For as long as protected computer games have existed, people have tried to break or bypass these digital locks with patches, loaders, and keygens.

With gaming as a multi-billion-dollar industry today, protecting games is more important than ever. Especially during the early release window when most sales are generated.

In the past decade, Denuvo has been the prime anti-piracy solution. The Irdeto-owned protection software managed to delay pirate releases seriously. Despite being a nuisance to many legitimate customers, gaming companies were pleased to pay for this first line of defense.

That is, until everything suddenly appeared to change a few weeks ago with the pirate leak of ‘Resident Evil Requiem,’ mere hours after its official release.

Hypervisor Bypasses Break Denuvo on Day Zero

The early leak was not a one-off. A wave of hypervisor-based Denuvo bypasses came out recently, including day-zero releases of major titles, including Crimson Desert and Life is Strange: Reunion. Meanwhile, long-protected titles like Assassin’s Creed Shadows also fell to the new method.

The speed and scale of the breaches, which also bypass other DRM software, are unprecedented. Where some reputable game crackers previously feared that Denuvo would effectively end game piracy , the tables have completely turned now.

Traditionally, crackers were required to reverse engineer Denuvo’s DRM paths to patch the game, which is a labor-intensive process that could take months.

Hypervisor bypasses take a fundamentally different approach. They don’t interfere with the game directly, but they operate beneath the operating system’s standard security visibility level, in what security researchers call Ring -1.

At this fundamental level, with key security features disabled, the hypervisor bypasses can intercept Denuvo’s CPU instructions and feed back false data to make the game believe that the tampering protection is still in place.

Because these bypasses are much easier to develop, these new ‘cracks’ come out faster than ever. Where pirates previously had to wait for weeks, they can now play pirated games within hours. That’s unprecedented.

Security Concerns

The hypervisor bypasses are a breakthrough, but they are not without concern. Right off the bat, critics warned that for them to work, pirates essentially have to turn off a key protection layer on their computer.

The bypasses are also plagued by hardware-specific problems and limitations that make them far from a simple patch. AMD systems are currently more stable, while Intel users face significant performance and stability issues, leading to other dangerous “tweaks”.

This cracking approach is still relatively young, and new developments surface nearly daily, with the game piracy forum Steam Underground (CS.RIN.RU) being a central hub.

The forum does not only facilitate pirate releases; it also offers detailed educational resources on potential security issues, warning that there are serious risks involved.

“[E]ven if you trust the authors of the hypervisor driver and even compile it yourself from source, a serious vulnerability in its code could instantly provide maximum and undetectable access to your system,” forum administrator RessourectoR writes.

The question remains, of course, whether the average game pirate will read these warnings at all.

Denuvo’s Response

The scale of the bypasses has not gone unnoticed. While pirates try to navigate the security issues, Denuvo is working on an update that will counter the new hypervisor ‘cracks’.

Denuvo’s parent company, Irdeto, informs TorrentFreak that they are actively working on a countermeasure to address the Denuvo bypasses.

“We’re already working on updated security versions for games impacted by hypervisor bypasses. For players, performance will not be compromised by these strengthened security measures,” says Daniel Butschek, Irdeto’s head of communications.

Further details on these countermeasures will come out in due course. Some have speculated that to counter hypervisor cracks Denuvo would also has to operate in Ring -1, under the Windows kernel, but that is not the case.

“Addressing hypervisor-based workarounds will not require Denuvo to move into Ring -1 or deeper kernel level, and that is not the direction we’re pursuing,” Butschek says.

Since people in the pirate ecosystem already warn about security issues, it is no surprise that Irdeto also highlights these concerns.

“Hypervisor‑based bypasses rely on installing a custom, self-signed hypervisor that operates below the Windows kernel, giving it far broader control than a normal driver,” Butschek notes, warning that this makes systems more vulnerable.

“To run, users must disable major Windows security protections such as Virtualization‑Based Security (VBS), Hypervisor‑Enforced Code Integrity (HVCI) and driver signature enforcement, which are designed to prevent kernel‑level malware, rootkits, and ransomware.”

FitGirl Embraces Hypervisor Bypasses

Initially, popular game repacker FitGirl was also rather cautious due to the widespread security concerns.

“You won’t see any HV-cracks repacks from me until you won’t need to actually disable security features,” FitGirl wrote in an early post, adding that no game is worth the potential irrecoverable damage it can do to one’s computer.

However, as bypass development by KiriGiri and the broader MKDEV team continued, the security situation improved. When the requirement to disable Secure Boot or use the EfiGuard tool was eliminated, FitGirl shifted their position , while recognizing the drawbacks.

FitGirl began publishing hypervisor repacks shortly after, tagging each one visibly with a HYPERVISOR label and committing to replace them with traditional cracks if and when those become available.

Speaking with TorrentFreak, FitGirl further pointed to the ongoing technical improvements, while remaining cautious.

“The team behind those cracks is now working on maturing both the VBS.cmd part and the cracks themselves,” they told us. “So I think that most of the issues coming from Intel or older CPU will be resolved shortly.”

“Caution is still needed with hypervisor bypasses. Mostly for what you download and run. But that is true for any download; it is not hypervisor-specific,” FitGirl adds.

Strict Rules

FitGirl notes that people should never run anything on their computer until they’ve verified that it’s from a trusted source. This raises the question of whether one can trust semi-anonymous pirate sources, but for now no major incidents have been reported linked to hypervisor bypasses.

What stands out is the high level of community rules and moderation. CS.RIN.RU has always been very strict, and with these hypervisor bypasses, forum administrator RessourectoR maintains oversight through detailed release requirements and best practices .

According to FitGirl, these strict rules are reassuring. However, trust can always be broken in the future, and that’s also a risk here.

“Trust can be broken, yes, but we’re not there yet. And hope we won’t, considering how strict rules for publishing those cracks on CS.RIN.RU now are,” FitGirl tells us.

The Cat-and Mouse Game Continues

While Irdeto has several options to respond, the exact countermeasures remain a question for now. Denuvo could check if third-party hypervisors are running by checking CPUIDs or measuring CPU latency, for example.

FitGirl suggested that Irdeto can also respond by shifting to daily license ticket checks, but that would be a nuisance to legitimate players while it may also be bypassed. Alternatively, the company might ask Microsoft for help by restricting Driver Signature Enforcement (DSE) mode, but that doesn’t seem viable either.

One thing is for certain: Denuvo will try to tackle the problem as best as they can, continuing the seemingly endless cat-and-mouse game. While Irdeto knows that it can’t defeat piracy, it would like to go back to the situation where games remained crack-free for weeks.

For now, however, the hypervisor bypasses have made Day-0 pirate releases a reality. For those who are willing to take the risk.

From: TF , for the latest news on copyright battles, piracy and more.

Over the past two years, rightsholders of all kinds have filed lawsuits against companies that develop AI models.

Most of these cases allege that AI developers used copyrighted works to train LLMs without first obtaining authorization.

Meta is among a long list of companies now being sued for this allegedly infringing activity. This includes a class action lawsuit filed by authors including Richard Kadrey, Sarah Silverman, and Christopher Golden, which accused Meta of using libraries of pirated books as training material.

Court Dismisses AI Training Claims

Last summer, Meta scored a key victory in this case, as the court concluded that using pirated books to train its Llama LLM qualified as fair use, based on the arguments presented in this case. This was a bittersweet victory , however, as Meta remained on the hook for downloading and sharing the books via BitTorrent.

By downloading books from shadow libraries such as Anna’s Archive, Meta relied on BitTorrent transfers. In addition to downloading content, these typically upload data to others as well. According to the authors, this means that Meta was engaged in widespread and direct copyright infringement.

In recent months, the lawsuit continued based on this remaining direct copyright infringement claim. While this was unfolding, the authors’ legal team also ‘discovered’ a new claim

Authors Pivot to Seeding Claim

Last December, the authors, through their attorneys, requested leave to file a fourth amended complaint. Specifically, they want to add a contributory copyright infringement claim, alleging that Meta facilitated third-party copyright infringement by seeding pirated books to others.

While the BitTorrent angle is not new, the authors previously only included a ‘distribution’ claim based on direct copyright infringement. This claim has a higher evidence standard, as it typically requires evidence that the infringer shares a whole work with a third party.

Since BitTorrent transfers break up files into smaller chunks before they are shared, it might be difficult to prove that a whole work is shared. However, the same transfers can be evidence that an infringer facilitated torrent transfers to third parties.

Court Grants BitTorrent Pivot, Despite Doubletalk

This week, U.S. District Court Judge Vince Chhabria granted the motion, but made little effort to hide his frustration with how plaintiffs’ counsel handled it.

The judge acknowledged that the contributory infringement claim could and should have been added back in November 2024, when the authors amended their complaint to include the distribution claim. After all, both claims arise from the same factual allegations about Meta’s torrenting activity.

“The lawyers for the named plaintiffs have no excuse for neglecting to add a contributory infringement claim based on these allegations back in November 2024,” Judge Chhabria wrote.

The lawyers of the book authors claimed that the delay was the result of newly produced evidence that had “crystallized” their understanding of Meta’s uploading activity. However, that did not impress the judge.

He called it a “lame excuse” and “a bunch of doubletalk,” noting that if the missing discovery truly prevented the contributory claim from being added in November 2024, the same logic would have prevented the distribution claim from being added at that time as well.

“Rather than blaming Meta for producing discovery late, the plaintiffs’ lawyers should have been candid with the Court, explaining that they missed an issue in a case of first impression..,” the order reads.

Judge Chhabria went further, noting that the authors’ law firm, Boies Schiller, showed “an ongoing pattern” of distracting from its own mistakes by attacking Meta. He pointed specifically to the dispute over when Meta disclosed its fair use defense to the distribution claim, which we covered here recently , characterizing it as a false distraction.

“The lawyers for the plaintiffs seem so intent on bashing Meta that they are unable to exercise proper judgment about how to represent the interests of their clients and the proposed class members,” the order reads.

Counsel “Lucked Into” a Pass

Despite the criticism, Chhabria granted the motion. The judge anticipated the obvious question from readers of his order.

“By now, the reader might be thinking, ‘Wait a minute, you started off saying that the motion to amend the complaint was difficult. It seems like an easy deny to me,'” Chhabria wrote.

The primary reason to grant the motion is the risk to the other potential members of the class action. If the contributory infringement claim were excluded and the class later lost on the distribution claim at trial, those class members could potentially be barred from ever bringing the contributory claim separately.

A second factor also made the decision easier. Meta has separately requested the court to align the schedule in this case with a separate but similar lawsuit filed by Entrepreneur Media. This case covers a similar contributory infringement claim and shares discovery the authors’ lawsuit. Granting the motion to amend, therefore, adds little practical burden to Meta.

However, the judge stresses that this is the result of luck, rather than the skill of the authors’ counsel.

“Plaintiffs’ counsel has lucked into a situation where Meta will not be meaningfully prejudiced by the failure to add a contributory infringement claim back in November 2024,” Chhabria wrote.

The authors’ motion to open the class discovery process was denied. That will only be considered if the named plaintiffs survive the next round of summary judgment on both the distribution and contributory infringement claims.

For now, the case moves forward with a fourth amended complaint, three new loan-out companies added as named plaintiffs, and a growing list of BitTorrent-related claims for Judge Chhabria to resolve.

—

A copy of the order, filed at the U.S. District Court for the Northern District of California, is available here (pdf) .

From: TF , for the latest news on copyright battles, piracy and more.

The Pirate Bay was once the leading pirate site , with a hubris matching its millions of monthly visitors.

After the verdict that sent its founders to prison , the site slowly started to decay. The option to comment or register as a new user eventually broke down, and aside from promoting a fishy token , public outreach ground to a halt.

Despite this downward spiral, the site continues to live up to its official tagline: the galaxy’s most resilient torrent site. Where TorrentSpy , Mininova , isoHunt , Torrentz , KickassTorrents , ExtraTorrent , RARBG and TorrentGalaxy all fell, The Pirate Bay continues to serve many millions of monthly users.

It’s safe to say that The Pirate Bay witnessed quite a bit of change. When the site launched, roughly 10% of the world’s population was connected to the Internet, and in the United States, the majority of all ‘world wide web’ users were still using a dial-up connection.

At the time, all popular entertainment was consumed offline. People interested in watching a movie could use the Internet to buy a DVD at one of the early webshops, or sign up with Netflix, which shipped discs through the mail. However, on-demand access was simply not a thing. At least, not legally.

With enough patience, file-sharing software allowed people to share large video files, and BitTorrent excelled at this, as transfer speeds typically picked up with more demand. This is why torrent sites popularized the on-demand downloading of movies and TV-series for millions of people.

Pirate Bay’s Oldest Torrent

Today, most files shared on The Pirate Bay in the early years are no longer available. BitTorrent requires at least one person to share a full file copy, which is difficult to keep up for decades.

Surprisingly, however, several torrents have managed to stand the test of time and remain actively shared. Earlier this week, the site’s longest surviving torrent turned 22 years old.

While a few candidates have shown up over the years, we believe that an episode of “ High Chaparral ” featuring Uri Geller has the honor of being the oldest Pirate Bay torrent that’s still active today. The file was originally uploaded on March 25, 2004, and several people continue to share it today.

At this point, the torrent in question appears to have reached a cult status, with pirates sharing the release simply because it is the oldest torrent on The Pirate Bay. Despite the record, however, the Swedish TV series is shared without permission of the creators.

Revolution OS & The Fanimatrix

There are also other pirate releases on The Pirate Bay that continue to thrive. On March 31, 2004, someone uploaded a pirated copy of the documentary “ Revolution OS ” to the site, which is alive and kicking today.

“Revolution OS” covers the history of Linux, GNU, and the free software movement, which was a good fit for the early Pirate Bay crowd. Thirteen years ago, we spoke to director J.T.S. Moore, who wasn’t pleased that people were pirating the documentary but was nevertheless glad to see it hadn’t lost its appeal.

Fast-forward to the present day, and Revolution OS still has plenty of interest, with more than 33 people actively seeding the torrent.

While these torrents are certainly dated, they’re not the oldest active torrents available on the Internet. That honor goes to “The Fanimatrix” , which was created in September 2003 and, after being previously resurrected, continues to be available today with dozens of people seeding. We’ll check back in 2028 for its 25th anniversary.

From: TF , for the latest news on copyright battles, piracy and more.

Last August, we reported on the case of David Dunbar , a Wexford man who consented to a €480,000 damages judgment after Sky exposed his illegal IPTV operation.

The initially defiant IPTV operator had destroyed evidence and was fined €30,000 for contempt of court. This penalty followed Dunbar’s refusal to allow investigators to search his home, despite a High Court-sanctioned Anton Piller order.

While much of the internal service data was reportedly lost, the man’s Revolut account revealed that he received €118,992 from resellers over a period of three and a half years. During this time, subscribers also paid €72,414 and £9,256.

While Sky was pleased with the actions against the man who they describe as a “top level” pirate, the company was not done yet.

Revolut Must Unmask IPTV Pirates

This week, the story moved to the next stage. On Wednesday, Ireland’s High Court granted Sky a Norwich Pharmacal order requiring Revolut Bank UAB to hand over the names, addresses, and banking details of 304 IPTV subscribers and 10 resellers connected to Dunbar’s service, “IPTV is Easy.”

The application was supported by Premier Sports, GAA+, LOITV, and Clubber TV, which shows that the affected content extends well beyond Sky’s own channels.

To obtain the identities of these IPTV resellers and subscribers, Sky initially approached Revolut directly. However, the bank said it could only disclose information following a court order, and on Wednesday Judge Brian Cregan granted one.

Sky’s barrister, Theo Donnelly, told the court that it expects to use the personal information to take legal action against the resellers and some of the end users of these pirate boxes.

For Sky, it would not be possible to take legal action against all 304 subscribers, he said. However, legal action against IPTV users is new in Ireland, which makes this a key change in tactics.

Deterrent Effect

By unmasking the IPTV subscribers, Sky hopes to create a deterrent effect on the country’s estimated 400,000 pirate IPTV users, or “dodgy boxes,” as they are known in Ireland. At the same time, some of the resellers are arguably in more trouble.

In an affidavit, Sky investigator Damien Gilmore notes that there is information suggesting that at least five of the resellers continue to sell the IPTV services to this day. The company expects to take action against all these active resellers.

The timing is also no accident; with the Premier League season nearing its climax and major golf and Formula 1 events on the horizon, Gilmore said that Sky is anxious to take “ decisive action ” while interest in premium sport is at its peak.

Broadening IPTV Subscriber Crackdown

For Ireland’s pirate IPTV users, this is the first time that they have come in the crosshairs of rightsholders. While only a few will face legal action, Sky hopes that the looming threat will have a deterrent effect.

On paper, Ireland’s Copyright and Related Rights Act 2000 allows fines of up to €127,000 and up to five years imprisonment for those who use illegal streaming services. However, it’s worth stressing that there is no jurisprudence for action against subscribers.

The Irish action appears to be part of a trend to hold IPTV subscribers accountable. Earlier this week, a French Public Prosecutor’s Office fined 19 IPTV subscribers between €300 and €400 after their identities were exposed through a reseller bust.

In Italy, the Guardia di Finanza identified thousands of subscribers following the dismantling of a pirate network, and rights holders subsequently sent civil damages demands on top of the criminal fines.

In Ireland, it appears that Sky can’t simply demand money without any oversight, as the judge’s order restricts use of the personal details to start legal proceedings against alleged infringers.

The August judgment had already pointed in this direction. Mr Justice Sanfey warned that anyone running similar operations should consider how vulnerable they are to discovery and exposure, “with potentially calamitous consequences.”

This week’s ruling suggests those consequences now extend to subscribers too.

From: TF , for the latest news on copyright battles, piracy and more.

Anna’s Archive is generally known as a meta-search engine for shadow libraries, helping users find pirated books and other related resources.

However, last December, the site announced that it had also backed up Spotify , which came as a shock to the music industry.

Anna’s Archive initially released only Spotify metadata, and no actual music, but that put the music industry on high alert. Together with the likes of Universal, Warner, and Sony, Spotify filed a lawsuit days later, hoping to shut the site down.

Through a preliminary injunction targeting domain registrars and registries, the shadow library lost several domain names. However, not all were taken down, and the site registered various new domain names as backups .

The legal pressure also appeared to pay off in other ways. Not long after the lawsuit was filed, the shadow library removed the Spotify torrents. The same applies to the first batch of music files that was released in February.

According to a message posted on Reddit by the site’s operator, Anna’s Archivist, these Spotify releases were published accidentally and were put temporarily on hold because they are “not worth the additional trouble the music industry’s lawyers are bringing.”

‘Extremely Conservative’ $322 Million Default Judgment

Despite taking the torrents offline, Spotify and the labels are not letting the case go. On the contrary, without a response from Anna’s Archive in court, they seek a massive default judgment this week.

“Defendant’s blatant and willful disregard for Plaintiffs’ rights and the Court’s authority warrants imposition of statutory damages against Defendant for copyright infringement in the amount of $22,200,000, and for violation of the Digital Millennium Copyright Act in the amount of $300,000,000, as well as permanent injunctive relief,” they write.

Plaintiff(s)	Damages Sought	Amount
Total		$322,200,000.00
Warner	Statutory damages for willful copyright infringement (17 U.S.C. § 504(c)) at $150,000 for 48 sound recordings	$7,200,000.00
Sony	Statutory damages for willful copyright infringement (17 U.S.C. § 504(c)) at $150,000 for 50 sound recordings	$7,500,000.00
UMG	Statutory damages for willful copyright infringement (17 U.S.C. § 504(c)) at $150,000 for 50 sound recordings	$7,500,000.00
Spotify	Statutory damages for circumvention of a technological measure (17 U.S.C. § 1203(c)(3)(A)) at $2,500 for 120,000 music files	$300,000,000.00

The music labels each seek the maximum of $150,000 in statutory damages for around 50 works. Spotify adds a DMCA circumvention claim of $2,500 for 120,000 music files, bringing the total to more than $322 million.

The plaintiff describes their damages request as “extremely conservative.” The DMCA claim is based only on the 120,000 files actually downloaded during their investigation, not the full 2.8 million released. Had they applied the $2,500 rate to all released files, the damages figure would exceed $7 billion.

Similarly, the copyright claim covers only 148 tracks, which is only a tiny fraction of the files Anna’s Archive claimed to have scraped.

RIAA’s Senior Vice President Downloaded 120,000 files

The temporary release of the music files plays a key role. The music companies note that the release of the nearly three million music files is evidence for their copyright infringement claim. Additionally, it shows that Anna’s Archive successfully circumvented Spotify’s DRM.

According to the legal paperwork, RIAA Senior Vice President of Technology Jeremy Landis personally downloaded the first two torrents, confirming 120,000 files were accessible and included Spotify metadata identifying artist, track, album, and label.

The music companies confirm that the torrent links were eventually removed from Anna’s Archive’s website around February 11. However, they stress that files distributed via BitTorrent remain available through the peer-to-peer network, regardless of whether the original posting site removes them.

DRM Circumvention at Scale

Spotify Principal Engineer Richard Titmuss states in a declaration that each audio file on the platform is protected by encryption and digital rights management technology. The files Landis downloaded could be played on a standard media player outside the Spotify platform, meaning that Anna’s Archive effectively circumvented the DRM on each file.

“In order to make each of these individual music files available through the BitTorrent network, Defendant necessarily had to circumvent and disable the technological DRM protections that Spotify had implemented with respect to each such music file,” Titmuss writes.

This declaration is used as evidence for Spotify’s damages claim under the DMCA’s anti-circumvention provision, which allows for statutory damages of up to $2,500 per act of circumvention, bringing the total to $300 million.

Broad Injunction

In addition to the damages, plaintiffs seek a permanent injunction covering ten (current and previous) Anna’s Archive domains: annas-archive.org, .li, .se, .in, .pm, .gl, .ch, .pk, .gd, and .vg.

The proposed order names every registry, registrar, and host that would be bound by the judgment, including Public Interest Registry, Cloudflare, Switch Foundation, The Swedish Internet Foundation, Njalla, Immaterialism Ltd., and several others. All would be required to permanently disable access to the named domains and cease hosting services for the site.

To reach these third parties, the plaintiffs cite several legal bases, including the All Writs Act (28 U.S.C. § 1651), which grants federal courts the power to issue orders to non-parties that can help to enforce judgments.

The labels argue this is justified given because Anna’s Archive deliberately ignores U.S. law and bypasses the authority of the court.

Anna’s Archive can seek relief from the domain seizures. However, that would require the site’s operator to pay the full $322 million judgment, which seems a rather unlikely scenario at this point.

—

A copy of the memorandum of law supporting the motion for a default judgment is available here (pdf) . The statement of damages can be found here (pdf) . The declarations of Jeremy Landis and Richard Titmuss are available here (pdf) and here (pdf) .

From: TF , for the latest news on copyright battles, piracy and more.

When a Virginia jury ordered internet provider Cox to pay $1 billion in damages for failing to take appropriate actions against pirating subscribers, shockwaves rippled through the ISP industry.

The verdict, in favor of major record labels including Sony and Universal, was a catalyst for many other ‘repeat infringer’ lawsuits. This resulted in yet more multi-million dollar claims and awards, with many still in the pipeline today.

Meanwhile, Cox did everything it could to fight the verdict, all the way up to the Supreme Court, which formally heard the case last December. The panel had to decide whether an ISP can be held liable for not taking any action in response to piracy notices, which which the Court answered today with a clear no.

Supreme Court Reverses: Knowledge is Not Intent

In a 7-2 decision handed down this morning, the Court reversed the Fourth Circuit decision, ruling that Cox is not contributorily liable for the infringing actions of its pirating subscribers. The opinion was written by Justice Thomas and is joined by six other justices. Justices Sotomayor and Jackson concurred, but disagreed sharply with the majority’s reasoning.

The opinion states that contributory liability requires proof that the provider intended its service to be used for infringement. That intent can only be shown in one of two ways. Either the provider actively induced infringement, or the service is one that has no substantial non-infringing uses.

In the present case Cox met neither test. It never encouraged its subscribers to pirate anything. And internet access, as the Court noted, is used for countless lawful purposes.

“Under our precedents, a company is not liable as a copyright infringer for merely providing a service to the general public with knowledge that it will be used by some to infringe copyrights. Accordingly, we reverse,” Justice Thomas writes.

The Court also directly countered the Fourth Circuit’s reasoning, which held that supplying a product with “knowledge” of future infringement was enough to establish liability. The Supreme Court called this an improper expansion of copyright law that conflicted with decades of precedent.

This means that Cox may have known about the infringing activity of its subscribers, but that they are not liable for not taking action in response.

The “IP Address” Problem

In a concurring opinion, Justice Sotomayor agreed that Cox shouldn’t be held liable, but for a more practical reason. Under the common-law aiding-and-abetting doctrine, which she argued the majority should have applied, liability requires proof that a defendant intended to help a specific wrongful act succeed.

Sotomayor noted that when the anti-piracy tracking company MarkMonitor flagged an infringing IP address, it only identified a connection, not an individual. Whether the infringer was a specific account holder, a roommate, or a neighbor stealing Wi-Fi remained a mystery.

Without knowing who was actually infringing, Sotomayor argued, it is impossible to prove Cox intended to help that specific person succeed in their “wrongful act”.

Is the DMCA Safe Harbor Now “Obsolete”?

The ruling leaves a massive question mark over the future of the Digital Millennium Copyright Act (DMCA). Sony argued that the DMCA’s “safe harbor” provisions, which require ISPs to terminate “repeat infringers”, would be meaningless if ISPs weren’t already liable for serving those infringers in the first place.

Justice Sotomayor went even further, warning that the majority’s new rule “consigns the safe harbor provision to obsolescence”, adding that ISPs now have little incentive to take any action against online pirates.

“The majority’s decision thus permits ISPs to sell an internet connection to every single infringer who wants one without fear of liability and without lifting a finger to prevent infringement,” she notes.

What Happens Next

With today’s opinion, the case is reversed and remanded to the Fourth Circuit for further proceedings. Whether the music labels will pursue further litigation on remand, and what that would look like, remains to be seen.

For rightsholders, the ruling removes the primary legal tool they have used to pressure ISPs to terminate infringers more aggressively. For ISPs, however, it resolves years of uncertainty about how far they have to go in response to copyright infringement notices. Whether that means that they will indeed take less action has yet to be seen.

—

A copy of the Supreme Court’s opinion is available here (pdf) . This is a developing story; more quotes, comments, and notes may be added later.

From: TF , for the latest news on copyright battles, piracy and more.

France has been at the forefront of the fight against online piracy for years.

It pioneered the three-strikes “graduated response” system back in 2009 , where the Hadopi agency tracked, warned, and fined online pirates, mostly those using BitTorrent.

As piracy shifted to streaming, however, enforcement became more complicated. Unlike BitTorrent, IPTV services don’t broadcast users’ IP addresses publicly, which has made individual subscribers difficult to identify and prosecute.

However, IPTV operators and resellers keep records. When investigators reach those records, subscribers can find themselves exposed.

19 IPTV Subscribers Fined

Last week, the French football league LFP announced that the Arras Public Prosecutor’s Office reached financial settlements with 19 subscribers of a pirate IPTV service. These users signed a criminal settlement that requires them to pay a fine ranging from €300 to €400.

The criminal investigation was started following a complaint from LFP. The prosecutors eventually identified 21 defendants and have now settled with 19 of them. The remaining two defendants are resellers, who are summoned to appear before the Arras criminal court in April, Zataz reports .

This is the first case in France where IPTV users are sanctioned. While the plea agreements are relatively modest, LFP stresses that the law provides for penalties of up to €7,500.

The authorities did not disclose how the subscribers were identified, but IPTV resellers typically hold customer records including email addresses and payment details. If the authorities collected this as evidence, they could effectively expose the subscribers.

Mafia-like Ecosystem

The Arras case is not the first time European IPTV subscribers have faced consequences. In Italy, the Guardia di Finanza identified thousands of subscribers following the dismantling of a pirate network, and rights holders subsequently sent civil damages demands on top of the criminal fines.

Last May, the authorities announced that 2,282 pirate IPTV subscribers had been fined across 80 Italian provinces. Following this action, rightsholders collected additional damages settlements of up to €1,000 from a number of the same people.

France has followed a different path, but the Arras prosecutions suggest the gap may be narrowing. In its official communiqué, the LFP made clear the intent behind the action, while warning that more actions are underway.

“The LFP and LFP Media welcome this strong message to users of piracy services, who mistakenly believe they can act with impunity when in fact they are knowingly contributing to a mafia-like ecosystem that seriously harms the entire sports sector,” the organization writes.

“Many criminal actions targeting resellers of IPTV subscriptions are underway, and their customers may, as such, be questioned and prosecuted,” the league added (TF translated).

Millions of LFP Pirates Remain

While LFP hopes that the prosecutions and the associated fines against 19 IPTV subscribers will send a deterrent message, there is still a long way to go.

At a sports piracy conference held at Roland-Garros on March 23, LFP Media’s Douglas Lowenstein presented survey data showing that around two million people in France watched Ligue 1 via pirate services this season, making it the most pirated competition in the country.

Prosecuting millions of people isn’t very practical, which is why rightsholders are also continuing to push for expanded site-blocking powers.

Arcom , France’s broadcasting regulator, has blocked more than 12,600 domain names since 2022, but rightsholders argue that real-time automated blocking is needed to keep pace with live match piracy. This is particularly important with the 2026 FIFA World Cup in mind.

The French football league is pushing for Article 10 of a pending sports law, which would allow automated blocking without manual approval. Sports Minister Marina Ferrari has indicated the legislation could move before June, ahead of the 2026 World Cup.

If LFP’s warnings are correct, we may also see more prosecutions of IPTV pirates in the near future. In any case, the two resellers in the Arras case will have made their appearance in court by then, which is scheduled for April 7.

From: TF , for the latest news on copyright battles, piracy and more.

Earlier this month, HiAnime surprised friends and foes by shutting down its website, which clocked more than 150 million monthly visits.

“It’s time to say goodbye. And thank you for a wonderful journey with great moments,” the operators announced.

The decision was a major setback for anime pirates, including many third-party tools and services that relied on the site, formerly known as Aniwatch . This includes unofficial “API” tools that could be used by other pirate sites to serve anime content.

Anti-Circumvention Takedown

With HiAnime gone, these third-party tools presumably stopped working too. And even if that was not the case, a recent takedown notice sent by Remove Your Media LLC, on behalf of Crunchyroll, VIZ Media, and other anime rightsholders, would have rendered them useless.

The takedown notice, published yesterday , lists several high-profile repositories, including aniwatch and aniwatch API , which offered access to HiAnime streams. These partially worked by using keys from the MegacloudKeys repository, which was also targeted.

The takedown notice targets several repositories, which taken together have more than 900 forks. While it is not clear whether the notice was sent before or after HiAnime’s shutdown, the outcome is the same. After reviewing the allegations, the repos and forks were removed.

Anti-Circumvention Claim Fails

It is important to note that the notice is not a standard DMCA takedown request, but a DMCA anti-circumvention claim. Remove Your Media explicitly suggests that the tools bypass various copyright protections.

According to the takedown notice, these repositories facilitate the “circumvention of technological protection measures implemented by authorized streaming services”. Because they provide access to pirated content, they circumvent “subscription paywalls, digital rights management, and access controls”.

This anti-circumvention claim was rejected by GitHub, potentially because there are no direct rightsholder DRM circumventions involved. However, because the developer platform found other issues, all repositories were removed anyway.

“While GitHub did not find sufficient information to determine a valid anti-circumvention claim, we determined that this takedown notice contains other valid copyright claim(s),” GitHub notes.

Youtube-dl & Notorious Markets

The takedown notice explicitly made a distinction between the anime repositories and youtube-dl, which was reinstated by GitHub after it was targeted by an RIAA circumvention notice in October 2020.

The notice is redacted and doesn’t mention youtube-dl by name, but the context makes it rather clear.

This description did not help with the anti-circumvention claim. However, GitHub did flag copyright issues. This may be in part due to the fact that HiAnime and MegaCloud were both listed as a notorious market by the MPA and the U.S. Trade Representative recently.

The USTR described MegaCloud as a pirate content management system that provides access to a large library of infringing content.

“The network reportedly acts as a backend hosting system delivering infringing video files —including more than 46,000 movies and 16,000 TV series— directly to more than 260 pirate streaming sites around the world,” USTR wrote.

For now, the repositories are gone, and HiAnime remains offline, leaving the third-party tools that depended on both without a clear path forward. However, since we have already seen many rebrands of these services in the past, it would not be a surprise to see a new service pop up in the future.

From: TF , for the latest news on copyright battles, piracy and more.

As one of the leading Internet infrastructure companies, Cloudflare finds itself at the center of various copyright disputes.

The American company says it powers nearly 20% of the web. This includes several Fortune 500 companies, but also many pirate sites and services.

For years, rightsholders have urged Cloudflare to do something about these pirate sites. However, the company typically doesn’t take action against customers that use its ‘pass-through’ CDN services. Instead, it simply forwards takedown notices to their respective hosting services.

According to some rightsholders forwarding is not enough. To compel Cloudflare to take action against pirate sites, they requested formal blocking orders in France, Spain, South Korea, and elsewhere.

Cloudflare Adds 2,791 Geoblocked Domain Names

Cloudflare’s latest transparency report, covering the second half of 2025, shows that 2,791 domain names that use its pass-through services were geoblocked. This means that these sites of Cloudflare customers are effectively rendered inaccessible in these countries.

Nearly 2,800 is a significant increase compared to the same period a year earlier, when 308 domain names were geo-blocked.

When Cloudflare geoblocks a domain, the company posts an interstitial page linking to the relevant order so that visitors can see why access has been restricted.

It’s worth noting that not all geo-blocks are equal. In the UK, for example, Cloudflare is taking action voluntarily based on an older High Court order against ISPs, to which it is not a party. This is similar to the voluntary blocking approach Google takes.

In Belgium and France, Cloudflare does respond to orders where it is named. These predominantly cover pirate sites, but in Belgium Cloudflare is also compelled to geo-block several illegal gambling sites.

In Korea, a new law requires CDN providers, including Cloudflare, to implement a government-mandated blocklist. This prohibits the CDNs from facilitating access to these sites through servers in South Korea, which resulted in hundreds of blocks in the second half of 2025.

Cloudflare clarifies that these South Korean sites are not “blocked” in the traditional sense. Instead, they are restricted from being served through equipment located physically in South Korea.

DNS Blocking

Interestingly, these geo-blocking measures are sometimes also used by Cloudflare to comply with DNS (1.1.1.1) blocking orders. If the sites are geo-blocked, Cloudflare doesn’t have to block these through its DNS.

“Cloudflare has sometimes taken action to geoblock access to websites through Cloudflare’s pass-through CDN and security services, in response to orders directing Cloudflare to block through its public DNS resolver,” the transparency report reads.

As in previous transparency reports, Cloudflare separately confirms that it “has not blocked content through the 1.1.1.1 Public DNS Resolver.”

Automated Hosting Takedowns

In addition to blocking domains for which Cloudflare acts as a CDN or pass-through, the company also takes more direct action if it is hosting sites. In the second half of 2025, rightsholders sent 121,681 copyright infringement reports, with Cloudflare taking action in 67,941 instances.

Notably, these removals are mostly the result of automatic processes, which were put in place last year.

“In H2 2025, Cloudflare used automated means to action 64,161 of the 67,941 copyright infringement reports actioned,” the company reports in a footnote, adding that it also terminated 59,843 accounts of R2 storage services.

Italy’s €14 Million Fine

The transparency report makes no mention of the recently appealed €14,247,698 fine that was imposed on Cloudflare in January by Italy’s communications regulator, AGCOM. Cloudflare received this fine as it refused to implement blocking measures through its 1.1.1.1 DNS resolver under Italy’s Piracy Shield measures.

AGCOM concluded that Cloudflare’s cooperation is “essential” for the enforcement of Italian anti-piracy laws, as its services allow pirate sites to evade standard blocking measures.

In response to the fine, Cloudflare’s CEO Matthew Prince considered pulling out of Italy entirely. While that hasn’t happened yet, Cloudflare firmly draws a line at their public DNS resolver, and it recently appealed AGCOM’s fine in court.

—

A copy of Cloudflare’s H2 2025 Transparency Report (Abuse Processes) is available here (pdf) .

From: TF , for the latest news on copyright battles, piracy and more.