Special weapons and tools
Quick! SWAT all those dicks on that 10.x.x.x network, those guys are the WORST, pirates to a man.
Universal Pictures France appears to have tracked down one source of pirated copies of dino-flick Jurassic World: the loopback address of one of its own boxen. In a Digital Millennium Copyright Act (DMCA) notice obtained by Chilling Effects, an entity called TMG on behalf of Universal's French limb demanded that Google remove …
Reg readers will know, 127.0.0.1 is very often used as a computer's very own hostname.
Actually I think most Reg readers will know that's bollocks. 'Localhost' is very often used as a computers very own hostname.
127.0.0.1 is an RFC1122 reserved loopback address (in fact the entire /8 is reserved for that) so if its used to address another system you're doing something wrong....
I think Universal should take a stand. It should haul itself in to court and demand tens of millions of dollars from itself. You know ... just to make an example that this kind of thing won't be tolerated. It should out its name in public as being criminal scum and of course, hire the most expensive lawyers to prosecute itself.
Of course, at the same time, this means it will have to hire the next-most-expensive set of lawyers to mount a defence, saying that it has no control over the administration of its own network; that its employees are not under its control and, thus, has no liability for what they do. It should also deny culpability on the grounds that the hardware supplied by its ISP is so shoddy and open to hacking (as Lizard Squad members should be able to testify) that there is no realistic chance that it could have had any knowledge of having even downloaded its own movie in the first place, let alone have knowledge of what is on its own network.
Look on the bright side ... popcorn sellers (and lawyers) would make a fortune.
THAT, my dear friends ... would be a film worth watching. Let's be honest here, it would be a damn sight more interesting than yet another Marvel film.
THAT, my dear friends ... would be a film worth watching. Let's be honest here, it would be a damn sight more interesting than yet another Marvel film.
Being Hollywood and all, tens of tons of money would roll in, thus paying for both legal teams, and Universal would still post a "loss" on the venture.
THAT, my dear friends ... would be a film worth watching. Let's be honest here, it would be a damn sight more interesting than yet another Marvel film.
Being Hollywood and all, tens of tons of money would roll in, thus paying for both legal teams, and Universal would still post a "loss" on the venture.
Ah, but the sheer irony of seeing that film being pirated would be worth it on its own :)
"Also on the list is http://127.0.0.1:4001/#/fr/."
To me that looks like an illicit web server. Whilst it is obviously not appropriate for a take-down notice, it does indicate that localhost *might* have some malware on it that *might* be distributing the master copy, which *might* indicate that the evil pirates are insiders.
Or possibly half of a URL filtering/selecting conversation? The '4001' has the look of one of those numbers selected rather than randomly assigned - the '/#/fr/' says it's not just half of a port-scan result and it had to come from somewhere. Plenty of web filtering software lives on localhost ports.
Or it's a brown M&M.
Doesn't even need to be malware, they may be aware of a new tool that does background routing to prevent ISPs from blocking downloads.
Directing traffic to localhost:4001 means a service is running and listening. User google searches for required download, google returns link to 127.0.0.1:4001 and when clicked user can reach download site by VPN bypassing any ISP restrictions or take-downs of public servers.
A hash would only be useful if you wanted to check for an exact duplicate. For the software to actually be useful, it has to recognize similar, but not identical copies. It would be silly if it overlooked things like a change in the metadata, but it should also catch various types of reencoding. Most movies found on the Internet aren't in Blu-Ray or master quality; they're reencoded to use much less data but still look the same to a human. The software should be able to detect that, but that's not possible with just a hash.
Everybody knows that ::1/128, fe80::/10 and fc00::/7 are where all the real criminals are hiding. If they haven't found those yet, it's because they just aren't looking. Come on guys, fire up those scanners, time is money you know, and this could take a while ...
PS any pirate sites entirely hosted over IPv6 yet? Might be a good way to vastly accelerate deployment ...
Any request for a take down that contains errors, especially obvious ones such as this should be returned to sender and ignored in it's entirety as being from an unreliable source. For extra points, don't tell the sender what the error is, let them find it themselves.
All future requests from the same sender should be de-prioritised for a couple of months for manual checking until the recipient can be "trusted" again.
It's been said before, but these takedown requests are supposed to be validated and form legal documents as they are part of the evidence supporting the request. If they contain obvious junk or have been built by a robot then the originator should just have the next 10 bulk-requests binned, never mind simply de-prioritised.
No, they should be prosecuted for filing a false legal document that they've put their name to.
AIUI, one of the supposed "protections" in the DMCA is that the notice must be signed by a person who signs to say that it is a true statement. Since the statement is false, and could be seen to be false by anyone competent to be making claims about it's accuracy, then whoever put their name to is should be prosecuted.
If that person didn't actually sign it (as I suspect is the case) then whoever produced the document with a forged signature should be prosecuted.
No, I can't see that happening either !
I've had to deal with notices for IP addresses that don't belong to us, and one in a 10-net that wasn't even in use on our local network at the time.
They got told to stop making stuff up in the first case, and to read RFC1918A in the second.
I usually find that when a notice comes in for newly-pirated material, the machine is most likely compromised (and being used as a warez depot) but older films/music/games are more likely to have been downloaded by the user. Getting take-downs for ten-year-old movies really gets tiring after a while.
With that sort of *cough* "expertise" *cough* it's likely that they will proclaim that every machine with a 127.0.0.1 IP address must have pirated movies on. I personally would *love* to receive such a claim. Can we send them some people to "help" in that direction? Please?
(evil grin)
It must be true, I saw it on one of those TV documentries, CSI or NCIS or something.
AFAIK they usually have an octet > 255 in them. Not that that is a new idea: they even did that in Sandra Bullock's The Net, which shows just how far ahead of its time that movie documentary was. As a slight aside, Mrs Bullock is actually quite IT competent, as is her cousin.