Vulnerability Renders MPAA/RIAA Copyright Warnings Useless
In a bid to educate pirates, copyright holders hire companies such as BayTSP to track down people who share their titles on P2P networks. The alleged infringers then receive a warning and are given the opportunity to resolve the issue. However, this system is vulnerable to abuse and therefore completely useless.
Companies like BayTSP have the honorable task of joining BitTorrent swarms and other file-sharing networks looking out for copyright infringers. When someone shares a piece of a copyrighted file with them, they log the IP-address, look up the ISP and send out a copyright infringement notice automatically.
These notices usually list details about the infringing file, the person’s IP-address and the time the infringement was recorded. In addition, BayTSP includes a link to a response form where you can indicate whether or not you will comply and remove the file from your computer.
The problem with these response forms is that they are not very secure. If you get a notice from BayTSP, someone else can easily find it through Google for example, and fake a response in your place. There is no way for them to tell who responded to the complaint unless the response originates from the IP-address linked to the infringement.
Google Copyright Warnings
Perhaps even worse, anyone can send out a fake e-mail to someone claiming to be BayTSP. XSS vulnerabilities on the site make it pretty easy to fabricate fake complaints and convince innocent people that to avoid court they have to download trojans, or perhaps even enter credit card details to pay a small fine.
BayTSP told TorrentFreak that they are looking into the XSS issues, hopefully to solve the problem. They also admitted that their response forms are flawed, that everyone can indeed fill out the response form, and that they can’t be sure that the person who responded to it actually received the notice.
We concluded from this that the response form (and thus the warnings) are completely useless, but BayTSP disagreed with this assessment. “We’ll have to agree to disagree on this one,” was their final response after having exchanged some arguments back and forth.
For those people in receipt of an infringement notice it might be good to know that their case becomes closed as soon as they indicate that they have removed the infringing file from their computer. Easy as that. Those who do not comply will receive additional notices until they do so.
