In April, the UK High Court ruled that several of the country’s leading ISPs must censor The Pirate Bay since the site and its users breach copyright on a grand scale.
In the weeks that followed Virgin Media, BT, Everything Everywhere, Sky Broadband, TalkTalk, BE and O2 all blocked access to the world’s largest BitTorrent site. Several of the site’s IP-addresses and domain names were made inaccessible.
In a response The Pirate Bay decided to add some new IP-addresses, effectively bypassing the blockades. This worked, until this week when several ISPs updated their blocklists to include the new addresses.
In the UK the procedure to add new domains and IP-addresses is part of a ‘private agreement,’ which apparently allows the providers to quietly add new entries when it’s deemed necessary.
As of this week 126.96.36.199 and 188.8.131.52 are no longer accessible on Sky Broadband, Virgin Media and TalkTalk and possibly other providers as well. The new addresses were added quietly by all ISPs without notifying the public.
Whether the updated filter will have any effect has yet to be seen. The Pirate Bay wouldn’t be The Pirate Bay if they hadn’t already lined up a new address, and indeed they have. During the weekend the BitTorrent site will add 184.108.40.206 (not live yet) to keep the whack-a-mole game going.
A Pirate Bay insider told TorrentFreak that they have enough new addresses to keep the providers busy for years to come. However, for them it’s more of a statement than anything else as there are already dozens of proxy sites that allow users to access The Pirate Bay just fine.
The most frequently visited proxy in the UK, operated by the local Pirate party, is already among the top 350 sites in the UK.
The above shows once again that while these blockades may stop some people from accessing a site, the really determined have plenty of options. Also, of those who simply give up on accessing The Pirate Bay, many will simply switch to other torrent sites.
Proof of the ineffectiveness of the censorship attempts was recently highlighted by several Dutch and UK Internet providers, who claimed that BitTorrent traffic didn’t decline after the blockades were implemented.
In other words, blocking The Pirate Bay is futile.
As we’ve concluded before, the entertainment industry might be better off pumping money into business models that give customers what they want, legally. The censorship route doesn’t seem to work out for now.
Government to consult on automatic porn censorship proposals: “The Government is to consult on proposals that would require internet service providers (ISPs) to offer to block customers’ access to pornographic material by default.”
(Via OUT-LAW News.)
British Facebook hacker sentenced to eight months in jail: “A man who hacked into Facebook and claimed he wanted to help the company expose vulnerabilities to its system has been sentenced to an eight month jail term.”
(Via OUT-LAW News.)
High Court rules The Pirate Bay operators and users guilty of copyright infringement: “The operators of The Pirate Bay (TPB) website and its users are both guilty of infringing the copyright of rights holders in the music industry, the UK High Court has ruled.”
(Via OUT-LAW News.)
It has always been presumed that the legal action to have Newzbin2 blocked in the UK was just the beginning for the music and movie studios. Today we have that confirmation.
A coalition of the willing, headed up by the BPI and including the major Hollywood studios, approached BT, the UK’s leading ISP, with a demand – block The Pirate Bay voluntarily or consent to a court order.
The self-styled ‘world’s most resilient torrent site’ is no stranger to censorship. It is already blocked by ISPs in Ireland, Italy, Turkey, Denmark and Belgium but the quest to put it completely out of business continues.
‘The Pirate Bay is no more than a huge scam on the global creative sector. It defrauds musicians and other creators of their wages, and it destroys UK jobs,’ said Geoff Taylor, BPI Chief Executive.
‘Unlike legal music download sites, it exposes consumers to the risk of viruses, theft of personal information and inappropriate content. We would not tolerate Counterfeits ‘R’ Us on the High Street – if we want economic growth, we cannot accept illegal rip-off sites on the internet either. We hope that BT will do the right thing and block The Pirate Bay.’
But at this stage PaidContent is reporting that BT will not simply roll over and comply with the demand for The Pirate Bay to be blocked voluntarily.
‘BT cannot block web sites willy nilly,’ said the BT source.
Voluntary action aside, BT has reportedly been given the chance to consent to a court order. If the ISP refuses it seems likely that the parties will end up in court for a mirrored re-run of the arguments in the Newzbin2 case. If there are no surprises the High Court could order a blockade of The Pirate Bay in the first half of 2012.
After a lengthy legal process the censoring of Newzbin2 finally kicked in earlier this week, but users of the site are reportedly bypassing the block by various means including the use of Newzbin2′s very own anti-blocking software.
A feature to unblock The Pirate Bay in the event that it too became blocked was already added to the client several weeks ago.
Speaking with TorrentFreak, a Pirate Bay insider laughed off the efforts to slow down the site and said that every time there are attempts at censorship the resulting publicity only gives them a boost.
‘Thanks yet again for the free advertising,’ they conclude.
Newzbin 2 operators launch software to counteract site-blocking measures, reports say: “A copyright-infringing website has developed software to circumvent technology BT has been ordered to use to prevent its customers accessing the site, according to media reports.”
(Via OUT-LAW News.)
Government already has network suspension powers if public order threatened: “The Government has the power to suspend communications networks in the interests of public safety or national security. Communications network operators have told MPs that such bans would not improve public safety.”
(Via OUT-LAW News.)
For all blocking methods circumvention by site operators and internet users is technically possible and would be relatively straightforward by determined users. (p.5)
Despite this, however, one branch of the UK Government still appears determined to keep its head in the sand, and according to that report:
The Department for Culture, Media and Sport has redacted some parts of this document where it refers to techniques that could be used to circumvent website blocks.
Unfortunately, the technical competence of the DCMS appears to be somewhat limited, and the sophisticated redaction was (ironically?) also easily circumvented by copying and pasting from the PDF. Here are the portions of the report which the DCMS attempted to quash. Text in italics was not redacted but appears for context:
Bypassing IP address blocking is technically straightforward for those who have an incentive to do so.
The blocked site operator may:
• change IP address but stay on the same network (i.e. on the same hosting provider);
• move to an entirely new network (to a previously unobserved IP address);
• offer encrypted network services which obscure the true network address/destination such as Virtual Private Networking;26,27 or
• server operators may institute a Fast Flux network (where users run software on behalf of blocked site which hides the true network address of the blocked site).
There are other methods available to site operators. When moving to a new IP address a site operator may register multiple IP addresses for a given site in order to maintain service in the event that some of those individual IP addresses are blocked. This approach has legitimate purposes also.28 Furthermore, by setting a low ‘Time to Live’ (TTL) Domain Name System (DNS) record value, determining the length of time that the IP address for a particular domain (expressed in seconds) remains in remote name server caches, it is easier for a site operator to move IP addresses without end users losing access. Where a low TTL is expressed the ISP DNS name server resolution cache is purged quickly thereby ensuring that newly assigned site IP addresses are retrieved from the authoritative name server and site accessibility is maintained. Figure 13 below shows that the TTL value for ‘kickasstorrents’ is one hour, demonstrating that any changes to IP address to DNS name are refreshed and propagated within ISP DNS servers in just over an hour.
Figure 13: Kickasstorrents DNS record Time to Live (1 hour) Name TTL Class Record Address
www.kickasstorrents.com. 3600 IN A 220.127.116.11
www.kickasstorrents.com. 3600 IN A 18.104.22.168
www.kickasstorrents.com. 3600 IN A 22.214.171.124
www.kickasstorrents.com. 3600 IN A 126.96.36.199
www.kickasstorrents.com. 3600 IN A 188.8.131.52
26 Ipredator – Surf anonymously with VPN and proxy https://www.ipredator.se/?lang=en
27 UK based VPN services facilitating access to copyright infringed material may be subject to site blocking injunctions. UK VPN operators may institute site blocking at the VPN egress point. NB: we are not aware of any UK based VPN service marketed or positioned for such activity. Such services are likely to be non-UK based.
DNS blocking robustness
For site operators and end users with a sufficient incentive to engage in circumvention DNS blocking is technically relatively straightforward to bypass:
• the blocked site may offer services such as Virtual Private Networking, which is where encryption and other security measures are deployed to ensure that the data cannot be viewed by third parties (DNS name resolution may occur within the VPN providers network thereby bypassing the ISP based DNS site-blocking);
• the end-user can change their DNS name servers to 3rd party DNS name servers;32,33
• users may use anonymous web proxy or other anonymising services which are not reliant on the ISP DNS servers; or
• name resolution may be performed locally by adding an entry to a hosts file (IP address resolution information can be obtained from websites running a web-enabled equivalent of ‘nslookup’ command).
32 Google Public DNS – http://code.google.com/speed/public-dns/
33 OpenDNS Store > Sign up for OpenDNS Basic: – https://store.opendns.com/get/basic/
For end users who want to bypass blocks there are several options. For instance, there are many legitimate alternative DNS providers to ISP DNS registries. Examples include OpenDNS and Google DNS. We consider the changing of DNS servers to alternative providers to require low technical skills, as the providers offer clear instructions using plain English. For instance, switching to Google DNS requires 11 steps for Windows users and only 8 for those using MAC OS.
With a modest understanding of internet technologies it is possible to access a site by entering the site IP address (if multiple websites are hosted at the same IP address the user will be displayed the default web site or page for that web server/IP address). Site operators can draw attention to online web based and alternative sources of DNS name resolution within emails to their user base or via online forums.
Other channels that site operators could use to widely distribute advice on how best to circumvent DNS blocking could include posting to online forums, Really Simple Syndication (RSS) or updates via micro blogging sites such as Twitter ®. The advice could include changing to unblocked DNS name servers, Virtual Private Networks and proxy services or other anonymising systems. Similarly, site operators may quickly mirror or make copies of a blocked site on new top level or country code domains pointing towards new IP addresses e.g. www.blockedsite.cc; www.blockedsite.ru; www.blockedsite.vn; www.blockedsite.net.
Techniques that may undermine URL blocking include:
• web site operators providing encrypted access to their web sites via Secure Sockets Layer/ Transport Layer Security i.e. https connectivity https://www.example.com/downloads/pirate.zip;
• a site operator may run a website on a network port other than port 80;
• the site operator changing the IP address and bypassing the network routing announcements;
• a site operator registering a new domain name e.g. www.example.net or www.example.org;
• the blocked site offering services such as Virtual Private Networking;
• the use of anonymous web proxy or other anonymising services;
• the site operator reorganising the site structure if the blocking is conducted against specific URLs; and
• the site operator or end user encoding URLs to bypass blocking.
Packet inspection blocking robustness
Both shallow and deep packet inspection can be bypassed by site operators using the following means:
• changing the IP address but staying on the same network;
• moving to an entirely new network (to a previously unobserved IP address);
• the site may use network encryption techniques such as Virtual Private Networking to render scrutiny of the IP packet‟s payload or real IP address destination impossible, given the technology available today; or
• the site operator may add or remove site IP addresses from a pool of IP addresses.
End users who wish to circumvent packet inspection may opt to use anonymous web proxies or other anonymsing services.
As with the deployment of any of the single primary techniques, the hybrid approach is also susceptible to circumvention by the use of anonymising tools such as The Onion Router, VPNs or anonymous proxy services.
Anonymous Web Proxy Service that allows users to place web requests via an intermediary server. The proxy server makes the connection on behalf of the user thereby hiding originating IP address and bypassing blocking network techniques.
The Onion Router (ToR) Anonymity network originally developed by the United States Navy. Used in many countries to bypass state censorship.
Needless to say, a department which is unable to censor a single PDF does not exactly inspire confidence when it proposes to introduce blocking for the entire UK internet, and it is just as well that the UK government has today announced plans to abandon the blocking provisions of the Digital Economy Act.
Yesterday the UK government announced that following a report from regulator OFCOM, plans to block alleged copyright-infringing websites would be dropped. However, there was a second report where OFCOM detailed ways of keeping the costs of Digital Economy Act infringement appeals down. The document carried the usual redactions but TorrentFreak has put on its X-ray vision for your viewing pleasure.
Yesterday, detailing the government’s response to the Hargreaves report, business secretary Vince Cable confirmed that the website blocking provisions put in place under the controversial Digital Economy Act will be discontinued. The decision coincided with an OFCOM report which noted that website blocking would not be effective.
OFCOM also released a second report titled Digital Economy Act, Online Copyright Infringement Appeals Process: Options for reducing costs.
On the front page of the report there is a note that redactions have taken place to censor sections relating to ‘on-going policy development’ of the Department of Culture, Media and Sport.
The DCMS did a better job of hiding the blacked-out text than earlier in the week but not so good as to keep out TorrentFreak and our X-ray specs.
The first redaction on Page 3 says simply ‘Revisit the grounds for appeal set out in Ofcom’s draft Initial Obligations Code’ but two pages later things start to get much more interesting. It seems the government (or more likely their friends in the copyright lobby) doesn’t want talk of an error-prone system becoming public.
Page 5 – OFCOM wants rights holders’ accusations to be ‘quality assured’
Ofcom has also sought to ensure efficiency by introducing into the Code a requirement that Copyright Owners take part in a quality assurance process with the aim of minimising errors. This should help to reduce the number of wrongly identified infringements and subscribers. (ISPs can also have some impact here by ensuring that the letters they send to subscribers make clear the implications of receiving a notification).
A ‘quality assurance process’ sounds like a great idea, but who could be trusted to implement such a regime and ensure independent scrutiny? Anti-piracy tracking companies are notoriously secretive and unlikely to be open about the short-comings of their ‘proprietary systems’.
Page 11 – Government rejects OFCOM suggestion of subscriber appeal ‘on any reasonable grounds’
The grounds set out in the Act are non-exhaustive and we reflected this in our drafted Code by including an option to appeal on ‘any other reasonable ground’. This was intended to provide an efficient mechanism through which to avoid a lengthy revision of the Code should subscribers find additional, but reasonable, grounds for appeal as technologies and consumer behaviours evolve.
We understand that Government believes we should not include this mechanism in the final Code
It is far from clear why the government wishes to remove the right for a citizen to appeal a wrongful accusation on ‘any reasonable ground’. What is clear, however, is why the government might wish to redact this statement from the report – it looks very bad indeed.
Page 11 – ISP IP address matching to be ‘quality assured’
We have also introduced into the Code a requirement that Copyright Owners take part in a quality assurance process with the aim of minimising errors. We are proposing to sponsor a similar standard for the IP address matching processes of the ISPs, although participation will be voluntary. This should help to reduce the number of wrongly identified infringements and subscribers (appeal grounds (a) and (b)). We anticipate that the majority of appeals will rely on ground (c) in the absence of systematic failures by a Copyright Owner or ISP under the Code.
When it comes to copyright infringement cases ISPs make errors so it is good they will be required to adopt similar ‘quality assurance’ processes as rights holders. However, how many will choose to do so when participation is voluntary remains to be seen.
Redactions on page 17 merely repeat details covered in earlier redactions. Redactions on page 19 likewise, save a comment that a rightsholder ‘quality assurance’ process
….does not create a rebuttable presumption in favour of the rights holder but should help bring down the proportion of incorrect CIRs [Copyright Infringement Reports] and therefore appeals costs since there are likely to be fewer meritorious appeals in this respect. This quality assurance is also intended to make sure that the number of CIRs rejected by ISPs for process reasons is minimised
The full but redacted document can be downloaded here.