that the NSA had compromised privacy software and cracked encryption algorithms.

So does that mean VPNs can no longer be trusted? While the various providers all have different opinions, they agree that the most secure encryptions are impossible to crack on the fly. Similarly, most providers warn that PPTP is flawed and should be avoided wherever possible.

BlackVPN

“OpenVPN is the best choice when available on your device. It’s easy to check that your VPN provider is using strong encryption algorithms and keys (like 256bit keys and AES encryption) by looking at the OpenVPN configuration files supplied by your VPN provider. Also it can be configured to use TCP on port 443 which makes it extremely difficult to block as it looks like standard HTTP over SSL traffic.”

“OpenVPN is slightly more effort to setup (download and install a client for Windows, OS X, IOS 5+ & Android 4+) but it should be the default way for most people to connect to their VPN. We have been using OpenVPN securely (2048 bit RSA keys and AES-256) since our beginning in 2009 so previous traffic should still be secure from decryption.”

“L2TP/IPSec is a good choice if you want a quick and easy setup. However the encryption algorithms and keys used depend on your VPN provider and your device, and it is difficult to know if secure or insecure encryption is being used. Your data could be encrypted with AES-256 (more secure) or with 3DES (not secure) and you wouldn’t know. An evil or silly VPN provider could force all clients to use 3DES. Also Windows XP does not support AES and would use 3DES encryption instead.”

“PPTP has known security weaknesses and should only be used as last option or where nothing else works with your device. There are no good reasons to use PPTP unless IPSec traffic is being blocked and you cannot install openVPN on your device. We would recommend only use PPTP if your security and privacy are not a concern – for example if you just want to access websites or content blocked in your country.”

IPredator

Sweden-based IPredator is also clear on the point that PPTP should be avoided by users who are looking for the most secure setup, but in common with many other VPN providers, they still offer these connections.

“We explicitly tell users that PPTP is insecure and that it’s not suitable for privacy related things anymore to protect against a government attacker. We could just turn it off BUT then people would just go to other providers who still offer it, so in my opinion it’s better to educate them.”

According to iPredator, OpenSSL with ECDHE + AES and without RC4 is the most secure option for VPN users at the moment.

TorGuard

According to TorGuard many of the strongest encryptions can still be trusted, and the company sees Open Source Software as a key element to keep intelligence agencies for implementing backdoors.

“Encryption still works and nothing has been mathematically broken. What has been broken is the consumer trust relationship between government and big business. The NSA has attempted to undermine VPN encryption not by brute force or mathematics, but by sabotaging secure technologies at the corporate level.”

“Open source software is in the driver’s seat, everyone else is just along for the ride. Community driven code like what powers OpenVPN is continuously subject to scrutiny, making it virtually impossible for an outside agency to implement a secret backdoor.”

“It is also important to point out that there is no known method that even comes close to breaking 128bit Blowfish encryption. For the ultra-paranoid, TorGuard offers AES-256 bit ‘Stealth’ connections that actually disguise packets as regular HTTP traffic on the network. We will soon be offering these stealth AES-256 connections on all servers as standard options.”

“True privacy in this digital age requires sound cryptography and companies who are willing to back it up – no matter the cost. If we expect to have any privacy in the future, the entrepreneurs and cypherpunks of today must work together in continuing to develop effective privacy solutions for tomorrow.”

National Security Letters

Aside from the worries about broken encryption and backdoors, there’s also the possibility that providers might find themselves served with a national security letter by U.S. security agencies or a foreign equivalent. Yesterday VPN provider CryptoSeal shut its doors in the belief it could no longer guarantee the privacy of its users following the Lavabit ordeal.

TorrentFreak asked three prominent U.S. based VPN providers to share their thoughts on this issue.

Private Internet Access

“Prior to the entire Lavabit ordeal, we had begun reaching out to the EFF, ACLU and FFTF in order to better understand the legal climate in which the internet operates such that we would better understand how we could hedge the company to better protect our ‘way of the internet’. Our CTO/co-founder, who many know as coderrr, the developer of privacy extensions from the early years of Bitcoin, moved out of the US along with our entire admin/development team.”

“Moving or establishing a VPN company outside of the US/EU would do little to protect against these kinds of issues as long as anyone with access to the machines remains within said regions. As such, he and the entire admin/development team are committed to remain outside of the US, and in fact, the team in its entirety are decentralized across the globe in countries that have historically been very reluctant to assist the US. Simultaneously, our research team has been implementing and increasing our available crypto-suite.”

“As for myself [Andrew Lee], I love my country. Please do not misunderstand, as a minority born, raised and living in the US, I am certainly not screaming, ‘MERIKA FUK YAH!’ However, this country has provided a climate in which people can work hard to better their lives and, as well, enjoy great liberties which, in reality, most/many countries fail to match. As such, I, myself, remain in the US in order to help see to it that this country is able to continue/return to being a land of liberty and freedom. To this extent, we’re really putting our money where our mouths are.”

“However, to remain in the US, meant, as well, the relinquishing of my access to the PIA systems/network. Administrators, developers and co-founders everywhere can relate to the difficulty of doing so, but the reality is that it was a requirement if I was to remain here. This policy is in place, and relinquished access I have.”

“With regard to the gag orders, recently a US judge ruled the gag order provision to be unconstitutional, in violation of First Amendment rights. We do consider this to be a win for our side, in our quest to bring our privacy and civil liberties back to levels which we as a society can decide for ourselves. With that said, it’s not the end of the battle, as the ruling is currently being appealed, and as such, no decision is certain at present.”

“However, we’re a company that operates, as we said on our privacy policy, within the spirit and letter of the law. As such, we believe in constitutionally provided privacies and liberties and, to this extent, I’d like to make it unequivocally clear that we will fight any gag order to the fullest extent given that it clearly undermines First Amendment rights and the transparency of governmental interactions with private entities.”

“While I’d like to yell some kind of statement as many have before that most certainly could never be upheld, our customers and TorrentFreak readers deserve to know that we’re fighting to the best of our abilities, within the confines and maturity of the existing societal infrastructure. This is not the only way, but this is currently the best way for us to make a meaningful broad impact.”

TorGuard

“Lavabit’s actions to suspend operations and preserve its client’s privacy were truly inspiring. This serves as an excellent example for other companies to not let big government push them around and stand up by legally challenging unlawful data requests or gag orders. Curbing the power of government surveillance on the corporate sector won’t be easy, but it needs to start now with increased transparency and corporations that take an oath of privacy no matter the cost to business. In Lavabit’s case – if you can’t leave Texas then burn the servers.”

“A big misconception going around is that one’s data is far safer from scrutiny with foreign based corporations. Unfortunately, the US isn’t the only country with a spy agency and they certainly are not confined by domestic borders. We’ve seen countless incidents in the recent past where both domestic and international surveillance agencies abused power to gain access to servers and customer data – no gag order required.”

“Just because a company is incorporated in ‘Timbuktu’ doesn’t mean the third-party data centers they lease servers from won’t open the door when federal agents come knocking. That’s why more transparency is needed on a global scale, not just from US service providers, but also by these international based ISPs, Data Centers, Domain Registrars and Merchant Providers..(the list goes on).”

“While TorGuard does have US-based representation, we are an internationally owned company with 90% of our employees and server resources based abroad. As owner/operator, I’ve pledged an oath of privacy to our client base and I intend to uphold this promise to the best of my abilities, even if it means temporarily suspending services or relocating company assets. We have backup plans for our backup plans, and travel light.”

VikingVPN

“Knowing whether or not a company has been compromised by a national security letter is deceptively simple. All you have to do is ask. Right now, I can confidently say that VikingVPN has not been served a National Security Letter. Feel free to ask me again later. If I don’t reply at some point in the future when you ask me, then you’ll know. See how easy that was?”

“The reason this works is that the Govt. cannot compel you to lie, but they can (apparently) compel you to remain silent. I would actually argue that the national security letters, and indeed the entire PRISM/XKeyScore system are illegal and unconstitutional, but obviously I don’t sit on the FISA court or Supreme Court, so my opinion holds little weight.”

“I would encourage TorrentFreak to reach out to all the US VPN providers and simply ask them if they have received a national security letter. If they don’t reply within a reasonable time-frame you will have your answer. I would even encourage you to keep a running list of VPN providers that reply. You could ask them once a month.”

“Further, VPNs have always been about trust. You’re entrusting your data to the VPN service provider, and hoping they don’t betray you. Any VPN service provider could be secretly logging and passing your data to a 3rd party without your permission. Some of this trust can be gained (or lost) from reputation.”

“Do users of the service report betrayals in the form of legal notices? Some of the trust has to come from knowing just who runs the VPN service. VikingVPN has been very transparent about this. You can see who myself and my partners, Justin Greene & Derek Zimmer, are. You can see that we’re not connected to any Intelligence Agencies or Copyright bodies. You can also view the kinds of political speech we engage in. We’re vehemently anti-spying and anti-PRISM.”

“US VPNs can still be trusted because you can place a honeypot anywhere in the world when it comes to VPN services. The paranoia surrounding US-based VPNs simply is not thought through very well. The UK and Sweden both have similarly intrusive dragnet programs, and there seems to be little concern for VPN services out of those nations. Furthermore, you can save all the packets you want, unless the VPN itself is compromised it isn’t going to matter.”

Conclusion

The conclusion brings us right back to the start of this article. No VPN provider can guarantee that any type of encryption is 100% secure. Hopefully the above has given people some pointers on what to avoid, and what the more secure alternatives are.

But even if people pick the strongest encryption possible, one still has to trust VPN providers to keep his or her data safe, regardless of where the company is located.

Source: How NSA-Proof Are VPN Providers?

In addition to obtaining music from file-sharing networks, those looking for free tracks often get them from so-called tube-rippers, sites and services that transform YouTube videos into downloadable MP3s.

These tools are available in several formats including desktop packages, apps for mobile devices, and more commonly browser-based tools. In mid-2012 YouTube owners Google, believed to be under pressure from the music industry, started to make life more difficult for web-based YouTube converters and some cases issued threats to sue.

While some sites decided to shut down, many others continued business as usual, including the German site YouTube-MP3, one of the largest YouTube ripping services around with around 30 million visits per month. The site has long insisted that it has a right to provide ripping services but having fought off Google it recently found itself up against fresh adversaries.

Three music companies under the umbrella of industry group BVMI challenged YouTube-MP3′s assertion that it operates legally and sued it in the Hamburg District Court. The companies said that while YouTube-MP3 claimed to be offering only a rip-and-download service, there were serious technical issues behind the scenes that rendered the site in breach of copyright law.

YouTube-MP3 claimed that users of its service could enter the URL of a YouTube video and have the site convert and churn out an MP3 for download. Apparently, however, that wasn’t always the way it worked. Once a video had been converted to MP3, that audio was stored on YouTube-MP3′s servers. If another user subsequently entered the same YouTube URL, no conversion or ripping was carried out. They were simply handed a copy of the previously stored MP3 for download.

In a statement sent to TorrentFreak, BVMI said that this was a clear breach of copyright law.

“Contrary to the common assumption that YouTubeMP3 is a streamripper that allows users to record songs from the Internet (much as cassette recorders were used to record music from the radio back in the day), in fact the online converter often simply made the pieces available for download without a license,” BVMI said.

BVMI said that by the time the case had arrived in court last month the owner of YouTube-MP3 had already signed cease and desist declarations and agreed to refrain from reproducing and distributing copyright content.

“The current case provides deep insights into the workings of so-called ‘recording services’
and exposes a trick that not only hoodwinks the rights owners but also misleads the users of
these services,” said BVMI Managing Director Dr Florian Drücke.

“Under the guise of private copying [YouTube-MP3] deceives people into thinking that
everything is above-board, even though the user – unwittingly – avails himself of an illegal download platform. We have for some time pointed out that the vague definition of ‘private copies’ encourages cat-and-mouse games in matters of streamripping, so a clarification at the political level is needed here.”

With the signing of the declarations the Hamburg District Court considered the case closed but ordered YouTube-MP3 to pay everyone’s costs.

TorrentFreak contacted the site’s owner for a comment but as yet we’ve received no response. Presumably life at YouTube-MP3 will continue, but without storing converted MP3s for subsequent download. The end result, of course, is that users of the site will still get ripped MP3s just as they did before, a point not lost on BVMI.

“One thing is clear: this platform, as well as most other streamripper sites, generate considerable advertising income that is not shared with the artists or their partners. This has nothing to do with fairness, nor does it fit with our current digital age, when many music sites – some of them free – can be used perfectly legally on the Internet,” BVMI conclude.

Source: YouTube MP3 Converter Loses Court Battle But The Music Plays On

In years gone by downloading material from file-sharing applications could be a risky occupation. Traditional file-sharing networks such as FastTrack (Kazaa) and Gnutella (LimeWire) became dumping grounds for millions of junk files, many incorrectly named, to the point where shutting them down was the only thing that could save them.

These days things are very much different. Although BitTorrent sharing is carried out mainly in software clients, torrent files themselves are generally obtained from indexes, or torrent sites as most people know them. Not only do these sites carry comments from users which can be read in order to avoid downloading trash, many are policed by teams of moderators who remove junk, fake and malicious files.

But despite the superior moderation of today’s ecosystem, it is still entirely possible to get a file onto a torrent site that isn’t entirely what it seems. That has just been achieved to hilarious effect by film director Johan Kaos, who got past the moderators on the world’s most infamous torrent site to play a never-seen-before prank on its users.

The joke involved Kaos’ just released movie ‘Pornopung‘ (Norwegian slang for “shaven balls”), a Norwegian comedy featuring two pick up artists who share their tricks with a ‘novice’ called Christian, enabling him to become more attractive to the opposite sex.

Those downloading the movie from The Pirate Bay got a decent copy to begin with, but little did they know that it was Kaos himself seeding the video. The director had heavily modified the rest of the movie, as they would soon discover. As can be seen below, after the first 10 mins or so the camera switches to Kaos who filmed himself chatting in his bathroom. Then things get very much worse.

“Hehe. I thought the movie was going to end up on The Pirate Bay sooner or later anyway, so why not be a little ahead?” Kaos told Aftenposten.no.

“The film clip was recorded as an impulse once I sat on the toilet. Actually, I considered filling the remaining 80 minutes by filming my butt, but then I realized how exceptionally bad it was going to be, aesthetically that is.”

So, confronted with the problem of filming something more pleasing to the eye than his own rear end, Kaos said he landed on an idea to delight file-sharers for the remaining 80 minutes of the movie.

“I created a clean-shaven scrotum,” Kaos said. “A little more thematically relevant and easily more aesthetically pleasing, it seems, at least in my opinion.”

Despite his memorable cultural contribution to The Pirate Bay, Kaos says he bears no animosity towards file-sharers.

“In no way do I bear any grudges against people who download my film. It’s just a compliment that people want to see it. I would obviously prefer it if they chose to see it in theaters, since for me as a director it has the most to do with the movie and the best movie experience,” he said.

The director, who is currently backpacking in Laos, says that reaction to the prank has been largely positive.

“Most of the feedback I’ve gotten so far has been from people who have laughed themselves to death, but there have also been some who have been pissed. Well, they certainly can’t accuse me of having given them something they didn’t ask for, when they download a movie called Pornopung,” Kaos concludes.

Anyone wanting to see a 10 min promo of Pornopung followed by 80 mins of Kaos’ shaven extremities can do so here. Have fun.

Source: Pirate Bay Downloaders Trolled By Movie Director’s Shaven Balls