Posts tagged ‘canada’

TorrentFreak: Voltage Pictures Sued For Copyright Infringement

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

godz-smallThere are dozens of companies engaged in so-called “copyright trolling” worldwide, the majority connected with adult movie companies.

While most are generally dismissed as second-rate companies out to make a quick buck, U.S. producer Voltage Pictures has developed a reputation for making fairly decent movies and being one of the most aggressive ‘trolls’ around.

The company has targeted thousands of individuals in the United States, Canada, Europe, Asia and most recently Australia. The company has largely prevailed in these actions but a new case filed this week in the U.S. sees the company on the receiving end of procedures.

The spat concerns Voltage’s plans for a new movie. Starring Anne Hathaway and titled ‘Collosal‘, the flick sees a giant lizard-like creature stomping its way over Tokyo. It sounds an awful lot like Godzilla, recognized by Guinness World Records as the longest-running movie franchise ever. Toho, the Japanese movie studio behind the Godzilla brand, noticed the similarities too.

In a lawsuit filed yesterday in the United States District Court for the Central District of California, Toho highlights the hypocrisy of Voltage’s actions.

Describing the company as a “staunch advocate for the protection and enforcement of intellectual property rights” after filing hundreds of copyright suits involving its movies The Hurt Locker and Dallas Buyers Club, Toya says that Voltage began promoting its new movie via email at the Cannes Film Festival earlier this month.

As can be seen from the screenshot below, the email features three large photos of Godzilla, actress Anne Hathaway, and a giant robot.

voltage-godz

“Gloria is an ordinary woman who finds herself in an extraordinary circumstance. Tokyo is under attack by Godzilla and a giant robot and, for some strange reason, Gloria is the only person who can stop it,” the email reads.

Predictably Toho is upset at Voltage’s use of the Godzilla character and associated breaches of the company’s copyrights and trademarks. Only making matters worse is the fact that the image of Godzilla used by Voltage is actually taken from promotional material published by Toho to accompany the release of its 2014 movie, Godzilla.

“Godzilla is one of the most iconic fictional characters in the history of motion pictures. Toho Co., Ltd., the copyright owner of the Godzilla character and
franchise of films, brings this lawsuit because defendants are brazenly producing,
advertising, and selling an unauthorized Godzilla film of their own,” Toho begin.

“There is nothing subtle about defendants’ conduct. They are expressly informing the entertainment community that they are making a Godzilla film and are using the
Godzilla trademark and images of Toho’s protected character to generate interest in
and to obtain financing for their project,” the company continues.

“That anyone would engage in such blatant infringement of another’s intellectual property is wrong enough. That defendants, who are known for zealously protecting their own copyrights, would do so is outrageous in the extreme.”

Noting that at no stage has Voltage ever sought permission to exploit the Godzilla character, Toho says it asked Voltage to cease and desist but the company refused.

“Upon learning of Defendants’ infringing activities, Toho demanded that Defendants cease their exploitation of the Godzilla Character, but Defendants refused to do so,” Toho writes.

In response Toho filed suit and is now demanding that all profits generated by Voltage as a result of its “infringing activities” should be handed over to the Japanese company. That, or payment of $150,000 in statutory damages for each infringement of Toho’s copyrights. Trademark issues are at stake too, with Toho demanding preliminary and permanent injunctive relief against Voltage’s use of the Godzilla marks.

Being on the wrong end of a copyright infringement lawsuit will be a novel experience for Voltage Pictures.

After recently winning a case to reveal the identities of thousands of alleged pirates in Australia, the company is currently engaged in negotiations with a Federal court over how its first letters to the accused should be worded.

With a hearing scheduled for tomorrow, the studio is still experiencing resistance against what is perceived as a so-called “speculative invoicing” business model. Local ISP iiNet is providing comprehensive advice to its customers affected by Voltage’s action and is even working with a law firm prepared to provide pro-bono services.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: “Six Strikes” Anti-Piracy Scheme Is a Sham, Filmmakers Say

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

pirate-runningTo counter the ever increasing piracy threat a group of smaller movie studios launched a new coalition last month, the Internet Security Task Force (ISTF).

ISTF, which includes Voltage Pictures, Millennium, Bloom, Sierra/Affinity and FilmNation Entertainment among its members, is poised to be more aggressive than the MPAA.

Today the group unveils its first point of action. According to the group it’s time to end the voluntary “six strikes” Copyright Alert System, the voluntary anti-piracy agreement between the RIAA, MPAA and several large U.S. Internet providers.

ISTF presents data which reveals that the six strikes warnings are not getting the desired result, describing the system as a “sham”.

According to Millennium Films President Mark Gill his studio sent numerous piracy notices directed at ‘Expendables 3′ pirates under the scheme, but only a tiny fraction were forwarded by the participating ISPs.

“We’ve always known the Copyright Alert System was ineffective, as it allows people to steal six movies from us before they get an educational leaflet. But now we have the data to prove that it’s a sham,” Gill comments.

“On our film ‘Expendables 3,’ which has been illegally viewed more than 60 million times, the CAS only allowed 0.3% of our infringement notices through to their customers. The other 99.7% of the time, the notices went in the trash,” he adds.

As part of the Copyright Alert System ISPs and copyright holders have agreed to send a limited number of notices per month, so anything above this threshold is not forwarded.

ISTF’s data on the number of ‘Expendables 3′ infringements suggests that the Copyright Alerts are in fact less effective than the traditional forwarding schemes of other providers.

Cox and Charter, two ISPs who do not participate in the Copyright Alert System, saw a 25.47% decrease in reported infringements between November 2014 and January 2015. However, the ISPs who sent six strikes notices saw a 4.54% increase over the same period.

“These alarming numbers show that the CAS is little more than talking point utilized to suggest these five ISPs are doing something to combat piracy when in actuality, their customers are free to continue pirating content with absolutely no consequences,” Voltage Pictures CEO Nicolas Chartier notes.

“As for its laughable six strikes policy, would any American retailer wait for someone to rob them six times before handing them an educational leaflet? Of course not, they call the cops the first time around,” he adds.

While it’s clear that ISTF is not happy with the Copyright Alert System, they seem mistaken about how it works. Customers don’t have to be caught six times before they are warned, they get an educational notice the first time they’re caught.

The “six strikes” terminology refers to the graduated response scheme, in which customers face stronger punishments after being caught more times.

Interestingly, the filmmakers promote the Canadian notice-and-notice system as a better alternative. Since earlier this year, Canadian ISPs are obligated to forward infringement notices to their subscribers, and ISTF notes that it has been instrumental in decreasing piracy.

Since the beginning of 2015, Bell Canada has seen a 69.6% decrease in infringements and Telus (54.0%), Shaw (52.1%), TekSavvy (38.3%) and Rogers (14.9%) all noted significant reductions.

The data presented is collected by the monitoring outfit CEG TEK. This American company sends infringement notices paired with settlement requests on behalf of copyright holders, sometimes demanding hundreds of dollars from alleged pirates.

Needless to say, these threats may in part be the reason for the reported effectiveness.

In the United States, ISPs are currently not obliged to forward copyright infringement notices. Some ISPs such as Comcast do so voluntarily, but they also strip out the settlement demands.

ISTF hopes this will change in the near future and the group has sent a letter to the MPAA, RIAA and the major ISPs urging them to expire the Copyright Alert System, and switch to the Canadian model instead.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

SANS Internet Storm Center, InfoCON: green: Dalexis/CTB-Locker malspam campaign, (Thu, Apr 30th)

This post was syndicated from: SANS Internet Storm Center, InfoCON: green and was written by: SANS Internet Storm Center, InfoCON: green. Original post: at SANS Internet Storm Center, InfoCON: green

MalwareEvery Day

Malicious spam (malspam) is by sent by botnets every day. These malspam campaigns send malware designed to infect Windows computers. Ill see Dridex or Upatre/Dyre campaigns a daily basis. Fortunately, most of these emails are blocked by our spam filters.

This diary concerns a recent malspam wave on Tuesday 2015-04-28 from a botnet pushing Dalexis/CTB-Locker.

What is Dalexis/CTB-Locker?

Dalexis is a malware downloader. It drops a CAB file with embedded document thats opened on a users computer [1] then downloads more malware. Dalexis is often used to deliver CTB-Locker [2][3]. CTB-Locker is ransomware that encrypts files on your computer. In exchange for a ransom payment, the malware authors will provide a key to decrypt your files. Behavior of this malware is well-documented, but small changes often occur as new waves of malspam are sent out.

A similar wave of malspam from Monday 2015-04-27 was reported by techhelplist.com [4]. The next day saw similar activity. This campaign will likely continue. Below is a flow chart from Tuesday” />

The messages have slightly different subject lines, and each email attachment has a different file hash. I infected a host using one of the attachments. Below are links to the associated files:

The ZIP file is password-protected with the standard password. If you dont know it, email admin@malware-traffic-analysis.net and ask.

Infection as Seen from the Desktop

Extracted malware from these email attachments is an SCR file with an Excel icon. ” />

Had to download a Tor browser to get at the decryption instructions. The bitcoin address for the ransom payment is: 18GuppWVuZGqutYvZz9uaHxHcostrU6Upc” />

” />

Dalexis uses an HTTP GET request to download CTB-Locker. The file is encrypted in transit, but I retrieved a decrypted copy from the infected host. Dalexis reports to a command and control (CnC) server after the malware is successfully downloaded.

In the image below, youll find HTTP POST requests to different servers as Dalexis tries to find a CnC server that will respond. ” />

For indicators of compromise (IOCs), a list of domains unique to this infection follows:

(Read: IP address – domain name)

  • 31.170.160.229 – earthfromspace.host56.com
  • 31.170.162.163 – gkl.net76.net
  • 37.187.72.60 – volcanoscreens.com
  • 46.19.37.108 – ip.telize.com
  • 62.149.140.213 – www.gaglianico74.it
  • 85.10.55.30 – lancia.hr
  • 192.185.224.67 – bdfschool.net
  • various – fizxfsi3cad3kn7v.tor2web.org
  • various – fizxfsi3cad3kn7v.onion.cab

Example of Malspam From Tuesday 2015-04-28

From: Eda Uhrhammer
Date: Tuesday, April 28, 2015 at 16:16 UTC
To: [redacted]
Subject: [Issue 5261CC6247C37550] Account #295030013990 Temporarily Locked

Dear user,

We detect unauthorized Login Attempts to your ID #295030013990 from other IP Address.
Please re-confirm your identity. See attached docs for full information.

===
Eda Uhrhammer
Millard Peter
111 Hunter Street East, Peterborough, ON K9H 1G7

CANADA
705-759-7751

Attachment: 295030013990.zip

NOTE: The emails contain various international names, addresses, and phone numbers in the signature block.

Emails Collected

Start time: 2015-04-28 10:00:13 UTC
End time: 2015-04-28 16:16:28 UTC
Emails found: 24

Senders and Subject Lines

  • Sender: chronogram@dorhotels.com – Subject: [Issue 35078504EBA94667] Account #59859805294 Temporarily Locked
  • Sender: sandwiched@upaf.net – Subject: [Issue 84908E27DF477852] Account #40648428303 Temporarily Locked
  • Sender: stashed@wudata.com – Subject: [Issue 8694097116D18193] Account #257547165590 Temporarily Locked
  • Sender: wildcatting@atelier122.com – Subject: [Issue 11123E749D533902] Account #621999149649 Temporarily Locked
  • Sender: blackens@mpzmail.com – Subject: [Issue 24789101648C8407] Account #250874039146 Temporarily Locked
  • Sender: kami@corexsud.com – Subject: [Issue 6412D16736356564] Account #238632826769 Temporarily Locked
  • Sender: rasped@rhfs.com – Subject: [Issue 9139F9678C9A7466] Account #216021389500 Temporarily Locked
  • Sender: jingly@proxis.com – Subject: [Issue 982886631E9E7489] Account #114654416120 Temporarily Locked
  • Sender: exaggerating@cfilc.org – Subject: [Issue 4895D8D81ADE1399] Account #843871639720 Temporarily Locked
  • Sender: achaea@staes.com – Subject: [Issue 72986FD85CE93134] Account #622243029178 Temporarily Locked
  • Sender: wharves@be.grayling.com – Subject: [Issue 27883AA546718876] Account #475770363394 Temporarily Locked
  • Sender: busheling@abbiegram.net – Subject: [Issue 5384A21F5AB26075] Account #717973552140 Temporarily Locked
  • Sender: megacephaly@ielmalta.com – Subject: [Issue 5694B0643FCD587] Account #642271991381 Temporarily Locked
  • Sender: fervorless@timocom.com – Subject: [Issue 8219423F8CFB6864] Account #692223104314 Temporarily Locked
  • Sender: pickles@fei.org – Subject: [Issue 70308834A3929842] Account #339648082242 Temporarily Locked
  • Sender: swartz@johndesmond.com – Subject: [Issue 33190977A2D04088] Account #831865092451 Temporarily Locked
  • Sender: voluntaryism@isporven.com – Subject: [Issue 706584024E142555] Account #196387638377 Temporarily Locked
  • Sender: catalysts@sefurmadrid.com – Subject: [Issue 830689BB76F4615] Account #162723085828 Temporarily Locked
  • Sender: phytane@arboris-us.com – Subject: [Issue 46714D12FB834480] Account #526735661562 Temporarily Locked
  • Sender: pollinises@hanh-ct.org – Subject: [Issue 39494AFE933A5158] Account #552561607876 Temporarily Locked
  • Sender: resents@arkastravel.com – Subject: [Issue 974641F53DD66126] Account #325636779394 Temporarily Locked
  • Sender: addled@dorhotels.com – Subject: [Issue 7505716EA6244832] Account #603263972311 Temporarily Locked
  • Sender: oology@mouzaliotis.com – Subject: [Issue 50438E220A5D7432] Account #906152957589 Temporarily Locked
  • Sender: delighter@alabaisse.com – Subject: [Issue 5261CC6247C37550] Account #295030013990 Temporarily Locked

NOTE: The sending email addresses might be spoofed.

Attachments

  • 114654416120.zip – 19,135 bytes – MD5 hash: 1a9fdce6b6efd094af354a389b0e04da
  • 162723085828.zip – 20,688 bytes – MD5 hash: a1b066361440a5ff6125f15b1ba2e1b1
  • 196387638377.zip – 20,681 bytes – MD5 hash: 01f8976034223337915e4900b76f9f26
  • 216021389500.zip – 19,135 bytes – MD5 hash: ab9a07054a985c6ce31c7d53eee90fbe
  • 238632826769.zip – 19,135 bytes – MD5 hash: 899689538df49556197bf1bac52f1b84
  • 250874039146.zip – 19,135 bytes – MD5 hash: eea0fd780ecad755940110fc7ee6d727
  • 257547165590.zip – 19,114 bytes – MD5 hash: f236e637e17bc44764e43a8041749e6c
  • 295030013990.zip – 20,168 bytes – MD5 hash: eda8075438646c617419eda13700c43a
  • 325636779394.zip – 20,177 bytes – MD5 hash: d00861c5066289ea9cca3f0076f97681
  • 339648082242.zip – 20,703 bytes – MD5 hash: 657e3d615bb1b6e7168319e1f9c5039f
  • 40648428303.zip – 19,113 bytes – MD5 hash: b7fe085962dc7aa7622bd15c3a303b41
  • 475770363394.zip – 20,642 bytes – MD5 hash: 2ba4d511e07090937b5d6305af13db68
  • 526735661562.zip – 20,710 bytes – MD5 hash: 24698aa84b14c42121f96a22fb107d00
  • 552561607876.zip – 20,709 bytes – MD5 hash: 04abf53d3b4d7bb7941a5c8397594db7
  • 59859805294.zip – 19,071 bytes – MD5 hash: b2ca48afbc0eb578a9908af8241f2ae8
  • 603263972311.zip – 20,175 bytes – MD5 hash: fa43842bda650c44db99f5789ef314e3
  • 621999149649.zip – 19,135 bytes – MD5 hash: 802d9abf21c812501400320f2efe7040
  • 622243029178.zip – 20,681 bytes – MD5 hash: 0687f63ce92e57a76b990a8bd5500b69
  • 642271991381.zip – 20,644 bytes – MD5 hash: 0918c8bfed6daac6b63145545d911c72
  • 692223104314.zip – 20,703 bytes – MD5 hash: 2e90e6d71e665b2a079b80979ab0e2cb
  • 717973552140.zip – 20,721 bytes – MD5 hash: 5b8a27e6f366f40cda9c2167d501552e
  • 831865092451.zip – 20,718 bytes – MD5 hash: 9c1acc3f27d7007a44fc0da8fceba120
  • 843871639720.zip – 20,713 bytes – MD5 hash: 1a6b20a5636115ac8ed3c4c4dd73f6aa
  • 906152957589.zip – 20,134 bytes – MD5 hash: b9d19a68205f2a7e2321ca3228aa74d1

Extracted Malware

  • 114654416120.scr – 98,304 bytes – MD5 hash: 46838a76fbf59e9b78d684699417b216
  • 162723085828.scr – 90,112 bytes – MD5 hash: 8f5df86fdf5f3c8e475357bab7bc38e8
  • 196387638377.scr – 90,112 bytes – MD5 hash: 59f71ef10861d1339e9765fb512d991c
  • 216021389500.scr – 98,304 bytes – MD5 hash: 0baa21fab10c7d8c64157ede39453ae5
  • 238632826769.scr – 98,304 bytes – MD5 hash: f953b4c8093276fbde3cfa5e63f990eb
  • 250874039146.scr – 98,304 bytes – MD5 hash: 6580e4ee7d718421128476a1f2f09951
  • 257547165590.scr – 94,208 bytes – MD5 hash: 6a15d6fa9f00d931ca95632697e5ba70
  • 295030013990.scr – 86,016 bytes – MD5 hash: 54c1ac0d5e8fa05255ae594adfe5706e
  • 325636779394.scr – 94,208 bytes – MD5 hash: 08a0c2aaf7653530322f4d7ec738a3df
  • 339648082242.scr – 94,208 bytes – MD5 hash: 1aaecdfd929725c195a7a67fc6be9b4b
  • 40648428303.scr – 94,208 bytes – MD5 hash: f51fcf418c973a94a7d208c3a8a30f19
  • 475770363394.scr – 81,920 bytes – MD5 hash: dbea4b3fb5341ce3ca37272e2b8052ae
  • 526735661562.scr – 94,208 bytes – MD5 hash: c0dc49296b0aec09c5bfefcf4129c29b
  • 552561607876.scr – 98,304 bytes – MD5 hash: 9239ec6fe6703279e959f498919fdfb0
  • 59859805294.scr – 86,016 bytes – MD5 hash: a9d11a69c692b35235ce9c69175f0796
  • 603263972311.scr – 94,208 bytes – MD5 hash: bcaf9ce1881f0f282cec5489ec303585
  • 621999149649.scr – 98,304 bytes – MD5 hash: 70a63f45eb84cb10ab1cc3dfb4ac8a3e
  • 622243029178.scr – 90,112 bytes – MD5 hash: d1b1e371aebfc3d500919e9e33bcd6c1
  • 642271991381.scr – 81,920 bytes – MD5 hash: 15a5acfbccbb80b01e6d270ea8af3789
  • 692223104314.scr – 94,208 bytes – MD5 hash: fa0fe28ffe83ef3dcc5c667bf2127d4c
  • 717973552140.scr – 98,304 bytes – MD5 hash: 646640f63f327296df0767fd0c9454d4
  • 831865092451.scr – 98,304 bytes – MD5 hash: ec872872bff91040d2bc1e4c4619cbbc
  • 843871639720.scr – 98,304 bytes – MD5 hash: b8e8e3ec7f4d6efee311e36613193b8d
  • 906152957589.scr – 94,208 bytes – MD5 hash: 36abcedd5fb6d17038bd7069808574e4

Updates


Brad Duncan, Security Researcher at Rackspace
Blog: www.malware-traffic-analysis.net – Twitter: @malware_traffic

References:

[1] http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=TrojanDownloader:Win32/Dalexis#tab=2
[2] https://heimdalsecurity.com/blog/ctb-locker-ransomware/
[3] https://blogs.mcafee.com/mcafee-labs/rise-backdoor-fckq-ctb-locker
[4] https://techhelplist.com/index.php/spam-list/796-your-account-has-been-something-bad-various-malware

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

TorrentFreak: Experts Urge Canada to Stop Threatening Piracy Notices

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

pirate-runningDue to a recent change i Canada’s copyright law, ISPs are now required to forward copyright infringement notices to their customers.

As a result, hundreds of thousands of Internet subscribers have received warnings in their mailboxes since the start of the year, with some asking for cash settlements.

The so-called notice-and-notice system aims to reduce local piracy rates but this hasn’t been without controversy. From the start, copyright holders have taken advantage of the system to send subscribers settlement offers, or threaten them with inaccurate legal penalties.

Hoping to fix these ‘abuses’ copyright experts and advocacy groups have this week written a letter to Canada’s Minister of Industry, James Moore.

Signed by the University of Ottawa, OpenMedia, Project Gutenberg Canada, Consumers Council of Canada, Electronic Frontier Foundation and many others, the letter warns over abuse while proposing several changes.

“As we feared, copyright trolls have in fact taken advantage of the Notice and Notice system to ramp up their abusive practices in Canada,” the groups write to the Minister.

“We have seen notices claiming infringement of foreign law, misrepresenting the scope of damages recipients potentially face, omitting mention of defenses, and failing to identify the notice as a mere allegation of infringement.”

In the short-term the Minister should use his regulatory powers to correct abuses, the groups suggest. For example, notices should make clear that they represent an allegation, not a clear determination of infringement.

The popular settlement demands or offers, which can amount to hundreds of dollars per notice, should also be banned. In addition, notices should include a mention of copyright exceptions such as fair use.

The groups further propose various penalties for copyright holders. For example, senders of notices with false or misleading information should be held liable and punished appropriately.

In the long-term the letter recommends that the Government should adopt new legislation to tackle copyright trolls and various other forms of abuse.

“Canada requires a legislative response to the abusive and deceitful tactics of a minority of copyright owners and their agents. The emergence of a cottage industry of copyright trolls and their migration to Canada is just one example of how copyright can be abused,” the groups write.

“The next round of copyright reform must include a copyright misuse provision to curb such wrong-doing,” they add.

The full letter, which includes more recommendations, is available here.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Game of Thrones Piracy Surges to New High

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

got5More than a week after the opening episode of the new Game of Thrones season aired it’s evident that piracy is still rampant.

The good news for HBO is that the official broadcast broke ratings records. However, pirated releases have also done the same.

TorrentFreak received some extensive data from media intelligence firm Tru Optik, covering both public and private BitTorrent trackers.

With the four leaked episodes and the “A Day in the Life” documentary included, the company found that there were 32 million downloads across 18 million IP-addresses during the first week.

The first episode generated most interest and was downloaded over 13 million times, which is significantly more than last year. Interestingly, the data for the post broadcast torrent also shows that most downloaders grabbed high quality copies.

The 720p version was most popular with 43.5 percent of post broadcast downloads, followed by the 480p and 1080p copies with 35.1% and 31.4 percent respectively.

In part, this tendency towards high quality content can be explained by the fact that many fans of HD content skipped the lower quality pre-release leak.

GOTqual

Looking at countries from where the downloads were actioned we see that the United States comes out on top. More than 10 percent came from the U.S. followed by France, Brazil, China, Russia, UK, India, Canada, Australia and Spain.

Australia has the most downloaders per capita from that list, and it also has a relatively high piracy ratio compared to legal views.

Of all ‘viewers’ in Australia during the first three days, 32 percent are pirates. In the U.S. the rates are much lower at 8 percent, and the UK and Canada are in the middle with 22 and 19 percent respectively.

gotcountriesCommenting on the findings, Tru Optik notes that there are a lot of potential customers out there, if HBO can connect with them.

“In the US alone, nearly one million consumers downloaded Episode 1, which translates to $44 million in unmonetized demand potential if each of these viewers subscribed to HBO Now for the 3-month duration of GoT Season 5.”

“Many of these viewers are prime prospects for unbundled services like HBO Now,” the company adds.

Over the past three years Game of Thrones has been the most pirated TV-show. Based on the number of downloads over the past week, the same result will be achieved in 2015.

Now let’s see if they can break the “quarter million” swarm record of last year’s season finale.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: HBO Cracks Down on Paying VPN “Pirates”

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

hboIn an effort to gain more subscribers HBO launched its standalone “HBO Now” service earlier this year.

The subscription allows Americans to access HBO’s content, including Game of Thrones, without the need to have a television subscription.

With the offer HBO hopes to drive people away from pirate sites, but it also created a new form of unauthorized use. As with Netflix and Hulu, many people outside the U.S. signed up for the service through VPNs and other geo-unblocking tools.

Although they are paying customers, using HBO Now from outside the U.S. is not permitted under the company’s terms of use.

While Netflix is still fairly lax about geo-unblocking, HBO is now cracking down on the practice. A few days ago thousands of VPN and proxy “pirates” started to receive worrying email warnings.

“It has come to our attention that you may have signed up for and viewed video content on the HBO NOW streaming service from outside of the authorized service area (the United States, including D.C. and certain US territories),” HBO writes.

“We would like to take this opportunity to remind you that the HBO NOW streaming service is only available to residents of the United States, for use within the United States. Any other access is prohibited by our Terms of Use.”

HBO Now warning
HBO-disco

The emails in question target users all over the world, including Canada, the UK, Germany and Australia. Unless they were flagged by mistake, HBO will terminate the accounts of affected subscribers within days and without the option of a refund.

HBO is cracking down on VPN and proxy pirates to protect the value of their licensing deals. If millions of foreigners use the U.S. version, local partners in these countries are going to complain.

However, since legal options are often lacking there’s little doubt that many ‘unauthorized’ viewers will find less official ways to access the shows they love to watch. This time, however, HBO will not get a dime.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Megaupload Canada Servers Battle Reignites

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

The dramatic events of January 2012 in which the gigantic Mega empire of Kim Dotcom was brought to its knees are now more than three years old. Legal argument has dogged the case from day one, with each passing month presenting yet more points of contention.

One of the oldest issues surrounds the hardware seized as part of the global operation to close down what was once the world’s largest centralized file-sharing operation.

The U.S. Government seized 1,103 servers at Carpathia’s hosting facility in the United States, equipment that is currently gathering dust in a Virginia storage facility. Also at issue is a lesser-discussed batch of servers seized in Canada.

On January 18, 2012, a judge in Ontario issued a warrant to seize the 32 servers located in an Equinix datacenter. As the case continued to build against Megaupload, Kim Dotcom and his associates, the U.S. government asked Canadian authorities to hand the hardware over, claiming that an internal Megaupload email revealed them to be “database / number crunching machines.”

A year later in January 2013, Megaupload protested the handing over of the hardware to U.S. authorities claiming that the servers contained a lot of information irrelevant to the case. Megaupload said an independent forensic examiner could examine the servers and determine their contents before any handover.

An Ontario court sided with Megaupload and refused to send the servers’ data to the United States. Instead, both sides were ordered to find a way to filter out irrelevant content.

Now, more than two years later, the issue of just how much of this seized content can be sent to the United States remains an issue. The matter reappeared before a Toronto court Monday, with fresh ideas on how progression can be made.

Crown attorney Moiz Rahman, acting on behalf of the U.S. government, suggested the appointment of an independent group of forensic examiners to inspect the data and determine which data is relevant to the case, CBC reports.

However, Megaupload lawyer Scott Hutchison raised concerns that once back in the United States, the so-called “clean team” might disclose non-relevant information they’d discovered on the servers. Any ruling in Canada to seal their lips would not be enforceable in the U.S., Hutchinson said.

“Once they return to the United States, that’s nothing more than a promise,” the lawyer said.

While conceding that the “vast majority” of the data was likely to be media uploaded by Megaupload’s users, Hutchinson suggested that it would be preferable to hire an independent Canada-based investigator to carry out the work.

But speaking for the Crown on behalf of the U.S., Rahman said that a U.S. team could present the results of its investigation to a Canadian court, which could then decide what information would be allowed back to the United States under current treaty protocol.

“That’s a little bit of cold comfort to me,” said Justice Michael Quigley.

After Rahman claimed that an independent Canadian investigator would prove too expensive, the Judge ordered the parties to present their respective costings to the court before any decision on the fate of the data is made.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Leaked Game of Thrones Episodes Trigger Piracy Craze

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

got5Today’s pre-release leak of four Game of Thrones episodes is without doubt one of the most prominent leaks in TV history.

The first copies, leaked from a review screener, appeared less than 24 hours ago on the private tracker IPT and quickly spread across public torrent sites.

During the first few hours there weren’t too many downloads, but that quickly changed after the news reached the mainstream press.

At the time of writing more than 135,000 people are sharing a single torrent of the first episode of season 5, which has already been downloaded over a million times since its release 18 hours ago.

The other three episodes are hovering around a million downloads as well, and that’s only via public torrent sites. The piracy totals will most likely double if the totals of streaming and direct download sites are added.

The most shared leaked GoT episodes
gotleak

While there’s certainly a piracy craze, with the four leaked episodes being the most pirated files globally at the moment, there’s no record to report just yet.

The unexpected release appears to have scattered the downloads throughout the day. As a result, last year’s record of 254,114 people sharing a single file at the same time is out of reach.

Still, more than a million downloads for a single episode in less than a day is quite impressive.

A snapshot of IP-addresses sharing the most downloaded episode shows that most originate from the UK and US, followed by India, Canada and France.

While all those pirates are surely having a great weekend now, the hangover will probably come later with the realization that it will take more than a month before the next episode comes online.

# Country % City %
torrentfreak.com
1 United Kingdom 9.8% London 3.3%
2 United States 9.1% Athens 2.4%
3 India 7.8% Lisbon 1.9%
4 Canada 5.4% Stockholm 1.8%
5 France 4.2% Bucharest 1.7%
6 Greece 3.3% Madrid 1.7%
7 The Netherlands 3.1% Mumbai 1.4%
8 Australia 3.1% Dubai 1.3%
9 Brazil 3.0% New Delhi 1.3%
10 Philippines 3.0% Toronto 1.1%

Note: The numbers are based on a sample of 21,445 IP-addresses collected over part of the day, which means that there’s a geographical bias. Also, downloaders who use VPNs may appear to be in a different country.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: iiNet loses Dallas Buyers Club Piracy Case

This post was syndicated from: TorrentFreak and was written by: Ben Jones. Original post: at TorrentFreak

dallasBack in 2012, the Australian High Court ruled that ISP iiNet was not responsible for the copyright infringements of its customers. Stymied by that ruling, many Australian file-sharers breathed a sigh of relief, as Antipodean users are usually amongst the last to get content, forgotten in the long-tail of media distribution.

Conversely, it also meant that they were one of the last English-speaking (and English common-law) countries to see the appearance of so-called ‘Speculative Invoicing’, more commonly known as copyright trolling. However, “Down Under” couldn’t escape forever, and eventually the trolls washed up on the shore, in the shape of mega-troll “Dallas Buyers Club” (DBC).

The model should be familiar to most of our readers. A company (or its representative) joins a BitTorrent swarm, and “observes” a number of peers on the torrent. It then applies for a court order for the ISP to hand over the identities behind all those IP addresses so they can be pressured for cash settlement.

The big question was whether the Australian courts would allow for the discovery of subscriber details but in a decision released just minutes ago the courts said ‘yes’. Letters to be sent out to the 4,726 consumers involved will first have to be approved by the court, a move designed to reduce DBC’s ability to overstate the case and the potential penalties involved.

Following a similar ruling in Canada last February, this is the second time these kinds of restrictions have been placed on Dallas Buyers Club/Voltage Pictures. UK ‘trolls’ are also subjected to the same oversight in their initial letters to consumers but subsequent correspondence flies completely under the radar with no court involvement.

In today’s case the judge also ruled that the privacy of the 4726 accounts should be protected but placed no cap on damages. The precise restrictions and justifications will become clear when the verdict is published later today.

The case comes amid growing regulations, with the Australian Government pushing for a voluntary 3-strikes system as well as site-blocking legislation. These two things, combined with today’s ruling, means that VPN use is expected to skyrocket in Australia.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: ISP Teksavvy Appeals in Hurt Locker Piracy Case

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

After numerous experiments elsewhere, notably in the US, two years ago Voltage Pictures took its turn piracy-into-profit business model to Canada.

The company’s targets were 2,000 Internet subscribers at local ISP Teksavvy. The early stages of the case saw the ISP dig in its heels while bringing on board the Canadian Internet Policy and Public Interest Clinic (CIPPIC) with the aim of protecting consumers from potentially large fines.

While CIPPIC was allowed to intervene, the subscribers’ identities were ordered to be handed over and with that in hand the arguments turned to who would have to pay for proceedings thus far.

Needless to say, Voltage Pictures’ and Teksavvy’s assessments were at the opposite ends of the spectrum, with the former saying that should it pay around $884.00 and the latter claiming a few hundred thousand dollars, $346,480.68 to be exact.

In the event the court rejected both sides’ claims, but the ruling was far away from Teksavvy’s expectations. The Federal Court told Voltage to pay $21,557 – $17,057 in technical administrative costs plus $4,500 in legal fees – associated with the IP-address lookups.

After being awarded just 6% of its original claim, it comes as little surprise that the ISP has now filed an appeal against the decision.

Teksavvy says that Prothonotary Aronovitch’s decision to disallow the large majority of its claim was flawed in that it was “based upon a wrong principle, an error of law and/or misapprehensions of the fact that cannot reasonably be supported by the evidence.”

Outlining its case, the ISP says that Prothonotary Aronovitch improperly interpreted the scope of an earlier decision by Prothonotary Aalto concerning Norwich order (disclosure order) jurisprudence, including the nature of costs to which an innocent third-party respondent (Teksavvy in this case) is entitled.

The ISP further asserts that Prothonotary Aronovitch relied on “irrelevant jurisprudence” to justify excluding Teksavvy’s costs and disallowing costs on the basis they amounted to the “costs of doing business.”

In support of several other complaints and claims, Teksavvy demands a four-hour hearing to outline why it should achieve the following:

– An order which awards Teksavvy “reasonable legal costs, administrative costs and disbursements” or an amount the Court deems “just and appropriate”

– An order which awards Teksavvy its costs in the previous hearing before Prothonotary Aronovitch

– An award for the costs of this appeal, plus any “further and other relief” the court might deem “just”

Commenting on Teksavvy’s decision to appeal, copyright lawyer Howard Knopf says that the ISP’s earlier decision to “take no position” on the original Voltage disclosure application may have cost the company dearly.

“This appears to have been a key factor in the Federal Court’s refusal to reward TekSavvy and its counsel with almost $180,000 in legal fees,” Knopf writes.

“Ironically, if TekSavvy had actually opposed Voltage’s motion, it may well have been in a much better position to successfully seek costs. Prothonotary Aronovitch cites [a similar case] where two the ISPs actively opposed the disclosure motion. In that case, the Court ultimately denied the motion but awarded the costs of the motion to the third-party ISPs who had opposed it.”

So while the parties battle it out under appeal, there is still the matter of the consumers who are expecting a letter through the post from Voltage Pictures. Those letters still haven’t gone out and before they do so their content much be approved by the court. While that may offer recipients some protection, the end game is almost guaranteed – demands for some kind of cash settlement to avoid supposed legal action.

And according to Voltage counsel James Zibarras, that be could more costly than people might have been led to believe.

Discussions thus far have indicated that statutory damages in such cases sit at $5,000. However, Zibarras says that plaintiffs can also opt for actual damages instead. These take into consideration damages caused by those who distribute content as well as upload, he says.

“And this is the thing, the people that Voltage goes after… technically aren’t downloaders. What Voltage goes after is people that make their product available for upload,” Zibarras says.

“Once you switch to actual [damages], then there’s no cap, it’s whatever we can prove.”

While that assertion is refuted by lawyer Howard Knopf, one thing is for certain. Voltage certainly sees dollar signs in this action and it’s not going to be giving up anytime soon.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Why Game Of Thrones Will Be The Most Pirated TV-Show, Again

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

got5Mid April the first episode of Game of Thrones’ fifth season will find its way onto dozens of torrent sites.

Like previous years, a few hours later millions of people will have downloaded this unofficial release.

Traditionally, pirates have used “availability” as an excuse to download movies and TV-shows from illegal sources. In some countries there is simply no legal option available, the arguments often go.

To remove this piracy incentive HBO has made sure that the new Game of Thrones series is available in as many countries as possible. The company recently announced that it will air in 170 countries roughly at the same time as the U.S. release.

This decision is being framed as an anti-piracy move and may indeed have some effect. However, availability is not the only reason why so many people choose to download the show from unauthorized sources.

In fact, if we look at the list of countries where most Game of Thrones downloaders came from last year, we see that it was legally available in all of these countries.

Data gathered during the first 12 hours of the season 4 premiere revealed that most downloads originated from Australia, followed by the United States, the United Kingdom, Canada and the Netherlands. So there must be something else going on.

Pricing perhaps?

The price tag attached to many of legal services may be too high for some. In Australia, for example, it cost $500 to follow last year’s season and in the U.S. some packages were priced as high as $100 per month.

This year there is some positive change to report in the US, as iTunes now offers a $15-per-month subscription without the need for a cable subscription. But if the steep prices remain in most countries it’s unlikely that the piracy rates will drop significantly.

This is nothing new for HBO of course. The company has probably considered offering separate and cheaper Game of Thrones packages, but while this may result in less pirates it will also severely hurt the value of their licensing deals and full subscription plans.

And aside from the financials, piracy also has it upsides.

Game of Thrones director David Petrarca previously admitted that piracy generated much-needed “cultural buzz” around his show. Similarly, Jeff Bewkes, CEO of HBO’s parent company Time Warner, noted that piracy resulted in more subscriptions for his company and that receiving the title of “most-pirated” was “better than an Emmy.

All in all it’s safe to say that Game of Thrones will be crowned the most pirated TV-show again in 2015. The only uncertainty right now is whether it will break last year’s BitTorrent “swarm record,” which currently stands at 254,114 simultaneous sharers.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Schneier on Security: Capabilities of Canada’s Communications Security Establishment

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

There’s a new story about the hacking capabilities of Canada’s Communications Security Establishment (CSE), based on the Snowden documents.

TorrentFreak: Exposing Canadian Pirates Costs $11 Per IP-Address

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

hurt-locker-lawMore than two years ago movie studio Voltage Pictures took its legal crusade against pirating BitTorrent users to Canada.

After targeting tens of thousands of people in the US, the company hoped to expose 2,000 Internet subscribers of Canadian ISP TekSavvy. The studio behind “The Hurt Locker” argued that they have a solid case under the Copyright Act.

The efforts led to objections from the Canadian Internet Policy and Public Interest Clinic (CIPPIC) who demanded safeguards so Voltage wouldn’t demand hefty fines from subscribers without oversight. The court agreed on this, but allowed the customers to be exposed.

The only matter that remained were the costs associated with identifying the alleged pirates. According to Voltage these would only be a few hundred Canadian dollars, but Teksavvy claimed more that $350,000.

This week the Federal Court ruled on the matter (pdf), settling the costs at $21,557. This includes $17,057 in technical administrative costs and $4,500 in legal fees associated with the IP-address lookups.

The total sum translates to roughly $11 per IP-address, which is a tiny fraction of the thousands of dollars in settlements Voltage usually requests.

The Court decided not to award any assessment costs, noting that both parties are intent on disparaging each other’s business practices. Taking claims from both sides into account it concluded that neither party should be rewarded for its conduct.

“TekSavvy, without justification, has greatly exaggerated its claim, while Voltage has unreasonably sought to trivialize it based on unreliable and largely irrelevant evidence,” Judge Aronovitch writes.

In the future it would be wise to agree on a fixed rate for linking IP-addresses to the personal details of subscribers before taking the matter to court, the Judge further notes.

“The best practice, in my view, would be for the rights holder to ascertain, in advance, with clarity and precision, the method of correlation used by the ISP, as well as the time and costs attendant on the execution of the work based, to begin, on a hypothetical number of IP addresses.”

The verdict opens the door for more of these cases in Canada. The question is, however, whether the costs and the restrictions still make it worthwhile.

University of Ottawa professor Michael Geist, who followed the case closely, believes this troll-type activity may not be as financially viable as Voltage has hoped.

“With the cap on liability for non-commercial infringement, the further costs of litigating against individuals, the actual value of the works, and the need to obtain court approval on demand letters, it is hard to see how this is a business model that works,” Geist notes.

Voltage, however, appears to be determined to continue its actions against the subscribers. The studio’s lawyer is happy with the verdict and says the decision “confirms the court’s commitment to facilitate anti-piracy and allow companies like Voltage to pursue pirates.”

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Krebs on Security: ‘AntiDetect’ Helps Thieves Hide Digital Fingerprints

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

As a greater number of banks in the United States shift to issuing more secure credit and debit cards with embedded chip technology, fraudsters are going to direct more of their attacks against online merchants. No surprise, then, that thieves increasingly are turning to an emerging set of software tools to help them evade fraud detection schemes employed by many e-commerce companies.

Every browser has a relatively unique “fingerprint” that is shared with Web sites. That signature is derived from dozens of qualities, including the computer’s operating system type, various plugins installed, the browser’s language setting and its time zone. Banks can leverage fingerprinting to flag transactions that occur from a browser the bank has never seen associated with a customer’s account.

Payment service providers and online stores often use browser fingerprinting to block transactions from browsers that have previously been associated with unauthorized sales (or a high volume of sales for the same or similar product in a short period of time).

In January, several media outlets wrote about a crimeware tool called FraudFox, which is marketed as a way to help crooks sidestep browser fingerprinting. However, FraudFox is merely the latest competitor to emerge in a fairly established marketplace of tools aimed at helping thieves cash out stolen cards at online merchants.

Another fraudster-friendly tool that’s been around the underground hacker forums even longer is called Antidetect. Currently in version 6.0.0.1, Antidetect allows users to very quickly and easily change components of the their system to avoid browser fingerprinting, including the browser type (Safari, IE, Chrome, etc.), version, language, user agent, Adobe Flash version, number and type of other plugins, as well as operating system settings such as OS and processor type, time zone and screen resolution.

Antidetect is marketed to fraudsters involved in ripping off online stores.

Antidetect is marketed to fraudsters involved in ripping off online stores.

The seller of this product shared the video below of someone using Antidetect along with a stolen credit card to buy three different downloadable software titles from gaming giant Origin.com. That video has been edited for brevity and to remove sensitive information; my version also includes captions to describe what’s going on throughout the video.

In it, the fraudster uses Antidetect to generate a fresh, unique browser configuration, and then uses a bundled tool that makes it simple to proxy communications through one of a hundreds of compromised systems around the world. He picks a proxy in Ontario, Canada, and then changes the time zone on his virtual machine to match Ontario’s.

Then our demonstrator goes to a carding shop and buys a credit card stolen from a woman who lives in Ontario. After he checks to ensure the card is still valid, he heads over the origin.com and uses the card to buy more than $200 in downloadable games that can be easily resold for cash. When the transactions are complete, he uses Antidetect to create a new browser configuration, and restarts the entire process — (which takes about 5 minutes from browser generation and proxy configuration to selecting a new card and purchasing software with it). Click the icon in the bottom right corner of the video player for the full-screen version.

I think it’s safe to say we can expect to see more complex anti-fingerprinting tools come on the cybercriminal market as fewer banks in the United States issue chipless cards. There is also no question that card-not-present fraud will spike as more banks in the US issue chipped cards; this same increase in card-not-present fraud has occurred in virtually every country that made the chip card transition, including Australia, Canada, France and the United Kingdom. The only question is: Are online merchants ready for the coming e-commerce fraud wave?

TorrentFreak: Music Industry Demands Action Against “Pirate” Domain Names

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

cassetteIn recent years copyright holders have demanded stricter anti-piracy measures from ISPs, search engines, advertising networks and payment processors, with varying results.

Continuing this trend various entertainment industry groups are now going after companies that offer domain name services.

The MPAA, for example, has joined the domain name system oversight body ICANN and is pushing for policy changes from the inside.

A few days ago the RIAA added more pressure. The music group sent a letter to ICANN on behalf of several industry players asking for tougher measures against pirate domains.

The RIAA’s senior vice president Victoria Sheckler wants the Internet to be a safe place for all, where music creation and distribution can thrive.

“… we expect all in the internet ecosystem to take responsible measures to deter copyright infringement to help meet this goal,” she notes.

The music groups believe, however, that domain registrars don’t do enough to combat piracy. ICANN’s most recent registrar agreement states that domain names should not be used for copyright infringement, but most registrars fail to take action in response.

Instead, many registrars simply note that it’s not their responsibility to act against pirate sites.

“We […] do not see how it is an appropriate response from a registrar to tell a complainant that it has investigated or responded appropriately to a copyright abuse complaint by stating it does not provide non-registrar related services to the site in question,” Sheckler writes.

In what appears to be a coordinated effort to pressure ICANN and other players in the domain name industry, the U.S. Government also chimed in last week.

According to the U.S. Trade Representative, Canada-based Tucows is reported as “an example of a registrar that fails to take action when notified of its clients’ infringing activity.”

Despite the critique, it’s far from clear that Tucows and other registrars are doing anything wrong. In fact, the Electronic Frontier Foundation notes that there is no law requiring registrars to disconnect pirate sites.

“Domain registrars do not have an obligation to respond to a random third party’s complaints about the behavior of a domain name user. Unless ordered by a court, registrars cannot be compelled to take down a website,” notes Jeremy Malcolm, EFF’s Senior Global Policy Analyst.

“What the entertainment industry groups are doing is exaggerating the obligations that registrars of global top-level domains (gTLDs) have under their agreement with ICANN to investigate reports of illegal activity by domain owners, an expansion of responsibilities that is, to put it mildly, extremely controversial, and not reflected in current laws or norms.”

Law or no law, the entertainment industry groups are not expected to back down. They hope that ICANN will help to convince registrars that pirate sites should be disconnected, whether they like it or not.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Raspberry Pi: Pi Day is around the corner!

This post was syndicated from: Raspberry Pi and was written by: Matt Richardson. Original post: at Raspberry Pi

Pi Day

From Hawaii to New York City and beyond, Pi Day will be here this Saturday, March 14th. To celebrate, there are a bunch of Raspberry Pi events happening across the United States and all over the world. Some of these are big affairs, like at the Computer History Museum in Mountain View, CA and others are small gatherings in libraries or makerspaces. Scan the list below to find out if there’s a Pi Day event happening near you:

Austin, TX

transparent-sxcreate_logo-dates-location_cmyk-b
A few of us will be at SX Create, which is part of the SXSW Interactive festival. We’ll have a few demos and hands on activities that we’re excited to share. We’ll also be surrounded by companies, products, and organizations all related to hacking and tinkering with technology. Even though we’re especially excited about Pi Day on Saturday, we’ll be there for all of SX Create, which runs from March 13 to 15 and is free and open-to-the-public.

We’ll also be joining our friends from Wolfram to celebrate “Super Pi Moment” on 3/14/15 at 9:26:53 am. They’ll have a countdown, FREE Pi(e), contests, and a special “selfie station” to capture the moment. This event is open to SXSW Interactive attendees and is right outside the Austin Convention Center.

Mountain View, CA

chm_pms

You’ll want to get to The Computer History Museum’s Pi Day Celebration early since visitors who arrive before 9:26am that day will be given free admission to their fantastic museum. And if you’re a little late, you can enjoy half-off admission until 10am. From 11:30am until 6:00pm, there will be Raspberry Pi workshops and a showcase of projects followed by Pie, Pizza, and Pints until 6:00pm.

St. Louis, MO

There’s a very strong community of Raspberry Pi users in St. Louis, MO so of course they’re getting together to celebrate Pi Day! The organizers say, “This Jam will build on what we’ve learned from previous events. Both as organizers and enthusiasts. As always we welcome new-comers young and old alike. We would also like to extend invitations to those in the business community looking to develop the Pi into products. Of course, we are hobbyists at heart so we really want to see the unique, strange, and ‘how did you do that?!’ projects.”

Little Rock, AR

Go out on a limb

In Arkansas, a third annual bake-off will take place at the Arkansas Regional Innovation Hub. Organizers David J. Hinson and Tony Bates of Arkansas Geek Central had this to say:

Students, makers, and creatives are invited to bring their Raspberry Pi creations to compete for prizes, prestige, and ­ most importantly ­ bragging rights! In addition to the project competition, workshops and labs will be held for people just getting started with the Raspberry Pi, and for those interested in learning how to get the most out of their Raspberry Pi creations.

Visit their site for more information about this Pi Day event.

Upper Lake, CA

Upper Lake Library will be having a Raspberry Pi Day at 310 Second Street in Upper Lake, CA from 10:30am to 12:00pm. They’ll be running an introduction to Raspberry Pi workshop and hope to start a user group.

Columbia, MO

Check out the MORE Raspberry Jam at the MOREnet offices in Columbia, MO from 1:00pm to 4:00pm. They’ll have people presenting projects there, you can join in; just click here to register to attend or show off your Raspberry Pi project.

Wailuku, HI

Maui Makers is hosting Pi Day in their new space in Wailuku Hawaii. Their celebration runs all day with multiple events throughout the day. You can come to learn about Raspberry Pi or show off what you’ve done with our computer.

Mobile, AL

As a part of Teen Tech Week at the Mobile Public Library, Mobile Makerspace is having a Pi Day Celebration complete with demonstrations of 3D printers, quadcopter drones, Arduino, and of course Raspberry Pi projects from 10:00am to 1:00pm at Ben May Main Library.

Brooklyn, NY

In the DUMBO neighborhood of Brooklyn, digital agency HUGE is hosting a Pi Day Hackathon. Participants get 3 hours and 14 minutes to make a pi-themed creation (numerical constant, food, or Raspberry related) and then have 3 minutes and 14 seconds to show it off to the others. RSVP is required, so click here for more details and how to register.

Palm City, FL

Adults, teens, and tech-savvy kids are welcome to attend the Cummings Library idea lab, where they’ll show off Raspberry Pi from 2:00pm to 4:00pm. Stop by to play and we hear that they’ll even throw in a free slice of pie.

Melbourne, FL

Melbourne Makerspace in Central Florida is launching their Pi Day Celebration at pi moment, that’s 9:26am. RSVP here if you’d like to attend.

Norwalk, CT

The Fairfield County Makers’ Guild is celebrating their one year anniversary and they want to show you what they’ve been up to! Join them on Pi Day for their open house from 10:00am to 2:00pm for demos, project workshops, and so much more.

Outside the United States

Even though Pi Day is based on the funky date formatting within the United States, it’s celebrated all over the world! Here are a bunch of Pi Day events happening outside the US:

Krebs on Security: Point-of-Sale Vendor NEXTEP Probes Breach

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

NEXTEP Systems, a Troy, Mich.-based vendor of point-of-sale solutions for restaurants, corporate cafeterias, casinos, airports and other food service venues, was recently notified by law enforcement that some of its customer locations have been compromised in a potentially wide-ranging credit card breach, KrebsOnSecurity has learned.

nextepThe acknowledgement came in response to reports by sources in the financial industry who spotted a pattern of fraud on credit cards all recently used at one of NEXTEP’S biggest customers: Zoup, a chain of some 75 soup eateries spread across the northern half of the United States and Canada.

Last week, KrebsOnSecurity reached out to Zoup after hearing from financial industry sources about fraud patterns indicating some sort of card compromise at many Zoup locations. Zoup CEO Eric Ersher referred calls to NEXTEP, saying that NEXTEP was recently informed of a security issue with its point-of-sale devices. Ersher said Zoup runs NEXTEP’s point-of-sale devices across its entire chain of stores.

In an emailed statement, NEXTEP President Tommy Woycik confirmed Ersher’s account, but emphasized that the company does not believe all of its customers are impacted.

“NEXTEP was recently notified by law enforcement that the security of the systems at some of our customer locations may have been compromised,” Woycik wrote. “NEXTEP immediately launched an investigation in cooperation with law enforcement and data security experts we retained to determine the root cause and remediate the issue. We do know that this is NOT affecting all NEXTEP customers, and we have been working with our customers to ensure that any issues are addressed.  This remains an ongoing investigation with law enforcement. At this stage, we are not certain of the extent of the breach, and are working around the clock to ensure a complete resolution.”

A breach at a point-of-sale vendor can impact a large number of organizations, and historically the chief victims of POS vendor breaches have been food service establishments. Last year, a pattern of credit card fraud at hundreds of Jimmy Johns sandwich shops across the country was traced back to security weaknesses that fraudsters were exploiting in point-of-sale systems produced by POS vendor Signature Systems Inc. Signature later disclosed that the breach also impacted at least 100 other independent restaurants that use its products.

Earlier this year, Denver-based point-of-sale vendor Advanced Restaurant Management Applications (ARMA) disclosed that malware attacks on its POS devices exposed credit and debit cards for a number of its clients’ customers in Colorado, many of them restaurants.

Another point-of-sale vendor breach uncovered last year by KrebsOnSecurity — that of C&K Systems — lasted 18 months and resulted in card fraud for customers of some 330 Goodwill locations nationwide.

It’s unclear what’s behind the NEXTEP breach, but if previous such breaches are any indicator the incident may have involved stolen credentials used to remotely administer affected point-of-sale systems. In June 2014, POS vendor Information Systems & Supplies Inc. notified (PDF) customers that a breach of its Log-Me-In account exposed credit card data of stores that used its systems for nearly two months last year.

With remote access to point-of-sale devices, crooks can then upload card-stealing malicious software to the POS terminals. The stolen card data is quite valuable — typically selling for anywhere from $20 to $100 per card on underground cybercrime stores. Crooks can encode the stolen card data onto anything with a magnetic stripe and use the counterfeit cards to buy high-dollar merchandise at big box stores.

It seems quite likely that we’ll hear about additional breaches at POS vendors in the weeks ahead. KrebsOnSecurity is currently in the process of tracking down the common thread behind what appear to be breached POS vendors tied to three different major cities around the country.

 

TorrentFreak: Aussie Anti-Piracy Plans Boost Demand for Anonymous VPNs

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

spyAustralia has been called out as the world’s piracy capital for several years, a claim that eventually captured the attention of the local Government.

After negotiations between ISPs and entertainment companies bore no fruit, authorities demanded voluntary anti-piracy measures from Internet providers. If that failed, the Government threatened to tighten the law.

Faced with an ultimatum the telecoms body Communications Alliance published a draft proposal on behalf of the ISPs, outlining a three-strikes notification system.

Titled ‘Copyright Notice Scheme Industry Code‘, the proposal suggests that ISPs start to forward infringement notices to their subscribers. After the initial notice subscribers are warned that copyright holders may go to court to obtain their identities.

Several groups have voiced their concerns in response. Australia’s leading consumer group Choice, for example, warns over the potential for lawsuits and potentially limitless fines.

These threats haven’t gone unnoticed by the general public either. While the proposals have not yet been implemented, many Australians are already taking countermeasures.

Over the past two weeks many file-sharers have been seeking tools to hide their IP-addresses and bypass the proposed monitoring system. By using VPN services or BitTorrent proxies their sharing activities can no longer be linked to their ISP account, rendering the three-strikes system useless.

Data from Google trends reveals that interest in anonymizing services has surged, with searches for “VPN” nearly doubling in recent days. This effect, shown in the graph below, is limited to Australia and appears to be a direct result of the ISPs proposals.

Google searches for VPN in Australia
aussievpn

TF spoke to several VPN providers who noticed an increase in both traffic and sales from down under. TorGuard, a VPN and BitTorrent proxy provider, saw the number of Australian visitors and subscribers increase significantly, as seen in the traffic graph below.

“TorGuard has seen a steady increase in Australian subscribers and this new surge of users shows no signs of slowing. To keep up with the demand from this region we have recently added many new VPN servers in Australia, New Zealand, and Los Angeles,”

TorGuard Aussie traffic increase
aussietorg

Another VPN service, which preferred not to be named, also witnessed a similar spike in interest from Australians.

“We are seeing a peak in traffic and sales from Australia. In the past two weeks we saw an 88% traffic increase,” the VPN provider informed us.

These changes have to be seen in perspective of course. It’s still only a fraction of Aussie file-sharers who have taken countermeasures. However, it’s a clear signal that warnings are not the silver bullet to stop piracy.

The Aussie case is not the first time that anti-piracy measures have turned people to anonymizing tools. The same happened when the US Copyright Alert System launched, and earlier this year there was also a spike in Canada when ISPs began forwarding piracy notices.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: U.S. Government Lists Top Torrent Sites as Piracy Havens

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

In its latest “Out-of-Cycle Review of Notorious Markets” report the United States Trade Representative (USTR) lists some of the world’s largest file-sharing sites as venues for prolific copyright infringement.

“Commercial scale trademark counterfeiting and copyright piracy cause significant financial losses for rights holders and legitimate businesses, undermine critical U.S. comparative advantages in innovation and creativity to the detriment of American workers, and can pose significant risks to consumer health and safety,” the report begins.

“The Notorious Markets List (“List”) highlights select online and physical marketplaces that reportedly engage in and facilitate substantial copyright piracy and trademark counterfeiting.”

Torrent Sites

It’s no surprise that The Pirate Bay is on the USTR list again this year but its first mention is framed as a success. The December 2014 raid against the famous site is quite properly noted but then subsequent references paint a confusing picture.

While the USTR correctly notes that the site eventually resumed operations at ThePirateBay.se, it also claims that the site first came back online at ThePirateBay.si “as well as under several other domain names”. This account runs counter to the actual sequence of events which were regularly documented online.

Although not mentioned specifically by name, numerous PirateBay clones also make an appearance, notably the version created by the IsoHunt.to team.

KickassTorrents is also proving to be a thorn in the side of the USTR. Now reporting that the site is based in Canada, the U.S. government notes that the site reaped the rewards of the Pirate Bay takedown in December by scooping up additional traffic. It notes that the site has had domain name difficulties recently (praising the action by the .SO registry) but concedes that the site remains fully operational.

Meta-search engine Torrentz.eu makes another appearance on the list this year but with an added twist. The USTR is now referring to the site as being part of a group called ‘Movshare Group/Private Layer’ which includes various Torrentz domains plus Putlocker.is, Nowvideo, Movshare, BitSnoop and Novamov, among others.

“This group of affiliated and extremely popular sites, with ties to Switzerland,
Netherlands, Panama, Canada, and other countries, reportedly uses multiple technologies to make available countless unauthorized copies of movies, games, music, audiobooks, software, and sporting event broadcasts,” the USTR writes.

YTS.re or YIFY as it’s still known, receives particular focus in the U.S. government report. Noting that the site has millions of visitors every month and is continuing to grow, the report makes a curious allegation – that YTS is responsible for creating Popcorn Time.

“Yts.re’s operators also created a desktop torrent streaming application called ‘Popcorn Time,’ similar to [Spanish-focused version] ‘Cuevana Storm’,” the report reads.

An interesting situation has also developed around Bulgarian torrent sites Zamunda and Arena.bg. Both sites have been present on the USTR’s list for many years and in practical terms nothing has changed in respect of the way the sites offer copyrighted material. However, the U.S. government now says that both will now be removed from the list.

“[In] recognition of Bulgarian law enforcement efforts and recent reports that the operators of these sites agreed with rights holders to remove links to unauthorized movies upon notification, the sites [have been removed],” the report reads.

Predictably the massively popular Russia-based RuTracker remains a “notorious site” this time around but the problems facing war-torn Ukraine haven’t given that country a free pass. The USTR remains concerned over the country’s approach to protecting copyright so torrent site ExtraTorrent.cc remains on the list alongside hosting site EX.ua.

A curious addition to the list is the Spain-focused EliteTorrent. Criticized for removing content following rightsholder complaints only to replace it at a later date, the site no longer exists having shut itself down in January 2015.

Cyberlockers

With millions of visitors every day, file-hosting site 4shared heads the USTR list. The government notes that the site works with rightsholders by implementing a scanning system to remove unauthorized material but apparently that’s not enough. Complaints from the music industry means that the site remains on the list this time around.

Uploaded.net, another regular feature of the USTR report, makes another appearance this time around. While claiming the site has alleged links to Switzerland and Netherlands, the U.S. government plucks figures directly from the recent and controversial NetNames cyberlocker report by claiming the site generates $6 million per year in revenues.

With Google being asked to remove close to 10 million links from ZippyShare.com, it’s little surprise that the file-hosting site is present on this year’s list.

“The site offers features that make piracy more ‘infringer friendly,’ including through accelerated downloading. Its revenues reportedly come from paid advertising, which targets the millions of users who download files from the site,” the report reads.

But despite being one of the largest sites of its type, Russia’s Rapidgator gets only a short mention, possibly due to the USTR’s belief that its popularity is declining. Social network VK or vKontakte is given much more focus, however. The USTR cautiously notes the site’s efforts to reduce infringement but concludes that much more needs to be done.

On the linking front Baixeturbo.org gets a notable mention.The site has been in operation for almost seven years and is reportedly popular with Brazilians. However, it’s hosted in the UK so should in theory be an easy site for the Police Intellectual Property Crime Unit to disrupt. Nevertheless, it remains online and features prominently in the USTR’s list.

Domain registrars

The USTR Notorious Markets report usually focused on sites and services involved in online copyright infringement, but this time around the government appears to be widening the net. For the first time legitimate companies that simply register domain names are being put under the spotlight.

“This year, USTR is highlighting the issue of certain domain name registrars. Registrars are the commercial entities or organizations that manage the registration of Internet domain names, and some of them reportedly are playing a role in supporting counterfeiting and piracy online,” the report reads.

“Some registrars..[..]…reportedly disobey court orders and other communications, including from government enforcement authorities. Some registrars apparently even advertise to the online community that they will not take action against illicit activity, presumably to incentivize registrations by owners and operators of illicit sites.”

The USTR singles out Canada-based Tucows as “an example of a registrar that fails to take action when notified of its clients’ infringing activity. Consistent with the discussion above, USTR encourages the operators of Tucows to work with relevant stakeholders to address complaints,” the USTR writes.

Successes

In common with previous years the report begins with a short summary of successes. Spanish site Seriesyonkis.com and Blu-ray ripping software vendor Aiseesoft were commended for their positive actions and with some reservations noted, Chinese site Xunlei was removed from the latest list.

Action taken against the German-based linking site Boerse.bz was also deemed worthy of a mention but its resurrection as Boerse.to was relegated to a fine-print footnote.

Putlocker.com, a site reportedly targeted by law enforcement in 2012 and 2013 (later rebranding to FireDrive in 2014) has also been removed from the list. The USTR notes that the site may not have completely mended its ways but since traffic has dropped dramatically the site has lost its “notorious” status.

Conclusion

While there are no real surprises in the report, the addition of domain registrars is a notable development. Expect this element to grow in future editions and for the cat and mouse game with most other sites to continue.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

[Медийно право] [Нели Огнянова] : 5G

This post was syndicated from: [Медийно право] [Нели Огнянова] and was written by: nellyo. Original post: at [Медийно право] [Нели Огнянова]

Европейската комисия представя днес възгледа на ЕС за 5G.

Какво да очакваме от 5G:  от ЕК   и от шефа на Ериксон .

За сведение, преди година според Блумбърг положението с 4G LTE e било такова –  по страни 

Rank Country/Territory Penetration
1  South Korea 62.0%
2  Japan 21.3%
3  Australia 21.1%
4  United States 19.0%
5  Sweden 14.0%
6  Canada 8.1%
7  United Kingdom 5.0%
8  Germany 3.0%
9  Russia 2.0%
10  Philippines 1.0%

TorrentFreak: Which VPN Services Take Your Anonymity Seriously? 2015 Edition

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

spyBy now most Internet users are well aware of the fact that pretty much every step they take on the Internet is logged or monitored.

To prevent their IP-addresses from being visible to the rest of the Internet, millions of people have signed up to a VPN service. Using a VPN allows users to use the Internet anonymously and prevent snooping.

Unfortunately, not all VPN services are as anonymous as they claim, as several incidents have shown in the past.

By popular demand we now present the fourth iteration of our VPN services “logging” review. In addition to questions about logging practices, we also asked VPN providers about other privacy sensitive policies, so prospective users can make an informed decision.

1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, exactly what information do you hold and for how long?

2. Under what jurisdiction(s) does your company operate?

3. What tools are used to monitor and mitigate abuse of your service?

4. Do you use any external email providers (e.g. Google Apps) or support tools ( e.g Live support, Zendesk) that hold information provided by users?

5. In the event you receive a DMCA takedown notice or European equivalent, how are these handled?

6. What steps are taken when a valid court order requires your company to identify an active user of your service? Has this ever happened?

7. Does your company have a warrant canary or a similar solution to alert customers to gag orders?

8. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?

9. Which payment systems do you use and how are these linked to individual user accounts?

10. What is the most secure VPN connection and encryption algorithm you would recommend to your users? Do you provide tools such as “kill switches” if a connection drops and DNS leak protection?

11. Do you use your own DNS servers? (if not, which servers do you use?)

12. Do you have physical control over your VPN servers and network or are they outsourced and hosted by a third party (if so, which ones)? Where are your servers located?

Below is the list of responses we received from various VPN providers, in their own words. In some cases we asked for further clarification. VPN providers who keep logs for longer than 7 days were excluded, and others who simply failed to respond.

Please note that several VPN companies listed here do log to some extent. We therefore divided the responses into a category of providers who keep no logs (page 1/2) and one for who keep usage and/or session logs (page 3). The order of the VPNs within each category holds no value.

We are also working on a convenient overview page as well as dedicated review pages for all providers, with the option for users to rate theirs and add a custom review. These will be added in the near future.

VPNs That keep No Logs

Private Internet Access

piavpn1. We do not log, period. This includes, but is not limited to, any traffic data, DNS data or meta (session) data. Privacy IS our policy.

2. We choose to operate in the US in order to provide no logging service, as there is no mandatory data retention law in the US. Additionally, our beloved clients are given access to some of the strongest consumer protection laws, and thus, are able to purchase with confidence.

3. We do not monitor our users, period. That said, we have a proprietary system in place to help mitigate abuse.

4. We utilize SendGrid as an external mailing system and encourage users to create an anonymous e-mail when signing up depending on their adversarial risk level. Our support system is in-house as we utilize Kayako.

5. We have a proprietary system in place that allows us to comply in full with DMCA takedown notices without disrupting our users’ privacy. Because we do not log our users’ activities in order to protect and respect their privacy, we are unable to identify particular users that may be infringing the lawful copyrights of others.

6. We do not log and therefore are unable to provide information about any users of our service. We have not, to date, been served with a valid court order that has required us to provide something we do not have.

7. We do not have a warrant canary in place at this time as the concept of a warrant canary is, in fact, flawed at this time, or in other words, is “security theater.”

8. We do not attempt to filter, monitor, censor or interfere in our users’ activity in any way, shape or form. BitTorrent is, by definition, allowed.

9. We utilize a variety of payment systems including, but not limited to, PayPal, Stripe, Amazon, Google, Bitcoin, Stellar, CashU, Ripple, Most Major Store Bought Gift card, PIA Gift cards (available in retail stores for “cash”), and more. We utilize a hashing system to keep track of payments and credit them properly while ensuring the strongest levels of privacy for our users.

10. The most secure VPN connection and encryption algorithm that we would recommend to our users would be our suite of AES-256, RSA 4096 and SHA1 or 256. However, AES-128 should still be considered quite safe. For users of Private Internet Access specifically, we offer addon tools to help ensure our beloved clients’ privacies including:

– Kill Switch : Ensures that traffic is only routed through the VPN such that if the VPN connection is unexpectedly terminated, the traffic would simply not be routed.
– IPv6 Leak Protection : Protects clients from websites which may include IPv6 embeds which could leak IPv6 IP information.
– DNS Leak Protection : This is built in and ensures that DNS requests are made through the VPN on a safe, private no-log DNS daemon.
– Shared IP System : We mix clients’ traffic with many clients’ traffic through the use of an anonymous shared-IP system ensuring that our users blend in with the crowd.

11. We are currently using our own DNS caching.

12. We utilize third party datacenters that are operated by trusted friends and, now, business partners who we have met and completed our due diligence on. Our servers are located in: USA, Canada, UK, Switzerland, Amsterdam, Sweden, Paris, Germany, Romania, Hong Kong, Israel, Australia and Japan. We have over 2,000 servers deployed at the time of writing with over 1,000 in manufacture/shipment at this time.

Private Internet Access website

TorGuard

1. No logs are kept whatsoever. TorGuard does not store any traffic logs or user session data on our network because since day one we engineered every aspect of the operation from the ground up, permitting us full control over the smallest details. In addition to a strict no logging policy we run a shared IP configuration that provides an added layer of anonymity to all users. With hundreds of active sessions sharing a single IP address at any given time it becomes impossible to back trace usage.

2. At the time of this writing our headquarters currently operates from the United States. Due to the lack of data retention laws in the US, our legal team has determined this location to be in the best interest of privacy for the time being. Although TorGuard’s HQ is in the US, we take the commitment to user privacy seriously and will uphold this obligation at all costs, even if it means transferring services or relocating company assets.

3. Our network team uses a combination of open source monitoring apps and custom developed tools to mitigate any ongoing abuse of our services. This allows us to closely monitor server load and uptime so we can pinpoint and resolve potential problems quickly. If abuse reports are received from an upstream provider, we block them in real-time by employing various levels of firewall rules to large blocks of servers. Should these methods fail, our team is quick to recycle entire IP blocks and re-deploy new servers as a last resort.

4. For basic troubleshooting and customer service purposes we utilize Livechatinc for our chat support. TorGuard staff does make use of Google Apps for company email, however no identifying client information like passwords, or billing info is ever shared among either of these platforms. All clients retain full control over account changes in our secure member’s area without any information passing through an insecure channel.

5. Because we do not host any content it is not possible for us to remove anything from a server. In the event a DMCA notice is received it is immediately processed by our abuse team. Due to our shared network configuration we are unable to forward any requests to a single user. In order to satisfy legal requirements from bandwidth providers we may temporarily block infringing protocols, ports, or IPs.

6. If a court order is received, it is first handled by our legal team and examined for validity in our jurisdiction. Should it be deemed valid, our legal representation would be forced to further explain the nature of a shared IP configuration and the fact that we do not hold any identifying logs. No, we remain unable to identify any active user from an external IP address and time stamp.

7. No, at this time we do not have a warrant canary.

8. Yes, TorGuard was designed with the BitTorrent enthusiast in mind. P2P is allowed on all servers, although for best performance we suggest using locations that are optimized for torrents. Users can find these servers clearly labeled in our VPN software.

9. We currently accept over 200 different payment options through all forms of credit card, PayPal, Bitcoin, altcoins (e.g. dogecoin, litecoin + more), Paysafecard, Alipay, CashU, Gift Cards, and many other methods. No usage can be linked back to a billing account due to the fact that we maintain zero logs across our network.

10. For best security we advise clients to use OpenVPN connections only and for encryption use AES256 with 2048bit RSA. Additionally, TorGuard VPN offers “Stealth” protection against DPI (Deep Packet Inspection) interference from a nosey ISP so you can access the open web freely even from behind the Great Firewall of China. These options are available on select locations and offer excellent security due to the cryptography techniques used to obfuscate traffic. Our VPN software uses OpenVPN exclusively and features built in DNS leak protection, an App Killswitch, and a connection Killswitch. We have also just released a built in WebRTC leak block feature for Windows Vista/7/8 users.

11. Yes, we offer private, no log DNS servers which can be obtained by contacting our support desk. By default we also use Google DNS and OpenDNS for performance reasons on select servers.

12. TorGuard currently maintains 1000+ servers in over 44 countries around the world and we continue to expand the network every month. We retain full physical control over all hardware and only seek partnerships with data centers who can meet our strict security criteria. All servers are deployed and managed exclusively by our in house networking team via a single, secure key. We have servers in Australia, Belgium, Brazil, Canada, China, Costa Rica, Czech Republic, Denmark, Egypt, Finland, France, Germany, Greece, Hong Kong, Iceland, India, Indonesia, Ireland, Italy, Japan, Korea, Latvia, Luxembourg, Malaysia, Mexico, Netherlands, New Zealand, Norway, Panama, Poland, Portugal, Romania, Russia, Saudi Arabia, Singapore, South Africa, Spain, Sweden, Switzerland, Tunisia, Turkey, United Kingdom, USA, and Vietnam.

TorGuard website

IPVanish

ipvanish1. IPVanish has a zero-log policy. We keep NO traffic logs on any customer, ever.

2. IPVanish is headquartered in the US and thus operates under US law.

3. IPVanish monitors CPU utilization, bandwidth and connection counts. When thresholds are passed, a server may be removed from rotation as to not affect other users.

4. IPVanish does not use any external support tools that hold user information. We do, however, operate an opt-in newsletter that is hosted at Constant Contact. Customers are in no way obligated to sign up for the newsletter.

5. IPVanish keeps no logs of any user’s activity and responds accordingly.

6. IPVanish, like every other company, follows the law in order to remain in business. Only US law applies.

7. No.

8. P2P is permitted. IPVanish does not block or throttle any ports, protocols, servers or any type of traffic whatsoever.

9. Bitcoin, PayPal and all major credit cards are accepted. Payments and service use are in no way linked. User authentication and billing info are also managed on completely different and independent platforms.

10. We recommend OpenVPN with 256 bit AES as the most secure VPN connection and encryption algorithm. IPVanish’s service and software also currently provide DNS leak prevention. We are developing a kill switch in upcoming releases of our software.

11. IPVanish does use its own DNS servers. Local DNS is handled by the server a user connects to.

12. IPVanish is one of the only tier-1 VPN networks, meaning we own and operate every aspect of our VPN platform, including physical control of our VPN servers. This gives IPVanish users security and speed advantages over other VPN services. IPVanish servers can be found in over 60 countries including the US, UK, Canada, Netherlands and Australia.

IPVanish website

IVPN

ivpn1. No, this is fundamental to the service we provide. It is also in our interests not to do so as it minimizes our own liability.

2. Gibraltar. In 2014 we decided to move the company from Malta to Gibraltar in light of the new 2015 EU VAT regulations which affect all VPN service providers based in the EU. The EU VAT regulations now require companies to collect two pieces of non-conflicting evidence about the location of a customer; this would be at a minimum the customer’s physical address and IP address.

3. We have built a number of bespoke systems over the last 5 years as we’ve encountered and addressed most types of abuse. At a high level we use Zabbix, an open-source monitoring tool that alerts us to incidents. As examples we have built an anti-spam rate-limiter based on iptables so we don’t have to block any email ports and forked a tool called PSAD which allows us to detect attacks originating from our own network in real time.

4. No. We made a strategic decision from the beginning that no company or customer data would ever be stored on 3rd party systems. Our customer support software, email, web analytics (Piwik), issue tracker, monitoring servers, code repo’s, configuration management servers etc. all run on our own dedicated servers that we setup, configure and manage.

5. Our legal department sends a reply stating that we do not store content on our servers and that our VPN servers act only as a conduit for data. In addition, we never store the IP addresses of customers connected to our network nor are we legally required to do so.

6. That would depend on the information with which we were provided. If asked to identify a customer based on a timestamp and/or IP address then we would reply factually that we do not store this information, so we are unable to provide it. If they provide us with an email address and asked for the customer’s identity then we reply that we do not store any personal data, we only store a customer’s email address. If the company were served with a valid court order that did not breach the Data Protection Act 2004 we could only confirm that an email address was or was not associated with an active account at the time in question. We have never been served with a valid court order.

7. Yes absolutely, we’ve published a canary since August 2014.

8. Yes, we don’t block BitTorrent or any other protocol on any of our servers. We do kindly request that our customers use non-USA based exit servers for P2P. Any company receiving a large number of DMCA notices is exposing themselves to legal action and our upstream providers have threatened to disconnect our servers in the past.

9. We accept Bitcoin, Cash and Paypal. When using cash there is no link to a user account within our system. When using Bitcoin, we store the Bitcoin transaction ID in our system. If you wish to remain anonymous to IVPN you should take the necessary precautions when purchasing Bitcoin (See part 7 of our advanced privacy guides). With Paypal we store the subscription ID in our system so we can associate incoming subscription payments. This information is deleted immediately when an account is terminated.

10. We provide RSA-4096 / AES-256 with OpenVPN, which we believe is more than secure enough for our customers’ needs. If you are the target of a state level adversary or other such well-funded body you should be far more concerned with increasing your general opsec than worrying about 2048 vs 4096 bit keys. The IVPN client offers an advanced VPN firewall that blocks every type of IP leak possible (DNS, network failures, WebRTC STUN, IPv6 etc.). It also has an ‘always on’ mode that will be activated on boot before any process on the computer starts. This will ensure than no packets are ever able to leak outside of the VPN tunnel.

11. Yes. Once connected to the VPN all DNS requests are sent to our pool of internal recursive DNS servers. We do not use forwarding DNS servers that forward the requests to a public DNS server such as OpenDNS or Google.

12. We use dedicated servers leased from 3rd party data centers in each country where we have a presence. We employ software controls such as full disk encryption and no logging to ensure that if a server is ever seized it’s data is worthless. We also operate a multi-hop network so customers can choose an entry and exit server in different jurisdictions to make the adversaries job of correlating the traffic entering and exiting our network significantly more complicated. We have servers located in Switzerland, Germany, Iceland, Netherlands, Romania, France, Hong-Kong, USA, UK and Canada.

IVPN website

PrivateVPN

privatevpn1.We don’t keep ANY logs that allow us or a 3rd party to match an IP address and a time stamp to a user of our service. The only thing we log are e-mails and user names but it’s not possible to bind an activity on the Internet to a user on PrivateVPN.

2. We operate in Swedish jurisdiction.

3. If there’s abuse, we advise that service to block our IP in the first instance, and second, we can block traffic to the abused service.

4. No. We use a service from Provide Support (ToS) for live support. They do not hold any information about the chat session. From Provide support: Chat conversation transcripts are not stored on Provide Support chat servers. They remain on the chat server for the duration of the chat session, then optionally sent by email according to the user account settings, and then destroyed.

5. This depends on the country in which we’re receiving a DMCA takedown. For example, we’ve received a DMCA takedown for UK and Finland and our response was to close P2P traffic in those countries.

6. If we get a court order to monitor a specific IP then we need to do it, and this applies to every VPN company out there.

7. We’re working on a solution where we publish a statement that we haven’t received legal process. One we receive a legal process, this canary statement is removed.

8. Yes, we allow Torrent traffic.

9. PayPal, Payson, 2Chrckout and Bitcoin. Every payment has an order number, which is linked to a user. Otherwise we wouldn’t know who has made a payment. To be clear, you can’t link a payment to an IP address you get from us.

10. OpenVPN TUN with AES-256. On top is a 2048-bit DH key. For our Windows VPN client, we have a feature called “Connection guard”, which will close a selected program(s) if the connection drop. We have no tools for DNS leak but we’re working on a protection that detects the DNS leak and fixes this by changing to a secure DNS server.

11. We use a DNS from Censurfridns.

12. We have physical control over our servers and network in Sweden. All other servers and networks are hosted by ReTN, Kaia Global Networks, Leaseweb, FDCServers, Blix, Zen systems, Wholesale Internet, Creanova, UK2, Fastweb, Server.lu, Selectel, Amanah and Netrouting. We have servers located in: Sweden, United States, Switzerland, Great Britain, France, Denmark, Luxembourg, Finland, Norway, Romania, Russia, Germany, Netherlands, Canada and Ukraine.

PrivateVPN website

PRQ

1. No

2. Swedish

3. Our own.

4. No

5. We do not care about DMCA.

6. We only require a working e-mail address to be a customer, no other information is kept.

7. No.

8. As long as the usage doesn’t violate the ToS, we do not care.

9. None of the payment methods are linked to a user.

10. OpenVPN, customers have to monitor their service/usage.

11. Yes.

12. Everything is inhouse in Sweden.

PRQ website

Mullvad

mullvad1. No. This would make both us and our users more vulnerable so we certainly don’t. To make it harder to watch the activities of an IP address from the outside we also have many users sharing addresses, both for IPv4 and IPv6.

2. Swedish.

3. We don’t monitor our users. In the rare cases of such egregious network abuse that we can’t help but notice (such as DoS attacks) we stop it using basic network tools.

4. We do use external providers and encourage people sending us email to use PGP encryption, which is the only effective way to keep email somewhat private. The decrypted content is only available to us.

5. There is no such Swedish law that is applicable to us.

6. We get requests from governments from time to time. They never get any information about our users. We make sure not to store sensitive information that can be tied to publicly available information, so that we have nothing to give out. We believe it is not possible in Swedish law to construct a court order that would compel us to actually give out information about our users. Not that we would anyway. We started this service for political reasons and would rather discontinue it than having it work against its purpose.

7. Under current Swedish law there is no way for them to force us to secretly act against our users so a warrant canary would serve no purpose. Also, we would not continue to operate under such conditions anyway.

8. Yes.

9. Bitcoin (we were the first service to accept it), cash (in the mail), bank transfers, and PayPal / credit cards. Payments are tied to accounts but accounts are just random numbers with no personal information attached that users can create at will. With the anonymous payments possible with cash and Bitcoin it can be anonymous all the way.

10. OpenVPN (using the Mullvad client program). Regarding crypto, ideally we would recommend Ed25519 for certificates, Curve25519 for key exchange (ECDHE), and ChaCha20-Poly1305 for data streams but that suite isn’t supported by OpenVPN. We therefore recommend and by default use RSA-2048, D-H (DHE) and AES-256-CBC-SHA. We have a “kill switch,” DNS leak protection and IPv6 leak protection (and IPv6 tunnelling).

11. Yes, we use our own DNS servers.

12. We have a range of servers. From on one end servers lovingly assembled and configured by us with ambitious physical security in data centers owned and operated by people we trust personally and whose ideology we like. On the other end rented hardware in big data centers. Which to use depends on the threat model and performance requirements. Currently we have servers hosted by GleSYS Internet Services, 31173 Services and Leaseweb in Sweden, the Netherlands, USA and Germany.

Mullvad website

BolehVPN

bolehvpn1. No.

2. Malaysia. This may change in the near future and we will post an announcement when this is confirmed.

3. We do monitor general traffic patterns to see if there is any unusual activity that would warrant a further investigation.

4. We use ZenDesk and Zopim but are moving to use OSTicket which is open source. This should happen in the next 1-2 months.

5. Generally we work with the providers to resolve the issue and we have never given up any of our customer information. Generally we terminate our relationship with the provider if this is not acceptable. Our US servers under DMCA jurisdiction or UK (European equivalent) have P2P locked down.

6. This has not happened yet but we do not keep any user logs so there is not much that can be provided especially if the payment is via an anonymous channel. One of our founders is a lawyer so such requests will be examined on their validity and we will resist such requests if done without proper cause or legal backing.

7. Yes.

8. Yes it is allowed except on those marked Surfing-Streaming only which are restricted either due to the provider’s policies or limited bandwidth.

9. We use MolPay, PayPal, Coinbase, Coinpayments and direct deposits. On our system it is only marked with the Invoice ID, the account it’s for, the method of payment and whether it’s paid or not. We however of course do not have control of what is stored with the payment providers.

10. Our Cloak configurations implement 256 bit AES and a SHA-512 HMAC combined with a scrambling obfuscation layer. We do have a lock down/kill switch feature and DNS leak protection.

11. Yes we do use our own DNS servers.

12. Our VPN servers are hosted by third parties however for competitive reasons, we rather not mention our providers (not that it would be hard to find out with some digging). However none of these servers hold anything sensitive as they are authenticated purely using PKI infrastructure and as long as our users regularly update their configurations they should be fine. We do however have physical control over the servers that handle our customer’s information.

BolehVPN website

NordVPN

nordvpn1. Do we keep logs? What is that? Seriously, we have a strict no-logs policy over our customers. The only information we keep is customers’ e-mail addresses which are needed for our service registration (we keep the e-mail addresses until the customer closes the account).

2. NordVPN is based out of Panama.

3. No tools are used to monitor our customers in any case. We are only able to see the servers’ load, which helps us optimize our service and provide the best possible Internet speed to our users.

4. We use the third-party live support tool, but it is not linked to the customers’ accounts.

5. When we receive any type of legal notices, we cannot do anything more than to ignore them, simply because they have no legal bearing to us. Since we are based in Panama, all legal notices have to be dealt with according to Panamanian laws first. Luckily they are very friendly to Internet users.

6.If we receive a valid court order, firstly it would have to comply with the laws of Panama. In that case, the court settlement should happen in Panama first, however were this to happen, we would not be able to provide any information because we keep exactly nothing about our users.

7. We do not have a warrant canary or any other alert system, because as it was mentioned above, we operate under the laws of Panama and we guarantee that any information about our customers will not be distributed to any third party.

8. We do not restrict any BitTorrent or other file-sharing applications on most of our servers.

9. We accept payments via Bitcoin, Credit Card, PayPal, Banklink, Webmoney (Paysera). Bitcoin is the best payment option to maintain your anonymity as it has only the paid amount linked to the client. Users who purchase services via PayPal are linked with the usual information the seller can see about the buyer.

10. We have high anonymity solutions which we would like to recommend to everyone seeking real privacy. One of them is Double VPN. The traffic is routed through at least two hoops before it reaches the Internet. The connection is encrypted within two layers of cipher AES-256-CBC encryption. Another security solution – Tor over VPN. Firstly, the traffic is encrypted within NordVPN layer and later sent to the Tor network and exits to the Internet through one of the Tor exit relays. Both of these security solutions give a great encryption and anonymity combination. The benefit of using these solutions is that the chances of being tracked are eliminated. In addition, you are able to access .onion websites when connected to Tor over VPN. Furthermore, our regular servers have a strong encryption which is 2048bit SSL for OpenVPN protocol, AES-256bit for L2TP.

In addition to that, we have advanced security solutions, such as the “kill switch” and DNS leak protection which provide the maximum possible security level for our customers.

11. NordVPN has its own DNS servers, also our customers can use any DNS server they like.

12. Our servers are outsourced and hosted by a third parties. Currently our servers are in 26 countries: Australia, Austria, Brazil, Canada, Chile, France, Germany, Hong Kong, Iceland, Isle of Man, Israel, Italy, Liechtenstein, Lithuania, Netherlands, Panama, Poland, Romania, Russia, Singapore, South Africa, Spain, Sweden, Switzerland, United Kingdom and United States.

NordVPN website

TorrentPrivacy


1. We don’t keep any logs with IP addresses. The only information we save is an email. It’s impossible to connect specific activity to a user.

2. Our company is under Seychelles jurisdiction.

3. We do not monitor any user’s traffic or activity for any reason.

4. We use third-party solutions for user communications and emailing. Both are running on our servers.

5. We have small amount of abuses. Usually we receive them through email and all of them are bot generated. As we don’t keep any content we just answer that we don’t have anything or ignore them.

6. It has never happened for 8 years. We will ignore any requests from all jurisdiction except Seychelles. We have no information regarding our customers’ IP addresses and activity on the Internet.

7. No, we don’t bother our users.

8. Yes we support all kind of traffic on all servers.

9. We are using PayPal but payment as a fact proves nothing. Also we are going to expand our payment types for the crypto currencies in the nearest future.

10. We are recommending to use the most simple and secure way — OpenVPN with AES-256 encryption. To protect the torrent downloads we suggest to create a proxy SSH tunnel for your torrent client. In this case you are encrypting only your P2P connection when your browser or Skype uses your default connection. When using standard VPN in case of disconnection your data flows unencrypted. Implementing our SSH tunnel will save from such leaking cause traffic will be stopped.

11. Yes. We are using our own DNS servers.

12. We use third party datacenters for VPN and SSH data transmission in the USA, UK and Netherlands. The whole system is located on our own servers.

TorrentPrivacy website

Proxy.sh

proxy1. We do not keep any log at all.

2. Republic of Seychelles. And of course, every jurisdiction where each of our servers are, for their specific cases.

3. IPtables, TCPdump and Wireshark, for which their use is always informed at least 24 hours in advance via our Network Alerts and/or Transparency Report.

4. All our emails, panels and support are in-house. We host our own WHMCS instance for billing and support. We host server details, project management and financial management on Redmine that we of course self-run. The only third-party connections we have are Google Analytics and Google Translate on our public website (not panel), for obvious convenience gains, but the data they fetch can easily be hidden or faked. We may also sometimes route email through Mandrill but never with user information. We also have our OpenVPN client’s code hosted at Github, but this is because we are preparing to open source it.

5. We block the affected port and explain to upstream provider and/or complainant that we cannot identify the user who did the infringement, and we can therefore not pass the notice on. We also publish a transparency report and send a copy to the Chilling Effects Clearinghouse. If there are too many infringements, we may block all ports and strengthen firewall rules to satisfy upstream provider, but this may lead us to simply drop the server on short-term due to it becoming unusable.

6. We first post the court order to public and inform our users through our blog, much-followed Twitter account, transparency report and/or network alert. If we are unable to do so, we use our warrant canary. Then, we would explain to the court that we have no technical capacity to identify the user and we are ready to give access to competent and legitimate forensic experts. To this date, no valid court order has been received and acknowledged by us.

7. Yes, proxy.sh/canary.

8. We do not discriminate activity across our network. We are unable to decrypt traffic to differentiate file-sharing traffic from other activities, and this would be against our ethics anyway. The use of BitTorrent and similar is solely limited to the fact you can whether open/use the ports you wish for it on a selected server.

9. We support hundreds of payment methods, from PayPal to Bitcoin through SMS to Ukash and Paysafecard. We use third-party payment providers who handle and carry themselves the payments and the associated user information needed for them (e.g. a name with a credit card). We never have access to those. When we need to identify a payment for a user, we always need to ask him or her for references (to then ask the payment provider if the payment exists) because we do not originally have them. Last but not least, we also have an option to kill accounts and turn them into completely anonymous tokens with no panel or membership link at all, for the most paranoid customers (in the positive sense of the term).

10. We currently provide Serpent in non-stable & limited beta and it is the strongest encryption algorithm we have. We also openly provide to our experienced users ECDH curve secp384r1 and curve22519 through a 4096-bit Diffie-Hellman key. We definitely recommend such a setup but it requires software compiling skills (you need OpenVPN’s master branch). This setup also allows you to enjoy OpenVPN’s XOR capacity for scrambling traffic. We also provide integration of TOR’s obfsproxy for similar ends. Finally, for more neophyte users, we provide 4096-bit RSA as default standard. It is the strongest encryption that latest stable OpenVPN provides. Cipher and hash are the strongest available and respectively 256-bit CBC/ARS and SHA512. Our custom OpenVPN client of course provides a kill switch and DNS leak protection.

11. Yes, we provide our own OpenNIC DNS servers as well as DNSCrypt capacity.

12. We use a mix of collocation (physically-owned), dedicated and virtual private servers – also known as a private/public cloud combination. All our VPN servers are running from RAM and are disintegrated on shutdown or reboot. About two-third of them are in the public cloud (especially for most exotic locations). Our network spans across more than 40 countries.

Proxy.sh website

HideIPVPN

hideipvpn1. We have revised our policy. Currently we store no logs related to any IP address. There is no way for any third-party to match user IP to any specific activity in the internet.

2. We operate under US jurisdiction.

3. We would have to get into details of each individual point of our ToS. For basics like P2P and torrent traffic on servers that do not allow for such transmissions or connecting to more than three VPN servers at the same time by the same user account. But we do not monitor users’ traffic. Also, since our users use shared IP address of VPN server, there is no way any third party could connect any online activity to a user’s IP address.

4. We are using Google apps for incoming mail and our own mail server for outgoing mail.

5. Since no information is stored on any of our servers there is nothing that we can take down. We reply to the data center or copyright holder that we do not log our users’ traffic and we use shared IP-addresses, which make impossible to track who downloaded any data from the internet using our VPN.

6. We would reply that we do not have measures that would us allow to identify a specific user. It has not happened so far.

7. Currently not. We will consider if our customers would welcome such a feature. So far we have never been asked for such information.

8. This type of traffic is welcomed on our German (DE VPN) and Dutch (NL VPN) servers. It is not allowed on US, UK and Canada servers as stated in our ToS – reason for this is our agreements with data centers. We also have a specific VPN plan for torrents.

9. Currently HideIPVPN accepts the following methods: PayPal, Bitcoin, Credit & Debit cards, AliPay, Web Money, Yandex Money, Boleto Bancario, Qiwi.

10. We would say SoftEther VPN protocol looks very promising and secure. Users can currently use our VPN applications on Windows and OSX systems. Both versions have a “kill switch” feature in case connection drops. Also, our apps are able to re-establish VPN connection and once active restart closed applications.

Currently our software does not provide DNS leak protection. However a new version of VPN client is in the works and will be updated with such a feature. We can let you know once it is out. At this time we can say it will be very soon.

11. For VPN we use Google DNS servers, and for SmartDNS we use our own DNS servers.

12. We don’t have physical control of our VPN servers. Servers are outsourced in premium datacenters with high quality tier1 networks. Countries now include – US/UK/NL/DE/CA

HideIPVPN website

BTGuard

btguard1. We do not keep any logs whatsoever.

2. United States

3. Custom programs that analyze traffic on the fly and do not store logs.

4. No, all data is stored on servers we control.

5. We do not have any open incoming ports, so it’s not possible for us to “takedown” any broadcasting content.

6. We would take every step within the law to fight such an order and it has never happened.

7. No.

8. Yes, all types of traffic our allowed with our services.

9. We accept PayPal and Bitcoin. All payments are linked to users’ accounts because they have to be for disputes and refunds.

10. We recommend OpenVPN and 128-bit blowfish. We offer instructions for some third party VPN monitoring software.

11. We use our own DNS servers.

12. We have physical control over all our servers. Our servers we offer services with are located in the Netherlands, Canada, and Singapore. Our mail servers are located in Luxembourg.

BTGuard website

SlickVPN

slickvpn1. SlickVPN does not log any traffic nor session data of any kind.

2. We operate a complex business structure with multiple layers of Offshore Holding Companies, Subsidiary Holding Companies, and finally some Operating Companies to help protect our interests. We will not disclose the exact hierarchy of our corporate structures, but will say the main marketing entity for our business is based in the United States of America and an operational entity is based out of Nevis.

3. We do not monitor any customer’s activity in any way. We have chosen to disallow outgoing SMTP which helps mitigate SPAM issues.

4. No. We do utilize third party email systems to contact clients who opt in for our newsletters.

5. If a valid DMCA complaint is received while the offending connection is still active, we stop the session and notify the active user of that session, otherwise we are unable to act on any complaint as we have no way of tracking down the user. It is important to note that we ALMOST NEVER receive a VALID DMCA complaint while a user is still in an active session.

6. Our customer’s privacy is of top most importance to us. We are required to comply with all valid court orders. We would proceed with the court order with complete transparency, but we have no data to provide any court in any jurisdiction. We would not rule out relocating our businesses to a new jurisdiction if required.

7. Yes. We maintain a passive warrant canary, updated weekly, and are investigating a way to legally provide a passive warrant canary which will be customized on a “per user” basis, allowing each user to check their account status individually. It is important to note that the person(s) responsible for updating our warrant canary are located outside of any of the countries where our servers are located.

8. Yes, all traffic is allowed.

9. We accept PayPal, Credit Cards, Bitcoin, Cash, and Money Orders. We keep user authentication and billing information on independent platforms. One platform is operated out of the United States of America and the other platform is operated out of Nevis. We offer the ability for the customer to permanently delete their payment information from our servers at any point. All customer data is automatically removed from our records shortly after the customer ceases being a paying member.

10. We recommend using OpenVPN if at all possible (available for Windows, Apple, Linux, iOS, Android) and it uses the AES-256-CBC algorithm for encryption.

Our Windows and Mac client incorporates IP and DNS leak protection which prevents DNS leaks and provides better protection than ordinary ‘kill-switches’. Our IP leak protection proactively keeps your IP from leaking to the internet. This was one of the first features we discussed internally when we were developing our network, it is a necessity for any good VPN provider.

11. Yes.

12. We run a mix. We physically control some of our server locations where we have a heavier load. Other locations are hosted with third parties until we have enough traffic in that location to justify racking our own server setup. To ensure redundancy, we host with multiple providers in each location. We have server locations in over forty countries. In all cases, our network nodes load over our encrypted network stack and run from ramdisk. Anyone taking control of the server would have no usable data on the disk. We run an algorithm to randomly reboot each server on a regular basis so we can clear the ramdisk.

SlickVPN website

OctaneVPN

octane1. No. We cannot locate an individual user by IP address and timestamp. There are no logs written to disk on our gateways.

The gateway servers keep the currently authenticated customers in the server’s RAM so they can properly connect and route incoming traffic to those customers. Obviously, if a server is powered down or restarted, the contents of the RAM are lost. We keep gateway performance data such as CPU loading, I/O rates and maximum simultaneous connections so that we can manage and optimize our network.

2. We operate two independent companies with different ownership structures – a network operations company and a marketing company. The network operations company operates out of Nevis. The marketing company operates under US jurisdiction and manages the website, customer accounts and support. The US company has no access to network operations and the Nevis company has no customer account data.

3. We are not in the business of monitoring customer traffic in any way. Spam emails were our biggest issue and early on we decided to prevent outgoing SMTP. Otherwise, the only other abuse tools we use are related to counting the number of active connections authenticated on an account to control account sharing issues. We use a NAT firewall on incoming connections to our gateways to add an extra layer of security for our customers.

4. No. We do use a service to send generic emails.

5. Due to the structure of our network operations company, it is unusual that we would receive a notice. There should be no cause for the marketing company to receive a notice. If we receive a DMCA notice or its equivalent based on activity that occurred in the past, we respond that we do not host any content and have no logs.

If we receive a DMCA notice based on very recent activity and the customer’s current VPN session during which it was generated is still active on the gateway, we may put the account on hold temporarily and notify the customer. No customer data is used to respond to DMCA notices.

6. Our customers’ privacy is a top priority for us. We would proceed with a court order with complete transparency. A court order would likely be based on an issue traced to a gateway server IP address and would, therefore, be received by our our network operations company which is Nevis based. The validity of court orders from other countries would be difficult to enforce. The network company has no customer data.

Our marketing company is US based and would respond to an order issued by a court of competent jurisdiction. The marketing company does not have access to any data related to network operations or user activity, so there is not much information that a court order could reveal. This has not happened.

7. We are discussing internally and reviewing existing law related to how gag orders are issued to determine the best way to offer this measure of customer confidence.

8. Yes. We operate with network neutrality except for outgoing SMTP.

9. Bitcoin and other cryptocurriences such as Darkcoin, Credit/Debit Card, and PayPal. If complete payment anonymity is desired, we suggest using Bitcoin, DarkCoin, or a gift/disposable credit card. Methods such as PayPal or Credit/Debit card are connected to an account token so that future renewal payments can be properly processed and credited. We allow customers to edit their account information. With our US/Nevis operating structure, customer payment systems information is separate from network operations.

10. We recommend using the AES-256-CBC cipher with OpenVPN, which is used with our client. IPSec is available for native Apple device support and PPTP is offered for other legacy devices, but OpenVPN offers the best security and speed and is our recommended protocol

We provide both DNS and IP leak protection in our Windows and Mac OctaneVPN client. Our OpenVPN based client’s IP leak protection works by removing all routes except the VPN route from the device when the client has an active VPN connection. This a better option than a ‘kill switch’ because our client ensures the VPN is active before it allows any data to leave the device, whereas a ‘kill switch’ typically monitors the connection periodically, and, if it detects a drop in the VPN connection, reacts.

11. Yes and we physically control them. You can choose others if you prefer.

12. In our more active gateway locations, we colocate. In locations with lower utilization, we normally host with third parties until volume at that location justifies a physical investment there. The hosted locations may have different providers based on geography. We operate gateways in over 44 countries and 90 cities. Upon booting, all our gateways load over our encrypted network from a master node and operate from encrypted ramdisk. If an entity took physical control of a gateway server, the ramdisk is encrypted and would vanish upon powering down.

OctaneVPN website

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Oscar Nominations Massively Boosted Pirate Downloads

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

While Hollywood would’ve liked it to remain a secret, news that the majority of Oscar contenders were available online just a day after the Academy’s announcement traveled fast.

In anticipation of this eventuality, at the turn of the year piracy monitoring firm Irdeto began tracking dozens of top movies in order to compare the number of downloads before and after the Oscar nominations were made public. Some of the numbers just revealed by the company are eye-watering.

After monitoring from January 1 through February 14, Irdeto found that there was a 385% increase in piracy of nominated films following the Academy’s announcement on January 15.

“While Gone Girl was the early frontrunner after nominations, American Sniper took the lead and is currently the most pirated film in the world post-nomination,” Irdeto reveals.

As the chart below shows, the majority of nominees had download numbers boosted between 161% and 230%, but clearly out in front is Selma with a 1033% uplift.

post-nom

In terms of pure downloads, however, the Martin Luther King movie isn’t an Oscar high-flyer. Despite the huge boost in interest after nomination day, Selma sits in 10th place well behind piracy leaders American Sniper and Gone Girl.

oscar-downs

Of course, the big question now is whether popularity on BitTorrent networks will be mirrored in the final Oscars ceremony. Ranking movies based on downloads since January 15 in the categories they were nominated, Irdeto predicts the winners as follows:

Best Picture: American Sniper (1.39m)

Best Actor: Bradley Cooper, American Sniper (1.39m)

Best Director: Alejandro González Iñárritu, Birdman (796.7K)

Best Actress: Rosamund Pike, Gone Girl (1.25m)

Hollywood’s own leaks contributed to the piracy problem

While the Oscar-nominated movies now available online come from a wide variety of sources including Blu-ray, DVD (34% combined) and Cams (11%), Irdeto’s study highlights the problems the Academy has with its own leaks. Handed out to voters, critics and others in the industry, screeners are the most prized source for online booty. And this year there were plenty of them.

“Hollywood screeners specifically accounted for a substantial 31% of the total illegal downloads tracked between January 15 and February 14,” Irdeto reveals.

“Six nominated movies currently unavailable for retail purchase on Blu-Ray, DVD, VOD or legal streaming/download sites saw the majority of piracy coming directly from these screeners: American Sniper, The Imitation Game, Wild, Selma, Whiplash and Still Alice.”

While noting that not every download is a lost sale, the anti-piracy company still believes that an estimated $40m could have been lost on these titles alone, simply because they weren’t made available legally to consumers.

Release windows

“Our data clearly shows that the rest of the world is paying attention to the Academy Awards and there is significant demand for new movies to be available earlier, in more geographies and over more platforms,” says Rory O’Connor, VP of Managed Services at Irdeto.

“In the world of internet re-distribution, the window between theatrical release and worldwide market availability may simply be too long, leaving room for pirates to take advantage and offer consumers alternative means of instant gratification. Today’s consumers simply refuse to wait to access these movies through legitimate services.”

The rest of the world

Finally, outside of the United States the top ten countries accounting for the most illegal downloads were Russia, Italy, UK, Brazil, Canada, India, Australia, Spain, South Korea and the Netherlands.

And in what is bound to be yet more ammunition for the copyright lobby Down Under, the Oscar for the country with the highest percentage of piracy per Internet user population goes to….

…….Australia.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Voltage Pics: Suing Disabled Kids For Piracy is Bad PR

This post was syndicated from: TorrentFreak and was written by: Andy. Original post: at TorrentFreak

Movie company Voltage Pictures has built quite a reputation in the past couple of years for its approach to those said to have downloaded and shared The Hurt Locker and Dallas Buyers Club without permission.

Rather than take the soft approach, the company has sued thousands of individuals across the United States and has also tested the waters in Canada, Europe and Australia.

Litigation in the latter region is reaching a critical point, with Voltage affiliate Dallas Buyers Club LLC (DBCLLC) attempting to force several local ISPs (iiNet, Wideband Networks, Internode, Dodo Services, Amnet Broadband and Adam Internet) to hand over the identities of individuals said to have downloaded the movie of the same name.

The ISPs have been putting up a fight in Sydney’s Federal Court this week in order to protect their customers and thus far DBCLLC and their piracy tracking partners have been given a rocky ride.

Flown in from Germany especially for the hearing, Daniel Macek of BitTorrent monitoring outfit Maverick Eye was given a particularly hard time. On Monday under cross-examination by iiNet barrister Richard Lancaster, SC, the 30-year-old admitted that he did not prepare his own affidavit.

“It was provided [by Dallas Buyers Club],” Mr Macek said.

Since Macek was appearing as an expert witness, the revelation was pounced upon by Lancaster.

“You provide affidavits and statements in lots of litigations all around the world,” Mr Lancaster said. “Is it your practice just to sign what is put in front of you?”

“No,” Macek replied.

During yesterday’s hearing things only appeared to get worse for Macek, as both his expertise and Maverick Eye’s evidence was called into question. The company provided “.pcap” files to the Court which contained timestamps of alleged infringements but when questioned about their contents, Macek fell short.

“Are you familiar with the information in the .pcap files themselves?” Lancaster asked Macek.

“Not in detail,” Macek admitted.

Lancaster’s questioning was aimed at casting doubt on the timings of alleged infringements logged in the Maverick Eye system. Were the times logged in the .pcap files representative of when a file was uploaded by an infringer’s computer to Maverick Eye’s system, or of a later point when further processing had occurred?

“I don’t understand this .pcap [file] in this detail,” Macek said. “I know how the Maverick software works in general but I’m not aware of the .pcap [files],” he added.

The Judge agreed with Lancaster on the importance of his questioning.

“If the IP [address] switched midway through one of these transmissions it just occurs to me that change would have some impact on your cross-examination,” Justice Perram said.

Also appearing this week was Vice-president of royalties for Voltage Pictures, Michael Wickstrom. The Voltage executive said that piracy was eating away at his company’s profits and had become far too easy. Lawsuits helped raise awareness of the problem, he said.

Under cross-examination Wednesday, Wickstrom denied that the letters sent out to customers in the United States were “threatening”, noting instead that they are a statement of facts.

“There are facts stated [in the letter] that [the customer’s] IP address was identified [as having downloaded the film illicitly],” he said.

“Any settlement amount that is disclosed [in the letter]; that was the attorney’s decision and is done on a case by case basis.”

However, while the company has no real idea of the nature of the people they’re targeting, Wickstrom said his company had limits on who would be pursued for cash demands. According to SMH, the executive said that his company “would not pursue an autistic child, people who were handicapped, welfare cases, or people that have mental issues.”

Some compassion from Voltage perhaps? Not exactly – the company seems more interested in how that would look on the PR front.

“That kind of press would ruin us,” Wickstrom said, adding that “the majority” of piracy was in fact occurring at the hands of vulnerable groups.

If that’s truly the case and any “vulnerable” people inform the company of their circumstances, Voltage stands to make very little money from their Australian venture, despite all the expense incurred in legal action thus far. Strangely, they don’t seem to mind.

“This is truly not about the money here, it’s about stopping illegal piracy,” Wickstrom said.

The case continues next week.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: “Canada Remains A Safe Haven For Online Piracy”

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

canada-pirateThe International Intellectual Property Alliance (IIPA) has just published its latest submission to the U.S. Government, providing an overview of countries it believes should better protect the interests of the copyright industry.

The IIPA, which includes a wide range of copyright groups including the MPAA, RIAA, BSA and ESA, has listed its complaints against a whole host of countries. As in previous years, Canada was discussed in detail with the recommendation to put it on the 2014 Special 301 ‘watch list’.

One of the main criticisms against Canada is that the country offers a home to many pirate sites. The country recently revised its copyright law but that has done little to address this problem, IIPA believes.

“Although there has been some improvement in recent years, Canada still has far to go to rectify its reputation as a safe haven for Internet pirates. Indeed, a number of the world’s most popular Internet sources dedicated to online theft of copyright material retain connections to Canada.”

Among others, the report lists the popular torrent sites Torrentz.eu, Kickass.to and streaming portal Solarmovie.is as partially Canada-based.

Canada’s inaction against these websites has forced copyright holders to request website blockades in other countries, IIPA claims. In addition, these pirate sites hamper the growth of legal services.

“As long as these sites continue to use Canada as a base, efforts to provide a space within which legitimate, licensed services can take root and grow are undermined, not only in Canada, but around the world,” the report reads.

According to the report Canada’s current copyright law lacks the ability to motivate hosting providers to stop dealing with this sites. Instead, IIPA argues that the law gives these companies “overbroad safe harbors.”

“Clearly the legal incentives remain insufficient for Canadian providers of hosting services to cooperate with right holders to deal with massive and flagrant infringements carried out using their services,” they write.

Aside from hosting pirate sites, IIPA characterizes Canada as a pro-piracy country in general. Canadians download more than twice as much pirated music per capita, according the copyright group.

The “notice and notice” system that was implemented recently, where ISPs have to forward copyright infringement warnings to alleged pirates, is not expected to change much either they say.

“… while the Canadian “notice and notice” system requires service providers to retain records on the identity of subscribers whose accounts have been used for unauthorized file sharing or other infringing behaviors, multiple repeat infringers will be delivered the same notice.”

Ideally, IIPA would like to see a system where repeat infringers can be identified and punished if needed, similar to the “strikes” systems that have been implemented in other countries.

The above is just the tip of the iceberg for Canada. Among other things, the groups also call for stronger border protections and limiting the copyright exceptions for educational use.

The group ask the U.S. Government to “continue to press Canada” to address these and other issues that may hinder the growth of the copyright industry.

“[The U.S. Government] should encourage Canadian authorities to do what they can to give service providers greater incentives to come together with right holders to make meaningful progress against online copyright infringement; but further legislative change is likely to be needed.”

The IIPA’s full 2014 Special 301 recommendation report is available here. This also includes assessments from more than a dozen other countries, including Brazil, China, India, Russia and Switzerland.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Schneier on Security: Canada Spies on Internet Downloads

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Another story from the Snowden documents:

According to the documents, the LEVITATION program can monitor downloads in several countries across Europe, the Middle East, North Africa, and North America. It is led by the Communications Security Establishment, or CSE, Canada’s equivalent of the NSA. (The Canadian agency was formerly known as “CSEC” until a recent name change.)

[…]

CSE finds some 350 “interesting” downloads each month, the presentation notes, a number that amounts to less than 0.0001 per cent of the total collected data.

The agency stores details about downloads and uploads to and from 102 different popular file-sharing websites, according to the 2012 document, which describes the collected records as “free file upload,” or FFU, “events.”