This is one of the more concerning parts to me. Is there some specification for these "landing pages" to follow? Is there anything preventing them from attempting to track or de-anonymize would-be...
All domains must be channeled to the landing page operated by the plaintiffs
This is one of the more concerning parts to me. Is there some specification for these "landing pages" to follow? Is there anything preventing them from attempting to track or de-anonymize would-be pirates who end up there? Or replace the actual pirate sites with lookalike fake ones that host malware? Maybe I'm too much of a purist but DNS hijacking is a real concern. Any time users intend to visit one site and a third party intervenes to direct them somewhere else is an opportunity for abuse. (I have the same concerns about the FBI's domain seizure landing pages, but at least in that case we know who's operating the server.)
Not sure how these things play out in the US, but it's common in Russia to get redirected by one's ISP if one visits a forbidden website: say, a torrent tracker. I've stumbled upon this (including...
Not sure how these things play out in the US, but it's common in Russia to get redirected by one's ISP if one visits a forbidden website: say, a torrent tracker.
I've stumbled upon this (including with torrent trackers, though mostly randomly and once per) multiple times and have never received so much as a written warning, so either it's not a concern or someone's been collecting kompromat on me for years.
One could argue – and I'd believe it – that in Russia, one only needs to wall someone off from a "bad thing". Tracking sources of illegal downloads in a country where piracy is a second language would require too much resources – human, time, equipment etc. – to be meaningful, let alone effective. (Barring major and unusual cases, of course.)
In the US, on the other hand, copyright violations are being treated as an outright crime... aggressively so.
I expect it won't be long before courts rule that ISPs can turn over any information pertaining to piracy and connect names with IP addresses. Copyright interests have been lobbying for that for...
I expect it won't be long before courts rule that ISPs can turn over any information pertaining to piracy and connect names with IP addresses. Copyright interests have been lobbying for that for decades now and they'll get it eventually.
People will just respond by using VPNs and the myriad third party DNS servers that don't have these redirects in place. There are fledgling replacements for DNS like Namecoin that by design can't honor takedowns. If DNS becomes compromised by state action, it'll be sunset and replaced with something that doesn't have that design flaw.
It's just another chapter in the rather silly internet arms race. Institutions by their nature will never be fast or intelligent enough to respond to the tech world. What takes them years to get in place can be undone by a new system in mere weeks.
Convenience is the only thing that is able to beat piracy. Valve proved that in Russia. It's really that simple. Nearly everyone is happy to pay for the things that they enjoy. They just won't put up with fifty subscriptions to get what they can get for free with a couple mouse clicks and a little patience on the open internet.
I'm not an expert, but... As I understand it, DNSSEC creates a chain of trust on DNS zones stemming from the DNS root zone. Zones are digitally signed much like your e-mail (sender) might be if...
I'm not an expert, but... As I understand it, DNSSEC creates a chain of trust on DNS zones stemming from the DNS root zone. Zones are digitally signed much like your e-mail (sender) might be if you use DKIM, and with a similar effect - spoofing prevention. The public key is published in the zone above it using DS records. Your domain name registrar should have somewhere you can add DS records for your domains to the zone above them, for example the net zone in tildes' case.
Validation is accomplished by the client system (your resolver normally) that looked up the DNS record validating the keys starting from the root and the signature to ensure the data hasn't been tampered with, or in other words, that the result of your lookups are as published by the owner of the zone. As long as the DNS root itself hasn't been compromised (or the authoritative system, I guess), these ISP-level DNS domain hijacks shouldn't be able to return a valid signature. The DNSSEC-aware resolver would thus fail, despite the existence of "a response", and possibly even display an error depending on the circumstances.
Kind of strange that it took so long for a ruling like this. And even stranger that this only applies to three sites that stream specifically Israeli content, a relatively microscopic...
Kind of strange that it took so long for a ruling like this. And even stranger that this only applies to three sites that stream specifically Israeli content, a relatively microscopic entertainment market.
\me dons tinfoil hat. It's because they can tap into the concoius or unconcoius anti-semitism to reduce blowback to get the system in place and then deploy rapidly for anything and everything else.
And even stranger that this only applies to three sites that stream specifically Israeli content, a relatively microscopic entertainment market.
\me dons tinfoil hat.
It's because they can tap into the concoius or unconcoius anti-semitism to reduce blowback to get the system in place and then deploy rapidly for anything and everything else.
Wait, people pay for pirated content? With fucking Mastercard, lol?
Earlier this year, producer and cinema investor Moshe Edery fired warning shots across the bows of Mastercard, Visa and American Express for continuing to provide payment processing to pirate streaming sites.
Wait, people pay for pirated content? With fucking Mastercard, lol?
I'm sure this is all more for the surface level sites in which case what the fuck, but for example you can't get into usenet without not paying. I pay around 60 bucks a year to maintain my usenet...
I'm sure this is all more for the surface level sites in which case what the fuck, but for example you can't get into usenet without not paying. I pay around 60 bucks a year to maintain my usenet access and indexers and through Sonarr and Radarr have essentially built myself the ultimate media "streaming" (I do need to download it first but it does that automatically so I don't mind) set-up. Nex step is turning it actually into streaming by making a personal server and letting run everything there.
As the quote by Gabe Newell goes, the problem isn't the price (up to a limit), the problem is the service. If everything was on Netflix and Netflix cost 20 bucks a month, I'd pay for it. The problem is that through my set up I get it cheaper and I get a way better service.
Our libraries should be datacenters. If something exists and is copyrighted, it should be available in every single one of them to anyone with internet access as a condition of maintaining the...
Our libraries should be datacenters. If something exists and is copyrighted, it should be available in every single one of them to anyone with internet access as a condition of maintaining the copyright with no exceptions, period. The rights holders should be getting paid properly based on that access. Makes no difference if it's a film, book, album, show, game, computer program, or scientific journal. I've had enough of privatized gated ownership of our collective culture. :p
Glad to see India was ahead of its time /s Every time I see a news like this I get chuckle remembering the PirateBay tagline: 'galaxy's most resilient bittorrent site'.
Glad to see India was ahead of its time /s
Every time I see a news like this I get chuckle remembering the PirateBay tagline: 'galaxy's most resilient bittorrent site'.
This is one of the more concerning parts to me. Is there some specification for these "landing pages" to follow? Is there anything preventing them from attempting to track or de-anonymize would-be pirates who end up there? Or replace the actual pirate sites with lookalike fake ones that host malware? Maybe I'm too much of a purist but DNS hijacking is a real concern. Any time users intend to visit one site and a third party intervenes to direct them somewhere else is an opportunity for abuse. (I have the same concerns about the FBI's domain seizure landing pages, but at least in that case we know who's operating the server.)
Not sure how these things play out in the US, but it's common in Russia to get redirected by one's ISP if one visits a forbidden website: say, a torrent tracker.
I've stumbled upon this (including with torrent trackers, though mostly randomly and once per) multiple times and have never received so much as a written warning, so either it's not a concern or someone's been collecting kompromat on me for years.
One could argue – and I'd believe it – that in Russia, one only needs to wall someone off from a "bad thing". Tracking sources of illegal downloads in a country where piracy is a second language would require too much resources – human, time, equipment etc. – to be meaningful, let alone effective. (Barring major and unusual cases, of course.)
In the US, on the other hand, copyright violations are being treated as an outright crime... aggressively so.
I expect it won't be long before courts rule that ISPs can turn over any information pertaining to piracy and connect names with IP addresses. Copyright interests have been lobbying for that for decades now and they'll get it eventually.
People will just respond by using VPNs and the myriad third party DNS servers that don't have these redirects in place. There are fledgling replacements for DNS like Namecoin that by design can't honor takedowns. If DNS becomes compromised by state action, it'll be sunset and replaced with something that doesn't have that design flaw.
It's just another chapter in the rather silly internet arms race. Institutions by their nature will never be fast or intelligent enough to respond to the tech world. What takes them years to get in place can be undone by a new system in mere weeks.
Convenience is the only thing that is able to beat piracy. Valve proved that in Russia. It's really that simple. Nearly everyone is happy to pay for the things that they enjoy. They just won't put up with fifty subscriptions to get what they can get for free with a couple mouse clicks and a little patience on the open internet.
All DNS operators should sign their zones with DNSSEC.
Tildes is not doing this yet!
What does this imply? Does DNSSEC prevent forwarding to a different domain (sort of like CORS)?
I'm not an expert, but... As I understand it, DNSSEC creates a chain of trust on DNS zones stemming from the DNS root zone. Zones are digitally signed much like your e-mail (sender) might be if you use DKIM, and with a similar effect - spoofing prevention. The public key is published in the zone above it using DS records. Your domain name registrar should have somewhere you can add DS records for your domains to the zone above them, for example the net zone in tildes' case.
Examples:
Chain of trust for tildes.net (insecure)
Chain of trust for boingboing.com (complete)
Chain of trust for dnssec-failed.org (broken)
Validation is accomplished by the client system (your resolver normally) that looked up the DNS record validating the keys starting from the root and the signature to ensure the data hasn't been tampered with, or in other words, that the result of your lookups are as published by the owner of the zone. As long as the DNS root itself hasn't been compromised (or the authoritative system, I guess), these ISP-level DNS domain hijacks shouldn't be able to return a valid signature. The DNSSEC-aware resolver would thus fail, despite the existence of "a response", and possibly even display an error depending on the circumstances.
Gitlab issue created for this suggestion:
https://gitlab.com/tildes/tildes/-/issues/737
Kind of strange that it took so long for a ruling like this. And even stranger that this only applies to three sites that stream specifically Israeli content, a relatively microscopic entertainment market.
\me dons tinfoil hat.
It's because they can tap into the concoius or unconcoius anti-semitism to reduce blowback to get the system in place and then deploy rapidly for anything and everything else.
Wait, people pay for pirated content? With fucking Mastercard, lol?
I'm sure this is all more for the surface level sites in which case what the fuck, but for example you can't get into usenet without not paying. I pay around 60 bucks a year to maintain my usenet access and indexers and through Sonarr and Radarr have essentially built myself the ultimate media "streaming" (I do need to download it first but it does that automatically so I don't mind) set-up. Nex step is turning it actually into streaming by making a personal server and letting run everything there.
As the quote by Gabe Newell goes, the problem isn't the price (up to a limit), the problem is the service. If everything was on Netflix and Netflix cost 20 bucks a month, I'd pay for it. The problem is that through my set up I get it cheaper and I get a way better service.
Our libraries should be datacenters. If something exists and is copyrighted, it should be available in every single one of them to anyone with internet access as a condition of maintaining the copyright with no exceptions, period. The rights holders should be getting paid properly based on that access. Makes no difference if it's a film, book, album, show, game, computer program, or scientific journal. I've had enough of privatized gated ownership of our collective culture. :p
I think it's more like the admins of the pirate sites pay web hosts with Visa etc.
I predict a nice windfall for VPN services and cryptopayments.
Glad to see India was ahead of its time /s
Every time I see a news like this I get chuckle remembering the PirateBay tagline: 'galaxy's most resilient bittorrent site'.