108 comments

[ 3.0 ms ] story [ 177 ms ] thread
Finally a casualty of those emails that domain owners get where we are "required" to verify our information for ICANN.
I wonder if (when?) someone will make a program that auto-validates the ICANN emails and ignores all spam.
I hope not- that seems like the perfect balance between invasive information gathering and sane validation measures.
I know a number of domain resellers who do it automatically so their customer "are not confused".
I haven't used the .com in ages. They have a bunch of domains, I think. .vg springs to mind
DNS will be decentralized in the future. This will be one of the motivating examples.
How could DNS become more decentralized? You already have your choice of TLDs, registrars, ISPs, and software. If that's not good enough you can host a public key under .onion.
Namecoin basically.
And how do I get my specific domain name that I want to have via namecoin?

How do I get rid of illegal domain squatters?

There are good reasons for centralized systems.

To get it, you have to register first. What is an illegal domain squatter? Someone using your business name? Namespaces are bound to collide.. think of all the JohnSmiths who want JohnSmith.com
So, the solution to a namespace collision is "first come, first serve"?
DNS is not decentralized at all. It has a center - ICANN (organizational, legal) and the root servers (physical), which gives one party a near absolute control.

Namecoin is decentralized.

DNS is about as decentralized a naming system as you can get where there's also widespread agreement regarding who controls a name.

I'm not sure how someone not checking and confirming their email address once a year is going to motivate anyone to do anything, other than be sure they use an email address they intend to check once in a while.

Why can't we have an alternate hierarchy that is not controlled by ICANN? Parallel .com root servers and any other gods we want.
You can. Good luck getting anyone else to use it though.
That truly is a pressing challenge due to all these DNS related issues.

It makes me remember a short paper from 1977 by Carl A. Sunshine [0] where he proposed a network architecture with no global unique addressing, no global routing, and no global naming. These three major axis of modern Internet censorship would fall apart.

David P. Reed, the designer of UDP, tried to push for larger role of source routing in the then nascent Internet architecture. But, somehow, it didn't reach what he had envisioned.

The 70's were a very interesting era on the research of networking fundamentals and I find it sad that such important topics like source routing weren't investigated much further in the following decades.

Shouldn't we somehow return to the fundamentals of networking to try to find ways of dealing with the censorship by the status quo against the natural need of sharing our digital culture in a free and anonymous way?

[0] http://cartap.us/p29-sunshine.pdf

Does this have anything to do with the fact that CISPA was signed into law today?
No, this has nothing to do with companies sharing information about breaches.
If this is all you think CISA is then I think you should do a little more research.
Given that that is EFF's description of the bill, nope, I think you should.
You mean CISA.
I wish there was a clear list of all those "cyber laws" attempts, with dates, differences, histories, what their strategy were. I've lost count of those attempted laws.
Probably not. If the NSA are interested in who is running pirate bay now they probably already know.
> This domain has been suspended for one of the following reasons:

> * This is a new domain name and you have not yet validated your contact details.

> * This domain has recently been modified or transferred and you have not yet validated your contact details.

> * An annual validation email was sent to your contact details but you have not responded.

I don't see what the fuss is about

When names are routinely erased for political reasons, why would one ever give credence to the official story?
Is organizing the violation of copyright laws political speech, or do you mean something else by "political reasons"?
I made no mention of "political speech". Preventing people from communicating amongst themselves is a political action.
(comment deleted)
Can you explain how giving a checksum of a file is violation of copyright?
Just thought of this, but isn't it conspiracy? Kind of the only way to arrest someone before doing something.
Good question. I don't know. I realize MPAA lawyers don't agree, but a crime like "conspiracy to enable people watch movies for free" seems like it isn't exactly the best thing to spend our limited judicial resources prosecuting, especially since it's been trivial to pirate movies for ages and the industry is still making billions.
Arresting people without them having committed a crime is generally considered a Bad Thing.
Right, which is why planning to commit a crime is now a crime as well (think price fixing). You can stop people before harm is actually done (with harm==results of illegal action)
Redefining "crime" to include "precrime" is generally considered a Bad Thing also. A law being on the books does not mean it is just or wise.
Good question. It might be considered a derivative work, but I think that would be a new interpretation of that phrase. Big-picture answer is that most people who write and interpret laws do not know what SHA-1 is, so current laws might not cover TPB with respect to copyright law. It might also be that technology makes some laws silly or at least much harder to enforce, and copyright laws might be one such example.

IANAL, but here's one argument against TPB: a checksum of a "controlled file" seems to me akin to the code name of a "controlled substance". If a guy tells you that if you want heroin, you should ask around for "wombats", and then you go ask around for "wombats" and buy some heroin, did the dude that told you the code name do something illegal?

Now what if he was just a robot that repeated what he heard, and gathered reviews? "I heard heroin is called wombat, and 100 people are happy with that information". TPB does a little more than that (monitor the number of seeders / leechers, which is integral to prevent fake torrents being submitted), and makes quite a pretty penny off of their services, as well.

Because laws are administered by humans, who are not blind to intent.

Laws are not software. They are not run like software. This is one of the reasons why.

Well the intent is people to share files. Not to commit copyright infringement.
For torrenting generally, for the 'Pirate Bay'?
You're setting up a losing battle by buying into the broken framework. "Sharing" "copyrighted" files is currently illegal throughout the empire, period.

But simultaneously, marijuana incorporation only became a thing because of a dedicated community flouting the law long enough for the disinterested majority to see the ridiculousness of it.

Downvoting me doesn't change any laws.
Intent matters.

Driving a taxi is legal, and telling people where to find a bank is legal, but if you start advertising a "bank robber target selection and getaway service" then you'll end up being thrown in jail for bank robbery, because you were knowingly assisting in the crime even though your actions taken in isolation were entirely legal.

Similarly, providing someone with a checksum of a file is not copyright infringement in itself, but it becomes illegal when you do it with the intent of assisting copyright infringement.

To use your analogy TPB are literally only providing a taxi service though, they don't know or care if you're going to the bank and if you're making a deposit, recovering stolen property or robbing it.

In USA format shifting is allowed, downloading a format shifted copy of media is logically equivalent and morally probably slightly superior (less time/energy waste?). Don't know if that line of reasoning had been tested yet? There are countries where it is not a tort to download nor upload what would otherwise be considered copyright material.

In short TPB does nothing in terms of contributory infringement that other indexing sites (Google, Bing, etc) don't do.

There behaviour is the same no matter your intent; do you have a more convincing argument that accounts for common carrier protections and explains why of I get a work using a link from Google it's not infringing but getting one from TPB makes it tortuous?

> In short TPB does nothing in terms of contributory infringement that other indexing sites (Google, Bing, etc) don't do.

That is an argument that you are making, not a foregone conclusion. First off, the branding matters when it comes to intent. The name, "The Pirate Bay" leaves it pretty clear what they're expecting you to do with the site.

Also, there's the fact that Google and other search engines are responsive to DMCA requests, TPB is not. Finally, there's the political positions of the organization running the site.

Their service is much closer to cperciva's analogy than it is to a normal search engine.

Intent is where lawyers and engineers take a whole different paths. It's that "what color are your bits" question.

To a lawyer, the details don't matter much at all as long as there's enough evidence to prove the intent.

To an engineer, only the details do matter because otherwise the world as organised by engineering will become completely chaotic, i.e. why is this number illegal and another number not, and if X holds for this thing then X should hold for all similar things.

One thing that underlines this is that hackers don't see laws as an authority, they actually tend to question laws by default.

As far as I can see, the majority of hacker-type people see no legal/moral issue in copying music and films. Copying is just bits, bits are a convenient format to distribute and store content, and they'll surely buy a certain album or film not because they couldn't somehow get it for free but because it's so good that they want to own it themselves. This is completely in opposition how MAFIAA thinks people behave, and lawyers work for MAFIAA.

So, hackers and engineers are placed in the whole legal game by putting them in the position of the defendant. Instead of MAFIAA having to think why would they be allowed to sue someone for copying their own bits, the hackers are forced to come up with reasons why something of an ordinary activity (in their world) such as copying wouldn't be illegal. That's where the common outcry originates from: the kind of story how I was just driving taxi, took a guy to the bank, he asked to wait outside, and he came back in a hurry to the docklands, so I did as requested and he paid with a hundred dollar bill.

The events are unusual, mechanistic, machines connect and exchange bits, taxis take rides from the bank to the outskirts of the city, because it's mechanisms that engineers work with. Mechanisms can always be used for good or bad similar to science, and it's not the engineers' job to consider one method illegal and another legal, nor the scientists job to consider one field illegal and another legal. For an engineer, rights and wrongs are universal while legal opinions aren't.

Moreover, throw a libertarian mindset in the mix and you've got a hacker both working with these mechanisms and also living by the idea that his activities are innately private, bits can't be owned, and everybody should play by the rules spelled out by the objective truths and laws of physics rather than the arbitrary laws made up by the society made of non-experts.

Then bring in a lawyer telling them that not all file checksums come equal and they'll tell him he's full of bullshit. At the point where the two paths――the engineering path and the lawyer path――meet there is absolutely no conversation left because the paths come from completely different worlds.

While the question is interesting from a law theory perspective, the pirate bay was actually never charged for being in violation of copyright. The court decision referenced a rather obscure law which was intended to address organize crime.

The law basically says that if a service is primarily used for illegal purposes, then running that service is illegal under current assisting laws. The intention of the law makers was to give the police the ability to shut down biker bars that was used as headquarters, without the normal procedure of having to find tax crimes or some other excuse to shut it down.

The prosecutor in the pirate bay case provided a screenshot of the top 100 shared file list and said that this proved that the primary usage of the site was copyright infringement. The defense argued that you could not determine this, using the long tail argument. The court went with the prosecutors argument and so did the appeal court.

What is "the long tail argument"? That the service was provided for legitimate means but most people in the long tail use it for illegal means?
Even if the top 100 moat popular torrents do infringe on copyrights, the many less popular torrents (the long tail) may outnumber them in downloads etc.
Yep. If someone for example had access to amazon top 100 sold books, the information one could derive from it would be surprisingly little. You could not determine what genre is most popularly sold, what the profit margins are in the book market, or who the target audience generally are.
(comment deleted)
You can't break the law through a clever loophole. Or, well, you can for a while, but eventually a judge will wake up and see what you're doing and apply the law you're breaking to you, even if you think you're strictly within its boundaries.

If you want to do something that's currently illegal, CHANGE THE LAWS.

Many of us believe it is, yes.
This is not a good comparison. It is ICANN's policy to suspend domains that do not have their whois verified. It is very plausible that they simply forgot or did not bother to do that. Furthermore, as can be seen in other comments, other people have had their domains suspended as well, so it's not like they're using some obscure law. Finally, thepiratebay have long since migrated to the .se TLD (plus others), and have successfully recovered from domain takedowns before, so there would be little to gain from suspending their .com domain.
I've never once acted on those ICANN verification emails. Several of my .com domains have long-invalid whois information records (5+ years old), and I've never had any of them suspended for it.

To be fair, none of my domains are as high profile as this one, but still, I somehow doubt this is because they haven't verified their whois data.

It probably is because they didn't or couldn't verify whois data, however as you stated - how many other people do they actually enforce this with? It's probable there's a mandate.
On that note, you can't use any of ['shit', 'piss', 'fuck', 'cunt', 'cocksucker', 'motherfucker', 'tits'] with .US domains.
Or a proxy registrar, unless they've changed that rule since I registered mine.
A few years ago I worked for the .coop registrar (poptel) before the launch we had an amusing brainstorming session to produce the banned list of words for the launch.
Even if it's some technical oversight, some folks consider it newsworthy.
Let's get this sorted out quickly, write them a nice but insistent feedback here (sales usually drop after very bad PR moves):

highfive@eurodns.com

What is that supposed to do? They'll just say "Yes, we're happy to put the domain back after they verify their whois info as required by ICANN."
> What is that supposed to do?

Let me tell you that I have a couple of domains with them. And I have never received an email from them asking me to somehow confirm whois data.

Which means this is supposed to let them know that their BS has been detected.

The same happened with thepiratebay.org last week.
If you google "the pirate bay" usually the first link will be the working one.

Currently it seems to be the .se domain, but I just tried it and redirected to .vg

Has anyone seen ICANN suspend a domain for invalid contact details before?
If I'm reading this right, the registrar suspended the domain because the contact details weren't validated by the customer. It wasn't ICANN.

It seems to be up to the registrar -- other registrars I use send an email that requires no action if the details are correct. But one I used previously suspended a domain of ours because the guy that registered it ignored the email.

I don't know about ICANN, but I have had domains suspended for not confirming email addresses on file in the WHOIS on a yearly basis.
Many times.
I've always found their .onion domain to be the most reliable.

http://uj3wazyk5u4hnvtk.onion/

How would verify that this, indeed, the "official" TPB .onion site?
How would you verify the .se domain in the first place? I think both are not something we can verify.
Probably by going to the Wikipedia page: https://en.wikipedia.org/wiki/The_Pirate_Bay.
And how does wikipedia know who the .se belongs to? What I'm getting at is - mostly we don't know who runs it. The best we can know is that danger people run onion and se if they cross link to each other.
The .se domain is well-known, even through word of mouth. Thus, I can be fairly certain that it is actually a domain that belongs to the project. I have no such information about the onion domain.
That is the address which is/was used by the PirateBrowser (a TorBrowser variant), which was promoted by The Pirate Bay itself.
Oops, I haven't validated any domains that I own in over 5 years.
You probably have. Many registrars only send you an email that requires no action if your contact info is up to date. OVH does this for example.
Same thing for the http://piratebrowser.com
http://pirateproxy.nl/ is what I use in Ireland, due to court ordered blocks, and it's working – as evidenced by the Alice in Chains box set I just downloaded that I once bought on CD and have no idea what happened to in the meantime!
I haven't been able to access the .com/.se/etc in years, since it was blocked in ~2012 by most ISPs here in the UK.

That said, proxies are but two clicks away and faster than connecting to a VPN.

Some of the proxies are pretty scary though.
Yeah I really wonders who runs them, seems like it has been a golden opportunity for scammers and other malware crowds.
Given the amount of malware I downloaded from warez BBSes back in the day, I wouldn't be surprised.
As are some VPNs. It's concerning that so many people route all their traffic (when connected) over some unknown third parties network. Default gateway and server pushed DNS. Only HSTS and certificate pinning would prevent their traffic being sniffed or tampered with.
Huh? Unless your endpoint peers directly with your ISP, you always route over unknown third party networks.
True but it's much easier for a malicious player to set up a VPN service selling cheap a anonymity as a way to gather MITM targets than it is to set up an ISP or transit provider.
In Brazil we saw a brief explosion of VPN use to get around Whatsapp ban.

Now we are getting reports of people intimate videos being uploaded to porn sites... (considering whatsapp is not much safe in first place, it is no surprise... I even tried to warn people and convince them to use Telegram instead but "network effect" is a strong thing...)

(comment deleted)
You just need to change your dns server to access those domains, or just access the server ip directly.
That doesn't work for all ISPs, for example Virgin Media.
Doesn't work for Sky Broadband in the UK. I use Google DNS but TPB is still blocked.

I'm not sure if you can easily find the server IP for TPB - they appear to behind CloudFlare?

TPB has been a target for a long time now, one of their founder said he was starting to give up. Anyway there are many better alternatives, although I'm a little worried about who is running them, but I guess they can be trusted...

Anyhow, TOR will still be a safe haven for torrents, and even if it isn't, there are many decentralized techs which are being ready to serve torrents.

>one of their founder said he was starting to give up

Nobody of the original team (tiamo, brokep, ...) are still working on TPB. They've given up long time ago (at the time of the trial).

>although I'm a little worried about who is running them, but I guess they can be trusted

TPB is now managed by someone else, and they've as shady as the the others.

>TOR will still be a safe haven for torrents

Tor isn't good for p2p, see: https://blog.torproject.org/blog/bittorrent-over-tor-isnt-go...

>there are many decentralized techs which are being ready to serve torrents

You can really easily build your own search engines by listening/crawling the DHT.

From a pirate's perspective, Tor can be useful for BitTorrent sites, except for sending the actual BitTorrent traffic over it. I think the greatest problem here isn't that file sharers keep getting caught en masse so that we have that kind of need, but the risk and effort necessary to even run a P2P site. Tor in itself, as an anonymizing network, can help a lot there as long as you don't mess up. That is, as a .torrent file store and search engine.
Well this doesn't matter much.

You can download your torrents from other sites.

But an interesting new development has occured where I live (and what I hear in other europena countries as well).

Lawyers get the rights holders permissions to enforce their copyrights, and then they connect to the torrent swarms and start collecting IP addressess.

Then they get a court order for the ISP's to release the IP owner's personal information.

Then they send a shakedown letter, were they threaten to sue you if you don't pay up 600 euros or some such sum.

It's "nice" to know that it is that easy to get ISP's to hand over customer information.

So, always use protection (VPN) when torrenting, kids! :)

New development? Actually they have been doing that probably all around the world for years now.

A friend of mine in Germany also got such a letter once and wrote something back along the lines of "Wasn't me, don't know what you are talking about" and he never heard from them again.

They try to profit from the fear of everyday people who rather pay up front, because they don't want to risk that the case goes to court, no matter how unlikely this might be. And it's even understandable, ordinary folks probably really panic when they see such a letter and all the legal talk and underlying threats that are made.

It's as despicable as patent trolling.

First avoid such a situation:

-) use vpn if possible (check with their policies, whether they allow torrent traffic or maybe they ban it from certain servers, preferably use a provider that does not log)

-) quite simply never download newer material with big companies behind them from public trackers. most of the times these letters regard the newest Hollywood movies, a current album by a big pop star or the newest game everyone has been waiting for, not Taxi Driver, The Godfather Trilogy, Quake 3 or the weird Japanese pop band from the 80s you are into

and if you are in such a situation:

-) consult your lawyer or search on the Internet how to properly respond, do not just pay!

This happens in the U.S. and has for years.
I read up on this when I got my own little surprise letter and found out that it indeed is quite common. I was surprised though that I hadn't heard about this anywhere.

Maybe the most "shocking" part was how easy it is to get customer info from an ISP. And still I haven't heard anything about this. Even though there exists political parties around this (eg. piratpartiet in sweden and other countries.)

Upon further googling I found some news articles where the lawyers try to drum up fear, but apparently only a couple of cases have gone to court here or are pending. One case supposedly ended in a secret(!) settlement. And this is the "market court" we are talking about, secret settlements seem weird.

Has there been any public court cases where the "suspect" has been convicted of any meaningful sum? One would think that these lawyers would make it a very public as a "precedent".

In Germany the scam has been picked up by non-legal scammers (as opposed to the legal scammers you mention) who send out letters to ask you to pay but they have nothing to do with the copyright holders at all.
Never knew .com was used. Was always .org and about 12 other country suffixes
This could matter if it fell into the wrong hands. It'd be a great trojan delivery mechanism for people unfortunate enough to download and open something from the site.