Despite the increased availability of legal options, millions of people still stream, rip, or download MP3s from unofficial sources.

These sites are a thorn in the side of the RIAA, one of the music industry’s leading anti-piracy outfits. 

The RIAA has a long history of going after, what it sees as, pirate sites. The problem, however, is that many owners of such sites operate anonymously. The group, therefore, often has to turn to third-party intermediaries to find out more. 

While some services may be willing to voluntarily share information with the music industry group, many don’t. Cloudflare falls into the latter category. While the CDN service does voluntarily reveal the true hosting locations of some of its users, it doesn’t share any personal info. At least, not without a subpoena. 

Luckily for rightsholders, getting a subpoena isn’t very hard in the US. Under the DMCA, copyright holders only have to ask a court clerk for a signature to be able to demand the personal information of alleged copyright infringers. That’s exactly what the RIAA did last week. 

In a letter sent by Mark McDevitt, the RIAA’s vice president of online anti-piracy, the music group informs Cloudflare that it requests personal details including names, addresses and payment information relating to the operators of six domains, which are all Cloudflare users. 

The domains in question include those connected to the file-hosting site DBREE,  music release site RapGodFathers, file-host AyeFiles, and music download portal Plus Premieres. The sites are accused of sharing copyrighted tracks from artists such as Pink, Drake, and Taylor Swift.

“We have determined that users of your system or network have infringed our member record companies’ copyrighted sound recordings. Enclosed is a subpoena compliant with the Digital Millennium Copyright Act,” the RIAA’s McDevitt writes.

“As is stated in the attached subpoena, you are required to disclose to the RIAA information sufficient to identify the infringers. This would include the individuals’ names, physical addresses, IP addresses, telephone numbers, e-mail addresses, payment information, account updates and account history.”

The RIAA stresses that the mentioned files are offered without permission and it asks Cloudflare to consider the widespread and repeated infringing nature of the sites and whether these warrant a termination under its repeat infringer policy. 

At the time of writing the sites are still using Cloudflare’s services. However, the allegedly infringing files are no longer available. These were presumably removed by the site owners.

There is no obvious connection between all the targeted sites. However, RapGodFathers is a familiar name when it comes to anti-piracy enforcement. Nearly ten years ago, the site was targeted by the U.S. Government, but the name is still around today.  

It is unclear what RIAA plans to do with the requested information. It could form the basis of a legal complaint, but the music group may also use it to contact the site operators more directly. The letter only mentions that the information will be used to protect the rights of RIAA member companies.

“The purpose for which this subpoena is sought is to obtain the identities of the individuals assigned to these websites who have reproduced and have offered for distribution our members’ copyrighted sound recordings without their authorization.

“This information will only be used for the purposes of protecting the rights granted to our members, the sound recording copyright owner, under Title II of the Digital Millennium Copyright Act,” the letter adds.

What this “protection” entails remains a mystery for now. 

While the court clerk signed the DMCA subpoena, Cloudflare still has the option to object, by asking the court to quash it. However, thus far there are no signs that the company plans to do so.

—

A copy of the letter RIAA sent to Cloudflare, obtained by TorrentFreak, is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Late April the Digital Citizens Alliance, which regularly campaigns against online piracy, published results of a study into ‘pirate’ online streaming apps.

Carried out by network security company Dark Wolfe Consulting, the report placed focus on popular Android-based streaming app Mobdro.

The report claimed that Mobdro carries out a number of malicious acts, including the stealing of wifi names and passwords. It also allegedly accessed other media content and legitimate apps on the researchers’ network. According to the study, Mobdro acted in other suspicious ways too, ones not authorized by the user.

Over the past several days, TorrentFreak put every single allegation to the developers behind the official Mobdro software who were happy to answer our questions. In short, they either completely dispute or give explanations for every claim made against them.

TF: Does Mobdro attempt to steal users’ wifi names and passwords?

Mobdro: It’s impossible that our app reads wifi passwords because first of all, it is impossible for an Android app to read wifi passwords or any sensitive system data without the device being rooted. So the user would have to root his device first, so that statement is completely ridiculous.

Basically, no Android application can read files outside of its working directory. In the case of wifi passwords, they are stored in the /data directory of the Android device. This folder is not readable unless you have a rooted [device], because it’s a protected system directory.

TF: To be clear, does Mobdro attempt to get a wifi password from a rooted device?

Mobdro: No, the app does no attempt to get wifi passwords on any device. Rooted or non-rooted, the app does not try to get any wifi password. It can be shown via a simple test. Get a rooted device and if Mobdro tries to read protected data, then the rooted device would prompt you to allow or disallow Mobdro root access. As simple as that.

But the burden of proving something does not rely on us, it relies on [the researchers]. They should prove that the app does what they accuse us of doing.

TF: The researchers’ next big claim is that Mobdro tried to access media content and other legitimate apps on the researchers’ network. Is that true?

Mobdro: The only permission required in the app is to access external storage [TF note: An earlier permission to access location is no longer required]. [The external storage] permission is used to save updates in the external storage of the device because Android only allows installations of APKs when they are located in external storage (for off-store apps like Mobdro).

Also, this permission is used to download/cast streams when the user chooses to do that. Unfortunately, Google gives the read external storage permission a name that leads to confusion, like the app could access your files and modify them etc. But the folder [Mobdro] accesses is a folder located under /sdcard/Mobdro where it downloads APK updates, streams or files necessary for casting.

TF: The researchers say that Mobdro “port knocks” which they explain as a “process to look for other active malware.” They also said Mobdro accepted commands but admitted that since they were “either encrypted or encoded” it made it “difficult to analyze for infection.” What are they talking about?

Mobdro: To protect against unofficial versions [TF note: Mobdro is often cloned and modified by third-parties] we have some anti-tampering measures. One of them was to detect the presence on the user device of the Frida toolkit.

This is a kit used by ‘crackers’ to remove the SSL certificate we use to [securely] communicate with the servers that host the API. When they break this protection they then release their unofficial versions.

In past versions (prior to 2.1.34) we tried to detect the presence of the Frida toolkit in the user device and one of the methods to try to detect Frida was to try to connect to the port that Frida uses in the device. If a connection was succesful we enabled anti-tampering measures.

In newer versions, we no longer have these anti-tampering measures because we found a way to make it very difficult to break the SSL protection within the app.

TF: The study claims suggests that Mobdro can receive potentially malicious commands “through movie streams”. What’s the official response to that claim?

Mobdro: We don’t know what they are talking about here. Some commands from a movie stream….encrypted…Does not make sense to us to be honest.

When Mobdro gets a video stream, it fires a video player that uses the FFmpeg API and that’s it. The result is the stream being displayed on the phone, tablet or Android TV.

TF: The study says that it’s also possible for a “threat actor” to log in to a user’s device via Mobdro and then navigate away from the device to the Internet, effectively posing as the user online.

In our initial report, we noted that this is probably referencing Mobdro’s use of the Luminati network, as used by the proxy app Hola, something highlighted in Mobdro’s EULA. Anything to add?

Mobdro: We have included a mode called NO ADS mode, in which the user accepts to be a peer in the Luminati Network. The default mode is and will be ADS mode.

If the user does not want to see ads, the user has the possibility to not see them in exchange for their network resources under certain circumstances that are explained before accepting to be a peer. The user has to click and accept the Luminati EULA that is prompted when the user clicks on ‘remove ads’ before enabling the NO ADS mode.

Mobdro final comment: We are busy enough trying to keep the app afloat without doing these crazy things that they accuse us of. But again, they should show the proofs that the app is doing these crazy things.

What they describe maybe could be done if we were founded by a government [agency] like the CIA or the Mossad and we were looking to infect and destroy nuclear centrifuges. [END]

Whether the researchers will provide more information to back up their claims remains to be seen. If the source material that led them to publish the claims against Mobdro (and indeed other applications) was made publicly available, it would certainly help to clear up the confusion and ambiguity.

It would also allow anti-virus and anti-malware companies to do their own analysis and publish their findings too. Currently, we are not aware that Mobdro triggers malware warnings with leading vendors, which either means it doesn’t contain malware, or these products are missing something serious.

At this point, it’s down to simple faith as to who one believes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

This week we have two newcomers in our chart.

Avengers: Endgame is the most downloaded movie.

The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are Web-DL/Webrip/HDRip/BDrip/DVDrip unless stated otherwise.

RSS feed for the articles of the recent weekly movie download charts.

This week’s most downloaded movies are:

Movie Rank	Rank last week	Movie name	IMDb Rating / Trailer
Most downloaded movies via torrents
1	(1)	Avengers: Endgame (HDCam)	9.1 / trailer
2	(5)	Cold Pursuit	6.4 / trailer
3	(3)	Glass	6.9 / trailer
4	(8)	Aquaman	7.7 / trailer
5	(…)	Extremely Wicked, Shockingly Evil and Vile	6.8 / trailer
6	(…)	Avengers: Infinity War	8.5 / trailer
7	(2)	What Men Want	4.7 / trailer
8	(6)	Captain Marvel (HDTS)	7.2 / trailer
9	(4)	Escape Room	6.4 / trailer
10	(7)	How to Train Your Dragon: The Hidden World	7.8 / trailer

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

A few days ago the United States Trade Representative (USTR) published its latest overview of ‘notorious markets’.

The annual publication highlights some of the most problematic ‘piracy’ websites, as pointed out by copyright holders. It includes torrent sites, streaming platforms, as well as stream-rippers.

The goal of the list is to motivate foreign governments to take action against these websites. This type of diplomatic pressure is not new. In fact, a similar tactic was used more than a decade ago, when the US urged Sweden to take out The Pirate Bay.

The USTR’s list of ‘notorious markets’ also called out hosting providers that do not properly respond to takedown notices. To some, the overall impression may be that pirate sites are mostly hosted by ‘shady’ companies operating from ‘exotic’ locations. This, however, isn’t true.

A recent analysis by Volker Rieck and Jörg Weinrich of the German anti-piracy publication WebSchauder shows that most of the top pirate sites appear to be hosted by US companies

The research looked at the domain names for which Google received most takedown requests, assuming that these are infringing websites. From the top 5,000 domain names, 3,645 were still active, and the authors of the report then looked up where they are hosted. 

A massive chunk of these domains, 41.9 percent to be precise, use Cloudflare. While this is a US-based company, it’s not technically a hosting service, and for outsiders, it’s hard to identify the true hosting locations of these sites.

That leaves a little over 2,000 domain names. The WebSchauder authors determined the hosting provider for each of these, which resulted in some rather interesting findings.

As it turns out, more than a third of all the remaining ‘pirate’ domains were hosted by US companies. This applies to the public facing front of the sites but data may also be hosted elsewhere. Amazon is the most popular US-based host, with 7.1% of the non-Cloudflare domains, followed by Confluence Networks and NameCheap, with 6% and 4% respectively. 

And then there’s Europe. Following in the footsteps of the US, the EU also launched its own notorious markets report, again, highlighting pirate websites that are presumably the responsibility of foreign authorities. However, it turns out that many pirate sites are also hosted in the EU.

The most popular host of all ‘pirate’ sites is the Dutch hosting provider LeaseWeb, with more than 13% of the sites, 289 to be precise. It’s no surprise that the Netherlands is in second spot, behind the US, looking at the headquarter location of the hosting companies. 

Together, WebSchauder found that hosting providers in the US and the Netherlands are good for 59% of all the non-Cloudflare protected ‘pirate’ site domain names. 

Of course, hosting companies are not automatically liable for everything their clients do. When they categorically ignore complaints, they may be held liable, but that’s something a court must decide. As such, it may be perfectly fine to host these sites.

Still, it’s odd that the US and the EU keep pointing fingers at other countries when the majority of the pirate sites are hosted in their jurisdictions. This is welcome ammunition for rightsholders and sites such as WebSchauder. 

“Both the EU and the US should first sweep their own farm before complaining again and again in long reports of notorious disturbers abroad,” the WebSchauder report reads.

“The problem of unregulated distribution does not take place exclusively in exotic countries but predominantly in Western Europe and the USA. If you want to solve it, you have to start here and finally assign responsibility to the datacenters.”

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Getting the public to stop downloading movies, TV shows, music, software, and other content from the Internet is a huge task.

For at least two decades, the public has been presented with Public Service Announcements (PSA) aimed at doing just that, but nothing seems to do the trick.

Most readers will be familiar with the “Piracy, It’s a Crime” campaign from 2004. It was so over the top it ended up becoming its own meme (before memes had a name) and was eventually lampooned by the IT Crowd.

With this experience in the bank, one would’ve thought that people producing these PSAs might get the message that scare tactics don’t work. However, year after year similar ads have appeared, most of which had the same non-effect on the public but perhaps with fewer laughs.

Reaching out to people to prevent them doing what many perceive as a victimless crime is difficult. But even when PSAs focus on this very aspect, that creators and the entertainment industry can suffer due to piracy, few get even close to the mark.

These days much effort seems to be centered around convincing pirates that they’ll have their devices reduced to virus-infested junk while “cybercriminals” pillage their networks and empty their bank accounts. These are classic scare tactics that work no better than most sex infection videos pumped out in the 80s.

The problem is that while in some cases people might indeed experience malware, few pirates know anyone who has experienced such a thing to the degrees stated. That means that once there’s no evidence to the claims, people simply ignore the entire message and discard it as pure propaganda.

Another issue centers around the over-dramatization of the effects of piracy. Constant claims that films or music won’t be made anymore is already provably false – one only has to look around at all the legal services today for evidence of that.

Furthermore, the average pirate really doesn’t make the connection between piracy and “real” crime, a point overlooked by this recent PSA from Film Ireland. It manages to pack in plenty of drama while also threatening the end of the movie industry.

While the above may have some effect on casual pirates, the fact that it currently has less than 400 views on YouTube shows, bluntly, that no one cares about this type of PSA. There are zero comments too, which seems to show that it’s not even controversial. Cruelly, perhaps, it’s quite boring.

The problem is that the vast majority of ads and campaigns fail to see the issue of piracy from the user’s perspective. Hardcore pirates are unlikely to be moved to “correct” their ways no matter what they see, but there’s a huge population of casual and potential pirates that, given a bit of thought, might reconsider.

Given these people make up the bulk of the entire media-consuming public, a new anti-piracy PSA produced by content-awareness group Agorateka in conjunction with the EU Intellectual Property Office caught our attention.

Instead of all the scare tactics, they appear to have sat down and actually considered what the average person (who isn’t highly proficient in piracy techniques) might encounter when looking for content to watch online. In fact, it doesn’t mention piracy directly at all and instead focuses on the end goal – getting people to use legal sites.

In summary, the PSA seems to suggest that regular Internet users and casual, non-technical pirates have a choice. They can spend a long time looking around trying to sort the wheat from the chaff, or they can go straight to a legal source and enjoy content immediately.

There’s no malware suggested, no decaying cinemas, no dying actors, and no police raids. Piracy itself doesn’t even get a mention.

Of course, there will be no shortage of people viewing the video noting that it only takes them a few minutes to find whatever they want on their favorite pirate sites, so this doesn’t apply. There’s no arguing with that, but skilled pirates do not make up the bulk of the public.

So what this video attempts to do, it appears, is ask the viewer a simple question – what do you value more? Is time your most precious commodity or are a few euros, dollars or pounds spent online each month an effective trade? For many, especially those with the cash to spare, time can invariably come out on top.

The message may even ring true with some proficient pirates too.

Many reports show that pirates have access to Netflix or similar services, so it seems unlikely that many will head over to the nearest streaming site or legally questionable platform when the legal variant is so much more simple. Kodi add-ons might be the weapon of choice for some ordinarily, but none guarantee a flawless trip.

In short, the PSA won’t be for everyone but it’s definitely not annoying, it’s non-judgmental, and it doesn’t come over as propaganda. It merely suggests that an easy and quick alternative to piracy are legal resources and they can be found via the Agorateka portal.

That’s a great starting point for those who want to prevent people from downloading a car but don’t want to alienate them.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.