139 comments

[ 9.2 ms ] story [ 385 ms ] thread
How's the progress on an IPFS browser client that doesn't require a gateway?
Or progress on useful stuff like an encrypted Dropbox clone or something. Everytime I see ipfs stuff it's about silly crypto things.
IPFS isn't the right use case for a dropbox clone. It behaves like a CDN with no persistence guarantees.

Arweave is better suited to archival storage. There are options for participants to ban particular types of content which may be illegal to host in their jurisdiction. This was designed to prevent the spread of CP, terrorism related info, etc. but that means it is also susceptible to DCMA issues too.

https://www.arweave.org/

> IPFS isn't the right use case for a dropbox clone. It behaves like a CDN with no persistence guarantees.

Peergos kinda do it but maybe it's only for the transport and it uses S3 or something like that.

> Arweave is better suited to archival storage

Thanks, I'll take a look.

I wish there was more exciting ipfs news beside nfts.

EDIT: Arweave seems to be part of the crypto/web3 thing I'm not a fan of.

Arweave promises a perpetual motion machine. Prepaying for storage is good but there is no way it is permanent.
way back (well before Ethereum and NFTs), i hosted a blog on IPFS. DNS level stuff:

- TXT record with an IPFS content identifier

- A record pointing to an IPFS gateway that ran on my laptop (and was restricted to only serving my own content)

- fallback A records that pointed to the public IPFS gateways

i could publish new content from my laptop, and as long as i had one other reader who browsed it via native IPFS (i did), then i could pretty safely not worry about my own uptime.

that was pretty useful to me at the time who had no clue how to be a sysadmin and keep good uptime and whatnot.

I like this about ipfs. I don't understand why ipfs didn't lit the world on fire yet and they only seems to care about web3/crypto/nft these days.
IPFS doesn’t solve the major problems most people have: you still need to pay for guaranteed hosting and most content in the world is private, not something you want to share widely. Toss in the designed-in performance issues and it’s less surprising that it’s remained a niche.
Peergos is the most advanced encrypted dropbox clone on ipfs. Disclaimer, founder here. We even extend the block retrieval protocol so encrypted blocks are not public - like most data in ipfs - you need auth to retrieve them: https://peergos.org/posts/bats

In terms of block stores we support local disk, or S3 compatible.

You can log in through any peergos instance (including localhost) and your writes are persisted directly to your instance. The whole thing is also independent of DNS and the TLS CAs (except of course if you use a public web interface)

(comment deleted)
If someone hosts a JavaScript app on their webserver that accesses IPFS using WebRTC or something, won't they still get DMCA-bombed? It's not like these lawyers care where the files are actually hosted, and there are effectively no consequences for indiscriminate DMCA-ing.

Even if you make an IPFS browser extension, you could still get complaints and Google might still take it down, no? Are there any IPFS mobile apps that don't require sideloading?

You have a chance of getting away with anything else on the Web, but anger the Copyright Gods and there's nowhere you can hide.

Ipfs software is like BitTorrent.

There’s no legal pathway to taking down the software. Only the gateways which aren’t necessary for IPFS.

This is basically copyright holders sending DMCA to trackers. Trackers haven’t been necessary for using torrents but it makes them more accessible.

My point was that easily accessible Web sites (or apps) that enable downloading will get mass DMCA'd regardless of the technicalities. You are correct that P2P networks themselves are generally more resistant to copyright attacks.
You can download the IPFS desktop app and browse IPFS freely without the need of a centralized gateway. Brave can use the desktop app for its native IPFS support. If you intend to use it to share anything, you need some extra setup, though.

I don't think any browsers have IPFS built in. For IPFS to be at its most useful (as in, your computer exchanging data with the network and actually participating in it), you need things like port forwards or IPv6 pinhole support, and I don't think that's something many people will do.

Edit: Brave supports IPFS natively these days. Go to brave://settings/web3 and set "Method to resolve IPFS resources" to "Brave local IPFS node".

Brave ships with an IPFS node now
You're right! I didn't notice because it's not the default and it auto redirected me, but that's a nice improvement!
Depending on your definition, I think Brave does this already doesn't it?
Wondering, where is that red line where publishers cross and someone introduce complete resilient and super simple solution to this whack-a-mole.
I recommend they hire an expensive law firm to process the requests, and a few contractors, then send the bills back to the reporter (one per request). I recon if more recipients do this it'll become expensive to carpet-bomb and they'll want to do some modicum of review on their side before sending these out.
You can bill for subpoenas and warrants but I've never heard of billing for DMCA takedowns. It's a cost of doing business.
Skip to the last paragraph:

https://www.dmlp.org/legal-guide/responding-dmca-takedown-no...

Fraudulent takedown notices and fraudulent responses create liability. There's probably room for a "no-win, no-pay" law firm that bills $500/hour to handle fraudulent DMCA takedown notices. Bonus points to them if they donate half their income to the EFF.

This is interesting. I was not aware of effective counter attacks to abusive DMCA notices. That site lists two very different results from 2004 and 2007 (and that web site is unmaintained and out of date.) There were other attempts, Cox in 2021, California Beach Co., LLC in 2020. And this law firm calls for customers in that area of DMCA abuse: https://www.hinchnewman.com/internet-law-blog/2015/04/legal-...

There might be a developing environment in which to monetarily fight that abuse.

To be honest, this imho is what the EFF should be doing, hiring laywers to counteract this kind of thing. If they were doing this (or some whatever strategy they decided would be most effective), I'd probably donate more money to them.
I'm the hardbin guy.

Since I wrote the post about the DMCA takedown notices the other day, someone kindly offered to provide alternative hosting for hardbin.com that should be more resilient to bogus DMCA takedowns, so happily hardbin.com is back online (but not operated by me any more).

Also I emailed Sean Lang (the guy with the github repo with dozens of example DMCA emails from these guys) and it turns out that in the last few months he also took his IPFS gateway offline because dealing with the takedowns was too much trouble.

> because dealing with the takedowns was too much trouble.

What are the consequences of ignoring these notices?

The DMCA is protection for an operator because instead of the first step being “get sued,” you get a letter and if you comply, you are protected.

If you ignore them, it’s basically as if the DMCA never existed and they can just sue you. And without the DMCA, you are liable if it’s some random user uploading copyrighted content to your website.

> If you ignore them, it’s basically as if the DMCA never existed and they can just sue you.

Pretty sure jes is in the UK though, and it's not the sort of thing you'd ever be extradited over... so not really sure why the notices matter. I guess some hosting providers are more sympathetic here than others.

Don't be so sure. The English courts agreed to extradite Richard O'Dwyer to America for link sharing. In the end he avoided it by signing a deferred prosecution agreement and paying a fine.
Like in any corrupted democracy, it depends. See Asange for a counterexample.
What exactly do you mean by counterexample? Assange has had access to UK courts to attempt to challenge his extradition, but he hasn't been successful. He's nearly exhausted all the possible things to appeal.
What is the current fake charge keeping him in jail?
Not kowtowing to the military industrial complex that rules the West ..
US-UK extradition agreements are so lopsided and wide-ranging, you can basically assume that one will be extradited for breaching US law while on Airstrip One.

That infamous treaty has turned the Special Relationship into full-on vassalage.

I'm not sure how likely it is that they'll try to sue me for failing to take down content, but I don't want to find out.

Running an IPFS gateway doesn't make me any money and even consulting a lawyer is way outside my hobby project budget.

Yeah, I took ipfs.slang.cx down after Hetzner threatened to kick me off their service.

I was able to stay on top of the takedowns by writing a script to create & deploy nginx block rules for each URL in the DMCA emails. Obviously I had no time for manual review of the URLs. But I guess that didn't matter and Hetzner got annoyed with all the emails and decided my business wasn't worth the trouble.

How did Hetzner become aware of the notices? Were they CC'd to them?

I ask because I'm building a web site currently hosted on Hetzner that will provide access to files that have fallen into the public domain, but also files that for all intents and purposes appear to copyright orphans. I will take down anything where an entity asserts a valid copyright against anything where a mistake has been made, but I don't want Hetzner just arbitrarily shooting down my site.

Don't directly expose your servers to the web, proxy them through some other provider so that whenever that provider falls under pressure you already have the infrastructure to move to different ip addresses and you don't have to deal with the hassle of migrating your data to other servers.
First the ciu-online.net people sent DMCA notices to myself and Cloudflare, since I used Cloudflare as a caching proxy. Eventually Cloudflare gave them the IP address of my server and the ciu-online.net people were able to determine that IP address was owned by Hetzner.

Now they send DMCA notices to myself, Cloudflare, and Hetzner. I think the goal is to annoy as many people as possible. Even after I shut off my IPFS gateway they continued sending notices.

Anyway, if you're hosting anything that might generate a DMCA notice, don't use Hetzner. They will kick you off even if you're complying with the DMCA process. Also, they make you submit a statement on abuse.hetzner.com for every single DMCA notice that gets sent to them. If you don't submit the statement in 24 hours they threaten to block your IP address. It is extremely tedious and annoying.

> Even after I shut off my IPFS gateway they continued sending notices.

It seems like those notices were made in bad faith. It would be nice if they faced some punishment.

Would it be unethical to send additional nonsensical take down requests to Hetzner? I mean, if you are going to be like a child and pretend every email is both true and in good faith the thing you really need is more outlandish nonsense so that one might mature? (make it less fun to host and more like hard work) Then again, Germany is just about the worse place to host "infringing" content.

Perhaps one should send regular take down requests to ones own host complaining about ones own website and point at example.com/<php echo $website[0]; ?> as the proof. Then change hosts if they chose to act weird on it.

I read "good" things about Hosted Network Pty. Ltd who in 2018 had a complaint response time near 20 days. "Worse" in the industry.

Thank you for the advice. I will shop around. The trouble is that Hetzner are almost an order of magnitude cheaper than the next best. You get what you pay for.

Any recommendations?

I would take a look around for eastern european hosters that dont really care for western bs and pick up a vps from there to use as a reverse proxy. You can continue enjoying hetzner and still be insulated by putting it behind a different server that will get (and toss) any abusive takedown requests.

The lowendtalk forums are a good place to find any number of hosters that will fill your need.

>Eventually Cloudflare gave them the IP address of my server and the ciu-online.net people were able to determine that IP address was owned by Hetzner.

Wait... isn't the point of paying cloudflare to prevent DoS attacks?

Cloudflare will fight tooth and nail to keep Stormfront online, not IPFS.
Didn't they voluntarily ban The Daily Stormer? And while horrible, I don't recall there being anything illegal about that, whereas IPFS likely requires them to take manual action repeatedly to avoid legal penalty.
CloudFlare will sometimes go to the court to actively protect their abusive customer from being exposed to legal liability. But apparently they don't do that unless you're really nasty and exposing you would mean they are actually able to provide information about their customers - that's a line they won't cross even for attempted murders.
It wasn't exactly "voluntarily" -- more like "banned it after sustained public pressure", I think. They were reluctant at first but eventually caved after pressure continued to mount. The CEO wasn't happy about it.

https://en.wikipedia.org/wiki/Cloudflare#The_Daily_Stormer

(Not trying to take sides here -- it's a messy, complex topic -- just trying to recount the history as I remember it, hopefully somewhat correctly)

> Didn't they voluntarily ban The Daily Stormer?

They defended them for a long time, and then banned them shortly after one of the Stormer admins started bragging that they had Cloudflare in their pocket.

Weirdly most of my pirated IPFS content is hosted by and served directly by Cloudflare’s own IPFS cache. I can choose which IPFS gateway to download the content from and I always click “Cloudflare” because it’s ridiculously faster than the rest (thanks to Cloudflare caching/serving it).
Yeah, you would think so.

I guess if you want to do a DoS attack, send a few bogus DMCA notices to Cloudflare first to get the real IP of the server they're supposed to be protecting. Then you can hammer the server directly without Cloudflare getting in the way.

Though you have now left a paper trail leading back to yourself, and leave yourself open to prosecution for computer fraud and such.

Not to mention a bogus DMCA takedown which has its own penalties.

No trail leading to the DDoS attack, which would be executed by a botnet from compromised home computers, and paid for in bitcoin passed via a mixer, or something.
> Not to mention a bogus DMCA takedown which has its own penalties.

Does it? It'd be nice if penalties happened more often to the groups that spam out DMCA takedowns.

Has a bogus DMCA takedown ever resulted in actual punishments?
>Wait... isn't the point of paying cloudflare to prevent DoS attacks?

Hahahahahaha..

Cloudflare exists to get in the way of your users from accessing your site and you who are trying to run a site. They claim to be an anti-DoS service but I've never seen any evidence they actually do that. I still get Cloudflare messages a plenty that the website is down. And of course that moronic time waster where it wants me to perform a captcha constantly without actually serving the captcha.

They do provide a pretty decent anti-ddos service. They regularly sink gigabytes of traffic before it hits our origin servers. There's lots to complain about them, but this is something they actually do well.

Don't know why it didn't work for you, but there are a few things that can trip up ops.

you'd expect them to. they have the experience, resources and insight
That has not at all been my experience with Cloudflare. At a previous job, it took us just a few hours to set up and configure all the options and WAF details, etc., then they took our drive-by probes and bot spam from thousands per day to near zero. Over the course of the next year, we had less than 3 reports of blocked access from real humans; one was traveling and another was behind a shared IP organization. Is it possible some customers were blocked and left frustrated without ever telling us? Yes, but that business kept growing, and it was in an industry where most of our customers were repeat dealers that would let us know very quickly if they couldn't access the website. So if there were false positives, there weren't many.

Cloudflare saved us immeasurable time vs manually configuring firewalls and blackholes and honeypots and open-source lists -- all for $20/mo. It was an amazing service. And they blew their competitors at the time out of the water (Imperva, etc.)... much higher quality blocking at like 1/10 the cost.

If you see a Cloudflare message that the website is down, well, chances are the website is down. If they set it up a certain way, Cloudflare may have been able to cache some pages beforehand, or not... but either way, it's probably not Cloudflare's fault. The site probably would've been down even more often without Cloudflare, just without the CF error page. (That said, DNSSec is a pain and can often cause issues with Cloudflare and other proxies)

As for hCaptcha, I don't think I've ever had an issue with it (besides being unable to tell what something was, I mean)... did you have JS turned off or strict third-party blocking, perhaps?

Sounds similar to a SLAPP: Strategic Lawsuit Against Public Participation

The goal is to burden the recipient with overhead costs that it becomes impractical or cost-prohibitive to participate.

Doesn't the plaintiff have to be the government for a lawsuit to be a "SLAPP" suit?
These are different state by state, but Anti-SLAPP is meant to protect from vexatious litigants, that is someone rich threatening to sue you to shut you up. I'm not a lawyer, I just listen to Serious Trouble podcast.
But you are in the UK, the DMCA had no legal standing there. Did you host on a US service?
for all practical reasons, the DMCA is global law.

I mean it obvious that it's not, but are you willing to test how far they can reach when you have stories like of Peter Sunde and Kim Dotcom to see what happens?

I'd like to be able to run something like an IPFS gateway if I could be reasonably certain I'd never get any annoying legal notices or attention. Are there any community maintained hash tables of verifiably unencumbered content that I could use as the basis of a filter?
It wouldn't matter if you used a filter and your gateway didn't host copyrighted content.

The ciu-online.net application doesn't check whether or not the content is accessible through your server before sending a notice. It sends notices for all content that might be on the IPFS network.

You'll get annoying emails no matter what.

Related, what's "modern best practices" in both software (ie what to write) and operator (ie you are running software, and need to do something with DMCA)?

I ask in the context of ActivityPub, Mastodon, Lemmy, Kbin, etc. I'm writing software for ActivityPub and i want to ensure self-hosted instances have the tools to respond and manage to legal .. threats (or w/e) like DMCA. Likewise i don't even know what is good advice for people to manage these notices. Of course there's also all the other undesired things too, CSAM, etc. Hosting user content is tough, heh.

As someone invested in getting people to self host more of their life in ways like ActivityPub, that also then means more exposure to this type of .. stuff. Not sure what the current consensus even is, tbh.

Isnt the beauty of activity pub that you can tenat an instance juat for yourself? That could avoid a lof ot the legal headaches. You could also make it invite only through yourself, your instance doesnt need to be big if everyone elses is.
That would be nice but i don't think it's realistic in the general space. ActivityPub in what i've researched so far is inefficiency for that granularity of P2P. For example I've seen complaints with Mastodon where small instances get ignored on the federating. Which i believe translates to data that comes from those instances taking a long time to get populated on the larger instance. Leaving the smaller instances feeling like they're speaking into the void - as no one replies, because no one can see it.

Instead i think it will shine with many small instances. 500-30k maybe? Still similar issues with federating, but less so than hundreds of thousands of 1person instances.

I'm focusing on what i'm calling micro instances, 50-1000 range i suspect. So we'll see.

The solution is to make instances publish their block lists and import these block lists to the self hosted instances.
I don't think that touches on specific content violations though, does it? Ie dealing with a notice of a DMCA on something from a non-blocked host (or your own!)
One thing you have to be aware is that there are many hosters (like e.g. Hetzner, which is excellent otherwise IMO) who will drop you like a hot potatoe (i.e. blackhole your server in the best case, terminate your account in the worst) if they recieve multiple DMCA notices (or abuse notices in general) for your IP / Server / VPS.

It does not always matter if those are actually legit if they look credible enough and thus, if someone hates you very much, it can be used as a weapon to kill your instance.

This can be somewhat remedied by hiding your hoster via something like e.g. Cloudflare, if having a middle men is acceptable.

“I did some bash-fu to extract the IPFS hashes from the emails and grep for them in my nginx logs, and was surprised to find not a single match,” Stanley explains. “None of them have ever been accessed, and of the ones that I checked, none even worked.”
At least in the USA, it is a requirement that any legal representation by a corporation, be done by an actual lawyer.

If a law firm or solo lawyer is not identifying themselves properly in a DMCA takedown request, which is a legal document, what happens? Does anyone know?

You can basically do anything you want as a large corporation when it comes to this stuff. The law doesn't have any teeth, as a smaller player you can't do anything about bogus DMCA notices or legal violations.

Many services like Twitter or Chrome Web Store will at best put your content back up a few weeks (or months) later after you file a counter-notice; in some cases they will just nuke your account after a few notices even if the notices were bogus.

Is there a societal benefit to US approach to lawsuits where anyone can sue anyone for anything?

Is it something like MAD?

My understanding as a non-lawyer is that one can file a lawsuit against anyone for anything, but for it to actually go anywhere instead of being quickly dismissed, it needs to be within the court's jurisdiction and it needs to "state a claim", i.e. allege a violation for which the court could apply some relevant remedy.
Maybe one could use this analogy, but those with the WMDs are the rich, the right owners that can hire an army of lawyers. So it's legal warfare against regular people.

Also unlike MAD large corporations do regularly engage in fierce IP battles. Like Apple vs Samsung. I do see the pro arguments, but overall I find it doubtful if if it's a net positive for humanity to have strict IP laws at all.

The American approach is the world's approach as far as rule-of-law countries go btw.

As someone who has moved from a non-litigious society to the USA I used to see it as insane. Then my rights were violated again, and again, and again, so I spent a decade getting legal smart and fighting back. Again and again I have forced government agencies into policy adjustments to stop their rights violations, and I am still in litigation now.

The USA does make it very easy to sue someone, and when that someone is the government you can force practical changes that can affect a large number of people with your litigation. It might not get you any monetary benefit (it certainly hasn't for me), but that might also be a bonus.

How does one get “legal smart”? Or do you mean you become a lawyer?
Read. A lot. Go to court a lot. Sue a lot without a lawyer.

I would love to be legally able to practice law because then I could represent other people who can't afford a lawyer, as it is I can only sue for myself without a lawyer. The issue is that people think you only need to pass the bar exam, which I'm pretty certain I could do tomorrow if I brushed up on real estate, trusts, wills etc (my suits are all civil rights, torts, criminal defense). BUT, only four states allow you to take the bar exam without a law degree. And those four states still need apprenticeships. Which makes it really hard to become a "real" lawyer these days.

How about a counter strategy?

- randomize the url list

- ask for evidence of copyright violation of a specific url number

- if human does not answer, claim they acted in bad faith

- give them 14 days to respond

Win/win. Gotta game the system, and increase the cost/effectiveness ratio.

Maybe we should create a fund to sue those illegal DMCA requests back
I don't know if it's true, but in another comment thread, it was mentioned that if you truly are the owner of the copyright, filing a DMCA takedown against someone who didn't actually have a violation is not perjury and thus have no real consequences (cept perhaps to say 'sorry bro').

So it's apparently not going to be effective to counterclaim as it cost you more to do this than they lose.

> it cost you more to do this than they lose.

My proposed responder can be easily automated. It might cost them no money in court, but it costs them human salaries - and that's the point.

We have to make DMCA takedowns an unfeasible business model to change the status quo of bad actors.

Isn't filing a false DMCA takedown perjury, which is a criminal (rather than civil) matter?
The provision is infamously toothless. A proper DMCA notice (yes, you can send improper ones...) is supposed to contain a statement made under penalty of perjury saying you are or represent the owner of the allegedly infringed upon work.

So you just have to own the thing you claim is infringed, you do not have to be correct that the items you target with the notice are actually infringing upon your work. That stops me from claiming to own Mickey Mouse and sending notices against it. It does not stop me from claiming something I actually own copyright to and sending spurious notices to non-infringing works.

Now, there might be some minor monetary liability for costs incurred by a completely bogus notice, but they're probably not large enough to sue over without ending up losing more money on the suit than you win in most cases, so it's relatively untested, though I think there may have been a settlement or two over such claims.

>A proper DMCA notice (yes, you can send improper ones...) is supposed to contain a statement made under penalty of perjury saying you are or represent the owner of the allegedly infringed upon work.

I'm aware of numerous cases where this was not the case, but I haven't ever seen anyone ever prosecuted for making a false statement in regards to a DMCA notice. Does anyone know of an actual case where someone faced legal jeopardy for a false DMCA notice?

There were one or maybe two cases that settled out of court, but they were about the claimed infringement being bogus, not that the person filing the notice didn't have the copyright they claimed to be infringed upon.
What is preventing a class action for frivolous DMCA notices?
Lawyers are expensive which is why most folks settle when they encounter legal issues in life and business. When you get a traffic ticket or auto accident do you hire a lawyer? Most do not.
Never have. But class action has huge payout, lawyers' payment is a cut of that if they win else 0. If the chances of winning are good, I've heard that arrangement is common.
The part that caught my eye in the presentation was that it suggested the possibility of digging into someone’s immigration status and reporting them to ICE. It shocks me that a private corporation would get someone deported for doing something that’s not illegal.
These are very large corporations with very large profits to protect. It's awful to think about but not surprising in the least.
Read about what private corporations did in the 40s and 50s to maintain land in Central America and the Middle East. Hundreds of thousands of people died and democracies were replaced by dictators so Chaquita didn’t have to sell land being repossessed under imminent domain. Simile story in Iran with Standard Oil. Getting someone deported is pretty low on the list of atrocities corporations would do to make a buck.
Immigration and Customs Enforcement. Customs applies to digital goods, too.
> “The weird thing is, [the system used] doesn’t actually verify that a given file is available through my server before sending a DMCA request. I’ve looked through the traffic logs, and the vast majority of the files listed in these takedown requests have never been requested in the history of my gateway. I haven’t checked all of them, but I’ve checked a lot,” Lang says.

So... DMCA is infamous for its lack of protections against misuse, and I'm not a lawyer, but that's gotta actually qualify as perjury, surely?

It doesn't. With the DMCA being a corrupt law wholly bought and paid for by the content cartels, the "perjury" bit only applies to someone falsely claiming to be authorized by the imaginary property owner.
Interesting; that does appear to be accurate:

https://www.aclu.org/documents/text-digital-millennium-copyr...

> ”(3)ELEMENTS OF NOTIFICATION.-

> ”(A) To be effective under this subsection, a notification of claimed infringement must be a written communication provided to the designated agent of a service provider that includes substantially the following:

[...]

> ”(vi) A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly in-fringed.

But that makes it completely trivial to abuse. But like... for everyone. What prevents a person from returning the favor? Say, if one of the folks in the article decided to make a list of parties involved in this farce and inundate them with DMCA notices for something they have nothing to do with. Either that's legal, in which case it can be used against the initial aggressors, or it's not, in which case they're equally liable.

Edit: Okay, I read to the bottom of the post that pointed me to that text: https://law.stackexchange.com/questions/51541/has-anyone-bee... and it does in fact list "at least two" civil suits that look really similar to the situation we're discussing here.

> But that makes it completely trivial to abuse

The perjury bit not applying doesn't rule out there being other forms of liability from incorrect DMCA notices - it just strikes out the most visible and severe one. For instance if you wrote up a fake notice, based on a work you owned but targeting an unrelated URL, you could be sued for some sort of fraud or tortuous interference, even though you didn't run afoul of the perjury provision. The problem is commercial DMCA mills have the standard corporate veil where nothing is any one person's fault to hide behind. So even though it might be technically possible to take them to task, it's much harder to argue something like gross negligence.

Corporate veil cannot absolve anyone from criminal liability.
Sure. But there aren't generally criminal penalties for gross negligence in filing DMCA notices, as far as I'm aware. So that's not really relevant.

However the corporate veil I'm referring to goes beyond the legal doctrine. I'm referring to the protection that comes from having a bunch of people doing something, so that errors get written off as constructive emergent behavior rather than pinned on singular willful actions. If an individual set up a script that generated a bunch of DMCA notices based on the possibility of infringement with no verification, then signed the requests and sent them off, they'd likely find themselves in court and pinned with a finding of bad faith (regardless of say having set up an LLC or not). Whereas when a group of people does the same thing, each only contributes part of the action, they all point fingers at each another for who's responsible (A: "I said the output of the script had to be verified", B: "I wasn't responsible for the output of the script", C: "I thought everything I got from B had already been verified"), and any argument of willful bad faith becomes much harder.

So in other words, as long as you actually own the copyright, sending DMCA takedown against someone who doesn't have that content at all does not count?!
Isn't it already criminal to knowingly and with intent make claims in absence of evidence?

If you don't present evidence, and you know that you do not have evidence, and it can be shown that you knew you did not have evidence when you, then that's intent to defame (or obstruct). And also such a pattern of defamation with intent and intimidation may qualify as an OC protection racket?

(Plaintiff could not have had knowledge of which content defendant was authorized to archive or fair use, and plaintiff knew that they hadn't such information when they harassed and intimidated defendant and so plaintiff had criminal intent.)

IANAL, but I believe perjury can only happen under oath. This seems more like a bluff.
DMCA filling includes a sworn under penalty of law signature line.
As I understand it, what is attested under penalty of perjury is specifically that you are (an agent of) the rightsholder, not that the the subject of the complaint actually infringes. It certainly seems that just spamming then willy nilly ought to be not allowed though.
The way IPFS works though, isn't it by definition that any file you can get from one gateway, you should eventually be able to get from any gateway?

In other words: it doesn't matter your gateway logs shows that no one ever requested a file with a specific content hash, because should one eventually request that content hash from your gateway, they'd get the file in question.

Honestly, until reading the headline, it never occurred to me what now I realize is stupidly obvious: the promise of p2p content-hash-based distribution is that it's robust and censorship-resistant, as the targeted data isn't bound to specific places, but rather is automatically mirrored and made available across the entire network. The flip side of the data being accessible from any point in the network, however, is that... the data is accessible from any point in the network - meaning that every point individually is distributing everything that's in the entire network, and is potentially liable for it all.

A gateway is a bridge from http to ipfs. Not all nodes are gateways.
But all gateways are nodes. Of course, unless we're talking CSAM, no one will be targeting arbitrary nodes. But gateways are, by definition, the publishers of what's in IPFS. They are frontends to the same backend - and thus it makes sense for each of them to be liable for everything that's on the backend, i.e. the whole IPFS network.
Ehh... Does it make sense in the same way that TOR exit nodes are liable for everything on TOR, or that VPN providers are liable for everything that is downloaded via the VPN or that the ISP is liable for everything that its users download?

I think that's why DMCA safe harbor exists, and it could be argued that an IPFS gateway is acting as an OSP (in fact, it's almost text-book[1]).

Though, at this point, it seems that DMCA is skewed almost exclusively in favor of rights holders (or indeed anyone simply claiming to be a rights holder), that unless you're Comcast or Verizon or something, you're not going to get much sympathy from the legal system by claiming to be an OSP.

[1] https://en.wikipedia.org/wiki/Online_service_provider

VPN providers and TOR exit nodes are a different beast, IMO. They're potentially liable for everything that goes through them, but it's a "push" model, not a "pull" one. Plenty of organizations don't want to interact with, or intermediate in hosting, TOR exit nodes, because they fear any kind of illegal thing could come through those nodes - but until something specific does come out, that's a risk management reason, not a legal reason.

In contrast, IPFS gateways are running on a "pull" model. Anyone can come to the gateway, and pull through it anything that's stored anywhere in the IPFS network. This is meaningfully different, in the same way "users could post illegal/infringing content to YouTube" is different from "there exist illegal/infringing content on YouTube already posted, available to anyone who know the ID to put in the URL". In the former case, possibility of "bad" upload doesn't create a problem until such upload actually happens; in the latter case, possibility of a "bad" download is a problem even if, so far, no one actually downloaded the "bad" thing.

> I think that's why DMCA safe harbor exists, and it could be argued that an IPFS gateway is acting as an OSP

I don't have any argument against that. I assume this wasn't tested in courts yet, and the rights holders are exploiting this uncertainty, expecting that no IPFS gateway operator will try to contest the DMCA claims.

I don't understand what you mean by push/pull in this context. Aren't I pulling content through a VPN or TOR exit node? Pulling content through my ISP?

> expecting that no IPFS gateway operator will try to contest the DMCA claims.

Unfortunately, even if you have a case, there are substantial legal costs involved.

> I don't understand what you mean by push/pull in this context. Aren't I pulling content through a VPN or TOR exit node? Pulling content through my ISP?

I thought this was clarifying it well:

This is meaningfully different, in the same way "users could post illegal/infringing content to YouTube" is different from "there exist illegal/infringing content on YouTube already posted, available to anyone who know the ID to put in the URL".

But maybe it's not, or maybe I'm making a category error here?

I see what you're saying. You push content onto IPFS but you access it over HTTP using an IPFS gateway, which pulls content off an IPFS node and basically "streams" it to the client. The IPFS gateway is acting only as a proxy to IPFS itself. IPFS clients can also download directly from IPFS but IPFS is not natively supported in a browser like HTTP(S) is.

The content itself is stored on IPFS nodes which "pin" the content they wish to persist on the network. I think there would be grounds under DMCA to ask IPFS pinning services to stop pinning copyrighted materials, but going after the gateways seems misguided and a misuse of DMCA, as they're only acting as a proxy.

'xoa actually explained what I meant better than I could: https://news.ycombinator.com/item?id=36480081

If you take IPFS for what it was designed to be - one big, distributed, content-addressable file system, then each individual IPFS gateway is effectively a server that serves that entire file system.

Whether or not this is abuse of DMCA, I can't tell, though I feel it indeed is. It does make sense from practical point of view, though. From the point of view of the rights owners, IPFS by itself is, at the moment, too small and too nerdy to be of significance - however, gateways are projecting IPFS into the Internet inhabited by general population, and in doing that, they look like servers serving content. They're good targets because they're how most people would access copyrighted material stored in IPFS.

xoa is kind of correct in describing IPFS as a giant CDN but there's a key difference here between IPFS and "IPFS gateways".

IPFS gateways don't host any files, they act in the exact way that xoas comment talks about.

> They don't host content, they don't discriminate, they just route traffic.

Indeed an IPFS gateway does not "host" content either, it merely shifts bits around in the same way a proxy or VPN shifts bits around. It's not correct to say that when you're connected to a VPN that your VPN provider is hosting Google or Netflix, it's the exact same with IPFS gateways.

The only difference between IPFS gateways and a proxy in that sense is that a proxy serves the client HTTP content from a HTTP source whereas an IPFS gateway serves HTTP content from an IPFS source.

Equivalently imagine a proxy that could proxy traffic from any publicly accessible FTP server to HTTP. Is it correct to say that the proxy is hosting the content that resides on the FTP? No, it's not. The FTP server is hosting the content and the proxy is piping it to clients from FTP->HTTP without storing anything.

I think the difference is that FTP is historically known and easy to use with generic tooling. Or at least it was so a decade ago. Today, in fact, I bet that if you made a website that's fronting someone else's FTP server, it's you who'd get hit with DMCA first. IPFS is public only for a small subset of techies - at this point, for anyone else, it's some mystery alternate realm they don't have access to. This is not a theoretical issue, but a purely pragmatic one - but legal action is also mostly taken on practical grounds, not theoretical. Thus, obscurity of the tech involved matters.
This is late but I don't think "push/pull" is very clear terminology here, and confuses things a lot. The difference rather is that VPNs/TOR are ISPs, or more generally they're Common Carriers. They don't host content, they don't discriminate, they just route traffic. So Section 230 or the DMCA doesn't even apply, just regular common carrier rules. They're not liable for what goes through them short of actual knowledge or defiance of a legitimate court order, but the nature of encryption means they won't generally have any way to know or technical means. They're just infrastructure. To get content off of a VPN or TOR, someone must go to some actual server that serves said content, whether it be on the general internet or a hidden service. It's that server and user that are the liable parties. There are some edge cases, and of course differences in law for other countries, but overall they're an established thing.

IPFS in contrast would be a CDN. It actually hosts content, that's the point, it's a massively distributed filesystem. I can see that creating new legal arguments separate from pure network infrastructure.

Thank you for posting it. This is exactly the distinction I meant, and from now on, I'll be describing it the way you did - ISP/Common Carrier vs. CDN.
NAL. According to some youtubers I have seen who ran into this sort of frivolous claim, you can apparently send counter-notifications to those people, and that sets up some liability on their side if their DMCA takedown was indeed frivolous and they continue to pursue it. It does seem like a lot of work to send all those counter-notifications, though.
> but that's gotta actually qualify as perjury, surely?

Lindsey Ellis did an exhaustive series of videos on exactly this topic (https://www.youtube.com/watch?v=K3v5wFMQRqs); yes, you can sue over false DMCA filings, but it's expensive and time-consuming and you may run out of money in the process.

"Law enforcement - I.C.E. referals"

This is from a slide deck on how to "protect" content, apparently by someone working for a law firm. Assuming the firm is US-based, this is literally suggesting to get immigration services to check out a suspected "wrongdoer".

Lawyers huh... I just can't even.

I have no love for lawyers, but Immigration and Customs Enforcement has, for better or worse, a role in these issues.
Here's my completely-unsourced conspiracy theory:

Someone is using ChatGTP to look for infringing content. DMCA notices are being sent on the basis of AI hallucinations.

>To uphold the highest standards of integrity, responsible behavior, and ethical conduct in professional activities. (IEEE Code of Ethics) [1]

Letting this happen IMHO is clearly a breach of IEEE's own rules. This goes against the public and has serious side effects. Nobody with a bit of knowledge on networking (which I hope exists within IEEE) should seriously think that those gateways are hosting the content.

If someone with a role in IEEE reads this they should really stop this rogue firm they contracted before they seriously destroy some part of the internet some people rely on.

[1] https://www.ieee.org/about/corporate/governance/p7-8.html#:~....

The IEEE has no power to stop people from doing things. It's a professional society, not a licensing/regulatory body.
As the article and the parent comment makes clear, this was done on behalf of organizations including Elsevier and IEEE. Surely it's within their powers to not pay money to lawyers to do their dirty work?
Copyright law doesn’t talk about hosting content. It talks about distributing content.

And by all means, an exit node is distributing content.

So is an ISP, no?
By all means? Or just by way of your opinion?

Is Cloudflare distributing content by caching torrent sites? Is it possible to run a public proxy without distributing copyrighted content?

In my opinion, this line of reasoning is absurd.

Any lawyers think that there's a case against the publishers for these harassing, inappropriate notices?
Could this not be construed as vexatious litigation?
We need a cloudflare for DMCA DOS attacks.