Plot twist: RIAA and MPAA own all the major VPN providers, and/or the data centers they rent from.

/ConapiracyTheory

What are you even on about? One person could conceivably add CSAM to a torrent that you eventually download, and you could find yourself subject to a criminal investigation.

I’ve gone my entire adult life downloading copyrighted material without using a VPN

“I’ve been fucking multiple partners weekly my entire adult life. without protection, and I haven’t gotten AIDS yet.” <— That’s you. That’s what you sound like.

You are giving your ISP every thing that a rightsholder needs to harass you, with your understanding that laws and corporate policies currently protect you from that harassment. But you ignore that those policies can be changed, and those changes can apply to data you’ve previously given to your ISP. When rightsholders start arguing “think of the children” and pointing at such torrents, that’s the kind of thing that gets laws and policies changed.

Why give them the information in the first place? Why not keep that information away from your ISP? Why trust them to do the right thing when you can easily deny them the ability to do wrong?

That level of paranoia is a waste of energy.

I know I am paranoid, but am I paranoid enough?

Identifying and evaluating vulnerabilities is a critical component of any security plan. In a good one, any vulnerabilities will be well outside the scope of feasibility.

Why would some Hollywood studio plant CSAM in a torrent?

To cast FUD on piracy in general. To inextricably link “pirate” with “pedophile” in the mind of the general public. To convince the general public to treat copyright infringement as criminal rather than a civil matter.

That would implicate them as well.

They hire or extort someone to initially seed from some third world ISPs, and the swarm takes over from there. It never gets traced back to them.

It would cost them far more in legal fees to come after me than to just leave it alone.

You aren’t the objective, just the means. The purpose is to make piracy a truly objectionable practice in the eyes of the public.

None of this is a likely threat, but is any of it completely outside the realm of feasibility?

You don’t have any justification to be that condescending. Your security practices are reliant on the law, and the law is not a factor under your direct control. It has changed without your input before, and it will change without your input in the future. Meanwhile, your ISP is building a record of your non-compliance that it can provide to rightsholders just as soon as it likes.

Good security practice minimizes reliance on factors outside your control. You can’t control whether your ISP has your personally identifiable information, but you can deny them knowledge of your data transfers. You can’t control whether a VPN has knowledge of your data transfers, but you can deny them knowledge of your PII.

Also it definitely would cost them if they told me “we have not responded to this notice from the rightsholder” and then turned around and did exactly that. That would be a flat out lie to their client.

As of the time of their letter, they had not responded to that notice. They could respond tomorrow without ever having lied to you. You would not have grounds to sue.

Just out of curiosity, will your Canadian ISP and your (current) Canadian laws protect you when a rightsholder portrays you as a pedophile instead of a pirate? If they anonymously publish a torrent containing their movie and some hidden CSAM, are you fucked?

What incentive do they have to actually follow through on that claim?

I pay my ISP $600/yr. If a third party with a bug up their ass creates $601 worth of trouble for my ISP, why wouldn’t they throw me under the bus?

No ISP is deserving of the kind of trust you describe. It costs them nothing to put those words in a letter.

I don’t particularly trust a VPN provider either, for much the same reason. But, the VPN provider wants to know as little about me as possible, while the ISP needs to know everything.

On the public wifi, the operator of that wifi can see any data you pass through their network. They can likely see what sites you visit, but probably can’t see what data you send to and from those sites, due to encryption. Unless they have an account with you, or you provide your information in clearext, they can link your data to your devices, but not to you directly, at least not from your use of the AP. They can potentially link your data to your image on their cameras, and thus your identity.

Your ISP has the same access to your data, but they also have a payment account linked to you, and they regularly cooperate with rights holders and law enforcement.

A VPN can do the same thing as an ISP: they know what sites you visit, but probably don’t know what data you are sending and receiving, and they can link it to your payment account. However, they generally do not cooperate with rights holders, and may or may not cooperate with law enforcement in their jurisdiction. While you are using a VPN, your ISP knows you are using them, but doesn’t know what you are sending back and forth, due to encryption.

If you want to remain as anonymous as possible, use a burner device with no accounts on public wifi.

If you want to avoid harassment by rights holders while you engage in piracy, a VPN is sufficient.

Can’t tell if you’re drinking the Kool aid… Or serving.

I can think of a couple ways this post makes sense. For example, if Denuvo paid this commenter to make this post.

A proxy operates on the application level; a VPN on the OS level. Both the VPN and the proxy are susceptible to OS-level threats. The proxy is also susceptible to application-level threats that the VPN is not. A misconfigured or exploited torrent client, for example, could ignore the proxy and expose your public IP. With a properly functioning VPN, that faulty application can only expose the public-facing end of the VPN tunnel.

Self hosted VPNs are not suitable for sailing the seas. Self-hosting a VPN server only provides remote access to your local network. It does not provide any sort of privacy benefits, because the tunnel exit is an IP address traceable to you.

If they are paying for it, it’s either not self-hosted, or they are paving a licensing fee for the VPN software they are running locally.

Is the legal environment tomorrow going to be the same for you as it is today? Are they going to change the law, (or the interpretation of it) tomorrow? Have they already done so, but that news hasn’t reached you yet? If they have changed it, does a hostile entity have your information already logged?

To answer your question, yes, you should be concerned about exposing your public IP address.

Not really, no.

When you understand how to ask the question, you will already have your answer.

Basically, your ISP, VPN, or your own networking equipment is going to be your chokepoint. The only person who can actually determine which one of those three is the slowest is… You. Nobody else has that information.

Until you can understand the distinction between “upload” and “download”, you cannot understand the information your ISP, VPN, and the manufacturers of your networking equipment are providing to you.

(On a tangentially related note: If you don’t have a VPN, go ahead and uninstall your torrent client until you’ve spent a lot more time studying networking concepts.)

Aka, your “upload” speed.

According to the article, it requires them to get accreditation to operate in in Italy, unless I’m reading that wrong.

Uh huh. So, I put a DNS server and VPN server online, and an Italian happens to find it. Is Italy going to try to extradite me or something?

I understand the concern and I’m sure it does happen, but I have literally never heard this complaint from a single person that I actually know. What movies/services has this actually happened to?

Pretty much every digital platform at some point or another.

Relevant xkcd

A VPN is just a relay. Copyright trolls know you are uploading because you are connected to the swarm. Whatever IP address the swarm sees, the trolls will also see.

You can make it harder on them by selecting a VPN provider that doesn’t log. You can make it harder for them to put pressure on your VPN by selecting an endpoint in a location unfriendly to trolls. Make them cross multiple jurisdictional boundaries if they want to get to you.

Trolls will look for the best return on their trolling. If they ever decide to come after VPN providers, they will probably target the one with the largest number of pirates in their jurisdiction. Consider a VPN provider outside Germany and the EU. South American or Asian VPN providers might be good choices for you.

“I saw a guy get shot last night. He was close enough I was able to record the whole thing in my phone. The police say that the victim was wearing a blue shirt, but didn’t mention they were also wearing a yellow hat. I’ve saved the footage, but I won’t be posting it anywhere, so don’t even ask.”

I make that statement on Reddit. Investigators see that my statement matches their crime scene.

They can subpoena Reddit for my reddit account information, including the IP address from which I posted that comment. They can subpoena the ISP who controlled that IP address and get subscriber information. They can then go to that subscriber and request and require their assistance in identifying the specific person who made that comment. They can then question that commenter as a witness, and subpoena their video.

That’s basically what the rightsholders are trying to do here: subpoena “witnesses” to Frontier violating its duties under Safe Harbor provisions.

I agree that they should be told to go fuck themselves with rusty Buicks, but they do have a (tenuous) legal claim for the information they seek.

Nobody is claiming that Frontier should be monitoring traffic.

Safe harbor provisions require them to forward DMCA letters to subscribers when rightsholders send them, and suspend service to repeat violators.

A subscriber who has received 44 DMCA letters without Frontier suspending their service is evidence that Frontier is not abiding by their safe harbor obligations.

The rightsholders want the identity of a person willing to make such a claim, so that person can be compelled to testify that they weren’t lying their ass off when they made that claim.

I reject your idea that it could allow copyright laundering. A copy of Mario from my video is still a copy of Mario. My license to play the game allows me to incorporate my gameplay into a new work, but extracting that character from my work arrives at a character indistinguishable from Nintendo’s.

I would not be violating Nintendo’s copyright to license my video to Montendi, but Montendi would be violating Nintendo’s copyright when they extract that character and use him in their own game.

If I play Destiny 2 on my twitch stream, at the end of my stream, my audience has watched a video. Someone recording my stream has a copy of a video that I have produced. Bungie’s copyright is for a game, not a video. My audience does not have a game. My audience cannot play their “copy” of Destiny 2, because what they have is not a copy of what Bungie holds the copyright to.

I hold the copyright to my performance, not Bungie. The movement of my character and the sound of my voice are under my control, not Bungie’s.

You are correct about a public performance of a song or video, but not a playthrough of a game.