remix logo

Hacker Remix

Italy's Piracy Shield just blocked one of Google's CDN

119 points by aquatica 5 days ago | 90 comments

johnklos 4 days ago

Companies like Google and Cloudflare just really don't care that they host malicious content and have stopped taking meaningful action to take down reported content. That they'd be blocked at some point is completely unsurprising.

As it is, I have to explain to people regularly that clicking on "sponsored" links, or whatever Google calls them, doesn't work because we have to block "googleadservices.com" due to their hosting of malicious Javascript payloads. Certain very large companies that are very, very privacy and security focused insist on blocking known malicious Javascript hosting services, and Google is no exception.

bithead 4 days ago

I think it's possible they may. I used to get 50 - 150 of those "I hacked the camera on your computers and videoed you wacking. Pay me bitcoins and I won't release it to all your friends". Many come from .kz, .cn, .in, and various others. I'd notify those ISP NOCs that their networks are being used of obvious criminal activity and criminals love to break into servers and networks. I also put in bitcoin abuse reports using the IP addresses that sourced the emails.

Google addresses started show up about 4 - 6 months ago; their IPv6 addresses. So I prominently mentioned in those bitcoin abuse reports that google should make any effort at all to secure their servers and notified their NOC/security email addresses. I also mentioned their addresses would appear in those public bitcoin abuse reports.

After a couple of months the google addresses stopped appearing as sources.

NOTE: I used a honeypot email address to snare these emails.

behringer 4 days ago

you're the hero we need, but we don't deserve <3

ruthmarx 4 days ago

> Companies like Google and Cloudflare just really don't care that they host malicious content and have stopped taking meaningful action to take down reported content.

Honestly I find it incredibly silly companies are still sending out notices to take down copyrighted content. Give up already. The battle is lost and now it's purely a waste of time and money.

jazzyjackson 4 days ago

The pirates lost, I know one other person besides me that collects movies to watch offline outside of subscription services. The legal actions against free streaming sites prevents any serious competitor to Netflix, Disney-Hulu etc, which are hugely valuable properties.

ruthmarx 4 days ago

The pirates remain triumphant and unshakeable. Why? Because you can go to any number of torrent sites you want right now and download anything you want, and as long as it's not too obscure it will probably not take more than 10 or 2 minutes.

Trying to shut down piracy is playing whack-a-mole with one hammer, 10,000 moles and 100,000,000 holes.

> The legal actions against free streaming sites

The only people using those are people too scared or lacking in knowledge of how to download.

ben_w 4 days ago

> The only people using those are people too scared or lacking in knowledge of how to download.

That's most people.

Also, most laws aren't perfectly enforced; part of the reason for disproportionately high penalties is to create that fear.

ruthmarx 4 days ago

Well, there's a lot of opinion on the subject but personally I'm er much against disproportionately high penalties as a deterrent because it's comes at the cost of justice to the individual.

That aside though, there isn't any chance of stopping piracy with the way the current internet is. SO all they do is spend disproportionate amounts of money, i.e. throw that money down the drain, just to take down a website here and there, and maybe, comparatively rarely, get a few people thrown in jail here and there.

That isn't deterring anything, not remotely, so it just seems like revenge.

ben_w 4 days ago

> personally I'm er much against disproportionately high penalties as a deterrent because it's comes at the cost of justice to the individual.

Likewise.

I think that as we've already developed the technological capacity for mere organised crime to build a surveillance system that would make the actual literal Stasi jealous, it's important for the legal system to catch up, and move to the combination (because neither would work in isolation) of (1) penalties that are much much smaller and directly match the offence with (2) so much surveillance that basically everything is caught.

Now, is there a way for this to avoid falling into a horrific dystopian nightmare? Because it's one thing for an internet pirate getting an illicit copy of one episode of Space 1999 getting dinged for $0.99, and quite another if the same capabilities are used to interfere with or supress political opponents a-la the Watergate scandal.

> That isn't deterring anything, not remotely, so it just seems like revenge

I know what you mean, I think that's also part of it, and that kind of attitude in parts of the legal system also interfere with the thing I've just suggested.

appplication 4 days ago

I used to pirate years ago, and have tried pirating again recently and I find it too difficult to get into any of the private communities (some of which require you to pay?). There’s some stuff outside of those communities but the quality and consistency of content is quite poor and it seems to be constantly getting taken down, and finding torrents with search engines isn’t as effective anymore.

Sometimes it does feel like the pirates did lose. At the very least it seems almost impossible to casually pirate something like you used to in the late 2000s. Now it feels like you don’t have a homelab setup with plex/jellyfin/arr/arr/arr and a network of private trackers and god knows what else the. You’re not really going to be able to find much.

It feels like piracy morphed from being like stealing a pack of gum at a gas station to being more of a time and equipment intensive hobby.

behringer 4 days ago

I think you're doing it wrong. You don't need private. You just need to find the right "release groups" and the right software to use.

appplication 4 days ago

I’m almost certain I’m doing it wrong, but that’s sort of my point. As a dev, I spend all day working with software, but then I try to do something I used to easily do as a 12 year old and it’s almost impossible to achieve an even half-decent experience without significant knowledge and research now.

It may be obvious to you what the right release groups and software are but this isn’t how it used to be. You used to be able to just search for torrents, and find high quality ones for just about anything. It’s not the case anymore. Even going to TPB and searching there feels like I’m missing something because of how poor the catalog and average health is.

ruthmarx 2 days ago

If you're out of touch, then you can monitor sites like torrenfreak that report relevant news and discussion forums that are seemingly legal like r/piracy on reddit.

> it’s almost impossible to achieve an even half-decent experience without significant knowledge and research now.

The thing you have to learn is how to find resources at short notice. That skill is adaptable and should never require significant knowledge and research. Most of what you learned as as 12 year old should still apply.

behringer 3 days ago

I definitely hear ya. Try out qbittorrent and it's built in search system for an old time kazaa feel.

And don't forget a good VPN like proton VPN

dxbednarczyk 4 days ago

>The pirates lost

I believe this is not mainly due to big companies and/or governments cracking down on piracy, but a massive loss in knowledge and shift in perspective about piracy, especially in younger generations.

It's true that piracy numbers have been declining, but this largely comes as a result of "piracy is dangerous, don't do it! you'll get viruses!!1!"

leoedin 4 days ago

I can only speak for myself - but the convenience and relatively low cost of Netflix killed piracy for me. It wasn’t really a moral reason, or a fear of prosecution. But Netflix is truly easy, and the cost isn’t significant.

Spotify did the same for music piracy. I just stopped bothering with files.

I think as others have said, the increased balkanisation of the tv streaming world might change that.

drekipus 4 days ago

Netflix has the worst quality and selection that I've seen.

I'm about to pick up piracy again so I can watch good shows that I like

dylan604 4 days ago

It does now. Back when it was the only streaming service and all of the different studio's content was on it, it was the best fight against piracy. Now that the streaming ecosystem is so fragmented requiring subscription upon subscription, Netflix' selection has atrophied to the realm of mediocrity with the occasional gem like every other studio out there.

I can absolutely see where piracy surges again as people fight back against the onslaught of YASS (yet another streaming service).

Ekaros 4 days ago

I think Gabe was entirely right, it is in the end service problem. And services can be wrong at multiple ways. For a moment video content got it right. But this was naturally unstable equilibrium. Free market capitalism is naturally greedy so everyone wants their own piece of the pie and not just give it away for someone else.

troupo 4 days ago

Pirates kinda lost when Netflix was more or less the only game in town.

Now with 10+ streaming services gatekeeping their content piracy is likely to be back on the rise

dariosalvi78 4 days ago

Agreed. It's what brought me back to piracy. I can pay one or two subscriptions max and happy to do it, but if the content I'm looking for is not there guess where I go to? And I suppose that many others do the same. In addition, many streaming websites have content that disappear for no apparent reason, or have the content only in some countries etc.

Streaming has reduced the need for piracy a lot, and that's probably a good thing, but it hasn't made it completely obsolete, because of silly models that media companies still enforce.

zapkyeskrill 4 days ago

It's what irks me, you travel outside the borders and suddenly everything stops working. Often when you need it the most. Looking at you Amazon kids plus.

olddog2 4 days ago

Plex with a couple of decent paid subscription servers ($20 a month total) is fantastic and is equivalent in usability to netflix except basically everything is available.

It is funny listening to podcasts with billionaires who have unlimited financial resources but can’t watch a show recommended to them because they haven’t downloaded or subscribed to a particular streaming service.

LaundroMat 4 days ago

It's also a question of IP valuation.

Media companies have IP as an asset on their books. Battling piracy is a means to defend the valuation they attach to that IP.

ruthmarx 4 days ago

It's wasted money though. They're literally just losing more money on whatever money they think they lost due to piracy.

LaundroMat 4 days ago

Well, maybe.

You can maintain or increase the value of your IP (and therefore tour company) by _showing_ you're investing in the protection of your IP.

After all, the value of IP in your books is subjective. That perceived value increases if you can report you've "removed thousands of links to pirate versions of our content". So in that regard, battling piracy is money well spent.

smallnix 4 days ago

Depends on where you fight it.

Got it removed from most Google page 1's? -> probably worth it

Trying to take down all torrents? -> probably not worth it

ruthmarx 4 days ago

Google's been removing torrent links for years now.

People share these links in Discord, Reddit, Telegram etc - companies are not taking them down anytime soon. It's literally an unbeatable hydra.

dr_kiszonka 4 days ago

Malicious doesn't mean copyrighted.

ruthmarx 4 days ago

True, but the submission refers to something called 'Piracy Shield', so copyrighted material seems pretty relevant.

behringer 4 days ago

I get what you're saying but I don't think it's true at all. Except for my tech friends, literally nobody I know is aware of how to pirate content if it isn't on Google or YouTube.

SkiFire13 4 days ago

I could see your point if the block was after a takedown request and Google did not comply, but this didn't happen. "Piracy Shield" doesn not send out takedown notices, _it just blocks IPs_ reported by a set of _private companies_.

johnklos 4 days ago

Do you have a source about "Piracy Shield"?

Daniel87654 3 days ago

https://www.wired.it/article/piracy-shield-piattaforma-agcom...

the source is in italian, couldn't find one in english that describes how it works but you can just translate it and it's more or less readable, from the source (google translated):

"On the platform, those who hold the rights, for example Sky and Dazn for football, upload the IP addresses or the Fully qualified domain name (Fqdn) , i.e. an unambiguous domain name that allows an online resource to be identified without a doubt, pirate sites that are broadcasting content without authorization , together with forensic evidence certifying the violation . Those who make the request have a few minutes to correct any errors, after which Piracy Shield generates a ticket and includes the report in the list of incriminated sites. Telecommunications and network operators draw on this, and have 30 minutes to block them. The process can also be automatic.

In the case of the Aiip trial, for example, the association has developed an interface, which it will provide to its members, which connects regularly, with a frequency of 1-2 minutes, to Piracy shield , checks the update of the list of sites to be blocked and, if there are new ones, executes the request. The platform also contains a white list of resources that, on the contrary, must not be reset. Piracy Shield is located on the Microsoft Azure cloud and can be reached by accredited operators only via VPN (virtual private network). At the moment the project aims to tackle piracy of sports content"

tourmalinetaco 4 days ago

They will happily boot legal websites off while defending animal torture and CSAM. I’ve made many reports to Cloudflare, Google, and the FBI when I come across said websites and so far I have yet to see any be even kicked off Google search let alone Cloudflare.

MacTea 4 days ago

How do you "come across" animal torture and CSAM?

gumboshoes 4 days ago

Not the commenter you asked, but for me I often find it in Google alerts, where to legitimize the site they have front-loaded it with real text scraped from legit sites.

tourmalinetaco 4 days ago

I won’t go too heavily into details, but I’ve had them come up with rather innocuous sets of words, ones that, horrifyingly, a young child would be likely to use. And if you include drawn media alongside photographic abuse material then it can be as simple as looking up characters from a cartoon.

lormayna 4 days ago

The problem exists in Italy: criminal organizations sell a box (called "pezzotto") that connect to illegal streams (mainly sport events). But the law to block it was written in a very terrible way and this tool is even worst.

dylan604 4 days ago

Pezzotto sounds like it would pair well with a nice chianti.

lormayna 4 days ago

If you are Italian, you can easily associate the "pezzotto" sound with the dialect of Napoli area. Chianti come from Toscana.

ranger_danger 4 days ago

Ironically from not-Italy:

Warning: Potential Security Risk Ahead

Firefox detected a potential security threat and did not continue to mil04s43-in-f1.1e100.net

Error code: SSL_ERROR_BAD_CERT_DOMAIN

VoidWhisperer 4 days ago

Likely having to do with the cert being for *.googleusercontent.com, and that is decidedly not *.googleusercontent.com

fulafel 4 days ago

The link is bad from a web browser POV so that's correct - it's using the DNS name from the ip address reverse lookup, but the web server cert there identifies to a different Google DNS name which would point to the same address. (But the point was to point to this CDN node and you can't really link to it on HN in any other way)

Psilocibin 4 days ago

I don't understand, can you explain?

xanth 4 days ago

Likewise, here in aus on a FireFox 131.0.3

BLKNSLVR 4 days ago

My 'uninvited activity'[0] system picks up quite a bit from googleusercontent, but also gets a bit from 1e100 network ranges, which is a bit surprising / disappointing.

I have to add exclusions for some google-owned network ranges just so my auto-blocking setup doesn't break some basics critical to just web browsing.

[0]:https://github.com/UninvitedActivity/UninvitedActivity