For the past several years, one of the key educational strategies of entertainment industry companies has been to cast doubt on the credibility of so-called ‘pirate’ sites.
Previously there have been efforts to suggest that site operators make huge profits at the expense of artists who get nothing, but there are other recurring themes, mostly centered around fear.
One of the most prominent is that pirate sites are dangerous places to visit, with users finding themselves infected with viruses and malware while being subjected to phishing attacks.
This increasingly well-worn approach has just been revisited by consumer interest group Digital Citizens Alliance (DCA). In a new report titled ‘Enabling Malware’, the Hollywood-affiliated group calls out United States-based companies for helping pirate site operators “bait consumers and steal their personal information.”
“When you think of Internet crime, you probably imagine shadowy
individuals operating in Eastern Europe, China or Russia who come up with devious plans to steal your identity, trick you into turning over financial information or peddling counterfeits or stolen content. And you would be right,” DCA begin.
“But while many online criminals are based overseas, and often beyond the reach of U.S. prosecutors, they are aided by North American technology companies that ensure that overseas operators’ lifeline to the public – their websites – are available.”
DCA has examined the malware issue on pirate sites on previous occasions but this time around their attention turns to local service providers, including hosting platform Hawk Host and CDN company Cloudflare who (in)directly provide services to pirate sites.
“Are these companies doing anything illegal? No more than the landlord of an apartment isn’t doing anything illegal by renting to a drug dealer who has sellers showing up day and night,” DCA writes.
“But just like that landlord, more often than not these companies either look the other way or just don’t want to know.”
Faced with an investigative dead-end when it comes to tracing the operators of pirate sites, DCA criticizes Cloudflare for providing a service which effectively shields the true location of such platforms.
“In order to utilize CloudFlare’s CDN, DNS, and other protection services customers have to run all of their website traffic through the CloudFlare network. The end result of doing so is masked hosting information,” DCA reports.
“Instead of the actual hosting provider, IP address, domain name server, etc., a Whois search provides the information for CloudFlare’s network.”
To illustrate its point, DCA points to a pirate domain which presents itself as the famous Putlocker site but is actually a third-party clone operating from the dubious URL, Putlockerr.ac.
“From websites such as putlockerr.ac consumers are tricked into downloading malware. For example, when a consumer clicks to watch a movie, they are sent to a new screen in which they are told their video player is out of date and they must update it. The update, Digital Citizens’ researchers found, is the malware delivery mechanism.”
There’s little doubt that some of these low-level sites are in the malware game so DCA’s research is almost certainly sound. However, just like their colleagues at the MPAA and RIAA who regularly shift responsibility to Google, DCA lays the blame on Cloudflare, a more easily pinpointed target than a pirate site operator.
Unsurprisingly, Cloudflare isn’t particularly interested in getting involved in the online content-policing business.
“CloudFlare’s service protects and accelerates websites and applications. Because CloudFlare is not a host, we cannot control or remove customer content from the Internet,” the company said in a response to the report.
In common with Google, Cloudflare also says it makes efforts to stop the spread of malware but due to the nature of its business it is unable to physically remove content from the Internet.
“CloudFlare leaves the removal of online content to law enforcement agencies and complies with any legal requests made by the authorities,” the company notes.
“If we believe that one of our customers’ websites is distributing malware, CloudFlare will post an interstitial page that warns site visitors and asks them if they would like to proceed despite the warning. This practice follows established industry norms.”
Finally, while DCA says it has the safety of Internet users at heart, its malware report misses a great opportunity. Aside from criticizing companies like Cloudflare for not doing enough, it offers zero practical anti-malware advice to consumers.