Two years later, however, the case collapsed and the men were free to go. Now, more than three years on, the FileSoup domain has been resurrected.

It’s a search engine / proxy, but not as we know it

The new site has no connections to the original owner, but there are several unique aspects to the relaunch of FileSoup that make for an interesting project.

On a basic level FileSoup acts as a meta-search engine variant. It covers four major torrent sites – The Pirate Bay, KickassTorrents, Torrentz and ExtraTorrent – each selectable via a drop-down box. It also acts as a reverse proxy for these sites to unblock them in countries where they are inaccessible, the UK for example.

Improving on search results

But FileSoup is no ordinary proxy. Instead of simply mirroring the content it finds on sites such as KickassTorrents, it actually attempts to improve on the results by caching third party site indexes.

“Let’s say Kickass.to receives a [DMCA] notice and deletes the content. We are not simply proxying but also caching the site. This means we can provide the page content even if Kickass.to has deleted the URL due to a DMCA complaint,” FileSoup informs TorrentFreak.

So in theory (and given time to cache – the site is still getting off the ground), FileSoup should be able to provide access to content previously taken down from other sites it proxies. To see whether it’s anywhere near to that goal, we conducted a search for one of the most talked-about franchises of the year – Expendables.

The images below show the results from FileSoup and KickassTorrents for exactly the same search. FileSoup returned 139 results while KickAss returned 115. Also notable (aside from the inserted malware ads on top of the search results) is the prominence of highly-seeded Expendables 3 results in the top placed positions on FileSoup.

Other searches produced varied results but since FileSoup is just getting off the ground it will need more time to cache significant amounts of taken-down content. But what happens when FileSoup itself is subjected to takedown notices of its own?

“When FileSoup receives a DMCA abuse notice we create a new URL address for the same content. After that this URL lives till the next DMCA abuse notice,” the team explain.

The Necromancer – using Google DMCA notices bypass Google’s takedowns

The operators of FileSoup also addressed indirect search engine takedowns. Every week rightsholders force Google to remove torrent listings from its search results. For this problem FileSoup says it has a solution, and a controversial one it is too.

The team behind the site say they have developed a web crawler designed to pull the details of content subjected to DMCA notices from two sources – Google’s Transparency Report and the Chilling Effects Clearing House. From here the links are brought back to life.

“We created a technology that crawls DMCA notices and resurrects the torrent webpage under a different URL so it can appear in search results again. It was rather complicated to sharpen it, but eventually it works pretty well. We will use it on FileSoup.com for all the websites we proxy,” FileSoup explain.

“It will lead to a situation when KickaAss.FileSoup.com (for example) will have more pages indexed in Google than the original Kickass.to because we will revive pages banned by DMCA within Google search results. We call this technology the Necromancer.”

The idea of manipulating publicly available sources of copyright notices to reactivate access to infringing content is not new but this is the first time that a site has publicly admitted to putting theory into practice. Whether FileSoup will be able to pull this off remains to be seen, but if it does it could signal the biggest game of whac-a-mole yet.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

The leaks resulted in a massive takedown operation targeted at sites that host and link to the controversial images.

As a hosting provider and search engine Google inadvertently plays a role in distributing the compromising shots, much to the displeasure of the women involved.

Several celebrities threatened legal action against Google for its “unlawful activity,” demanding tgat the company should zap all their images. Others, including Jennifer Lawrence and Kate Upton, used DMCA requests to remove the images from the public eye.

The famous UK actress, model and TV presenter Kelly Brook now joins this group as one of the latest Fappening victims.

Brook’s pictures leaked onto the Internet early October and last week she asked Google to remove three links to her pictures from search results, claiming that she holds the copyrights to the selfies.

The images are allegedly hosted on thefappening.so, and according to Google’s transparency report the request is still “pending”. However, during this week something unusual happened.

For reasons unknown, Google has decided to remove all URLs of thefappening.so from its search results. Whether the pages were removed because of the leaked pictures, or for another reason, is unknown.

Kelly Brook is not the only celebrity to ask Google to remove thefappening.so links, Argentinian singer Melina Lezcano did the same last week.

TorrentFreak asked Google whether the removal of the entire domain name is due to its content or if there’s another reason, but we have yet to receive a response.

Whatever the reason, Brook and Lezcano’s takedown requests are moot. Whether they will be relieved is doubtful though, as most of the Fappening photos are still being shared through thousands of other sites.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

These remarks haven’t fallen on deaf ears and Google has slowly implemented various new anti-piracy measures in response.

Today Google released an updated version of its “How Google Fights Piracy” report. The company provides an overview of all the efforts it makes to combat piracy, but also stresses that copyright holders themselves have a responsibility to make content available.

One of the most prominent changes is a renewed effort to make “pirate” sites less visible in search results. Google has had a downranking system in place since 2012, but this lacked effectiveness according to the RIAA, MPAA and other copyright industry groups.

The improved version, which will roll out next week, aims to address this critique.

“We’ve now refined the signal in ways we expect to visibly affect the rankings of some of the most notorious sites. This update will roll out globally starting next week,” says Katherine Oyama, Google’s Copyright Policy Counsel.

The report notes that the new downranking system will still be based on the number of valid DMCA requests a site receives, among other factors. The pages of flagged sites remain indexed, but are less likely to be the top results.

“Sites with high numbers of removal notices may appear lower in search results. This ranking change helps users find legitimate, quality sources of content more easily,” the report reads.

Looking at the list of sites for which Google received the most DMCA takedown request, we see that 4shared, Filestube and Dilandau can expect to lose some search engine traffic.

The report further highlights several other tweaks and improvements to Google’s anti-piracy efforts. For example, in addition to banning piracy related AutoComplete words, Google now also downranks suggestions that return results with many “pirate” sites.

Finally, the report also confirms our previous reporting which showed that Google uses ads to promote legal movie services when people search for piracy related keywords such as torrent, DVDrip and Putlocker. This initiative aims to increase the visibility of legitimate sites.

A full overview of Google’s anti-piracy efforts is available here.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

These requests have increased dramatically over the years. In 2008, the search engine received only a few dozen takedown notices during the entire year, but today it processes a million per day on average.

Adding up the numbers reported in Google’s Transparency Report, we found that since the release of the report three years ago Google has been asked to remove over 500 million links to allegedly infringing webpages.

The number of notices continues to increase at a rapid pace as nearly half of the requests, 240 million, were submitted during the first months of 2014. The graph below illustrates this sharp rise in takedown notices.

Most of the reported webpages have indeed been removed and no longer appear in Google’s search results. As an example, more than two million Pirate Bay pages have quietly been wiped from Google.

TorrentFreak asked Google for a comment on the most recent milestone but the company has chosen not to respond on the record.

Despite the frequent use of the takedown process many copyright holders aren’t happy with the way things are going. While Google does its best to comply with its obligations under current law, some industry insiders claim that the search giant can and should do more to tackle the piracy problem.

The UK music industry group BPI, which is responsible for roughly 20% of all submitted URLs, points out that Google should do more to lower the visibility of unauthorized content in its search results. Despite promises to do so, the music group still sees very little improvement on this front

“Despite its clear knowledge as to which sites are engines of piracy, Google continues to help build their illegal businesses, by giving them a prominent ranking in search results,” BPI told us last week.

“Google can simply fix this problem by amending its algorithm. We hope they will respond positively to the invitation from Government to negotiate voluntary measures to do so.”

The BPI and other copyright holders are pushing for some sort of agreement to implement more far-reaching anti-piracy measures. However, thus far Google maintains that it’s already doing its best to address the concerns of copyright holders.

Last year the company released a report detailing the various anti-piracy measures it uses. However, the company also stressed that copyright holders can do more to prevent piracy themselves.

Without legal options it’s hard to beat unauthorized copying, is the argument Google often repeats.

“Piracy often arises when consumer demand goes unmet by legitimate supply. As services ranging from Netflix to Spotify to iTunes have demonstrated, the best way to combat piracy is with better and more convenient legitimate services,” the company previously explained.

“The right combination of price, convenience, and inventory will do far more to reduce piracy than enforcement can.”

While this standoff continues, copyright holders are expected to increase the volume of requests. At the current pace Google may have processed a billion URLs by the end of next year.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

In an attempt to prevent these infringements, the BPI and other music industry groups send millions of takedown notices to Internet services every month. Most of these requests are directed at Google.

This week the UK music industry group BPI reached a new milestone after notifying Google of the 100 millionth allegedly infringing URL, up from 50 million just 10 months ago.

As can be seen below, the latest update shows that the 100 million links were spread out over 274,810 separate DMCA takedown notices.

With 100 million requests the BPI has broken a new milestone. Never before has a copyright holder representative reported so many allegedly infringing links to Google. Degban is currently second in this list with 99 million URLs, followed by the RIAA with 57 million.

For the BPI this record isn’t something to be proud of though. The music industry group tells us that it shows just how hard it is for copyright holders to have infringing content taken offline.

“This milestone makes two things very clear. First, that however much creators do, the system of ‘notice and takedown’ will never be enough on its own to protect them or consumers from the online black market, or to spur growth in the digital economy,” a BPI spokesperson says.

“Second, that despite its clear knowledge as to which sites are engines of piracy, Google continues to help build their illegal businesses, by giving them a prominent ranking in search results.”

The BPI stresses that Google should do more to lower the visibility of unauthorized content in its search results. Despite promises to do so, the music group still sees very little improvement on this front.

“To illustrate: Google’s records show it has been told more than 10 million times that content on 4shared.com is illegal – yet it’s still the very first result today when we search for ‘Calvin Harris mp3′ – ahead of Amazon and every other legal service,” BPI notes.

Addressing this issue is pretty straightforward, the BPI argues. Google should work with the entertainment industries to adjust its search algorithm, as the UK Government also highlighted recently.

“Google can simply fix this problem by amending its algorithm. We hope they will respond positively to the invitation from Government to negotiate voluntary measures to do so,” BPI says, closing with an iconic lyric.

“It’s time the media giant changed its tune – we need a little less conversation and a little more action please.”

Google has thus far been hesitant to fiddle with its search results.

The company has made several changes to address the complaints of copyright holders. However, it also stressed that the entertainment industries themselves should take responsibility, arguing that piracy is primarily an availability and pricing problem.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

A few days ago Google received a request to remove links to Kate Upton’s stolen photos The request was not sent by Upton but by her boyfriend Jason Verlander, who also appears in a few of the leaked images.

The notice includes hundreds of URLs of sites such as thefappening.eu where the photos are hosted without permission.

It’s quite unusual for Google’s takedown team to be confronted with a long link of naked celebrity pictures. This may explain why it took a while before a decision was reached on the copyright-infringing status of the URLs, a process that may involve a cumbersome manual review.

Yesterday the first batch was processed and interestingly enough Google decided to leave nearly half of all URLs untouched. The overview below shows that with 16 of the 444 links processed, only 45% were removed.

The big question is, of course, why?

Verlander’s takedown request

Google doesn’t explain its decision keep the links in question in its search results. In some cases the original content had already been removed at the source site, so these URLs didn’t have to be removed.

Other rejections are more mysterious though. For example, the thefappening.eu URLs that remain online all pointed to stolen images when we checked. Most of these were not nudes, but they certainly weren’t posted with permission.

One possible explanation for Google’s inaction is that Verlander most likely claimed to own the copyright on the images, something he can only do with pictures he took himself. With Upton’s selfies this is hard to do, unless she signed away her rights.

While browsing through the reported URLs we also noticed another trend. Some sites have replaced Upton’s leaked photos with photos of other random naked women. Google’s takedown team apparently has a sharp eye because these were not removed by Google either.

Chilling Effects, who host Google’s takedown requests, just posted a redacted version of the original notice with Upton’s name removed. Unfortunately this doesn’t offer more clues to resolve this takedown mystery, so for now we can only guess why many of the links remain indexed.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

To prevent their IP-addresses from being visible to the rest of the Internet, millions of people have signed up to a VPN service. Using a VPN allows users to use the Internet anonymously and prevent snooping.

Unfortunately, not all VPN services are as anonymous as they claim.

Following a high-profile case of an individual using an ‘anonymous’ VPN service that turned out to be not so private, TorrentFreak decided to ask a selection of VPN services some tough questions.

By popular demand we now present the third iteration of our VPN services “logging” review. In addition to questions about logging policies we also asked VPN providers about their stance towards file-sharing traffic, and what they believe the most secure VPN is.

Last update: October 7, 2014 (added partial Russian translation)

—

1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long?

2. Under what jurisdictions does your company operate and under what exact circumstances will you share the information you hold with a 3rd party?

3. What tools are used to monitor and mitigate abuse of your service?

4. In the event you receive a DMCA takedown notice or European equivalent, how are these handled?

5. What steps are taken when a valid court order requires your company to identify an active user of your service?

6. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?

7. Which payment systems do you use and how are these linked to individual user accounts?

8. What is the most secure VPN connection and encryption algorithm you would recommend to your users?

—

What follows is the list of responses from the VPN services, in their own words. Providers who didn’t answer our questions directly or failed by logging everything were excluded. Please note, however, that several VPN companies listed here do log to some extent. The order of the lists holds no value.

Private Internet Access

1. We absolutely do not log any traffic nor session data of any kind, period. We have worked hard to meticulously fork all daemons that we utilize in order to achieve this functionality. It is definitely not an easy task, and we are very proud of our development team for helping Private Internet Access to achieve this unique ability.

2. We operate out of the US which is one of the few, if only, countries without a mandatory data retention law. We explored several other jurisdictions with the help of our professional legal team, and the US is still ideal for privacy-based VPN services.

We severely scrutinize the validity of any and all legal information requests. That being said, since we do not hold any traffic nor session data, we are unable to provide any information to any third-party. Our commitment and mission to preserve privacy is second to none.

3. We do not monitor any traffic, period. We block IPs/ports as needed to mitigate abuse when we receive a valid abuse notification.

4. We do not host any content and are therefore unable to remove any of said content. Additionally, our mission is to preserve and restore privacy on the Internet and society. As such, since we do not log or monitor anything, we’re unable to identify any users of our service.

5. Once again, we do not log any traffic or session data. Additionally, unlike the EU and many other countries, our users are protected by legal definition. For this reason, we’re unable to identify any user of our service. Lastly, consumer protection laws exist in the US, unlike many other countries. We must abide by our advertised privacy policy.

6. We do not discriminate against any kind of traffic/protocol on any of our servers, period. We believe in a free, open, and uncensored internet.

7. Bitcoin, Ripple, PayPal, Google Play (Mobile), OKPay, CashU, Amazon and any major Gift Card. We support plenty of anonymous payment methods. For this reason, the highest risk users should definitely use Bitcoin, Ripple or a major gift card with an anonymous e-mail account when subscribing to our privacy service.

8. We’re the only provider to date that provides a plethora of encryption cipher options. We recommend, mostly, using AES-128, SHA1 and RSA2048.

Private Internet Access website

TorGuard

1. TorGuard does not store any IP address or time stamps on any VPN and proxy servers, not even for a second. Further, we do not store any logs or time stamps on user authentication servers connected to the VPN. In this way it is not even possible to match an external time stamp to a user that was simultaneously logged in. Because the VPN servers utilize a shared IP configuration, there can be hundreds of users sharing the same IP at any given moment further obfuscating the ability to single out any specific user on the network.

2. TorGuard is a privately owned company with parent ownership based in Nevis and our headquarters currently located in the US. Our legal representation at the moment is comfortable with the current corporate structuring however we wouldn’t hesitate to move all operations internationally should the ground shift beneath our feet. We now offer VPN access in 23+ countries worldwide and maintain all customer billing servers well outside US borders.

We would only be forced to communicate with a third-party in the event that our legal team received a court ordered subpoena to do so. This has yet to happen, however if it did we would proceed with complete transparency and further explain the nature of TorGuard’s shared VPN configuration. We have no logs to investigate, and thus no information to share.

3. Our network team uses commercial monitoring software with custom scripts to keep an eye on individual server load and service status/uptime so we can identify problems as fast as possible. If abuse reports are received from an upstream provider, we block it by employing various levels of filtering and global firewall rules to large clusters of servers. Instead of back tracing abuse by logging, our team mitigates things in real-time. We have a responsibility to provide fast, abuse-free VPN services for our clients and have perfected these methods over time.

4. In the event of receiving a DMCA notice, the request is immediately processed by our abuse team. Because it is impossible for us to locate which user on the server is actually responsible for the violation, we temporarily block the infringing server and apply global rules depending on the nature of the content and the server responsible. The system we use for filtering certain content is similar to keyword blocking but with much more accuracy. This ensures the content in question to no longer pass through the server and satisfies requirements from our bandwidth providers.

5. Due to the nature of shared VPN services and how our network is configured, it is not technically possible to effectively identity or single out one active user from a single IP address. If our legal department received a valid subpoena, we would proceed with complete transparency from day one. Our team is prepared to defend our client’s right to privacy to the fullest extent of the law.

6. BitTorrent is only allowed on select server locations. TorGuard now offers a variety of protocols like http/socks proxies, OpenVPN, SSH Tunnels, SSTP VPN and Stealth VPN (DPI Bypass), with each connection method serving a very specific purpose for usage. Since BitTorrent is largely bandwidth intensive, we do not encourage torrent usage on all servers. Locations that are optimized for torrent traffic include endpoints in: Canada, Netherlands, Iceland, Sweden, Romania, Russia and select servers in Hong Kong. This is a wide range of locations that works efficiently regardless of the continent you are trying to torrent from.

7. We currently accept payments through all forms of credit or debit card, PayPal, OKPAY, and Bitcoin. During checkout we may ask the user to verify a billing phone and address but this is simply to prevent credit card fraud, spammers, and keep the network running fast and clean. After payment it is possible to change this to something generic that offers more privacy. No VPN or Proxy usage can be linked back to a billing account due to the fact we hold absolutely no levels of logging on any one of our servers, not even timestamps!

8. For best security we advise clients to choose OpenVPN connections only, and if higher encryption is called for use AES256 bit. This option is available on many locations and offers excellent security without degrading performance. For those that are looking to defeat Deep Packet Inspection firewalls (DPI) like what is encountered in countries such as China or Iran, TorGuard offers “Stealth” VPN connections in the Netherlands, UK and Canada. Stealth connections feature OpenVPN obfuscation technology that causes VPN traffic to appear as regular connections, allowing VPN access even behind the most strict corporate wifi networks or government regulated ISPs.

TorGuard website

IPVanish

1. IPVanish has a no-log policy. We keep no traffic logs.

2. IPVanish is headquartered in the US and thus operates under US law.

3. IPVanish has no monitoring in place. To elaborate, IPVanish does not sniff or monitor any user’s traffic or activity for any reason.

4. IPVanish keeps no logs of any user’s activity and responds accordingly.

5. IPVanish, like every other company, has to follow the law in order to remain in business. Only US law applies.

6. P2P is permitted. IPVanish in fact does not block or throttle any ports, protocols, servers or any type of traffic whatsoever.

7. PayPal and all major credit cards are accepted. Payments and product use are in no way linked. User authentication and billing info are help on completely different and independent platforms.

8. OpenVPN generally provides the strongest encryption algorithm, so that is the recommended encryption protocol. IPVanish also allows a choice between TCP and UDP, and UDP is generally recommended for better speed.

IPVanish website

BTGuard

1. We do not keep any logs whatsoever.

2. The jurisdiction is Canada. Since we do not have log files, we have no information to share. We do not communicate with any third parties. The only event in which we would even communicate with a third-party is if we received a court order. We would then be forced to notify them we have no information. This has not happened yet.

3. If serious abuse is reported we enable tcpdump to confirm the abuse and locate the user. These dumps are immediately removed. If the user is abusing our service they will be terminated permanently but we have never shared user information with a 3rd party.

4. We do not have any open incoming ports, so it’s not possible for us to “takedown” any broadcasting content.

5. We take every step within the law to fight such an order.

6. Yes, all types of traffic our allowed with our services.

7. We accept PayPal and Bitcoin. All payments are linked to users accounts because they have to be for disputes and refunds.

8. 256-bit AES is the most secure. However 128-bit blowfish is plenty good. If you’re concerned about surveillance agencies such as the NSA, their capabilities are shrouded in secrecy and claiming to be able to protect you is offering you nothing but speculation. As far as what’s publicly available for deciphering encryption, both of the encryptions I mentioned are more than sufficient.

BTGuard website

Privacy.io

1. We do not log any information on our VPN servers. The only scenario is if a technical issue arises, but we request permission from the user first, and we only do it for the duration of the job, and then it is removed.

2. We are in the process of moving jurisdictions away from Australia at present as we are unsure what our current government plans to do in regards to our privacy. We have not decided where yet.

3. Only SMTP port 25 is filtered to mitigate spam, but we are working on some tools to make it easier for users to send mail.

4. Any DMCA request is ignored, as we have no logs to do anything about them.

5. Same as above, as we do not log, so we are unable to provide any information. If the law attempts to make us do such things, we will move our business to a location where that cannot occur, and if that fails we will close up shop before we provide any information.

6. All protocols are allowed with our service, with the only exception of SMTP port 25 currently being filtered.

7. At present we only accept PayPal and CC (processed by PayPal), but we are looking into alternative types of payments. We go out of our way to make sure that PayPal transactions are not linked to the users, we generate a unique key per transaction to verify payment for the account is made, and then nuke that unique key. Bitcoin and Litecoin are also on the agenda.

8. At present we offer 128 bit for PPTP and 256 bit for OpenVPN, We plan to offer stronger encryption for the security conscious.

Privacy.io website

VikingVPN

1. No. We run a zero knowledge network and are unable to tie a user to an IP address.

2. United States, they don’t have data retention laws, despite their draconian surveillance programs. The only information we share with anyone is billing information to our payment gateway. This can be anonymized by using a pre-paid anonymous card. If asked to share specific data about our users and their habits, we would be unable to do so, because we don’t have any logs of that data.

3. That is mostly confidential information. However, we can assure our users that we do not use logging to achieve this goal.

4. In the event of a DMCA notice, we send out the DMCA policy published on our website. We haven’t yet received a VALID DMCA notice.

5. We exhaust all legal options to protect our users. Failing that, we would provide all of our logs, which do not actually exist. If required to wiretap a user under a National Security Letter, we have a passively triggered Warrant Canary. We would also likely choose to shut down our service and put it up elsewhere.

6. Yes. Those ports are all open, and we have no data caps.

7. We currently only take credit cards. Our payment provider is far more restrictive than we ever imagined they would be. We’re still trying to change payment providers. Fortunately, by using a pre-paid credit card, you can still have totally anonymous service from us.

8. A strong handshake (either RSA-4096+ or a non-standard elliptic curve as the NIST curves are suspect). A strong cipher such as AES-256-CBC or AES-256-GCM encryption (NOT EDE MODE). At least SHA1 for data integrity checks. SHA2 and the newly adopted SHA3 (Skein) hash functions are also fine, but slower and provide no real extra assurances of data integrity, and provide no further security beyond SHA1. The OpenVPN HMAC firewall option to harden the protocol against Man-in-the-Middle and Man-on-the-Side attacks.

VikingVPN website

IVPN

1. IVPN’s top priority is the privacy of its customers and therefor we do not store any connection logs or any other log that could be used to associate a connection to a customer.

2. IVPN is incorporated in Malta. We would ignore any request to share data unless it was served by a legal authority with jurisdiction in Malta in which case we would inform them that we don’t have the data to share. If we were served a subpoena which compelled us to log traffic we would find a way to inform our customers and relocate to a new jurisdiction.

3. We use a tool called PSAD to mitigate attacks originating from customers on our network. We also use rate-limiting in iptables to mitigate SPAM.

4. We ensure that our network providers understand the nature of our business and that we do not host any content. As a condition of the safe harbor provisions they are required to inform us of each infringement which includes the date, title of the content and the IP address of the gateway through which it was downloaded. We simply respond to each notice confirming that we do not host the content in question.

5. Assuming the court order is requesting an identity based on a timestamp and IP, our legal department would respond that we don’t have any record of the user’s identity nor are we legally compelled to do so.

6. We ‘allow’ BitTorrent on all servers except gateways based in the USA. Our USA network providers are required to inform us of each copyright infringement and are required to process our response putting undue strain on their support resources (hundreds per day). For this reason providers won’t host our servers in the USA unless we take measures to mitigate P2P activity.

7. We currently accept Bitcoin, Cash and PayPal. No information relating to a customers payment account is stored with the exception of automated PayPal subscriptions where we are required to store the subscription ID in order to assign it to an invoice (only for the duration of the subscription after which it is deleted). Of course PayPal will always maintain a record that you have sent funds to IVPN but that is all they have. If you need to be anonymous to IVPN and don’t wish to be identified as a customer then we recommend using Bitcoin or cash.

8. We recommend and offer OpenVPN using the strongest AES-256 cipher. For key exchange and authentication 4096-bit RSA keys are used.

IVPN website

PrivatVPN

1. We don’t keep ANY logs that allow us or a 3rd party to match an IP address and a time stamp to a user our service. The only thing we log are e-mails and user names but it’s not possible to bind an activity on the Internet to a user.

2. We operate in Swedish jurisdiction. Since we do not log any IP addresses we have nothing to disclose. Circumstances doesn’t matter in this case, we have no information regarding our customers’ IP addresses and activity on the Internet. Therefore we have no information to share with any 3rd party.

3. If there’s abuse, we advise that service to block our IP in the first instance, and second, we can block traffic to the abused service.

4. This depends on the country in which we’re receiving a DMCA takedown. For example, we’ve received a DMCA takedown for UK and Finland and our response was to close P2P traffic in those countries.

5. If we get a court order to monitor a specific IP then we need to do it, and this applies to every VPN company out there.

6. Yes, we allow Torrent traffic.

7. PayPal, Payson and Plimus. Every payment has an order number, which is linked to a user. Otherwise we wouldn’t know who has made a payment. To be clear, you can’t link a payment to an IP address you get from us.

8. OpenVPN TUN with AES-256. On top is a 2048-bit DH key.

PrivatVPN website

PRQ

1. No. Wo do not log anything and we only require a working e-mail address to be a customer.

2. Swedish. We do not share information with anyone.

3. Not disclosed.

4. Put it in the trash where it belongs!

5. None, since we do not have any customer information and no logs.

6. We host anything as long as it’s not SPAM related or child porn.

7. Visa/Mastercard, Bitcoin, PayPal. No correlation between payment data and customer data.

8. We provide OpenVPN services (along with dedicated servers and other hosting services).

PRQ website

tigerVPN

1. Absolutely not! We built tigerVPN to purge all data once the transmission of a IP package was completed successfully. Its impossible to trace back any customer. On top of that we decided to use shared IPs in order to further randomize and anonymize our customers. The combination of having absolutely no logs at all and multiple customers per IP, wipes our customers digital footprint

2. We are a limited liability company in Slovakia. Slovakia does not have any data retention programs and furthermore encourage ISP’s to protect their customers privacy on the net. We are not required to share any information with 3rd party hence it would be illegal thanks to the law of telecom secrecy.

3. Since we don’t keep logs, we can’t monitor abusive behavior, which is the price for building a customer secure environment!

4. We can’t comply since we can’t identify customers, therefore it’s pointless to follow any requests. We have a specific folder for these eMails ;-)

5. Same as above. We seriously can’t tell which customer did what, when, where, at any given time.

6. It’s allowed on all servers although we gently ask our customers to use either Romania or Netherlands. Some infrastructure service providers do not want file sharing so it happened to us that we were asked to move our servers due to file sharing. We found some reliable partners in Romania and Netherlands which tolerate p2p so we kindly ask our customers to use these server parks.

7. Customers can pay with Visa, Mastercard and Debit. On top of that we also use PayPal. We use hash keys and tokens to identify a payment but it’s not logged or linked to the customer. We had to do this anyway hence we are a PCI Level 1 compliant merchant. Therefore we are not allowed to store any card or payment data with the records of our customers. These keys are pointless for anyone else so there is no chance to build a connection.

8. We offer PPTP, L2TP and OpenVPN, while out of nature OpenVPN comes with the highest encryption and algorithm. L2TP and OpenVPN are 256bit SSL encrypted while PPTP comes with a solid 128bit. Although our customers are individual and have their own sense of why and what to use, we recommend L2TP as solid protocol. It’s less geeky and more secure than PPTP, but our customers can pick any of them in all the 47 network nodes around the globe.

tigerVPN website

Mullvad

1. No. This would make both us and our users more vulnerable so we
certainly don’t. To make it harder to watch the activities of an IP address from the outside we also have many users share each address, both for IPv4 and our upcoming IPv6 support.

2. Swedish jurisdiction. Under no circumstance we will share information with a third-party. First of all we take pains to not actually possess information that could be of interest to third parties, to the extent possible. In the end there is no practical way for the Swedish government to get information about our users from us.

3. We don’t monitor our users. In the rare cases of such egregious network abuse that we can’t help but notice (such as DoS attacks) we stop it using basic network tools.

4. There is no such Swedish law that is applicable to us.

5. We make sure not to store sensitive information that can be tied to publicly available information, so that we have nothing to give out. We believe it is not possible in Swedish law to construct a court order that would compel us to actually give out information about our
users. Not that we would anyway. We started this service for political reasons and would rather discontinue it than having it work against its purpose.

6. Yes.

7. Bitcoin (we were the first service to accept it), cash (in the mail), bank transfers, and PayPal / credit cards. Payments are tied to accounts but accounts are just random numbers with no personal information attached that users can create at will. With the anonymous payments possible with cash and Bitcoin it can be anonymous all the way.

8. We use OpenVPN. We also provide PPTP because some people want it but we strongly recommend against it. Encryption algorithms and key lengths are important but often get way too much attention at the expense of other important but harder to measure things such as leaks and computer security.

Mullvad website

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

In the early days he became somewhat of a cult figure thanks to his polite style and trademarked letterhead. This set him apart from other anti-piracy crusaders who usually sent DMCA takedown requests with a more aggressive lawyer-like style.

The Sheriff once had a lively discussion with The Pirate Bay folks, who then sent him this invoice fax. Not much later relationships deteriorated even further after Giacobbi announced he would sue the site’s operators in the US, France and Sweden, but not much came of that.

In recent years things have quietened down a bit, but The Web Sheriff and his deputies are still active. In recent years they have taken down over half a million URLs from Google alone. Most recently, the Sheriff has been targeting several Reddit.com pages.

In one of the most recent complaints the Sheriff demands the takedown of a submission in the r/megalinks subreddit, linking to two parts of the movie Nymphomaniac hosted on Mega.co.nz.

The request for removal was sent to Google last week but the search engine decided not to remove the URLs. It’s unclear why, but one reason for the inaction may be that the Mega links are no longer active.

Not all links reported by the Web Sheriff are “infringing” though. Another recent submission shows that he also tried to get this submission take down, which points to a perfectly legitimate news article from Variety.

This year copyright holders have increasingly targeted allegedly infringing Reddit links, Google’s data shows. The Web Sheriff is currently ranked second in number of URLs sent, placed after LeakID and before Disney.

Even the MPAA went after Reddit a few weeks ago. The Hollywood group tried to take down the subreddit r/fulllengthfilms, but failed and drove hundreds of thousands of eyeballs to the page instead.

Thus far the Web Sheriff hasn’t booked any real successs either, but Reddit users are warned. The Sheriff is watching and will shoot down your submissions whenever he can.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

Those carrying out the attacks have a variety of motives, from extortion and blackmail to “the lulz“, and a dozen reasons in between. Often the reasons are never discovered.

During the past few days several sites involved in the unauthorized sharing of anime have been targeted by DDoS-style attacks. Swaps4 reported that Haruhichan, Tokyo Toshokan and AnimeTake were under assault from assailants unknown, although all now appear to be back online.

A far more serious situation has played out at NYAA.se, however. The site is probably the largest public dedicated anime torrent index around and after being hit with an attack last weekend it remains offline today. The attack on NYAA had wider effects too.

NYAA and leading fan-subbing site HorribleSubs reportedly shared the same hosting infrastructure so the DDoS attack took down both sites. That’s significant, not least since at the end of August HorribleSubs reported that their titles had been downloaded half a billion times.

As the image above shows it now appears that HorribleSubs has recovered (and added torrent magnet links) but the same cannot be said about NYAA. The site’s extended downtime continues with no apparent end in sight. This has resulted in a backlash from the site’s fans and somewhat inevitably accusatory fingers are being pointed at potential DDoS suspects.

As far-fetched as it might sound, one of the early suspects was the Japanese government itself. The launch of a brand new anti-piracy campaign last month in partnership with 15 producers certainly provided a motive, but a nation carrying out this kind of assault seems unlikely in the extreme.

Quickly, however, an announcement from HorribleSubs turned attentions elsewhere.

“Chill down. It’s not just us. Every famous anime sites [are] getting DDoS attacks, but that doesn’t mean this is the end,” the site’s operator wrote on Facebook.

“We have located where DDoS are coming from. It’s from ‪#‎Crunchyroll‬ and ‪#‎Funimation‬ Employees.”

Update: HorribleSubs inform TF that the Facebook page listed is “in no way managed nor affiliated with HorribleSubs and as such all opinions and views expressed on that page does not reflect the views and opinions of the HorribleSubs management.”

Funimation is an US television and film production company best known for its distribution of anime while Crunchyroll is a website and community focused on, among other things, Asian anime and manga. While both could at least have a motive to carry out a DDoS, no evidence has been produced to back up the HorribleSubs claims. That said, HorribleSubs admits that its key motivation is to annoy Crunchyroll.

“We do not translate our own shows because we rip from Crunchyroll, FUNimation, Hulu, The Anime Network, Niconico, and Daisuki,” the site’s about page reads, adding: “We aren’t doing this for e-penis but for the sole reason of pissing off Crunchyroll.”

Shortly after, attention turned to anti-piracy outfit Remove Your Media (RYM). The company works with anime companies Funimation and Viz Media, which includes the sending of millions of DMCA notices to Google. The spark came when the company published a tweet (now removed) which threatened to send “thousands” of warning letters to NYAA users once the site was back online.

This doesn’t seem like an idle threat. A few weeks ago the company posted a screenshot on Twitter containing an unredacted list of Comcast, Charter and CenturyLink IP addresses said to have been monitored infringing copyright. Due to the NYAA downtime, RYM later indicated it had switched to warning users of Kickass.to.

This involvement with anime companies combined with the warning notice statement led to DDoS accusations being directed at RYM. TorrentFreak spoke to the company’s Eric Green and asked if they knew anything about the attacks.

“The short answer is No. In fact we were waiting for [NYAA] to go back
online to begin monitoring illegal transfers again. Sorry to disappoint but we
had no involvement,” Green told TF.

Just a couple of hours ago RYM made a new announcement on Twitter, stating that the original tweet had been removed due to false accusations.

“Nyaa post deleted due to all the Ddos libel directed at this account. Infringement notices continue to ISPs, for piracy, regardless of tracker,” they conclude.

Although it’s impossible to say who is behind the attacks, it does seem improbable that an anti-piracy company getting paid to send notices would do something that is a) seriously illegal and b) counter-productive to getting paid for sending notices.

That said, it seems likely that someone who doesn’t appreciate unofficial anime sites operating smoothly is behind the attack. Who that might be will remain a mystery, at least for now.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.

The event, which needs little introduction, saw the iCloud accounts of many prominent female celebrities accessed illegally and their personal (in many cases intimately so) photographs leaked online. The FBI are investigating and for the leakers this probably isn’t going to end well.

But for the users of 4chan this leak, which was rumored to have begun on the board itself, was the gift that just kept on giving. Excited users quickly came up with a portmanteau based on ‘happening’ plus ‘fapping’ and The Fappening was born, a prelude to taking the Internet by storm.

While the event itself appears to be dying down, the leak and the worldwide attention it bestowed on 4chan may have prompted a surprise decision by the site’s operator. Whether the leak was directly responsible will become clear in due course (we’ve reached out to the site for a response), but sometime yesterday 4chan introduced a DMCA policy.

The policy registers a DMCA agent for 4chan, which helps to afford the site safe harbor protection under the Digital Millennium Copyright Act. Although not yet listed in the numerical section of Copyright.gov, the designated agent will now become the point of contact for copyright complaints and DMCA notices when content owners believe that their ownership rights have been violated on 4chan.

While most US-based user-generated content websites should not entertain operating without safe harbor, the way 4chan is set up provides a unique scenario in respect of infringing content being posted by its users.

“Threads expire and are pruned by 4chan’s software at a relatively high rate. Since most boards are limited to eleven or sixteen pages, content is usually available for only a few hours or days before it is removed,” the site’s FAQ explains.

4chan’s Chris Poole (‘moot’) previously told the Washington Post his deletion policy was both a necessarily evil and a plus to the site.

“It’s one of the few sites that has no memory. It’s forgotten the next day,” he said.

Despite the board’s userbase being notoriously rebellious, the deletion policy appears to work well. To date Google’s Transparency Report lists takedowns for just 706 URLs.

“I don’t have resources like YouTube to deal with $1 billion lawsuit with Viacom,” Poole said in 2012. “Don’t store what you absolutely don’t need. People are pre-disposed to wanting to store everything.”

Of course, it’s not only companies such as Viacom on the warpath. Yesterday a spokesman for Jennifer Lawrence said that the authorities had been contacted and anyone found posting ‘stolen’ photos of the actress online would be prosecuted.

While the scope of that action isn’t entirely clear, many of the leaked photos were ‘selfies’ to which Lawrence has first shout on copyright. They’re still being posted on hundreds if not thousands of Internet sites even today, so having a DMCA policy in place will help those sites avoid liability, even if in 4chan’s case the images are only present for a few hours.

In the meantime, sites such as The Pirate Bay who care substantially less about copyright law than 4chan does today are continuing to spread the full currently-available ‘Fappening’ archives at a rapid rate. Statistics collected by TorrentFreak suggest that the packs have been downloaded well over a million times.

Source: TorrentFreak, for the latest info on copyright, file-sharing and anonymous VPN services.