Posts tagged ‘Censorship’

Krebs on Security: China Censors Facebook.net, Blocks Sites With “Like” Buttons

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

Chinese government censors at the helm of the “Great Firewall of China” appear to have inadvertently blocked Chinese Web surfers from visiting pages that call out to connect.facebook.net, a resource used by Facebook’s “like” buttons. While the apparent screw-up was quickly fixed, the block was cached by many Chinese networks — effectively blocking millions of Chinese Web surfers from visiting a huge number of sites that are not normally censored.

fblikeunlike

Sometime in the last 24 hours, Web requests from within China for a large number of websites were being redirected to wpkg.org, an apparently innocuous site hosting an open-source, automated software deployment, upgrade and removal program for Windows.

One KrebsOnSecurity reader living in China who was inconvenienced by the glitch said he discovered the problem just by trying to access the regularly non-blocked UK newspapers online. He soon noticed a large swath of other sites were also being re-directed to the same page.

“It has the feel of a cyber attack rather than a new addition to the Great Firewall,” said the reader, who asked not to be identified by name. “I thought it might be malware on my laptop, but then I got an email from the IT services at my university saying the issue was nation-wide, which made me curious. It’s obviously very normal for sites to be blocked here in China, but the scale and the type of sites being blocked (and the fact that we’re being re-directed instead of the usual 404 result) suggests a problem with the Internet system itself. It doesn’t seem like the kind of thing the Chinese gov would do intentionally, which raises some interesting questions.”

Nicholas Weaver, a researcher who has delved deeply into Chinese censorship tools in his role at the International Computer Science Institute (ICSI) and the University of California, Berkeley, agrees that the blocking of connect.facebook.net by censors inside the country was likely a mistake.

“Any page that had a Facebook Connect element on it that twas unencrypted and visited from within China would instead get this thing which would reload the main page of wpkg.org,” Weaver said, nothing that while Facebook.com always encrypts users’ connections, sites that rely on Facebook “like” buttons and related resources draw those from connect.facebook.net. “That screw-up seems to have been fairly quickly corrected, but the effect of it has lingered because it got into peoples’ domain name system (DNS) caches.”

In short, a brief misstep in censorship can have lasting and far flung repercussions. But why should this be considered a screw-up by Chinese censors? For one thing, it was corrected quickly, Weaver said.

“Also, the Chinese censors don’t benefit from it, because this caused a huge amount of disruption to Chinese web surfers on pages that the government doesn’t want to censor,” he said.

Such screw-ups are not unprecedented. In January 2014, Chinese censors attempting to block Greatfire.org — a site that hosts tools and instructions for people to circumvent restrictions erected by the Great Firewall — inadvertently blocked all Chinese Web surfers from accessing most of the Internet.

Doing censorship right — without introducing the occasional routing calamities and unintended consequences — is hard, Weaver said. And China isn’t the only nation that’s struggled with censorship goofs. The United Kingdom filters its providers’ Internet traffic for requests to known child pornography material. In 2008, a filtering system run by the U.K-based Internet Watch Foundation flagged the cover art for the album Virgin Killers by the rock band Scorpions as potential child porn. As a result, the system placed several pages from Wikipedia on its Internet black list.

The British child porn filtering system checked for requests to images flagged as indecent by using a proxying the traffic through a specific system. So when U.K. residents tried to edit Wiki pages following the blacklisting, Wikipedia saw those requests as huge numbers of users all trying to edit Wiki pages from the same Internet addresses, and blocked the proxy address — effectively cutting off U.K. users from editing all Wiki pages for several days.

Suggested further reading:

Don’t Be Fodder for China’s ‘Great Cannon’

TorrentFreak: Pirate Bay Blockade Censors CloudFlare Customers

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

cloudflareLike any form of censorship web blockades can sometime lead to overblocking, targeting perfectly legitimate websites by mistake.

This is also happening in the UK where Sky’s blocking technology is inadvertently blocking sites that have nothing to do with piracy.

In addition to blocking domain names, Sky also blocks IP-addresses. This allows the site to stop https connections to The Pirate Bay and its proxies, but when IP-addresses are shared with random other sites they’re blocked too.

This is happening to various customers of the CDN service CloudFlare, which is used by many sites on the UK blocklist. Every now and then this causes legitimate sites to be blocked, such as CloudFlare customers who shared an IP-address with Pirate Bay proxy ilikerainbows.co.uk.

Although the domain is merely a redirect to ilikerainbows.co, it’s listed in Sky’s blocking system along with several CloudFlare IP-addresses. Recently, the CDN service received complaints from users about the issue and alerted the proxy owner.

“It has come to our attention that your website — ilikerainbows.co.uk — is causing CloudFlare IPs to be blocked by SkyB, an ISP located in the UK. This is impacting other CloudFlare customers,” CloudFlare wrote.

The CDN service asked the proxy site to resolve the matter with Sky, or else it would remove the site from the network after 24 hours.

“If this issue does not get resolved with SkyB though we will need to route your domain off CloudFlare’s network as it is currently impacting other CloudFlare customers due to these blocked IP addresses.”

cfemail

The operator of the “Rainbows” TPB proxy was surprised by Sky’s overbroad blocking techniques, but also by CloudFlare’s response. Would CloudFlare also kick out sites that are blocked in other countries where censorship is common?

“What do they do when Russia starts blocking sites under their system? Are they going to kick users off CloudFlare because there’s a Putin meme that the Russians don’t like?” Rainbows’ operator tells TF.

Instead of waiting for the domain to be switched off by CloudFlare he reverted it back to the domain registrar’s forwarding services. The main .co domain still uses CloudFlare’s services though, as does the official Pirate Bay site.

This is not the first time that CloudFlare customers have been blocked by mistake. Earlier this year the same thing happened to sites that shared an IP-address with The Pirate Bay. At the time we contacted Sky, who informed us that they do all they can to limit collateral damage.

“We have a process in place to monitor requested site blocks to limit the chances of inadvertently blocking sites, and in addition to this if we are advised by a site owner or Sky customer that a site is being inadvertently blocked we take the necessary steps to remove any unintended blocks,” a Sky spokeswoman said.

In addition to Sky we also contacted CloudFlare about the issue multiple times this year, but the company has yet to reply to our inquiries.

It’s clear though that despite cheers from copyright holders, website blocking is not all rainbows and unicorns. Without any significant change to Sky’s blocking setup, more of these inadvertent blocks are bound to happen in the future.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Court: Google Can See Emails About MPAA’s Secret ‘SOPA Revival’

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

mailgIn backroom meetings the MPAA and Mississippi State Attorney General Jim Hood discussed a plan to bring website blocking and search engine filtering back to the table after the controversial SOPA law failed to pass.

The plan, dubbed “Project Goliath,” became public through various emails that were released during the Sony Pictures leaks. In a response Google said that it was “deeply concerned” about the developments.

To counter the looming threat Google filed a complaint against Hood last December, asking the court to prevent Hood from enforcing a subpoena that addresses Google’s failure to take down or block access to illegal content, including pirate sites.

This resulted in a victory for Google with District Court Judge Henry Wingate putting the subpoena on hold. At the same time Google requested additional details from the Attorney General on his discussions with Hollywood.

During an oral hearing earlier this month Google requested various documents including an email conversation between MPAA’s Senior Vice President State Legislative Affairs Vans Stevenson and the Attorney General.

In addition, Google asked for copies of Word files titled Google can take action, Google must change its behavior, Google’s illegal conduct, CDA, and any documents gathered in response to a request previously submitted by Techdirt’s Mike Masnick .

After a careful review District Court Judge Henry Wingate sided with Google, ordering Attorney General Hood to hand over the requested information before the end of the month.

Judge Wingate’s order
hoodorder

The documents will help Google to get to the bottom of the censorship efforts and to determine what role the MPAA played and what its contributions were.

Various emails that leaked after the Sony hack already revealed that the MPAA’s long-standing law firm Jenner & Block had drafted a subpoena and other communication the Attorney General could use against Google.

Many of the “Project Goliath” emails and documents are readily available after Wikileaks released them late last week, but nearly all details had already been made public after the leaks first surfaced.

Interestingly, in one email the MPAA’s Vans Stevenson linked to a New York Times piece on how lobbyists court State Attorneys to advance their political agendas.

“FYI, first is a series of articles,” Stevenson wrote to several high level executives involved, not knowing that a follow-up would include “Project Goliath.”

Perhaps fittingly, New York Times’ journalist Eric Lipton won a Pulitzer prize for the series yesterday, for reporting “how the influence of lobbyists can sway congressional leaders and state attorneys general, slanting justice toward the wealthy and connected.”

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Beating Internet Censors With BitTorrent’s Maelstrom Browser

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

bittorrent-logoSan Francisco-based BitTorrent Inc. already has a few popular applications in its catalog, including uTorrent and Sync. However, with its new “people-powered” browser it hopes to spark another revolution.

Project Maelstrom, as it’s called, is still in the early stages of development but the company has decided to push a Beta out to the public so developers can start building tools and services around it.

In short, Maelstrom takes Google’s Chromium framework and stuffs a powerful BitTorrent engine under the hood, meaning that torrents can be played directly from the browser. More excitingly, however, Maelstrom also supports torrent-powered websites that no longer have to rely on central servers.

By simply publishing a website in a torrent format the website will be accessible if others are sharing it. This can be assisted by web-seeds but also completely peer-to-peer.

For example, earlier this week Wikileaks published a controversial archive of documents and emails that leaked after the Sony hack. If the hosting provider was forced to take the files down they would disappear but with Maelstrom-supported sites, users would be able to keep it online.

The same is true for torrent sites such as The Pirate Bay, which suffered weeks of downtime recently after the site’s servers were raided.

BitTorrent powered page
meal

At the moment there are very few websites that support Maelstrom. There is an early WordPress plugin and others are experimenting with it as well, but wider adoption will need some time.

That said, traditional magnet links work too, so people can play video and audio from regular torrent sites directly in the browser.

BitTorrent Inc. informs TF that the main goal is to provide a new and open publishing platform. It’s now up to developers to use it to their advantage.

“We believe in providing an alternative means for publishing that is neutral and that gives ownership back to those publishers. But one of our biggest goals with this release is just to get it out and into the hands of developers and see what emerges,” Maelstrom’s project lead Rob Velasquez says.

And in that respect momentum is building. BitTorrent Inc. says that a community of more than 10,000 developers and 3,500 publishers has already been established, with tools to bring more on board now available via Github.

While Maelstrom can bypass Internet censors, it’s good to keep in mind that all shared files are visible to the public. Maelstrom is caching accessed content to keep it seeded, so using a VPN might not be a bad idea. After all, users leave a trail of their browsing history behind.

On the upside, Maelstrom can be more private for publishers as they don’t have to share any personal details with hosting companies or domain registrars.

“The BitTorrent protocol remains the same, but it does mean that you no longer have to hand over personal, private data to domain registrars or hosting companies to put up a simple website,” Velasquez notes.

The idea for a BitTorrent-powered browser is not new. The Pirate Bay started work on a related project last year with the aim of keeping the site online even if its servers were raided.

It will be interesting to see if Maelstrom can get some traction. There’s still a long way to go, but the idea of an open and censorship-free web does sound appealing.

With a Mac version still under a development, Project Maelstrom (beta) can be downloaded for Windows here.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Music Industry Wants Cross Border Pirate Site Blocks

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

stop-blockedIn recent years blockades of “pirate” websites have spread across Europe and elsewhere. In the UK, for example, more than 100 websites are currently blocked by the major ISPs.

In recent weeks alone several new countries adopted similar measures, Australia, Spain and Portugal included.

Opponents of this censorship route often argue that the measures are ineffective, and that people simply move to other sites. However, in its latest Digital Music Report music industry group IFPI disagrees, pointing at research conducted in the UK.

“Website blocking has proved effective where applied,” IFPI writes, noting that the number of UK visits to “all BitTorrent” sites dropped from 20 million in April 2012 to 11 million two years later.

effblock

The key to an effective blocking strategy is to target not just one, but all leading pirate sites.

“While blocking an individual site does not have a significant impact on overall traffic to unlicensed services, once a number of leading sites are
blocked then there is a major impact,” IFPI argues.

For now, however, courts have shown to be among the biggest hurdles. It can sometimes take years before these cases reach a conclusion, and the same requests have to be made in all countries.

To streamline the process, copyright holders now want blocking injunctions to apply across borders, starting in the European Union.

“The recording industry continues to call for website blocking legislation where it does not already exist. In countries where there is already a legal basis for blocking, procedures can be slow and burdensome,” IFPI writes.

“For example, within the EU, blocking The Pirate Bay has meant taking multiple legal actions in different member states and rights holders are calling for injunctions to have cross-border effect.”

In addition to website blockades the music industry also stresses that other stakeholders should do more to help fight piracy. Search engines should prioritize legal services, for example, and advertisers and payment processors should cut their ties with pirate sites.

While IFPI’s numbers suggests that BitTorrent piracy has decreased globally, it still remains a significant problem. The group estimates that there are still four billion pirated music downloads per year on BitTorrent alone.

In other words, there’s plenty of blocking to be done before it’s no longer an issue, if that point will ever be reached.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Schneier on Security: China’s Great Cannon

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Citizen Lab has issued a report on China’s “Great Cannon” attack tool, used in the recent DDoS attack against GitHub.

We show that, while the attack infrastructure is co-located with the Great Firewall, the attack was carried out by a separate offensive system, with different capabilities and design, that we term the “Great Cannon.” The Great Cannon is not simply an extension of the Great Firewall, but a distinct attack tool that hijacks traffic to (or presumably from) individual IP addresses, and can arbitrarily replace unencrypted content as a man-in-the-middle.

The operational deployment of the Great Cannon represents a significant escalation in state-level information control: the normalization of widespread use of an attack tool to enforce censorship by weaponizing users. Specifically, the Cannon manipulates the traffic of “bystander” systems outside China, silently programming their browsers to create a massive DDoS attack. While employed for a highly visible attack in this case, the Great Cannon clearly has the capability for use in a manner similar to the NSA’s QUANTUM system, affording China the opportunity to deliver exploits targeting any foreign computer that communicates with any China-based website not fully utilizing HTTPS.

It’s kind of hard for the US to complain about this kind of thing, since we do it too.

More stories. Hacker News thread.

Krebs on Security: Don’t Be Fodder for China’s ‘Great Cannon’

This post was syndicated from: Krebs on Security and was written by: BrianKrebs. Original post: at Krebs on Security

China has been actively diverting unencrypted Web traffic destined for its top online search service — Baidu.com — so that some visitors from outside of the country were unwittingly enlisted in a novel and unsettling series of denial-of-service attacks aimed at sidelining sites that distribute anti-censorship tools, according to research released this week.

The findings, published in a joint paper today by researchers with University of Toronto’s Citizen LabCitizen Lab, the International Computer Science Institute (ICSI) and the University of California, Berkeley, track a remarkable development in China’s increasingly public display of its evolving cyber warfare prowess.

“Their willingness to be so public mystifies me,” said Nicholas Weaver, a researcher at the ICSI who helped dig through the clues about the mysterious attack. “But it does appear to be a very public statement about their capabilities.”

greatcannon

Earlier this month, Github — an open-source code repository — and greatfire.org, which distributes software to help Chinese citizens evade censorship restrictions enacted by the so-called “Great Firewall of China,” found themselves on the receiving end of a massive and constantly-changing attack apparently designed to prevent people from being able to access the sites.

Experts have long known that China’s Great Firewall is capable of blocking Web surfers from within the country from accessing online sites that host content which is deemed prohibited by the Chinese government. But according to researchers, this latest censorship innovation targeted Web surfers from outside the country who were requesting various pages associated with Baidu, such that Internet traffic from a small percentage of surfers outside the country was quietly redirected toward Github and greatfire.org.

This attack method, which the researchers have dubbed the “Great Cannon,” works by intercepting non-Chinese traffic to Baidu Web properties, Weaver explained.

“It only intercepts traffic to a certain set of Internet addresses, and then only looks for specific script requests. About 98 percent of the time it sends the Web request straight on to Baidu, but about two percent of the time it says, ‘Okay, I’m going to drop the request going to Baidu,’ and instead it directly provides the malicious reply, replying with a bit of Javascript which causes the user’s browser to participate in a DOS attack, Weaver said.

The researchers said they tracked the attack for several days after Github apparently figured out how to filter the malicious traffic, which relied on malicious Javascript files that were served to visitors outside of China that were browsing various Baidu properties.

Chillingly, the report concludes that Chinese censors could just have easily served malicious code to exploit known Web browser vulnerabilities.

“With a minor tweak in the code, they could have provided exploits to targeted [Internet addresses], so that instead of intercepting all traffic to Baidu, they would serve malware attacks to those visitors,” Weaver said.

Interestingly, this type of attack is not unprecedented. According to documents leaked by National Security Agency whistleblower Edward Snowden, the NSA and British intelligence services used a system dubbed “QUANTUM” to inject content and modify Web results for individual targets that appeared to be coming from a pre-selected range of Internet addresses.

“The Chinese government can credibly say the United States has done similar things in the past,” Weaver said. “They can’t say we’ve done large scale DDoS attacks, but the Chinese government can honestly state that the U.S. has modified traffic in-flight to attack and exploit systems.”

Weaver said the attacks from the Great Cannon don’t succeed when people are browsing Chinese sites with a Web address that begins with “https://”, meaning that regular Internet users can limit their exposure to these attacks by insisting that all Internet communications are routed over “https” versus unencrypted “http://” connections in their browsers. A number of third-party browser plug-ins — such as https-everywhere — can help people accomplish this goal.

“The lesson here is encrypt all the things all the time always,” Weaver said. “If you have to worry about a nation state adversary and if they can see an unencrypted web request that they can tie to your identity, they can use that as a vehicle for attack. This has always been the case, but it’s now practice.”

But Bill Marczak, a research fellow with Citizen Lab, said relying on an always-on encryption strategy is not a foolproof counter to this attack, because plug-ins like https-anywhere will still serve regular unencrypted content when Web sites refuse to or don’t offer the same content over an encrypted connection. What’s more, many Web sites draw content from a variety of sources online, meaning that the Great Cannon attack could succeed merely by drawing on resources provided by online ad networks that serve ads on a variety of Web sites from a dizzying array of sources.

“Some of the scripts being injected in this attack are from online ad networks,” Marczak said. “But certainly this kind of attack suggests a far more aggressive use of https where available.”

For a deep dive into the research referenced in this story, check out this link.

Errata Security: Pin-pointing China’s attack against GitHub

This post was syndicated from: Errata Security and was written by: Robert Graham. Original post: at Errata Security

For the past week, the website “GitHub” has been under attack by China. In this post, I pin-point where the attack is coming from by doing an http-traceroute.

GitHub is a key infrastructure website for the Internet, being the largest host of open-source projects, most famously Linux. (I host my code there). It’s also a popular blogging platform.

Among the zillions of projects are https://github.com/greatfire and https://github.com/cn-nytimes. These are mirrors (copies) of the websites http://greatfire.org and http://cn.nytimes.com. GreatFire provides tools for circumventing China’s Internet censorship, the NYTimes contains news stories China wants censored.

China blocks the offending websites, but it cannot easily block the GitHub mirrors. Its choices are either to block or allow everything on GitHub. Since GitHub is key infrastructure for open-source, blocking GitHub is not really a viable option.

Therefore, China chose another option, to flood those specific GitHub URLs with traffic in order to pressure GitHub into removing those pages. This is a stupid policy decision, of course, since Americans are quite touchy on the subject and are unlikely to comply with such pressure. It’s likely GitHub itself can resolve the issue, as there are a zillion ways to respond. If not, other companies (like CloudFlare) would leap to their defense.

The big question is attribution. Is this attack authorized by the Chinese government? Or is it the work of rogue hackers?

The company Netresec in Sweden partially answered this problem by figuring out most of the details of the hack. The way the attack worked is that some man-in-the-middle device intercepted web requests coming into China from elsewhere in the world, and then replaced the content with JavaScript code that would attack GitHub. Specifically, they intercepted requests to Baidu’s analytics. The search-engine Baidu is the Google of China, and it runs analytics software like Google in order to track advertising. Everyone outside China visiting internal pages would then run this JavaScript to attack GitHub. Since the attack appears to be coming “from everywhere”, it’s impractical for GitHub to block the attack.

Netresec could clearly identify that a man-in-the-middle was happening by looking at the TTL fields in the packets. TTL, or time-to-live, is a field in all Internet packets that tracks the age of the packet. Each time a router forwards a packet, one is subtracted from the field. When it reaches zero, the packet is discarded. This prevents routing loops from endlessly forwarding packets around in circle.

Many systems send packets with a starting TTL of 64. Thus, when a packet arrives with a value of 46, you know that that there are 18 hops between you and the sender (64 – 18 = 46).

What Netresec found was a situation shown in the following picture. This picture shows a sequence of packets to and from the server. My packets sent to the Baidu server have a TTL of 64, the starting value I send with. The first response from the server has a value of 46 — because while they transmitted the packet with a value of 64, it was reduced by 18 by the time it arrived at my computer. After I send the web request, I get weird TTLs in response, with values of 98 and 99. These obviously did not come from the original server, but some intermediate man-in-the-middle device.

I know this man-in-the-middle is somewhere between me and Baidu, but where? To answer that, we use the concept of traceroute.

Traceroute is a real cool trick. Instead of sending packets with a TTL of 64, the tool sends them with a TTL of 1, then 2, then 3, and so on. Because the TTL is so low, they won’t reach their destination. Instead, the TTL will eventually reach 0, and routers along the way will drop them. When routers do this, they send back a notification packet called a Time-Exceeded message — using the router’s Internet address. Thus, I can collect all these packets and map the routers between me and a target.

The tool that does this is shown below, where I traceroute to the Baidu server from my machine:

The second column is time. As you can see, it takes almost 80-milliseconds for my packets to reach Los Angeles, and then the delay jumps to 230-milliseconds to reach China. Also note that I can’t quite reach the server, as there is a firewall after hop 16 that is blocking traceroute from working.

So where along this route is the man-in-the-middle interception happening? To answer this question, I had write some code. I wrote my own little traceroute tool. Instead of sending a single packet, it first established a connection with normal TTLs, so that it would reach all the way to the target server. Then, when it sent the web request packet, it used a smaller TTL, so it would get dropped before reaching the server — but hopefully after the man-in-the-middle saw it. By doing these with varying TTLs, I should be able to discover at which hop the evil device is lurking.

I found that the device lurks between 11 and 12 hops. The web request packets sent with a TTL of 11 are not seen, while packets with TTL of 12 are, generating a response, as shown below:

The black line above shows the packet I sent, with a TTL of 12. The orange line (and the two packets above it) show the packets received from the man-in-the-middle device. When I send packets with a TTL of 11, I never get a response from that evil device.

By looking at the IP addresses in the traceroute, we can conclusive prove that the man-in-the-middle device is located on the backbone of China Unicom, a major service provider in China.

The next step is to traceroute in the other direction, from China to a blocked address, such as the http://www.nytimes.com address at 170.149.168.130. Using the website http://www.linkwan.net/tr.htm, I get the following:

This shows that the Great Firewall runs inside the China Unicom infrastructure.

Conclusion

Using my custom http-traceroute, I’ve proven that the man-in-the-middle machine attacking GitHub is located on or near the Great Firewall of China. While many explanations are possible, such as hackers breaking into these machines, the overwhelmingly most likely suspect for the source of the GitHub attacks is the Chinese government.

This is important evidence for our government. It’ll be interesting to see how they respond to these attacks — attacks by a nation state against key United States Internet infrastructure.

TorrentFreak: Pirate Bay To Open Its Own .PIRATE Domain Name Registry

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

pirate bayThe Pirate Bay’s parent company Reservella Ltd. has started the registration process for a new gTLD with a .PIRATE extension.

Responding to increased pressure from the MPAA and RIAA on the domain name industry, the torrent site hopes to break away from the rules and regulations which forced it to move to several new domains in recent years.

“We can no longer trust third party services and registries, who are under immense pressure from the copyright lobby. So we decided to apply for our very own gTLD and be a true Pirate registry,” TPB’s Winston informs TF.

The new registration is currently being processed by the Internet Corporation for Assigned Names and Numbers (ICANN), the main oversight body for the Internet’s global domain name system which accepts new gTLD proposals.

.PIRATE application
pirapri1

If the new TLD is finalized the Pirate Bay team plans to open registrations to the public. While it has to agree to some oversight formalities and ICANN agreements, the .PIRATE domains are expected to be less prone to censorship.

“The ultimate goal is to create a true PIRATE hydra. This means that we will allow other sites to register .PIRATE domain names too. Staying true to our pirate roots the domains can be registered anonymously without charge,” Winston tells us.

The Pirate Bay crew has prepared the application in secret, setting the wheels in motion nearly a year ago. Ideally, the process would have been finished by late January but a police raid and persistent hosting problems caused some delay.

“Things are looking good so far, but we’re not there yet. Fingers crossed. Let’s hope nothing foolish happens,” Winston concludes.

For the time being, however, The Pirate Bay will continue operating from the Swedish based .SE domain name. A transition to the .PIRATE domain is expected to take place this summer, at the earliest.

The MPAA and RIAA couldn’t be reached for a comment on today’s news, but it’s expected that they will do everything within their power to block Pirate Bay’s deviant plans.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

The Hacker Factor Blog: Chinese Sayings

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

I recently blogged about Google ending support for Google Code. I had pointed out that the recommended solution was to move from Google Code to Github and that we should hope Github doesn’t go away anytime soon. I swear that was just a snide comment and not displaying any insider knowledge of what happened next…

About a week later, GitHub announced that they were under a very large scale denial-of-service attack. According to GitHub’s blog:

The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These include every vector we’ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic. Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content.

The folks at TechCrunch elaborated on the targeted attack:

Specifically, security experts report that the attackers were redirecting search traffic from overseas users of the Chinese search engine Baidu, and were targeting two pages in particular. One page was run by Greatfire.org, a site that reports on the government censorship in China, and the other linked to a copy of the New York Times’ Chinese language website.

To put things into perspective, the denial of service attack last year against my own site lasted 24 hours and prevented the public from accessing the server. This attack against GitHub appears to have recently ended — after 118 hours! And the attack only caused short outages. (I am very impressed at Github’s ability to withstand a massive network attack like this.)

Chinese Proverb: A cornered dog will jump over the wall.

In a press conference yesterday, Chinese officials were asked about the network attack. (Note: This quote comes from a web page posted in English on a Chinese government web site.)

Q: First, officials from Puntland, Somalia said that more and more ships from Iran, the ROK and China are involved in illegal fishing off the Somali waters. UN officials said that the rise of illegal fishing may lead to rampant piracy. Has China asked its fishermen to stop illegal fishing? Second, a report says that a US website was under hacker attack, and the source of the attack was from China. How do you respond?

A: On your first question, the Chinese government is opposed to illegal fishing, and we have been asking Chinese citizens to fish in accordance with the law. We also hope countries concerned can take tangible steps to safeguard the security and rights and interests of the Chinese fishermen.

On your second question, it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I’d like to remind you that China is one of the major victims of cyber attacks. We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative. It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner.

As ZDNet noted, China’s Foreign Ministry spokesperson Hua Chunying did not deny the attack. Moreover, Hua tried to spin it as if China was the victim.

Chinese Proverb: An offender sues the victim first.

I watch the logs on my web server very closely. I regularly see network attacks against the server. Most attacks are from automated bots looking for known vulnerabilities. However, occasionally there are manual attacks or novel 0-day attacks. (None have been successful, but I still keep an eye on the server.)

Geolocating a network address back to a source is relatively straightforward. You start with the network address of the client and you reference some public data that maps addresses to locations. Identifying the country is relatively easy. Identifying the city or something more specific may be less accurate. Typically, if a network address traces to “Denver, Colorado”, what it really means is “in or near Denver, Colorado” — it may be Aurora, Littleton, Boulder, or even Colorado Springs, but it’s probably not Pueblo, Ted’s Place, or anywhere outside Colorado.

Of course, hostile attackers could use proxies. But those kind of attacks typically do not use network addresses from the same subnets.

At FotoForensics, a solid 60% all network attacks come from addresses that geolocate to China. The next largest countries (20% and 10% respectively) are from the United States and Russia. With the USA, attacks typically come from everywhere — there is no particular subnet or hosting location. These attacks likely represent infected computers and botnets. In contrast, Russia is usually isolated to specific network addresses. But China? I see entire subnets attacking my site. When one address gets banned, another address in the same subnet continues where the last one left off.

Recently I noticed that the attacks from China follow one of two patterns.

Attack Pattern #1: “Scan bot”
A bot first attacks my secure-shell (ssh) server. It tries a couple of brute-force login attempts as “root” and then gets banned. Immediately after the ban (within 2 seconds), there is a web bot from a different network address in China that accesses “/” or “/favicon.ico”. I know this is a bot because a real user’s client would download my logo image, style sheet, and other dependency files.

I’m not sure what the Chinese web bot is looking for, but I suspect that it is something in the HTTP header. If they see it, then they will likely attack. And since I’m not seeing the web attack, I must not be returning whatever it is they are looking for.

Attack Pattern #2: “The Follow-up”
My site gets visitors from all over the world. But in any given hour, I may only receive a small sample of countries using my online service. I may go hours without a legitimate user accessing FotoForensics from China. But when they do, there seems to be a consistent pattern.

First, the user accesses my site. This is harmless and they use the site as intended. Then, between 5 and 15 minutes later, a bot from a different subnet in China will attempt to attack my ssh server.

For example…
A user at 111.186.106.xx (Kunming, CN) used my site at 29/Mar/2015:08:51:44 -0600.
This was followed by an attack against my ssh server from 221.229.166.28 (Shancheng, CN).

On 29/Mar/2015:06:34:45, a user at 180.76.6.xx (Beijing, CN) visited my site. This was followed by ssh attacks from 58.218.204.241 (Shancheng, CN).

The attacks in my logs look like:

root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)

I checked these attack addresses against various DNS blacklists that track network attacks. Every single one of these addresses are known attackers. For example, CBL.AbuseAt.org lists 221.229.166.28, 221.229.166.30 and 221.229.166.254 as known hostile addresses that perform network attacks. The site Blocklist.de also lists them as known attackers. And websworld.org shows similar ssh attacks coming from these addresses as well as a ton of other Chinese network addresses. (Currently Websworld lists 62 addresses that have attacked their ssh servers — 58 of them are from China.)

It has reached the point where I have blacklisted entire subnets from China that have only been used to attack my server. For example, I have banned 211.229.166.0/24 since many of the addresses in that range have attacked my server and none have been used for legitimate uses.

I find this second attack pattern to be very disturbing and very consistent. First a user in China accesses my site, and then an attack comes in 5-15 minutes later. It is disturbing because it appears that the Chinese government actively tracks every web site their citizens access, and then they queue up the site for a follow-up attack.

If this were just a botnet, then it would not be predictable. However, it is very predictable. If nobody from China visits my site in an hour, then there are none of these ssh attacks from China. As soon as someone from China visits my site, I can expect and receive an attack within 15 minutes.

The second question becomes: is this the Chinese government or someone else? To answer that, we just need to look at the users who visit my site. In order to queue up these attacks, “someone” must be able to watch all traffic out of China. As far as I can tell, only the Chinese government is configured to watch all packets that leave their country. An individual user can monitor their local subnet, but not the entire country. A compromised router can monitor a region, but not the entire country. So either all of China has been compromised and is being used to attack everyone, or the Chinese government is actively monitoring all traffic and queuing up sites to attack. (The third option is that this is a very long-term and consistent coincidence. But a 100% predictability rate over weeks does not seem coincidental to me.)

Chinese Proverb: A thief cries “Stop thief!”

The Chinese government is well-known for performing cyber attacks. Some of the attacks are espionage, while others attempt to identify dissidents. I can only assume that these latest attacks are China’s new method to automate compromises, identify critics, and silence online voices.

The Chinese official said, “it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it”. Whether it is a long-term denial of service that tries to silence voices or wide-spread network attacks, there is no question whether these attacks trace to China or whether the Chinese government permits these attacks. In my case, these attacks are not speculation; they form a consistent, repeatable, and predictable pattern. I also have no doubt that if the Github security staff say the attacks trace to China, then it came from China. Since the Chinese government attempts to filter all content in and out of their country, it is reasonable to believe that they could mitigate or stop these attacks if they wanted it stopped.

The only thing odd is the Chinese official saying that she finds it “odd” that these attacks keep being blamed on China. Perhaps the Foreign Ministry spokesperson should adopt a British idiom: “if the cap fits, wear it.

The Hacker Factor Blog: Chinese Sayings

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

I recently blogged about Google ending support for Google Code. I had pointed out that the recommended solution was to move from Google Code to Github and that we should hope Github doesn’t go away anytime soon. I swear that was just a snide comment and not displaying any insider knowledge of what happened next…

About a week later, GitHub announced that they were under a very large scale denial-of-service attack. According to GitHub’s blog:

The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These include every vector we’ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic. Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content.

The folks at TechCrunch elaborated on the targeted attack:

Specifically, security experts report that the attackers were redirecting search traffic from overseas users of the Chinese search engine Baidu, and were targeting two pages in particular. One page was run by Greatfire.org, a site that reports on the government censorship in China, and the other linked to a copy of the New York Times’ Chinese language website.

To put things into perspective, the denial of service attack last year against my own site lasted 24 hours and prevented the public from accessing the server. This attack against GitHub appears to have recently ended — after 118 hours! And the attack only caused short outages. (I am very impressed at Github’s ability to withstand a massive network attack like this.)

Chinese Proverb: A cornered dog will jump over the wall.

In a press conference yesterday, Chinese officials were asked about the network attack. (Note: This quote comes from a web page posted in English on a Chinese government web site.)

Q: First, officials from Puntland, Somalia said that more and more ships from Iran, the ROK and China are involved in illegal fishing off the Somali waters. UN officials said that the rise of illegal fishing may lead to rampant piracy. Has China asked its fishermen to stop illegal fishing? Second, a report says that a US website was under hacker attack, and the source of the attack was from China. How do you respond?

A: On your first question, the Chinese government is opposed to illegal fishing, and we have been asking Chinese citizens to fish in accordance with the law. We also hope countries concerned can take tangible steps to safeguard the security and rights and interests of the Chinese fishermen.

On your second question, it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I’d like to remind you that China is one of the major victims of cyber attacks. We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative. It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner.

As ZDNet noted, China’s Foreign Ministry spokesperson Hua Chunying did not deny the attack. Moreover, Hua tried to spin it as if China was the victim.

Chinese Proverb: An offender sues the victim first.

I watch the logs on my web server very closely. I regularly see network attacks against the server. Most attacks are from automated bots looking for known vulnerabilities. However, occasionally there are manual attacks or novel 0-day attacks. (None have been successful, but I still keep an eye on the server.)

Geolocating a network address back to a source is relatively straightforward. You start with the network address of the client and you reference some public data that maps addresses to locations. Identifying the country is relatively easy. Identifying the city or something more specific may be less accurate. Typically, if a network address traces to “Denver, Colorado”, what it really means is “in or near Denver, Colorado” — it may be Aurora, Littleton, Boulder, or even Colorado Springs, but it’s probably not Pueblo, Ted’s Place, or anywhere outside Colorado.

Of course, hostile attackers could use proxies. But those kind of attacks typically do not use network addresses from the same subnets.

At FotoForensics, a solid 60% all network attacks come from addresses that geolocate to China. The next largest countries (20% and 10% respectively) are from the United States and Russia. With the USA, attacks typically come from everywhere — there is no particular subnet or hosting location. These attacks likely represent infected computers and botnets. In contrast, Russia is usually isolated to specific network addresses. But China? I see entire subnets attacking my site. When one address gets banned, another address in the same subnet continues where the last one left off.

Recently I noticed that the attacks from China follow one of two patterns.

Attack Pattern #1: “Scan bot”
A bot first attacks my secure-shell (ssh) server. It tries a couple of brute-force login attempts as “root” and then gets banned. Immediately after the ban (within 2 seconds), there is a web bot from a different network address in China that accesses “/” or “/favicon.ico”. I know this is a bot because a real user’s client would download my logo image, style sheet, and other dependency files.

I’m not sure what the Chinese web bot is looking for, but I suspect that it is something in the HTTP header. If they see it, then they will likely attack. And since I’m not seeing the web attack, I must not be returning whatever it is they are looking for.

Attack Pattern #2: “The Follow-up”
My site gets visitors from all over the world. But in any given hour, I may only receive a small sample of countries using my online service. I may go hours without a legitimate user accessing FotoForensics from China. But when they do, there seems to be a consistent pattern.

First, the user accesses my site. This is harmless and they use the site as intended. Then, between 5 and 15 minutes later, a bot from a different subnet in China will attempt to attack my ssh server.

For example…
A user at 111.186.106.xx (Kunming, CN) used my site at 29/Mar/2015:08:51:44 -0600.
This was followed by an attack against my ssh server from 221.229.166.28 (Shancheng, CN).

On 29/Mar/2015:06:34:45, a user at 180.76.6.xx (Beijing, CN) visited my site. This was followed by ssh attacks from 58.218.204.241 (Shancheng, CN).

The attacks in my logs look like:

root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)

I checked these attack addresses against various DNS blacklists that track network attacks. Every single one of these addresses are known attackers. For example, CBL.AbuseAt.org lists 221.229.166.28, 221.229.166.30 and 221.229.166.254 as known hostile addresses that perform network attacks. The site Blocklist.de also lists them as known attackers. And websworld.org shows similar ssh attacks coming from these addresses as well as a ton of other Chinese network addresses. (Currently Websworld lists 62 addresses that have attacked their ssh servers — 58 of them are from China.)

It has reached the point where I have blacklisted entire subnets from China that have only been used to attack my server. For example, I have banned 211.229.166.0/24 since many of the addresses in that range have attacked my server and none have been used for legitimate uses.

I find this second attack pattern to be very disturbing and very consistent. First a user in China accesses my site, and then an attack comes in 5-15 minutes later. It is disturbing because it appears that the Chinese government actively tracks every web site their citizens access, and then they queue up the site for a follow-up attack.

If this were just a botnet, then it would not be predictable. However, it is very predictable. If nobody from China visits my site in an hour, then there are none of these ssh attacks from China. As soon as someone from China visits my site, I can expect and receive an attack within 15 minutes.

The second question becomes: is this the Chinese government or someone else? To answer that, we just need to look at the users who visit my site. In order to queue up these attacks, “someone” must be able to watch all traffic out of China. As far as I can tell, only the Chinese government is configured to watch all packets that leave their country. An individual user can monitor their local subnet, but not the entire country. A compromised router can monitor a region, but not the entire country. So either all of China has been compromised and is being used to attack everyone, or the Chinese government is actively monitoring all traffic and queuing up sites to attack. (The third option is that this is a very long-term and consistent coincidence. But a 100% predictability rate over weeks does not seem coincidental to me.)

Chinese Proverb: A thief cries “Stop thief!”

The Chinese government is well-known for performing cyber attacks. Some of the attacks are espionage, while others attempt to identify dissidents. I can only assume that these latest attacks are China’s new method to automate compromises, identify critics, and silence online voices.

The Chinese official said, “it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it”. Whether it is a long-term denial of service that tries to silence voices or wide-spread network attacks, there is no question whether these attacks trace to China or whether the Chinese government permits these attacks. In my case, these attacks are not speculation; they form a consistent, repeatable, and predictable pattern. I also have no doubt that if the Github security staff say the attacks trace to China, then it came from China. Since the Chinese government attempts to filter all content in and out of their country, it is reasonable to believe that they could mitigate or stop these attacks if they wanted it stopped.

The only thing odd is the Chinese official saying that she finds it “odd” that these attacks keep being blamed on China. Perhaps the Foreign Ministry spokesperson should adopt a British idiom: “if the cap fits, wear it.

The Hacker Factor Blog: Chinese Sayings

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

I recently blogged about Google ending support for Google Code. I had pointed out that the recommended solution was to move from Google Code to Github and that we should hope Github doesn’t go away anytime soon. I swear that was just a snide comment and not displaying any insider knowledge of what happened next…

About a week later, GitHub announced that they were under a very large scale denial-of-service attack. According to GitHub’s blog:

The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These include every vector we’ve seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic. Based on reports we’ve received, we believe the intent of this attack is to convince us to remove a specific class of content.

The folks at TechCrunch elaborated on the targeted attack:

Specifically, security experts report that the attackers were redirecting search traffic from overseas users of the Chinese search engine Baidu, and were targeting two pages in particular. One page was run by Greatfire.org, a site that reports on the government censorship in China, and the other linked to a copy of the New York Times’ Chinese language website.

To put things into perspective, the denial of service attack last year against my own site lasted 24 hours and prevented the public from accessing the server. This attack against GitHub appears to have recently ended — after 118 hours! And the attack only caused short outages. (I am very impressed at Github’s ability to withstand a massive network attack like this.)

Chinese Proverb: A cornered dog will jump over the wall.

In a press conference yesterday, Chinese officials were asked about the network attack. (Note: This quote comes from a web page posted in English on a Chinese government web site.)

Q: First, officials from Puntland, Somalia said that more and more ships from Iran, the ROK and China are involved in illegal fishing off the Somali waters. UN officials said that the rise of illegal fishing may lead to rampant piracy. Has China asked its fishermen to stop illegal fishing? Second, a report says that a US website was under hacker attack, and the source of the attack was from China. How do you respond?

A: On your first question, the Chinese government is opposed to illegal fishing, and we have been asking Chinese citizens to fish in accordance with the law. We also hope countries concerned can take tangible steps to safeguard the security and rights and interests of the Chinese fishermen.

On your second question, it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it. I’d like to remind you that China is one of the major victims of cyber attacks. We have been underlining that China hopes to work with the international community to speed up the making of international rules and jointly keep the cyber space peaceful, secure, open and cooperative. It is hoped that all parties can work in concert to address hacker attacks in a positive and constructive manner.

As ZDNet noted, China’s Foreign Ministry spokesperson Hua Chunying did not deny the attack. Moreover, Hua tried to spin it as if China was the victim.

Chinese Proverb: An offender sues the victim first.

I watch the logs on my web server very closely. I regularly see network attacks against the server. Most attacks are from automated bots looking for known vulnerabilities. However, occasionally there are manual attacks or novel 0-day attacks. (None have been successful, but I still keep an eye on the server.)

Geolocating a network address back to a source is relatively straightforward. You start with the network address of the client and you reference some public data that maps addresses to locations. Identifying the country is relatively easy. Identifying the city or something more specific may be less accurate. Typically, if a network address traces to “Denver, Colorado”, what it really means is “in or near Denver, Colorado” — it may be Aurora, Littleton, Boulder, or even Colorado Springs, but it’s probably not Pueblo, Ted’s Place, or anywhere outside Colorado.

Of course, hostile attackers could use proxies. But those kind of attacks typically do not use network addresses from the same subnets.

At FotoForensics, a solid 60% all network attacks come from addresses that geolocate to China. The next largest countries (20% and 10% respectively) are from the United States and Russia. With the USA, attacks typically come from everywhere — there is no particular subnet or hosting location. These attacks likely represent infected computers and botnets. In contrast, Russia is usually isolated to specific network addresses. But China? I see entire subnets attacking my site. When one address gets banned, another address in the same subnet continues where the last one left off.

Recently I noticed that the attacks from China follow one of two patterns.

Attack Pattern #1: “Scan bot”
A bot first attacks my secure-shell (ssh) server. It tries a couple of brute-force login attempts as “root” and then gets banned. Immediately after the ban (within 2 seconds), there is a web bot from a different network address in China that accesses “/” or “/favicon.ico”. I know this is a bot because a real user’s client would download my logo image, style sheet, and other dependency files.

I’m not sure what the Chinese web bot is looking for, but I suspect that it is something in the HTTP header. If they see it, then they will likely attack. And since I’m not seeing the web attack, I must not be returning whatever it is they are looking for.

Attack Pattern #2: “The Follow-up”
My site gets visitors from all over the world. But in any given hour, I may only receive a small sample of countries using my online service. I may go hours without a legitimate user accessing FotoForensics from China. But when they do, there seems to be a consistent pattern.

First, the user accesses my site. This is harmless and they use the site as intended. Then, between 5 and 15 minutes later, a bot from a different subnet in China will attempt to attack my ssh server.

For example…
A user at 111.186.106.xx (Kunming, CN) used my site at 29/Mar/2015:08:51:44 -0600.
This was followed by an attack against my ssh server from 221.229.166.28 (Shancheng, CN).

On 29/Mar/2015:06:34:45, a user at 180.76.6.xx (Beijing, CN) visited my site. This was followed by ssh attacks from 58.218.204.241 (Shancheng, CN).

The attacks in my logs look like:

root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.254 Tue Mar 31 06:38 – 06:38 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)
root ssh:notty 221.229.166.30 Tue Mar 31 06:02 – 06:02 (00:00)

I checked these attack addresses against various DNS blacklists that track network attacks. Every single one of these addresses are known attackers. For example, CBL.AbuseAt.org lists 221.229.166.28, 221.229.166.30 and 221.229.166.254 as known hostile addresses that perform network attacks. The site Blocklist.de also lists them as known attackers. And websworld.org shows similar ssh attacks coming from these addresses as well as a ton of other Chinese network addresses. (Currently Websworld lists 62 addresses that have attacked their ssh servers — 58 of them are from China.)

It has reached the point where I have blacklisted entire subnets from China that have only been used to attack my server. For example, I have banned 211.229.166.0/24 since many of the addresses in that range have attacked my server and none have been used for legitimate uses.

I find this second attack pattern to be very disturbing and very consistent. First a user in China accesses my site, and then an attack comes in 5-15 minutes later. It is disturbing because it appears that the Chinese government actively tracks every web site their citizens access, and then they queue up the site for a follow-up attack.

If this were just a botnet, then it would not be predictable. However, it is very predictable. If nobody from China visits my site in an hour, then there are none of these ssh attacks from China. As soon as someone from China visits my site, I can expect and receive an attack within 15 minutes.

The second question becomes: is this the Chinese government or someone else? To answer that, we just need to look at the users who visit my site. In order to queue up these attacks, “someone” must be able to watch all traffic out of China. As far as I can tell, only the Chinese government is configured to watch all packets that leave their country. An individual user can monitor their local subnet, but not the entire country. A compromised router can monitor a region, but not the entire country. So either all of China has been compromised and is being used to attack everyone, or the Chinese government is actively monitoring all traffic and queuing up sites to attack. (The third option is that this is a very long-term and consistent coincidence. But a 100% predictability rate over weeks does not seem coincidental to me.)

Chinese Proverb: A thief cries “Stop thief!”

The Chinese government is well-known for performing cyber attacks. Some of the attacks are espionage, while others attempt to identify dissidents. I can only assume that these latest attacks are China’s new method to automate compromises, identify critics, and silence online voices.

The Chinese official said, “it is quite odd that every time a website in the US or any other country is under attack, there will be speculation that Chinese hackers are behind it”. Whether it is a long-term denial of service that tries to silence voices or wide-spread network attacks, there is no question whether these attacks trace to China or whether the Chinese government permits these attacks. In my case, these attacks are not speculation; they form a consistent, repeatable, and predictable pattern. I also have no doubt that if the Github security staff say the attacks trace to China, then it came from China. Since the Chinese government attempts to filter all content in and out of their country, it is reasonable to believe that they could mitigate or stop these attacks if they wanted it stopped.

The only thing odd is the Chinese official saying that she finds it “odd” that these attacks keep being blamed on China. Perhaps the Foreign Ministry spokesperson should adopt a British idiom: “if the cap fits, wear it.

The Hacker Factor Blog: Bull in a China Shop

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

This has been a really long Monday. (“But it’s Thursday!” I know. But when customers call, I answer.)

If you are involved in computer security, online privacy, or cyber defense, then there is one country that is almost unanimously associated with “evil”: China. Beyond their human rights abuses and massive pollution problems are issues with online censorship, plagiarism, cyber espionage, spam, and constant network attacks. My own servers see far more attacks coming from China than any other country. It’s to the point where I’ve considered banning all of China from accessing my sites.

Yet, China just made news about something that I completely agree with: they fined Procter and Gamble (P&G) 980,000 yuan (about $1 million) for false advertising.

The news reports are pretty straightforward. If you’re selling Crest toothpaste that makes teeth whiter, then do not photoshop the ads to make the teeth whiter. This is the same logic that the UK used back in 2009 when they banned an Olay advertisement featuring Twiggy; if you’re selling makeup to make eyes look better, then don’t use Photoshop to make the eyes look better. And yes, Olay is another P&G product.

Smile!

I went looking online for sample pictures of Crest toothpaste ads from China. As it turns out, The Internet Archive has a lot of their ads archived. Here’s a few of them from Crest’s homepage:

https://web.archive.org/web/20140626022125im_/http://image.crest.com.cn/images/home/home_banner_img_01.jpg

https://web.archive.org/web/20140626022125im_/http://image.crest.com.cn/images/home/home_banner_img_05.jpg

https://web.archive.org/web/20130425174611im_/http://image.crest.com.cn/images/home/home_banner_img07.jpg

https://web.archive.org/web/20130728074116im_/http://image.crest.com.cn/images/home/home_banner_img03.jpg

In each case, the pictures and coloring has been touched up. Including making the teeth whiter. The public FotoForensics analysis only identifies Photoshop (in the metadata), touching up, and low quality (ELA), but not the color correction. Hue analysis identifies the color alterations.

I don’t know if any of these are the pictures that China evaluated, but I am convinced that P&G digitally altered the alleged product results.

Shine on!

According to the news reports, China has a similar stance regarding photoshop in advertisements as I do.

An official of the Shanghai regulator said digital enhancement can only be used in adverts in which the changes were irrelevant, such as making the sky more blue in a car ad, Xinhua reported.

I have been saying for years that advertisers can change anything they want except for the item being advertised. When an advertisement for a dress digitally alters the dress, they give the impression that you will look gorgeous in the clothing. But with the digital alterations, they are actually saying, “you will never look this good because you are not photoshopped.” It is a bait-and-switch. They show you a picture of one thing, but then deliver something different.

(Heh… Wouldn’t it be funny if every purchase at Victoria’s Secret included a digital camera and a copy of Photoshop?)

Rinse and Repeat

Although the various news reports focus on P&G, a few mentioned other companies that were also fined. For example, China Economic Review said that Volkswagen and Nikon were also fined. However, the BBC suggested that China is only imposing fines on foreign brands.

I find this accusation from the BBC to be very interesting. While looking for pictures of Crest products in China, I came across this ad from Alibaba:

http://i00.i.aliimg.com/photo/v0/60026425160/Crest_3d_dental_care_tooth_teeth_whitening.jpg

There’s a couple of issues here. First, Onuge is not Crest — they are Crest’s Chinese competitor. Yet Onuge’s colorful logo and packaging looks very similar to Crest. The URL to the picture on Alibaba does not even mention Onuge — it says “Crest”. Even Onuge advertisements claim to have “Crest Supreme Quality“. This seems to be an intentional effort to cause confusion in the marketplace and to make consumers think that Onuge is Crest. (If this were in the United States, I think Crest would have strong grounds for copyright infringement.)

And just like Crest, Onuge digitally altered the teeth to appear whiter. However, I can find no mention of Onuge being fined for false advertisement.

Government Incentive

In addition to the BBC’s findings, the Wall Street Journal pointed out a serious reporting issue. WSJ found that the report from Xinhua (Chinese news outlet) did not mention that the fine was a year old! This is not a recent story — it is just recently being promoted in the media.

If the findings from the BBC and WSJ are correct, then the fine and news report may be less about consumer protection and more about political influence and an attempt to degrade foreign product reputations in the Chinese marketplace.

However, this idea of steep fines really got me thinking… If governments began to levy fines for digitally altered products in advertisements, then the amount of revenue to the government should be a viable option in lieu of minor tax increases. Local, state, and federal governments could bring in revenue from bait-and-switch advertisements. Advertisers would stop modifying product photos and consumers would begin to see products as they really are. This seems like a win-win for consumers and taxpayers.

The Hacker Factor Blog: Bull in a China Shop

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

This has been a really long Monday. (“But it’s Thursday!” I know. But when customers call, I answer.)

If you are involved in computer security, online privacy, or cyber defense, then there is one country that is almost unanimously associated with “evil”: China. Beyond their human rights abuses and massive pollution problems are issues with online censorship, plagiarism, cyber espionage, spam, and constant network attacks. My own servers see far more attacks coming from China than any other country. It’s to the point where I’ve considered banning all of China from accessing my sites.

Yet, China just made news about something that I completely agree with: they fined Procter and Gamble (P&G) 980,000 yuan (about $1 million) for false advertising.

The news reports are pretty straightforward. If you’re selling Crest toothpaste that makes teeth whiter, then do not photoshop the ads to make the teeth whiter. This is the same logic that the UK used back in 2009 when they banned an Olay advertisement featuring Twiggy; if you’re selling makeup to make eyes look better, then don’t use Photoshop to make the eyes look better. And yes, Olay is another P&G product.

Smile!

I went looking online for sample pictures of Crest toothpaste ads from China. As it turns out, The Internet Archive has a lot of their ads archived. Here’s a few of them from Crest’s homepage:

https://web.archive.org/web/20140626022125im_/http://image.crest.com.cn/images/home/home_banner_img_01.jpg

https://web.archive.org/web/20140626022125im_/http://image.crest.com.cn/images/home/home_banner_img_05.jpg

https://web.archive.org/web/20130425174611im_/http://image.crest.com.cn/images/home/home_banner_img07.jpg

https://web.archive.org/web/20130728074116im_/http://image.crest.com.cn/images/home/home_banner_img03.jpg

In each case, the pictures and coloring has been touched up. Including making the teeth whiter. The public FotoForensics analysis only identifies Photoshop (in the metadata), touching up, and low quality (ELA), but not the color correction. Hue analysis identifies the color alterations.

I don’t know if any of these are the pictures that China evaluated, but I am convinced that P&G digitally altered the alleged product results.

Shine on!

According to the news reports, China has a similar stance regarding photoshop in advertisements as I do.

An official of the Shanghai regulator said digital enhancement can only be used in adverts in which the changes were irrelevant, such as making the sky more blue in a car ad, Xinhua reported.

I have been saying for years that advertisers can change anything they want except for the item being advertised. When an advertisement for a dress digitally alters the dress, they give the impression that you will look gorgeous in the clothing. But with the digital alterations, they are actually saying, “you will never look this good because you are not photoshopped.” It is a bait-and-switch. They show you a picture of one thing, but then deliver something different.

(Heh… Wouldn’t it be funny if every purchase at Victoria’s Secret included a digital camera and a copy of Photoshop?)

Rinse and Repeat

Although the various news reports focus on P&G, a few mentioned other companies that were also fined. For example, China Economic Review said that Volkswagen and Nikon were also fined. However, the BBC suggested that China is only imposing fines on foreign brands.

I find this accusation from the BBC to be very interesting. While looking for pictures of Crest products in China, I came across this ad from Alibaba:

http://i00.i.aliimg.com/photo/v0/60026425160/Crest_3d_dental_care_tooth_teeth_whitening.jpg

There’s a couple of issues here. First, Onuge is not Crest — they are Crest’s Chinese competitor. Yet Onuge’s colorful logo and packaging looks very similar to Crest. The URL to the picture on Alibaba does not even mention Onuge — it says “Crest”. Even Onuge advertisements claim to have “Crest Supreme Quality“. This seems to be an intentional effort to cause confusion in the marketplace and to make consumers think that Onuge is Crest. (If this were in the United States, I think Crest would have strong grounds for copyright infringement.)

And just like Crest, Onuge digitally altered the teeth to appear whiter. However, I can find no mention of Onuge being fined for false advertisement.

Government Incentive

In addition to the BBC’s findings, the Wall Street Journal pointed out a serious reporting issue. WSJ found that the report from Xinhua (Chinese news outlet) did not mention that the fine was a year old! This is not a recent story — it is just recently being promoted in the media.

If the findings from the BBC and WSJ are correct, then the fine and news report may be less about consumer protection and more about political influence and an attempt to degrade foreign product reputations in the Chinese marketplace.

However, this idea of steep fines really got me thinking… If governments began to levy fines for digitally altered products in advertisements, then the amount of revenue to the government should be a viable option in lieu of minor tax increases. Local, state, and federal governments could bring in revenue from bait-and-switch advertisements. Advertisers would stop modifying product photos and consumers would begin to see products as they really are. This seems like a win-win for consumers and taxpayers.

The Hacker Factor Blog: Bull in a China Shop

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

This has been a really long Monday. (“But it’s Thursday!” I know. But when customers call, I answer.)

If you are involved in computer security, online privacy, or cyber defense, then there is one country that is almost unanimously associated with “evil”: China. Beyond their human rights abuses and massive pollution problems are issues with online censorship, plagiarism, cyber espionage, spam, and constant network attacks. My own servers see far more attacks coming from China than any other country. It’s to the point where I’ve considered banning all of China from accessing my sites.

Yet, China just made news about something that I completely agree with: they fined Procter and Gamble (P&G) 980,000 yuan (about $1 million) for false advertising.

The news reports are pretty straightforward. If you’re selling Crest toothpaste that makes teeth whiter, then do not photoshop the ads to make the teeth whiter. This is the same logic that the UK used back in 2009 when they banned an Olay advertisement featuring Twiggy; if you’re selling makeup to make eyes look better, then don’t use Photoshop to make the eyes look better. And yes, Olay is another P&G product.

Smile!

I went looking online for sample pictures of Crest toothpaste ads from China. As it turns out, The Internet Archive has a lot of their ads archived. Here’s a few of them from Crest’s homepage:

https://web.archive.org/web/20140626022125im_/http://image.crest.com.cn/images/home/home_banner_img_01.jpg

https://web.archive.org/web/20140626022125im_/http://image.crest.com.cn/images/home/home_banner_img_05.jpg

https://web.archive.org/web/20130425174611im_/http://image.crest.com.cn/images/home/home_banner_img07.jpg

https://web.archive.org/web/20130728074116im_/http://image.crest.com.cn/images/home/home_banner_img03.jpg

In each case, the pictures and coloring has been touched up. Including making the teeth whiter. The public FotoForensics analysis only identifies Photoshop (in the metadata), touching up, and low quality (ELA), but not the color correction. Hue analysis identifies the color alterations.

I don’t know if any of these are the pictures that China evaluated, but I am convinced that P&G digitally altered the alleged product results.

Shine on!

According to the news reports, China has a similar stance regarding photoshop in advertisements as I do.

An official of the Shanghai regulator said digital enhancement can only be used in adverts in which the changes were irrelevant, such as making the sky more blue in a car ad, Xinhua reported.

I have been saying for years that advertisers can change anything they want except for the item being advertised. When an advertisement for a dress digitally alters the dress, they give the impression that you will look gorgeous in the clothing. But with the digital alterations, they are actually saying, “you will never look this good because you are not photoshopped.” It is a bait-and-switch. They show you a picture of one thing, but then deliver something different.

(Heh… Wouldn’t it be funny if every purchase at Victoria’s Secret included a digital camera and a copy of Photoshop?)

Rinse and Repeat

Although the various news reports focus on P&G, a few mentioned other companies that were also fined. For example, China Economic Review said that Volkswagen and Nikon were also fined. However, the BBC suggested that China is only imposing fines on foreign brands.

I find this accusation from the BBC to be very interesting. While looking for pictures of Crest products in China, I came across this ad from Alibaba:

http://i00.i.aliimg.com/photo/v0/60026425160/Crest_3d_dental_care_tooth_teeth_whitening.jpg

There’s a couple of issues here. First, Onuge is not Crest — they are Crest’s Chinese competitor. Yet Onuge’s colorful logo and packaging looks very similar to Crest. The URL to the picture on Alibaba does not even mention Onuge — it says “Crest”. Even Onuge advertisements claim to have “Crest Supreme Quality“. This seems to be an intentional effort to cause confusion in the marketplace and to make consumers think that Onuge is Crest. (If this were in the United States, I think Crest would have strong grounds for copyright infringement.)

And just like Crest, Onuge digitally altered the teeth to appear whiter. However, I can find no mention of Onuge being fined for false advertisement.

Government Incentive

In addition to the BBC’s findings, the Wall Street Journal pointed out a serious reporting issue. WSJ found that the report from Xinhua (Chinese news outlet) did not mention that the fine was a year old! This is not a recent story — it is just recently being promoted in the media.

If the findings from the BBC and WSJ are correct, then the fine and news report may be less about consumer protection and more about political influence and an attempt to degrade foreign product reputations in the Chinese marketplace.

However, this idea of steep fines really got me thinking… If governments began to levy fines for digitally altered products in advertisements, then the amount of revenue to the government should be a viable option in lieu of minor tax increases. Local, state, and federal governments could bring in revenue from bait-and-switch advertisements. Advertisers would stop modifying product photos and consumers would begin to see products as they really are. This seems like a win-win for consumers and taxpayers.

TorrentFreak: UK ISPs Quietly Block Sites That List Pirate Bay Proxies

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

pirate bayFollowing a series of High Court orders, six UK ISPs are required to block access to many of the world’s largest torrent sites and streaming portals.

The blocks are somewhat effective, at least in preventing subscribers from accessing the domains directly. However, there are also plenty of workarounds.

For many sites that are blocked one or more proxy sites emerge. These proxies allow people to access the blocked sites and effectively bypass the restrictions put in place by the court.

The copyright holders are not happy with these loopholes and have asked ISPs to add the proxies to their filters, which they have done on several occasions.

However, restricting access to proxies did not provide a silver bullet either as new ones continue to appear. This week the blocking efforts were stepped up a notch and are now targeting sites that merely provide an overview of various Pirate Bay proxies.

In other words, UK ISPs now restrict access to sites for linking to Pirate Bay proxies.

Among the blocked sites are piratebayproxy.co.uk, piratebayproxylist.com and ukbay.org. Both sites are currently inaccessible on Virgin Media and TalkTalk, and other providers are expected to follow suit.

virginblock

TF spoke with Dan, the operator of UKBay.org, who’s baffled by the newly implemented blockade. He moved his site to a new domain to make the site accessible again, for the time being at least.

“The new blocks are unbelievable and totally unreasonable. To block a site that simply links to another site just shows the level of censorship we are allowing ISP’s to get away with,” Dan says.

“UKBay is not even a PirateBay proxy. It simply provides links to proxies. If they continue blocking sites, that link to sites, that link to sites.. there’l be nothing left,” he adds.

One of the other blocked sites, piratebayproxy.co.uk, doesn’t have any direct links to infringing material. Instead, it provides an overview of short Pirate Bay news articles while listing the URLs of various proxies on the side.

Apparently, providing information about Pirate Bay proxies already warrants a spot on the UK blocklist.

tpbproxy

It is not a secret that the High Court orders give copyright holders the option to continually update the list of infringing domains. However, it’s questionable whether this should also include sites that do not link to any infringing material.

To our knowledge, it is the first time that this has happened.

The new additions were made as part of an existing High Court order that allowed copyright holders to block The Pirate Bay, a Virgin Media spokesperson informs us.

“Under the conditions of the original court order, the rightsholders have the authority to change the specific URLs or IP addresses that must be blocked by all major ISPs – not just Virgin Media. Such changes happen on a regular basis. There is no ‎extension or amendment to the original court order,” Virgin says.

As with earlier updates, the most recent changes are being made without a public announcement, which means that we don’t know precisely how many sites were added. We will update this article if more details arise.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

Schneier on Security: <i>Data and Goliath</i>’s Big Idea

This post was syndicated from: Schneier on Security and was written by: schneier. Original post: at Schneier on Security

Data and Goliath is a book about surveillance, both government and corporate. It’s an exploration in three parts: what’s happening, why it matters, and what to do about it. This is a big and important issue, and one that I’ve been working on for decades now. We’ve been on a headlong path of more and more surveillance, fueled by fear­–of terrorism mostly­–on the government side, and convenience on the corporate side. My goal was to step back and say “wait a minute; does any of this make sense?” I’m proud of the book, and hope it will contribute to the debate.

But there’s a big idea here too, and that’s the balance between group interest and self-interest. Data about us is individually private, and at the same time valuable to all us collectively. How do we decide between the two? If President Obama tells us that we have to sacrifice the privacy of our data to keep our society safe from terrorism, how do we decide if that’s a good trade-off? If Google and Facebook offer us free services in exchange for allowing them to build intimate dossiers on us, how do know whether to take the deal?

There are a lot of these sorts of deals on offer. Wayz gives us real-time traffic information, but does it by collecting the location data of everyone using the service. The medical community wants our detailed health data to perform all sorts of health studies and to get early warning of pandemics. The government wants to know all about you to better deliver social services. Google wants to know everything about you for marketing purposes, but will “pay” you with free search, free e-mail, and the like.

Here’s another one I describe in the book: “Social media researcher Reynol Junco analyzes the study habits of his students. Many textbooks are online, and the textbook websites collect an enormous amount of data about how­–and how often­–students interact with the course material. Junco augments that information with surveillance of his students’ other computer activities. This is incredibly invasive research, but its duration is limited and he is gaining new understanding about how both good and bad students study­–and has developed interventions aimed at improving how students learn. Did the group benefit of this study outweigh the individual privacy interest of the subjects who took part in it?”

Again and again, it’s the same trade-off: individual value versus group value.

I believe this is the fundamental issue of the information age, and solving it means careful thinking about the specific issues and a moral analysis of how they affect our core values.

You can see that in some of the debate today. I know hardened privacy advocates who think it should be a crime for people to withhold their medical data from the pool of information. I know people who are fine with pretty much any corporate surveillance but want to prohibit all government surveillance, and others who advocate the exact opposite.

When possible, we need to figure out how to get the best of both: how to design systems that make use of our data collectively to benefit society as a whole, while at the same time protecting people individually.

The world isn’t waiting; decisions about surveillance are being made for us­–often in secret. If we don’t figure this out for ourselves, others will decide what they want to do with us and our data. And we don’t want that. I say: “We don’t want the FBI and NSA to secretly decide what levels of government surveillance are the default on our cell phones; we want Congress to decide matters like these in an open and public debate. We don’t want the governments of China and Russia to decide what censorship capabilities are built into the Internet; we want an international standards body to make those decisions. We don’t want Facebook to decide the extent of privacy we enjoy amongst our friends; we want to decide for ourselves.”

In my last chapter, I write: “Data is the pollution problem of the information age, and protecting privacy is the environmental challenge. Almost all computers produce personal information. It stays around, festering. How we deal with it­–how we contain it and how we dispose of it­–is central to the health of our information economy. Just as we look back today at the early decades of the industrial age and wonder how our ancestors could have ignored pollution in their rush to build an industrial world, our grandchildren will look back at us during these early decades of the information age and judge us on how we addressed the challenge of data collection and misuse.”

That’s it; that’s our big challenge. Some of our data is best shared with others. Some of it can be ‘processed’­–anonymized, maybe­–before reuse. Some of it needs to be disposed of properly, either immediately or after a time. And some of it should be saved forever. Knowing what data goes where is a balancing act between group and self-interest, a trade-off that will continually change as technology changes, and one that we will be debating for decades to come.

This essay previously appeared on John Scalzi’s blog Whatever.

TorrentFreak: Google Slams MPAA Censorship Efforts After Court ‘Victory’

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

mpaa-logoWith help from the MPAA, Mississippi State Attorney General Jim Hood launched a secret campaign to revive SOPA-like censorship efforts in the United States.

The MPAA and Hood want Internet services to bring website blocking and search engine filtering back to the table after the controversial law failed to pass.

The plan became public through various emails that were released in the Sony Pictures leaks and in a response Google said that it was “deeply concerned” about the developments.

To counter the looming threat Google filed a complaint against Hood last December, asking the court to prevent Hood from enforcing a subpoena that addresses Google’s failure to take down or block access to illegal content, including pirate sites.

This week Google scored its first victory in the case (pdf) as U.S. District Judge Wingate granted a preliminary injunction to put the subpoena on hold.

This means that Hood can’t yet use the investigative powers that were granted in the subpoena. In addition, the injunction also prohibits Hood from filing civil or criminal charges, at least for the time being.

While the Court still has to rule on the merits of the case Google is happy with the first “win.” What stands out most, however, is Google slamming the MPAA’s efforts to censor the Internet.

“We’re pleased with the court’s ruling, which recognizes that the MPAA’s long-running campaign to censor the Web — which started with SOPA — is contrary to federal law,” Google’s general counsel Kent Walker notes.

While the MPAA wasn’t mentioned in the court’s decision, Google wants to make it clear that they see the Hollywood group as the driving force behind Hood’s “censorship” campaign.

Google’s harsh words are illustrative of the worsening relationship between the search giant and the Hollywood lobby group.

After a previous clash, a top executive at Google’s policy department told the MPAA that his company would no longer “speak or do business” with the movie group.

Thus far, the MPAA has remained relatively silent on the court case, at least in public. But given the stakes at hand it’s probably all hands on deck behind the scenes.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: NBC Universal Tries to Censor TorrentFreak’s News About Leaked Films

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

censorshipEarlier this year an unprecedented flood of leaked movies hit the net, including screener copies of popular titles such as American Sniper, Selma and Unbroken.

Hoping to steer people away from these unauthorized copies the copyright holders sent out thousands of takedown notices.

These efforts generally target URLs of torrent sites, cyberlockers and streaming services that link to the unauthorized movies. However, some requests go a little further, targeting news publications such as the one you’re reading at the moment.

Last week NBC Universal sent a series of takedown notices to Google including one for the leaked movie “Unbroken.” Aside from the usual suspects, the list of allegedly infringing URLs also included our recent coverage of the screener leaks.

As with the other pages, NBC Universal urged Google to remove our news report from its search results.

tfcensor1

Luckily, Google appears to have whitelisted our domain name so the search giant didn’t comply with the request. However, other sites may not be so lucky and could have their articles removed.

The overreaching takedown request doesn’t appear to be an isolated incident. Two days earlier NBC Universal sent another takedown notice targeting our coverage of the “Taken 3″ leak.

tfcensor2

But there’s more. Aside from our news articles there are also other dubious claims in the notices, such as the request to remove a live concert from the band “Unbroken.”

The question remains whether NBC Universal intentionally targeted our news articles our not.

While the latter seems to be the most likely explanation, it doesn’t change the fact that the overbroad censorship requests go too far.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Tumblr Censors “Torrent” Related Tags and Searches

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

tumblrnopostsIt appears that piracy is becoming a growing concern for micro-blogging platform Tumblr.

Earlier this week users panicked following an increase in takedown notices, which resulted in the termination of several blogs.

While this uproar was rather public, there are also better concealed changes that seem to target pirated content. Tumblr’s decision to hide posts mentioning the word “torrent” for example.

Those who search the site for “torrent” related queries will notice that there are no results displayed, even though there are plenty of posts mentioning the word. The same is true for posts tagged with “torrent.”

Tumblr is hiding the results in question from both public and logged in users but the latter can make the posts show up if they switch off the “safe mode” lock on the right hand side of the screen.

Below is what the search results for “Ubuntu Torrent” currently look like.

No torrents allowed
tumblr-torrent

Tumblr’s “safe mode” was turned on by default over a year ago to hide offensive “adult oriented” content from the public view. The same filter also blocks words such as “penis” for the same reason.

Needless to say, not all “torrent” posts are offensive or damaging to children’s eyes. A Vuze developer who highlighted the issue notes that other uses of the dictionary word are less threatening.

“Amusingly, the first result for us is pictures of water flowing over rocks.. so, non-adults feel safe, Tumblr will protect you against pictures of the outdoors,” the developer writes on Tumblr.

“Although, it is true that a torrent is a VIOLENT stream of liquid. And we should all be protecting our children against violence,” he adds.

It’s not clear whether the word “torrent” has been banned over piracy concerns or whether its frequent association with porn is the reason for the ban.

In any case, Tumblr’s filter is also hiding plenty of legitimate content, showing once again that Internet censorship is a slippery slope.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

The Hacker Factor Blog: All For The Better

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

Back in 2013, I reported on a picture that I found to be digitally modified. Little did I know, I had inadvertently stepped into a major controversy about photojournalism. As the controversy continued, I tried to raised awareness of the digital manipulation problem that World Press Photo seemed to ignore. I now believe that I helped World Press Photo to see that they should (1) require camera-originals in their evaluation process, (2) use forensics to evaluate pictures for unacceptable modifications, (3) move away from constantly awarding middle-east war photos, and (4) start leading by example.

We have a winner!

A few days ago, World Press Photo (WPP) announced their 2015 winner. At face value, the controversy this year was probably supposed to be on the subject matter: Mads Nissen’s photo was on homophobia in Russia. However, that is not the thing that is getting press coverage. The press coverage is focused on one of WPP’s surprising revelations. Specifically, 20% of the finalists were disqualified due to excessive digital alterations. As reported at PetaPixel:

“Our contest rules clearly state that the content of the image should not be altered,” says Managing Director Lars Boering, “This year’s jury was very disappointed to discover how careless some photographers had been in post-processing their files for the contest. When this meant a material addition or subtraction in the content of the image, it lead to the images being rejected from the contest.”

“It seems some photographers can’t resist the temptation to aesthetically enhance their images during post-processing either by removing small details to ‘clean up’ an image, or sometimes by excessive toning that constitutes a material change to the image,” he says. “Both types of retouching clearly compromise the integrity of the image.”

This was the core of the debate two years ago, when I pointed out in excruciating detail how the 2013 winner digitally altered his photo. Back then, WPP claimed to support journalistic standards. However, they did not enforce this requirement. It wasn’t until after the public shaming that WPP adopted the requirement for camera-originals during the finalist stage.

(I’d say “I told you so”, but I’m not that petty.)

Bad Sportsmanlike Conduct

Through the use of forensics and evaluating the camera-original pictures, WPP managed to identify unacceptable modifications and ruled out 20% of the finalists. This is a huge result. It shows how big the problem is and how important it is to closely monitor photos in the media. As they say in the security world, “trust, but verify.”

It does not surprise me that some genres experience digital alterations more than others. The British Journal of Photography noted that this year’s WPP “Sports Stories category was so badly affected that the jury were unable to award a third prize.” They quoted WPP’s Lars Boering as adding, “I don’t want to say it is just sports photography because in every category was affected, [b]ut after the penultimate round, after we had awarded the first and second place, there was nothing left. All the other images had been removed.” The winning sports picture was also digitally enhanced a little, but not enough to be disqualified.

Ironically, this sports photo is a good picture, but it basically won by default since all but two pictures were disqualified. I’m sure Bao Tailiang is a good photographer, but coming in first out of two contestants doesn’t seem like a significant win. (Or to put it another way, if I had submitted a decent sports photo that was camera-original, then I could have come in third without trying!)

Predicting Change

In my 14-May-2013 blog entry, I showed a pattern in how WPP selects their winners. I wrote:

I also noticed that most of the recent winners are photos that feature the Middle East. This includes the winners announced in 2003, 2006, 2007, and 2009-2013. That’s 7 out of 11 years, and 100% over the last 5 years. This seems like quite a coincidence. If you really want to win, consider submitting a photo related to the Middle East — it will greatly improve your chances. (In contrast, very few of BuzzFeed’s “40 most powerful photos every taken” feature the Middle East. Instead, they feature photos from all over the world.)

I know that the people who run WPP read my blog. When someone predicts how you will react, the natural reaction is to change the result in order to break the predictive model. In 2014, WPP awarded a non-war picture in Africa. Their 2015 picture is on homosexual rights in Russia. They completely turned their decision process away from their war-based bias.

And for anyone who thinks this change is coincidental, consider this quote from an interview Lars Boering did with Time, where Time explicitly mentioned the 2013 controversy:

TIME LightBox: In recent years, World Press Photo has been the recipient of much criticism in the industry, especially when the integrity of one winning image was, wrongly, put into question in 2013. What are you planning to do to change the perception that World Press Photo is a monolithic organization that doesn’t take a stand?

Lars Boering: I think World Press Photo is a fantastic organization with a great reach. It plays an important role in the international photographic community. People think highly of it. But, in the past, it’s been neutral and hasn’t had a strong opinion about [issues affecting photographers]. In 2015, we can’t [continue like that]. People expect us to have an opinion and to discuss and debate what’s going on, to be part of finding the solution for photographers and visual storytellers on issues around the future of photography, censorship, freedom of speech, etc. We need to be part of the conversation, and we should be able to work together with a lot of important organizations in this industry to make sure that we’re, in a way, going in the right direction. We can’t be in control, but we can be part of the future.

When I read this, I think he means that they didn’t care about the photo’s subject, so they kept the same meaning every year (war is bad, war is bad, war is bad). This concept of changing the message was repeated by Vogue‘s Alessia Glaviano about this year’s winner:

“The photo has a message about love being an answer in the context of all that is going on in the world,” says Alessia Glaviano, senior editor at Vogue and one of the judges for this year’s awards. “It is about love as a global issue, in a way that transcends homosexuality. It sends out a strong message to the world, not just about homosexuality, but about equality, about gender, about being black or white, about all of the issues related to minorities.”

Continuing Change

Back in 2013 (and earlier), WPP permitted digital alterations and failed to uphold journalistic standards. In my blog entries, I repeatedly called for WPP to step up and lead by example. They should use their influence and address the issues related to digital alterations that are rampant in today’s photojournalism.

This year, WPP seems to have adopted this concept. Lars Boering said, “Over the coming months, we will be engaging in further dialogue with the international photojournalistic community to explore what we can learn from all this, and how we can create a deeper understanding of issues involved in the application of post-processing standards in professional photojournalism. Together we should find common ground about these standards and find out how they are changing. We will take the lead on this as it is a great concern to World Press Photo. We want to keep the standards high.” (Hey Lars — You know how to contact me…)

If only WPP would identify their “independent experts” who evaluated the photos. Back in 2013, WPP represented contractors/vendors who worked for the contest’s chairman (and one of WPP’s sponsors) as “independent experts“. (Direct contractors who have an incentive to make the chairman and sponsor look good are not “independent”.) In 2014 and 2015, WPP didn’t identify them at all.

WPP has made a lot of changes and it is all for the better. I am looking forward to the new standards for photojournalism.

Thanks to Xenon, Markus, and Lou for the WPP links.

The Hacker Factor Blog: All For The Better

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

Back in 2013, I reported on a picture that I found to be digitally modified. Little did I know, I had inadvertently stepped into a major controversy about photojournalism. As the controversy continued, I tried to raised awareness of the digital manipulation problem that World Press Photo seemed to ignore. I now believe that I helped World Press Photo to see that they should (1) require camera-originals in their evaluation process, (2) use forensics to evaluate pictures for unacceptable modifications, (3) move away from constantly awarding middle-east war photos, and (4) start leading by example.

We have a winner!

A few days ago, World Press Photo (WPP) announced their 2015 winner. At face value, the controversy this year was probably supposed to be on the subject matter: Mads Nissen’s photo was on homophobia in Russia. However, that is not the thing that is getting press coverage. The press coverage is focused on one of WPP’s surprising revelations. Specifically, 20% of the finalists were disqualified due to excessive digital alterations. As reported at PetaPixel:

“Our contest rules clearly state that the content of the image should not be altered,” says Managing Director Lars Boering, “This year’s jury was very disappointed to discover how careless some photographers had been in post-processing their files for the contest. When this meant a material addition or subtraction in the content of the image, it lead to the images being rejected from the contest.”

“It seems some photographers can’t resist the temptation to aesthetically enhance their images during post-processing either by removing small details to ‘clean up’ an image, or sometimes by excessive toning that constitutes a material change to the image,” he says. “Both types of retouching clearly compromise the integrity of the image.”

This was the core of the debate two years ago, when I pointed out in excruciating detail how the 2013 winner digitally altered his photo. Back then, WPP claimed to support journalistic standards. However, they did not enforce this requirement. It wasn’t until after the public shaming that WPP adopted the requirement for camera-originals during the finalist stage.

(I’d say “I told you so”, but I’m not that petty.)

Bad Sportsmanlike Conduct

Through the use of forensics and evaluating the camera-original pictures, WPP managed to identify unacceptable modifications and ruled out 20% of the finalists. This is a huge result. It shows how big the problem is and how important it is to closely monitor photos in the media. As they say in the security world, “trust, but verify.”

It does not surprise me that some genres experience digital alterations more than others. The British Journal of Photography noted that this year’s WPP “Sports Stories category was so badly affected that the jury were unable to award a third prize.” They quoted WPP’s Lars Boering as adding, “I don’t want to say it is just sports photography because in every category was affected, [b]ut after the penultimate round, after we had awarded the first and second place, there was nothing left. All the other images had been removed.” The winning sports picture was also digitally enhanced a little, but not enough to be disqualified.

Ironically, this sports photo is a good picture, but it basically won by default since all but two pictures were disqualified. I’m sure Bao Tailiang is a good photographer, but coming in first out of two contestants doesn’t seem like a significant win. (Or to put it another way, if I had submitted a decent sports photo that was camera-original, then I could have come in third without trying!)

Predicting Change

In my 14-May-2013 blog entry, I showed a pattern in how WPP selects their winners. I wrote:

I also noticed that most of the recent winners are photos that feature the Middle East. This includes the winners announced in 2003, 2006, 2007, and 2009-2013. That’s 7 out of 11 years, and 100% over the last 5 years. This seems like quite a coincidence. If you really want to win, consider submitting a photo related to the Middle East — it will greatly improve your chances. (In contrast, very few of BuzzFeed’s “40 most powerful photos every taken” feature the Middle East. Instead, they feature photos from all over the world.)

I know that the people who run WPP read my blog. When someone predicts how you will react, the natural reaction is to change the result in order to break the predictive model. In 2014, WPP awarded a non-war picture in Africa. Their 2015 picture is on homosexual rights in Russia. They completely turned their decision process away from their war-based bias.

And for anyone who thinks this change is coincidental, consider this quote from an interview Lars Boering did with Time, where Time explicitly mentioned the 2013 controversy:

TIME LightBox: In recent years, World Press Photo has been the recipient of much criticism in the industry, especially when the integrity of one winning image was, wrongly, put into question in 2013. What are you planning to do to change the perception that World Press Photo is a monolithic organization that doesn’t take a stand?

Lars Boering: I think World Press Photo is a fantastic organization with a great reach. It plays an important role in the international photographic community. People think highly of it. But, in the past, it’s been neutral and hasn’t had a strong opinion about [issues affecting photographers]. In 2015, we can’t [continue like that]. People expect us to have an opinion and to discuss and debate what’s going on, to be part of finding the solution for photographers and visual storytellers on issues around the future of photography, censorship, freedom of speech, etc. We need to be part of the conversation, and we should be able to work together with a lot of important organizations in this industry to make sure that we’re, in a way, going in the right direction. We can’t be in control, but we can be part of the future.

When I read this, I think he means that they didn’t care about the photo’s subject, so they kept the same meaning every year (war is bad, war is bad, war is bad). This concept of changing the message was repeated by Vogue‘s Alessia Glaviano about this year’s winner:

“The photo has a message about love being an answer in the context of all that is going on in the world,” says Alessia Glaviano, senior editor at Vogue and one of the judges for this year’s awards. “It is about love as a global issue, in a way that transcends homosexuality. It sends out a strong message to the world, not just about homosexuality, but about equality, about gender, about being black or white, about all of the issues related to minorities.”

Continuing Change

Back in 2013 (and earlier), WPP permitted digital alterations and failed to uphold journalistic standards. In my blog entries, I repeatedly called for WPP to step up and lead by example. They should use their influence and address the issues related to digital alterations that are rampant in today’s photojournalism.

This year, WPP seems to have adopted this concept. Lars Boering said, “Over the coming months, we will be engaging in further dialogue with the international photojournalistic community to explore what we can learn from all this, and how we can create a deeper understanding of issues involved in the application of post-processing standards in professional photojournalism. Together we should find common ground about these standards and find out how they are changing. We will take the lead on this as it is a great concern to World Press Photo. We want to keep the standards high.” (Hey Lars — You know how to contact me…)

If only WPP would identify their “independent experts” who evaluated the photos. Back in 2013, WPP represented contractors/vendors who worked for the contest’s chairman (and one of WPP’s sponsors) as “independent experts“. (Direct contractors who have an incentive to make the chairman and sponsor look good are not “independent”.) In 2014 and 2015, WPP didn’t identify them at all.

WPP has made a lot of changes and it is all for the better. I am looking forward to the new standards for photojournalism.

Thanks to Xenon, Markus, and Lou for the WPP links.

The Hacker Factor Blog: All For The Better

This post was syndicated from: The Hacker Factor Blog and was written by: The Hacker Factor Blog. Original post: at The Hacker Factor Blog

Back in 2013, I reported on a picture that I found to be digitally modified. Little did I know, I had inadvertently stepped into a major controversy about photojournalism. As the controversy continued, I tried to raised awareness of the digital manipulation problem that World Press Photo seemed to ignore. I now believe that I helped World Press Photo to see that they should (1) require camera-originals in their evaluation process, (2) use forensics to evaluate pictures for unacceptable modifications, (3) move away from constantly awarding middle-east war photos, and (4) start leading by example.

We have a winner!

A few days ago, World Press Photo (WPP) announced their 2015 winner. At face value, the controversy this year was probably supposed to be on the subject matter: Mads Nissen’s photo was on homophobia in Russia. However, that is not the thing that is getting press coverage. The press coverage is focused on one of WPP’s surprising revelations. Specifically, 20% of the finalists were disqualified due to excessive digital alterations. As reported at PetaPixel:

“Our contest rules clearly state that the content of the image should not be altered,” says Managing Director Lars Boering, “This year’s jury was very disappointed to discover how careless some photographers had been in post-processing their files for the contest. When this meant a material addition or subtraction in the content of the image, it lead to the images being rejected from the contest.”

“It seems some photographers can’t resist the temptation to aesthetically enhance their images during post-processing either by removing small details to ‘clean up’ an image, or sometimes by excessive toning that constitutes a material change to the image,” he says. “Both types of retouching clearly compromise the integrity of the image.”

This was the core of the debate two years ago, when I pointed out in excruciating detail how the 2013 winner digitally altered his photo. Back then, WPP claimed to support journalistic standards. However, they did not enforce this requirement. It wasn’t until after the public shaming that WPP adopted the requirement for camera-originals during the finalist stage.

(I’d say “I told you so”, but I’m not that petty.)

Bad Sportsmanlike Conduct

Through the use of forensics and evaluating the camera-original pictures, WPP managed to identify unacceptable modifications and ruled out 20% of the finalists. This is a huge result. It shows how big the problem is and how important it is to closely monitor photos in the media. As they say in the security world, “trust, but verify.”

It does not surprise me that some genres experience digital alterations more than others. The British Journal of Photography noted that this year’s WPP “Sports Stories category was so badly affected that the jury were unable to award a third prize.” They quoted WPP’s Lars Boering as adding, “I don’t want to say it is just sports photography because in every category was affected, [b]ut after the penultimate round, after we had awarded the first and second place, there was nothing left. All the other images had been removed.” The winning sports picture was also digitally enhanced a little, but not enough to be disqualified.

Ironically, this sports photo is a good picture, but it basically won by default since all but two pictures were disqualified. I’m sure Bao Tailiang is a good photographer, but coming in first out of two contestants doesn’t seem like a significant win. (Or to put it another way, if I had submitted a decent sports photo that was camera-original, then I could have come in third without trying!)

Predicting Change

In my 14-May-2013 blog entry, I showed a pattern in how WPP selects their winners. I wrote:

I also noticed that most of the recent winners are photos that feature the Middle East. This includes the winners announced in 2003, 2006, 2007, and 2009-2013. That’s 7 out of 11 years, and 100% over the last 5 years. This seems like quite a coincidence. If you really want to win, consider submitting a photo related to the Middle East — it will greatly improve your chances. (In contrast, very few of BuzzFeed’s “40 most powerful photos every taken” feature the Middle East. Instead, they feature photos from all over the world.)

I know that the people who run WPP read my blog. When someone predicts how you will react, the natural reaction is to change the result in order to break the predictive model. In 2014, WPP awarded a non-war picture in Africa. Their 2015 picture is on homosexual rights in Russia. They completely turned their decision process away from their war-based bias.

And for anyone who thinks this change is coincidental, consider this quote from an interview Lars Boering did with Time, where Time explicitly mentioned the 2013 controversy:

TIME LightBox: In recent years, World Press Photo has been the recipient of much criticism in the industry, especially when the integrity of one winning image was, wrongly, put into question in 2013. What are you planning to do to change the perception that World Press Photo is a monolithic organization that doesn’t take a stand?

Lars Boering: I think World Press Photo is a fantastic organization with a great reach. It plays an important role in the international photographic community. People think highly of it. But, in the past, it’s been neutral and hasn’t had a strong opinion about [issues affecting photographers]. In 2015, we can’t [continue like that]. People expect us to have an opinion and to discuss and debate what’s going on, to be part of finding the solution for photographers and visual storytellers on issues around the future of photography, censorship, freedom of speech, etc. We need to be part of the conversation, and we should be able to work together with a lot of important organizations in this industry to make sure that we’re, in a way, going in the right direction. We can’t be in control, but we can be part of the future.

When I read this, I think he means that they didn’t care about the photo’s subject, so they kept the same meaning every year (war is bad, war is bad, war is bad). This concept of changing the message was repeated by Vogue‘s Alessia Glaviano about this year’s winner:

“The photo has a message about love being an answer in the context of all that is going on in the world,” says Alessia Glaviano, senior editor at Vogue and one of the judges for this year’s awards. “It is about love as a global issue, in a way that transcends homosexuality. It sends out a strong message to the world, not just about homosexuality, but about equality, about gender, about being black or white, about all of the issues related to minorities.”

Continuing Change

Back in 2013 (and earlier), WPP permitted digital alterations and failed to uphold journalistic standards. In my blog entries, I repeatedly called for WPP to step up and lead by example. They should use their influence and address the issues related to digital alterations that are rampant in today’s photojournalism.

This year, WPP seems to have adopted this concept. Lars Boering said, “Over the coming months, we will be engaging in further dialogue with the international photojournalistic community to explore what we can learn from all this, and how we can create a deeper understanding of issues involved in the application of post-processing standards in professional photojournalism. Together we should find common ground about these standards and find out how they are changing. We will take the lead on this as it is a great concern to World Press Photo. We want to keep the standards high.” (Hey Lars — You know how to contact me…)

If only WPP would identify their “independent experts” who evaluated the photos. Back in 2013, WPP represented contractors/vendors who worked for the contest’s chairman (and one of WPP’s sponsors) as “independent experts“. (Direct contractors who have an incentive to make the chairman and sponsor look good are not “independent”.) In 2014 and 2015, WPP didn’t identify them at all.

WPP has made a lot of changes and it is all for the better. I am looking forward to the new standards for photojournalism.

Thanks to Xenon, Markus, and Lou for the WPP links.

TorrentFreak: Steam Censors Kickass.to Mentions in Chat Client

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

steamWith millions of active users Steam is not just a game distribution platform, but also a social network and a communication tool.

Many people use Steam’s instant messaging tool for chats with friends. About games of course, but also about lots of other stuff.

Interestingly, it appears that Steam doesn’t want its users to talk about certain topics. When the popular torrent site KickassTorrents went offline earlier this week, one Steam user noticed that his messages on the topic were being censored.

“There is no warning or blocked message notification. The messages simply disappeared,” we were told.

After running some tests, which have been replicated by TF, it’s clear that messages mentioning the Kickass.to domain name are not coming through. It’s not just the domain that’s censored, but the entire message.

Below is an example of the vanishing text where the user sent the following three lines.

steamcensored1. The next line may be missing
2. A line mentioning Kickass.to
3. Was there a line 2

The person on the other end of the conversation only sees line 1 and 3, without a warning or notification that the second line was not sent.

It’s unclear why Steam is censoring these conversations. TorrentFreak contacted Valve to find out more about the disappearing chats, but at the time of publication we have yet to receive a response.

It would be easy to conclude that the copyright infringing links on Kickass.to are the reason, but then it’s strange that The Pirate Bay and all other torrent sites are not affected.

Interestingly, however, kickass.to seems to be the only one that’s affected right now. Other domains including Kickass.so and Torrentz.eu are flagged by Steam as potentially malicious, and users get a warning if they attempt to open them. These domains do show up in private chats though.

steammal

Without a comment from Valve the true reason for the awkward censorship measures remains unknown. It is clear though, that Steam is keeping a close eye on what people talk about.

That by itself is already quite concerning.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.

TorrentFreak: Google Chrome Dragged Into Internet Censorship Fight

This post was syndicated from: TorrentFreak and was written by: Ernesto. Original post: at TorrentFreak

chromeHelped by the MPAA, Mississippi State Attorney General Jim Hood launched a secret campaign to revive SOPA-like censorship efforts in the United States.

The MPAA and Hood want Internet services to bring website blocking and search engine filtering back to the table after the controversial law failed to pass.

The plan became public through various emails that were released in the Sony Pictures leaks and in a response Google said that it was “deeply concerned” about the developments.

To counter the looming threat Google filed a complaint against Hood last December, asking the court to quash a pending subpoena that addresses Google’s failure to take down or block access to illegal content, including pirate sites.

Recognizing the importance of this case, several interested parties have written to the court to share their concerns. There’s been support for both parties with some siding with Google and others backing Hood.

In a joint amicus curae brief (pdf) the Consumer Electronics Association (CEA), Computer & Communications Association (CCIA) and
advocacy organization Engine warn that Hood’s efforts endanger free speech and innovation.

“No public official should have discretion to filter the Internet. Where the public official is one of fifty state attorneys general, the danger to free speech and to innovation is even more profound,” they write.

According to the tech groups it would be impossible for Internet services to screen and police the Internet for questionable content.

“Internet businesses rely not only on the ability to communicate freely with their consumers, but also on the ability to give the public ways to communicate with each other. This communication, at the speed of the Internet, is impossible to pre-screen.”

Not everyone agrees with this position though. On the other side of the argument we find outfits such as Stop Child Predators, Digital Citizens Alliance, Taylor Hooton Foundation and Ryan United.

In their brief they point out that Google’s services are used to facilitate criminal practices such as illegal drug sales and piracy. Blocking content may also be needed to protect children from other threats.

“Google’s YouTube service has been used by those seeking to sell steroids and other illegal drugs online,” they warn, adding that the video platform is also “routinely used to distribute other content that is harmful to minors, such as videos regarding ‘How to Buy Smokes Under-Age’, and ‘Best Fake ID Service Around’.

Going a step further, the groups also suggest that Google should filter content in its Chrome browser. The brief mentions that Google recently removed Pirate Bay apps from its Play Store, but failed to block the site in search results or Chrome.

“In December 2014, responding to the crackdown on leading filesharing website PirateBay, Google removed a file-sharing application from its mobile software store, but reports indicate that Google has continued to allow access to the same and similar sites through its search engine and Chrome browser,” they write.

The Attorney General should be allowed to thoroughly investigate these threats and do something about it, the groups add.

“It is simply not tenable to suggest that the top law enforcement officials of each state are powerless even to investigate whether search engines or other intermediaries such as Google are being used—knowingly or unknowingly—to facilitate the distribution of illegal content…”

In addition to the examples above, several other organizations submitted amicus briefs arguing why the subpoena should or shouldn’t be allowed under the First Amendment and Section 230 of the CDA, including the International AntiCounterfeiting Coalition, EFF, the Center for Democracy & Technology and Public Knowledge.

Considering the stakes at hand, both sides will leave no resource untapped to defend their positions. In any event, this is certainly not the last time we’ll hear of the case.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and anonymous VPN services.