Vulnerability Renders MPAA/RIAA Copyright Warnings Useless
Written by Ernesto on May 14, 2009In a bid to educate pirates, copyright holders hire companies such as BayTSP to track down people who share their titles on P2P networks. The alleged infringers then receive a warning and are given the opportunity to resolve the issue. However, this system is vulnerable to abuse and therefore completely useless.
Companies like BayTSP have the honorable task of joining BitTorrent swarms and other file-sharing networks looking out for copyright infringers. When someone shares a piece of a copyrighted file with them, they log the IP-address, look up the ISP and send out a copyright infringement notice automatically.
These notices usually list details about the infringing file, the person’s IP-address and the time the infringement was recorded. In addition, BayTSP includes a link to a response form where you can indicate whether or not you will comply and remove the file from your computer.
The problem with these response forms is that they are not very secure. If you get a notice from BayTSP, someone else can easily find it through Google for example, and fake a response in your place. There is no way for them to tell who responded to the complaint unless the response originates from the IP-address linked to the infringement.
Google Copyright Warnings
Perhaps even worse, anyone can send out a fake e-mail to someone claiming to be BayTSP. XSS vulnerabilities on the site make it pretty easy to fabricate fake complaints and convince innocent people that to avoid court they have to download trojans, or perhaps even enter credit card details to pay a small fine.
BayTSP told TorrentFreak that they are looking into the XSS issues, hopefully to solve the problem. They also admitted that their response forms are flawed, that everyone can indeed fill out the response form, and that they can’t be sure that the person who responded to it actually received the notice.
We concluded from this that the response form (and thus the warnings) are completely useless, but BayTSP disagreed with this assessment. “We’ll have to agree to disagree on this one,” was their final response after having exchanged some arguments back and forth.
For those people in receipt of an infringement notice it might be good to know that their case becomes closed as soon as they indicate that they have removed the infringing file from their computer. Easy as that. Those who do not comply will receive additional notices until they do so.
Previously: Copyright Group: No Need to Hear P2P Site’s Defense
Next: Documentary Filmmaker Supports BitTorrent Uploader
72 Responses
GET RID OF THE FILE OR WE WILL SEND MORE MAILS.
WE’RE SUPER SERIOUS
Nah, they’re super cereal.
HOW STUPID
WERE REALLY SERIAL GUYS
NEVER FEAR
Al Gore invented the internet! If he can defeat the manbearpig, he can certainly help us out of this!
Serially!
“XSS vulnerabilities on the site make it pretty easy to fabricate fake complaints and convince innocent people that to avoid court they have to download trojans, or perhaps even enter credit card details to pay a small fine.”
If that happened, shouldn’t BayTSP be prosecuted as if they had asked for the money themselves, since technically BayTSP made the means by which to defraud innocent people available in the first place?
wow, so BayTSP don’t even take themselves seriously?
So why on earth should we!
Way to go you amateur-clowns!
What pains me is the thought that someone somewhere will fall to a phishing scheme run through their shoddy coding.
Combine this with the three-strikes law, then submit 3 forged notices for every IP address on an ISP – the ISP is thus forced to disconnect everyone. Ha ha?
idk man these guys are seemingly trying to appease the annoying copyright parties while at the same time giving the p2p community a chance i give them credit it may be flawed but since its less insane and alot more calm and fair then most other methods have been i say help them improve the method sure it sucks but to me it seems the lesser of evils
HEY I SAID STOP DOWNLOADING!!! I AM GOING TO THROUGH A TRANTROM IF YOU DON’T STOP!!!!
I AM SUPER SERIAL… manbearpig
HEY I SAID STOP DOWNLOADING!!! I AM GOING TO THROW A TRANTROM IF YOU DON’T STOP!!!!
I AM SUPER SERIAL… manbearpig
Isn’t that sort of unsolicited email what spam filters are for?
And I seem to recall that sending unsolicited bulk email is serially against the law in some places. But I guess that just doesn’t apply to MAFIAA extortion.
I SAIDE STOPE DOWNLOADINGE NOWE!!11 I AME GOINGE TOE BRAKE STUFFE IFE YUEH DONTE STOPE!
I AME SUPERE SERIALE!
Just make a new filter in your email account (gmail, yahoo, hotmail or whatever) so that any email from BayTSP automatically gets deleted…
Problem solved.
Huh, same group that did this to the MPAA site.
http://torrentino.info
Amateur night, I mean who can take these clowns serially now? They’re even less competent then MediaSentry was.
you can also make the text inside the textareas editable using firebug.
Hey kid! I’ma computer!
Stop all the downloading.
Help computer.
–
This sort of stuff would be fantastic ammunition against BayTSP, if only non-technical people could understand how ridiculous their operations are.
I think the best part is the text next to the “mistake” option. “Please explain below why you feel this is a mistake”. This is pretty much a big flag that says “This is the wrong answer.” It’s exactly what the bad cop sarcasticly exclaims when he arrests the innocent hero. With a sneer.
Isn’t responding an automatic admissiion of guilt? Because as we all know if your router is left open like many less tech savy people do (or lazy) it could be your neighbor leaching that commited the offense. I know this may sound silly but dosen’t that constitute reasonable doubt that you throw away as soon as you respond?
First Option is funny
“Yes, I’ve complied and removed all copyrighted material for which I’m not the copyright holder from my computer and or network”
I don’t own copyrights for anything on my computer. Does that mean I have to get rid of my Operating System?
@tman01
The RIAA/MPAA is trying to make it against the law for people to have open unsecured routers making it so those that neglect to do so will be punished.
The RIAA/MPAA is The Beast.
@23 riaatard: My mobile has problems with anything but a closed wifi-hotspot. I think that’s a good excuse, not?
should have been anything but an open (non-secured) hotspot
@ reasoned
yes actually.
And EVERYTHING that has a(n?) EULA
The whole thing about BayTSP logging IP addresses and sending out notices is BS. There was an article not to long ago (here on TF)about how Pirate Bay injects random IP addresses into the DHT and from their tracker. So someone’s IP could have easily been randomly given out.
““XSS vulnerabilities on the site make it pretty easy to fabricate fake complaints and convince innocent people that to avoid court they have to download trojans, or perhaps even enter credit card details to pay a small fine.””
—————–
so what? trojan viruses are nothing more than 1’s and 0’s and credit card numbers are intangible and thus have no value. we should be free to exchange people’s identities and credit card information whenever we see fit, it’s just INFORMATION after all and information wants to be free…
How do one know I realy responded to the warning?
Simple. if the form does not contain the sentence:
FUCK YOU!
in big huge red letters it is not from me.
“and credit card numbers are intangible and thus have no value.”
This is true. This is why I am going to put on internet Baiwholl, Shitman and Glueman SSN and credit card numbers.
@28
all right then give me your credit card number(s), oh and disable your firewall, i mean, why protect yourself from 1’s and 0’s. The worst that can happen is that I can steal all your money and your computer is fucked up.
i sorry but i have never in my life checked the isp provided email, maybe im the only one
Their case becomes closed as soon as they indicate that they have removed the infringing file from their computer. Easy as that.
Ok then. Just burn it to a blank disk. Problem solved. Not on computer anymore.
I kinda actually have to side with BayTSP’s process here – they actually provide data on how popular various music/films are on P2P networks, which will hopefully prove to them that good music/films = greater piracy, but also greater sales.
And it’s not like they’re suing 12 year olds or site operators on very dubious basis. If you do get a notice, delete the file, confirm on their website that the file has been deleted…then restore it using Recuva ;)
Further info about BayTSP’s activities as well: http://is.gd/zJQD
@A product of inbreeding wrote:
“so what? trojan viruses are nothing more than 1’s and 0’s and credit card numbers are intangible and thus have no value. ”
Lol, “trojan viruses”.
Two different things, Sloth. Two different things.
Although I’m sure you’re too busy having sex with your mother to really care.
This would also explain why you failed to notice that trojans TAKE AWAY data, credit card theft TAKES AWAY money, yet filesharing TAKES AWAY nothing. Fallacious analogy is fallacious. And you probably thought you were being so clever, too, inbetween your tender lovin’ to ole mom/sis.
Sorry I’m the bearer of bad news.
so u dload a movie, watch it, get an warning by bayTSP to remove the file, you do so because you’ve already seen the movie. Whats the problem here, bayTSP is just helping others to clean up there PC’s
History has taught us that freedom will prevale, no matter how big is the enslaver. These actions are ment to scare people and spread panic amongst us. Filesharing is phenomena that cannot be stopped, as well nothing can stop them to minmize the level of piracy. I emphasise minimize, as no one can stop this. Of course, it’s an attack to individual liberties and we should make our stand in one way or another. The present society, being a modern form of slavery cannot accept the fact that its citizens should have a piece of freedom, even on the internet.
These actions have great impact on the economy, intelectual growth and technological developement.
Should I stop sharing pictures with my family, because someone out there has the right to take a look at them before the final receiver does?
In strange kind of way, this is hilarious and at the same time outrageous.At the end it will be proven whether or not we, as citizens of Earth have the strength to overpower political decisions.
http://www.savetheinternet.com/
Anyone has a tut on how to do this? I want to send Kennedy from the IFPI such a notice.
@23
Legislation in Germany already is that if you have not taken all necessary steps to secure you’re PC, then it’s negligence and YOU are to blame for any misdoings done over your system, whether it really was you or the neighbor or some wardriving kid walking by.
It’s 100% idiotic, since 99% of the population can’t secure a PC worth crap and any script kid can therefore abuse their connection(I actually know unemployed people who find it normal to leech gigabytes of warez over their neighbors WLAN connection), but, again, as long as we have technomorons in the judge seats and government, this is all a pretty futile endeavor.
Vote green party(outspoken proponents of a culture flatrate and not making criminals out of downloaders, currently the only party here who wrote it down in their program this year afaik) or pirate party NOW I say.
CPright infringement is srs bsns
Of course there are other possibilities which would effectively negate the efforts of places like BayTSP. Examples?
Proxy
SSH
PeerGuardian
uTorrent IP Updates
etc, etc
Not to mention that they have absolutely no way of knowing whether the responder is telling the truth when they fill out the form. “Yeah, sure… I deleted it.”
How, exactly, is BayTSP going to prove you didn’t? Aside from asking you to install some hard drive scanner to double check… which we all know nobody on earth (except the very stupid) would allow.
Essentially it’s all bark and no bite.
I’m afriad i’m going to have to side with BayTSP on this one. I mean, their actually trying to be understanding and make a difference here by saying they’ve picked you up and are giving you a chance to delete it and move on. Nothing more.
With other organisations you’d have been fined, threatened with a court order, black listed and all kinds of shit. And their technique is mostly for the undereducated downloaders, of which probably 80% of pirates are. Its simply to scare them into not downloading again. Not everyone knows as much as you assume since not everyone takes an interest in the technical side of downloading.
My university axed my internet connection for three weeks after they received a complaint from BayTSP.
My infringement: I was sharing a Watchmen trailer
40. Rammu,
LOL, priceless.
In France you do that three times and get your connection axed for a year yet you’ll be paying for it.
This would be hilarious if it wasn’t real.
41. scip,
Yeah, and also noteworty is that their sanction had no effect. I just used my neighbour’s wireless internet during the blackout.
When it happened, I first recieved a letter that my connection had been closed due to said copyright infringement, and that I would be contacted after two weeks. After two weeks a representative from the university called me about the matter. Then I informed him of what I actually had been sharing. He didn’t know how to respond in any meaningful way to that. Priceless! It still took them a week more to open up my connection again :(
schools shouldn’t be burdened with that BS anyway and to think they cut your lifeline off for three weeks… that’s enough to kill some of them.
What a scourge
It sounds like the people at BayTSP or just a bunch of jokers.
@anonymous
‘What pains me is the thought that someone somewhere will fall to a phishing scheme run through their shoddy coding.’
well yes, but as dirty criminals they deserve it eh?
I have an idea, someone send MPAA/RIAA and BayTSP a bunch of these notices. Oh and do it to the french version of these fuckers too, of course it won’t get the disconnected but maybe it will teach them something. Tho I rather doubt they have the brainpower to learn.
BayTSP, your right in there with Web Sheriff in how completely useless and stupid you are.. please kill yourself because your wasting my air with your pathetic existence..
Can’t you just say you deleted the file without actually doing so?
This is seriously flawed in so many ways.
baylsd, wanna-be-websherrif and friends stop playing stupid games your not 3 years old anymore and you dont own the internet!
What if you delete the file to recycle bin, like so many people do with files they think they are deleting.
Send e-mail.
Restore file.
OH HAY, I GOT ILLEGAL CONTENT AGAIN?
Anyone tried this? I honestly haven’t gotten a warning from the e-mallcops.
Seems like a huge, exploitable joke to me.
Failcompany is fail. XSS is super easy to prevent.
BayTSP:
Assissting in making fraud available :p
hmm, indeed… and I download everything to an external hard drive. So the file is also not directly IN my computer because the ahrd drive is EXTERNAL. You can download whats on torrents even to a network path. I mean there is more than just the flawing on the notices… the technology these people use is not even accurate but its good to know that tehy’re trying. At least that’s how the beast is loosing their money. They just don’t wanna work. That’s it. Lazy ****s want more money for nothing. Now that they’re finding out its all failing they cry and use the bits they have left to protect their really crappy content instead of improving it. That’s exactly like a college student putting countless lawsuits against exams for which they failed instead of studying harder and devoting their resources to studying to get improved scores.
I’m absolutely FURIOUS!!!!!!!!!!!
Has anyone seen Slumdog Millionaire? It had over $200 million in box office sales, and yet the child that played the younger male actor STILL lives in a slum and is now being forced out of his slum home only to become homeless?
How can this be? One of the biggest grossing films of it’s time, and the kid doesn’t even have a home? Why isn’t the film company paying this kid the money that he deserves? So what if they promised to pay for his deducation and half a million to slum charities.
Where is the heart from the MPAA? Where are the royalties for this poor kid and his family? Where is the compassion? Most importantly, WHERE has all the money gone?
To the lawyers and executives and this makes me FURIOUS!!!!!!!!
I rented the movie, and was thinking about buying it. I REFUSE to give my money to greedy and selfish executives. If only there was some way I could directly give to the kid and his family.
http://news.bbc.co.uk/2/hi/south_asia/8049735.stm
Bastards!!!!!
hmm #39
I know nothing about these guys, but are they operating in order to give something back to the community and ultimately trying to help eliminate copyright theft, therefore in essence defending the future of legitimate information flow on the internet or are they operating to make money.
They are a company and are shafting people for cash – that’s what companies do.
Remove the File from the PC now!
Reply: Sure not a problem after i just finish watching it and burning it to a DVD to play in my DivX Player..
Thanks for letting me know which file i downloaded i downloaded over 400 this week so i’m a little overwhelmed and i was actually looking for that file! but i couldn’t remember the name of it, well done you just helped me.
so since the form is so flawed and they refuse to admit it how about everyone reply to one of these the the paragraph about how anyone can reply and they have no way to tell if it was someone authorized to do so.
I say that Sites like Torrent Freak or people who know their legal stuff should put up a guide on what to do if you get a warning letter.
Is it ok to just ignore it? or send a fuck you back to them?
blah bay..blah blah that what it all is blah blah blah fuc*k bay
Saying you got rid of the file is admitting your culpability (guilt) in doing it in the first place. That’s a “have you stopped beating your wife” situation. If you say you removed it, you’re admitting guilt. If you ignore it, you’re admitting you are avoiding them. Loser deal.
I don’t know how this stuff works but if they send these notices by email, what’s stopping me from not responding at all? Also, you could always say that you haven’t received the notice and/or say you haven’t seen it right? :)
BayTSP: How do you want your SPAM today?
Why aren’t they in prison by now? They are the scum of the earth. Dirty MAFIAA bastards.
STOP NOW, OR I’LL SEND AN EMAIL ON YOU!!!
BayTSP were doomed to failure from their conception.
ahhhh I shouldn’t have put the gerbil up my ass.
Tell them to F off, send them a TPB T-shirt, and say thanks for caring about me like nazi christians spreading there unwanted beliefes on every street corner for a few bucks
“For those people in receipt of an infringement notice it might be good to know that their case becomes closed as soon as they indicate that they have removed the infringing file from their computer. Easy as that.”
Where’d you get this info?
16 references to this post
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.