Two years later, however, the case collapsed and the men were free to go. Now, more than three years on, the FileSoup domain has been resurrected.

It’s a search engine / proxy, but not as we know it

The new site has no connections to the original owner, but there are several unique aspects to the relaunch of FileSoup that make for an interesting project.

On a basic level FileSoup acts as a meta-search engine variant. It covers four major torrent sites – The Pirate Bay, KickassTorrents, Torrentz and ExtraTorrent – each selectable via a drop-down box. It also acts as a reverse proxy for these sites to unblock them in countries where they are inaccessible, the UK for example.

Improving on search results

But FileSoup is no ordinary proxy. Instead of simply mirroring the content it finds on sites such as KickassTorrents, it actually attempts to improve on the results by caching third party site indexes.

“Let’s say Kickass.to receives a [DMCA] notice and deletes the content. We are not simply proxying but also caching the site. This means we can provide the page content even if Kickass.to has deleted the URL due to a DMCA complaint,” FileSoup informs TorrentFreak.

So in theory (and given time to cache – the site is still getting off the ground), FileSoup should be able to provide access to content previously taken down from other sites it proxies. To see whether it’s anywhere near to that goal, we conducted a search for one of the most talked-about franchises of the year – Expendables.

The images below show the results from FileSoup and KickassTorrents for exactly the same search. FileSoup returned 139 results while KickAss returned 115. Also notable, aside from the inserted ads, is the prominence of highly-seeded Expendables 3 results in the top placed positions on FileSoup.

Other searches produced varied results but since FileSoup is just getting off the ground it will need more time to cache significant amounts of taken-down content. But what happens when FileSoup itself is subjected to takedown notices of its own?

“When FileSoup receives a DMCA abuse notice we create a new URL address for the same content. After that this URL lives till the next DMCA abuse notice,” the team explain.

The Necromancer – using Google DMCA notices bypass Google’s takedowns

The operators of FileSoup also addressed indirect search engine takedowns. Every week rightsholders force Google to remove torrent listings from its search results. For this problem FileSoup says it has a solution, and a controversial one it is too.

The team behind the site say they have developed a web crawler designed to pull the details of content subjected to DMCA notices from two sources – Google’s Transparency Report and the Chilling Effects Clearing House. From here the links are brought back to life.

“We created a technology that crawls DMCA notices and resurrects the torrent webpage under a different URL so it can appear in search results again. It was rather complicated to sharpen it, but eventually it works pretty well. We will use it on FileSoup.com for all the websites we proxy,” FileSoup explain.

“It will lead to a situation when KickaAss.FileSoup.com (for example) will have more pages indexed in Google than the original Kickass.to because we will revive pages banned by DMCA within Google search results. We call this technology the Necromancer.”

The idea of manipulating publicly available sources of copyright notices to reactivate access to infringing content is not new but this is the first time that a site has publicly admitted to putting theory into practice. Whether FileSoup will be able to pull this off remains to be seen, but if it does it could signal the biggest game of whac-a-mole yet.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

As a hosting provider and search engine Google inadvertently plays a role in distributing the compromising shots, much to the displeasure of the women involved.

More than a dozen of them sent Hollywood lawyer Marty Singer after the company. Earlier this month Singer penned an angry letter to Google threatening legal action if it doesn’t remove the images from YouTube, Blogspot and its search results.

“It is truly reprehensible that Google allows its various sites, systems and search results to be used for this type of unlawful activity. If your wives, daughters or relatives were victims of such blatant violations of basic human rights, surely you would take appropriate action,” the letter reads.

While no legal action has yet been taken, some celebrities have also sent individual DMCA takedown requests to Google. On September 24 Jennifer Lawrence’s lawyers asked the search engine to remove two links to thefappening.eu as these infringe on the star’s copyrights.

This means that both the thefappening.eu main domain and the tag archive of Jennifer Lawrence posts no longer appear in Google’s search results.

Whether this move has helped Lawrence much is doubtful though. The site in question had already redirected its site to a new domain at thefappening.so. These links remain indexed since they were not mentioned in the takedown request.

The good news is that many of Lawrence’s pictures are no longer hosted on the site itself. In fact, the URLs listed in the takedown request to Google no longer show any of the infringing photos in question, so technically Google had no obligation to remove the URLs.

A prominent disclaimer on the site points out that the operator will gladly take down the compromising photos if he’s asked to do so. Needless to say, this is much more effective than going after Google.

Photo via

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

A few days ago Google received a request to remove links to Kate Upton’s stolen photos The request was not sent by Upton but by her boyfriend Jason Verlander, who also appears in a few of the leaked images.

The notice includes hundreds of URLs of sites such as thefappening.eu where the photos are hosted without permission.

It’s quite unusual for Google’s takedown team to be confronted with a long link of naked celebrity pictures. This may explain why it took a while before a decision was reached on the copyright-infringing status of the URLs, a process that may involve a cumbersome manual review.

Yesterday the first batch was processed and interestingly enough Google decided to leave nearly half of all URLs untouched. The overview below shows that with 16 of the 444 links processed, only 45% were removed.

The big question is, of course, why?

Verlander’s takedown request

Google doesn’t explain its decision keep the links in question in its search results. In some cases the original content had already been removed at the source site, so these URLs didn’t have to be removed.

Other rejections are more mysterious though. For example, the thefappening.eu URLs that remain online all pointed to stolen images when we checked. Most of these were not nudes, but they certainly weren’t posted with permission.

One possible explanation for Google’s inaction is that Verlander most likely claimed to own the copyright on the images, something he can only do with pictures he took himself. With Upton’s selfies this is hard to do, unless she signed away her rights.

While browsing through the reported URLs we also noticed another trend. Some sites have replaced Upton’s leaked photos with photos of other random naked women. Google’s takedown team apparently has a sharp eye because these were not removed by Google either.

Chilling Effects, who host Google’s takedown requests, just posted a redacted version of the original notice with Upton’s name removed. Unfortunately this doesn’t offer more clues to resolve this takedown mystery, so for now we can only guess why many of the links remain indexed.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

But in early 2012, following a huge backlash from the public and technology sector, the dream turned into a nightmare. SOPA was not only dead and buried, but Hollywood had made new enemies and re-ignited old rivalries too.

In the period since the studios have been working hard to paint the technology sector not as foes, but as vital partners with shared interests common goals. The aggressive rhetoric employed during the SOPA lobbying effort all but disappeared and a refocused, more gentle MPAA inexplicably took its place.

Yesterday, in ongoing efforts to humanize the behind-the-scenes movie making industry as regular people out to make a living, “Beyond the Red Carpet: TV & Movie Magic Day” landed on Capitol Hill.

Among other things, the event aimed to show lawmakers that those involved in the movie making process are not only vital to the economy, but are the real victims when it comes to piracy. The message is laid out in this infographic from the Creative Rights Caucus.

As co-chair of the caucus, U.S. Rep. Judy Chu, D-Calif. will be hoping to maintain momentum on issues such as tax incentives to keep film production in California, but yesterday the words of MPAA CEO Chris Dodd provided the most food for thought.

In comments to The Wrap, Dodd said that the MPAA is no longer seeking anti-piracy legislation from Congress.

“The world is changing at warp speed. We are not going to legislate or litigate our way out of it,” Dodd said.

For an organization that has spent more than a decade and a half tightening up ‘Internet’ copyright law in its favor, the admission is certainly a notable one, especially when the favored alternatives now include winning hearts and minds through education.

“We are going to innovate our way out by educating people about the hard work of people,” the MPAA CEO said.

“In this space everyone has to contribute to ensure that peoples’ content can be respected. Instead of finger pointing at everybody and arresting 14-year olds, the answer is making our product accessible in as many formats and distributive services as possible at price points they can afford. We are discovering that works.”

This tacit admission, that the industry itself has contributed to the piracy problems it faces today, is an interesting move. Over in Australia content providers and distributors have also been verbalizing the same shortcomings and they too have offered promises to remedy the situation.

But the development of new services doesn’t exist in a vacuum and time and again, across the United States to Europe and beyond, the insistence by Hollywood is that for legal services to flourish, use of pirate sources must be tackled, if not through legislation, by other means.

And here’s the key. Successfully humanizing the industry with lawmakers will provide Hollywood with much-needed momentum to push along its agenda of cooperation with its technology-focused partners.

ISPs will be encouraged to engage fully with the six-strikes “educational” program currently underway across America and advertising companies and big brands will be reminded to further hone their systems to keep revenue away from pirate sites.

But perhaps the more pressing efforts will entail bringing companies like Google on board. Voluntary agreements with the search sector can certainly be influenced by those on Capitol Hill, but with Google’s insistence that Hollywood moves first, by providing content in a convenient manner at a fair price, the ball is back in the movie industry’s court.

Dodd, however, is now promising just that, so things should start to get interesting. And in the meantime the MPAA can continue to fund groups such as the Copyright Alliance, a non-profit which regularly testifies before Congress on copyright and anti-piracy matters and of which the MPAA is a founding member.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

To prevent their IP-addresses from being visible to the rest of the Internet, millions of people have signed up to a VPN service. Using a VPN allows users to use the Internet anonymously and prevent snooping.

Unfortunately, not all VPN services are as anonymous as they claim.

Following a high-profile case of an individual using an ‘anonymous’ VPN service that turned out to be not so private, TorrentFreak decided to ask a selection of VPN services some tough questions.

By popular demand we now present the third iteration of our VPN services “logging” review. In addition to questions about logging policies we also asked VPN providers about their stance towards file-sharing traffic, and what they believe the most secure VPN is.

Last update: October 7, 2014 (added partial Russian translation)

—

1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long?

2. Under what jurisdictions does your company operate and under what exact circumstances will you share the information you hold with a 3rd party?

3. What tools are used to monitor and mitigate abuse of your service?

4. In the event you receive a DMCA takedown notice or European equivalent, how are these handled?

5. What steps are taken when a valid court order requires your company to identify an active user of your service?

6. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?

7. Which payment systems do you use and how are these linked to individual user accounts?

8. What is the most secure VPN connection and encryption algorithm you would recommend to your users?

—

What follows is the list of responses from the VPN services, in their own words. Providers who didn’t answer our questions directly or failed by logging everything were excluded. Please note, however, that several VPN companies listed here do log to some extent. The order of the lists holds no value.

Private Internet Access

1. We absolutely do not log any traffic nor session data of any kind, period. We have worked hard to meticulously fork all daemons that we utilize in order to achieve this functionality. It is definitely not an easy task, and we are very proud of our development team for helping Private Internet Access to achieve this unique ability.

2. We operate out of the US which is one of the few, if only, countries without a mandatory data retention law. We explored several other jurisdictions with the help of our professional legal team, and the US is still ideal for privacy-based VPN services.

We severely scrutinize the validity of any and all legal information requests. That being said, since we do not hold any traffic nor session data, we are unable to provide any information to any third-party. Our commitment and mission to preserve privacy is second to none.

3. We do not monitor any traffic, period. We block IPs/ports as needed to mitigate abuse when we receive a valid abuse notification.

4. We do not host any content and are therefore unable to remove any of said content. Additionally, our mission is to preserve and restore privacy on the Internet and society. As such, since we do not log or monitor anything, we’re unable to identify any users of our service.

5. Once again, we do not log any traffic or session data. Additionally, unlike the EU and many other countries, our users are protected by legal definition. For this reason, we’re unable to identify any user of our service. Lastly, consumer protection laws exist in the US, unlike many other countries. We must abide by our advertised privacy policy.

6. We do not discriminate against any kind of traffic/protocol on any of our servers, period. We believe in a free, open, and uncensored internet.

7. Bitcoin, Ripple, PayPal, Google Play (Mobile), OKPay, CashU, Amazon and any major Gift Card. We support plenty of anonymous payment methods. For this reason, the highest risk users should definitely use Bitcoin, Ripple or a major gift card with an anonymous e-mail account when subscribing to our privacy service.

8. We’re the only provider to date that provides a plethora of encryption cipher options. We recommend, mostly, using AES-128, SHA1 and RSA2048.

Private Internet Access website

TorGuard

1. TorGuard does not store any IP address or time stamps on any VPN and proxy servers, not even for a second. Further, we do not store any logs or time stamps on user authentication servers connected to the VPN. In this way it is not even possible to match an external time stamp to a user that was simultaneously logged in. Because the VPN servers utilize a shared IP configuration, there can be hundreds of users sharing the same IP at any given moment further obfuscating the ability to single out any specific user on the network.

2. TorGuard is a privately owned company with parent ownership based in Nevis and our headquarters currently located in the US. Our legal representation at the moment is comfortable with the current corporate structuring however we wouldn’t hesitate to move all operations internationally should the ground shift beneath our feet. We now offer VPN access in 23+ countries worldwide and maintain all customer billing servers well outside US borders.

We would only be forced to communicate with a third-party in the event that our legal team received a court ordered subpoena to do so. This has yet to happen, however if it did we would proceed with complete transparency and further explain the nature of TorGuard’s shared VPN configuration. We have no logs to investigate, and thus no information to share.

3. Our network team uses commercial monitoring software with custom scripts to keep an eye on individual server load and service status/uptime so we can identify problems as fast as possible. If abuse reports are received from an upstream provider, we block it by employing various levels of filtering and global firewall rules to large clusters of servers. Instead of back tracing abuse by logging, our team mitigates things in real-time. We have a responsibility to provide fast, abuse-free VPN services for our clients and have perfected these methods over time.

4. In the event of receiving a DMCA notice, the request is immediately processed by our abuse team. Because it is impossible for us to locate which user on the server is actually responsible for the violation, we temporarily block the infringing server and apply global rules depending on the nature of the content and the server responsible. The system we use for filtering certain content is similar to keyword blocking but with much more accuracy. This ensures the content in question to no longer pass through the server and satisfies requirements from our bandwidth providers.

5. Due to the nature of shared VPN services and how our network is configured, it is not technically possible to effectively identity or single out one active user from a single IP address. If our legal department received a valid subpoena, we would proceed with complete transparency from day one. Our team is prepared to defend our client’s right to privacy to the fullest extent of the law.

6. BitTorrent is only allowed on select server locations. TorGuard now offers a variety of protocols like http/socks proxies, OpenVPN, SSH Tunnels, SSTP VPN and Stealth VPN (DPI Bypass), with each connection method serving a very specific purpose for usage. Since BitTorrent is largely bandwidth intensive, we do not encourage torrent usage on all servers. Locations that are optimized for torrent traffic include endpoints in: Canada, Netherlands, Iceland, Sweden, Romania, Russia and select servers in Hong Kong. This is a wide range of locations that works efficiently regardless of the continent you are trying to torrent from.

7. We currently accept payments through all forms of credit or debit card, PayPal, OKPAY, and Bitcoin. During checkout we may ask the user to verify a billing phone and address but this is simply to prevent credit card fraud, spammers, and keep the network running fast and clean. After payment it is possible to change this to something generic that offers more privacy. No VPN or Proxy usage can be linked back to a billing account due to the fact we hold absolutely no levels of logging on any one of our servers, not even timestamps!

8. For best security we advise clients to choose OpenVPN connections only, and if higher encryption is called for use AES256 bit. This option is available on many locations and offers excellent security without degrading performance. For those that are looking to defeat Deep Packet Inspection firewalls (DPI) like what is encountered in countries such as China or Iran, TorGuard offers “Stealth” VPN connections in the Netherlands, UK and Canada. Stealth connections feature OpenVPN obfuscation technology that causes VPN traffic to appear as regular connections, allowing VPN access even behind the most strict corporate wifi networks or government regulated ISPs.

TorGuard website

IPVanish

1. IPVanish has a no-log policy. We keep no traffic logs.

2. IPVanish is headquartered in the US and thus operates under US law.

3. IPVanish has no monitoring in place. To elaborate, IPVanish does not sniff or monitor any user’s traffic or activity for any reason.

4. IPVanish keeps no logs of any user’s activity and responds accordingly.

5. IPVanish, like every other company, has to follow the law in order to remain in business. Only US law applies.

6. P2P is permitted. IPVanish in fact does not block or throttle any ports, protocols, servers or any type of traffic whatsoever.

7. PayPal and all major credit cards are accepted. Payments and product use are in no way linked. User authentication and billing info are help on completely different and independent platforms.

8. OpenVPN generally provides the strongest encryption algorithm, so that is the recommended encryption protocol. IPVanish also allows a choice between TCP and UDP, and UDP is generally recommended for better speed.

IPVanish website

BTGuard

1. We do not keep any logs whatsoever.

2. The jurisdiction is Canada. Since we do not have log files, we have no information to share. We do not communicate with any third parties. The only event in which we would even communicate with a third-party is if we received a court order. We would then be forced to notify them we have no information. This has not happened yet.

3. If serious abuse is reported we enable tcpdump to confirm the abuse and locate the user. These dumps are immediately removed. If the user is abusing our service they will be terminated permanently but we have never shared user information with a 3rd party.

4. We do not have any open incoming ports, so it’s not possible for us to “takedown” any broadcasting content.

5. We take every step within the law to fight such an order.

6. Yes, all types of traffic our allowed with our services.

7. We accept PayPal and Bitcoin. All payments are linked to users accounts because they have to be for disputes and refunds.

8. 256-bit AES is the most secure. However 128-bit blowfish is plenty good. If you’re concerned about surveillance agencies such as the NSA, their capabilities are shrouded in secrecy and claiming to be able to protect you is offering you nothing but speculation. As far as what’s publicly available for deciphering encryption, both of the encryptions I mentioned are more than sufficient.

BTGuard website

Privacy.io

1. We do not log any information on our VPN servers. The only scenario is if a technical issue arises, but we request permission from the user first, and we only do it for the duration of the job, and then it is removed.

2. We are in the process of moving jurisdictions away from Australia at present as we are unsure what our current government plans to do in regards to our privacy. We have not decided where yet.

3. Only SMTP port 25 is filtered to mitigate spam, but we are working on some tools to make it easier for users to send mail.

4. Any DMCA request is ignored, as we have no logs to do anything about them.

5. Same as above, as we do not log, so we are unable to provide any information. If the law attempts to make us do such things, we will move our business to a location where that cannot occur, and if that fails we will close up shop before we provide any information.

6. All protocols are allowed with our service, with the only exception of SMTP port 25 currently being filtered.

7. At present we only accept PayPal and CC (processed by PayPal), but we are looking into alternative types of payments. We go out of our way to make sure that PayPal transactions are not linked to the users, we generate a unique key per transaction to verify payment for the account is made, and then nuke that unique key. Bitcoin and Litecoin are also on the agenda.

8. At present we offer 128 bit for PPTP and 256 bit for OpenVPN, We plan to offer stronger encryption for the security conscious.

Privacy.io website

VikingVPN

1. No. We run a zero knowledge network and are unable to tie a user to an IP address.

2. United States, they don’t have data retention laws, despite their draconian surveillance programs. The only information we share with anyone is billing information to our payment gateway. This can be anonymized by using a pre-paid anonymous card. If asked to share specific data about our users and their habits, we would be unable to do so, because we don’t have any logs of that data.

3. That is mostly confidential information. However, we can assure our users that we do not use logging to achieve this goal.

4. In the event of a DMCA notice, we send out the DMCA policy published on our website. We haven’t yet received a VALID DMCA notice.

5. We exhaust all legal options to protect our users. Failing that, we would provide all of our logs, which do not actually exist. If required to wiretap a user under a National Security Letter, we have a passively triggered Warrant Canary. We would also likely choose to shut down our service and put it up elsewhere.

6. Yes. Those ports are all open, and we have no data caps.

7. We currently only take credit cards. Our payment provider is far more restrictive than we ever imagined they would be. We’re still trying to change payment providers. Fortunately, by using a pre-paid credit card, you can still have totally anonymous service from us.

8. A strong handshake (either RSA-4096+ or a non-standard elliptic curve as the NIST curves are suspect). A strong cipher such as AES-256-CBC or AES-256-GCM encryption (NOT EDE MODE). At least SHA1 for data integrity checks. SHA2 and the newly adopted SHA3 (Skein) hash functions are also fine, but slower and provide no real extra assurances of data integrity, and provide no further security beyond SHA1. The OpenVPN HMAC firewall option to harden the protocol against Man-in-the-Middle and Man-on-the-Side attacks.

VikingVPN website

IVPN

1. IVPN’s top priority is the privacy of its customers and therefor we do not store any connection logs or any other log that could be used to associate a connection to a customer.

2. IVPN is incorporated in Malta. We would ignore any request to share data unless it was served by a legal authority with jurisdiction in Malta in which case we would inform them that we don’t have the data to share. If we were served a subpoena which compelled us to log traffic we would find a way to inform our customers and relocate to a new jurisdiction.

3. We use a tool called PSAD to mitigate attacks originating from customers on our network. We also use rate-limiting in iptables to mitigate SPAM.

4. We ensure that our network providers understand the nature of our business and that we do not host any content. As a condition of the safe harbor provisions they are required to inform us of each infringement which includes the date, title of the content and the IP address of the gateway through which it was downloaded. We simply respond to each notice confirming that we do not host the content in question.

5. Assuming the court order is requesting an identity based on a timestamp and IP, our legal department would respond that we don’t have any record of the user’s identity nor are we legally compelled to do so.

6. We ‘allow’ BitTorrent on all servers except gateways based in the USA. Our USA network providers are required to inform us of each copyright infringement and are required to process our response putting undue strain on their support resources (hundreds per day). For this reason providers won’t host our servers in the USA unless we take measures to mitigate P2P activity.

7. We currently accept Bitcoin, Cash and PayPal. No information relating to a customers payment account is stored with the exception of automated PayPal subscriptions where we are required to store the subscription ID in order to assign it to an invoice (only for the duration of the subscription after which it is deleted). Of course PayPal will always maintain a record that you have sent funds to IVPN but that is all they have. If you need to be anonymous to IVPN and don’t wish to be identified as a customer then we recommend using Bitcoin or cash.

8. We recommend and offer OpenVPN using the strongest AES-256 cipher. For key exchange and authentication 4096-bit RSA keys are used.

IVPN website

PrivatVPN

1. We don’t keep ANY logs that allow us or a 3rd party to match an IP address and a time stamp to a user our service. The only thing we log are e-mails and user names but it’s not possible to bind an activity on the Internet to a user.

2. We operate in Swedish jurisdiction. Since we do not log any IP addresses we have nothing to disclose. Circumstances doesn’t matter in this case, we have no information regarding our customers’ IP addresses and activity on the Internet. Therefore we have no information to share with any 3rd party.

3. If there’s abuse, we advise that service to block our IP in the first instance, and second, we can block traffic to the abused service.

4. This depends on the country in which we’re receiving a DMCA takedown. For example, we’ve received a DMCA takedown for UK and Finland and our response was to close P2P traffic in those countries.

5. If we get a court order to monitor a specific IP then we need to do it, and this applies to every VPN company out there.

6. Yes, we allow Torrent traffic.

7. PayPal, Payson and Plimus. Every payment has an order number, which is linked to a user. Otherwise we wouldn’t know who has made a payment. To be clear, you can’t link a payment to an IP address you get from us.

8. OpenVPN TUN with AES-256. On top is a 2048-bit DH key.

PrivatVPN website

PRQ

1. No. Wo do not log anything and we only require a working e-mail address to be a customer.

2. Swedish. We do not share information with anyone.

3. Not disclosed.

4. Put it in the trash where it belongs!

5. None, since we do not have any customer information and no logs.

6. We host anything as long as it’s not SPAM related or child porn.

7. Visa/Mastercard, Bitcoin, PayPal. No correlation between payment data and customer data.

8. We provide OpenVPN services (along with dedicated servers and other hosting services).

PRQ website

tigerVPN

1. Absolutely not! We built tigerVPN to purge all data once the transmission of a IP package was completed successfully. Its impossible to trace back any customer. On top of that we decided to use shared IPs in order to further randomize and anonymize our customers. The combination of having absolutely no logs at all and multiple customers per IP, wipes our customers digital footprint

2. We are a limited liability company in Slovakia. Slovakia does not have any data retention programs and furthermore encourage ISP’s to protect their customers privacy on the net. We are not required to share any information with 3rd party hence it would be illegal thanks to the law of telecom secrecy.

3. Since we don’t keep logs, we can’t monitor abusive behavior, which is the price for building a customer secure environment!

4. We can’t comply since we can’t identify customers, therefore it’s pointless to follow any requests. We have a specific folder for these eMails ;-)

5. Same as above. We seriously can’t tell which customer did what, when, where, at any given time.

6. It’s allowed on all servers although we gently ask our customers to use either Romania or Netherlands. Some infrastructure service providers do not want file sharing so it happened to us that we were asked to move our servers due to file sharing. We found some reliable partners in Romania and Netherlands which tolerate p2p so we kindly ask our customers to use these server parks.

7. Customers can pay with Visa, Mastercard and Debit. On top of that we also use PayPal. We use hash keys and tokens to identify a payment but it’s not logged or linked to the customer. We had to do this anyway hence we are a PCI Level 1 compliant merchant. Therefore we are not allowed to store any card or payment data with the records of our customers. These keys are pointless for anyone else so there is no chance to build a connection.

8. We offer PPTP, L2TP and OpenVPN, while out of nature OpenVPN comes with the highest encryption and algorithm. L2TP and OpenVPN are 256bit SSL encrypted while PPTP comes with a solid 128bit. Although our customers are individual and have their own sense of why and what to use, we recommend L2TP as solid protocol. It’s less geeky and more secure than PPTP, but our customers can pick any of them in all the 47 network nodes around the globe.

tigerVPN website

Mullvad

1. No. This would make both us and our users more vulnerable so we
certainly don’t. To make it harder to watch the activities of an IP address from the outside we also have many users share each address, both for IPv4 and our upcoming IPv6 support.

2. Swedish jurisdiction. Under no circumstance we will share information with a third-party. First of all we take pains to not actually possess information that could be of interest to third parties, to the extent possible. In the end there is no practical way for the Swedish government to get information about our users from us.

3. We don’t monitor our users. In the rare cases of such egregious network abuse that we can’t help but notice (such as DoS attacks) we stop it using basic network tools.

4. There is no such Swedish law that is applicable to us.

5. We make sure not to store sensitive information that can be tied to publicly available information, so that we have nothing to give out. We believe it is not possible in Swedish law to construct a court order that would compel us to actually give out information about our
users. Not that we would anyway. We started this service for political reasons and would rather discontinue it than having it work against its purpose.

6. Yes.

7. Bitcoin (we were the first service to accept it), cash (in the mail), bank transfers, and PayPal / credit cards. Payments are tied to accounts but accounts are just random numbers with no personal information attached that users can create at will. With the anonymous payments possible with cash and Bitcoin it can be anonymous all the way.

8. We use OpenVPN. We also provide PPTP because some people want it but we strongly recommend against it. Encryption algorithms and key lengths are important but often get way too much attention at the expense of other important but harder to measure things such as leaks and computer security.

Mullvad website

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Most of the time problems arise with companies making the odd embarrassing mistake. At other times things get more serious. Today we bring news of another mess that would’ve ordinarily flown under the radar.

On its Twitter account, Total Wipes Music Group claims to work with 800 music labels and cooperates with major digital music stores such as iTunes, Beatport and Juno. Early July the company began sending DMCA notices to Google and out of more than 15,000 URLs sent so far the majority have been rejected.

In an early notice the company asked Google to remove website pages of several of its partners including BeatPortCharts, Napster (UK and Germany), Rhapsody and TraxSource. Other notices targeted both iTunes and Apple.

In this notice, which claims to protect this content, Total Wipes launched a full frontal assault on anyone daring to use any words used in the title of their clients’ track “ROCK THE BASE & BAD FORMAT”. The results are awful.

In April this year DJ E-Z Rock, best known for the track ‘It Takes Two’ with partner Rob Base, sadly passed away. MTV, Rolling Stone and a number of news outlets all wrote about the event but in their notice Total Wipes demand that Google de-list all of their reports. They also attack a wide range of other random sites, some which dared to mention “rock” climbing and others which mentioned a rock festival on a military “base”.

For no apparent reason, another notice targeted The School of Performance and Cultural Industries at Leeds University in the UK, stopping off to admonish music mag Pitchfork Media and the evil PC gaming bloggers over at Rock, Paper, Shotgun.

Perhaps the weirdest notice, currently being processed by Google, sees the music outfit target a wide range of sites with the word ‘coffee’ in their URLs. Cariboucoffee, cartelcoffeelab, clivecoffee, coavacoffee, coffee.org, coffeeandtealtd, coffeebean and coffeegeek are just the tip of a very large iceberg.

Quite what Ikea, Walmart, Fair Trade and Dunkin Donuts did to warrant inclusion is a mystery, but our money is on their connections to coffee. Github’s crime will be revealed in due course.

The end result is that Google has rejected what appears to be the lions’ share of more than 15,000 URLs sent by Total Wipes, even those that appear to target well-known ‘pirate’ sites.

There are far too many URLs for us to check individually but some poor soul at Google is probably going to have to do just that. It’s a dirty job, but someone has to do it.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

As the world’s leading search engine, Google receives millions of DMCA-style notices every week. Its internal systems, both automated and human-reviewed, then attempt to assess the validity of the notices before removing URLs from its indexes.

What these notices all have in common is that they refer to infringements that have already taken place, since that’s the nature of a takedown. However, a notice that recently appeared in Google’s Transparency Report reveals that for at least one organization, looking into the future is now also on the agenda.

The notice was sent by an anti-piracy company working on behalf of World Wrestling Entertainment, or WWE as it’s more commonly known. The notice aimed to tackle piracy of a WWE Event titled Money In The Bank 2014, which took place on June 29, 2014. However, the notice was sent to Google two days before, on June 27.

“The following links infringe on WWE’s copyrighted Pay Per View event Money In The Bank 2014, set to air this Sunday, June 29, by one or more of the following means,” the notice begins.

WWE then sets out three potential infringements.

“Providing a link to a free (pirated) stream of this event” is misleading since it’s impossible to link to an event that hasn’t aired yet. Conceivably an advance static link could have been setup to air the event come June 29, but on June 27 the event had definitely not aired, hence no piracy.

“Providing a promise of DIRECT free streaming of this event on the identified site” seems no different from the allegation made above. It’s certainly possible that some of the sites promised to illegally stream the event, but at the date of the notice that would have been impossible.

The fact that WWE resorted to telling Google that the event’s predictions show was the source material being infringed upon shows that no actual live event infringements had yet taken place.

The final claim – “Using copyrighted images, logos and celebrity photos to promote the site” – is one that carries far more weight than the two key instances of infringement alleged above. Some of the sites listed did use WWE artwork to promote their upcoming streams, but there were some notable omissions, not least the homepage of Justin.tv. Google refused to comply in this and three other instances.

The notice from WWE, which can be viewed here, illustrates the problems faced by companies airing live events. While outfits such as WWE often know where streams and links to streams will appear once an event goes live, taking them down quickly once it actually begins may not always go as smoothly as they would like.

While attempts at a pro-active DMCA-style notice like this might work on a small scale, it’s not difficult to imagine the chaos that would ensue if all rightsholders tried to have unauthorized content removed before it even appeared online.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

In 2001, that began to change with the advent of Chilling Effects, an archive created by activists who had become concerned that increasing volumes of cease-and-desist letters were having a “chilling effect” on speech.

In the decade-and-a-third that followed the archive grew to unprecedented levels, with giants such as Google and Twitter routinely sending received notices to the site for public retrieval.

However, while Chilling Effects strives to maintain free speech, several times a month rightsholders from around the world (probably unintentionally) try to silence the archive in specific ways by asking Google to de-index pages from the site.

As can be seen from the tables below, Home Box Office has tried to de-index Chilling Effects pages 240 times, with Microsoft and NBC Universal making 99 and 65 attempts respectively.

The ‘problem’ for these copyright holders is two-fold. Firstly, Chilling Effects does indeed list millions of URLs that potentially link to infringing content. That does not sit well with copyright holders.

“Because the site does not redact information about the infringing URLs identified in the notices, it has effectively become the largest repository of URLs hosting infringing content on the internet,” the Copyright Alliance’s Sandra Aistars complained earlier this year.

However, what Aistars omits to mention is that Chilling Effects has a huge team of lawyers under the hood who know only too well that their archive receives protection under the law. Chilling Effects isn’t a pirate index, it’s an educational, informational, research resource.

Thanks to Google, which routinely throws out all attempts at removing Chilling Effects URLs from its indexes, we are able to see copyright holder attempts at de-indexing.

Earlier this month, for example, Wild Side Video and their anti-piracy partners LeakID sent this notice to Google aiming to protect their title “Young Detective Dee.” As shown below, the notice contained several Chilling Effects URLs.

Each URL links to other DMCA notices on Chilling Effects, each sent by rival anti-piracy outfit Remove Your Media on behalf of Well Go USA Entertainment. They also target “Young Detective Dee”. This is an interesting situation that offers the potential for an endless loop, with the anti-piracy companies reporting each others’ “infringing” links on Chilling Effects in fresh notices, each time failing to get them removed.

The seeds of the “endless loop” phenomenon were also experienced by HBO for a while, with the anti-piracy company sending notices (such as this one) targeting dozens of Chilling Effects pages listing notices previously sent by the company.

While publishing notices is entirely legal, the potential for these loops really angers some notice senders.

On April 10 this year a Peter Walley sent a notice to Google complaining that his book was being made available on a “pirate site” without permission. Google removed the link in its indexes but, as is standard practice, linked to the notice on Chilling Effects. This enraged Walley.

None of these rantings had any effect, except to place yet another notice on Chilling Effects highlighting where the infringing material could be found.

It’s a lesson others should learn from too.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

The world’s largest recipient of these notices is Google and in the interests of transparency the company publishes a report detailing the requests it receives. But while the majority of the requests are processed without further issue, increasing numbers serve absolutely no purpose whatsoever.

Last year alone, Google discarded 21 million takedown requests, either because the claims were invalid or were duplicates of previously sent notices.

In 2014 the duplication problem appears to be getting worse, with even the BPI (who in all fairness are more accurate than most with their takedowns) sending large volumes of notices that contain high percentages of links that have already been taken down.

Across the Atlantic, Fox – which is the fifth all-time greatest sender of notices (28 million) – is also having difficulty remembering which URLs it has already asked to be erased. How Google can remember what takedowns Fox has already sent and why the studio cannot isn’t clear, but the high percentages in the refusal column suggests the numbers are significant.

That being said, these numbers should be put into perspective. The BPI has asked Google to take down more than 86 million URLs and Fox 28 million, so even many tens of thousands of duplicates are a relatively low percentage of the total. However, there is a far more depressing trend that suggests that some anti-piracy companies don’t check to see if the links they’re complaining about are actually infringing copyright at all.

The image below shows a selection of notices sent to Google this month by NBC, with a percentage of each rejected by Google. The reason for that is that they’re directed at isoHunt.com, a site that was shut down by NBC’s Hollywood allies last year. The links and the site itself simply do not exist.

Another instance, shown below, lists several TV and movie companies plus software companies Adobe and Lynda looking to take down URLs from another allegedly infringing site. Except this one, Hotfile.com, is not only dead, but was actually taken down by the studios themselves. For reference, these notices were sent four days ago and Hotfile closed down last December.

To see how prevalent this problem is we dug through the TorrentFreak archives to find sites that have been closed by copyright holders or the police in the last couple of years, to see if anti-piracy companies have updated their records.

Despite huge publicity, even now plenty of companies are wasting Google’s time with notices for content hosted on Megaupload, even though it has been closed for two and a half years. Just last month on the Usenet front, publisher Lynda targeted dead-since-last-year NZBsRus.

Also living in the past are the people at Viacom, who this month sent a flurry of notices asking for content to be removed from BTjunkie, a site that shut down 30 months ago in the wake of the Megaupload fiasco. Viacom are definitely not on their own though, as this link shows.

Finishing up, Warner Bros., whose UK-based anti-piracy group FACT shut down streaming site SurftheChannel in 2012 and helped to get its owner jailed, sent a notice to Google in March asking for it to remove links to The Big Bang Theory.

And Fox (shown earlier to be sending lots of duplicates), plus HBO, Evil Angel, NBC and Viacom are apparently still unaware that the UK Police Intellectual Property Crime Unit shut down Filecrop back in May.

Why this activity continues is anyone’s guess, but these takedowns either aren’t subjected to scrutiny or are deliberately passed with the knowledge that they’re invalid. Both options are causing unnecessary workloads for those employed to process them and putting money in the pockets of anti-piracy companies in return for zero effectiveness.

Some might argue that’s nothing new.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Stopping pirated live streams is one of the main priorities, but there is another concern. In all the excitement many social media users have added World Cup related logos and other pictures as their avatars, something that’s strictly forbidden by FIFA.

The football organization fears that use of their logos and emblems by others may cause serious damage. FIFA believes that this endangers the entire worldwide football community.

“Any unauthorized use of the Official Marks not only undermines the integrity of the FIFA World Cup™ and its marketing programme, but also puts the interests of the worldwide football community at stake,” FIFA says in an official statement.

Social media is particularly worrisome because the official logos may lead followers to believe that the user is somehow related to FIFA.

“FIFA’s official logos, symbols and other graphic trade marks may not be used on any social media platform. FIFA’s Protected Terms may not be used to create the impression that a page is officially related to the 2014 FIFA World Cup,” FIFA notes.

Considering the above FIFA sees no other option than to crackdown on Twitter users with official FIFA logos and images as avatars. In recent weeks Twitter has been asked to take action against several of its users, by removing their infringing profile pictures.

The requests were made for a wide variety of images including the World Cup emblem, logo and even the trophy. Twitter appears to have honored the requests and has replaced the infringing avatars with the default egg.

Most of the targeted accounts seem to be specifically related to football. However FIFA has also asked Twitter to remove the profile picture of @afobajee, a relatively random user.

Most of the affected users have changed their profile pictures to something non-infringing. However, others appear to have simply switched back to using official FIFA material.

We expect that FIFA still has their eye on the ball, so these infringing profile pictures probably won’t stay online for very long.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.