As rightsholders in the live sports sector continue to face unprecedented levels of online piracy, Italy decided that an extraordinary challenge could only be tackled with an extraordinary response.

The ‘Piracy Shield’ blocking notification system has attracted significant criticism, although the legal and regulatory frameworks that support it, built on a theory that faster, heavier blocking will eventually solve the problem, are the real drivers behind the ongoing controversy.

Fundamental issues and legal amendments, including draft proposals published earlier this year, prompted the Computer & Communications Industry Association (CCIA) to voice its concerns at the EU Commission, highlighting significant risks to the principles of freedom of enterprise and expression.

European Commission Responds to Concerns

After several months of engagement, last month the CCIA urged the European Commission to carry out an immediate review to establish compatibility of the existing system and Italy’s draft proposals with EU law requirements.

Site-blocking within 30 minutes, limited transparency, lack of recourse for those wrongfully blocked, and new proposals potentially at odds with the Digital Services Act, could have serious consequences for the wider EU, CCIA warned.

In a letter dated June 13, 2025, Roberto Viola – the European Commission’s Director General for Communications Networks, Content and Technology – addresses Italy’s Minister of Foreign Affairs, Antonio Tajani, who is also the country’s Deputy Prime Minister.

“The Commission welcomes the efforts made by the Italian authorities in the fight against online piracy, which remains a serious concern for the creative and sports sectors across the EU,” Viola begins.

The Italian draft ‘reflects the objectives’ of the recommendations published by the Commission in 2023, which the letter suggests is another plus.

Digital Services Act

Turning to more problematic areas, Articles 8, 8-bis, 9-bis and 10 in the Italian draft are intended to meet the requirements of Article 9 of the Digital Services Act. The Commission says they fail to do so, including by falling short of “the linguistic requirements” set out in Article 9(2)(c).

However, as highlighted in the CCIA’s recent submission, the Commission also notes the following;

“[T]he DSA does not provide a legal basis for the issuing of orders by national administrative or judicial authorities, nor does it regulate the enforcement of such orders.”

The Commission adds that it “would like to remind the Italian authorities of the procedures and conditions set out in Article 9″ and invites them to “clarify these aspects in the final text of the notified draft.”

Charter of Fundamental Rights

Since site-blocking measures amount to a denial of service, restrictions should be sufficient to end or limit infringement, while taking care not to encroach on the fundamental rights of third parties. The importance of maintaining the right balance is stressed by the EC.

“The Commission would also like to emphasize that the effective tackling of illegal content must also take into due account the fundamental right to freedom of expression and information under the Charter of Fundamental Rights of the EU,” the letter continues, with the following excerpt from the DSA offered as guidance;

[I]n that regard, the national judicial or administrative authority, which might be a law enforcement authority, issuing the order should balance the objective that the order seeks to achieve, in accordance with the legal basis enabling its issuance, with the rights and legitimate interests of all third parties that may be affected by the order, in particular their fundamental rights under the Charter.

Blocking in 30 Mins, Blocking Blunders Assessed in 10 Days

Balancing the rights of various parties isn’t always straightforward. However, some aspects of Piracy Shield give the impression that the rights of third parties are given less than equal weight.

With 30 minute takedowns championed as essential in the fight against live sports piracy, victims of over-blocking blunders face a wait of up to 10 days before telecoms regulator AGCOM assesses the validity of their complaint.

“The Commission notes that there do not seem to be other measures available to the addressee of [a blocking order] to help prevent eventual erroneous or excessive blocking of content,” the letter notes.

“Furthermore, [..] the technical specifications of the Piracy Shield envisage unblocking procedures limited to 24 hours from reporting in the event of an error. This limitation to 24 hours does not seem, in principle, to respond to any justified need and could lead to persisting erroneous blockings not being resolved.

“In this respect, the Commission would like to invites the Italian authorities to ensure that the Piracy Shield operates with sufficient controls and safeguards to avoid overblocking and negative impact on information which is not illegal content.”

Commit to Safeguards – In Writing

Another ‘feature’ of Piracy Shield’s operations is the clarity and latitude afforded to those granted the authority to carry out blocking, versus safeguarding procedures that may receive an occasional mention but lack legal substance due to their absence from legislation.

The Commission welcomes details on safeguarding provided by Italian authorities and appears to see benefits in the measures being committed to more formally.

“The Commission therefore invite the Italian authorities to consider whether such elements could also be included in the final text. This is for example the case of the Addendum annexed to the Operating Manual of the Piracy Shield platform according to which, authorized persons are required to provide a technical report describing the methodology for obtaining evidence on the predominantly illegal nature of domain name or IP address requested to be blocked,” the letter suggests.

“Another example is the requirement for flaggers to observe the utmost diligence when submitting applications for blocking and collecting the relevant evidence and to consult the Authority in advance in cases of doubt with regard to the prevalence of illegal activities.”

Pressure on Intermediaries

While rightsholders generally believe that site-blocking measures are effective, it is just as common for intermediaries to argue that the opposite is true. A previous CCIA submission notes that blocking is easily circumvented, does not remove any infringing content from the internet, and may ultimately “serve to obscure” rather than address the root causes of piracy.

In short, targeting intermediaries isn’t the only option available, a point with which the Commission appears to agree.

“[T]he Commission notes that Recital 27 of the DSA clarifies that the problem of illegal content and activities online should not be dealt with by solely focusing on the responsibilities of providers of intermediary services online,” the letter concludes.

The EC’s letter to Antonio Tajani, Minister of Foreign Affairs, is available here (pdf)

____________________________________________

Excerpt from Recital 27: Whilst the rules on liability of providers of intermediary services set out in this Regulation concentrate on the exemption from liability of providers of intermediary services, it is important to recall that, despite the generally important role played by such providers, the problem of illegal content and activities online should not be dealt with by solely focusing on their liability and responsibilities. Where possible, third parties affected by illegal content transmitted or stored online should attempt to resolve conflicts relating to such content without involving the providers of intermediary services in question.

From: TF , for the latest news on copyright battles, piracy and more.

Last month, the EU published the fourth edition of its ‘Counterfeit and Piracy Watch List’, providing a detailed overview of piracy-linked sites and services located outside the EU.

The report covered many unlicensed IPTV services, including VolkaIPTV, GenIPTV, and King365TV, noting that these are merely the tip of the iceberg.

“There are likely to be thousands of pirate IPTV apps and services in the world. The pirate IPTV landscape is complex and difficult to penetrate because it typically involves multiple layers of restreaming and reselling,” the European Commission wrote at the time.

The EU is not wrong; it has been aware of the pirate IPTV problem for a while and actively supports research and enforcement actions to counter the threat.

Yet, despite these efforts to identify and curb illegal services, a significant vulnerability emerged closer to home. The European Commission’s own technical infrastructure was exploited to boost shady IPTV sales. That’s a serious problem.

Eurostat Website Promotes IPTV

While researching IPTV services this week, our attention was drawn to a PDF document uploaded to the Eurostat portal. Eurostat is the department at the Commission that provides high-quality statistics and data about Europe to the EU and its member states.

The document we spotted does not fall into this category. Instead, it provides an overview of the “best” IPTV services for 2025. This includes a prominent link to “get started now”, which directs visitors to portugueseiptv[.]pt.

Whether this link directs visitors to a ‘real’ IPTV service or an outright scam isn’t immediately clear, but it’s best avoided in any case.

The service promises access to a wide variety of live sports, +18,000 channels, and +98,000 VOD titles for less than $60 per year. This includes Netflix content, Disney, the Premier League, NFL, and much more . Needless to say, it sounds too good to be true.

SEO Hack

This PDF file was one of many. A quick search for more matches on Eurostat’s website revealed that several had been posted on Eurostat’s website two weeks ago, all trying to promote IPTV services.

This type of scam is not new. Vulnerabilities in the upload functionalities of reputable websites are often abused for pirate scams, a problem the EU has encountered before. That said, IPTV-related ‘hacks’ are relatively rare.

The goal of these PDFs is to rank high for popular search terms and phrases. This typically leads people to access the documents. Those who don’t immediately recognize these as scams might even be inclined to click the included links.

EU’s Best IPTV Services?

In this case, the PDF appeared as the first result for several key search terms and phrases, including “best IPTV providers of 2025,” as shown below.

Making matters even more confusing, Google’s AI overview interpreted the PDF document as an official EU stance, blending the information into a response when we asked about the EU’s IPTV recommendations.

“HyperStream Plus is known for its high-speed, low-buffer service with 4K support, ViewFlex IPTV is popular for its family-friendly and international language packages, and BlueWave IPTV is praised for its stability and user-friendliness,” the response read.

Before writing up our findings, we alerted Eurostat to the problem, allowing it time to address the issue. After all, these SEO hacks are a vulnerability and a potential security risk.

This morning, Eurostat informed us that the issue was identified and quickly fixed. And indeed, the PDFs no longer appear on its website. But if history is any guide, similar hacks will undoubtedly appear on other websites.

From: TF , for the latest news on copyright battles, piracy and more.

Last summer, Cox Communications filed a petition at the U.S. Supreme Court, requesting a review of the Fourth Circuit ruling that held the company contributorily liable for pirating subscribers.

The internet provider ultimately challenged the $1 billion verdict from a Virginia jury in 2019, which went in favor of a group of major record labels, including Sony and Universal.

As Cox petitioned the Supreme Court , the music companies filed their own petition, hoping to expand the verdict. Specifically, they argued that the ISP should also be held liable for vicarious copyright infringement.

From the outset it was clear this would be a pivotal case with potentially broad consequences for many other ISPs and rightsholders dealing with similar copyright issues. After considering the arguments from both sides and the U.S. Government, the Supreme Court announced its decisions today.

Supreme Court Grants Cox’s Petition

In the latest order list released this morning, the Supreme Court grants Cox’s petition for a writ of certiorari.

By granting Cox’s petition, the Supreme Court agrees to review crucial questions surrounding contributory copyright infringement. This includes a potential re-evaluation of how ISPs are required to respond to copyright infringement notices and what an appropriate “repeat infringer policy” entails.

Specifically, Cox presented the following question to the Supreme Court:

“Did the Fourth Circuit err in holding that a service provider can be held liable […] merely because it knew that people were using certain accounts to infringe and did not terminate access, without proof that the service provider affirmatively fostered infringement or otherwise intended to promote it?”

Contributory copyright infringement requires a finding that ISPs have “knowledge” of and “materially contribute” to piracy activities. However, Cox questions whether these elements are triggered upon mere receipt of multiple piracy notices from third-party rightsholders.

In addition, Cox also raised concerns about the jury’s “willfulness” ruling, which resulted in the maximum statutory damages of $150,000 per work. The ISP countered that knowledge of subscribers’ copyright infringements is not necessarily willful, if the company did not know that its own conduct was illegal.

Key Input from U.S. Solicitor General

The highly anticipated decision comes just weeks after the U.S. Solicitor General filed an influential amicus brief , urging the Supreme Court to take precisely this path.

The Solicitor General argued that an ISP is not automatically liable for copyright infringement if it merely fails to terminate subscribers after receiving multiple notices. It warned that the Fourth Circuit’s verdict could have “broad negative implications for ISPs and their subscribers,” potentially leading to disconnections of many innocent users.

The brief also strongly argued that Cox’s actions were not “willful,” stating that “willfulness” generally requires knowledge or reckless disregard for the defendant’s own unlawful conduct, not just that of third parties.

While the reasoning of the Supreme Court is currently unknown, the decision matches the advice of the U.S. Solicitor General. This also applies to the separate cross petition filed by the record labels.

Supreme Court Denied Labels’ Petition

In the same order batch this morning, the Supreme Court denies the labels’ petition for a writ of certiorari. Again, without providing any details for its reasoning.

The record labels were seeking to hold Cox vicariously liable, arguing that it profited directly from piracy by declining to terminate repeat infringers to keep their subscription fees.

The lower court previously dismissed this claim, but the labels asked the Supreme Court to take up the issue in their own cross-petition. This request was denied.

The denial is in line with the Solicitor General’s assessment that the Fourth Circuit correctly concluded Cox did not derive a direct financial benefit from the alleged infringements, or that its stance towards piracy acted as a draw to potential customers.

The record labels previously rebuffed the U.S. Government position, characterizing it as bewildering , but that didn’t yield a result.

Path Forward

With Cox’s petition granted, the case will now be scheduled for oral arguments before the Supreme Court in the upcoming term. This highly anticipated hearing will offer both sides the opportunity to present their arguments in detail.

Needless to say, this case will continue to be watched closely by internet providers and copyright holders alike.

Today’s orders ensure that Cox’s liability for contributory infringement will be reviewed in detail. At the same time, the battle over vicarious liability, at least for now, appears to be settled in favor of ISPs.

From: TF , for the latest news on copyright battles, piracy and more.

According to a recent report , two-thirds of pirate IPTV users in France have been consuming this way less than three years, suggesting a flow of new recruits, some with help from friends, others venturing out alone.

Quality and fundamental security issues aside, a device with pirate IPTV potential could cost less than $30, followed quickly by the first dilemma. Spend $10/$15 for a one-month subscription or $50 for an entire year? On one hand, there’s so much money to save, yet on the other, potentially three times that amount in losses to a predatory scammer.

Hoping to remove most of the early guesswork are suppliers offering set-top boxes at a fixed price of $200+ but with no additional costs, at least in theory. ‘Free forever’ is the premise, despite buyers already paying over the odds for both the device and the subscription. Nevertheless, not all experiences are bad, hence the number of lawsuits quietly building up against vendors.

Target Tanggula

Search for ‘Tanggula’ on YouTube or indeed most social media platforms and positive reviews are plentiful. Whether that’s due to an exceptional product or the outwards effects of a pervasive affiliate scheme, is for potential customers to decide.

In a new lawsuit filed by DISH Network and Sling TV, a California federal court will have to decide whether a Hong Kong-based company and its alleged owner violated the DMCA and the Electronic Communications Privacy Act (ECPA), when it supplied Tanggula TV boxes to 3,684 customers in the United States.

The defendants are Strongtimes International Limited (Strongtimes), a private company registered in Sheung Wan, Hong Kong, and Liu Zihong, the alleged founder, owner, and director of Strongtimes based in Shenzhen, China.

The complaint states that Strongtimes is subject to personal jurisdiction because it contracted with California corporation, WIN.IT America, Inc. The U.S. company reportedly provided inventory management and order fulfillment services related to sales of pirate boxes and subscriptions to customers in California and the wider United States.

The plaintiffs effectively refer to one device containing one subscription as “a service”. They claim that Strongtimes used WIN.IT to ship 3,684 services to addresses in the United States, of which 671 were shipped to addresses in California. In the alternative, Strongtimes is alleged to have sold 3,684 services to U.S. customers.

Records in China indicate that Strongtimes is a manufacturer of computer products and consumer electronics, and is involved in assembly of printed circuit boards.

Defendant Liu Zihong

The plaintiffs state that the Court has personal jurisdiction over Zihong as a primary participant in his company’s alleged violations of the DMCA and ECPA.

“Zihong was personally notified of his violations of the DMCA and ECPA and asked to cease and desist from selling, operating, participating in, or supporting the Services, but the Services have continued to operate. Zihong financially benefitted from the violations as the sole founder, owner, and director of Strongtimes,” DISH and Sling TV inform the Court.

The plaintiffs stress that a U.S. federal court may be the only venue where they’re able to defend their rights under the DMCA and ECPA. As non-residents, the defendants can be sued in any district and defend with “minimal” burden, the complaint notes.

Rebroadcasting Scheme

In common with many similar lawsuits, the complaint states that DISH/Sling content is protected by DRM and the defendants traffic in “services” fueled by that content, accessible to customers via Tanggula set-top boxes.

The Widevine DRM and the protection it affords is circumvented using a specially developed computer program that emulates the behavior of a reverse engineered hardware device.

The computer program tricks Sling’s Widevine DRM server to grant access and provide a channel decryption key by making the server believe the request originated from a legitimate Widevine supported device that would keep the channel decryption key secured (though in reality the request came from the computer program mimicking the reverse engineered hardware).

The complaint notes that the defendants were notified of their violations of the DMCA and ECPA and asked to cease and desist. The services continued to operate.

Claims for Relief

Count I: Violations of the DMCA, 17 U.S.C. § 1201(a)(2)

The plaintiffs state that Strongtimes violates section 1201(a)(2) by manufacturing, offering to the public, providing, or otherwise trafficking in the “services”. Each sale of the “services” constitutes a separate violation of 17 U.S.C. 1201(a)(2), for which Zihong is personally liable.

Carried out without authorization, the violations were willful, the plaintiffs add.

Count II: Violations of the DMCA, 17 U.S.C. § 1201(b)(1)

The plaintiffs claim that Strongtimes violates 17 U.S.C. 1201(b)(1) by manufacturing, offering to the public, providing, or otherwise trafficking in the “services”. Each sale of the “services” constitutes a separate violation of 17 U.S.C. S 1201(b)(1). Due to the control exercised over the company, financial benefit derived, and failure to cease and desist, Zihong is personally liable for willful infringement.

Count III: Violations of the ECPA, 18 U.S.C. §§ 2511(1)(c),(d) , and 2520

Under §§ 2511(1)(c), anyone who intentionally discloses , or endeavors to disclose, the contents of any electronic communication, knowing that the information was obtained through interception, commits an offense.

Anyone who intentionally uses content knowing the information was obtained through interception, commits an offense under §§ 2511(1)(d).

The plaintiffs seek actual damages and defendants’ profits, or statutory damages of $2,500 for each violation (whichever is greater) for Counts I and II. For Count III, they request statutory damages of $100 per day for each day of violation or $10,000, whichever is greater.

As part of a broad injunction, the plaintiffs aim to take control of the defendants’ domain names.

Since late 2023, DISH and Sling lawsuits have targeted U.S.-based sellers of Tanggula devices with the following outcomes:

DISH v. Marcelino Padilla (8:24-cv-01028) – $1.25m agreed judgment ( pdf )
DISH v. Valenzuela (4:24-cv-00288) – $405,000 agreed judgment ( pdf )
DISH v. Sentry, Inc. (9:23-cv-05074) – Confidential Settlement

Finally, another device sold with the same or similar “lifetime” subscription is featured in the video below. In the current climate, it makes for compelling viewing.

The complaint targeting Strongtimes and Liu Zihong is available here (pdf)

For those likely to have noticed that the defendant’s personal details in the new complaint appear to coincide with those of one or more well-known businessmen, the complaint does not address these apparent coincidences.

From: TF , for the latest news on copyright battles, piracy and more.

With almost no exceptions, people criminally prosecuted in the UK for serious pirate IPTV offenses say that it’s an absolutely horrendous experience.

The process drags on forever, often gets worse as it does so, and due to the Proceeds of Crime Act, doesn’t necessarily end when sentences are served. Reports of multi-year sentences are supposed to act as a deterrent, but only tell half the story.

When Liverpool man Mark Brockley fled the UK rather than face trial for reselling IPTV subscriptions in 2023, that wasn’t exactly a big surprise. Nor was it likely to end well.

The Social Media Curse

According to the Police Intellectual Property Crime Unit (PIPCU) at City of London Police, their investigation was triggered by a November 2018 referral by BT Sport (now TNT).

The company had spotted a Twitter account with the username @Infinity_IPTV advertising £15 per month subscriptions, promising an all-you-can-eat bonanza of movies, TV shows and live sports.

Also available via app

Eight months later on July 24, 2019, PIPCU officers raided Brockley’s Liverpool home, seizing devices including a laptop and a mobile phone, £1,200 in cash, and evidence linking the 54-year-old to the Twitter account reported by BT.

To avoid anything self-incriminating being used in evidence at trial, Brockley offered no comment throughout his interview. In June 2021 after two years in limbo, police arrested and then charged the Liverpool man with fraud and copyright offenses.

On the plus side, Brockley was released on bail but still had to wait almost two additional years before heading to trial. Four years from arrest to trial isn’t particularly uncommon in these types of cases; some describe the waiting as a sentence in itself.

You’ll Never Take Me Alive, Coppers

How many times Brockley was absent is unclear, but after being bailed in 2021, PIPCU notes that multiple failures to appear in court led to the biggest of them all; a May 2023 criminal trial by jury conducted in Brockley’s absence.

Police believed Brockley had likely fled to France, but his exact whereabouts were unknown.

£237,000 is a considerable amount

By failing to appear at his own trial, Brockley avoided what was always likely to be a stressful experience, one with virtually no chance of success. However, a defendant not having their say in court can be damaging, mitigation may be the only hope left.

Five-Year Sentence

Brockley was accused of being part of a “pyramid selling scheme” which saw him advertise subscriptions and sell them to individuals lower down. Published on the day of his sentencing, PIPCU’s calculations on the scale of the offending reads as follows:

The unit identified that Brockley had made 5,251 sales with a total value of £237,058 from 24 October 2014 to 8 May 2019. Of these, 1,408 sales, worth a total of £50,479, made a clear reference to IPTV services, but officers from PIPCU believe that the remaining payments were also related to the sale of these services.

The court heard that Brockley’s activities caused BT to lose an estimated £3m in revenue. The distinction between revenue on one hand, and profit on the other, can become less clear when presented in the media. Revenue takes no account of costs, so while BT reportedly ‘lost’ £3m, Brockley was said to have ‘made’ or ‘pocketed’ all of his £237K revenue.

In reality he made a non-specific amount of “tens of thousands” but as his solicitor pointed out at sentencing, Brockley’s failure to appear effectively destroyed any chance of a suspended sentence. The court handed down a five-year prison sentence; that raises the prospect of every £10,000 profit earning Brockley another year behind bars.

As an opportunity for deterrent messaging with impact, this may have been overlooked.

Ladies and Gentlemen: We Got Him

In a statement this Wednesday, City of London Police revealed details of an operation to locate Brockley and bring him back to the UK to serve his sentence.

“Financial investigations revealed that Brockley had been using bank accounts based in France. Further digital inquiries eventually traced him to an apartment block in Spain. In August 2024, he was located and arrested in Girona during a coordinated operation involving the PIPCU, National Crime Agency (NCA), Europol, and Interpol,” the statement reads.

Brockley filed an appeal against his extradition back to the UK and was released on bail. Replicating his absences in the UK, he reportedly failed to appear at multiple court hearings in Spain, making him a wanted man there too.

“In a coordinated effort between UK and Spanish authorities, Brockley was eventually arrested at Barcelona Airport while attempting to board a flight to the UK last week (Friday, 20 June),” City of London Police report.

“He was remanded in custody at Heathrow Airport and will now commence his five-year sentence.”

Nature of Offending Becomes More Serious With Time

A comparison of the police statements published on May 5, 2023, (immediately post sentencing) and this week on June 25, 2025, reveal differences that not only alter the nature of Brockley’s offending but also increase the amount of revenue generated.

The screenshots below show the 2025 statement on the left and the 2023 statement on the right, with relevant paragraphs from each placed side by side for clarity (originals here and here for reference) .

Immediately after sentencing, it was reported that Brockley “made” £237,000. Yet, two years later, he’s reported as having “pocketed” £300,000.

Aside from the terminology implying significantly larger profits, an additional £63,000 has been added seemingly from nowhere in 2025.

During the past two years, Brockley’s status in the illicit IPTV market also appears to have undergone a promotion.

Immediately after sentencing, Brockley was described as an “IPTV reseller” who “sold subscriptions”. Yet two years later in his absence, it’s now alleged that he “ran a subscription-based IPTV service.” These aren’t just semantics; a person who sells tickets for Disneyland does not “run a Florida-based theme park.”

Strangely, even Brockley’s reseller brand has changed: Infinity Streams versus aFINITY IPTV today. The name change is cosmetic and may have a straightforward explanation; crucially it means very little in the context of the trial.

The previous discrepancies transform Brockley from a lower-tier player to the top man in his network, and then boost revenue by more than a quarter.

_____________________________________________
A Call For Basic Transparency

Details like the above are important but not straightforward to verify independently.

Basic transparency and relevant court documents should be routinely made available to the public in the UK, at minimum when the reported outcome is a matter of public interest.

Piracy cases like these are part of the deterrent strategy in the UK; as a result, original documents should be made available publicly by default.

From: TF , for the latest news on copyright battles, piracy and more.

Over the past two decades, the VPN industry has grown spectacularly, with plenty of competition between providers.

The days when a review of VPN logging policies was a novelty are long gone.

While new VPN services launch frequently, it’s rare to see one with a truly unique technical approach. That’s why VP.net warrants a closer look. Unlike most VPN providers, it doesn’t ask users for their trust; it relies on hardware-enforced privacy instead.

Trust

When you use a VPN, your internet traffic is encrypted between your device and the VPN’s server. This is great for protecting your data from snooping on public Wi-Fi and your internet provider. However, to route your traffic to its final destination on the internet, the VPN server must decrypt it first.

At this decryption point, it’s technically possible for the VPN provider to access information about your online activity. This is common knowledge and requires that you trust your VPN. It’s also why using shady free VPN apps from unknown companies should be avoided; the user may end up being the product.

For a successful VPN service to thrive, trust, security, and privacy are paramount. Reputable VPN companies build their entire business model on trust, knowing that a breach would be catastrophic for their reputation.

But what if trust was taken out of the equation entirely? This is what VP.net promises to do, at least up to a point.

VP.net

Like most VPNs, VP.net hides your real IP-address, replacing it with the address of the server you connect to. This connection is encrypted using the popular open-source WireGuard protocol and can’t be spied on by outsiders.

What makes VP.net stand out from many regular VPNs is its special use of a technology called Intel Software Guard Extensions (SGX). SGX enclaves are private areas of memory that essentially act as a secure black box and not even the operators of the service can see what’s happening inside.

The system within the SGX enclave is reportedly built to map user identities to temporary, anonymous tokens. This means the part of the system which knows that “User X is connected” is structurally walled off from the part that knows “someone is accessing website Y.” The design goal is that no one, not even the VPN company, can link “User X” to “Website Y.”

The use of SGX as a verifiable, hardware-enforced separation of user identity and web traffic, is a new concept for a VPN.

‘Verified Privacy’

VP.net essentially promises “verified privacy” with this technical setup. If everything works as described, it’s not technically possible for the owners of the server, typically the VPN provider, to log who is doing what and when.

The new VPN service is operated by the American company VP.NET LLC, which in turn is owned by TCP IP Inc , which holds the intellectual property rights. That includes pending patents, including one of ‘hardware-based anonymization of network addresses.”

The idea to use SGX as a privacy shield comes from Andrew Lee, the chief privacy architect at VP.net. As the founder of Private Internet Access, which he sold to Kape a few years ago, Lee has a long history in the VPN space. However, he believes this new concept is a breakthrough.

“Our zero trust solution does not require you to trust us – and that’s how it should be. Your privacy should be up to your choice – not up to some random VPN provider in some random foreign country,” Lee says.

VP.net says it cannot link traffic data to users, even if it wanted to. If a court order requested such data, the company would first scrutinize its legality but, after that, the only data it has access to are unlinked details, such as payment info and email addresses, provided by the user.

The new VPN company is led by CEO Matt Kim. The company also lists the contentious Bitcoin veterans Roger Ver and Mark Karpelès in their team, who both have had their legal issues in the past.

Novel, Secure, but Not Infallible

VP.net’s source code is open to the public. To address the challenge of showing that this open-source code is the same as the code running on their servers, VP.net relies on a key SGX feature called ‘remote attestation’.

In essence, this mechanism allows the user’s client to receive cryptographic proof from the server’s hardware, verifying that it is a genuine SGX ‘safe’ and is running the exact, untampered code that was publicly available. This shifts the trust from the company’s promise to a verifiable, hardware-backed process.

The trust through technology aspect is certainly intriguing, but no technology is infallible. The code needs to be functional and secure, as a software flaw could lead to potential security issues.

Another potential problem lies on the hardware side. Intel SGX itself is a physical product that is part of the CPU, which in turn relies on firmware. Like any piece of hardware, vulnerabilities have been discovered in SGX in the past.

VP.net is aware of this and says it actively monitors the security of its software and infrastructure, while keeping systems fully up-to-date.

Of course, the true test will be speed and transparency when responding to the next major SGX vulnerability, a scenario for which all users should be prepared.

It’s safe to say that one should never have 100% trust in any VPN solution. In this case, VP.net promises to offer an extra layer of privacy but, in the end, even the most secure systems can be breached.

That said, it is interesting to see a novel approach to the ‘no logging’ discussions. Whether this novelty will scale and be embraced more broadly remains to be seen.

From: TF , for the latest news on copyright battles, piracy and more.

Always sold at highly competitive prices that almost anyone can afford, Amazon’s Fire TV Stick has enjoyed more than a decade of success, driving millions to the company’s video and online retail platforms.

Popular all year round and at times selling out in the run-up to Christmas, the Fire TV Stick became a household brand, assisted in no small part by its Android-based operating system allowing sideloading of apps from third-party sources. With function and affordability balanced to perfection, popularity seemed almost inevitable.

Infamy, on the other hand, is more difficult to predict, much less relied upon as part of a business plan reliant on sales of licensed media and other legitimate products.

Pressure Mounts on Amazon

When enduring popularity among pirates, on whom not a single marketing penny had ever been spent, was combined with a targeted campaign in the media that successfully reached millions of pirates , Fire TV’s infamy received yet another boost.

Media reports openly linking affordable Fire TV devices with free, pirated media were intended to act as a deterrent.

In June 2023, Google searches for the term ‘Fire TV’ were at their lowest point in four years. By November 2023, searches had reached an all-time high, surpassing a peak last seen in November 2019.

Private pressure on Amazon to act eventually broke through into the public domain, with calls for the company to do something – anything – to stop Fire TV devices being used by millions of pirate users.

Amazon didn’t bow to the pressure but had it done so, any countermeasures wouldn’t have remained effective for long. Even in the event Amazon was somehow capable of delivering a crippling blow, leading to millions of Firesticks being dumped in trash cans, Chinese variants would’ve been queuing up to fill the void before the abandoned devices hit the bottom.

Whether the company’s approach will change when Fire OS gives way to the all-new Vega operating system, is still unknown. Yet in a surprise move this week, Amazon demonstrated that when the circumstances demand action, all things are possible.

Amazon Remote Disables Pirate Apps

First reported by popular YouTuber TechDoctorUK , it emerged that two piracy apps – Flix Vision and Live NetTV – were no longer welcome on Amazon devices, despite being sideloaded from third-party sources technically outside Amazon’s control.

Users with these apps already installed were given little choice; Amazon disabled both remotely with an option to follow-up with a full delete.

Apps Declared ‘Potentially Harmful’

Fire TV device users who installed the apps for the first time this week, didn’t have to wait long before Amazon stepped in with the same action and the following on-screen message:

App disabled – Uninstall potentially harmful app?
App name: FLIX VISION [or Live NetTV]

This app has been disabled because it can put your device or personal data at risk. You can keep the app on your device but you will be unable to use it. To remove the app and recover storage space on your device, select ‘Uninstall’ below.

The warning from Amazon mirrors similar warnings in current anti-piracy campaigns; apps offering pirated content often contain malware or expose users to other risks including exfiltration of their personal data.

This isn’t the first time that Amazon has taken this type of action but with its targeting of two well-known piracy apps, was the action taken purely on security grounds or was piracy part of the equation?

Disabling Piracy Apps is New

Elias Saba at AFTVNews believes that targeting piracy apps is a first for Amazon. However, he’s not convinced that piracy was the main motivation behind Amazon’s decision to disable the apps.

With hundreds of piracy apps experiencing no problems, a more compelling reason must lie elsewhere. Indeed, the mechanisms allegedly used by both of these apps to generate revenue, may have been considered perfect candidates for an aggressive response.

Supported by credible evidence posted to GitHub, one of the main allegations is that while enjoying the latest movies and TV shows, users’ devices become exit nodes in a proxy network. Access to that network is apparently sold to whoever might benefit from a large supply of devices, connected to the internet via residential IP addresses, in locations all over the world.

While that sounds like a major security concern, context is everything. Residential proxy networks aren’t illegal by default; on paper they provide the means to carry out a wide range of perfectly legitimate tasks. For this reason, online virus or malware scanners are less likely to identify similar code as a threat.

Drawing a line between what is legal and what is not, often turns on whether consent was obtained first. No anti-virus or malware service offers that level of detail. In this case, the GitHub entry claims that permission isn’t obtained from users when they install the app.

That changes everything and confirms the existence of a major security risk, one with the ability to silently turn a Fire TV Stick into the world’s clunkiest media device, for which Amazon would surely face the blame.

And Then Amazon Blocks Two More Apps…

Additional reports indicate that Amazon isn’t quite finished and more apps are currently falling in much the same fashion.

Another pair of pirate apps, Blink Streamz and Ocean Streamz, have also been blocked by Amazon, Elias Saba reports. Unconfirmed reports suggest other apps are affected too but without supporting evidence, it’s hard to confirm one way or another. What any of this means from rightsholders’ perspective, if anything at all, seems to turn on the circumstances that led to the apps being disabled.

On one hand, Amazon’s interventions may have prevented greater harms being inflicted later down the line, and users should appreciate that. Yet by providing precious little detail on the nature of the threat, users won’t be able to learn from their mistakes or share knowledge on how these specific apps behaved and why they presented such risk.

Without clarity and open discussion, many people will continue to install any piracy app made available online, regardless of warnings. If there’s a genuine determination to bring those numbers down, abusive apps will have to be called out by name, in credible reports containing specific details, on a very regular basis. A nation of amateur malware experts must be preferable to a nation infected by malware.

Until then, privacy implications aside, devices under Amazon control may offer an emergency safety net and a few extra benefits. They don’t come with malware embedded direct from the factory and are less likely to have poor security by default. Unless jailbreaking becomes necessary and root the new standard.

From: TF , for the latest news on copyright battles, piracy and more.

After a decade of focusing efforts overseas, the push for pirate site blocking has landed back on American shores.

There are currently two bills in the making; the Foreign Anti-Digital Piracy Act ( FADPA ) introduced by Representative Zoe Lofgren in February, and Representative Darrell Issa’s ‘American Copyright Protection Act’ ( ACPA ), which tackles the same issue from a different angle.

ACPA has yet to be formally introduced, but a draft of the framework was shared with stakeholders late May, with a request for input. While most of the back and forth takes place behind closed doors, the Re:Create Coalition and the Library Copyright Alliance ( LCA ) shared their critical comments publicly.

Overblocking Fears

The Library Copyright Alliance is pleased that libraries will be exempt from the blocking proposal, as they are not categorized as service providers. However, there are still concerns that the bill, as currently drafted, could lead to overblocking.

“LCA remains concerned that ACPA’s no-fault injunction structure could lead to over-blocking that could restrict access to information and thereby harm library users,” LCA writes.

The LCA notes that most cases will likely result in default judgments, as foreign sites typically unresponsive to actions filed in U.S. courts. In addition, service providers are unlikely to oppose orders on behalf of these unknown third parties.

“A service provider’s objective would be to implement the blocking in the most expedient manner possible, regardless of possible over-blocking,” LCA notes.

This predicted lack of scrutiny means that some sites may be classified as foreign piracy sites, even when they fail to meet the statutory definition.

Re:Create also raises overblocking concerns, focusing on the destabilizing impact the measures could have on the broader internet, suggesting that the potential fallout should be taken seriously.

“Advocates for site-blocking have downplayed the threat of overblocking and pooh-poohed the idea of ‘breaking the internet,’ saying that site-blocking can be achieved without threatening the integrity of the internet or lawful internet use. However, the latest research suggests site-blocking advocates may be trying to rush their idea into law before the facts can catch up to them.”

Re:Create cites an i2Coalition report which found that overblocking is widespread, especially when restrictions are applied to shared infrastructure like cloud platforms and CDNs. This is considered a potential threat to the internet’s architecture, the digital economy, and fundamental rights.

Solution in search of a problem?

Both groups mention overblocking in detail, but they also highlight separate issues. Re:Create, for example, notes that it’s not clear that site blocking is needed, questioning research that estimated a significant negative economic impact of online piracy.

“Site-blocking is a solution in search of a problem,” the group writes, citing a rebuttal from the Computer & Communications Industry Association’s Research Center, which points out several flaws in a key report that estimated $29.2 billion in lost U.S. revenues.

This estimate is biased and based on flawed methodology, resulting in a multi-billion dollar figure that is “wildly out of step with previous studies that had concluded impacts from piracy were much smaller, potentially as low as zero,” Re:Create notes.

Move Site Blocking to the ITC

The LCA doesn’t mention the alleged damages, nor is it entirely against a site blocking bill. However, to prevent the risk of overblocking due to default judgments, it would like to shift the proposed forum from specific district judges to the International Trade Commission (ITC).

The library association argues that ITC judges already have expertise in intellectual property, and the ITC staff would represent the public interest, helping to prevent over-blocking.

“The staff’s ongoing involvement would help prevent over-blocking. Significantly, the ITC is equipped to order temporary relief, so it could act quickly to protect the interests of copyright owners,” LCA writes.

The idea of using the ITC as a forum to handle piracy related cases isn’t entirely new. In 2012, Rep. Issa’s proposed the OPEN Act, which would have tasked the Commission with stopping money flows to pirate sites. The bill was an alternative to SOPA and PIPA, but never passed.

A Sunsetting Clause?

The libraries also mention a novelty that, to our knowledge, has never been mentioned in public; a proposed sunsetting clause that is being considered by Rep. Issa.

“During one of the roundtables, Chairman Issa mentioned the possibility of the site-blocking legislation sunsetting after a set number of years. We favor sunsetting the legislation after five years,” LCA writes.

A sunsetting clause means that the law will automatically terminate or expire on a specific date unless Congress takes deliberate action to extend it. It is essentially a built-in expiration date for the bill, which ensures a thorough reevaluation of its impact and effectiveness in the future.

The ACPA framework is still in the discussion phase and the initial feedback shows that there may be room for improvement. This is especially true considering that these two responses are just the tip of the iceberg; there are likely others calling for more drastic enforcement too.

—

A copy of the comments shared by Re:Create can be found here (pdf) and the Library Copyright Alliance’s submission can be found here (pdf) .

From: TF , for the latest news on copyright battles, piracy and more.

Over the past two years, rightsholders of all kinds have filed lawsuits against companies that develop AI models.

Most of these cases allege that AI developers used copyrighted works to train LLMs without first obtaining authorization.

Meta is among a long list of companies now being sued for this allegedly-infringing activity, including a class action lawsuit filed by authors Richard Kadrey, Sarah Silverman, and Christopher Golden. This case has a clear piracy angle, as Meta used libraries of pirated books as training material.

Meta admitted the use of these unofficial sources to train its Llama model early on. At the same time, however, the company denied the copyright infringement allegations, noting that it would rely on a fair use defense, at least in part.

Motions for Summary Judgment

In March, both parties filed motions for partial summary judgment . Meta argued that its use of copyrighted material was ‘fair’. It discussed the various fair use factors and stressed, among other things, that Meta’s alleged infringements did not cause any market harm, nor can they be seen as competition for the original works.

Meanwhile, the authors argued that the downloading of millions of books cannot be classified as fair use, since the source of the books is clearly copyright-infringing. Therefore, they argued that Meta should be held liable for direct copyright infringement.

While the summary judgment motions are partial, as they don’t cover the distribution claims ( BitTorrent uploading ), they are closely watched by other rightsholders and tech companies as potential sources of clarity on the fair use battle.

Meta Secures Fair Use Win

Yesterday, U.S. District Court Judge Vince Chhabria ruled on both motions, which at first sight offers a clear win for Meta. The court denied the authors’ motion to hold Meta liable for direct copyright infringement after it obtaining pirated books from shadow libraries via BitTorrent.

Judge Chhabria also granted Meta’s cross-motion for partial summary judgment, concluding that Meta’s use of the copyrighted books for LLM training indeed qualifies as fair use based on the arguments presented.

The ruling centers around an evaluation of the various fair use factors, with “market harm” explicitly identified as the most important element of fair use.

The court acknowledged the transformative nature of AI training, noting that Meta’s use of the books had a “further purpose” and “different character” than the original works, as LLMs are “innovative tools that can be used to generate diverse text and perform a wide range of functions.”

No Market Harm

The authors presented two main theories of market harm, both of which the court ultimately rejected as “clear losers”.

First, the authors argued that Llama could recite significant portions of their books, thereby allowing users to access the works for free. The court found this theory unviable, citing expert testimony that Llama could not generate more than 50 words from any of the plaintiffs’ books, even with “adversarial prompting”.

Second, the plaintiffs argued that Meta’s unauthorized copying harmed the relatively new market for AI training licensing. The court dismissed this too, ruling that the harm from the loss of licensing fees is not “cognizable”.

The court also identified a third argument, which the authors didn’t pursue in great detail; market dilution. Under this theory, AI models trained on copyrighted works can generate “countless works that compete with the originals, even if those works aren’t themselves infringing,” Judge Chhabria wrote.

This market dilution or indirect substitution argument could prove to be key in AI fair use cases, Judge Chhabria stressed.

“No other use—whether it’s the creation of a single secondary work or the creation of other digital tools—has anything near the potential to flood the market with competing works the way that LLM training does,” the Judge nnotes.

“If someone bought a romance novel written by an LLM instead of a romance novel written by a human author, the LLM-generated novel is substituting for the human-written one.”

In this case, however, the authors provided no meaningful evidence on market dilution, relying on speculation rather than empirical data. Therefore, their motion was rejected, with the court granting Meta’s fair use motion instead.

A Warning Shot for AI Developers

Despite the clear win, the court’s ruling is a bittersweet victory for Meta. The motion only covers part of the copyright claim, as Meta’s alleged distribution of pirated books was not part of it. In addition, the ruling only applies to the thirteen named authors included in this case.

The ‘win’ doesn’t mean that the fair use defense will hold up in other AI-training copyright cases. In fact, the court hinted that Meta and others may have to get used to the idea of licensing content for this purpose.

Meta argued that a negative fair use ruling could stop AI technology in its tracks, as AI models need vast amounts of data to be trained on. However, the court dismissed this line of reasoning as ridiculous.

“The suggestion that adverse copyright rulings would stop this technology in its tracks is ridiculous,” Judge Chhabria wrote.

“These products are expected to generate billions, even trillions, of dollars for the companies that are developing them. If using copyrighted works to train the models is as necessary as the companies say, they will figure out a way to compensate copyright holders for it.”

The court ruling in favor of Meta is more the result of the authors’ failure to adequately argue the market dilution argument, rather than a clear fair use win for AI training.

Judge Chhabria stated that, given the state of the record, the court has no choice but to grant summary judgment in favor of Meta. However, it certainly doesn’t mean that similar arguments will hold up in other cases.

“As should now be clear, this ruling does not stand for the proposition that Meta’s use of copyrighted materials to train its language models is lawful. It stands only for the proposition that these plaintiffs made the wrong arguments and failed to develop a record in support of the right one,” the ruling reads.

—

A copy of the ruling, issued at the U.S. District Court for the Northern District of California, is available here (pdf) . The court noted that Meta’s motion for summary judgment on the DMCA claim will be granted in a separate order.

From: TF , for the latest news on copyright battles, piracy and more.