Slashdot Mirror
What a 'Six Strikes' Copyright Notice Looks Like
The new Copyright Alert System, a.k.a. the 'Six Strikes' policy, went into effect on Monday. Comcast and Verizon activated it today. Ars Technica asked them and other participating ISPs to see the copyright alerts that will be sent to customers who have been identified as infringing. Comcast was the only one to grant their request, saying that a "small number" of the alerts have already been sent out. The alerts will be served to users in the form of in-browser popups. They explain what triggered the alert and ask the user to sign in and confirm they received the alert. (Not admitting guilt, but at least closing off the legal defense of "I didn't know.") The article points out that the alerts also reference an email sent to the Comcast email address associated with the account, something many users not be aware of. The first two notices are just notices. Alert #5 indicates a "Mitigation Measure" is about to be applied, and that users will be required to call Comcast's Security Assurance group and to be lectured on copyright infringement. The article outlines some of the CAS's failings, such as being unable to detect infringement through a VPN, and disregarding fair use. Comcast said, "We will never use account termination as a mitigation measure under the CAS. We have designed the pop-up browser alerts not to interfere with any essential services obtained over the Internet." Comcast also assures subscribers that their privacy is being protected, but obvious that's only to a point. According to TorrentFreak, "Comcast can be asked to hand over IP-addresses of persistent infringers, and the ISP acknowledges that copyright holders can then obtain a subpoena to reveal the personal details of the account holder for legal action."
So this is why my comcast bill went up last month...
"In-browser popups?" On what pages? Is Comcast tampering with web pages not their own to insert messages? Do they do MITM attacks on secure pages to break in there?
Netflix Instant Play monthly cost: less than $10, vs. IPREDator or equivalent VPN at about $5. Get a half decent Usenet or BitTorrent client, and the system has been circumvented.
I suspect that ISPs adopted these measures more to appease the content providers than to fight the actual problem.
Why won't the content providers address the obvious, and just make the content available through Netflix/iTunes/Amazon/VUDU/etc. soon after release? Such venues would enable them to profit from the home user who'd then download and pay without a hassle, and at the same time protect secondary international markets where other deals may be in place.
I guess these people learned nothing from Napster, iTunes, and music stores.
Cheers!
E
http://eugeneciurana.com | http://ciurana.eu
Would using adblock or simply preventing unwanted "popup" from opening block this notice? I've honestly never seen a single popup since I've started using Opera over 6 years ago, not to mention ads.
The outrage that defeated SOPA is missing. Is it because the harm isn't as clear, big companies like google aren't stepping into the fray, or the association with "pirates" is too toxic? Or is it d) all of the above?
Since when can corporations act like governments?
Who in this day and age still has pop-ups enabled in their browsers?
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Sounds like it's a fair price to pay if it means that we can't get brought into court for pirating just about anything. If that were the case then I'd be ok with it but of course this is not a black and white world we live in.
Apparently even if you successfully challenge the "back breaking straw" copyright alert that triggers a mitigation notice, you have to defeat at least half of ALL notices to get the mitigation removed.
Kinda like getting your license suspended after getting your 6th ticket, but then having to overturn not only your 6th ticket but also 2 other tickets to get your license reinstated.
Firstly, I think popups are generally disabled by people who know how to use torrents. And secondly, they require the popup to be signed so you cannot say "I didn't know" further down the line. Now what happens if you see the popup and just close it (CTRL+W or CTRL+F4)? Does it count as seen? Or better still, pull the popup window to a side and keep doing what you are doing. And shutdown after you are done. Now does that count? And what if I challenge the ISP to show me proof for the notice. Will they do it or just ignore me? If they ignore me, I can ignore them and so the story can go...
Apologies to the author of the original(can be found at http://craphound.com/spamsolutions.txt):
Your law advocates a
(x) technical (x) legislative ( ) market-based ( ) vigilante
approach to fighting piracy. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
(x) Legitimate bittorrent uses would be affected
(x) It is defenseless against VPNs
(x) It will stop piracy for two weeks and then we'll be stuck with it
(x) Users of netflix will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from pirates
( ) Requires immediate total cooperation from everybody at once
(x) Many internet users cannot afford to lose business or alienate potential employers
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) TOR endpoints in foreign countries
(x) Asshats
(x) Jurisdictional problems
(x) Unpopularity of net restrictions
(x) Pop-up blockers
(x) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of piracy
(x) Joe jobs and/or identity theft
(x) Technically illiterate politicians
(x) Dishonesty on the part of pirates themselves
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) IP headers should not be the subject of legislation
(x) Blacklists suck
(x) Whitelists suck
(x) We should be able to watch youtube without being permanently disconnected from the net
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Why should we have to trust you and your servers?
(x) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
(x) I don't want private corporations suing me for downloading my own files
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
It is amusing to see comcast and others think just cause everyone else is doing it or because they have "industry" documents like RFC 6108 this somehow insulates them from "stupid".
Injecting shit into http is HARMFUL no matter what BS you can get accepted by throwing your largess around and sponsoring IETF meetings. You simply cannot know a-priori what side effects of injecting javascript crap into HTTP transactions are. In case you have been living under a rock for the past decade sadly everyones using HTTP for transport these days.
As I type no doubt the phishers are working overtime on fake popups emulating comcasts piracy notifications.
I hope sleeping with the MPAA is worth bad press, legal exposure and pissing off your paying customers.
"As part of the Copyright Alerts System operated by the Center for Copyright Information, a copyright owner has sent Comcast a notice claiming your Internet service from Comcast was used to copy or share a movie, television program or song improperly...."
There are absolutely no details about who the copyright owner is, what specific content was infringed, when the alleged infringement was made, what details identifies MY "Internet service", etc.
A more legally correct wording could state "Someone who claims to be the copyright owner, claims that the copyright was infringed from the specific IP which we, Comcast, claim to be belonging to your account at the claimed time of the infringement." But that would be just too many "claims"!
There's no such thing as "illegal download"
US = nascent police state.
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
They think that the copyright cartels are their buddies for taking their bribes and fighting their fight, but when this fails just like all the rest of their evil greedy plans of never letting so much as a penny slip through their fingers the ISPs participating in this may find it difficult to testify to a judge with a straight face that they have no control of the infringing content transmitted over their network. This strategy may not bite them in the ass today, or even next week or next month, but someday it will. He who sups with the devil should have a long spoon.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
5 Strikes and i change my ISP!
Oh
I read the article. In the summary, the following is stated:
"The article outlines some of the CAS's failings, such as being unable to detect infringement through a VPN"
The article says no such thing. The reference to VPNs in the article states that if a user is always tunneling through a VPN, Comcast will be unable to inject data into their datastream, and thus the user may never see a "popup" warning in their browser. Added to the fact that users may not be aware that their Comcast service comes with a Comcast email account (or they may never check it), and there is no guarantee that a user will ever see a warning sent by Comcast.
I always wondered why possession/acquiring of copyright material is a crime.
The whole problem of making possession/downloading illegal is it tries to fight human nature in a clumsy way (I get that while downloading torrents you also MIGHT seed it - there might not be anyone else downloading from you). People will always want free stuff. If I find a copy of a popular book being sold at half price on the pavement, I will buy it (esp. if the print is great).
At certain times, fighting human nature is important/worth it (e.g. stealing and killing others is illegal). At other times, it is just plain stupid (e.g. War on XYZ). In the end if people want it badly enough they will find a way to get what they want, consequences be damned (see how much stealing laws work against a starving man). You are trying to make natural behavior illegal, and coming up with technical measures to prevent it. Which has the gaping loophole that most technical barriers can/will be breached. And there is little cost to building digital workarounds.
Install TOR (if not against AUP), and tell them that you do not download crap not worth paying for, but that you are an exit node for TOR. Thustraffic from your IP can be assumed to originate from other computers. Inform FBI about the same thing, such that a judge can never issue a warrant as there is no reasonable suspicion against you. And that if you want to download crap, your traffic will use TOR to originate from another IP.
Use a VPN or virtual server for you criminal activities. You can get $2-$5/mo virtual servers powerfull enough for VPN. You can get them in Europe, Canada, South Africa. You name it, you get it.
But again, the whole idea is to hit the stupid guy with below average IQ and below average income. They are the ones least likely to get a qualified defense.
Man in the middle attack is completely unacceptable.
SURELY NOT!!!!!
attack computers on those networks then make those computers download copyrighted materials. Eventually 1000's will get the notice and maybe they'll notice.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
A pop-up I wasn't expecting inserted into my normal web browsers, and breaking any secure sites that it might pop up on prompting security warnings, asking me to click a button, sign-in, etc.?
Yeah, that won't be a scam, will it?
How about this - you have these people's address and billing details, send them a damn letter by recorded delivery if you want them to read it.
Personally, everything I've been advising my users NOT to do for the last ten years would ensure that those warnings are ALL ignored and/or the person runs off to check their antivirus because they are quite obviously not supposed to be there when you have typed in www.google.com or whatever.
They explain what triggered the alert and ask the user to sign in and confirm they received the alert. (Not admitting guilt, but at least closing off the legal defense of "I didn't know.")
If only there was some way of getting around that, like, um... not signing in and confirming you've received the alert? Yeah, that loophole's well and truly closed, well done.
systemd is Roko's Basilisk.
This is only going to scare the people using public services. 99% useless and a complete waste of time and money. Typical of the majority of out problems in this country.
I haven't read TFA, and am not speaking for Comcast (nor condoning them), but most of your concern is probably misguided:
They probably insert a javascript popup into javascript / HTML files that are accessed. Yes, it will affect all NAT'd users but you can't say "Well, you informed my flatmate but not me the account holder" because you used a different connection to the one warned.
I imagine they intercept ALL HTTP requests that provide an HTML response. Thus, everyone behind the NAT sees it. And no downloads or other services are affected. Because it's an inserted code into the HTML stream, it doesn't matter if you block popups, nor even that Javascript is turned off. When you request www.google.com, they will send you an HTML file that contains the popup and won't stop doing that until you "agree" to it (the question of who ends up clicking that agree button is a legal minefield, I admit). It won't set off SSL warnings because you can't inject into an HTTPS stream without breaking things. It won't matter what browser or settings you use - any HTML request will respond with the page that you need to agree to.
It's the same method used to operate wifi hotspots all over the world.
How do I know? My ISP used to have something similar 10 years ago. If they detected port 139 was unsecured on your network (by the presence of packets heading out of the network) they would block your web access until you agreed that you would take responsibility for it. I clicked that dialog four times in my life, I think (and, no, I didn't have open SMB shares exposed to the world, I'd just done a couple of nmap scans on my own external machines and it caused the alerts).
It didn't break anything, it was pretty certain that someone would see it and agree to it (and this was back before browsers supported half of what they do now), and it was effective (they had logs of when I had "agreed" to it, which was used by one of their tech support reps to determine that I know what I was talking about when I later had a problem - "Ah, an nmap user, okay, could you just do this for me...").
It would be fun to see bots filing bogus copyright claims with all the ISPs with the IP addresses of entertainment MBAs, their lawyers, lawmakers, celebs...
Purely an intellectual exersize; I would never advocate such a thing.
Perish the thought.
may not ever use account termination as a way of enforcing this, but I certainly will use account termination as a way of dealing with it.
That thing where they tell you you have to call them?
That call will be to cancel my service.
(and no, I don't use torrents, (except steam) but that hardly matters)
This space available.
If anyone can pulls an alert from a public domain torrent, please post the link. I'd really like to get my 5 alerts out of the way this weekend so I can speak with the CAS team about how utterly useless they, and their entire scheme, are before my account cancels.
Will this work properly in Lynx? Or do I need to file a complaint about cross browser support?
My old sig was REALLY stoopid.
There is always a way to vote when the offensive action is perpetrated by a money grubbing entity: with your wallet. Unfortunately, most people won't be willing to give up their darling televisions on principle alone. It is an inexpensive babysitter for some, a mind eraser for others, and an escape from the day for too many.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
To all the people crabbing about them redirecting DNS "We have designed the pop-up browser alerts not to interfere with any essential services obtained over the Internet." meaning this would cause a disruption in services. Therefore this is not going to be the course of action.
I haven't owned a TV in almost 20 years.
I have comcast for internet only.
This space available.
...someone takes the CAS screenshots from TFA and incorporates them into a phishing scam popup?
"oh, no, not junior rodeo..."
Seriously, wtf? By what right do ISPs have to be judge, jury, and executioner?
Likely all of them. The most obvious answer is that it's going to reroute all web requests from that subscriber to their six strikes landing page.
... we can just cap them at the equivalent of 300 baud.
now we need to go OSS in diesel cars
But you could be using HTTPS for as many sites that accept it, IPsec for more that accept that, and ssh -D via a free cloud instance or cheap virtual server for all the rest. You'd then never see the popup because you'd never get the injected Javascript. Your neighbors borrowing your wifi might, and might acknowledge for you. But with security like that, they'd never see your downloads, either.
now we need to go OSS in diesel cars
But many Europeans actually have real competition, and thus reasonable prices ... and, importantly, a place to go to when voting with their wallets. Americans only barely have that in Kansas City and Chattanooga.
now we need to go OSS in diesel cars
Or the neighbor kids for those without their own.
now we need to go OSS in diesel cars
Is this a new technology and policy that some ISPs are voluntarily adopting?
Will a person be at risk is s/he watches streaming videos?
Streaming videos from another country?
Going to the Pirate Bay site and using a torrent link from to use a torrent client to download something?
Any way to protect yourself?
Let me get this right... In order to inform me that I am breaking copyright laws, the ISP will alter the content of a website in order to display a message to me? In other words they are taking advantage of someone else's copyrighted content in order to force me to read their message? Isn't that the same fuckin' thing they are accusing me of?
"Don't hit people!" said dad, as he emphasized his point with his fist.
I suppose it might come down to context, but in the internet world it would seem to be the difference between your ISP blocking a page versus allowing it but changing the content.
No media boxes I'm aware of can substitute product-placement, in-show banners, etc. They just don't record for certain times.
Fake six-strikes popups which ask for credit card numbers to resolve the complaint.
Forget 300 baud, just cap them at 0 and keep sending them a bill. Technically, that's not "Account Termination" either.
Unix is user friendly, it's just selective about who its friends are.
I hope they don't try sending notices that way. I'm pretty sure I have one but have no idea what it is or how to access it.
Every month my bill goes up! Between all the different constantly fluctuating "fees" (UCC, Regulatory Recovery, Local Franchise, FCC Regulatory, 911, State Assessment, etc.) my bill goes up about a buck or more a month.
So when does the boycott start?
Let's see ... as a non-moron, I use (during normal browsing) a Proxy, a VPN, NoScript and AdBlock+ plugins, and popups are utterly disabled ... I'm a Comcast customer, but I've never once seen my own Comcast email. Wouldn't this entire thing be utterly pointless and never noticed in my position?