• chevron_right

      Banish OEM self-signed certs forever and roll your own private LetsEncrypt

      news.movim.eu / ArsTechnica · Friday, 15 March - 10:45 · 1 minute

    Banish OEM self-signed certs forever and roll your own private LetsEncrypt

    Enlarge (credit: Aurich Lawson | Getty Images)

    Previously, on "Weekend Projects for Homelab Admins With Control Issues," we created our own dynamically updating DNS and DHCP setup with bind and dhcpd. We laughed. We cried. We hurled. Bonds were forged, never to be broken. And I hope we all took a little something special away from the journey—namely, a dynamically updating DNS and DHCP setup. Which we're now going to put to use!

    If you're joining us fresh, without having gone through the previous part and wanting to follow this tutorial, howdy! There might be some parts that are more difficult to complete without a local instance of bind (or other authoritative resolver compatible with nsupdate ). We'll talk more about this when we get there, but just know that if you want to pause and go do part one first , you may have an easier time following along.

    The quick version: A LetsEncrypt of our own

    This article will walk through the process of installing step-ca , a standalone certificate authority-in-a-box. We'll then configure step-ca with an ACME provisioner—that's Automatic Certificate Management Environment , the technology that underpins LetsEncrypt and facilitates the automatic provisioning, renewal, and revocation of SSL/TLS certificates.

    Read 118 remaining paragraphs | Comments

    • chevron_right

      BuffStreams OK’d For Blocking in Germany But Unlikely to Lose Any Sleep

      news.movim.eu / TorrentFreak · Thursday, 7 March - 07:56 · 3 minutes

    de-block How can we be sure that site-blocking really works? Because if it didn’t work, I was informed recently, rightsholders wouldn’t keep filing new site-blocking requests at a record-breaking pace, and then return for even more soon after.

    While it’s true that demand for site-blocking measures has never been greater, the sarcastic response above alludes to something that doesn’t really work, or at least doesn’t remain effective for very long. Rising piracy rates, broad content availability, and easily circumvented blocking measures may even support that theory.

    Nevertheless, movie and TV show companies, broadcasters, and sports leagues insist that blocking remains valuable as part of a diverse anti-piracy toolkit.

    The anti-piracy arena has certainly come a long way. Among other reported blocking successes, early studies concluded that when pirate site domains are subjected to blocking, fewer visits are made to those specific domains. While a fairly obvious conclusion to arrive at years ago when that type of metric was first rolled out, today it’s pretty much meaningless and the supply of domains is endless.

    Germany Prepares to Take on BuffStreams

    As a relative newcomer to site-blocking, Germany doesn’t find itself shackled to the past. In the UK, where blocking measures have existed since the start of the last decade, the process is steeped in the traditions of legal scrutiny and judicial oversight. Proponents of site-blocking today prefer something less formal; in Germany, a partnership between copyright holders and ISPs was deemed appropriate.

    The Clearing Body for Copyright on the Internet ( CUII ) operates an administrative program ; sites suitable for blocking are detailed in reports which are sent for the consideration of an Audit Committee consisting of retired judges familiar with copyright.

    For a platform to be blocked by Germany’s ISPs, the committee must conclude that the site is structurally infringing, a standard applied in the UK’s first ever site blocking injunction back in 2011.

    The Audit Committee recently considered a proposal to block BuffStreams, one of the more popular live sports streaming portals boasting millions of visitors each month.

    BuffStreams Infringed the Exclusive Rights of *****

    The Audit Committee’s report notes that the applicant in the blocking matter has legal standing as the “owner of exclusive rights to an ancillary copyright of a broadcasting company.” Since all identifiers have been redacted, including references to the allegedly-infringing TV broadcast, it’s not possible to identify any of the parties involved.

    What is clear is that considerable effort was expended to make contact with BuffStreams but ultimately, nothing paid off.

    Audit Committee comments (translated from German) buffstreams-de1

    “Based on the user figures determined by the internet service *****, 15.03 million users visited BuffStreams in the period from August 1, 2023 to October 31, including around 500,000 visitors from Germany,” the report adds.

    Blocking Approved – One More Stage

    In conclusion, BuffStreams easily met the structurally infringing standard. A 14-day survey period last September found a total of 5,321 links to live broadcasts, reduced to 2,429 when accounting for duplicates. At least 96% of those links were considered unlicensed, leading to the conclusion that BuffStreams is indeed infringing and therefore suitable for blocking ( pdf , German ).

    The case will now be referred to the German government’s Federal Network Agency (BNetzA) to confirm that blocking BuffStreams will not violate net neutrality; things haven’t always gone smoothly . Once that hurdle has been passed, ISPs will receive the green light to tamper with their DNS records so that customers in Germany can’t reach the site. At least, those who don’t understand how DNS servers work.

    DNS Blocking / Backup Domains

    The CUII website references the domain buffstreams.sx but the Audit Committee’s report mentions only the headline brand BuffStreams, with other domains redacted. With at least a couple of dozen domains and other options at its disposal, BuffStreams seems likely to take any blocking attempts in its stride.

    Being listed in an Indian ISP blocking order ( CS(COMM) 470/2022 ) in July/August 2022 didn’t end in disaster, neither did its addition to Italy’s blocklist last September ( 326/23/DDA ). At least one confirmed domain has been on Indonesia’s blocklist for several years, and we’re informed that Portugal has blocks in place too

    Sites listed for blocking in Germany since 2021 include: s.to , canna.to, nsw2u.com, newalbumreleases.net, bs.to, streamkiste.tv, kinox.to, cine.to, serienjunkies.org, taodung.com, israbox, jokerlivestream, serienfans.org, filmfans.org

    Members of CUII include: 1&1 AG (telecoms), German Book Traders’ Association, Federal Music Industry Association (BVMI), German Football League (DFL), Freenet DLS (telecoms), German Games Industry Association, Motion Picture Association (MPA), Sky Deutschland, STM (publishers), Telefónica Germany, Telekom Germany, German Film Producers Association (VDF), and Vodafone Germany.

    From: TF , for the latest news on copyright battles, piracy and more.

    • chevron_right

      Njalla: Hundreds of Suspended .TV Domains Could Soon Return to Life

      news.movim.eu / TorrentFreak · Monday, 26 February - 11:07 · 4 minutes

    happy-pirate The last time over 200 pirate sites went offline at the same time was…..well, probably never. Certainly, so many sites have never gone down and stayed down for four days straight in what still amounts to a relatively tight niche.

    Yet that’s exactly what happened this week , when at least 200 .TV domains were suddenly rendered useless. WHOIS records revealed that the domains had a status of ‘serverHold’ which indicates a domain with no presence in the domain name system.

    Registry >> Registrar >> Domain Owner

    The suspended domains were all registered at Sarek Oy, the Finland-based domain registrar with connections to former Pirate Bay spokesman, Peter Sunde. Those in need of a liberal, privacy-focused domain registrar, with a pedigree supported by thousands of news articles, countless interviews, TV appearances, and a full-blown movie, have fewer reasons than most to shop for domains elsewhere.

    Site operators understand Peter and he understands their requirements, as other projects including Njalla demonstrate. Unfortunately, when everything went dark Tuesday/Wednesday with no sign of recovery by Thursday, lack of information from obvious sources seemed to have no solution.

    When domains are placed on ‘serverHold’ that’s the work of domain registries, not registrars, but domain owners still need to know where they stand.

    Frustrations Build

    One of those people is Jomo, the owner of Jomo.tv, which unlike most of the .TV domains currently suspended, isn’t a pirate site.

    “I use the affected domain for my tech blog and my email address. I have received zero information about what’s going on, and I don’t know if or when this is going to be resolved,” Jomo told TF early on Friday.

    “Njalla does not seem to know anything, the registry did not want to tell me anything and only referred to Sarek without any further info, and Sarek does not respond at all.”

    GoDaddy completed its takeover of registry services for .TV domains late 2022, after previous controller Verisign chose not to bid when .TV last came up for grabs. When attempting to contact GoDaddy for comment earlier this week, TorrentFreak’s first email received an automatic response saying “Message blocked” while a second to a different address informed us that “The recipient’s mailbox is full and can’t accept messages now.”

    While frustrating for us, domain owners like Jomo had serious issues to contend with.

    “It is extremely frustrating to not get any info or updates, in addition to being unable to send or receive any emails, and being unable to log in to several services. By now I’m sure some emails are lost forever as the domain has been unavailable for several days,” Jomo added.

    Problem Acknowledged on Friday

    When no official updates were provided on Thursday, the situation was looking increasingly grim. Then on Friday, Jomo suddenly had luck reaching GoDaddy via TurnOn.tv.

    “They actually replied fairly quickly,” Jomo says, “but only told me to ‘contact your sponsoring registrar, Sarek Oy.'”

    After logging into his Njalla account, a new message appeared: “Some .tv domains have been put on serverHold by the registry and we are in contact with them to resolve the issue.” There was no response to his support ticket filed earlier but at least the issue had been acknowledged.

    Then a few hours later, a ray of light appeared at the end of the tunnel.

    ‘Technical Issue’ Resolved With Registry

    After three days without any useful information, Jomo received a response from Njalla, sometime Friday evening we believe.

    “It is a technical issue. We’ve squared things out with the registry and we’re just waiting for them to lift the serverHold,” a message from Njalla reads.

    “That will happen anywhere between in a few minutes till Monday, but we’re hoping sooner than later of course. We apologize for the troubles it had caused.”

    At the time of writing, Jomo’s domain still hasn’t returned and when we last checked, the same was true for around 200 others. While there’s optimism that all domains will eventually return to service, the episode leaves big questions unanswered.

    The Information Age

    Perhaps the most pressing question from a consumer perspective is the decision by the registry to suspend so many domains in one swoop with zero notice. The fact that so many domains are used by pirate sites does muddy the waters somewhat but as Jomo will confirm, non-pirate sites are affected too.

    When a particular entity takes action to suspend domains, whose responsibility is it to keep customers informed? In this case the action was taken by the registry but when asked to provide information, the registry refused to supply it, referring questions back to the registrar instead.

    Problems Over, or More to Come?

    Then there’s the question of the issue that prompted the suspensions; what was it and is it likely to reoccur? Should domain registrants avoid .TV domains? Without information to the contrary, rightly or wrongly some will draw that conclusion.

    Of course, by offering domains with toughened privacy, Sarek Oy/Njalla find themselves disproportionately involved in legal proceedings where a plaintiff hopes to identify a domain operator but runs into firewall instead.

    A live case in the United States required various domain registrars including GoDaddy, Namecheap and Sarek Oy, to take action against several app stores to prevent apps with ‘Temu’ branding being made available to the public.

    As far as we can see, Namecheap, GoDaddy, and Sarek Oy were ordered to disable the platforms’ domains but to date, only domains registered through Sarek remain both intact and online.

    At least in part, that’s to be expected and to some extent, the service as promised. Also to be expected are complications arising from an accumulation of these types of cases and similar disputes that come with the territory, the supply of which seems endless.

    From: TF , for the latest news on copyright battles, piracy and more.

    • chevron_right

      100s of Pirate Sites Go Dark as .TV Domains Placed on ServerHold

      news.movim.eu / TorrentFreak · Wednesday, 21 February - 02:45 · 2 minutes

    stupidtv-l A few hours ago a TorrentFreak reader linked us to a list of almost 200 domains with several things in common.

    The vast majority have naming conventions that almost certainly point to some type of piracy activity. No shortage of the word ‘streams’ for example, along with other familiar pirate terms such as HD, cine, film, movie, plus the likes of buff, cric and crack.

    Sites with ‘anime’ in their domain names also stand out; they include the popular Animebytes, a platform that above most seemed to be generating significant panic. A gloomy discussion on Reddit spoke of the site having just hours to live, a fate that may have since been suspended but with a root cause that remains unresolved.

    The Sun Doesn’t Shine on .TV

    The sites on the list have other things in common too. All operate from .TV domains that were registered at Finnish registrar Sarek Oy. As things stand, none have any functioning DNS and that means all are completely inaccessible, at least as far as site users are concerned.

    The list can be viewed here and given its size and the platforms on it, it feels safe to conclude that this blackout is currently affecting millions of pirates. It’s probably fraying the nerves of many site operators too, albeit some more than others.

    As far as we know, information and explanations for the unprecedented failure are in short supply, at least those announced directly from Sarek Oy. It’s the middle of the night in Finland, so it may be a few hours before any official announcement arrives.

    Domain Status: serverHold

    After checking a few dozen WHOIS records for domains on the list, all display a domain status of ‘serverHold’. ICANN’s official description notes that the status is set by domain registries to indicate that a domain is not activated in the Domain Name System (DNS).

    Given the way the current problem manifests itself, the explanation is accurate but not especially helpful.

    The bigger question is why hundreds of domains were suddenly placed on serverHold and why did that have to be done so urgently that there was no time to inform the domain owners? That will likely become evident during the next few hours, but we can confirm that sites operating .TV domains with other registrars remain functional.

    That may suggest an issue specific to the registrar. Some type of issue between the registry and registrar seems most likely, but it’s hard to imagine either party simply deciding to render so many domains inoperable, seemingly all at once, without any kind of warning.

    So at least for now, beads of perspiration will have to persist while soaking up the irony. Perhaps more than any other registrar in operation right now, Sarek Oy’s reputation for keeping sites online is extremely well known. That it’s currently at the center of one of the largest blackouts in recent history is unexpected, to say the least.

    From: TF , for the latest news on copyright battles, piracy and more.

    • chevron_right

      Doing DNS and DHCP for your LAN the old way—the way that works

      news.movim.eu / ArsTechnica · Friday, 16 February - 11:30

    All shall tremble before your fully functional forward and reverse lookups!

    Enlarge / All shall tremble before your fully functional forward and reverse lookups! (credit: Aurich Lawson | Getty Images)

    Here's a short summary of the next 7,000-ish words for folks who hate the thing recipe sites do where the authors babble about their personal lives for pages and pages before getting to the cooking: This article is about how to install bind and dhcpd and tie them together into a functional dynamic DNS setup for your LAN so that DHCP clients self-register with DNS, and you always have working forward and reverse DNS lookups. This article is intended to be part one of a two-part series, and in part two, we'll combine our bind DNS instance with an ACME-enabled LAN certificate authority and set up LetsEncrypt-style auto-renewing certificates for LAN services.

    If that sounds like a fun couple of weekend projects, you're in the right place! If you want to fast-forward to where we start installing stuff, skip down a couple of subheds to the tutorial-y bits. Now, excuse me while I babble about my personal life.

    My name is Lee, and I have a problem

    (Hi, Lee.)

    Read 127 remaining paragraphs | Comments

    • chevron_right

      DNS Block: Canal+ Sues Cloudflare, Google & Cisco to Fight Piracy

      news.movim.eu / TorrentFreak · Saturday, 30 December - 15:54 · 3 minutes

    The music industry obtained a pioneering injunction to compel Danish ISPs to implement site-blocking measures back in 2006 .

    The goal was to limit access to unlicensed Russian music download platform AllofMP3, but the action also represented the thin end of a site-blocking wedge still being tapped in today.

    Broadcaster and site-blocking proponent Canal+ believes that when service providers implement technical measures to prevent access to pirate sites, that helps to reduce piracy rates. Unfortunately, online roadblocks reliant on technical tweaks always run up against other technical tweaks designed to circumvent them.

    Protecting Live Sports

    A report from the French news outlet l’Informé outlines a fairly typical framework adopted by rightsholders in Europe. To limit access to pirated live sports streams, this year Canal+ went to court in France arguing that local ISPs should prevent customers from accessing several pirate streaming sites.

    Through Footybite.co, Streamcheck.link, SportBay.sx, TVFutbol.info, and Catchystream.com, internet users were able to watch Premier League and Champions League football, plus matches from the Top 14 rugby union club competition, without paying Canal+, the local rightsholder.

    After the decisions went in favor of Canal+, ISPs including Orange, SFR, OutreMer Télécom, Free, and Bouygues Télécom, were required to implement blocking measures. This meant that when the ISPs’ customers attempted to visit any of the above domains, the ISPs’ respective DNS resolvers provided non-authentic responses, thereby denying customers access to the sites.

    Circumvention and New Legal Action

    The response to ISP blocking by increasingly savvy customers was to change their network settings to replace their ISPs’ DNS servers with those offered by unaffected third-party providers. By switching to DNS servers offered by Cloudflare , Google , and Cisco ( OpenDNS ), the domains functioned as expected. This entirely predictable response is now being countered by another.

    After tapping in the wedge just far enough to obtain the initial blocking orders, Canal+ has now returned to court hoping to resolve the blocking orders’ shortcomings. After failing to achieve voluntary cooperation, l’Informé reports ( paywall ) that Canal+ is now suing Cloudflare, Google, and Cisco at the Paris judicial court, to compel similar DNS blocking measures.

    Legal Basis: Article L333-10

    According to Article L333-10 of the French Sports Code (active Jan 2022), when there are “serious and repeated violations” by an “online public communication service” whose main objective is the unauthorized broadcasting of sporting competitions, rightsholders can go to court to demand “all proportionate measures likely to prevent or put an end to this infringement, against any person likely to contribute to remedying it.”

    Proportionate measures include blocking, deleting or deindexing communication services (in this case pirate streaming sites) when they meet the above criteria.

    The judicial court may order these measures to be implemented “for each of the days appearing in the official calendar of the competition or sporting event, within the limit of a period of twelve months.” In respect of the competitions Canal+ hopes to protect, that means until May 19, 2024, for the Premier League, until June 1, 2024, for the Champions League, and until June 29, 2024, for Top 14.

    How Serious is the Circumvention Situation?

    According to detailed reports published by telecoms regulator Arcom, ISP-only DNS blocking measures have enjoyed massive success in France.

    Published in May 2023, Arcom’s report for 2022 noted that the overall audience for illicit sports broadcasts decreased by 41% between 2021 and 2022, down from 2.8 million internet users on average to 1.6 million.

    On circumvention of blocking measures, in May 2023 Arcom reported that when confronted with a blocked site, almost half of all infringing Internet users (46%) completely abandoned the idea of watching the content.

    Of all infringing users, just 6% attempted to circumvent blocking measures using an alternative DNS, VPN or similar method.

    > france-dns-vpn-blocking

    While circumvention of blocking measures doesn’t seem to be an especially big problem in France right now, Arcom notes that it will remain vigilant moving forward.

    For the sake of curiosity, we searched for signs of blocking in France using data supplied by the Open Observatory of Network Interference ( OONI ). The system appears to detect pirate site blocking in France as an ‘anomaly’ (yellow) rather than confirmed, outright blocking (red).

    The green sections may indicate that a relatively small number of users are managing to access domains well-known for their links to piracy. Whether that volume warrants dragging third-party DNS providers to court is another matter.

    However, it can’t be ruled out that there’s also a strategic element to the Canal+ complaint; another tap of the wedge, more incremental progress, and then ever-expanding DNS blocking in preparation for whatever comes next.

    From: TF , for the latest news on copyright battles, piracy and more.

    • chevron_right

      Piracy Shield: IPTV Blocking Orders Apply to All DNS & VPN Providers

      news.movim.eu / TorrentFreak · Monday, 11 December - 13:41 · 4 minutes

    italy-blocker Italy’s Piracy Shield anti-piracy system reportedly launched last week , albeit in limited fashion.

    Whether the platform had any impact on pirate IPTV providers offering the big game last Friday is unclear but plans supporting a full-on assault are pressing ahead.

    Technical and Operational Requirements

    A new document released by AGCOM describes Piracy Shield as a “single technology platform with automated operation” and elsewhere as a piece of “machine-to-machine platform management software.”

    The document goes into some detail on its operational and technical requirements including its stated purpose: Automated handling of reports from rightsholders for the purpose of ensuring timely and effective protection of rights and, specifically, intervention within thirty minutes of the report in accordance with the manner and procedure regulated therein.

    Various pieces of information reported last week by local news outlet DDAY.it are confirmed with extra detail. In addition to a roundtable meeting on September 7, 2023, attended by the National Cybersecurity Agency, the Guardia di Finanza, the Postal Police, and representatives of the Ministry of Enterprise, discussions were initiated with search engine providers and, more generally, “information society service providers involved in any capacity in website accessibility of illegal services other than ISPs.”

    IPv4 Scarcity and Other Technical Issues

    ISP-side user manuals for Piracy Shield were emailed on October 11 and on November 13, AGCOM’s position on various technical issues raised by anti-piracy groups, rightsholders including Serie A and DAZN, and ISPs, were finally clarified.

    One item mentioned in more detail concerns IPv4 IP addresses. They are often reported as running out and it appears AGCOM intends to block as many as it needs to.

    With reference to two specific issues, pertaining to the alleged and gradual depletion, following the implementation of the blocks, of IPv4 addresses, which constitute a scarce resource, and to the requested refreshments for the costs incurred for the implementations necessary for the operation of the platform, it was clarified that the law does not give the Authority powers in this regard, but that it reserves the right to make a report to the Government in the face of the evidence provided.

    Another issue appears to refer to service provider concerns over the volume of domains and/or IP addresses they could be expected to block during the transitional phase leading up to the “full deployment of the platform’s functionalities.”

    “In this sense, the indications regarding the maximum number of IPs and FQDNs [fully qualified domains] to be blocked in the thirty minutes and the distinction between theoretical SLA [service-level agreement] and actual SLA aimed at taking into account, at this stage, the limitations represented by some ISPs in terms of the maximum number of tickets to be handled in the thirty minutes should be understood,” the document adds.

    All Entities Involved in Accessibility of Pirate Services Must Block

    When lawmakers gave Italy’s new blocking regime the green light during the summer, the text made it clear that blocking instructions would not be limited to regular ISPs. The relevant section (Paragraph 5 Art. 2) for reference below;

    The document issued by AGCOM acts as a clear reminder of the above and specifically highlights that VPN and DNS providers are no exception.

    “[A]ll parties in any capacity involved in the accessibility of illegally disseminated content – and therefore also, by way of example and not limitation – VPN and open DNS service providers, will have to execute the blocks requested by the Authority [AGCOM] including through accreditation to the Piracy Shield platform or otherwise implementing measures that prevent the user from reaching that content,” the notice reads.

    Whether the DNS provider requirement will be affected by Cloudflare’s recent win over Sony in Germany is unclear. The decision was grounded in EU law and Cloudflare has already signaled that it will push back against any future blocking demands .

    How VPN providers will respond is currently unknown. Demands to block access to certain platforms have been handled differently depending on circumstances and geography.

    Some providers previously agreed to limited blocking in the United States as part of settlements in civil actions. When asked to block services in Russia, others simply pulled out. Whether that would prevent their IP addresses from being blocked in Italy seems unlikely.

    Search Engines Included Too, Google Appears to Be Playing Ball

    The relevant section of the new law is in some ways even more broad when it comes to search engines such as Google. Whether they are directly involved in accessibility or not, they’re still required to take action.

    AGCOM suggests that Google understands its obligations and is also prepared to take things further. The company says it will deindex offending platforms from search and also remove their ability to advertise.

    “Since this is a dynamic blocking, the search engine therefore undertakes to perform de-indexing of all websites/telematic addresses that are the subject of subsequent reports that can also be communicated by rights holders accredited to the platform,” AGCOM writes.

    “Google has shared a procedural mode for the communication of the blocking list, and the Company has also committed to the timely removal of all advertisements that do not comply with the company’s policies, having particular regard to those that invest the promotion of pirate sites referring to protected sporting events.”

    From: TF , for the latest news on copyright battles, piracy and more.

    • chevron_right

      DNS Resolver Quad9 Wins Pirate Site Blocking Appeal Against Sony

      news.movim.eu / TorrentFreak · Friday, 8 December - 10:16 · 3 minutes

    quad9 In 2021 , Sony Music obtained an injunction that ordered DNS resolver Quad9 to block a popular pirate site.

    The injunction, issued by the District Court of Hamburg, required the Swiss DNS resolver to block access to a site that links to pirated music.

    The name of the targeted site initially remained a mystery, but we deduced that Canna.to was the target. That site was, not coincidentally, also targeted by a voluntary blocking agreement previously signed by rightsholders and ISPs.

    The music groups presumably targeted the site to prevent people from circumventing the ISP blockades. However, the non-profit Quad9 Foundation was not happy with this far-reaching measure and fiercely opposed the injunction.

    The DNS resolver stressed that it doesn’t condone piracy but believes that enforcing blocking measures through third-party intermediaries, that don’t host any content, is a step too far.

    This initial objection failed; the Regional Court in Hamburg upheld the blocking injunction . However, the case continued at the Higher Regional Court in Dresden where Quad9 managed to turn the case around.

    Quad9 Books Key Victory in Court

    The Higher Regional Court ultimately concludes that DNS resolvers can’t be held liable under German and European law. These services are neutral intermediaries and don’t play a “central role” in the copyright-infringing activities of pirate sites.

    The court stresses that the DNS resolver doesn’t host any pirated content and its users don’t make copyright-infringing content available either. DNS resolvers simply translate a domain name request to an IP-address.

    “[Quad9] does not initiate this transmission, nor does it select the addressee and the content of the information. It plays a less central role than those who have committed the infringement themselves (site operator) or have contributed to it by providing services (hosting provider),” the court writes (translated).

    “The users of [Quad9] do not make infringing content publicly available but at best request it. The defendant does not store this content. It doesn’t transmit such content, but only the domain request of a user and the IP address of the server on which this content may be stored.”

    Since Quad9 doesn’t play a “central role” in the copyright infringing activities it can’t be held liable. As a result, it can’t be ordered by an injunction to block access to the pirate site.

    german verdict

    The public DNS resolver is pleased with the outcome and immediately removed all blocking measures on its system. This means that all domains of CannaPower, also dubbed the “ Queen of Music Warez ”, are available globally once again.

    “Today marks a bright moment in the efforts to keep the internet a neutral and trusted resource for everyone,” Quad9 writes while thanking all supporters of its legal efforts.

    Summary of the outcome (by Quad9’s law firm Rickert.law )
    summary

    This is the second order of this kind in Germany this fall. Previously, the Higher Regional Court of Cologne concluded that Cloudflare doesn’t have to take any measures on its public DNS resolver in response to copyright complaints, as the service operates in a purely passive, automatic, and neutral manner.

    Trouble Ahead in Italy

    The Dresden court stressed that its decision is final, which means the case cannot go to a higher court. This limits Sony’s options to appeal the verdict. However, the trouble for Quad9 isn’t over yet.

    Over in Italy, Sony Music Italy, Universal Music Italy, Warner Music Italy, and the Italian Music Industry Federation, have recently requested similar DNS blocking measures from Quad9.

    The music companies haven’t filed a lawsuit yet but want the DNS provider to ban the domain names of three torrent sites: LimeTorrents, KickassTorrents, and Ilcorsaronero. These three targets were not chosen at random. An Italian court previously ordered Cloudflare’s DNS resolver to block the same domain names.

    Quad9 is determined to fight this blocking request in Italy, but it first wants to make sure that the German case is final. In the meantime, the DNS resolver has complied with the Italian request by blocking the aforementioned torrent sites globally.

    A copy of the order from the Higher Regional Court in Dresden is available here ( German, pdf ) and a machine-translated English copy can be found here (pdf)

    From: TF , for the latest news on copyright battles, piracy and more.

    • chevron_right

      Cloudflare Applauds Court for Rejecting DNS Piracy Blocking Order

      news.movim.eu / TorrentFreak · Tuesday, 5 December - 11:15 · 4 minutes

    cloudflare logo Copyright holders have made serious work of website blocking in recent years, expanding the practice to over forty countries worldwide.

    In Germany, for example, the largest Internet providers agreed to voluntarily block pirate sites as part of a deal they struck with rightsholders.

    These blockades, which are put in place following a thorough vetting process, are generally implemented at DNS level. This is a relatively easy option, as all ISPs have their own DNS resolvers.

    The downside of this simple measure is that it’s easy to bypass. Instead of using the ISPs’ DNS resolvers, subscribers can switch to public alternatives offered by Cloudflare, Google, OpenDNS, or Quad9. This relatively simple change usually renders blocking efforts useless.

    Pirate Site DNS Blocking

    Copyright holders are aware of this weakness. In an attempt to broaden the impact of their anti-piracy efforts, they sued Quad9 , which was required to implement a global pirate site blockade . Meanwhile, Cloudflare also found itself in the crosshairs.

    The German branch of Universal Music previously sued Cloudflare for offering its services to pirate site DDL-Music. The Internet infrastructure company lost this legal battle in the first instance, before the case moved to the Higher Regional Court of Cologne.

    The appeal wasn’t just about Cloudflare terminating services to DDL-Music as a customer but also the implementation of an expanded DNS blockade. Universal demanded that Cloudflare should block the pirate site for all users of its publicly available 1.1.1.1 DNS resolver.

    Last month, the Higher Court concluded that Cloudflare doesn’t have to take any measures on its public DNS resolver in response to copyright complaints, as the service operates in a purely passive, automatic, and neutral manner. As a pass-through service, it is not liable for third-party actions under German and EU law.

    In a blog post , Cloudflare’s Senior Associate General Counsel, Patrick Nemeroff, applauds the verdict. The American company has always argued that public DNS resolvers are neutral services.

    Nemeroff notes that DNS servers are not a good place to try to moderate content on the Internet. This isn’t just disproportionate but also ineffective.

    “That’s a position we’ve long advocated, because blocking through public resolvers is ineffective and disproportionate, and it does not allow for much-needed transparency as to what is blocked and why,” he writes.

    Ineffective

    Cloudflare equates its DNS resolver to a phone book that people historically used to look up someone’s number. In a similar vein, DNS servers link a domain name to an IP-address, allowing people to access a website without having to memorize a string of numbers.

    Blocking a domain by tampering with a DNS resolver doesn’t take down the website. People can still use alternative DNS providers, build their own DNS solution, or simply enter the site’s IP-address manually.

    “[I]t’s not even effective. Traditionally, website operators or hosting providers are ordered to remove infringing or illegal content, which is an effective way to make sure that information is no longer available.

    “A DNS block works only as long as the individual continues to use the resolver, and the content remains available and will become accessible again as soon as they switch to another resolver, or build their own,” Nemeroff adds.

    Disproportionate

    Copyright holders are aware of this, of course, and would counter that doing something is better than nothing at all. At the moment, many ISPs also rely on DNS blockades and that tends to stop at least part of the traffic to pirate sites.

    Cloudflare stresses that public DNS resolvers shouldn’t be compared to ISPs’ DNS servers. The main difference lies in the audience, which is global in Cloudflare’s case. This means that basic DNS blockades would apply globally too.

    “[P]ublic DNS resolvers aren’t the same as DNS resolvers operated by a local ISP. Public DNS resolvers typically operate the same way around the globe. That means that if a public resolver applied the block the way an ISP does, it would apply everywhere.”

    There are technical solutions to apply blockades more locally over DNS, but that would require more data gathering, which limits the privacy of the public at large.

    “Blocking orders directed at public resolvers would require the collection of information about where the requests are coming from in order to limit these negative impacts while demonstrating compliance. That would be bad for personal privacy and bad for the Internet.”

    The Fight Continues

    The verdict of the Higher Regional Court is not entirely positive for Cloudflare, as it further clarified that the company can be held liable for pirate sites that use its CDN services. The case at hand revolves around DDL-Music, which is already defunct, but in future could expand to other Cloudflare customers such as The Pirate Bay.

    In addition, the DNS battle isn’t over either. There are similar legal battles ongoing against other providers such as Quad9 while Cloudflare itself has been targeted in Italy as well.

    “While the Higher Regional Court’s decision represents important progress on the DNS issue, the fight over how best to address online infringement continues,” Cloudflare notes.

    Cloudflare says that it will continue to protest such orders going forward and hopes that the Higher Regional Court’s reasoning on the DNS issue, which is partly grounded in EU law, will help to that end.

    “This decision marks further progress in Cloudflare’s fight to ensure that efforts to address online infringement are compatible with the technical nature of various Internet services, and with important legal and human rights principles around due process, transparency, and proportionality.”

    “We will continue that battle both through public advocacy and, as necessary, through litigation, as one more part of helping build a better Internet,” Nemeroff concludes.

    From: TF , for the latest news on copyright battles, piracy and more.