Read 6 remaining paragraphs | Comments

Plex is a multifunctional media software and service that allows users to easily access all of their entertainment in one place.

The company was founded in 2009 and today boasts more than 25 million users globally, making Plex a serious player in the streaming market.

Plex Pirates

Most people use the service to access streaming content legitimately. On the fringes, however, some users abuse the software to share pirate libraries publicly, a considerable thorn in the side for rightsholders.

Plex is not oblivious to the ‘piracy’ threat. The company is actively working with rightsholders to offer legal entertainment and abuse of its platform only stands in the way. To address this problem, it’s taking countermeasures.

Last summer Plex surprised users by actively blocking media servers hosted at the large German company Hetzner. These were, purportedly, often used to share pirated material and an outright ban would end this unauthorized activity.

Plex Takes Down “Plex-reshare” Repo

This week, Plex took another step to deter potential copyright infringement. The Swiss company, which is headquartered in the U.S., asked GitHub to remove a “ Plex Reshare ” repository, alleging that it may contribute to its piracy problem.

“Plex Reshare” doesn’t host any copyright-infringing material and, as far as we’ve seen, it doesn’t reference any either. Its main purpose is to allow Plex users to make shared Plex directories browsable on the web, which allows people to “reshare” them without being the original owner.

“The reason behind this project is to make available your PLEX shares to other friends unrelated to the person who owns the original library,” Plex Reshare developer Peter explains.

While the repository doesn’t host or link to copyright-infringing material, Plex argues that it can be used to ‘grow’ piracy.

“We have found infringing material in your website which indeed is OTHER ‘Plex Server’. The material that is claimed to be infringing is to be removed or access to which is to be disabled immediately and avoid the growth of piracy,” the takedown notice reads.

The first part of the sentence is somewhat confusing. Plex-reshare is not a Plex server but the company may use “OTHER Plex Server” as an internal classification category. In any case, Plex alleges that the repository can contribute to the growth of piracy on its platform.

Liability for?

Citing the Online Copyright Infringement Liability Limitation Act, Plex urges GitHub to take immediate action, or else it may be held liable. It’s not clear what this liability claim rests on, as there are no actual copyright infringements mentioned in the takedown notice.

Despite the broad nature of this claim, GitHub has indeed taken the repository offline, replacing it with a DMCA takedown reference . This likely wasn’t a straightforward decision as GitHub is known to put developers first with these types of issues.

In this case, it took more than three weeks before GitHub took action, which is much longer than usual. This suggests that GitHub allowed the developer to respond and may have sought legal advice from in-house lawyers, to ensure that the rights of all parties are properly considered.

GitHub doesn’t provide any context on its takedown decision, so it remains guesswork as to what grounds GitHub complied. The end result, however, is the removal of the repository from GitHub.

Plex might not be done yet though. The Plex-reshare code isn’t just available on GitHub, the same project is listed on Docker Hub as well, where it remains available at the time of writing.

From: TF , for the latest news on copyright battles, piracy and more.

Read 6 remaining paragraphs | Comments

Read 4 remaining paragraphs | Comments

Read 6 remaining paragraphs | Comments

One of the most frustrating aspects of DMCA notices outside the usual complaints aired by rightsholders, is their ability to trigger policies that assume notices are accurate and in some cases, should be blindly obeyed.

Certainly, if the sender of a bogus notice puts in enough effort, the end result can be the removal of whatever material appears in the notice, even when sent to the largest platforms most familiar with fraudulent claims.

In March 2022, someone began sending DMCA notices to YouTube, claiming that the content listed in the notices infringed the rights of videogame developer Bungie. YouTube removed the videos, some of which belonged to high-profile Destiny content creators. Other notices targeted Bungie’s own channels, yet fingers of blame soon pointed toward the company itself, compelling Bungie to defend its reputation and clean up the mess.

Impressive Investigation, Culprit Found

During the early days of its investigation, Bungie revealed that the notices sent to YouTube came from a fraudulent Google account; the username was crafted to give the appearance it was sent by a Bungie anti-piracy partner. Bungie also filed a full-blown lawsuit in the United States which is currently in its third year.

The lawsuit alleged that the bogus copyright complaints not only disrupted Bungie’s gaming community, it caused “nearly incalculable damage” to Bungie itself. The language deployed in the complaint was unusually aggressive , noting that one of its key aims was to “demonstrate to anyone else stupid enough to volunteer as a Defendant by targeting Bungie’s community for similar attack that they will be met by legal process.”

In June 2022, Bungie filed an amended complaint which demanded $7.65m in damages against a YouTuber called Lord Nazo, aka Nicholas Minor.

Not only had Bungie’s investigation tracked down the culprit, the details were laid out in unusual detail in the amended complaint. Bungie methodically followed the online trails, capitalized on the YouTuber’s mistakes, and then identified, located and named Minor as their defendant.

Among other things, the investigation showed how persistent email addresses, used across multiple sites, one of which was the victim of a data breach, critically undermined any assumption of anonymity. Bungie was ultimately able to match a confirmed email address with a historic content purchase, made through an account that carried Minor’s full name and physical address.

Trigger For the Takedown Campaign

In his deposition, Minor confirmed that the seeds of the campaign were planted when Bungie sent him a takedown notice via YouTube. The video had been hosted on his channel for eight years without issue, so convinced the notice was fraudulent, he sought help from YouTube hoping to get it restored.

When that failed to produce any results, a “confused” and “angry” Minor decided to “raise awareness” of transparency issues in the DMCA takedown process by filing bogus DMCA notices against legitimate videos uploaded by members of Bungie’s online community.

Minor reportedly accepts that he “gravely messed up and fully accept[s] that this is [his] fault” but claims he was “oblivious to the reprehensible damages [he] was causing to the community.”

Summary Judgment

In December 2023, Bungie filed a motion for summary judgment on the DMCA component of its overall claim. Minor did not oppose the motion but did appear in the case as required, including for his deposition and to provide discovery responses.

“The undisputed record before the Court shows that Minor violated the DMCA by knowingly, intentionally, and materially misrepresenting to YouTube that the takedown notifications were authorized by Bungie and that the material itself was infringing,” Senior District Judge Marsha J. Pechman notes in her judgment issued last week.

“Bungie has provided evidence that the materials at issue did not violate its IP Policy, and that the DMCA notices were not properly issued. And, crucially, Minor admits that he had no authority to issue the notices, that he intentionally and knowingly issued the notices, and that he ‘gravely messed up.'”

Referencing Section 512 of the DMCA, Judge Pechman notes that the evidence shows that Minor’s violations were intentional, and that he lacked a subjective, good faith belief that the targeted material was infringing.

“Bungie has also provided evidence that the fraudulent notices harmed its reputation and caused it to devote significant resources to attempt to remediate the harm. The Court therefore GRANTS summary judgment in Bungie’s favor on this claim and GRANTS the Motion,” the judgment adds.

Not Over Yet, Possibly Not For a Long Time

The Court notes that the judgment is partial since it does not resolve the question of damages, costs, and attorneys’ fees Bungie will likely claim in due course. The amount could be significant and at least in public, Bungie has shown few signs of mercy recently.

Then there are the rest of Bungie’s claims in this matter. They include false designation under 15 U.S.C. § 1125(a), copyright infringement under 17 U.S.C. § 501, business defamation, violations of the Washington Consumer Protection Act, and breach of contract.

The order granting partial summary judgment is available here (pdf)

From: TF , for the latest news on copyright battles, piracy and more.

It took less than a week for Nintendo’s lawsuit against the company behind the Yuzu Switch emulator to have the desired effect.

After agreeing to hand over $2.4m to Nintendo while complying with the terms of a broad injunction, Tropic Haze LLC evaporated in all but name and its developers drifted away into the night, apologetic and presumably penniless. At least, that’s what the paperwork and subsequent announcement implied, give or take.

Nintendo: We’re Back

With plenty of time in the interim to clone the Yuzu repo, many people did, purely for old times’ sake. Others still involved with projects related to Switch hacking and emulation had decisions to make, at least based on the theory that things had somehow changed. Some took evasive action, others took steps towards limiting liability, some appeared to do nothing; the usual mixed bag of responses following a big shutdown event.

That Nintendo was not too far away comes as zero surprise. Among the targets this week were over 25 GitHub repos offering Sigpatch-Updater, a tool to update SigPatch files created by developer iTotalJustice. In conjunction with a modded console, SigPatches bypass signature verification when games are downloaded digitally, a red line for Nintendo.

“The necessity of SigPatches to operate pirated copies of Nintendo’s video games is widely discussed in groups dedicated to modifying (hacking) the Nintendo Switch console,” Nintendo’s lengthy DMCA takedown notice reads.

“For example, [redacted by GitHub], a site that instructs users how to modify their Nintendo Switch console, states that ‘Signature patches or SigPatches allow your device to bypass signature checks performed by [private] for installed titles,” Nintendo notes, before adding the following:

Trafficking in circumvention software, such as SigPatches, violates the Digital Millennium Copyright Act of the United States (specifically, 17 U.S.C. §1201) (the “DMCA”), and infringes copyrights owned by Nintendo.

Nintendo Gets Reacquainted With iTotalJustice

Back in the summer of 2022, a previous set of DMCA notices included one that targeted a repo operated by iTotalJustice. Before it was taken down, the repo contained actual SigPatches and Nintendo makes the same allegation here, albeit with additional detail that broadens the scope beyond actual hosting.

“With the iTotalJustice repository reported in this current notice, iTotalJustice is attempting to evade Nintendo’s enforcement efforts by providing SigPatches via a link to a third-party website ([private]), rather than including SigPatches in the repository itself,” Nintendo writes.

“The link is accompanied by the statement ‘The patches are downloaded from a new host. Huge thanks to them!’ Several of the forks reported in this notice also link to the third-party website [private] to provide SigPatches.”

According to Nintendo, a hyperlink posted to a website that links to another website (not even to the SigPatches themselves), which in turn offers the SigPatch files for download, is illegal under the DMCA when the linker demonstrates knowledge and intent.

“Linking to circumvention software is considered ‘trafficking’ in violation of the DMCA where, as here, the party responsible for the link (a) knows that the offending material is on the linked site, (b) knows that the linked material is circumvention technology, and (c) maintains the link for the purpose of disseminating that technology,” the company explains, citing 17 U.S. Code § 1201 .

Takedown Notice Targets Lockpick

A second notice targets a piece of software known as Lockpick. This circumvention tool bypasses Nintendo’s security (Technological Protection Measures, or TPM) on the Switch console, providing access to cryptographic keys, including product keys, which are then decrypted and extracted.

This allows pirated Switch games to be played on modified consoles or if users prefer, on emulators like Yuzu. Nintendo states that Lockpick is illegal under 17 U.S.C. §1201 and those who facilitate access to it, under the conditions previously outlined for SigPatches, similarly traffic in circumvention software, contrary to the DMCA.

These won’t be the last notices of their type from Nintendo and another Yuzu-style lawsuit can’t be ruled out either. In an article published by Ars earlier this week, the developers behind apparent Yuzu successor ‘Suyu’ outlined a few of their lawsuit-avoidance strategies.

After confirming that Suyu is pronounced “sue-you (wink, wink)” the strategy as outlined doesn’t really contain anything that might discourage a fairly litigious Nintendo even slightly. Having read the Contributor License Agreement , it can’t be ruled out that the people behind this have a dark sense of humor.

Nintendo’s notices are available here and here

From: TF , for the latest news on copyright battles, piracy and more.

With over 420 million code repositories, GitHub takes pride in being the largest and most advanced development platform in the world.

As with other platforms that host user-generated content, this massive code library occasionally runs into copyright infringement troubles.

Pirate Devs

In some cases, people use code without obtaining permission from the creators, while others use GitHub to store pirated books or even music. And there are also developers whose projects are seen as pirate tools or apps, which often leads to copyright holder complaints.

A few high-profile takedowns have grabbed headlines over the years, including the RIAA’s takedown of YouTube-DL , which was later reversed.

Other rightsholders were more successful, with GitHub removing a variety of piracy apps last year, including Vancedflix and CloudStream . Following the demise of the original torrent site, hundreds of RARBG magnet link repos were taken down as well.

The RARBG repositories appeared online last May, quickly after the popular torrent site closed its doors . In response, some archivists collected the site’s magnet links and posted them on GitHub. Others copied these repositories to keep the data safe, but most of this effort was nullified by a single takedown request .

20,517 Downed Repos

This week, GitHub updated its latest transparency report with the latest data, revealing the total number of notices received and projects affected. The report shows that the platform processed a little over 2,000 takedown notices in 2023, which affected 20,517 repositories.

Of all notices received, just 35 were contested or retracted, and a total of 65 repositories remained online as a result.

As seen above, most repositories were taken down in March. After looking at the reported notices we couldn’t immediately find one responsible for this large uptick, but with many hundreds of “ Eaglercraft ” repositories flagged by Minecraft’s parent company Mojang, that certainly left a mark.

GitHub says that it will continue to take a developer-first, approach to content moderation, minimizing the disruption of software projects while protecting developer privacy. These transparency reports and the publicly posted takedown notices are a means to that end.

The transparency report also shines light on how takedown activity evolves as the platform grows. This historical data shows that, in relative terms, the number of repositories on GitHub grows faster than the takedowns.

For example, Github hosted just under 40 million repositories in 2015, of which 8,268 were taken offline. Today, the platform has more than ten times as many repositories, yet takedowns failed to triple in the same period. In fact, the number of takedowns in 2023 is lower than a year earlier .

Surge in Circumvention Notices Explained

Last year, GitHub did report a notable uptick in DMCA circumvention claims. These more than quadrupled compared to the years before and this wasn’t just a fluke, as the most recent transparency report shows.

At least initially, the reasons for this were unclear, prompting GitHub to launch an investigation. The results of this exploration, released this week , show that the explanation is quite straightforward.

In the fall of 2021, GitHub updated its DMCA takedown submission form with questions explicitly related to circumvention. Providing that option triggered many more submitters to tick that box, raising the number of ‘circumvention’ claims.

These additional circumvention ‘claims’ don’t necessarily mean that more notices were processed for this reason. According to GitHub, many of these notices were processed for other reasons instead, including as regular takedown notices.

“[W]hile significantly more notices we process allege circumvention, the rate at which we process takedown notices because of circumvention hasn’t accelerated,” GitHub writes .

Processing circumvention notices is quite costly for the company as all requests are reviewed by a team of lawyers and engineers, to ensure that developers’ projects are not taken down without valid reasons.

This extra scrutiny was first brought to the fore during the youtube-dl takedown saga, after which GitHub launched a million dollar Developer Defense Fund .

GitHub is now actively engaged in policymaking in this area. The company previously urged the US Copyright Office to expand the DMCA anti-circumvention exemptions to benefit developers, while eliminating FUD .

All in all, it’s good to see that GitHub remains committed to takedown transparency, and we will keep monitoring these and other trends going forward.

From: TF , for the latest news on copyright battles, piracy and more.

Late last month we reported on the latest copyright claim data made available by YouTube. In the first half of 2023, YouTube said it processed 980 million Content ID claims , a 25% increase compared to a year earlier.

Given the upward trajectory, soon there will be a billion Content ID copyright claims every six months, which rounds to over two billion claims every year. To put that into perspective, if the world currently has five billion-odd internet users, that’s enough for 20% of the entire internet population to receive two copyright complaints per person, every 12 months.

Coincidentally, reports suggest that YouTube has around two billion active users already.

Takedown Notices Must be Reported

The numbers above are enormous but since Content ID-claimed videos stay up, they don’t need to be reported to the European Commission, a requirement for large platforms under the EU’s fledging Digital Services Act.

When Google and major online platforms including TikTok, Facebook, Twitter, Instagram, plus others, restrict or take content offline in response to a takedown notice under Article 16 , clear information must be sent under Article 17 to affected users.

Under Article 24 (5) , these so-called ‘statements of reasons’ must also be sent to the European Commission. Required information includes the legal basis for the complaint, the legal basis for taking the content down, and a myriad of additional details including a synopsis of considerations preceding takedowns.

To ensure consistency, submitters use an API to file ‘statements of reasons’ (SOR) in the standardized format below.

At the time of writing, just 16 large online platforms are required to supply the EC with this information. When things were just getting warmed up in December 2023, the volume of SOR notices sent by just five submitters had reached 25.8 million per week and when all submitters’ notices were combined, the all-time total topped 710 million.

Things Have Moved On Since Then

It’s almost impossible to reconcile the figures being reported this week with any type of normal thought process. The 710 million figure reported last December was close enough to compare with the population of Europe, 746 million, give or take, or one takedown per person on average.

Over the past 24 hours especially but potentially longer, the EC system has been producing errors in response to our queries. A massive surge in reports filed by Google could be at least partly responsible.

Over 14.4 billion SOR being reported to the Commission was unexpected, to say the least. The ‘statement of reasons’ dashboard appears to show Google taking unprecedented – and as far as we can determine – mostly voluntary action, against billions of listings on its Google Shopping platform and various non-compliant content on Google Play.

Google may have submitted as many as 13.5 billion notices to the Commission thus far. From the few dozen we sampled relating to Google Shopping, many if not all cite terms of service violations committed by advertisers. Notices state that the removal was carried out as part of a voluntary initiative using automatic detection methods. We have seen examples where decisions are described as “Fully Automated” and others as “Not Automated.”

Four typical examples from the sample are presented below. The ‘ground for decision’ is the same in all notices we were able to review: Content incompatible with terms and conditions . The explanations vary considerably.

– There was a problem identified with the criteria used in your ads
– One or more of your products have images with promotional text or obstructions
– Google identified that some of your products contain adult-oriented content
– Some of your products have generic images. Use images that clearly show the product

Whether this has anything (or nothing) to do with the antitrust case hanging over Google in Europe is unknown. After the European Commission (EC) found that Google had used its dominant position in search, to gain an unfair market advantage elsewhere, the EC hit Google with a €2.4 billion fine.

Google challenged the EC at the EU Court of Justice but, in late 2021, its case was mostly dismissed and the Court confirmed the €2.4 billion fine. In an opinion released by EU Court of Justice Advocate General Juliane Kokott last month, the EU Court was advised to dismiss Google’s objections and uphold the fine.

When attempting to pull more data on Thursday evening, the EC’s system continued to throw error after error as Google continuously filed new reports. Given the number of notices already on file, not to mention the errors when attempting to pull the maximum 1,000-item reports currently allowed, checking anything like a representative sample is impossible. However, every statement we were able to access followed similar formats to those shown above.

Rightsholders Use DSA to Remove Apps from Google Play

The billions of reports filed by Google include over 208,000 that appear in response to a search for Google Play + Apps, with no specified content category or reason.

When filtering for intellectual property-related issues, over 2,800 reports indicate the removal of apps from Google Play, many listing ‘Copyright’ as the ‘legal ground relied on’.

The pair of notices shown below are typical of those we were able to review, most if not all of which reference technical issues experienced by Google.

In common with many of the others, the notices state that the apps were removed from Google Play in response to a “Notice submitted in accordance with Article 16 DSA” which in broad terms governs a DMCA-style takedown mechanism but applicable to a broader range of content.

The EU system improves on the U.S. variant by requiring reasons to be published, but lags behind in a non-insignificant way by disallowing references to content and identification of the notice-sender, which critically undermines investigations into abuse.

The EC’s Statement of Reasons transparency database is available here

From: TF , for the latest news on copyright battles, piracy and more.