In April 2017, San Francisco resident Ross M. Colby was arraigned in U.S. District Federal Court in San Jose following an FBI investigation into alleged hacking offenses.

The 34-year-old was accused of hacking into several local media websites owned by Embarcadero Media Group including the Palo Alto Weekly and the Almanac. He was charged with intentional damage to a computer, attempted damage, and misdemeanor computer intrusion.

According to the indictment, Colby illegally accessed Embarcadero Media email accounts in July 2015. Then, in September 2015, several of the company’s websites were hacked to display the Guy Fawkes image associated with Anonymous. The message “Unbalanced Journalism for profit at the cost of human right. Brought to you by the Almanac” was also left behind.

Facing more than two decades in prison and fines totaling several hundred thousand dollars, Colby pleaded not guilty and was freed on bail. On May 29, 2018, Colby’s trial began in federal court in San Jose. Palo Alto Online has been reporting (1,2) on the case, which has thrown up something of interest to VPN users.

According to evidence provided by FBI Special Agent Anthony Frazier, between July and September 2015, IP addresses operated by VPN provider Private Internet Access (PIA) were used to access email accounts and systems belonging to Embarcadero Media.

A former Colby roommate claims that the pair discussed computer security and frequently had discussions about the use of VPNs. He had even helped Colby set one up, he said. Last Friday, the San Jose Federal Court also heard that Colby told his roommate that he’d hacked a news website for pay.

Also giving testimony was John Allan Arsenault, general counsel for London Trust Media, the owner of Private Internet Access.

According to Almanac News, Arsenault told the Court that some VPN companies, PIA included, do not retain logs of customers’ Internet activities. This means they are unable to produce useful information in response to a subpoena.

Arsenault told the Court that PIA accepts several payment methods, including cryptocurrency, but doesn’t keep records of customers’ names and addresses. The only thing the company holds is the email address used when the customer signs up. There was no record of Ross Colby signing up to PIA with his two known email addresses, Arsenault said.

“We’re limited to search by what the government gives us. Just because we can’t find it doesn’t mean they didn’t use the VPN service,” he said.

“Someone could create a throw-away (email) account to subscribe to us,” he added.

But while PIA could not connect Colby’s IP addresses to any illegal activity, the same could not be said of other companies. Evidence presented to the Court showed that in addition to the PIA addresses that were used to access the Embarcadero Media email accounts, an IP address belonging to Comcast was also used on 20 occasions.

Records provided by Comcast showed that John Colby, Ross Colby’s father and a retired Massachusetts state trooper, was assigned that particular IP address between June 2015 and October 2015, the date of the FBI’s subpoena to Comcast. John Colby further testified that his son stayed with him for about 10 days in July 2015, a period which coincided with the email breaches at Embarcadero Media.

Evidence provided by the FBI also showed that an IP address used by Ross Colby at his home in San Francisco was used to access Embarcadero accounts, as was an IP address registered to a cafe frequently used by Colby.

The case highlights some important points for those interested in Internet security.

The most interesting for privacy advocates is that this is the second time that Private Internet Access’s “no-logging” policy has been tested in court. Such claims are notoriously difficult to prove but PIA has now passed twice with flying colors.

However, the big lesson is that if an Internet crime is serious enough to involve the FBI, IP address evidence will be just part of the equation, with testimony from family and associates playing a major role too.

The final decision on Colby’s plea lies with the jury, which is yet to render its decision.

—

Disclaimer: PIA is one of our sponsors. This article was written completely independently of that fact, as always.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Online piracy is often portrayed as a simple problem. People download or stream something that’s not theirs because they don’t want to pay.

While this may apply in some cases, the reality is much more complex. In fact, over the years research has repeatedly shown that pirates are often the entertainment industry’s best customers.

Today, there are new findings to back this claim up. And to add some weight, they are released by the London-based anti-piracy company MUSO, which works closely with various copyright holders.

The company conducted a survey among 1,000 UK adults, through CitizenMe, to shed more light on how and why pirates consume content the way they do. The findings are noteworthy, to say the least.

Of all the people surveyed the vast majority, 60 percent, admitted that they illegally streamed or downloaded music, film or TV-shows in the past. This could have been yesterday or even two years ago.

Interestingly, the same pirates often try legal sources first. In fact, 83 percent say they usually try to find what they are looking for through official channels before trying anything else. This suggests that most pirates are also legal consumers.

“The entertainment industry tends to envisage piracy audiences as a criminal element, and writes them off as money lost – but they are wrong to do so,” says Paul Briley, CCO of MUSO, commenting on the findings.

“The reality is that the majority of people who have gone through the effort of finding and accessing such unlicensed content are, first and foremost, fans – fans who are more often than not trying to get content legally if they can.”

The problem appears to be that these pirates often can’t find what they’re looking for through their preferred legal channels. The top reasons for people to ‘pirate’ are that content is not available (34.9%), that it’s siloed or difficult to access (34.7%), or that they can’t afford it (35.2%).

MUSO notes that copyright holders should not dismiss the pirate audience as these people are actually engaged and valuable consumers. Instead, the entertainment industries should look for better ways to serve this crowd.

In recent years Hollywood has already made a lot of effort to make content available online. And while Netflix and other streaming services have made a positive impact, they’re not a silver bullet.

MUSO’s survey reveals that 91% of all pirates already have a streaming subscription, such as Netflix, Amazon Prime, Spotify or Apple Music. That’s more than their non-pirating counterparts, of which less than 80% subscribe to one of these services.

The problem is that people sometimes need over a dozen separate subscriptions to access all the content they want. There’s no single service that offers everything in one place. This is one of the main reasons why piracy is still very relevant.

“There is a prevailing myth that streaming services have killed piracy, but unfortunately this just isn’t the case,” Briley notes.

“While streaming services have made huge amounts of content more readily available, it’s still siloed. The results of this survey demonstrate that if the show consumers are looking for isn’t available on their particular on-demand service, they will turn to unlicensed alternatives because it is too expensive to subscribe to every single service.”

MUSO’s previous research has shown that streaming piracy remains on the rise and this trend could continue going forward, for video at least.

While people’s reasons to pirate are clear, the solution is not as straightforward. Simply offering all content under one roof might solve the piracy problem, but it doesn’t automatically mean that more revenue will come in.

The film industry, in particular, relies heavily on complex rights deals, windowed releases, and exclusivity agreements. And with Disney launching its own streaming service, this may only get worse.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

For more than two decades, The Software Alliance (BSA) has supported major software companies such as Adobe, Microsoft, and Symantec in their battle against piracy.

The industry group is involved in legal action and lobbying efforts, but it also keeps an eye on the latest developments in the use of pirated software.

This week BSA published the latest edition of its “Global Software Survey” which reveals the various piracy rates around the world. According to the report there’s good news since software piracy is decreasing.

The survey, which only looks at PC software, shows that piracy rates worldwide dropped to 37 percent in 2017, down from 39 percent two years earlier. The commercial value of the pirated software dropped by 8 percent, to $46.3 billion globally.

While this is a positive sign for the industry, BSA tempers the optimism by pointing out that piracy remains widespread.

“Despite a global two-point drop in unlicensed software installation rates during the last two years, unlicensed software is still being used around the globe at alarming rates, accounting for 37 percent of software installed on personal computers.

“Although the overall commercial value of unlicensed software has also been declining, the majority of all countries in the survey still have unlicensed rates of 50 percent or higher,” BSA notes.

The organization has a point. Looking at the various piracy rates we see enormous differences from country to country.

In the US, for example, ‘only’ 16 percent of software is used without permission, but in other parts of the world, rates are well over 80 percent. In countries where the average consumer has little money to spend, piracy rates are often very high.

This includes many African countries, such as Libya, where 90 percent of all software is used without permission. The same is true for Eastern Europe and Asia, where Armenia, Belarus, Bangladesh, Pakistan, and others have piracy rates above 80 percent.

Piracy rates in the Asia Pacific and Central/Eastern Europe regions

According to BSA, these high piracy rates hinder economic growth. At the same time, they could also subject people to malware risks, as more pirated software is correlated with more malware, the group warns.

“These high rates don’t just delay the local economic benefits that are associated with thriving technology use, they impede growth in a company’s bottom line and induce unprecedented security risks,” BSA notes.

Interestingly, not everyone sees piracy as something inherently bad.

Previously, BSA’s own numbers were used by the African Governance and Development Institute to show that piracy increases literacy and the spread of knowledge.

Similarly, in 2007 Traian Băsescu, Romania’s President at the time, said that piracy actually helped locals to develop computer skills.

“Piracy helped the young generation discover computers. It helped Romanians improve their creative capacity in the IT industry, which has become famous around the world,” he told Bill Gates.

BSA clearly sees things differently. To reduce piracy even further the organization hammers on the security risks, while encouraging governments to modernize laws, facilitate enforcement, and increase public awareness.

—

A copy of The Software Alliance’s latest Global Software Survey is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

On May 4, 2016, Scott Sikes, a Special Agent with the Department of Homeland Security, was engaged in a child abuse investigation.

Acting undercover, Sikes was monitoring a channel on Internet Relay Chat (IRC) when a suspect posted a link. When Sikes opened it he discovered an image of child pornography.

Sikes struck up a one-on-one chat session with the suspect who subsequently posted three more links, each containing the same kind of material. It was later discovered that the suspect had posted 17 other links leading to similar abuse imagery.

Having captured the suspect’s IP address (209.197.26.72), Sikes traced it back to Highwinds Network Group, a cloud storage, CDN, and colocation company that is perhaps best known among file-sharers for its massive Usenet-related business.

Homeland Security followed up by issuing a Summons for Records on Highwinds, demanding that it hand over the details of the user behind that IP address at the times the IRC user posted the links.

Although not directly mentioned by name in court documents, at the time Highwinds owned the VPN provider IPVanish, a company that has repeatedly claimed to carry zero logs relating to its customers’ activities. It appears that the suspect tracked by Homeland Security was an IPVanish customer but any hope he would remain anonymous was soon dismissed.

On May 26, Highwinds responded to the summons, confirming that the IP address belonged to its VPN service. Initially, the company told HSI that to protect customer data, “we do not log any usage information. Therefore, we do not have any information regarding the referenced IP.”

However, after Sikes contacted Highwinds again, the company suggested that HSI submit a second summons requesting more detailed subscriber information.

On June 9, 2016, HSI served a second summons on Highwinds, requesting “any data associated with IRC traffic using IP 209.197.27.72, port 6667.” On June 21, Highwinds came up with the goods.

In a response to HSI, Highwinds provided information which allowed HSI to identify the suspect connecting to the VPN server, connecting to the IRC server, and then disconnecting from the VPN server. Highwinds also handed over the suspect’s name (Vincent Gevirtz), his email address, plus details of his VPN subscription.

Also made available to HSI was Gevirtz’s real IP address (Comcast 50.178.206.161) “as well as dates and times [he] connected to, and disconnected from, the IRC network,” times which coincided with the activity being investigated by HSI.

HSI then issued a summons on Comcast, requesting customer information on the IP address in question. Comcast responded three days later with a slightly different name – Julian Gevirtz – plus an address in Indiana. Vincent Gevirtz was subsequently found at that address with his parents and later admitted to the conduct carried out in the IRC channel. He further admitted to having shared images of abuse online for at least seven years.

While there will be few people disappointed that Gevirtz was tracked down by HSI, there was considerable uproar yesterday when the court documents were posted to the /r/piracy discussion page on Reddit.

IPVanish has always been extremely vocal about its no-logging policies but the court documents in the Gevirtz case appear to show that the company logged extensively, apparently down to what services were accessed and when.

So, with this apparent contradiction in hand, TF contacted StackPath, the company that bought Highwinds and therefore IPVanish back in 2017. How can its “zero logs” policy exist alongside the handing over of so much information?

“We are glad you asked. That lawsuit was from 2016 – long before StackPath acquired IPVanish in 2017,” said Jeremy Palmer, Vice President, Product & Marketing.

“IPVanish does not, has not, and will not log or store logs of our users as a StackPath company. I can’t speak to what happened on someone else’s watch, and that management team is long gone. But know this – in addition to not logging, StackPath will defend the privacy of our users, regardless of who demands otherwise.”

It’s pretty clear from this statement that StackPath doesn’t want to get into what went before and at least to a degree, that’s understandable. That being said, these things must have some kind of paper trail – logs if you like – that document what went on and who was responsible. So we asked again, this time tacking on some more questions to try and nail things down.

We began by asking about the general logging policies of IPVanish before StackPath took over. Clearly, if the old policy was to log (as the court papers suggest), at some point StackPath must’ve seen those policies and realized they were incompatible with their new approach to privacy. If that was the case, what were the old policies and when were they revised to StackPath standards?

“I can’t speak on behalf of the former executive or legal team (involved in this issue) as they are no longer part of Highwinds Network Group, and haven’t been since the acquisition,” Palmer reiterated.

“It’s impossible for me to speculate or comment about what may have happened under different ownership/management. We don’t keep VPN logs [now]. We value our customer’s privacy above everything else.”

The problem here is that at least as far as the IPVanish privacy statements go, the old policies are exactly the same as the new ones – no logs. Clearly, something has to give. At this point, Palmer provided us with a statement from StackPath CEO Lance Crosby.

Crosby is an industry heavyweight, there is little doubt about that. Founder, CEO and Chairman of Softlayer until its sale to IBM in 2013, Crosby was also former COO of ThePlanet. He doesn’t offer any clear proof but says that the HSI case could’ve been a one-off.

“At the time of the acquisition 2/6/17, the StackPath team and a third party performed due diligence on the platform. No logs existed, no logging systems existed and no previous/current/future intent to save logs existed,” Crosby says.

“The same is true today. We can only surmise, this was a one time directed order from authorities. We cannot find any history of logging at any level. Your privacy is paramount and we will fight any persons or government agencies seeking to infringe upon such.

“I can’t speak to what happened on someone else’s watch but Technology is my life and I’ve spent my career helping customers build on and use the Internet on their terms. StackPath takes that even further — security and privacy is our core mission. I also happen to be a lawyer and I will spend my last breath protecting individuals’ rights to privacy, especially our customers,” he concludes.

While having Crosby’s word on a no-logging future carries weight, we are sadly no closer to finding out what happened back in 2016. There is no mention in the court documents of the one-time logging scenario outlined above although that is certainly possible. The big question of whether it could happen again is up for debate.

Moving forward, IPVanish says it is committed to its ‘no-logging’ policy and says that the difference today is a “completely different management team” and a CEO who is “a strong privacy advocate” who “built StackPath on this foundation.”

IPVanish is the latest high-profile VPN to have provided information to the authorities after earlier claiming security for their users. Back in 2011, HideMyAss handed over information that would help to jail LulzSec hacker Cody Kretsinger. Last year it was revealed that PureVPN helped the FBI catch a cyberstalker.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

September 2016, the European Commission published its proposal for a modernized copyright law. Among other things, it proposed measures to require online services to do more to fight piracy.

Specifically, Article 13 of the proposed Copyright Directive will require online services to track down and delete pirated content, in collaboration with rightsholders.

The Commission stressed that the changes are needed to support copyright holders. However, many legal scholars, digital activists, politicians, and members of the public worry that they will violate the rights of regular Internet users.

Last month the EU Council finalized the latest version of the proposal. This means that the matter now goes to the Legal Affairs Committee of the Parliament (JURI), which must decide how to move ahead. This vote is expected to take place in two weeks.

Although the term “filter” is commonly used to describe Article 13, it is not directly mentioned in the text itself.

According to Pirate Party Member of Parliament (MEP) Julia Reda, the “filter” keyword is avoided in the proposal to prevent a possible violation of EU law and the Charter of Fundamental Rights. However, the outcome is essentially the same.

In short, the relevant text states that online services are liable for any uploaded content unless they take “effective and proportionate” action to prevent copyright infringements, identified by copyright holders. That also includes preventing these files from being reuploaded.

The latter implies some form of hash filtering and continuous monitoring of all user uploads. Several companies, including Google Drive, Dropbox, and YouTube already have these types of filters, but many others don’t.

A main point of critique is that the automated upload checks will lead to overblocking, as they are often ill-equipped to deal with issues such as fair use.

“The proposal would require platforms to filter all uploads by their users for potential copyright infringements – not just YouTube and Facebook, but also services like WordPress, TripAdvisor, or even Tinder. We know from experience that these algorithmic filters regularly make mistakes and lead to the mass deletion of legal uploads,” Julia Reda tells TF.

“Especially small independent creators frequently see their content taken down because others wrongfully claim copyright on their works. There are no safeguards in the proposal against such cases of copyfraud.”

Besides affecting uploads of regular Internet users and smaller creators, many businesses will also be ‘hit’. They will have to make sure that they can detect and prevent infringing material from being shared on their systems.

This will give larger American Internet giants, who already have these filters in place, a competitive edge over smaller players and new startups, the Pirate Party MEP argues.

“It will make those Internet giants even stronger, because they will be the only ones able to develop and sell the filtering technologies necessary to comply with the law. A true lose-lose situation for European Internet users, authors and businesses,” Reda tells us.

Based on the considerable protests in recent days, the current proposal is still seen as a clear threat by many.

Tell your MEP…

In fact, the “Save your Internet” campaign, backed by prominent organizations such as Creative Commons, EFF, and Open Media, is ramping up again. They urge the European public to reach out to their Members of Parliament before it’s too late.

“Should Article 13 of the Copyright Directive proposal be adopted, it will impose widespread censorship of all the content you share online. The European Parliament is the only one that can step in and Save your Internet,” they write.

The full Article 13 text includes some language to limit its scope. The nature and size of online services must be taken into account, for example. This means that a small and legitimate niche service with a few dozen users might not be directly liable if it operates without these anti-piracy measures.

Similarly, non-profit organizations will not be required to comply with the proposed legislation, although there are calls from some member states to change this.

In addition to Article 13, there is also considerable pushback from the public against Article 11, which is regularly referred to as the “link tax.”

At the moment, several organizations are planning a protest day next week, hoping to mobilize the public to speak out. A week later, following the JURI vote, it will be ‘judgment day.’

If they pass the Committee the plans will progress towards the final vote on copyright reform next Spring. This also means that they’ll become much harder to stop or change. That has been done before, such as with ACTA, but achieving that type of momentum will be a tough challenge.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.