Law enforcement operations against pirate streaming networks have been a regular occurrence, particularly inside the EU.

This includes Italy, where the financial police, Guardia di Finanza (GdF), has routinely cracked down on the “pezzotto,” the term used for selling IPTV streaming boxes and subscriptions.

This week the financial police in Ravenna announced something they say is different. In an operation named “Tutto Chiaro” (“All Clear”), coordinated by the Bologna prosecutor’s office, around 200 officers carried out more than 100 searches and seizures across Italy, with parallel action in France and Germany.

At the center of the crackdown is an app called CinemaGoal. The GdF calls the technology behind it “highly advanced and previously unseen”.

“The operation, which stemmed from social media monitoring, uncovered, for the first time, the existence of an innovative technology,” GdF explained , noting that the app offered superior viewing quality while the anti-piracy detection rate was minimal.

How the GdF Says It Worked

According to the GdF, CinemaGoal was installed on a customer’s device, connecting it to a foreign server that decrypted the premium content. This included content from premium broadcasters such as Sky and DAZN, but the authorities also named Netflix, Disney+, and Spotify as targets.

The police explain that, every three minutes, virtual machines captured the “original” codes of legitimate subscriptions and instantly relayed them, sending a “clear” signal to pirate subscribers. Those legitimate accounts were registered to fictitious names, as well as some who have been identified.

Because the system tapped into the official streaming feeds, GdF says the quality of the streams was superior. Paired with a low anti-piracy detection rate and relative anonymity for its subscribers, the more than 70 identified resellers had little trouble selling these subscriptions.

New Anti-Piracy Tech?

The “previously unseen” framing relied on a broad description by GdF, referencing “Original codes,” a “clear” signal, a foreign server that “decrypts” content. This is press release language, not a technical explanation. But just how “new” is this technology?

The few concrete details shared by authorities are reminiscent of one of the oldest piracy tricks. For over two decades, pirates have hijacked pay-TV by copying the constantly changing key that unlocks a single legitimate subscription and sharing it out to everyone else. This is typically known as card sharing.

However, with card-sharing, keys typically change every few seconds. The GdF suggests that CinemaGoal refreshes codes every three minutes, which is significantly slower.

That timing, together with the claim that CinemaGoal actually looked better than an ordinary pirate stream, hints at something more modern. This would be largely in line with CDN leeching, which is an emerging problem that anti-piracy outfits have been referring to over the past years.

In 2024, anti-piracy group Irdeto noted that this technical breach is particularly popular among operations that use piracy-enabling devices.

“Typically, they will reverse engineer video applications to understand how to access and extract the CDN content, enabling them to distribute pirated material more efficiently,” the blog post explained, while also referencing the quality improvement.

“Pirates leverage CDN infrastructure to deliver pirated content more quickly and with lower latency, thus enhancing the streaming experience for their illicit users,” Irdeto added.

What type of operation was targeted by operation “Tutto Chiaro” remains unclear for now. The police reportedly have the source code, however, so more information may come out in the future.

Perhaps that will also explain a more straightforward problem with the official press release. Currently, the same “grab the codes every three minutes” description is used for all streaming services, from live sports on DAZN to on-demand video on Netflix, to music on Spotify. These platforms do not all work the same way, however, and cannot all be unlocked by a single trick.

Subscribers in the Crosshairs

Interestingly, public searches show that CinemaGoal has left no notable public footprint. TorrentFreak found no app store listing, APK mirror, reseller storefront, or forum thread predating the operation. Every reference dates to the announcement by the Italian police.

The GdF says the investigation began with “monitoring social media,” and, according to Italian outlet Il Post, the app was promoted through networks such as Telegram, with agents selling online or meeting customers in person. This would confirm that there was no public sales outlet mentioning the CinemaGoal app.

Through Eurojust, the authorities seized foreign servers holding the decryption data and the app’s source code. The same investigation found that the same operation also relied on the more traditional IPTV “pezzotto”, in addition to CinemaGoal.

Rightsholders have welcomed the latest streaming piracy crackdown. Sky Italia’s CEO Andrea Duilio thanked the GdF and the Bologna prosecutors, and warned that people who choose illegal streaming risk fines and expose their personal data to theft and fraud.

Whether the enforcement actions will effectively end the operation is unclear. There haven’t been any reports of arrests of the people who ran the operation.

GdF’s press release does suggest that many pirate subscribers are at risk. It notes that fines will be issued to the first 1,000 identified subscribers, who will receive claims ranging from €154 to €5,000. The GdF puts the total involved in the “thousands.”

This is not the first time that pirate streaming subscribers have come in the crosshairs of the authorities. Last year , thousands of subscribers, connected to an IPTV crackdown, received similar fines in the mail.

From: TF , for the latest news on copyright battles, piracy and more.

This weekend features the final round in the Premier League football season, but the league’s anti-piracy enforcement machine is showing no signs of slowing down.

On Wednesday, the Premier League took its legal concerns to a California federal court. Specifically, it requested a DMCA subpoena to compel domain registrar Tucows to identify the operators of a fresh batch of pirate sports-streaming sites.

Premier League’s Subpoena

The legal paperwork lists a web of pirate sports streaming domains and redirects, identifying 25 targets. Many of these sites use well-known sports pirate brands, including Totalsportek, Sportsurge, and Rojadirecta, which are not necessarily linked to the original operations.

Futbollibre.org was one of the most trafficked domains, with more than 12 million monthly visits last month, according to Similarweb. The domain, along with several others on the list, was already suspended and placed on “clienthold” roughly two weeks before the Premier League’s subpoena request, a registrar-level status that disables the domain.

Whether these suspensions were connected to the Premier League’s complaint is unknown. Other domains in the list remain online at the time of writing.

‘Disable Access’

According to the Premier League, these sites all streamed football matches without permission. This was also made clear in a copyright infringement notification that was sent to domain name registrar Tucows by the Premier League’s legal team at Hagan Noll & Boyle.

This notification is mandatory in order to obtain a DMCA subpoena and asks Tucows to disable the listed domains.

“Tucows is asked to remove or disable access to Premier League’s copyrighted works, which, based on the infringement that has occurred to date through the websites and domain names identified above, will continue to be infringed in this same manner throughout the Premier League season and into future seasons,” the letter reads.

Additionally, the legal paperwork includes a detailed investigation into the infringing nature of the sites. According to the Premier League, this paperwork is sufficient for a court clerk to sign the DMCA subpoena, without putting it before a judge.

Exposing the Operators

If the proposed DMCA subpoena is granted, it would require Tucows to share all personally identifying information it has on the registrants of these domains. That includes names, physical addresses, IP addresses, telephone numbers, emails, addresses, payment information, and account history.

At the time of writing, a court clerk has yet to sign off on the subpoena, which is typically a formality.

Whether DMCA subpoenas can reach intermediaries that don’t store infringing content has been contested before. Last year, the Ninth Circuit ruled that this route was not valid when movie companies used it to demand data from internet provider Cox, because it was a mere conduit for its subscribers’ traffic. How this logic applies to a registrar has yet to be tested.

The Streams Use Amazon and Google

At this point, it is worth pointing out that the pirated streams are not hosted on the domain names that are targeted in the subpoena. This is also evident from the Premier League’s own investigation package, which points to other American tech companies.

For example, the antenasport.org domain streamed the match between Fulham and Aston Villa from a backend link at Amazon Web Services. As shown below, the .m3u8 playlist was loaded through s3.dualstack.us-east-2.amazonaws.com. The same applies to content streamed from other domains.

Amazon is not alone, as Google’s cloud storage URL “storage.googleapis.com” also appeared in the evidence package, linked to a pirated stream for the Sunderland vs Nottingham Forest match.

Whether the Premier League also attempted to get information through these companies is unknown.

Regarding the Premier League’s DMCA subpoena request, Tucows informed TorrentFreak that it complies when legally required to.

“Tucows is a staunch advocate for free speech and the freedom of expression on the Internet however, when served with valid due process, like any business, Tucows complies,” writes Reg Levy, the company’s Associate General Counsel for Domains.

Tucows declined to comment further, citing potential ongoing or active investigations. For now, the Premier League’s request awaits a clerk’s signature. Whether the operators behind these sites are eventually unmasked is another question.

—

The Premier League’s DMCA subpoena request is available here (pdf) , along with the notification of claimed infringement (pdf) , which were both filed at the U.S. District Court for the Central District of California.

From: TF , for the latest news on copyright battles, piracy and more.

The Motion Picture Association (MPA) has been the driving force behind pirate site blocking around the world for more than fifteen years.

With blocking powers in more than 50 countries, the group sees the enforcement option as a key anti-piracy tool that it hopes the United States will also adopt soon.

Last year, for example, the MPA’s Senior Executive Vice President Karyn Temple discussed an overview of site-blocking ‘best practices’ at the World Intellectual Property Organization (WIPO). Among other things, this includes the inclusion of dynamic blocking, automated processes, all with proper safeguards.

For the upcoming 18th WIPO session next month, the MPA has also prepared a presentation on site blocking. Delfos Visser’s contribution discusses the role of intermediaries. This includes the gradually expanding role of ISPs, search engines, VPNs, DNS resolvers, domain name registrars, and content delivery networks.

The involvement of these intermediaries is regularly discussed, both in and outside of courts. However, the MPA’s presentation also includes a notable new site-blocking angle that has not been covered in the press, until now.

UK’s New ‘Omnibus’ Blocking Order

In his contribution, Delfos Visser highlights a new UK High Court ruling that has not yet been published publicly on BAILII or the National Archives. The case, Columbia Pictures and others v British Telecommunications and others , was filed in December 2025, seeking broader site-blocking powers in the UK.

The MPA notes that this case resulted in a new judgment on May 7, which will reportedly allow rightsholders to better respond to evolving piracy threats.

In the MPA’s framing, the ruling represents a new generation of UK blocking orders. Traditional applications under Section 97A of the Copyright, Designs and Patents Act 1988 required studios to identify specific pirate sites by domain name and ask the court to order the major UK ISPs to block them.

A 2022 ruling by Mr. Justice Meade extended that to also include orders covering “pirate brands,” which allowed rightsholders to also target mirror and copycat domains with similar names.

The new order goes even further. According to the MPA, it allows Hollywood studios to seek blocking of any “structurally infringing audiovisual piracy services that meet defined criteria, without having to bring a fresh court application for each new domain or site name available in the future.”

The order remains in place for six months, with the option to request an extension. To qualify for a renewal, the studios are required to submit reports on the implementation and effectiveness to the court.

Shapeshifting & Agentic-AI-Powered Pirate Sites

The MPA presentation notes that these expanded blocking capabilities are much needed to be able to handle the ever-evolving piracy threats. Delfos Visser notes that this could include AI-amplified piracy tools in the future.

“While fully autonomous “agentic AI” systems are not yet known to be widely used in the piracy ecosystem, several technological developments are already materially lowering the barriers to large-scale domain hopping and evasive schemes,” Delfos Visser writes.

The submission points out that services such as bulk registration APIs can make it easier for pirates to counter blockades. Operators can rapidly deploy new streaming sites and rotate through networks of new and non-brand-related domain names to evade standard blocking orders, the MPA writes.

“As a result, infringing services increasingly operate through rotating networks of domains, including generic or non-brand-related names specifically designed to evade traditional domain-specific or brand-based blocking measures,” Delfos Visser writes.

This framing matters, as traditional s.97A orders and the more recent pirate-brand orders both require some link between a target domain and a previously identified pirate operation. The new order, as suggested by the MPA, breaks that link. Sites can be added to the blocklist based on whether they meet structural-infringement criteria, not whether they share a name or branding with an existing target.

Limited Transparency

While this does indeed read like a significant court order, the full text remains unavailable. We reached out to Delfos Visser and Wiggin, the law firm that represented the studios in this case, but neither responded to our inquiry. None of the targeted ISPs have publicly mentioned the order either.

The ruling will eventually be published online, and we will update this article accordingly when that happens. However, going forward, it would be welcome to have more transparency from the get-go.

Questions also remain about the transparency of these types of court orders. TorrentFreak has previously documented how dynamic blocking orders are quietly updated to add new domains. This makes it hard for outsiders to check the accuracy of these measures.

This transparency concern will be further elevated when rights holders can add new domains to existing orders that seemingly have no link to the domains that were initially targeted.

The MPA does not address the transparency angle in its WIPO submission. Last year, however, the group told the same forum that it is “of paramount importance that site blocking injunctions are rendered in the most transparent way possible.” For now, the new UK order falls short of that standard.

—

A copy of the MPA’s WIPO contribution, WIPO/ACE/18/26: Involvement of Intermediary Services in Site Blocking, is available here (pdf) .

From: TF , for the latest news on copyright battles, piracy and more.

Earlier this month, a group of high-profile publishers, including Penguin Random House, Elsevier, and HarperCollins, asked a federal court in New York for a broad default judgment against Anna’s Archive .

The publishers argued that, in addition to sharing pirated books with the public, the shadow library is serving as a primary training data hub for AI companies like Meta and NVIDIA.

Because the site’s operators failed to show up in court to defend themselves, the publishers requested the court to rule in their favor.

Yesterday, U.S. District Judge Jed S. Rakoff signed a default judgment granting the publishers exactly what they asked for. This includes a multi-million-dollar damages award and a far-reaching technical injunction to take out the site’s surviving domain names.

A $19.5 Million Paper Victory

At first glance, the damages award is the headline figure. Judge Rakoff granted the maximum statutory damages of $150,000 for each of the 130 “Works in Suit”.

This brings the final damages bill amount to a staggering $19,500,000. However, as with the $322 million judgment won by the music industry against Anna’s Archive in the related Spotify case , it’s highly unlikely that this money will be recouped.

For now, the operators of Anna’s Archive remain strictly anonymous, which doesn’t help either. The default judgment addresses this and requires the operators to unmask their identities and provide a sworn statement with valid contact information to the court within 10 days.

However, since the operators have previously stated they hide their identities to avoid “ decades of prison time ,” it is safe to assume that the operators will simply ignore this request.

Targeting Global Intermediaries

The true power of this default judgment lies in the permanent injunction. Anna’s Archive is known to evade enforcement and change domain names when needed, so the injunction targets the technical intermediaries that keep the site online.

Specifically, the injunction orders “all domain name registries and registrars of record” to permanently disable access to Anna’s Archive’s domains and prevent their transfer to anyone other than the publishers or the music industry plaintiffs in the related case.

In addition to domain name services, the order also extends to international hosting providers, who are also ordered to stop working with the site.

Leaving no room for interpretation, the order specifically names more than twenty companies and organizations. This includes familiar names like Cloudflare, Njalla, and DDOS-Guard, as well as the domain name registries of the site’s current active domains:

– TELE Greenland/Tusass (managing the .gl domain)

– PKNIC (managing the .pk domain)

– National Telecommunications Regulatory Commission (managing Grenada’s .gd domain)

The names include some intermediaries that were already listed in the Spotify default judgment, as well as new ones.

Unlike the Spotify scrape, which Anna’s Archive removed after the music industry’s lawsuit, the publishers’ books remain actively available on the site. That distinction may make this injunction harder for intermediaries to ignore.

The injunction will be most effective against American companies that are subject to the jurisdiction of the New York federal court. That includes Cloudflare and OwnRegistrar, among others.

However, most of the intermediaries are foreign entities. Whether they voluntarily comply with a U.S. court order remains to be seen. While some foreign companies have taken action following U.S. injunctions, others have historically ignored them, citing a lack of local jurisdiction.

For now, however, the publishers have gotten everything they asked for from the court, which gives them a chance to take action against the shadow library’s current setup. If history is any indicator, Anna’s Archive will likely have a new batch of backup domains ready to deploy.

At the time of writing, Anna’s Archive’s three domain names remain active and online.

—

A copy of the default judgment, signed by Judge Rakoff on May 19, 2026, is available here (pdf) .

From: TF , for the latest news on copyright battles, piracy and more.

Last August, Irishman David Dunbar consented to a €480,000 damages judgment after Sky exposed his illegal IPTV operation.

This legal action effectively shut down the “IPTV is Easy” service. However, Sky Ireland wasn’t done yet, and had also set its sights on the service’s subscribers.

This was no veiled threat. In March, we reported that, based on Revolut records uncovered during proceedings against the operator, Ireland’s High Court had ordered Revolut to hand over the details of 304 IPTV subscribers connected to the now-defunct IPTV service. At the time, Sky said it intended to take legal action against some of those named.

While no lawsuit has been filed yet, this morning The Irish Independent reported that Sky has indeed sent out its first legal demand letters.

‘Prepared to Take Legal Action’

Speaking with TorrentFreak, Sky confirms that roughly 200 people have been targeted. Most of them are located in Wexford, but letters have also gone to people in Carlow, Clare, Cork, Dublin, Galway, and various other counties.

“Sky can confirm it has issued a first wave of cease-and-desist letters to c.200 individuals who paid for an unlawful subscription to the illegal IPTV is Easy service,” a Sky spokesperson informed us.

“Where an individual does not engage with us following receipt of this letter, Sky is prepared to pursue legal action. This may include seeking an injunction, damages arising from the infringement, and recovery of legal costs.”

While the paperwork is directly tailored to Sky, the text explicitly mentions local sports rightsholders. It notes that Clubber TV, LOITV, GAA+, and Premier Sports are ‘wholly aware’ of the situation and warns that failure to sign leaves them ‘with no other option but to take firm action’ independently.

14 Days to Sign Settlement

The letter, posted in full below , is sent by Sky’s Legal Litigation and Anti-Piracy Division. The recipients are told that they were identified as a subscriber of “IPTV Is Easy”.

Importantly, the cease-and-desist urges the former subscribers to sign and return a legally binding settlement agreement within 14 days.

With this settlement, recipients promise to “immediately and permanently disable” all IPTV subscriptions, to “never again infringe Sky’s copyright in any way including by watching any of its content or channels without paying the correct subscription fee,” and to never again subscribe to an illegal IPTV service.

If recipients comply, Sky says it will not name them publicly. If they do not, the company says it is “fully prepared to take further legal action, including issuing court proceedings.” In addition, a breach of the agreement might also result in follow-up legal action.

Deterrence Over Damages

With these warning letters, Sky likely hopes for a direct and indirect deterrent effect. By announcing publicly that IPTV subscribers are not untouchable, Sky hopes that IPTV subscribers will reconsider their habit.

In any case, the letter notes that Sky will retain a permanent record of the infringer’s name, address, and signed undertaking for as long as necessary. This means that signing the settlement will effectively place someone permanently on Sky’s radar.

The letter also warns recipients that their activity ‘may also involve criminal offences’ under Ireland’s Copyright and Related Rights Act 2000.

Sky is not seeking monetary damages, which stands in sharp contrast to recent approaches in Italy and France. Earlier this year, a French Public Prosecutor’s Office fined 19 IPTV subscribers between €300 and €400 after their identities were exposed through a reseller bust.

In Italy, the Guardia di Finanza identified thousands of subscribers following the dismantling of a pirate network, and rightsholders subsequently sent requests for €1,000 in damages on top of the criminal fines.

Sky’s approach is softer, at least for now. The Irish Independent’s technology editor Adrian Weckler told Newstalk Breakfast this morning that Sky had deliberately chosen not to pursue full civil prosecution, which would have been a more costly endeavor.

“They’re trying to walk a bit of a tightrope,” Weckler said. “They hope users will be freaked out by the letters and simply stop using them.”

Whether that strategy will work has yet to be seen. At the same time, it also remains unclear how Sky plans to verify whether the targeted users do indeed stay away from pirate IPTV services going forward.

In any case, the 200 letters represent a tiny fraction of an estimated 400,000 dodgy box households in Ireland. This means that there are plenty of targets remaining.

—

A copy of the official template for Sky’s cease-and-desist letter is available here (pdf)

From: TF , for the latest news on copyright battles, piracy and more.

The Alliance for Creativity and Entertainment ( ACE ) established itself as the world’s leading anti-piracy coalition.

The Motion Picture Association-led organization united rightsholders from all over the world, forming a united front against online copyright infringement.

While much of the enforcement work takes place behind closed doors, DMCA subpoenas are a staple information-gathering tool of ACE. Through these subpoenas, the organization requests third-party intermediaries to hand over information they have on various alleged pirate sites.

Earlier this year, ACE obtained a DMCA subpoena, compelling Discord to identify the operators of community servers attached to pirate streaming portals HDFull. This was paired with a broader subpoena, asking Cloudflare to share details on HDFull’s domain operator, as well as those of other sites.

DMCA Subpoenas

A few days ago, ACE requested a new DMCA subpoena against Cloudflare, targeting 29 new domain names. The legal paperwork is filed by the Motion Picture Association and names Columbia, Disney, Paramount, Universal, and Warner Bros., who are all ACE members too.

Specifically, the subpoena demands identifying information, such as physical addresses, IP addresses, phone numbers, email addresses, payment information, and account history, related to the Cloudflare accounts associated with these sites.

The list of domain names is a testament to the global nature of the anti-piracy coalition, targeting French, Chinese, Vietnamese, Russian, Spanish, and Hindi-language sites, among others.

A Young French Torrent Tracker

One of the targeted domain names is la-cale.space , a French private BitTorrent tracker that launched in late December 2025. The site stands out because it’s a relatively new invitation-only community whose reach is more limited than public torrent or streaming sites.

The private tracker has grown quite significantly recently, particularly after the collapse of the French YggTorrent tracker. The subpoena will test how well the operators have shielded their identities.

The subpoena request lists “Moana” and “Gladiator 2” as two titles that are shared on the site. The legal paperwork also lists the private URLs, suggesting that the anti-piracy group has access to the private community.

A Veteran Chinese Torrent Forum

ACE’s subpoena also targets another pirate community that is the opposite of the French tracker in many ways. The Chinese forum known as “BT Home / 1LOU Station”, currently operating from 1lou.me, is far from a newcomer.

The veteran community has been operating in various incarnations for around two decades, hopping through domains including BTBTT, BTBBT, 1lou.icu, 1lou.pro, and now 1lou.me. It was one of the first torrent-oriented communities and remains online today, with millions of monthly visitors.

The long-running Chinese forum is also an unusual target, as it is predominantly popular in mainland China. As far as we know, ACE does not have any members there. That said, the Hollywood movie studios have commercial interests around the globe.

Vietnamese APIs & Other International Targets

The list of domain names also includes kkphim.com, ophim17.cc, and phim.nguonc.com, which are not typical pirate streaming sites. Kkphim.com openly markets itself as a developer API, supplying movie metadata, posters, and m3u8 stream links for use by third-party streaming sites.

Technically, these sites can also be used directly by end users, but they are marketed as a “Piracy as a Service” platform, allowing others to easily launch their own pirate sites.

The international nature of the subpoena targets doesn’t end in Vietnam. The legal paperwork also lists the Russian site Kino.pub, the Thai nanamovies.org, various domains of the Indian streaming portal Movierulz, the Polish wizja.cc, and several Brazilian streaming outlets, including rrrv.lol.

To top it off, ACE also brings back a familiar target in the form of series.ly. The Spanish-language streaming portal has been around for over a decade, and its admins were acquitted twice over the past few years, in part because linking to copyrighted content wasn’t a crime in Spain when the alleged offenses took place.

At the time of writing, the subpoena has yet to be signed by a court clerk, which is typically just a formality. After it’s signed, ACE will have to wait and see how accurate the information is that Cloudflare has on file.

Operators of pirate sites are known to use false data with their hosting and infrastructure providers, which often limits the value of these subpoenas. That said, ACE had success with this enforcement tool in the past, and even minor leads can be useful when paired with information from other sources.

—

A copy of the MPA’s §512(h) subpoena application is available here (pdf) , along with the associated declaration (pdf) and the notice to Cloudflare (pdf) .

From: TF , for the latest news on copyright battles, piracy and more.

The Radio and Television Commission of Lithuania ( LRTK ), the Baltic country’s media watchdog, has been one of Europe’s most active anti-piracy enforcers.

In recent years, it blocked hundreds of domains and thousands of IP addresses, fined users without going to court, and froze bank accounts tied to pirate operations.

Next month, LRTK will share some of its hard learned lessons in Geneva. At a meeting of the World Intellectual Property Organization’s Advisory Committee on Enforcement (ACE), LRTK’s Andrius Katinas will describe the Lithuanian approach as a template for other countries.

According to the contribution, which is publicly shared in advance of the June meeting, copyright enforcement in Lithuania is no longer just about copyright. It is “a method of hybrid warfare,” which can also counter Russian disinformation and safeguard the privacy of citizens.

Russian Disinfo as a “Hybrid Threat”

The hybrid-threat framing rests on two separate claims, which both are unrelated to copyright infringement. The first is that pirate IPTV services can, willingly or not, be used as distribution channels for Russian propaganda.

LRTK explains that many of the IPTV services it monitors operate from hostile countries and retransmit Russian state channels, which are sanctioned and formally banned by the European Union.

“Those channels include EU-sanctioned outlets that not only spread propaganda and disinformation, but also broadcast numerous national channels and live sports without the consent of the rights holders.”

“In blocking broadcasts because of copyright infringement, the Commission also blocks access to hostile information (and vice versa), which is a method of hybrid warfare,” LRTK’s abstract of the upcoming presentation reads.

As a direct neighbor of Russia, Lithuania has been very active in taking down Russian disinformation. In addition to blocking numerous sites and services, LRTK also fined hosting provider UAB Melbikomas €10,000 for breaching EU sanctions by hosting more than 50 sports channels.

Filmai.in and other Privacy Threats

Pirate site blocking can also serve another purpose, as it prevents potential security breaches. Lithuania has experience with this, as user data of the popular local pirate site Filmai leaked online, including 645,000 email addresses, usernames, and plain text passwords.

This breach happened more than 5 years ago, and blocking the site does not remove the leaked data from the darknet. However, it may help to limit the fallout of future breaches at Filmai or other pirate sites.

These privacy issues are a serious concern, LRTK notes, stressing that pirate sites generally don’t have the best security.

Leaked credentials end up on the dark web, with LRTK suggesting that they can be picked up by hostile-state cyber groups for use in operations against state institutions and strategic companies. And since credentials of government officials have also been found in the Filmai leak, state security might become an issue.

“It has even been found that Government officials had registered on the Filmai website using official email addresses, creating security concerns, such as the potential for unauthorized access to State institutions, the signing of documents, or responding to residents’ inquiries,” LRTK writes.

Filmai is blocked now, and one of the administrators of the site was convicted in 2023 . However, the site itself remains online and, according to Similarweb , it remains among the top 100 visited sites in the country.

The Lithuanian Model

LRTK explains that it has broad experience with fighting piracy threats, using a wide variety of OSINT skills. It specifically mentions tools such as domaintools.com, oxylabs.io, epieos.com, Wireshark, and SimilarWeb, which help to identify perpetrators or monitor for illegal activities.

In recent years, the watchdog has blocked more than 400 domains and 7,000 IP addresses. In addition, it imposed fines in over 250 cases since 2023.

Much of this blocking system is centralized and automated. When LRTK identifies a new site, or a mirror of a previously blocked site, a blocking instruction is sent to all Internet service providers. Within twenty minutes, the domain or IP is blocked across the country.

LRTK has also frozen bank accounts linked to pirate operations, delisted URLs from Google Search, removed advertisements from pirate sites, and suspended illegal IPTV apps from Google Play and the Apple App Store.

The Dutch Export Problem

According to the presentation, Lithuania’s experience can “serve as a model for other national authorities and rights holders”. While that may be true, a Dutch example should show that blocklists should not be copied blindly.

In December 2025, the Dutch ISP trade association NLconnect tried to help ISPs by compiling a master blocklist, to comply with the EU’s ban on Russian disinformation. Because the Dutch government did not provide guidance, it compiled a reference blocklist of 797 domains, using blocklists from regulators in Germany, Austria, Estonia, Finland, and Lithuania.

As we reported at the time , this effort resulted in some unexpected blocks. Dutch users of Ziggo lost access to ShareChat, India’s largest homegrown social media platform with hundreds of millions of users. The same applied to Odysee.com, online radio aggregators Streema and Viaway, and various pirate IPTV domains including IPTV-home.net, Ottclub.tv, and Limehd.tv.

Most of those domains traced back to a single source: LRTK’s blocklist.

Responding to the issue, the Dutch regulator ACM informed us in December that it does not monitor the actual execution or the content of the sanctions list. However, after ISPs started to complain as well, ACM formally investigated the matter, concluding that LRTK’s blocklist is too broad for the Netherlands.

As reported by Tweakers in February, ACM eventually concluded that the Lithuanian list had been compiled under both the EU sanctions regulation and a broader Lithuanian national law banning Russian-financed television content.

This means that the Lithuanian list is not usable outside Lithuania, and NLconnect dropped the entire Lithuanian source list, shrinking their reference list from 797 domains to 335.

The Dutch overblocking example can’t be blamed on Lithuania, but it shows that when it comes to cross-border blocking efforts, caution is warranted. In any case, it is clear that blindly copying third-party blocklists is not the best approach.

—

The WIPO contribution, “Combating Digital Piracy: Strategic Enforcement through DNS/IP Blocking and OSINT Tools,” is available here (pdf) .

From: TF , for the latest news on copyright battles, piracy and more.

Real-Debrid is a French-operated premium link generator that can download files from cyberlockers and cache torrents for instant streaming.

The service has long been a key tool for many Stremio and Kodi, and is also widely used as unlimited cloud storage by Plex, Jellyfin, and Emby users who pair it with Sonarr and Radarr.

At the end of 2024 , the service made headlines by implementing far-reaching anti-piracy measures, including hash and keyword filters. These changes were made to appease rightsholders following a formal notice from the Fédération Nationale des Éditeurs de Films (FNEF), the French film distributors’ trade body. Despite user backlash, Real-Debrid retained much of its user base.

A few days ago, complaints about Real-Debrid’s filtering started rearing their head again. Now it appears to be worse. Cached torrents that previously played without problems now return an error message: “File was removed from debrid service due to copyright infringement.”

Real-Debrid has taken action, whether voluntarily or not, but the operators have not commented publicly and did not respond to our request for comment either. The company’s most recent public communication, on its official X account, is close to six months old.

A New and Broader Piracy Filter

According to user reports circulating on Reddit and elsewhere, the new filter does not target specific torrent hashes, as the 2024 measures did. Instead, it appears to screen against filename patterns common to almost all scene and P2P releases.

ElfHosted , a managed hosting provider that offers Stremio and Plex stacks, among others, has published a documented list of names that it linked to the new Real-Debrid filter. The list includes names of release groups such as [rartv], [rarbg], and [eztv], as well as source markers including WEB-DL, WEBDL, WEB-Rip, WEBRip and AMZN.

This suggests that the removals are based on characteristics that are not directly triggered by the content itself, but by the filename. This means that files without ‘forbidden’ keywords or tags should survive, for now.

That theory is confirmed by a r/Piracy user who notes “only 4k or 4k HDR kind of streams have been removed and not 1080p ones” for the same shows. This does not mean that lower-quality releases are safe by definition; it all depends on whether the keyword filter is triggered.

“Most Users Lost 50-70% of Their Libraries”

ElfHosted built a tool called LitterBox that checks a user’s Real-Debrid library and counts how many cached torrents now return the infringement error. The company’s founder commented on Reddit that “most users have lost 50-70% of their libraries.”

ElfHosted has a commercial interest in the matter, as it points users to the bundles it sells for a Real-Debrid competitor. However, it is also the only named third-party source publishing technical details.

Exactly how bad users are impacted appears to differ per setup. Stremio users don’t appear to be hit as hard as those using Plex, Jellyfin, or Emby with Sonarr and Radarr. The latter try to load cached files, which has been removed.

Real-Debrid’s Corporate Restructuring

While the user impact is serious and undeniable, it is not immediately clear why Real-Debrid took this action. There is a largely unconfirmed and unverified report on an anonymous Netlify subdomain that appears to offer a timeline and context. While we can’t confirm most of it, the mention of a corporate restructuring is correct.

Information obtained by TorrentFreak from the Institut National de la Propriété Industrielle (INPI), which maintains the French company registry, shows that Real-Debrid’s parent company, XT Network , underwent some legal changes recently.

On April 27, the registered office had already moved from Levallois-Perret to Montreuil. Ten days later, on May 7, the company was converted from a société à responsabilité limitée (SARL) to a société par actions simplifiée (SAS).

The two founders no longer appear as managers of the new company. Their roles are now held by holding companies: HOWLOO, a single-shareholder SARL based in Saint-Avertin, and DEVIUS, a single-shareholder SARL based in Saint-Herblain.

These types of restructuring operations can be done to change the liability of the persons and entities involved. What the reason is in this case is unknown, but it happened mere days before the renewed piracy crackdown.

The legal page on Real-Debrid’s website confirms the change and now identifies the owner as “XT Network SAS, Société par Actions Simplifiée au capital de 7000€, 86 Rue Voltaire, 93100 Montreuil,” where it previously listed XT Network SARL as the owner.

What’s Next

There has been no shortage of speculation or user complaints. Initially, the Real-Debrid subreddit ran a megathread covering the situation, but this has since been removed, and the posts now require approval from a moderator.

The discussion continues elsewhere, but real answers can only come from XT Network. If those come in, we will update the article accordingly.

For now, however, it appears that Real-Debrid is starting to toughen its stance against piracy even further. Last time, its actions only resulted in a relatively mild drop in traffic , but if the current situation continues, that will be much worse this time around.

—

A copy of the INPI attestation for XT Network, dated May 14, 2026, is available here (pdf).

From: TF , for the latest news on copyright battles, piracy and more.

In June 2024, Cengage Learning, Macmillan Learning, Elsevier, and McGraw Hill sued Google over Shopping ads that promoted pirated copies of their textbooks.

Last month, Google asked the court to throw out the last surviving copyright claim , arguing that the Supreme Court’s recent ruling in Cox Communications v. Sony Music had effectively killed the publishers’ theory of liability.

The publishers clearly disagree. In the opposition brief filed a few days ago, they accept the Supreme Court’s Cox framework and argue that their facts fit the stricter requirements anyway. They also note that an effort by Google to limit advertisements for pirated ebooks had the opposite effect.

Inducement

Under the new Cox standard, contributory copyright infringement applies if one of two conditions is met. This includes inducement, which requires evidence that a defendant actively encouraged copyright infringement. According to the publishers, that is the case here.

The publishers argue the entire Google Shopping platform fits that description. For each of the 7,359 textbooks they identified, Google created an ad promoting an infringing copy, placed it at the top of search results, targeted it at users it predicted would click, and linked it to a pirate site that delivered the book.

Google previously noted that the shopping platform is largely automated and content neutral, which would disfavor inducement. However, the publishers’ brief cites several examples of “specific acts” by Google that “actively encourage” infringement.

‘Ad Ban Only for Legitimate Sellers’

The first act is what the publishers describe as Google’s inverted ebook advertisement policy. Google banned ebook ads from its Shopping platform in 2021, citing piracy concerns. According to the publishers, the ban didn’t have the desired effect.

The publishers say that the ban worked as advertised against legitimate ebook sellers, who were blocked from promoting licensed copies through Google Shopping. Pirate sellers, meanwhile, continued to advertise infringing copies on the same platform.

“Google was well-aware (including because Plaintiffs told Google) that its ‘ban’ was not really a ban, since Google was blocking ads for legitimate ebooks, but running ads for pirated ebooks, thus showing consumers only pirated ebook products,” the opposition brief reads.

The publishers don’t go into detail on how pirate sellers were able to circumvent the ban, but the result is that people were shown ads for pirate books, not legitimate ones.

Running ads for the very products a policy was meant to block, the publishers argue, is evidence of the intent that inducement requires. A company that flouts its own anti-piracy ad policy cannot then claim it had no idea what was happening on its platform.

‘No Neutral Conduit’

Google positioned itself as a neutral conduit that simply displays advertisements that are supplied by third parties. However, the publishers reject this and note that the search engine has a much more active role.

“Google is not a list-serve or modern-day bulletin board like Craigslist, passively allowing users to post listings. Google is a sophisticated ad agency at scale, actively deciding what to advertise, how to advertise it, and to whom to target the advertisement,” they note, in favor of their inducement argument.

As a third category, the publishers stress that Google had the required knowledge of the allegedly infringing activities. They sent Google “hundreds of notices” identifying thousands of specific infringing ads and pirate merchants. These ads allegedly stayed online after the takedown notices were sent.

When the publishers complained to Google, the company allegedly flagged notices as “duplicative”, while threatening to stop reviewing all the publishers’ infringement notices for up to six months.

Tailored to Infringement

While satisfying the inducement prong would be sufficient, the publishers also argue that the second Cox element applies here. They argue that Google’s ads were “tailored to infringement” and not capable of “substantial or commercially significant noninfringing uses.”

Google’s motion applied that standard at the platform level: Google Shopping overall has obvious non-infringing uses, so it cannot be ‘tailored to infringement.’ The publishers, however, counter that the standard applies one level down.

The publishers note that each shopping ad for pirate ebooks was individually tailored. These ads, created by Google, were used to promote pirate books and served no purpose other than to induce copyright infringement.

“Plaintiffs are suing Google for knowingly creating and serving specific advertisements for known pirate sellers that include links to known infringing products, thereby inducing infringement. That Google also advertises non-infringing fishing-poles and garden-hoses does not exempt Google from liability for advertising infringing ebooks,” they write.

Redactions and Reply

Google’s argument that much of its shopping platform is automated should also be rejected, the publishers note. They stress that there are still decision-making humans involved in the process.

The opposition brief includes large portions of redacted text, so there is likely more evidence than what’s shared in public.

Overall, however, the publishers ask the court to deny Google’s motion for partial judgment on the pleadings. This decision will determine whether the final copyright infringement claim survives. Before that decision is issued, Google will get the chance to reply.

—

A copy of the publishers’ opposition to Google’s motion for partial judgment on the pleadings, filed at the U.S. District Court for the Southern District of New York, is available here (pdf) .

From: TF , for the latest news on copyright battles, piracy and more.