remix logo

Hacker Remix

Italy's Piracy Shield just blocked one of Google's CDN

120 points by aquatica 9 months ago | 92 comments

johnklos 9 months ago

Companies like Google and Cloudflare just really don't care that they host malicious content and have stopped taking meaningful action to take down reported content. That they'd be blocked at some point is completely unsurprising.

As it is, I have to explain to people regularly that clicking on "sponsored" links, or whatever Google calls them, doesn't work because we have to block "googleadservices.com" due to their hosting of malicious Javascript payloads. Certain very large companies that are very, very privacy and security focused insist on blocking known malicious Javascript hosting services, and Google is no exception.

bithead 9 months ago

I think it's possible they may. I used to get 50 - 150 of those "I hacked the camera on your computers and videoed you wacking. Pay me bitcoins and I won't release it to all your friends". Many come from .kz, .cn, .in, and various others. I'd notify those ISP NOCs that their networks are being used of obvious criminal activity and criminals love to break into servers and networks. I also put in bitcoin abuse reports using the IP addresses that sourced the emails.

Google addresses started show up about 4 - 6 months ago; their IPv6 addresses. So I prominently mentioned in those bitcoin abuse reports that google should make any effort at all to secure their servers and notified their NOC/security email addresses. I also mentioned their addresses would appear in those public bitcoin abuse reports.

After a couple of months the google addresses stopped appearing as sources.

NOTE: I used a honeypot email address to snare these emails.

behringer 9 months ago

you're the hero we need, but we don't deserve <3

ruthmarx 9 months ago

> Companies like Google and Cloudflare just really don't care that they host malicious content and have stopped taking meaningful action to take down reported content.

Honestly I find it incredibly silly companies are still sending out notices to take down copyrighted content. Give up already. The battle is lost and now it's purely a waste of time and money.

jazzyjackson 9 months ago

The pirates lost, I know one other person besides me that collects movies to watch offline outside of subscription services. The legal actions against free streaming sites prevents any serious competitor to Netflix, Disney-Hulu etc, which are hugely valuable properties.

ruthmarx 9 months ago

The pirates remain triumphant and unshakeable. Why? Because you can go to any number of torrent sites you want right now and download anything you want, and as long as it's not too obscure it will probably not take more than 10 or 2 minutes.

Trying to shut down piracy is playing whack-a-mole with one hammer, 10,000 moles and 100,000,000 holes.

> The legal actions against free streaming sites

The only people using those are people too scared or lacking in knowledge of how to download.

ben_w 9 months ago

> The only people using those are people too scared or lacking in knowledge of how to download.

That's most people.

Also, most laws aren't perfectly enforced; part of the reason for disproportionately high penalties is to create that fear.

ruthmarx 9 months ago

Well, there's a lot of opinion on the subject but personally I'm er much against disproportionately high penalties as a deterrent because it's comes at the cost of justice to the individual.

That aside though, there isn't any chance of stopping piracy with the way the current internet is. SO all they do is spend disproportionate amounts of money, i.e. throw that money down the drain, just to take down a website here and there, and maybe, comparatively rarely, get a few people thrown in jail here and there.

That isn't deterring anything, not remotely, so it just seems like revenge.

ben_w 9 months ago

> personally I'm er much against disproportionately high penalties as a deterrent because it's comes at the cost of justice to the individual.

Likewise.

I think that as we've already developed the technological capacity for mere organised crime to build a surveillance system that would make the actual literal Stasi jealous, it's important for the legal system to catch up, and move to the combination (because neither would work in isolation) of (1) penalties that are much much smaller and directly match the offence with (2) so much surveillance that basically everything is caught.

Now, is there a way for this to avoid falling into a horrific dystopian nightmare? Because it's one thing for an internet pirate getting an illicit copy of one episode of Space 1999 getting dinged for $0.99, and quite another if the same capabilities are used to interfere with or supress political opponents a-la the Watergate scandal.

> That isn't deterring anything, not remotely, so it just seems like revenge

I know what you mean, I think that's also part of it, and that kind of attitude in parts of the legal system also interfere with the thing I've just suggested.

appplication 9 months ago

I used to pirate years ago, and have tried pirating again recently and I find it too difficult to get into any of the private communities (some of which require you to pay?). There’s some stuff outside of those communities but the quality and consistency of content is quite poor and it seems to be constantly getting taken down, and finding torrents with search engines isn’t as effective anymore.

Sometimes it does feel like the pirates did lose. At the very least it seems almost impossible to casually pirate something like you used to in the late 2000s. Now it feels like you don’t have a homelab setup with plex/jellyfin/arr/arr/arr and a network of private trackers and god knows what else the. You’re not really going to be able to find much.

It feels like piracy morphed from being like stealing a pack of gum at a gas station to being more of a time and equipment intensive hobby.

behringer 9 months ago

I think you're doing it wrong. You don't need private. You just need to find the right "release groups" and the right software to use.

appplication 9 months ago

I’m almost certain I’m doing it wrong, but that’s sort of my point. As a dev, I spend all day working with software, but then I try to do something I used to easily do as a 12 year old and it’s almost impossible to achieve an even half-decent experience without significant knowledge and research now.

It may be obvious to you what the right release groups and software are but this isn’t how it used to be. You used to be able to just search for torrents, and find high quality ones for just about anything. It’s not the case anymore. Even going to TPB and searching there feels like I’m missing something because of how poor the catalog and average health is.

ruthmarx 9 months ago

If you're out of touch, then you can monitor sites like torrenfreak that report relevant news and discussion forums that are seemingly legal like r/piracy on reddit.

> it’s almost impossible to achieve an even half-decent experience without significant knowledge and research now.

The thing you have to learn is how to find resources at short notice. That skill is adaptable and should never require significant knowledge and research. Most of what you learned as as 12 year old should still apply.

behringer 9 months ago

I definitely hear ya. Try out qbittorrent and it's built in search system for an old time kazaa feel.

And don't forget a good VPN like proton VPN

dxbednarczyk 9 months ago

>The pirates lost

I believe this is not mainly due to big companies and/or governments cracking down on piracy, but a massive loss in knowledge and shift in perspective about piracy, especially in younger generations.

It's true that piracy numbers have been declining, but this largely comes as a result of "piracy is dangerous, don't do it! you'll get viruses!!1!"

leoedin 9 months ago

I can only speak for myself - but the convenience and relatively low cost of Netflix killed piracy for me. It wasn’t really a moral reason, or a fear of prosecution. But Netflix is truly easy, and the cost isn’t significant.

Spotify did the same for music piracy. I just stopped bothering with files.

I think as others have said, the increased balkanisation of the tv streaming world might change that.

drekipus 9 months ago

Netflix has the worst quality and selection that I've seen.

I'm about to pick up piracy again so I can watch good shows that I like

dylan604 9 months ago

It does now. Back when it was the only streaming service and all of the different studio's content was on it, it was the best fight against piracy. Now that the streaming ecosystem is so fragmented requiring subscription upon subscription, Netflix' selection has atrophied to the realm of mediocrity with the occasional gem like every other studio out there.

I can absolutely see where piracy surges again as people fight back against the onslaught of YASS (yet another streaming service).

Ekaros 9 months ago

I think Gabe was entirely right, it is in the end service problem. And services can be wrong at multiple ways. For a moment video content got it right. But this was naturally unstable equilibrium. Free market capitalism is naturally greedy so everyone wants their own piece of the pie and not just give it away for someone else.

troupo 9 months ago

Pirates kinda lost when Netflix was more or less the only game in town.

Now with 10+ streaming services gatekeeping their content piracy is likely to be back on the rise

dariosalvi78 9 months ago

Agreed. It's what brought me back to piracy. I can pay one or two subscriptions max and happy to do it, but if the content I'm looking for is not there guess where I go to? And I suppose that many others do the same. In addition, many streaming websites have content that disappear for no apparent reason, or have the content only in some countries etc.

Streaming has reduced the need for piracy a lot, and that's probably a good thing, but it hasn't made it completely obsolete, because of silly models that media companies still enforce.

zapkyeskrill 9 months ago

It's what irks me, you travel outside the borders and suddenly everything stops working. Often when you need it the most. Looking at you Amazon kids plus.

olddog2 9 months ago

Plex with a couple of decent paid subscription servers ($20 a month total) is fantastic and is equivalent in usability to netflix except basically everything is available.

It is funny listening to podcasts with billionaires who have unlimited financial resources but can’t watch a show recommended to them because they haven’t downloaded or subscribed to a particular streaming service.

LaundroMat 9 months ago

It's also a question of IP valuation.

Media companies have IP as an asset on their books. Battling piracy is a means to defend the valuation they attach to that IP.

ruthmarx 9 months ago

It's wasted money though. They're literally just losing more money on whatever money they think they lost due to piracy.

LaundroMat 9 months ago

Well, maybe.

You can maintain or increase the value of your IP (and therefore tour company) by _showing_ you're investing in the protection of your IP.

After all, the value of IP in your books is subjective. That perceived value increases if you can report you've "removed thousands of links to pirate versions of our content". So in that regard, battling piracy is money well spent.

smallnix 9 months ago

Depends on where you fight it.

Got it removed from most Google page 1's? -> probably worth it

Trying to take down all torrents? -> probably not worth it

ruthmarx 9 months ago

Google's been removing torrent links for years now.

People share these links in Discord, Reddit, Telegram etc - companies are not taking them down anytime soon. It's literally an unbeatable hydra.

immibis 8 months ago

There's money and there's "money". You know when a crypto grifter mints a billion tokens, sells a thousand for $1 each and then claims to be a billionaire? Then borrows half a billion from a bank, using his almost-billion "$1" tokens as collateral? This is like that.

dr_kiszonka 9 months ago

Malicious doesn't mean copyrighted.

ruthmarx 9 months ago

True, but the submission refers to something called 'Piracy Shield', so copyrighted material seems pretty relevant.

behringer 9 months ago

I get what you're saying but I don't think it's true at all. Except for my tech friends, literally nobody I know is aware of how to pirate content if it isn't on Google or YouTube.

johnnyanmac 9 months ago

As long as the potential impact exists (and that impact can be huge), they have the time and money to do those takedowns

ruthmarx 9 months ago

I don't think the impact has ever truly been huge, although it is almost always overstated.

johnnyanmac 9 months ago

It's huge enough risk that they still choose to invest in fighting it. Overstated or not in public, that's all that matters to a business.

I don't know why when it comes to piracy that suddenly we forget that companies have entire wings (or hire entire companies) dedicated to figuring out how much piracy is occurring and what's most profitable. Will it put them out of business to ignore it? Probably not. But clearly they determined it's cheaper to fight than let it go rampant.Even if "cheaper" means "give executives and shareholders peace of mind so they throw more money at them".

And for small businesses and projects it absolutely hurts them. It's not even worth much debate there. A few thousand sales can make or break a decision to keep supporting a small business compared to going back to a normal job. But they lack the funds to fight piracy so it's a damned of you do... Situation for those people.

ruthmarx 9 months ago

> It's huge enough risk that they still choose to invest in fighting it.

It's not a risk though. Movies still make over a billion dollars regularly. All it is is greed and ignorance.

> But clearly they determined it's cheaper to fight than let it go rampant.

This is due to poor decision making, like companies like Coke continuing to pay for advertising at the scale they do.

> And for small businesses and projects it absolutely hurts them. It's not even worth much debate there.

It doesn't hurt them like you might think. It's well established at this point that pirates are the group that spends the most on content, and also frequently leads to an increase in sales.

johnnyanmac 9 months ago

>Movies still make over a billion dollars regularly

And if they make a million more fighting piracy rather than not then they'll do it. It's a risk to their expenditures.

Risk is obviously relative. Hacked movies don't kill anyone, a hacked game server of cheaters can kill the entire game.

>companies like Coke continuing to pay for advertising at the scale they do.

Honestly that's such a discussed topic with so much literature that I don't have more to add. It comes down to how fast you think people would forget about coke of they stopped, or how quickly the next generation would pick a new coke. Remeber that advertising includes making sure soda machines have coke on the front, as well as plastic cups with the same label. It's clear the Coca Cola company made it's decision there.

>It doesn't hurt them like you might think. It's well established at this point hat pirates are the group that spends the most on content, and also frequently leads to an increase in sales.

Word of mouth for product 1.0 doesn't matter if the single dev can't afford to get to product 2.0. Thars how "pirates spend the most" work Survivor bias is playing a huge role here, and most pirated services doit survive. And "we'll pay you on exposure" is just as insulting to hear from a pirate as it is from a conglomerate.

But again. Most small businesses don't have much choice because they can't chase needles in haystacks full time. Giving away your 1.0 for free works at the scale of Microsoft or Adobe where you can reel them in later (by shutting off the very piracy they benefitted from). Small businesses can't sit on rent or debt anywhere near as long.

ruthmarx 9 months ago

> And if they make a million more fighting piracy rather than not then they'll do it.

Right, but they don't. That's the point.

> It's clear the Coca Cola company made it's decision there.

The question is to what extent was that decision based on real research and data, versus being influenced by being taken out for a nice lunch by some admen and because "that's how we've always done it".

> Word of mouth for product 1.0 doesn't matter if the single dev can't afford to get to product 2.0.

Piracy isn't going to impact that reality at all.

> Thars how "pirates spend the most" work Survivor bias is playing a huge role here, and most pirated services doit survive.

There's no bias, nor is this speculation. This is a topic that has been researched for more than 20 years at this point and consistently shows that pirates spend more and lead to an increase in sales.

> And "we'll pay you on exposure" is just as insulting to hear from a pirate as it is from a conglomerate.

Only in the context of certain expectations, which people can't accept were wrong and maybe shouldn't have been ingrained into them.

People rewarding what like, especially in the context of art, is how humanity has done it for the vast majority of history. You could say, perhaps, that sharing and rewarding is more in line with human nature.

I don't really have a problem with the involuntary shareware situation pretty much every dev has been forced into. I don't believe it's ultimately harmful at all.

> Giving away your 1.0 for free works at the scale of Microsoft or Adobe where you can reel them in later (by shutting off the very piracy they benefitted from).

I mean, most software these days that home users use tends to be open source with a donation button anyway.

Any software developer heavily dependent on commercial sales of a first version software product would likely already have some sale contracts in place, because it would be foolish to take out loans or be wasting money for something that might not sell.

> Small businesses can't sit on rent or debt anywhere near as long.

Then they shouldn't have ventured into software if they were unaware of what the market is like. This has little to do with piracy, unless you assume every pirated instance would be a loss sale, which is obviously never the case.

SkiFire13 9 months ago

I could see your point if the block was after a takedown request and Google did not comply, but this didn't happen. "Piracy Shield" doesn not send out takedown notices, _it just blocks IPs_ reported by a set of _private companies_.

johnklos 9 months ago

Do you have a source about "Piracy Shield"?

Daniel87654 9 months ago

https://www.wired.it/article/piracy-shield-piattaforma-agcom...

the source is in italian, couldn't find one in english that describes how it works but you can just translate it and it's more or less readable, from the source (google translated):

"On the platform, those who hold the rights, for example Sky and Dazn for football, upload the IP addresses or the Fully qualified domain name (Fqdn) , i.e. an unambiguous domain name that allows an online resource to be identified without a doubt, pirate sites that are broadcasting content without authorization , together with forensic evidence certifying the violation . Those who make the request have a few minutes to correct any errors, after which Piracy Shield generates a ticket and includes the report in the list of incriminated sites. Telecommunications and network operators draw on this, and have 30 minutes to block them. The process can also be automatic.

In the case of the Aiip trial, for example, the association has developed an interface, which it will provide to its members, which connects regularly, with a frequency of 1-2 minutes, to Piracy shield , checks the update of the list of sites to be blocked and, if there are new ones, executes the request. The platform also contains a white list of resources that, on the contrary, must not be reset. Piracy Shield is located on the Microsoft Azure cloud and can be reached by accredited operators only via VPN (virtual private network). At the moment the project aims to tackle piracy of sports content"

tourmalinetaco 9 months ago

They will happily boot legal websites off while defending animal torture and CSAM. I’ve made many reports to Cloudflare, Google, and the FBI when I come across said websites and so far I have yet to see any be even kicked off Google search let alone Cloudflare.

MacTea 9 months ago

How do you "come across" animal torture and CSAM?

gumboshoes 9 months ago

Not the commenter you asked, but for me I often find it in Google alerts, where to legitimize the site they have front-loaded it with real text scraped from legit sites.

tourmalinetaco 9 months ago

I won’t go too heavily into details, but I’ve had them come up with rather innocuous sets of words, ones that, horrifyingly, a young child would be likely to use. And if you include drawn media alongside photographic abuse material then it can be as simple as looking up characters from a cartoon.

izacus 9 months ago

Why do some of you so badly, sickly want companies like Google to be the police and block your content on their whim?

This site is full of proof they're biased and incompetent, why are you so prepared to give them rights that belong to governments?

throwaway48476 9 months ago

There was once a time people were able to host their own content.

izacus 9 months ago

Yeah, but HNers now demand that the hosters police and surveil the content of the customers they host for - even if they have no warrant or takedown requests from the governments.

Which, obviously, leaves only the largest companies able to play the mercenary police.

throwaway48476 9 months ago

The big companies found a way to centralize the decentralized internet.

johnklos 9 months ago

> rights that belong to governments

It's not that at all. If you report phishing / malicious content to them, you have a right to expect them to take action in a reasonable amount of time - not weeks, and certainly not never. This isn't a "right", this is a reasonable way to work on the Internet that's worked since the '80s.

Do they have a "right" to just ignore abuse complaints and host whatever they want, even if it's illegal, malicious or that violates someone's copyright, and to ignore all requests to take appropriate action?

7bit 9 months ago

If you host a house party, and you invite a guy that sells meth. And someone tells you that one of your guests overdosed in the bathroom and died. Then you let the guest sell more meth, although it was reported to you.

Demanding you throw out the meth seller has absolutely nothing to do with "giving them rights that belong to governments". It's your right of house rules to throw him out. And it's your responsibility as the party host.

But who am I telling this... A Freedom-troll will never understand...

cute_boi 9 months ago

well big companies use thousands of virus scanner, so this shouldn't be a big issue.

hulitu 9 months ago

Those are used for checklist compliance, not to protect from actual viruses.

lormayna 9 months ago

The problem exists in Italy: criminal organizations sell a box (called "pezzotto") that connect to illegal streams (mainly sport events). But the law to block it was written in a very terrible way and this tool is even worst.

dylan604 9 months ago

Pezzotto sounds like it would pair well with a nice chianti.

lormayna 9 months ago

If you are Italian, you can easily associate the "pezzotto" sound with the dialect of Napoli area. Chianti come from Toscana.

ranger_danger 9 months ago

Ironically from not-Italy:

Warning: Potential Security Risk Ahead

Firefox detected a potential security threat and did not continue to mil04s43-in-f1.1e100.net

Error code: SSL_ERROR_BAD_CERT_DOMAIN

VoidWhisperer 9 months ago

Likely having to do with the cert being for *.googleusercontent.com, and that is decidedly not *.googleusercontent.com

fulafel 9 months ago

The link is bad from a web browser POV so that's correct - it's using the DNS name from the ip address reverse lookup, but the web server cert there identifies to a different Google DNS name which would point to the same address. (But the point was to point to this CDN node and you can't really link to it on HN in any other way)

Psilocibin 9 months ago

I don't understand, can you explain?

xanth 9 months ago

Likewise, here in aus on a FireFox 131.0.3

BLKNSLVR 9 months ago

My 'uninvited activity'[0] system picks up quite a bit from googleusercontent, but also gets a bit from 1e100 network ranges, which is a bit surprising / disappointing.

I have to add exclusions for some google-owned network ranges just so my auto-blocking setup doesn't break some basics critical to just web browsing.

[0]:https://github.com/UninvitedActivity/UninvitedActivity

LAC-Tech 9 months ago

Link not working.

Though the term "Piracy Shield" is very editorialised. Shouldn't we just call it the Firewall? Eg what we call China's system.

PhasmaFelis 9 months ago

Link's not working for me.

cynicalsecurity 9 months ago

Why would Italy have anything called Piracy Shield? Is it located in the West or in China?

devjab 9 months ago

To combat illegal sports streaming and betting. On a deeper level it is to combat major crime organisations on a financial level. Italy actually has a lot of initiatives to do these things, though some obviously work better than others. One of the better is how every budget has to has through a government service, to tack illegal activities both internally and across borders. Many EU countries have various things like this, though in Italy is far more focused on the financial aspects because Italy obviously has a big past of organised crime to the point where these organisations rivalled the nation station.

The piracy shield is terribly implemented of course and does a lot of harm to things it wasn’t necessarily meant to target. Part of this is because the law itself is rather terrible and has already undergone multiple changes and amendments, but part of it is also that Italy has a rather tough “no fucks” policy toward major tech companies.

str3wer 9 months ago

there is no deeper level, they want to stop soccer streaming, simple as that.

thefz 9 months ago

> On a deeper level it is to combat major crime organisations on a financial level.

Lol no, on a deeper level it is to preserve mafia's profits in the soccer business.

PeterStuer 9 months ago

The real question is: how did you come to believe 'the West' does not censor?

0dayz 9 months ago

And this is meant to insinuate what exactly?

PeterStuer 9 months ago

I find it curious how people in 'the West' fail to recognize the extend of propaganda by their own media, corporations and governments, while they seem to have no qualms attributing the same machinations to the rest of the world.

0dayz 8 months ago

Oh yes so curious indeed, you should try and look inwards some day curious person, who knows what curiosity you'll find on your curiously curious adventures.

slim 9 months ago

that the west has no moral superiority over china

poincaredisk 9 months ago

There is a vast difference between "oppressing people who dare to mention a certain historical event that the party doesn't like" and "blocking some malware or illegal downloads on the DNS level". I hope you're not being serious when you're equating them.

slim 9 months ago

you sure the west is not doing that "oppressing people who dare to mention a certain historical event that the party doesn't like" bit ? think again

0dayz 9 months ago

Given your evidence of zero, no.

0dayz 9 months ago

And has "the west" proclaimed this imaginary "moral superiority"?

hulitu 9 months ago

They said that in the TV. We are free living in a free country. /s

Mr_Minderbinder 9 months ago

If I recall correctly they were also the first Western country (or the first country overall outside of China) to implement lockdowns, at a time when everyone was saying that we couldn’t do them and that lockdowns could only happen in a country like China.

immibis 8 months ago

They were the first Western country to get a COVID-19 outbreak.

sadbutttrue 9 months ago

All European countries censor the Internet to some extent.

OpenDNS is not operating in France and Portugal, for example. There are many other cases.

Sometimes it's because of piracy, sometimes it's because of terrorism, sometimes it's because it allows voters to post comments about immigration or vaccine policy, or criticism about certain Western allies committing war crimes and ethnic cleansing, etc.

nerder92 9 months ago

Here a thread with some tests to confirm this: https://x.com/g_bonfiglio/status/1847728976933904453

9 months ago

raffraffraff 9 months ago

Tbh, screw Google. They think that their monopoly makes them untouchable, so they abuse their position. Eg: yesterday my wife's friend group received an email from one member of the group. It contained 10 links. Other Gmail users replied-to-all. But my wife (not a Gmail user) had her reply blocked because the email contained 10 links. She was replying to the person who sent the email.

Pardon my language, but fuck you Google. If you want to implement mail filtering rules, do it fairly and equally.

Elizabeth0147 8 months ago

[dead]

aquatica 9 months ago

If you are connecting from an Italian ISP to https://mil04s43-in-f1.1e100.net you're going to be greeted by a message from AGCOM telling you the website has been used to spread copyrighted content.

This already happened with a Cloudflare CDN before. https://community.cloudflare.com/t/blocking-of-my-website-vi...

https://imgur.com/a/EKFHROX

cdesai 9 months ago

How can they do that with HTTPS though?

HTTP sure they can happily MITM and redirect, but with HTTPS you need a valid cert.

aquatica 9 months ago

Your browser shows a TLS warning saying that the certificate doesn't match. If you override it, it brings you to that page.

This is not a DNS block, the IPs are owned by Google, Italian ISPs are forced to forward the traffic of a blocked IP to AGCOM's servers.

toyg 9 months ago

DNS.

gruez 9 months ago

Connecting with https prevents any DNS poisoning, unless the ISP managed to get a fraudulently issued certificate or a MITM root CA installed on the end users' devices. Neither seem likely.

toyg 9 months ago

It's not poisoning, it's blocking.

patchymcnoodles 9 months ago

I don't get that, and I'm connecting from the biggest italian provider TIM. I first get a warning from the browser because of the certificate. If I go forward I just get a 404. But maybe it changed in the last hours?

aquatica 9 months ago

TIM and WindTre have overridden the block, don't know about the other ISPs.

dangsux 9 months ago

[dead]

9 months ago

olliej 9 months ago

Wow I can’t believe that no one thought this could happen /s