Perhaps more than any other broadcaster, beIN Sports understands the potential for piracy to spin out of control.

When a diplomatic crisis between Qatar and other Arab countries led to Saudi Arabia blocking the beIN service in 2017, beoutQ – a full-blown piracy platform – stepped in as a comprehensive but illegal beIN replacement.

Over the next two years, the political fallout spread beyond the Middle East to the United States and European Union, leading to a World Trade Organization report and ultimately the closure of beoutQ’s satellite service in August 2019.

Protecting the Africa Cup of Nations

Over four years later, beIN is still battling commercial-scale piracy. After obtaining exclusive broadcasting rights to Africa’s most prestigious football tournament, the Africa Cup of Nations (AFCON), tackling piracy of the month-long event would necessarily become a key component of the company’s overall strategy.

According to a report published by L’Informé this week ( paywall ) , beIN’s plan to curtail piracy of AFCON in France had been in the planning for some time.

Early 2022, the broadcaster became the first rightsholder to take action under Article L. 333-10 of the Sports Code, legislation introduced by the French government that provided accelerated access to anti-piracy measures such as site blocking.

According to L’Informé, on December 15 under the same system, beIN served a writ of summons on the main ISPs in France – Bouygues Télécom, Free, Orange, Outremer-Télécom, Société Réunionnaise du radiotéléphone (SFR), and SFR Fibre. On January 9, 2024, the Paris judicial court upheld beIN’s application for blocking measures against 56 illegal streaming sites, to be implemented by the ISPs, to protect the AFCON tournament.

Pirate Sites Were Likely to Air AFCON Matches

To support the blocking application, beIN presented evidence showing that the pirate sites had systematically infringed its rights in the past.

Last November, one of the domains on the list – Ishunter.net – was illegally broadcasting matches from Germany’s Bundesliga, Spain’s La Liga, and Serie A matches from Italy to which beIN holds French broadcasting rights. At the time of writing, the domain returns a parking page rather than live football streams; as a result, takedown notices filed with Google are mostly attempting to take down content that doesn’t exist , at least at the specific URLs listed.

Three other domains – ipcover.tv, maxsmart.pro and pythonlived.com – reportedly service pirate IPTV apps. Maxsmart.pro is the only domain obviously functional today, serving pearls of wisdom from the likes of Mahatma Gandhi rather than football matches, however.

Current Status of Domains

While ISP blocking measures can be evaded when injunctions are static (i.e. targets are fixed) the order obtained by beIN Sports is dynamic. This means that if the listed pirate sites use subdomains, entirely new ones, or any other measures, if beIN is confident the new locations relate to the old ones, blocking can go ahead.

Speaking with L’Informé, Caroline Guenneteau, Deputy General Secretary of beIN Media Group and Legal Director of beIN Sports France, said that 70 domains have already been blocked to protect this competition alone

“It’s very important to be proactive at the start of the competition, when there are a maximum number of illicit streams,” Guenneteau added.

Even though the blocking measures shouldn’t affect those who visit the sites from outside France, tests carried out by TorrentFreak on the specific domains as they appear in the order (full list below) suggest some have made changes.

Around 25 are still operational from their previous locations while a small number redirect to their own subdomains or new/alternative domains. Others display ‘domain parking’ style pages while others prefer to offer up their own blend of humor instead.

One of the pirate domains currently suggests involvement with the insurance and travel business, another claims to be a fitness promotion platform. At least two redirect to new domains before asking for money to keep things going.

A handful of others show Cloudflare error messages but as these above show, perhaps not all messages appearing on these domains are authentic.

In any event, finding alternatives through search engines may be more difficult than it was before. The order obtained by beIN allows it to serve court orders on companies such as Google, requiring the domains to be delisted from search results.

The domains listed in an order published on the Lumen Database are broadly similar to those present in the original order, but additional notices will likely be sent as new domains are reported.

The blocking action in France complements the action we reported here on Monday . Dozens of domains linked to sites previously showing live football matches, to which beIN owns the rights, began redirecting to the Alliance for Creativity and Entertainment.

Among those domains were 7kora.mpokora-online.com and 7koora.mpokora-online.com, both of which currently show the ACE domain seizure banner.

Since they’re also on beIN’s ISP blocking list, visitors to those domains in France shouldn’t be able to access the sites, so in theory will be spared the bad news.

The domains/URLs to be blocked by ISPs in France:

Kooora4lives.net
Ishunter.net
Sportp2P.com
Rojadirect1.pro
Aflam4you.org
Kora-star.online
Yallalive.id
360kora.net
Live-koora.live
Yalla-live-tv.io
Sporttv123.xyz
Wholewellnesswhirl.live
Sporttvls.com
Top.crackstreamfree.com
Top2.crackstreamfree.com
Top3.crackstreamfree.com
Top4.crackstreamfree.com
Top6.crackstreamfree.com
Stad.livehd7s.live
V3.sportonline.so
Shoot.yallashoote.com
W1.yalla-shoot-tv.io
Futbolandres.xyz
360kora.tvem.net
Aleexsportz.online
Yalla-live.org
Sa.yalla-live.com
Lkooora.live
Livehd72.com
Kora-yallashoot.com
Kora.live-kooora.io
Goalarab.org
Go.livehd72.livve
Ar.new-yallashoot.com
10koora.livekooora.online
Totalsportek.pro
Kooralivs.com
7kora.mpokora-online.com
7koora.mpokora-online.com
Tv.yalla-shoot2day.com
Tv.yacine-tv.app
Spie.livehd7.io
Dotsport1.com
Yala-shoot.live
Streams.lc
Beinmatch1.com
Beinmatch.motorcycles
365kora.com
Ma.360kora-live.com
Kora.live-koora.net
Gogolion.xyz
Ipcover.tv
Maxsmart.pro
Megahdtv.xyz
Pythonlived.com
Smart-prott.xyz

From: TF , for the latest news on copyright battles, piracy and more.

Last summer, UK broadcaster Sky obtained a High Court injunction that requires local ISPs to block pirate IPTV services illegally offering its content.

Blocking injunctions aren’t new or unusual but since limited information is made available to the public, anyone interested in the mechanisms involved and whether blocking is working must find out for themselves.

We were able to determine the names of at least some of the targeted services, including BunnyStream, Enigma Streams, GenIPTV, CatIPTV, GoTVMix and IPTVMain. A more puzzling aspect, at least initially, relates to the dynamic nature of the injunction which allows Sky to choose when to apply blocking measures and for how long.

The judge initially expressed concern that this would diminish the ability of the court to ensure that blocking remains proportional, and that aspects of the order could have an effect on the ISPs required to implement blocking.

Unprecedented Blocking Measures

The details of the judge’s concerns remain confidential but, since the UK’s other major ISPs didn’t object to the proposals, the injunction was granted. After around five months of live blocking under this injunction, it seems reasonably safe to conclude that the sheer volume of blocking was one of the key concerns.

In our report last November, we estimated that perhaps 400 domains/subdomains had already been blocked, but that was a) probably a low estimate and b) no indicator of what’s happening now.

As things stand this week, our best estimate is that Sky has blocked and/or is blocking over 4,500 domains/subdomains. By most standards, that is an incredible amount of blocking in such a short space of time.

As far as static website blocking goes, nothing has ever come close, not even when new domains start appearing and only dynamic injunctions can handle the job. This certainly doesn’t look like any ordinary job.

Ordinary (and less ordinary) Domains

While Sky has targeted many domains with an ordinary appearance, such as mainiptv.com, iptvmain.live, main-iptv.com, iptvmain.co.uk, geniptv.world, ky-iptv.com, mag.4k-beast.co, and gotvmix.org, the overwhelming majority are noticeably different.

The dynamic injunction targeting the IPTV providers can adapt to new challenges; the domains shown above are an example of a challenge dynamic injunctions need to overcome. As their similarity suggests, these are the product of a DGA – a domain generation algorithm – capable of generating new domains on demand, in this or any other format.

Domain generation algorithms are a tool most commonly recognized as a delivery mechanism for malware attacks. Since there’s always a risk that an attack will fail if the target of an attack manages to identify and then block the attackers, the ability to generate hundreds or thousands of new domains provides the attackers with significant mobility.

In a IPTV-blocking scenario, any capability to mitigate blocking is obviously a major plus for those being blocked.

We ran queries on the domains through a specialist service which identified them as likely generated but reported no malicious activity, at least in respect of security matters such as malware attacks.

Purpose of the Domains

Investigating these domains is possible to an extent but, since almost all operate from behind Cloudflare in this case, direct methods produce limited and disproportionately time-consuming results. For anti-piracy professionals with resources, technology, and funding on tap, all things are possible with creativity and determination.

We were able to independently link some domains to a Middle East hosting provider that has been repeatedly criticized by the Premier League and other rightsholders. In this case, an IP address first led to a company in London, which like its predecessor seems unlikely to last more than a year before reappearing under a new name.

Who’s Winning the War?

The truthful answer is we simply don’t know, but there are a few things worth noting regardless. Sky seems up for the challenge and although it’s impossible to say if this is having the expected effect, or even having any effect at all, the volume shows determination from Sky and something sadly lacking by other parties in more recent months: accuracy.

When blocking at this scale, errors seem almost inevitable. Yet, despite subjecting every domain to at least one type of check, we saw no evidence of any blunders 4,500 domains/subdomains later.

For scale, the image below contains just half of the domains blocked by Sky under the current injunction; double the number in the available space appears as an almost solid black square. By adding the colors, the vertical banding of similar domains is easily visible.

Finally, after feeding all 4,500+ domains/subdomains to ChatGPT, we asked for a prediction on what series of domains is likely to be generated next, based on existing patterns. A convincing but yet-to-be-proven answer was supplied in about three seconds.

Whether it calculated the answer or already ‘knew’ is unknown. After receiving the domains as input, we asked ChatGPT what these domains could be used for. It responded with three options one of which went as follows: Can I use these DNS servers to bypass restrictions?

Answer: I cannot assist with that.

From: TF , for the latest news on copyright battles, piracy and more.

As Russia tightens its grip on encrypted communications and tools with the ability to bypass government censorship, it was recently confirmed that 167 VPN services are actively blocked after failing to comply with state requirements.

With that total expected to grow in the months ahead, a leaked document originating from Russia’s Ministry of Transport reveals details of what telecoms watchdog Roscomnadzor has planned for the near-term.

Threat to the “stability, security and integrity” of Russian Telecoms

The document , dated November 10, 2023, was sent by the Ministry of Transport to organizations in the transport sector. After an unofficial appearance on the ‘ZaTelecom’ Telegram channel, local news outlet Kommersant sought comment from both the Ministry and Roscomnadzor. Neither responded.

The first page of the letter (original/left and Yandex OCR-translated/right), seeks input from organizations currently using any of the VPN services or protocols listed on the second page.

The text strongly implies that the services and protocols listed are viewed as potential threats to the “stability, security and integrity” of Russian internet/information systems and telecommunications in general.

A more pragmatic reading might conclude that the services and protocols present zero technical threat, but do limit the government’s ability to control the narrative. That narrative includes claims that encrypted communications represent a threat to the stability of the internet, which of course they do not.

Dozens of VPNs, Famous Protocol

The letter’s second page is a 49-item list containing the names of well-known and lesser known VPN services. In the order they appear, some of the most notable inclusions are Private Internet Access (PIA), Ivacy Private VPN, PrivadoVPN, and PureVPN.

When a VPN appears on list like this it usually indicates a refusal to cooperate with Russian authorities, such as granting permission to inspect user data, communications or whatever else is on the government’s mind at any given time.

In that sense an appearance might not be as damaging to a VPN’s image as some might expect, quite the opposite in fact. That being said, item 49 on the list above shows that Russia intends to crack down on Shadowsocks, a protocol that in itself cannot be forced or coerced into compliance.

Shadowsocks

Shadowsocks is an open source encryption protocol created over a decade ago by a Chinese developer known as “clowwindy” and is perhaps best known for its anti-Great Firewall capabilities.

On a basic level, Shadowsocks clients offer a way to connect to SOCKS5 proxies securely using an encrypted tunnel. As standard it isn’t a VPN and more importantly doesn’t look like one to those hoping to shut VPNs down. People behind these projects are more easily identified, however.

Developers like clowwindy can find themselves under extreme pressure to behave in a particular way. The original Shadowsocks repo on GitHub reveals that even the most robust protocols can be ‘Removed according to regulations’.

Fortunately, the Shadowsocks genie is never going back in the bottle; perhaps Russia forgot to ask China about that one, or simply believes it can do better. The theory is that Russia plans to draw up a whitelist of organizations that use the services above in a government approved way, so they don’t find themselves inadvertently blocked. That may suggest the government has something aggressive in mind or perhaps faces limitations when it comes to pinpoint blocking.

From: TF , for the latest news on copyright battles, piracy and more.

Late March 2023, Russia augmented its long-burning VPN crackdown with a series of PSAs claiming that using a VPN for security is actually much worse than not using a VPN at all.

One of the ads warned that VPNs somehow obtain users’ passport details, plus their names, addresses, and dates of birth. Another suggested that since VPNs in Russia know everything about their users, spouses might learn about secret affairs, a high price for accessing a social network blocked in Russia, the PSA added.

Just a few months later, those fairly light-hearted ads can be seen in a whole new light.

During the summer, President Putin signed off on legal amendments that will require some internet platforms, including social networks, to verify new users’ identities, in some cases using their passports. Providing advice on the use of VPNs or similar tools to access banned internet resources, including ‘extremist’ Western social media platforms like Facebook and Instagram, was rendered a criminal offense.

Russia Tightens the Screws on VPNs

Russia’s ongoing VPN crackdown appears to be going in one direction; the end of any VPN service that refuses to play ball, consequences for those who dare to discuss them, and potentially anyone who knowingly uses them. The latter may take some time to emerge but in the meantime, Russia is attempting to remove as many as possible from the market.

According to Interfax , during a presentation to the ‘Spectrum-2023’ forum in Sochi last week, the head of the ‘Center for Monitoring and Control of the Public Communications Network’ ( TsMU SSOP ) revealed the extent of the Kremlin’s VPN crackdown.

Sergei Khutortsev, a former FSO officer and now a central figure in Russia’s ‘sovereign internet’ project, confirmed that 167 VPN services are now actively blocked after failing to comply with government requirements. Also subject to blocking are more than 200 email services.

Formed in 2019, TsMU SSOP is the department responsible for identifying threats to the “stability, security, and integrity” of the internet as it relates to Russia. TsMU SSOP controls compliance on routing to “minimize the transfer of data from Russian users abroad” while ensuring centralized traffic management in the event of a threat.

TsMU SSOP also plays a key role in internet blocking and censorship; it has the authority “to use technical means on communication networks” to determine the source of transmitted traffic, and then “limit access to resources carrying prohibited information” by blocking IP addresses and, more broadly, specific types of internet traffic.

VPN Blocking By IP Address and Protocol

In addition to driving out non-compliant VPN providers and using regular means to block domains and IP addresses, Russia has been developing its ability to block specific traffic protocols. For years there have been reports of sporadic interference but starting April 2023, reports began to emerge of popular VPN protocols OpenVPN and WireGuard being blocked by some ISPs.

After the interference suddenly stopped, the same protocols were blocked again in June and then again in late August. After a hiatus of a few weeks, protocol blocking resumed with force late last month.

An in-depth report published by TheIns.ru has details of the monitoring/blocking system reportedly deployed in Russia, how much it costs (4.3 billion rubles/$43 million in 2020, 24.7 billion rubles/$247 million for 2022-2024), and the names of the companies supplying the components.

• EcoFilter (a trademark owned by RDP.Ru, a subsidiary of Rostelecom) – DPI equipment. The complex includes the EcoDPIOS-DU software package developed in-house by the company and Yadro’s Vegman N110 servers. The hardware is produced by Yadro, a Skolkovo company that became part of Cherepennikov’s “IKS Holding” shortly before the adoption of the law on the “sovereign internet.”

• FusionServer 1288H servers manufactured by Huawei.

• Cross-connect equipment to connect to various telecommunication operators’ networks. A crucial part of it includes bypasses produced by Israeli company Silicom Ltd, which it directly supplies to DTsOA. Switches are supplied by the Novosibirsk-based company Elteks.

• Kontinent – remote management equipment, manufactured by a Russian company “Kod Bezopasnosti”. It utilizes software developed by “Positive Technologies”, a sanctioned Russian company.

The publication also obtained original documents that apparently show some of the protocols Russia initially intended to block. They include older VPN protocols IPSec, L2TP, and PPTP, plus the BitTorrent protocol still widely used today.

The full report on the system, which reveals the use of Intel chips/chipsets in 965 servers manufactured by Huawei and already purchased by Russia, plus another 2400+ servers for 2023/24, is available here .

From: TF , for the latest news on copyright battles, piracy and more.

Authorities and rightsholders in Brazil appear determined to disrupt, restrict, or completely deny access to the illegal TV market enjoyed by millions of local citizens.

From taking on pirate IPTV services to the outlawing of non-certified set-top boxes, to blocking illegal streaming websites and the removal of pirate apps, no target is off limits. One of the agencies at the forefront of this anti-piracy activity is the National Telecommunications Agency, better known as Anatel.

Earlier his year, Anatel and Brazil’s National Film Agency (Ancine) announced a new anti-piracy partnership. In addition to mass seizures of non-certified Android-type devices, Anatel said that blocking would continue to play a key role in the fight against seven million pirate set-top devices (local term ‘TV Box’) said to be active in the country.

New Anti-Piracy Lab Unveiled

Early September saw the official unveiling of Anatel’s brand new Anti-Piracy Laboratory in Brasília. Capable of conducting technical analysis of equipment and the methods used to distribute pirated content, the lab boasts 12 large screens for monitoring purposes, six workstations for in-house use, and remote access for workers elsewhere.

During the inauguration ceremony last month, Anatel revealed that 29 operations had resulted in the seizure of 1.4 million uncertified devices. The telecoms agency added that 1,400 IP addresses that “enabled the operation of pirate TV Boxes” were subjected to blocking.

Anatel Claims Massive Progress

According to an Anatel announcement last Thursday (October 26), over 3,000 servers enabling millions of pirate ‘TV Boxes’ have been blocked in Brazil since the start of 2023. That’s more than double the figure Anatel reported last month, but an even bigger surprise came via reports of an Anatel operation carried out on Thursday.

Based on data supplied by the agency, local media reports ( 1 , 2 , 3 ) stated that Anatel had somehow managed to either block 80% of all TV boxes currently active in Brazil, or had blocked servers supplying 80% of TV boxes.

Whatever the approach, if Anatel had somehow managed to prevent 80% of all TV boxes receiving pirated content in the space of a year, that would be an extraordinary achievement. Even a week would be astonishing but the claim of millions in a day seems either incredible, non-credible, or entirely dependent on more important information or nuance that isn’t being reported.

Another angle is that disruption on a large scale tends to register in search results and Google data on various related search terms doesn’t seem to reflect millions of TV boxes suddenly going dark in Brazil last week. At least, not for any significant length of time.

Google & Cisco Are “Obstacles” in Fight Against Piracy

On the first day of the PAYTV Forum in São Paulo early August, Anatel’s Moisés Moreira strongly suggested that in order for blocking to be more effective, ‘tech giants’ (including one starting with ‘G’) should assist in the fight against piracy.

“I have already determined a period of one week for them to manifest themselves and if that does not happen, we will escalate the enforcement, even judicialization by the agency,” Moreira said.

A media report dated September 22 described both Google and Cisco as thorns in Anatel’s side and accused them of turning a blind eye to piracy. It was alleged that when the companies receive blocking requests from rightsholders, the companies ignore them.

While both companies declined to comment, it’s still unclear what they’re being asked to do. On the one hand the dispute appears to focus on the companies’ public DNS services, the use of which enables users to circumvent local DNS blockades when domains are subjected to blocking. On the other, Anatel’s Moisés Moreira also spoke about the importance of blocking IP addresses.

That leads back to Anatel’s apparent ability to block 3,000 servers thus far in 2023, the claimed blocking of 80% of all TV boxes last week (and what that really amounted to in practical terms), and whether Anatel is now receiving help, and if so, from whom.

Certainly not the clearest of pictures, unlike those of the new lab, which are pretty impressive.

From: TF , for the latest news on copyright battles, piracy and more.

When Italy passed new law on July 14, many believed that when the new Serie A football season began on August 8, IPTV pirates would draw their last breaths as legal football platforms burst back to life.

In the event, none of these things happened. For various reasons, Italy’s new blocking system wasn’t ready and was never likely to have been. Initial technical meetings on security matters, even blocking itself, still hadn’t taken place.

A meeting eventually went ahead on September 7; telecoms regulator AGCOM turned up, as did the government’s cybersecurity experts. Also in attendance, anti-piracy groups FAPAV and SIAE, representatives from the football league, plus Amazon and Google.

Those who didn’t take part included cloud providers, satellite broadcasters, and VPN companies. According to DDay.it, AGCOM told the meeting that more companies need to participate in the project and everyone needed to “hurry because there is a deadline to meet.”

With the new season now five weeks old, the new deadline remains unclear. As recently as late August, insiders said that the system would be up and running late September or early October. That isn’t going to happen, but there will be another technical meeting in October to talk about what should happen when it eventually does.

Piracy Shield: It Does What It Says

One thing running to schedule is the system’s name. Telecoms regulator AGCOM has opted for the self-explanatory brand ‘Piracy Shield’ accompanied by a shield-shaped fingerprint logo with Piracy Shield written on the front. A splash of pink perfectly matching the theme on TorrentFreak rounds things off nicely.

Interestingly, Italian tech news site DDAY managed to obtain some screenshots of Piracy Shield. Whether they depict the software in action isn’t clear but from a presentation perspective they are pretty basic, to say the least.

Information on how the system will operate also falls short of expectations, at least when compared to the media hype of the last few weeks and the inherently technical nature of sophisticated pirate IPTV operations.

“The platform will be automatic, and is a sort of Content Management System that manages tickets. Nothing sophisticated or complex,” DDAY reports.

“Rightsholders will have access to the dashboard via an account and will be able to create a new ticket where they enter a name, the IPs or domain names to block, and the digital proof, then a screenshot.”

Get it Right in 60 Seconds

The report suggests that once a ticket has been created, there will be just 60 seconds to cancel it. Once that time has expired, the blocking request will be sent to AGCOM where an unspecified automated system will first check to ensure that all fields have been populated as required.

While it would make more sense to fix deficiencies before they’re submitted to AGCOM, DDAY reports that AGCOM will not check any blocking requests before it validates them.

Once validated, AGCOM will instruct all kinds of online service providers to implement blocking. Consumer ISPs, DNS providers, cloud providers and hosting companies must take blocking action within 30 minutes, while companies such as Google must block or remove content from their search indexes.

Automation and APIs

Given that an entirely manual system would be hilariously inadequate, Piracy Shield will be accessible through APIs. These will allow rightsholders to automatically create tickets which, according to DDAY, will trigger an automatic block with no human intervention whatsoever.

Whether there are provisions for quickly correcting errors or taking action in the event of inadvertent overblocking is unclear. DDAY reports that during the meeting on September 7, someone asked who is responsible for the blocking ‘whitelist’ containing domains or IP addresses that should never be blocked because they’re crucial for the functioning of the internet.

“[At] the moment there appears to be no plans in this sense,” DDAY reports.

Similar concerns noted that while IP address and domain blocking will be executed immediately, subsequent unblocking for even legitimate reasons will be subjected to an extended manual process.

Don’t Worry About Security…..

When an unnamed person asked if it was possible to see Piracy Shield’s source code, the question was reportedly “glossed over” with assurances that other people will carry out penetration tests. That the source won’t be made available is standard practice for anti-piracy companies; they have a product and ‘trade secrets’ to guard.

That raises the question of who developed Piracy Shield. Media reports last month indicated that Serie A bought it and then gave it to AGCOM as a gift. We couldn’t find any mention of the developer, so we turned to the screenshots published by DDAY for any potential clues, preferably something unique.

Impossible to find using regular reverse image search engines, it appears the Piracy Shield ‘fingerprint’ logo doubles as a favicon. Chinese ‘internet-of-things’ search engine FOFA indexes favicons and from there it was trivial to see where Piracy Shield had a web presence recently.

SP Tech appears to be a reference to SP Tech S.R.L , a brand protection, content monitoring, anti-piracy startup that has strong rightsholder connections in Italy and whose name appears in numerous industry piracy reports.

FOFA helpfully links an SP Tech website to AGCOM thanks to this code snippet, which also mentions Piracy Shield to round things off.

From: TF , for the latest news on copyright battles, piracy and more.

Over the past few weeks, football organizations and broadcasters around Europe have been obtaining and/or renewing permission to block access to unlicensed online streams.

The Premier League obtained an injunction extension late July, and was closely followed by pay-TV broadcaster Sky which had specific IPTV providers in mind for its blocking measures. The Union of European Football Associations (UEFA) also obtained a High Court blocking injunction last month, after obtaining similar permission in previous years.

The details of these orders, and others obtained by broadcasters elsewhere in Europe, are not made public, but their purpose is well known. The aim is to prevent (or at least disrupt) access to servers that are connected to the supply of infringing streams. In many cases these servers are either operated by IPTV providers themselves or affiliated third-parties. Beyond that, their functions and locations are rarely mentioned in public.

Inside a Live UEFA-linked Blocking Order

Given the international nature of UEFA competitions including the Champions League and Europa League, blocking orders are obtained via approved systems in various EU Member States. That may involve a court appearance or a presentation of facts to an administrative body with the authority to approve ISP blocking measures.

A blocking order authorized through one of these processes was recently made available to TorrentFreak. It describes the need for blocking measures in some detail along with a list of IP addresses to be blocked by internet service providers in an EU Member State, to protect local broadcasters licensed to air UEFA tournaments.

The order adds to mounting evidence that while rightsholders can certainly monitor IP addresses used during a match, the IP addresses they initially intend to block are known well in advance. This means the IP addresses will be immediately blocked by ISPs when games begin, regardless of whether they actually stream a particular match or event.

The ‘Pirate’ IP Addresses

Tests on a selection of the IP addresses listed for blocking didn’t always produce the same results across various IP geolocation services. However, when there were large geographical differences of opinion, ping timing mostly settled the dispute. The image below indicates the supposed locations of the IP addresses/servers listed in the order ( ipinfo.info data) and shows that many are ostensibly located within Europe itself.

Based on the locations returned for the IP addresses in the order, around 30% are linked to hosts/service providers in the Netherlands, 14% linked to hosts in Germany, 10% in Bulgaria, with Sweden and Ukraine accounting for around 7% each.

Outliers include an IP address supposedly linked to a server hosted in Azerbaijan (Asia), or potentially Sweden, depending on opinion, plus IP addresses linked to Jordan but geolocated in Europe. Other IP addresses apparently do link to servers in Iran (Middle East) while others linked to Hong Kong (Asia) are both disputed and undisputed, depending on the location service used.

Multiple listings for the same ISP/IP range are excluded from the table below, while we excluded another allegedly-infringing IP address for wasting the time of the ISPs ordered to block it. As explained here , IP addresses in the range 172.19.X.X are reserved for local use, so including them in a blocking order won’t help to reduce piracy.

The fact that the IP address was submitted to the authorities and then somehow passed their scrutiny suggests that appropriate checks aren’t being carried out. How many more of these errors exist is unknown because the system operates that way by design.

The inclusion of any service provider in the list below is solely due to their link with the IP addresses submitted for blocking and not an indication of wrongdoing. Rightsholders are responsible for making ISPs aware of allegedly infringing activity and ISPs have no duty to proactively monitor customers

#1"> IP Addr	#3"> Region	#4"> Country	#8"> City/Town	#13"> ISP/Operator
45.xx.x.x	Asia	Azerbaijan (Disputed/.SE)	Qaraçuxur	TVNET Solution
45.xx.x.x	Europe	UK	London	TCK OOO
45.xx.x.x	Europe	Netherlands (Disputed/.DE)	Amsterdam (Ping suggests .NL not .DE)	Ipxo** (See note below)
46.xx.x.x	Europe	UK/Ukraine	London/Mariupol	Ipxo**
169.xx.x.x	Europe	Germany	Frankfurt	Datacamp
193.xx.x.x	Europe	Poland	Gdansk	HITME.PL
193.xx.x.x	Europe	Sweden*** (Disputed/.NL)	Stockholm (Ping suggests .SE, not .NL)	TVNET Solution
141.xx.x.x	Europe	France	Gravelines	OVH SAS
37.xx.x.x	Europe	Bulgaria	Sofia (Multiple IPs)	Host9x Web
141.xx.x.x	Europe	Germany	Limburg	OVH SAS
194.xx.x.x	Asia	Hong Kong	Cent/West	369 IntoNet
45.xx.x.x	Europe	Netherlands (Disputed/UK)	Amsterdam (Ping suggests .NL not .UK)	IT Web
103.xx.x.x	Europe	Germany	Frankfurt	UK2/GZ Remittance
95.xx.x.x	Europe	UK	Maidenhead	Iomart Hosting
143.xx.x.x	Europe	Netherlands	Amsterdam	Datacamp
62.xx.x.x	Europe	Netherlands	Naaldwijk	WorldStream
149.xx.x.x	Europe	Netherlands (Disputed/.MX)	Amsterdam (Ping suggests .NL not .MX)	Cogent Comms.
45.xx.x.x	Europe	Netherlands (Disputed)	Amsterdam/Ukraine (Tests inconclusive)	Sollutium EU
95.xx.x.x	Europe	UK	Maidenhead	Iomart Hosting
89.xx.x.x	Europe	Germany	Frankfurt	Datacamp
82.xx.x.x	Europe	Netherlands	Amsterdam	Parsun Network
176.xx.x.x	M/East	Jordan (Disputed)	Amman	Ipxo**
193.xx.x.x	M/East	Iran	Tehran	IR Research Org
185.xx.x.x	NAM	U.S. (Disputed/.UA)	New York	Virtual Systems* (See below)
149.xx.x.x	NAM	U.S.	Los Angeles	LogicWeb

* The entry 185.xxx. geolocates to the U.S. There are claims its true location is Kyiv, Ukraine.
**IPXO is a marketplace for IP addresses ( see here ) IP address geolocation data may indicate two locations; e.g the entry above beginning 46.XXX locates to both Mariupol, Ukraine, and also the UK (AS49999)
*** The entry 193.xxx. geolocates to the Netherlands. Sweden seems more likely based on ping data

While records exist to link IP addresses to the companies/entities with ultimate control, mapping IP addresses to physical locations is an inexact science. Even companies operating in the ‘IP to location’ market supply data with caveats, so the same also applies to the information listed above.

There are disputes over the true locations of many IP addresses in the list, and it’s likely that at least some of that confusion exists for that very purpose. In respect of blocking an IP address, none of it really matters in the end, but bouncing between the UK, U.S, and Ukraine can make a traceroute look pretty.

Basic tests on these and related IP addresses reveal that around a third most likely act as reverse proxies (ports 80, 443, 8081) while others suggest the presence of software linked to encoders, playlists and other related tools.

Full IP addresses were used in our tests but are limited here to the first octet.

From: TF , for the latest news on copyright battles, piracy and more.

For more than a decade, Sky has found its ISP division named as a respondent in injunction applications filed at the High Court in London.

With the aim of reducing availability of pirated content, U.S. movie studios, recording labels, publishers, and more recently gaming company Nintendo, have named Sky and rival ISPs including Virgin Media, BT, TalkTalk, Plusnet and EE, as facilitators of their customers’ piracy habits.

The adversarial nature of such applications has long given way to a process that establishes ongoing infringement, formalizes the ISPs’ knowledge of that infringement, and then considers them ‘innocent infringers’ required to prevent infringement using various blocking measures.

Those who obtain the blockades insist they’re effective, hence the dozens of requests and thousands of online locations blocked over the last 13+ years.

Sky as Both Applicant and Respondent

As a content producer and owner in its own right, Sky is an enthusiastic supporter of ISP blocking. When the MPA obtained a High Court injunction to block cyberlocker platform Mixdrop in early 2022, Sky joined the MPA as an injunction applicant, with Sky’s ISP division one of several ISP respondents, some of them content distributors in their own right.

In an article published Sunday, the Financial Times reported that Sky obtained another High Court blocking injunction last week, to protect its own broadcasts. The injunction reportedly has two aims, the first being to compel ISPs (including the one it operates) to block piracy services streaming its “best selling football games” to the UK public at a cut-down price.

The specifics of blocking programs are a tightly guarded secret; the Premier League and most major ISPs previously convinced the High Court that any disclosure could help to facilitate infringement of the Premier League’s rights, and/or help pirates circumvent High Court orders. With that established, it’s no surprise that the report doesn’t elaborate on what Sky will be able to block after winning the injunction last week.

That being said, the mention of “best selling” football games logically leads to Premier League matches, which are usually subject to blocking injunctions obtained directly by the Premier League itself and renewed each season at the High Court. That raises the interesting prospect of a potential changing of the guard.

Injunction Has a Novel Feature

Whether Sky is preparing to take responsibility for protecting Premier League matches in the form of its own broadcasts is currently unknown, but another aspect of the injunction is perhaps even more interesting. Again, no specifics have been made public and that’s unlikely to change, but it’s being claimed that the injunction will also seek to protect some of Sky’s linear TV channels.

After a “third-party group” identifies the sources of the illegal streams, Sky will be able to “shut down individual pirate sites at certain times” by issuing blocking instructions to the other ISPs named as respondents in the injunction. The Ashes on Sky Sports Cricket and House of the Dragon when airing on Sky Atlantic, are cited as two possible examples.

So What’s the Big Blocking Plan?

While even the most closely guarded secrets tend to leak out eventually, right now the specifics of the injunction are shrouded in mystery beyond the details above. However, by using information available to us right now, it’s possible to formulate a small number of potential theories, with one standing out as the most logical.

As previously reported , Sky (the ISP division) previously provided the Premier League with considerable inside information relating to the servers its customers consumed most bandwidth from at specified times, knowing that there was a good chance these were servers offering ‘pirate’ streams.

For obvious reasons, this raised eyebrows in respect of privacy, but documents discussing the program, seen by TF, indicate the mechanism is viewed in a particular way. Sky shouldn’t be considered as monitoring customers’ IP addresses, what they consume or from where. The focus should be placed at the other end instead; the IP addresses operated by pirate services and the volume of content they send to Sky’s internet customers.

Bringing More Blocking In-House Could Make Sense

With that subtle but legally significant difference in mind it’s not difficult to see how that situation might improve, should Sky itself become the holder of an injunction to protect its own content. Using technical information from its own ISP, to protect its own content, not just that of a third party like the Premier League, could be considered entirely normal.

We don’t know if that’s the case here, or if Sky still shares this type of information externally. But if it did, it would make sense to bring everything in-house and make better use of the monitoring already carried out to facilitate Premier League match blocking. That intelligence could then be used to protect scheduled TV content that Sky also owns, at the same time, at minimal cost.

It’s important to note that blocking Premier League content requires perpetual monitoring of many pirate IPTV services, even when matches aren’t being played. Widening the range of content to be blocked using information already being collected in that process would be a more effective use of resources.

Furthermore, IPTV blocking doesn’t mean blocking just a channel or two, it means blocking entire pirate services, so it’s not hard to see how blocking on match days a few days apart could be interspersed with blocking TV shows. Timed nicely, that could effectively mean the blocking of all known pirate services, perpetually. If presented as such in an application, that could lead to the court having reservations; as a welcome side-effect, it doesn’t get much better than that.

Whatever the plan, a scenario like that must be the end game, not just for Sky, but for all companies involved in TV content production and distribution. Aiming for anything less would mean pirate streams remaining viable and the overarching plan leaves no room for that.

From: TF , for the latest news on copyright battles, piracy and more.

Three-ish plus decades ago, telecoms companies were best known for installing analog telephones in people’s homes and sending paper bills through the mail to be paid by check.

Many later branched out into the lucrative mobile phone market, but as operators of wired telephone networks, major phone companies all over the world would soon become the gatekeepers of a brave new world – the internet. While that was exciting for a while, with little opportunity for added value, selling a commodity product like bandwidth can be a race to the bottom.

By providing bandwidth and profiting from the content that consumes lots of it, telecom companies today are able to add value to their base products and generate much more profit. In 2024, telephone company Compañía Telefónica Nacional de España will celebrate its 100th birthday. Under its modern-day branding, Telefónica is a telecoms and media empire with assets worth around $110 billion, significant interests in the pay-TV market, and lots of valuable content to protect from pirates.

Telefónica and NAGRA Boost Partnership

Anti-piracy company NAGRA has also undergone a transformation. From the 1950s onwards, NAGRA produced high-end portable tape-recording devices but is better known for the video scrambling system Nagravision, which aimed to prevent unauthorized reception of pay-TV signals and any subsequent recording. In that sense, NAGRA hasn’t changed its core market but thanks to the internet, content protection now faces significant challenges from increasingly sophisticated pirates.

This week Telefónica and NAGRA announced an expansion of their existing relationship as the former works to counter the threat from pirate IPTV services. As it expands its anti-piracy operations in Latin America, Telefónica said its fraud prevention team sought access to advanced anti-piracy technologies and case file histories. While Telefónica has its own intelligence sources, a solution offered by NAGRA proved attractive.

Pirate IPTV: Identify and Disrupt

A statement from Telefónica says that NAGRA’s product provides “innovative ways to identify, monitor and display pirate activity.” The system is supported by AI-powered analytics which will alert Telefónica to “illicit patterns of activity.”

Madrid-based Delia Álvarez, manager of Global Fraud Prevention at Telefónica, says the relationship with NAGRA will provide vital intelligence as it seeks to identify and disrupt global piracy networks.

“Content piracy is a major concern with a direct impact on our performance. To increase our effectiveness in this ongoing battle, we chose to expand our existing relationship with NAGRA,” Álvarez says.

“They have a proven, global capacity to identify and remediate pirate activity. Their threat intelligence provides further value to our Fraud Prevention teams as they seek to identify and disrupt large-scale piracy networks.”

NAGRA’s Active Streaming Protection framework ( pdf ) is already deployed at Telefónica and will supplement other content protection mechanisms such as watermarking.

“We are proud to extend our partnership with Telefónica to now include more anti-piracy services.” said Pascal Metral, VP Anti-Piracy Intelligence, Investigation & Litigation, NAGRA. “Helping our customers tackle one of the biggest threats to both their revenues and their significant investments in content is our core focus and we look forward to our services unseating pirates across the Telefónica ecosystem.”

Telefónica Developers

Those with an interest in software development will find Telefónica’s official source code platform on GitHub with an impressive 261 repositories to trawl for interesting gems.

These include GoSwiftyM3U8 , a framework for parsing and handling .m3u8 playlist files that also happen to be popular among IPTV pirates. There are many reasons why the company might be interested in App Logger for Android but seemingly fewer uses for its fork of CLA-Videodownloader , a web/REST interface for downloading YouTube videos onto a server.

Telefónica’s developers are also the creators of HomePwn , billed as a Swiss Army Knife for Pentesting of IoT Devices. VpnHood , meanwhile, is an “undetectable VPN for ordinary users and experts” that’s able to bypass firewalls and circumvent Deep Packet Inspection.

Finally, a big thanks to the ElevenPaths team at Telefonica Tech for FOCA (Fingerprinting Organizations with Collected Archives), a tool that regularly makes document metadata a more interesting read than the documents themselves.

From: TF , for the latest news on copyright battles, piracy and more.