Archive for the ‘Uncategorized’ Category

This blog post is a response to the “Close to Anonymity” author who is proposing a “group buy” solution to the copyright problem. It is also a follow-up article to my “Group Buying” Through The Eyes of Piracy article written on August 24th, 2016.

[To the author:  Once again, I want to reiterate to the author that I wholeheartedly support the concept of group buying as he proposes it. It is clear to me that he has put a tremendous amount of time and effort thinking this through, specifically on how to implement it. I support him 100% and there needs to be more individuals like him to speak out to fix the broken copyright system.]

The running theme of this blog has been that the copyright advocates (MPAA / RIAA) and copyright holders are over-exerting power given to them by the copyright statutes. Further, the copyright holders are focusing their efforts not on the creation of new and useful content, but on the extreme monetization of old and recycled content, often using unethical means (unconstitutionally high [$150,000] statutory damages for copyright infringement) to achieve their financial goals. I would suggest that while piracy is a legitimate problem, it is a symptom of greed, dishonesty, and an unwillingness to make content reasonably available to the consumer at a price the consumer is willing to pay for that content.

Instead of fixing the problem, those in power have called our side names, e.g., the “copyleft,” or the “pirate party,” whereas most of us who fight copyright holders believe staunchly in copyright, but disagree in the way their enforcement has been applied, often lobbying politicians and lawmakers and asking them to increase penalties and punishments to those caught infringing their copyrighted content, while at the same time clamping down on providing avenues for those same consumers to purchase or view the content lawfully at a reasonable price.

The reality is that a media company selling a piece of software for $100 would in fact claim that [of the 9 individuals who came together to purchase that piece of software at $10 a piece,] if the “group buy” were not available, *IF at least two* would have purchased the software product at full price, they would have lost profits under the group buy model.


Assume for a moment that you are correct in that there would not be two purchases, possibly NOT EVEN ONE at full retail price. The copyright holder would rather make ZERO sales ($0 profit) rather than risk that multiple (here, 9) individuals would group together to make ONE purchase because they would see that as a disaster for their bottom line and they would count each group buy as a loss (here, of 9 potential sales).

Realistically, the answer is that the market should determine the price of a product, and not a copyright monopoly, threats under the Digital Millennium Copyright Act (DMCA) or statutory damages for copyright infringement. The existence of a “black market” for their copyrighted products (here, through piracy) is a strong indication to the copyright owners that they are either 1) mispricing their products, or 2) that they are failing to make them adequately available to the paying public.

Read Full Post »

I was reading an article called “Collaborative Intellectual Property Purchasing” by a blogger called Close to Anonymity. In his article, he clearly describes the concept of “group buying,” and suggests that it is one method to provide a solution to the piracy problem. The problem is that in many circumstances [as the copyright laws and DMCA statutes are in their present form] “group buying” is illegal.

NOTE: While he approaches the topic from an honest and upstanding discussion on how to provide a “fix” to the copyright statutes, this article is a dark, cynical, and corrupted view of the topic from a jaded view of the law. This article approaches the merits and faults of group buying, but it does so by viewing it through the eyes of a “pirate.” Up front, I ask for the forgiveness from the author.

Collaborative buying, or “group buys” is something that you will find on various bittorrent websites (not public websites like Pirate Bay or what was KAT, but more often on “private” file sharing websites which host “private” trackers). To get access to these websites, you usually need an invitation and need to know someone who knows someone, etc. The private tracker sites are often topic-specific, so if you are looking for art-related books, you’ll go to one bittorrent website which hosts this kind of content, and if you are looking for business-based torrents, you’ll go somewhere else.

The idea as I have seen it in practice is that someone posts a proposed “Group Buy” on a forum for a digital product. This can be a DVD course, a piece of software, or anything that can be copied and shared online. This digital product costs, say, $100, so to get the price down to $10 per person, the user proposing the group buy will ask for ten people to commit to spending $10 a piece. I am not aware of how the funding happens (e.g., through an intermediary website), but one person will purchase the product on behalf of the group, and they will share it with the other users who participated in the purchase. I suppose the group buy participants believe that they are not “pirating” the software or the media because they each contributed a few dollars to purchase it, and in a way, they are right.  However, the law disagrees.

As for the legality of group buys, copyright licenses for multimedia products and software often think in “one purchase, one license, one copy, [or, one purchase, one installation]” terms. You see this concept of “one purchase, one copy” on full display when trying to view a digital copy of a book purchased by your local library via the Overdrive app.  If a library has purchased one copy of an ebook or an audio book, they can only allow that one digital copy to be “taken out” by one user at a time, even though the technology is there to share the ebook or audio book with all of their patrons at the same time.  It’s a silly model for a library to prevent all of their patrons from accessing the copyrighted content at the same time, and my best guess is that if they were to negotiate unlimited licenses, then the cost of licensing the content to the library would be significantly higher, perhaps on the level of a scribd, or a Netflix.com.  Thus, they opt to buy the “one copy” and they strictly adhere to the “one copy owned, one copy available for use” copyright model.

In the context of piracy and group buys, when one end user purchases the product and shares that product with ten other individuals (each of whom paid a proportional share of the cost of the product, and each of whom install the software product on their machines and use the same serial code to activate the product), when the software “phones home” to authenticate the same serial number for the ten computers, the software developer sees the 9 users as “infringers” and the original purchaser as someone the one who is responsible for the piracy, and they’ll deactivate the software for everyone.

Similarly, when group buying something as simple as a movie or a DVD title, the individual who breaks the copy protection on the DVD and provides copies of the cracked DVD to a number of his friends who contributed to the purchase is seen as both violating the DMCA laws (breaking copy protection), and violating the copyright statutes because that user copied the DVD without authorization from the production company.

Thus, the copyright rules and the DMCA rules do need to be updated to stop piracy. I commend the author of the “Close to Anonymity” blog for proposing a viable solution to making products more affordable to end users while at the same time providing the content creators (the copyright holders) with extra money and sales through the group buy. The solution will not stop the “piracy problem,” but allowing for group buys on a large scale can at least mitigate (somewhat) the damage that copyright holders claim to suffer at the hands of piracy.

I am jaded somewhat, however, and I cannot stop the nagging feeling that group buying will never be legalized. The content producers will claim that group buying would hurt their sales, in that if the nine (9) users were unable to get together to purchase the $100 piece of software, if at least two (2) of them paid the full $100 for it, then the content producer would have made $200 in sales, whereas with group buying they would only be making a $100 sale. Thus, they would not go for such a concept.

Similarly, I cannot imagine the lawmakers [who are showered with benefits for voting in line with the MPAA / RIAA lobbyists] would ever try to make content more readily available to end users. If you look at the way lawmakers have voted over the years, copyright statutes only get worse and worse for the public, not better. Case in point (and I am going by memory here without checking this fact) — the statutory damages for copyright infringement were not always $150,000 in the US. This ever-increasing statutory damages limit is the doing of the lawmakers who I can only think had their pockets lined for voting in favor of harsher and harsher penalties for copyright infringement.  Between you and me, I am already of the opinion that the statutory damages for copying one video, music, or copyrighted work are already unconstitutionally high, but good luck getting a judge to rule this way.

Lastly, in the author’s article, he mentions the idea of a group buy for a $1.29 hypothetical song called “Hey Moe.” If the copyright holders knew that multiple individuals could purchase their same song in a group buy settling (e.g., increasing the price to $1.34 by having one purchaser pay $1.24 [a discount] and the other purchaser pay $0.10), while the solution proposed by the author would provide the copyright holder with a $1.34 sale, the “greedy” copyright holder would sulk at the $1.24 in lost profits by claiming that if such a group buy were not available, both purchasers would have paid $1.29 each for the song.

[How would they see lost profits? $1.29 x 2 sales = $2.58 in sales – $1.34 for the group buy sale = $1.24 in lost profits.]

Thus, the realistic result [if a “group buy” framework were legalized and made possible when purchasing copyrighted media] is that the “greedy” copyright holders would steeply increase the price of the media so that the “net” amount they make is the original $1.29 per copy that they would have made were there no group buy in the first place.

In sum, group buying is a great idea and it should be considered when revising the copyright statutes. But practically, because copyright holders in my experience are profit-driven to a fault (greed), and lawmakers are corrupt to a fault, I do not think we will ever see group buying being made legal in the near future.

However, for the pirates out there on private trackers, “group buying” will remain a viable method of obtaining new content to be shared first with the participants of the group buy, and then later with the members of the website. I am by no means encouraging or endorsing the practice, but with things as they are, group buying seems to be the most “ethical” (and still yet illegal) way to obtain content without paying full price for it, and bittorrent websites seem to provide the perfect forum for allowing such a practice to happen. In my opinion, if the bittorrent website only shared content with members who “bought in” to the group buy without sharing it with anyone else, that would be the closest to an ‘ethical’ solution (and yet it would still be illegal). A less ethical solution is to allow each user to buy in after the fact, making the product progressively cheaper-and-cheaper with every downloader “buying in” to the group buy, and thus crediting every previous purchaser’s account every time a new downloader “buys in” to the group buy after the fact.

But then again, through this example, I just made the point of the copyright holder. Eventually with group buys [after-the-fact], the product price would become infinitesimally small, and the copyright holder would only have made one sale of the product, which would then be shared with potentially hundreds or thousands of downloaders. This is copyright infringement in the classic sense — the unlawful copying or duplication of a copyrighted work, and one sale through a group buy would not adequately compensate the copyright holder for the purchase of his work.

In sum, the copyright system is broken, there is piracy, and until the content producers work with end users to make their content more readily available, or they price their products correctly to the point where they could capture the sale of a majority of those who would purchase their product, there will remain end users who might have purchased the product if it were more available or priced lower, but who instead turn to piracy to obtain that media because of the unavailability of that content for a price that the “market” can bear.

Read Full Post »

Off the cuff, this is a post about PGP (a.k.a., “pretty good privacy”) and encryption.

When I was in college in the 1990’s, encryption was the easiest thing to set up. We’d download some freeware, set up a few encryption keys, upload the keys to the MIT servers, and send around “how are you, aren’t we cool because we’re using encryption” e-mails to friends and family. Little did we know those keys would be permanently there years later, and most of us lost our keys over the years, and forgot to set expiration dates on our keys (so my old college keys are still available somewhere on the net).

After a phone call today, I realized that after so many years, I have not used PGP, and I did not have a PGP key handy to encrypt an e-mail and its contents. “No problem,” I thought, I’ll just go online, grab the free software from Symantec, and I’ll set up a key and forward the documents. NO GO.

Symantec purchased the rights to the PGP software from Phil Zimmerman, and they TOOK AWAY the ability for individuals to set up PGP encryption on their machines (unless they purchase an elaborate suite of programs for $$$$). And, even if I wanted to purchase the software, they have made it next to impossible to acquire it using a few clicks, a credit card, and a website checkout.

Honestly, I have nothing wrong with companies selling premium features on top of their free software, but ENCRYPTION SOFTWARE SHOULD BE FREE!!! In order to have a free society where individuals can speak and express themselves freely without need to censor themselves in fear of a snooping government, encryption is needed! Because Symantec took away the ability for individuals to use PGP, in my opinion, this in my book is considered unethical and “mean” business practice. Shame on you, Symantec.

[ON A SIDE NOTE: I want to point out that in college Phil Zimmerman was my hero. Now on his “Where to get PGP” website, he states that he doesn’t care that PGP is no longer free, as long as Symantec kept the source code available to the public. Phil Zimmerman, for the reason that you have made it so that companies can make it difficult for users to access and use encryption, now almost twenty years later, you are no longer my hero.]

Since PGP has become monetized and corporatized for corporate profit and control, for those of you who want (and should) set up encryption, there is still a way. GnuPG (part of the OpenPGP Alliance) has made encryption available to Windows PC users using their GPG4win software. Essentially, the software appears to have originally been written for the Linux operating systems, but it has been ported for those of us that are still shackled to a Windows PC operating system.




The link to download the latest version of GPG4win is here:


– For those of you more techy, the keys they set up are 2,048 bit keys, which are the standard for today’s encryption. However, technology does advance quickly, and if you are anything like me, you’ll want to use the 4,096 bit keys (which is more encryption than you’ll ever need, but why skimp on privacy when such a key is available?)

So if you want this stronger key, when the software asks you if you want to create keys, say “no,” click “File, New Certificate,” and click on the advanced settings. There, you will be able to 1) choose the heightened security 4,096 keys, along with 2) the ability to SET AN EXPIRATION DATE FOR YOUR KEYS.


NOTE: All of us have set up keys, and have lost them due to computer malfunction, hard drive crash, or just losing the secret key files. ***IF YOU DO NOT SET AN EXPIRATION DATE ON YOUR KEYS, THEY WILL BE ON THE MIT SERVER FOREVER!!!*** And, you will be unable to delete the keys later on. So please! Set an expiration date on your keys. I set mine for 12/31/2016 (at the end of next year), and next year, I’ll set up another set of keys.


For some reason, the Kleopatra Windows PC software does not have an option to set up a revocation certificate so that you’ll be able to revoke (or inactivate) keys on the MIT server that you no longer use.

For this reason, and this is easy to do, the superuser.com website has described a way to set up a PGP key revocation certificate using a command terminal (“CMD”) code.

In short, open a terminal in Windows (using “Run, CMD”), and type the following:

gpg –output revoke.asc –gen-revoke [MY KEY-ID]

(NOTE: The MY KEY-ID is the “Key-ID” for the key you created using the Kleopatra software.)

Then save it somewhere where you cannot lose it. Print it out and save it offline if you need to.


This is the step that you should be most careful about. Once you upload the key, it’s on the server forever (viewable at https://pgp.mit.edu/). So just double-check your steps before you take this step.



Once you’re all set up, you’re set for the life of your encryption keys (remember, I set mine to expire at the end of next year.)

Below are the steps to use PGP:


You can search for their key by either:

1) On the Kleopatra software, click “File, Look Up Certificates on Server,” and then you would type in either their name or e-mail address and select which key you want to use (best to use their most recent key if there are multiple keys).

2) Alternatively, you can accomplish the same result by entering their name or e-mail address on the MIT server (https://pgp.mit.edu/). For example, for mine, you would search for rzcashman@cashmanlawfirm.com, and my key would show up.


On the Kleopatra software, you would click on the “Clipboard” button on the toolbar and select “Encrypt.” A new screen will open, and you’ll write your message.

Once you have written your message, click on the “Add Recipient” button and select the key of the person you are sending the e-mail to. Remember, you did this in STEP 1.


This is the easy part. Once you have the message you wrote encrypted to the key of the person to whom you wrote the message, a string of letters will appear in your window. Copy and paste it (all of it) into an e-mail.

REMEMBER, encryption protects the CONTENTS of an e-mail not the META DATA, meaning, it only protects the contents of what you wrote. It does not protect who you wrote it to, or what server you were logged into when you sent the encrypted text. This was part of the issue with the NSA claiming that they were “only” pulling meta data, and not the contents of the e-mail themselves.

NOTE: If you also encrypted a file to attach to the e-mail [I did not describe how to do this yet], attach the .gpg file that your software created as an attachment to the e-mail. The person to whom you encrypted the e-mail will be able to decrypt the attachment as well as the contents of your e-mail.


Since you encrypted your message with the intention that only the recipient sees it, when he receives your e-mail (and any encrypted attachments you also sent), he will be able to use his own software to decrypt what you have sent to him.

Why is this possible? Because you encrypted the contents of your message to his key, and thus only he can unencrypt and read your message. When he replies to you, he will write the text into his software, and he will encrypt the message (and any files he also wants to attach) using YOUR key that he pulled off of the server, and he’ll send it over to you.



Encrypting one file at a time using the Kleopatra software can be done by clicking “File, Sign / Encrypt Files.” From there, another window will open up, where you can select which file to encrypt. When the software asks for whom you would like to encrypt the file, just use the key of the person to whom you want to send the file. The software will make an encrypted copy of the file in the same folder, just with the .gpg file type. Use that file when sending the encrypted file in an e-mail as an attachment.

If you want to encrypt the file using your own key file (meaning, only you can unlock it), you may (for example, if you are sending yourself a private file to be accessed somewhere else). But if you only want the encrypted file to remain on your computer, remember to manually delete the original file, or you’ll have both the original and encrypted files in the same directory.


The topic of encrypting entire files, folders, or entire hard drives is outside the scope of this article. Doing so requires software such as Truecrypt, and it is a different process than encrypting and decrypting e-mails and messages using PGP as we have described here.


TERMINOLOGY: There are two PGP encryption keys that you create when you set up your “key pair” — a “public” key and a “private” key. The public key is the one that is uploaded to the server, and if you provide someone your encryption key for them to send you e-mails or files, it is ALWAYS the public key that you send to them. The “private” or “secret” key is the one that remains with you or on your computer, and it is used to decrypt messages and files that were encrypted to your public key. Never give out your private key to anyone.

Read Full Post »

Now is the moment that bittorrent attorneys joke to themselves, “now is probably a good time to brush up on divorce law.” In short, there have been bloggers and members of the news media who [once again] have written fear-based articles that there is about to be a “hack of all hacks” which will disclose the porn viewing habits of millions of Americans.  The threat of such a hack was originally circulated in 2013, then in February 2014, then in April, then again in June, and now again in October 2015. It has become a popular story to circulate because of the fear such a story invokes, and since it has reared its ugly head yet again, here are my thoughts on the proposed hack:

In the most recent version of the story, anyone who this past year (2015) has visited websites such as “XVIDEOS.COM,” or other YouTube-like websites which stream pornographic (and likely copyrighted) content (even using the browser’s “incognito” mode [which does nothing except NOT SAVE what you visit on your computer, but all other records are kept regarding that website visit by both your ISP, the website itself, and all trackers and cookies hooked in to your connection]) has been threatened that there will be a major hack which will correlate the IP addresses of those who have visited the website with the real names of the internet users.

Now without attracting the ire of hackers, this would have to be a pretty complicated hack in order for it to succeed. They would not only have to hack the logs of the porn tube websites (not so hard to do, as website analytics logs are not that well guarded), but in order to link the IP addresses they would retrieve from a hack of the porn websites’ logs, they would still need to obtain the identity of the internet user.  In order to do this, the hackers might either have to hack one or more ISPs (Comcast, Verizon, Time Warner, Charter, Centurylink, etc.) to obtain account information and/or IP address histories (a list of IP addresses that have been leased to the account holder over the past year in accordance with that ISP’s “IP retention policy,”), or the hacker would have to hack some popular website (e.g., Facebook, Instagram, etc.) which houses the real identities of the suspected internet users AND employs sufficient tracking methods (internet trackers or cookies) to follow those users when they are browsing “away” from the website (e.g., such trackers would note that a particular internet user visiting Amazon.com is the same user who just viewed their buddy’s updates on Facebook).  In short, the hackers would need to obtain the identities of the internet users through either their ISPs or some popular website, and then they would need to correlate those identities with the stolen internet logs (of IP addresses of the internet users who have visited the pornography website).

Now if that was a mouthful for you and you are confused, let me simplify the matter by going over this again in detail:

From the porn website side of the hack, every time you visit a web site, the website sees the IP address you have come from (or, if you are coming from a VPN, it sees the IP address of that Virtual Private Network which is shared by other internet users as well). The website can see which pages you viewed through the trackers associated with the site (e.g., Google Analytics helps website owners track what website each visitor came from, what search term(s) you used to arrive at the website, what you clicked on when you accessed the website, how much time you spent on each page, and where you clicked to when you left the site, etc.) What it cannot tell you is WHO YOU ARE.

Now there is a website put out by the Electronic Frontier Foundation called “Panopticlick” (https://panopticlick.eff.org) which in my opinion freaks out everyone who clicks on it (especially security-minded users such as myself who have freakishly identifiable browsers based on the privacy plug-ins and custom privacy settings built into our browsers), but the point of the website is to teach you that your browser itself can “expose” who you are based on the fingerprints your browser leaves every time you visit a website. Also, pay attention to IPLeak.net (https://ipleak.net/) which tries to see past your known IP address to discover if you are leaking your true IP address (which can lead a hacker to your identity through your ISP). Lastly, pay close attention to the “IP Check” test on the JonDoNym website (http://ip-check.info/?lang=en) because each of these items checked can compromise your identity.

The missing link to make such a hack happen is that the hacker would need to access the data mining logs that are stored on each user (e.g., in browser cookies) or through tracking websites such as DoubleClick, etc. (essentially, the hacker would have to also access the advertising-based websites which unknown-to-you latch on to the the website you visit so that when you shop on one website for a particular product, and then you switch to another website, the product you are shopping for appears as a creepy recommendation from the other site). [For those of you who understand me how this works, I always got a laugh when I used to sign onto a public VPN at Starbucks using software such as Hotspot Shield {WARNING: DO NOT USE PUBLIC VPNS}, and in my browser’s search results, I would always see porn-related ads and suggestions.  This was an indication as to what everyone else who was signed on to that free VPN was doing with that VPN connection.]

Back on point as to trackers, you do not see the trackers*.  However, they latch on to you when you visit popular websites (e.g., Facebook, LinkedIn, Netflix, Hulu, Amazon.com, Walmart, etc.).  To protect yourself from trackers, you should know that there are ad blockers and tracker blocker browser plug-ins, most notoriously Ghostery (https://www.ghostery.com/) or Disconnect (https://disconnect.me/) which do a good job blocking these trackers.  *NOTE: You can actually see the trackers when using one of these tracker blockers.  Alternatively, for a visual representation of which trackers you are connecting to, get the Lightbeam extension for Firefox (https://www.mozilla.org/en-US/lightbeam/), and get ready to be surprised.

In sum, the hacker would not only need to obtain the IP address logs from the streaming pornography website (which would indicate which IP addresses visited which pages at what times), the hacker would also need to hack into a website or company (e.g., Facebook) that has access to your real name.  Further, just in case your IP address history is not available for the hacker to correlate with the the porn websites’ IP address logs, the claim is that the hacker might be able to use your browser’s fingerprint (e.g., as described in EFF’s Panopticlick website), or they might hack into a data mining company’s website which tracks you as your browse from one website to another to properly identify you as the individual who viewed that web page at that date and time.  In my opinion, I cannot imagine that the technology is this advanced to allow a hacker to track users using their browser fingerprints nor do I think they would be able to breach and access a data mining company’s records.  For these reasons, I don’t think this browser-based fingerprint hack or the data-mining based hack are valid threats, at least not yet.  (NOTE: If there ever comes a universal internet ID, then yes, this would easily identify users across websites, and such a database would probably be easily hackable too if you take the current record of IRS and federal employee data hacks and you project that lack of security forward into a universal internet ID system.)

So here is my opinion.  Really, unless I am missing something, I can’t imagine that technology is that advanced to allow a hacker to hack the YouTube-based streaming porn site, identify the users who accessed that website through their IP addresses and the browser fingerprints (I don’t think browser fingerprint data is even available through generic website analytics likely employed by the pornography websites, even the paid websites), cross-link those browser fingerprints with other websites you have visited (even with the hacking of data mining services) to identify the real identity of the person using that browser, and then post a list of the real user names and associated identities (to “expose” those users) of those who have visited the targeted pornography websites just as they did in the Ashley Madison hack.  It is just too complex of a hack to do!

To the relief of those users who have visited these pornography websites and are concerned about being exposed, there are a few things to note. Firstly, the Ashley Madison hack exposed the USER ACCOUNT INFORMATION AND REAL NAMES (OFTEN OF THOSE WHO PAID MEMBERSHIP FEES TO THE WEBSITE for access). Here, a viewer of online content likely has no account, and if there is an account, you probably didn’t give your real information because the sites merely require that you register in order to comment.   There is usually no paid content (premium content, yes, and perhaps these are the people at risk if there were such an imminent threat).

Secondly, remember that websites that house real contact information and track their users using trackers and advanced cookies probably have really really good security.  I can’t imagine that a website such as Google, Facebook or LinkedIn would allow a hacker to break into their system and steal their user lists and data mining / tracking data.  [Yes, I know just a few days ago Experian was hacked (which is funny because they provide credit monitoring services just in case another website is hacked and identities are stolen), but] My best guess is that any website that houses user information and employs such deep trackers and data mining technology would be like Fort Knox as far as security is concerned.  So it’s likely a no go for such a hack to happen.

However, here is where I would be concerned.  If I am wrong and such a large company WAS hacked (and perhaps they haven’t figured it out yet, just as the IRS took months before realizing that they were hacked), or if a zero-day security vulnerability was discovered (allowing a hacker to gain access to mining data and/or real identity records) and the employees at the company’s IT department haven’t caught it yet, then such a hack MAY be possible.  Perhaps the hackers have already infiltrated Google, Microsoft, Yahoo, or some giant free mail provider [which tracks their users in return for the free e-mail services] and the hackers already have obtained the real name contact information and, if they’re lucky, the IP address history (web history) from those mail providers. Then, the web history and account data would allow the hacker to go back in time and match the history of IP addresses obtained from the ISP or mail provider that it has hacked, and they would be able to correlate those past IP address logs to those IP address logs of the visitors to a particular website gleaned from an imminent or past hack of that website’s analytics logs. [If this wasn’t an old story, I would say that with the honor code of hackers, no hacker would say they CAN do something unless the hack had already happened and they are waiting to publish the results of that hack, or they have already identified the security vulnerability and are timing the imminent attack to gain access to the information they seek.]

If you are concerned that your e-mail address has been compromised or stolen in a past hack (such as the one I am proposing could maybe take place here), there is a website called “Have I Been Pwned” (https://haveibeenpwned.com/) where you can look up your e-mail address to see if your account and/or password has been compromised.

Realistically, though, I would be most concerned for users who have registered with accounts on the targeted websites (e.g., to post comments, join discussions, etc.). Anyone else — as soon as you can, lock down your browser, start learning about how to browse privately (I suggest learning how to use the Firefox plugins on the JonDoFox overlay and why each one is so important), and get and lock down your paid VPN if you are worried about inadvertently disclosing your IP address. Other than wiping your web and location history (e.g., with your Google or Yahoo account settings) [just in case the hack has not yet happened], this could hopefully protect you should such a hack take place in the future.

Now, for those of you who want to see what the hackers actually have in store, buckle down, grab your popcorn, and wait to be impressed. If this is a real story with an imminent threat AND IT ACTUALLY HAPPENS, then this could be an Edward Snowden kind of hack which could forever change the way we think of internet security. If it is a false alarm (my suspicion), or if the hacker cannot produce what he claimed he can or has been able to do, then that hacker who has been leaking this story over and over again might consider leaving town for his own safety — or else he might find himself at the bottom of a river for diluting the reputation of hackers who would no doubt be angry at him for promising something none of them can deliver.

Independent.co.uk, “Internet porn viewers ‘should expect viewing histories to be made public’
Brett Thomas, “Online Porn Could Be The Next Big Privacy Scandal
Independent.co.uk (April), “Could your online porn habits be publically released?

FURTHER THOUGHTS ON WHETHER LAWSUITS FOR ACCESSING STREAMING CONTENT WILL EVER HAPPEN: Where this article is relevant to copyright infringement / bittorrent / copyright troll lawsuits and DMCA requests for settlement amounts:  There are two observations that someone accused of downloading copyrighted pornography should take away from this article (and as usual, none of this is to be considered legal advice):

1) Just as a hacker would be able to obtain the IP address records from a pornography website’s analytics through theft, a copyright enforcement company such as CEG-TEK or RightsCorp can use bittorrent software to track the IP addresses of all of the downloaders participating in the bittorrent swarm (no theft; this information would be freely available to them).  No lawsuit is needed, and no subpoena is required from a judge to obtain the IP addresses of the accused downloaders.  The bittorrent software alone provides this information to them.

Also, neither CEG-TEK, RightsCorp, nor the copyright holders need to sue an accused downloader in federal court to obtain their identity.  Rather, under the DMCA laws, the copyright holder (or their agent) can send a DMCA violation notice to the accused infringer’s ISP, and the ISP forwards that violation notice (often containing a hyperlink forwarding that suspected infringer to their http://www.copyrightsettlements.com website (run by CEG-TEK), where the link they click on would prefill-in the case number and password of the accused downloader’s “case.”  It is in accessing this website that the accused downloader is faced with a demand for payment to settle all known claims of copyright infringement against them.  How all known claims?? Before CEG-TEK sends the DMCA violations notice, their computer system already pre-fills in all other accused downloads or past infringing activity based either on the accused downloaders’ past IP addresses, or based on the geolocation data provided to CEG-TEK.

2) Just as it would be difficult for a hacker to pull off such a hack as described here, also take away that all of the copyright infringement lawsuits filed in the U.S. District Courts (the federal courts) across the U.S. have been for BITTORRENT ACTIVITY.  As far as I know, with very few exceptions where the copyright holder identified and sued the uploader based on a watermark (or secret code) embedded into the copyrighted video that identified the accused infringer as being the one who disseminated the copyrighted materials, there has never been a “John Doe” bittorrent lawsuit against a downloader who got caught by viewing content streamed on a YouTube-like website.  This is not to say that there will not be one in the future.

In order for a copyright holder to sue an accused downloader for viewing content that is streamed to that user via a website (this is how they would need to do it), that copyright holder would need to first obtain from the pornography website’s owner the list of IP addresses of the individual or individuals who visited a particular web page of the pornography website (noting that each video would have its own unique website address), and this endeavor would require cooperation or compliance of the pornography website’s webmaster (which will almost certainly NOT happen, as most websites are now hosted OUTSIDE of the United States).

Second, after the copyright holders obtain the IP address(es) of the accused downloaders, they would need to follow the same procedure as Copyright Enforcement Group (CEG-TEK) by sending DMCA letters to the ISPs instructing them to forward those notices of copyright infringement to the account holder who was assigned that IP address.  Or, the copyright holder or their agent would need to file a lawsuit in the appropriate federal district court on behalf of the copyright holder, and the copyright holder would then need to persuade a judge to issue a subpoena to force the ISP to hand over the identities of the accused downloaders based on the list of IP addresses obtained from the website owner.

In the likely scenario that the website owner did not provide the list of IP addresses of the accused downloaders, the lawsuit could still proceed against the John Doe Defendants.  However, the copyright holder would first need to sue the website owner (who might reside outside the U.S., and outside the jurisdiction of the U.S. federal courts) to turn over the list of IP address logs of those users who visited a particular web page hosting or embedding the copyrighted video owned by the copyright holder.

Thus, the second takeaway from this article is that copyright holders have not yet and likely will never go through the initial step of 1) suing the porn website webmaster to obtain the list of IP addresses, and for this reason, I have not seen and do not foresee seeing lawsuits filed against defendants who viewed copyrighted content using a YouTube-like streaming service.  This is not to suggest or encourage that someone use this medium of viewing copyrighted films as technology can change, laws can change, and as the courts loosen their long-arm jurisdiction against foreign corporations and entities (weakening the Asahi case), the United States might start asserting its jurisdictions over foreign countries or foreign entities or corporations.  (As an attorney, it is also important to note that regardless of the means of obtaining access to view a copyrighted video, downloading copyrighted content — even a temporary copy to your computer could still be held to be copyright infringement).  That being said, it is a lot harder to sue someone for viewing streamed content rather than suing someone for downloading content via bittorrent.

Read Full Post »

After my “Dallas Buyers Club, LLC is a modern-day Icarus Story (TXSD)” article on August 13th, I called Keith Vogt, the plaintiff attorney for Dallas Buyers Club. In our call, I ascertained his motivations regarding how he plans to approach Judge Hughes here in Texas, and what he plans to do with the other cases (duck and run, or push forward).

As I suspected, he expressed no “duck and run” mentality (not even privately), as we have seen in similar past cases with other past “copyright troll” plaintiff attorneys. In fact, Vogt appeared to be undeterred considering the outcome of the case, mentioning that he has NINE (9) other cases alive and well in the Southern District of Texas, seven of which were in their INFANT STAGES and all of his cases are assigned to judges other than Judge Hughes.

Below is a list of those new cases:

Dallas Buyers Club, LLC v. John Does 1-25 (Case No. 4:14-cv-02119)
Dallas Buyers Club, LLC v. John Does 1-25 (Case No. 4:14-cv-02120)
Dallas Buyers Club, LLC v. John Does 1-25 (Case No. 4:14-cv-02121)
Dallas Buyers Club, LLC v. John Does 1-25 (Case No. 4:14-cv-02124)
Dallas Buyers Club, LLC v. John Does 1-25 (Case No. 4:14-cv-02217)
Dallas Buyers Club, LLC v. John Does 1-25 (Case No. 4:14-cv-02219)
Dallas Buyers Club, LLC v. John Does 1-25 (Case No. 4:14-cv-02220)

and of course, the two older cases:

Dallas Buyers Club, LLC v. John Does 1-31 (Case No. 4:14-cv-00248)
Dallas Buyers Club, LLC v. John Does 1-45 (Case No. 4:14-cv-00815)

Each of the newer cases were filed on either 7/24 or 8/2 (before Vogt’s problems with Judge Hughes surfaced). I have been watching these cases, and the judges in most of them have granted permission for Dallas Buyers Club, LLC to send subpoenas to the ISPs to ascertain the identities of the John Doe Defendants. These people will be receiving letters from their Comcast Xfinity Subpoena departments in the coming days and weeks.

Two interesting items to note: Plaintiff attorney Vogt has roughly 175 potential defendants, each of whom will likely be asked for a settlement of thousands of dollars. He has also not filed any new cases since the August 13th debacle with Judge Hughes, likely understanding that they will be assigned over to him, and this may or may not be a fight he wants to instigate just yet. On a more concerning note, on Thursday, Vogt named and served eight (8) John Doe Defendants in his 4:14-cv-00815 case. This is one of his older cases, and I understand that he needed to do so because Judge Gray Miller was pressuring him to do so before the upcoming hearing. Instead of posting the names of the named and served defendants, I have pasted a screenshot of the docket which lists the named defendants — you can see the named defendants referenced below in Documents 21 & 22.

Named and Served Dallas Buyers Club, LLC defendants

Dallas Buyers Club, LLC attorney Keith Vogt names and serves defendants in the 14-cv-00815 lawsuit.

In sum, on August 13th, I commented to a friend that I did not think the judges in Texas spoke to each other. I am still of the opinion that federal court judges appear to lord over their court as if their court is their own sovereign territory. It would be nice if one judge poked his head into another courtroom once in a while.  If he or she did, they would notice that the proper answer to cases such as these is CONSOLIDATION.

In a perfect world, Judge Hughes would consolidate all of the Dallas Buyers Club, LLC Texas cases into one case, since all of the cases relate to the same common questions of fact.   Doing this would prevent contrary rulings from neighboring judges, and it would create a common rule of how to handle, facilitate, and ideally to dispense with all forms of “copyright trolling” cases in the federal courts.

Read Full Post »

I believe it is the duty of the copyright holders to “police their own copyrights,” meaning, if a company sees a bittorrent tracker or website hosting an unlicensed copy of their copyrighted work, BY ALL MEANS, issue a DMCA takedown notice to the website or to the bittorrent tracker, and that torrent will be GONE AND UNAVAILABLE for downloaders to take the content.

Rather than doing this, copyright holders hire CEG-TEK to target EVERY SINGLE DOWNLOADER with a letter forwarded by various ISPs, VPN providers, or university IT departments who are cooperating with CEG-TEK (sometimes for profit). Account holders receive “notice of infringement” letters sent directly to them either via an e-mail, FedEx, or a screen pop-up link along with a notification that they have violated the ISP’s terms of service. CEG-TEK’s letters now ask for $250-$300 per download, and they direct the accused downloaders to the “Copyright Settlements” website (http://www.copyrightsettlements.com) with a link which pre-populates the assigned Case Number and Password into the website.

With the cooperation of the ISPs in forwarding CEG-TEK’s letters to accused downloaders, there is no longer an anonymity barrier between the accused downloaders and the copyright holders as there once was when CEG-TEK would need a court order to access the identities of the accused downloaders. Now, since various ISPs and universities (e.g., Charter, Suddenlink, CenturyLink, Giganews/VyprVPN, etc.; NOTE: Comcast, Verizon, and the other big ISPs appear NOT to be working with CEG-TEK for the moment) have been useless in stopping the copyright holders from contacting the account holders, other than hiring a lawyer such as myself to create a buffer between the copyright holders and the accused account holders, bittorrent users should probably be aware of which companies are using this extortion tactic of “we will sue you unless you pay us money for the video you have downloaded.”

Here is a list I compiled from my own records as to which copyright holders are [at the moment] using Ira Siegel and CEG-TEK to “monetize” their “most pirated” copyrights. I want to point out that I am conflicted as to whether to post this list because the list itself can be deceiving — a title “not” on this list can still be monitored, and by no means am I suggesting that someone avoid these titles and download others. Perhaps by listing which companies are enforcing their copyrights using this extortion-type of “settle or else we’ll sue” method, it might shame the companies into doing something a bit more ethical (e.g., by policing their own copyrights and issuing DMCA takedown letters rather than attacking the downloaders as a means for financial revenue):

Axel Braun Productions
– “Batman XXX: A Porn Parody”

Celestial Inc., DBA Lethal Hardcore
– Fuck My Mom and Me 17

Cinderella Distributors Inc.
– Backdoor To Hollywood 6

Coast to Coast Video
– Older Women Younger Men 16

Combat Zone Inc.
– Daddy’s Little Princess #2

Daring Media Group
– Pretty Woman

– Swallowing is Good For You

Digital Sin, Inc.
– All About Ashlynn 1
– Incestuous
– Little Darlings
– My Anal School Girl
– My Plaything Ashlynn Brooke
– Perfect Little Pussy
– The Family That Lays Together
– The Innocence Of Youth #3, #5, #6
– This Is My First… A Gangbang Movie

Echo Alpha, Inc. DBA Evil Angel
– Fetish Fanatic 12
– Fetish Fuck Dolls 3
– Raw 16
– Rocco’s Perfect Slaves 3
– Rocco’s Young Anal Adventures

Fallout Films
– Naughty Girls 2

Froytal Services Limited DBA Babes
– Abrasador
– Amatores
– Dancing With Myself
– Hearts Racing
– Love Encounter
– Raving With Pleasure

Froytal Services Limited DBA Brazzers
– Dani’s Back and Ready to Play
– Driving Mrs. Madison Wild
– I Can Walk!!!
– Miss Titness America
– Mommy Got Boobs 15
– Sharing My Roommate’s Cock (Milfs Like It Big)
– Slutty Sorority Contest
– Teens Like It Big 12
– The Dangers of Working From Home (Kiki Minaj)

Froytal Services Limited DBA Mofos
– Best Vacation Ever! (Ivy Laine)
– Cheerleader Fantasy
– Flashing Gets Her Whatever She Wants
– Fun And Sex Games
– I Make It Rain On Your Tits (I Know That Girl; Dillon Harper)
– Jewels for the Duch-ASS
– Rub a Dub Gimme a Tug
– Swinging Slut Buffet

Froytal Services Limited DBA Twistys
– Burnin’ Luv
– Cum Over And Taste..

GGW Direct, LLC DBA “Girls Gone Wild”
– Baby Bash Live & Uncensored
– Bad Girls 2
– Best Breasts Ever
– Best of Blondes 2
– Celebrity Look-A-Likes
– Endless Spring Break 3
– Endless Spring Break 4
– Endless Spring Break 5
– Endless Spring Break 6
– Endless Spring Break 7
– Endless Spring Break 9
– Endless Spring Break 10
– Endless Spring Break 11
– Endless Spring Break 12
– Endless Spring Break 13
– Endless Spring Break 14
– Freshman Class
– GGW – Extreme Sex
– GGW – On Tour 1
– GGW – On Tour 2
– GGW – On Tour 3
– GGW – On Tour 4
– GGW – On Tour 5
– GGW – On Tour 6
– GGW – On Tour 7
– GGW – On Tour 8
– GGW – Sweet Young Sex Maniacs
– Girls On Girls
– Girls Who Like Girls
– Horny Cheerleaders
– Hottest Texas Coeds
– My 18th Birthday
– Road Trip
– Sex Race
– Sexiest Moments Ever
– Sexiest Moments Ever 2
– Spring Break 2007
– The Perfect Pair
– Ultimate Rush
– Usually a siterip or a torrent containing 25+ titles.
– Wild World
– Wildest Bar in America

Giant Media Group, Inc. DBA Devil’s Film
– Ass Full Of Cum 4
– Best Of Gangland Cream Pie
– Cum On My Hairy Pussy 2
– Cum On My Hairy Pussy 16
– Don’t Tell My Wife I Buttfucked Her Best Friend
– Gangland 70
– Gangland 85
– Gangland Cream Pie 24
– Gangland Cream Pie 25
– Gangland Cream Pie 26
– Gangland Cream Pie 27
– Gangland Cream Pie 28
– I Wanna Buttfuck Your Daughter 10
– My Wife Caught Me Assfucking Her Mother
– My Wife Caught Me Assfucking Her Mother 2
– My Wife Caught Me Assfucking Her Mother 5

Girlfriends Films Inc.
– I Dream of Jo 4 True Passion
– Mother Daughter Exchange Club 27
– Poor Little Shyla 2
– Tides of Lust
– Lesbian First Timers
– Lesbian Seductions 46

Intense Industries
– Fucking Your Socks Off

JM Productions Inc.
– Suck Off Races 3

JW Releasing Ltd
– Kinky Business

Kick Ass Pictures Inc.
– Foot Fetish Daily 9

LFP Internet Group, LLC DBA Hustler
– Barely Legal 2
– Barely Legal 16
– Barely Legal 19
– Barely Legal 84
– Barely Legal 100
– Barely Legal 127
– Barely Legal 128
– Barely Legal 131
– Barely Legal 134
– Barely Legal 138
– Barely Legal 139
– Barely Legal 140
– Barely Legal Little Runaways
– Barely Legal: All Stars 5
– New Wave Hookers
– The Opening of Misty Beethoven
– This Ain’t Game of Thrones

Manwin Content RK Limited DBA Reality Kings
– 2 For 1 Pink
– A Lavish Load
– Belle Bottom
– Bouncing Deluca (Big Naturals; Angel Deluca)
– Cum Hard
– Dirty Minds
– Full Figure (Monster Curves; Katie Banks)
– Getting Hardy
– Girlfriends Revenge (GF Revenge 6)
– Hello Alexis
– Leather and Lace
– Licking Lessons – Jasmine Wolff (Moms Bang Teens 2013-12-30)
– Naughty Kennedy – Kennedy Leigh (Moms Bang Teens 2014-01-20)
– Pussy Love (Money Talks – Esmi & Lily)
– Riding Riley
– Ripping Through
– Sexy All Star
– Sexy Stella
– Sweet Veronica
– Tits and Hips
– Ass In Heels – Angell Summers (EuroSexParties 2013-05-30)
– Busty Bikini Babes 1
– Finger Licking Good
– Lick It

Manwin DP Corp. DBA Digital Playground
– Bad Girls 5
– Bad Girls 6
– Bridesmaids
– Code of Honor
– Don’t Fuck My Sister
– For Sale
– Island Fever 2
– Island Fever 3
– Jack Attack 4
– Jack’s POV 2
– Jack’s POV 3
– Jack’s POV 5
– Jack’s POV 7
– Jack’s POV 8
– Jack’s POV 10
– Jack’s POV 12
– Jack’s POV 15
– Jesse Jane Fuck Fantasy
– Jesse Jane Kiss Kiss
– Lost and Found
– Nurses
– Pink Slip
– Pirates
– Raven Alexis The Substitute
– Riley Steele Deceptions
– Riley Steele Satisfaction
– The Girlfriend Exchange
– Titlicious 2
– Top Guns
– unSEXpected
– Web Whore

Marc Dorcel
– Cathy 40 (Cheating Housewife)

Marc Dorcel DBA SBO Pictures, Inc.
– Orgy Anthology

SBO Pictures DBA Vouyer Media
– Jack In Me POV 2

SBO Pictures DBA Wicked Pictures
– Daddy Did The Babysitter
– I Was a Mail Order Bride
– Octomom: Home Alone
– Selfies
– Spacenuts
– Teen Ravers

Metro Media Entertainment
– Cute Little Asses

Millennium TGA, DBA Grooby Productions
– Buddy Wood’s Shemale Bedtime Stories

New Sensations Inc.
– Almost Heaven
– Anal Sex Secrets
– Ashlynn Brooke Is Sexy
– Big Bang Theory A XXX Parody
– Big Girls Are Sexy #3
– Double D Vixens
– Friends A Xxx Parody
– I Can’t Believe I’m Doing This (Zeina Heart)
– I Love Asians 11
– I Love Asians 5
– Redheads Are Sexy #5
– Sexy Student Bodies`
– WKRP in Cincinnati: A XXX Parody
– Young Girls With Big Tits 10

Patrick Collins Inc., DBA Elegant Angel
– Alexis Texas Is Buttwoman
– Big Wet Asses #3
– Big Wet Asses #6
– Big Wet Asses #7
– Big Wet Asses 16
– Cuties 4
– It’s A Daddy Thing!
– It’s A Secretary Thing!
– It’s A Secretary Thing! 2
– Massive Facials 5
– Performers Of The Year 2014
– Real Female Orgasms 10
– The A Line
– The Bombshells 5
– The Greatest Squirters Ever! 4

Pleasure Productions Inc.
– Wild Honey 2 (Tera Patrick)

RLD Distribution LLC
– Girls Of Red Light District – Sasha Grey
– I Bang Teens (Megan Salinas)
– White Dicks Black Chicks

Second Phase Distribution Inc.
– Big Butt All Stars – Crystal Clear
– Mama Turned Me Out 3
– Mama Turned Me Out 4
– Mama Turned Me Out 5
– Pigtail Virgins

Third Degree Films, Inc.
– Big Boob Orgy 2
– Curve Appeal
– Illegal Ass 2
– Laid In Lingerie 2
– Laid in Lingerie 3
– Spunk’d 7
– Spunk’d 8
– Top Ten 2

Vivid Entertainment LLC
– Farrah 2 Backdoor and More
– Farrah Superstar: Backdoor Teen Mom
– Kim Kardashian Superstar
– Raven Alexis Unleashed
– Raylene’s Dirty Work
– Tera, Tera, Tera (Tera Patrick)
– Tila Tequila Backdoored and Squirting
– Tristan Taormino’s Expert Guide to the G-Spot

White Ghetto Films Inc.
– Group Sex Junkies

Zero Tolerance Entertainment
– Dr. Ava’s Guide to Sensual BDSM For Couples
– Is Your Mother Home?

Now obviously you will notice a common theme along each of these copyright holders, and that is the “genre” of content they all produce. You will also notice that in this list there are “copyright trolls,” (meaning, companies who in the past have used or use the federal courts to sue individual downloaders for copyright infringement) and there are “not” copyright trolls (meaning, companies who have NOT sued defendants for copyright infringement). You can see which are copyright trolls by either searching the web for their name, or doing a search on http://www.rfcexpress.com to see whether they have sued in federal court.

A few things to note.

1) Many of the larger companies have multiple websites, and do business as multiple entities. For example, Froytal Services Ltd. “does business as” (“DBA”) Mofos and Brazzers (corresponding to their Mofos.com and Brazzers.com websites).

2) Many copyright holders are OLDER COMPANIES and FAMILY OPERATED BUSINESSES. This means that it is common to have former porn companies hire CEG TEK to track and send letters for “vintage” films from the 1970’s and 1980’s. The copyrights for these films ARE STILL IN EFFECT, and the former owners of those companies are now elder individuals who are now enforcing their copyrights from FORTY YEARS AGO. On the flip side, many older couples have been caught downloading a film from their youth thinking that since the titles were so old, it was probably legal to do so.

In sum, all I ask of everyone is to understand that the bittorrent networks are no longer safe, and when you download something, assume someone else is watching you. And, be aware that there are companies out there like Copyright Enforcement Group (CEG-TEK Int’l) who are waiting to send you a settlement demand letter.

Read Full Post »