77 comments

[ 3.0 ms ] story [ 112 ms ] thread
Did he upload and distribute torrents tho? It sounds like he just run the platform and "forgot" to tax his advertisment income.

Also i really don't get how the U.S. is involved in this at all. Did poland/ukraine specifically allow the U.S. to catch a tax evader? I mean seriously, how is this legal? Why can the U.S. hunt foreigners in forgeign countries?

Edit:// Seems he hosted in the US once. I take my accusations back (mostly), what a stupid mistake to make.

Probably because foreign countries trade with US, so they need to maintain good relations. Also, I don't think EU or Ukraine care too much to protect this guy.
i dont doubt it was easy. but i question on which juristic base this was done. I dont get why the US is even involved, this guy seems to have no relation with the US.
The victims were US companies. (i.e. the media companies which own the copyright to the materials exchanged on KAZ). I disagree with a lot of copyright law, particularly criminal and international parts, but this is the USG belief of jurisdiction.
Not sure if you are serious, but i dont think that is how it works.

Let's say i sell candy with the profile of Kim Jong-un online, based on your answer that would justify North Korea to hunt me down in other countries and take me back under their jurisdiction? Gladly that's not how it works.

1) USA is not North Korea. Both because the USA has ~infinite power, and because it has (highly imbalanced) power relationships with most other countries -- particularly Poland and Ukraine who are basically clinging to the hope NATO (i.e. USA) will save them.

2) Selling candy with profile of the Dearest Leader is not recognized as a crime in most countries by treaties they've signed. Copyright crime is in many countries, hence it's extradition-possible.

2b) Copyright crime isn't a capital offense, so "but he might be executed" is not a bar to extradition here. Most countries would view lese majeste in Best Korea as a likely capital offense and wouldn't extradite on that basis alone.

3) Dude wasn't a citizen of the country where he was caught. Non-citizens have substantially inferior rights in most countries, particularly in this kind of matter.

4) Ukraine isn't in EU.

5) Because it's the ultimate factor here, it bears repeating: the US Government has essentially unlimited power globally. It is restricted primarily by its own policies, and by secondarily realpolitik concerns. Only in extremely few places is its power actually checked by another actor (Russia, China, and in some contexts, the EU, and in other contexts, Iran and North Korea).

If you haven't noticed (and American citizen sometimes are kinda ignorant in that way): "EU" is not a country. It can't do sh in this matter. It's like saying "OPEC won't protect this guy"...
I think it would be far more difficult to arrest and extradite an Ukrainian in Ukraine, or a Pole in Poland. An Ukrainian in Poland makes it all far less a patriotic issue, so the focus is on the allegations.
true. but this still does not explain on which juristic base the US got involved. Its not like providing such a platform would be particulary illegal in europe.
The US does what the US wants. Where have you guys been?
I now learned that he hosted in the U.S. so it's pretty much his own fault really. I mean in their right mind would do that with anything remotely sensible?
He didn't actually host in the US, his DNS servers were in the US for a period of time..

His physical servers were actually hosted in Montreal (which might as well be in the US I suppose)..

Why would the US be involved if it was a tax issue? Why would he owe the US tax? I thought they were involved because of copyright/piracy.
i did not find any evidence that he broke such a law. given i dont know the exact circumstances and law, but seems nobody accused him of actual copyright issues but only providing a platform for distribution. which is afaik not illegal anywhere in europe.
The law he's accused of breaking is something like "providing tools which are mostly used for copyright violation".

The reason the US is involved is because KAT had, at some point, a bit of hosting in the US.

(I agree that it's weird that the US feels like they have jurisdiction here.)

But that explains it, hosting in the US is a mistake he probably should not have made. Kudos for providing this explanation, i feel much less scared and pissed now :)
>I mean seriously, how is this legal? Why can the U.S. hunt foreigners in forgeign countries?

I don't get how this is surprising to so many. He broke US law and they charged him. He hosted at least part of the site in the US, accepted money from a US undercover agent for advertising, profited in part from US based users[0]. They filed a criminal complaint and are requesting his extradition through an extradition treaty which the US has with most countries [1].

This case actually appears to be pretty above board. IMO the only thing he has going for him at this point is the fact that he is in Poland. He least has (even if small) a chance to not be sent to the US. Other countries will just throw your ass on a plane[2].

[0] - https://www.justice.gov/usao-ndil/file/877591/download

[1] - https://en.wikipedia.org/wiki/List_of_United_States_extradit...

[2] - https://www.wired.com/2013/09/dont-leave-home/

I was not aware that he hosted in the U.S. when i wrote that, i agree that this changes a lot. It's a stupid mistake that simply should not have happened.

Other than that i can only repeat:

> Let's say i sell candy with the profile of Kim Jong-un online, so that would justify North Korea to hunt me down in other countries and take me back under their jurisdiction? Gladly that's not how it works.

I don't think any country has an extradition treaty with the DPRK for obvious reasons
Perhaps Turkey would be a better example. We probably made the one we have during a more friendly time. I hear the government is arresting people for criticizing their President. So, it's not hard to make up a scenario with them now.

The treaty involving Turkey: http://www.state.gov/documents/organization/71600.pdf

That's not really surprising at all. When served with a subpoena they don't have much of a choice, I take.

Well, except for the iPhone breaking one.

Now, deporting a foreigner from across the ocean makes me think what would happen if, for example, had his e-mail hosted on an european provider. Would the provider be forced to comply?

In the San Bernardino case they did not, due to FBI meddling, have a way into the phone anymore.

In this case, they had the purchase records of the individual:

  Der-Yeghiayan was able to link the email address found in the
  WHOIS lookup to an Apple email address that Vaulin purportedly
  used to operate KAT. It's this Apple account that appears to
  tie all of pieces of Vaulin's alleged involvement together.

  On July 31st 2015, records provided by Apple show that the
  me.com account was used to purchase something on iTunes. The
  logs show that the same IP address was used on the same day to
  access the KAT Facebook page. After KAT began accepting Bitcoin
  donations in 2012, $72,767 was moved into a Coinbase account in
  Vaulin's name. That Bitcoin wallet was registered with the same
  me.com email address.
Tying the email address to the person. That's what was used. A purchase record tying the email address and the IP address together. Paired with the concurrent access to the KAT Facebook account. It doesn't matter what email provider he'd been using. It was the simultaneous access from the same IP to two different accounts. One his personal and one his business that the investigators needed. It may have been harder if it hadn't been Apple (or another US provider), but not impossible, just find other services that that email address was connected to.
If it was my e-mail provider (like, the one I manage, based in Germany) they could bloody try. We keep our mouths well shut until the day we're presented with a court order. And we already had some major abuse cases with foreign countries. We only complied with one (had to) where someone imported explosives and border police was... quite unhappy.
>Using similar tools, Homeland Security investigators also performed something called a WHOIS lookup on a domain that redirected people to the main KAT site. A WHOIS search can provide the name, address, email and phone number of a website registrant. In the case of kickasstorrents.biz, that was Artem Vaulin from Kharkiv, Ukraine.

Wow, he put his real name in the WHOIS records?

now i can only think this is only a sock puppet who got cought.
Possibly, especially given how easy it is to get a sock puppet, but not necessarily. If I remember correctly KAT was even hosted in Ukraine at the beginning and no one in Ukraine was really hiding back then.
Thats a good point and relativates it a bit. Afaik also privacy protection was rather expensive and rare, not as today for $2 (or even free) with any new domain.
But could he not just have put any name into the WHOIS?
That's a clickbait title. They had absolutely minimal involvement.
Minimal but game changing tho
And they probably didn't have a choice.
I wonder, why don't these torrent sites pop up elsewhere, where they're virtually impossible to shutdown? Thinking of IPFS or Tor.
They do tend to bounce around from host to host and TLD to TLD. The better organized ones have a whole array of mirrors, as well.
The Pirate Bay has a Tor address, which is the only sure way to get to it in the UK.
Then don't connect from UK but use a VPN if your government censors your Internet connection...
So Facebook doesn'tviolent crimes investigation(like in Brazil) but help when it favors their growth strategy. Isn't time to break these companies (fb, alphabet, Apple) into N pieces? Like Standard Oil Co in the past.
Brazil wants Facebook (WhatsApp) to release information it doesn't have -- it's not clear to me what data exactly, but presumably message content which they historically did not store and now, due to e2e encryption, cannot store; or maybe message metadata which I'm not sure they store (does anybody know?).

This is about data Facebook, like most web sites, does store (site access logs including IPs). Though I wonder how long they store these kind of logs; different jurisdictions may have both minimum retention times as well as maximum retention times for personal data such as IPs.

Brazilian authorities have actually already accepted that previously sent messages are forever out of reach. Their last blockage of WhatsApp happened because they where requesting that a specific group of users to be tracked with previous notice.

If this is technically feasible I can't say, but I don't imagine FB creating a precedent so that any state authority can require tracking of specific users. IMHO, this solution wouldn't take so long to start being exploited.

Thanks for the correction. Most (recent) articles annoyingly only go about the blocking and unblocking, and don't actually say what the Brazilian authorities want.

Do you know what "tracking" entails? That could mean anything from revealing message contents to revealing social networks or tracking a user's geoposition or reporting all the IMSI/IMEIs associated with any given WhatsApp user.

The last case involved a judge asking Whatsapp to implement a backdoor in its services.
Kudos to facebook for resisting the government of brazil but why would they help the U.S. government nail media pirates and not help another government nail terrorists? This does not add up.
The method of assistance involved is different between these two cases.

One case wants them to introduce a deliberate backdoor into their software. Negating the entire point of their recent move to end-to-end encryption and a major reason they're such a big player in the communication service market.

The other case was a warrant for, "What IP addresses accessed this account?".

The second one is trivial to comply with and to compile. The first is going to require them to alienate most of their customers, destroy their business, and spend a few man-weeks (minimum) to put together.

Bullshit. The first makes them have less power and profit less, the second do the opposite. It's a "fair" choice, don't you think? At least if you are the billionare owner that don't care with anyone and pretends that he is pursuing an open world.
Sure. Let's go with that then.

EDIT: That was just straight snark. Sorry.

Want a better response? I've seen your other comments regarding WhatsApp/Facebook on past related discussions. If you really think Brazil is being held back by these companies (WhatsApp in particular) make a competitor. Win over the Brazilian market. And deliberately make it insecure so your government can eavesdrop on any conversation. Good luck at keeping that market.

Yeah, I'm developing a competitor. Guess what? We don't have zillions of dollars and if we don't answer the justice right, we bankrupt. Facebook don't. So yeah, it's part of the development of my product to stop the unfair benefits foreign technology companies have in my country.

EDIT: FB eavesdrop to US gov didn't stopped their growth. Actually, I would bet that it helped.

WhatsApp, before it was owned by Facebook, didn't have zillions of dollars, which was also when it exploded in Latin America.
I think "implement" is misleading. The brazillian justice asked to use the same mechanism the US gov already use ;)
Source? What kind of backdoor are we talking about here?
That's really sad, I used to download many torrents through KickAss Torrents. It was quite helpful for me to locate the right file with the help of comments of users and seeders.
Creating database of music and movies metadata (titles, descriptions, song names, file checksums) is treated like terrorism in todays world. The only difference of Wikipedia is that it doesn't contain that checksums. So seems that these checksums are something like plutonium so even Homeland Security is fighting against it. And every country in the world agrees to send any its citizen to american jail for torture for just hosting these checksums. We're living in medieval times.
This is why corruption/politicians being bought by corporations is such a big deal, that affects everyone and everything. Lessig is right when he says it's the "root cause" of all the big problems in the U.S. It's not just a "single issue," as Hillary Clinton, likely the next president of the U.S., and who has also benefited greatly from this type of corruption, said during the Democratic Primary (as an "attack" against Sanders) - it's all the issues.

Think coal/oil lobby influencing/delaying climate change strategies , military industrial complex influencing national security strategies for more wars (and thus spreading terrorism and making Americans less secure), and even the copyright lobby buying politicians to pass laws that make it a crime to tinker with your device, or make people pay $150,000 for copying a song, and so on.

The U.S. really needs to figure out how to get this corrupting influence out of politics, or it's only going to get worse for its citizens, as even more special interests try to screw people over, or they get even more aggressive and shameless about it.

This graph shouldn't be a thing anymore:

https://www.youtube.com/watch?v=5tu32CCA_Ig

Corruption is a problem in every nation. Has any country found a way to curb it yet? I dont know of any examples, but everyone knows dozens of examples of countries whose governments were bought and sold years ago.
> The only difference of Wikipedia is that it doesn't contain that checksums

That's false. A typical magnet link looks like this:

    magnet:?xt=urn:btih:264886d841442158b3efc861bbfca5ef91d8f68b&dn=
    Mr.Robot.S02E01.720p.WEBRip.AAC2.0.H.264-KNiTTiNG%5Bettv%5D&tr=u
    dp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Fz
    er0day.ch%3A1337&tr=udp%3A%2F%2Fopen.demonii.com%3A1337&tr=udp%3
    A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fexodus.desy
    nc.com%3A6969
Notice all the tracker URLs.
Well look who's pirating now. Maybe someone should throw you in jail.
Most torrent clients will work fine if you just give them the hash.
Yes, but that's not my point. My point is these torrent sites have links, not just hashes.
The "btih" value is the checksum.
You can't be arrested for telling someone the street address of a crack house. Why is this different?
If your client is DHT enabled you often don't need the tracker list, just the content hash is sufficient.
Perhaps you should try to find an answer to the question why a checksum should be considered fair use. Fair use for a movie typically only covers short fragments, not (data computed from) the entire length of the movie.
A checksum is an integer. Stating an integer is fair.
An entire movie can also be represented as an integer.
It can be identified by it, but you can't reproduce it from the number anymore than you could from the title alone.
Actually, a movie could be represented by a fairly large (infinite even) number of integers that could allow you to fully reproduce or render it. Checksums, however, are merely digital equivalents to titles or other identifiers. They let you know identity, but not content.
(comment deleted)
All information can be represented by integers, or any sequence of symbols, but in this case, a checksum is the equivalent of a name or title -- something only to identify.
> ... something only to identify

Well in this case, the checksum is used "only" to spread illegal copies.

Not sure why else people would want a checksum and store it in a database.

In the same sense that names and titles can also be used to spread illegal copies, but by themselves they are innocuous.

Banning safe behavior to stop bad behavior is negligent policy work. Failure to constrain the effects of policy to its intended target is why people get scared about making videos on repairing Apple products.

> not (data computed from) the entire length of the movie.

I guess we shouldn't publish the running time of movies either.

As a person who occasionally pirates tv shows because I can't find any decent streaming services in my country, this is sad news.
You might consider looking into private trackers. Piracy can't be abolished.
Zeronet has a couple good torrent sites set up on it.
(comment deleted)
According to the article:

> It was a short campaign, but it was enough to link KAT to a Latvian bank account, one that received €28 million ($31 million) in deposits -- mainly from advertising payments -- between August 2015 and March 2016.

$31 million income in just 7 months? That seems rather high, but if so there'll be no shortage of sites to replace it.

Using Chicago-based NS was not ... smart. Also having no Jersey LLC for handling the money without disclosing beneficiary trust. Ah, and no using UK trust. Like Tony Blair alike persons do. Lack of business culture will often lead to confinement. If you are a pirate, rob like civilised robbers do.
Shame on them both.

I was glad to see KAT bounce back so swiftly. I don't have any emotional ties to the site, but it was time 10 years ago that big media corporations wake up and realize their business model is _dead_. They need to stop trying to force the world to play by the old rules at the barrel of a lawsuit, and find ways to adapt to the technology instead.

They have failed so far, and so piracy has filled the gap. The lesson here is people don't f'ing care about the laws when nobody is getting hurt, they're going to do what they want. That's what freedom is about, and it's never going to stop, and gestapo tactics will never ever defeat it.

Shame on Apple, shame on Facebook, and shame on anyone who assists in attacking torrent sites. It used to be that you had to actually host files to get in trouble. Next they'll want to make saying the word 'torrent' illegal.