I frequently receive cease and desist notices from "legal entities" demanding I stop selling the officially authorized clothing brands on one of my sites...I ignore them. Nothing ever happens. It's a competitor, or competitors, trying real hard to take over my search engine rankings by trying to shut my site down. These DMCA requests are the same thing - basically bullying or scare tactics. Real legal requests, etc. come in the form of physical paperwork, signed and sometimes notarized.
Sorry for the irrelevant reply, but I'm trying to get some attention on this.
This youtuber got a fraudulent DMCA notice, and his counter-notice got automatically rejected. The person who sent the notice isn't associated with the devs, and is asking for a $100 ransom to get the channel reinstated. How could this be fixed?
But in this case, we're talking about notice being served via service providers for hosting and domains. They have the choice to take immediate action or ask you (TFA was lucky) and let you have a period to refute or comply. At which point the complainant can take you to court and get a real order to remove the material. The service providers need to follow this formula to preserve "safe harbor"; otherwise they're seen as picking a side and would become liable.
If you ignore the DMCA takedown process from a service provider, you lose service.
That is to say, a real DMCA takedown involves no papers, no notaries, no being served or court summons. It's a quick and digital way to take something offline. If you ignore it, you'll learn that the hard way.
---
That all said, there are plenty of people who use real lawyers to send "I don't like what you're doing, [stop it, pay me]" demands. I still wouldn't ignore these. Some might have merit, you might have overlooked something and early compliance is often cheapest.
Not my experience at all. Been through double digit amount of bogus claims on Hetzner.
They usually forward the takedowns to me, I take a look at them, let Hetzner know they're bogus claims and that I'm not planning on taking action, and that's where the story ends.
Sounds like you had better luck than I did. After about a year of getting DMCA notices, Hetzner told me to remove my IPFS gateway from their network or they would kick me off.
I followed the DMCA process, added nginx block rules to make all the content mentioned in the DMCA notices impossible to access, and even submitted "statements" to Hetzner for each DMCA notice they got. None of that saved me.
If these entities have a legitimate grievance with you such as passing off fake branded goods or a willful interference with a private exclusive licensing agreement for product resale (tortious interference with a third party contract, common law breach of design rights through passing off which is two torts and obviously the inevitable harm to the revenues expected from that agreement which was never open to you) they can just serve the DMCA notices on your upstream provider and enforce effective disconnections of your storefront.
This statutory and perfunctory hence effectively attorney free process would have relieved the beleaguered BIOS developer's concerns discussed here the other day and this is a and usually effective right of protection that's rare in its accessibility to the common man instead of the largest businesses.
Is there any way to bring a private prosecution for perjury under US law? IANAL but I have the impression that it's something you could do in the UK, and the legal systems are similar. Obviously it wouldn't be worthwhile for a typical site operator or even most hosts, but you can imagine that someone with deep pockets who receives lots of dodgy notices could run something like Cloudflare's Project Jengo as a public service to go after a number of obvious abusers of the DMCA process. Knowing that Bad Things might happen of you lied on the takedown notice might focus people's minds.
Federally, not since 1981. On the state level, some states do provide for a process that is recognizably analogous but still differ state to state, sometimes greatly. Also, states differ as to how direct a route a citizen-initiated complaint can directly affect the actions of the judicial system - some states use prosecutors as a gatekeeping mechanism, while others allow it as a process distinct from the prosecutorial system and so would skip over the gatekeeper and directly go to the judge. I don't know about most states, but I know that it's a mechanism that New Jersey, Washington, New Hampshire, and Idaho recognizes.
This is a sufficiently niche field of even criminal law that would require you to hire a lawyer to handle anyway. And usually there's some statutory limitation on what sort of prosecution a private individual can initiate. It's generally just not worth the trouble.
The DMCA does allow for a separate, federal, and civil cause of action to recover damages if the filer of the takedown notice knowingly and materially misrepresented the operative parts of the notice. 17 U.S.C. § 512(f) is where this cause of action resides. However, to prove "knowingly" and "materially" at the same time is a pretty high bar, although it might be possible to get a default judgment if they simply don't respond. Still, this is a limited remedy that most people won't be able to take advantage of since it involves potentially costly litigation and no punitive damages. It's not a prosecution of any sort, but it's sadly the best (only) option on the books that counts as relief, however limited it is.
The balance is so lopsided a workable strategy is to just retract the complaint if it is answered by a credible threat of a lawsuit.
It’s like stealing from the candy shop and if you’re caught, you just put back the candies you took that time. Not a deterrent for those who don’t care about how it makes them look.
Yes and yes. Whenever a DMCA takedown notice is filed with Google the allegedly infringing URL is quickly removed from the SERP. Google will notify you (and the public) in following ways:
1. Publishing the request on lumendatabase.org
2. Informing you through the Search Console (which has a delay of a few days)
3. Publishing the removal on Google Transparency Report website
4. Publishing a note at the bottom of the SERP mentioning that a website was not featured on the results due to a DMCA takedown notice with a link to lumendatabase
Google takes the ”I trust you bro” stance and delists your URL until (if ever) you file a DMCA counter notification which can be done through Google (can look up the link if you need it).
I don't necessarily think it's "I trust you bro", I think it's more "Section 230 requires us to delist any content immediately until a counter claim is filed to maintain safe harbor protections".
But I'm not a lawyer. Just listened and read a lot about this kind of content.
If someone sends you a DMCA takedown request for URLs that aren't even valid, then you can reply that you've complied with their request and taken the (nonexistent) material down: you are no longer serving content from those URLs because you never were.
I think that what's going on here is incompetence, not fraud.
You shouldn't have to reply with anything. Entities with no proof, due diligence, or process shouldn't be able to make you incur a cost (of discovery of compliance) just because they feel like it.
Sure, in this case, 30 minutes spent and done.
Recently I got a per capita tax bill for a town I didn't live in. They wanted payment for the last 8 years. I lived in a different town entirely (2 towns during the time in question).
When I filled out their form to contest it, they asked for deeds or leases for the duration to prove I didn't live there.
I told them I wouldn't provide such documentation without some proof to the fact I didn't live where I said I did. They responded to ignore the bill, it would be removed (which it was).
To me even the time I spent on this was excessive. In a just world, they'd be liable for my time. Entities, private or government, shouldn't be able to incur costs on our time and life due to their bullshit reasons or error.
If there were a law that stated the organisation (corp and gov) must reimburse people for their time wasted due to false accusations it would make a lot of these time wasters go away, when they know there is a consequence for these types of accusations they'd think twice.
Government and legal entities should be optimizing for people's time.
I believe it’s not only a matter of financial reimbursement but also respect and acknowledgement of an individual’s time, which is a non-renewable resource. Law like this would encourage organizations to be more careful and responsible, fostering a culture of respect and accountability.
> I think that what's going on here is incompetence, not fraud.
There’s a middle ground: sabotage. DMCA complaints have asymmetric incentives. You can, afaik, send a near-infinite number of (generated, duplicated, likely-to-not-exist) complaints at the cost of an email. As a host, you are obligated to comply with each individual report. Automating the process of decoding arbitrary emails, mapping to content you have and verifying that it’s copyrighted is extremely hard if not impossible, so you end up with a manual defense against an automated attack. This can obviously be exploited for purposes of sabotage.
Imagine sending bulk emails to the police reporting all people you don’t like for all crimes you can think of, without any risk. Or if you could call mayday on the sea, get other ships to reroute and risk their lives, with no consequences.
> Imagine sending bulk emails to the police reporting all people you don’t like for all crimes you can think of, without any risk. Or if you could call mayday on the sea, get other ships to reroute and risk their lives, with no consequences.
I love this analogy because we find it wouldn’t work because it would likely raise some flags: 1) sudden influx of reports, 2) the person reporting leaves no reliable way to reach them back, 3) the people are already not on the police’s radar, so that in itself becomes suspicious.
If you even reply to them you acknowledge their validity and accept whatever legal geography they send it from to be judged on, if you're outside the US. ignore them
While the DMCA is of dubious legal authority served on sites hosted outside the USA, you need to make sure your hosting company is in on your policy position as they will start taking the heat once you start disregarding all the notices.
You can find yourself being extradited. The legal grounds matter little, as you may find yourself in a Kafkaesque process that will ruin your happiness
I have ignored this for years when I was a digital pirate in Europe.
Fake DMCA bogus can also index you out of google, even your homepage where no 3rd party links are found if you don't fight them
I got lawsuits from the RIAA but non related.
You can safely ignore DMCA's if they're not applied to your jurisdiction, BUT your host and other providers won't when they go upstream unless they also are like in china russia or whatever ignores the US asks
I remember this case from the UK, well the five-eyes english kingdom is very strong in it's ties.
I only know of cases getting condemned in my country when they accepted dubious plea deals. Very few. Anecdotical.
I read somewhere if you think a law Is unjust, you must break it, but do so publicly accepting facing any consequences.
If extradition is on the table, and jail on the US, maybe we need some more martyr's to suffer through this to make a point that copyright is absurd nowadays.
From my understanding, this would put you at a significant legal risk. Part of the DMCA is a counter suit, and the courts would seriously frown on this kind of tactic. It would seriously negatively impact your case, and could get you labeled a serial litigant (not for doing it one time), which would put any filing you made under serious scrutiny.
Not a lawyer. Just watched and read a good bit about this kind of thing.
"ddos" via DMCA requests is an actual thing. There are actual methods that a few ddos-as-a-service providers provide (aka booters or stressers) that will fling tons of DMCA/abuse reports at your hosting/cloud provider to get them to take action on you.
No, since the law is what defines whether you're actually under penalty of perjury, and the law says "A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed". You're only committing perjury if you falsely assert that you're authorised to act on behalf of the owner of the allegedly infringed right. Incorrectly asserting that you're under penalty of perjury if you falsely assert that the information in the notice is accurate is further evidence of incompetence rather than of fraud, sadly.
> You're only committing perjury if you falsely assert that you're authorised to act on behalf of the owner of the allegedly infringed right.
The courts don't care about that either. In at least one of the cases against ISPs (cox I think) the RIAA sent a large number of DMCA notices for works they didn't even own the copyrights to. After years of work the ISP's lawyers found a bunch of them and told the court who did reduce the damages they were on the hook for to account for the invalid DMCA notices but the court took no action whatsoever against the RIAA for sending them.
Isn't perjury the act of swearing to something that isn't true? He did do that. Whether he was required to swear to that is surely a separate question. He wasn't required to swear to that, but he did. Is there not a penalty for just plain lying under oath?
> Isn't perjury the act of swearing to something that isn't true?
Perjury is lying under oath. The statement must be made under oath to be eligible for perjury. And making a statement under oath is a formal process, dictated by court or law.
You cannot make yourself be under oath. Swearing something to be true doesn't count, unless there is a legal context that makes it true. Swearing in a witness in court makes that happen. Some laws (like DMCA) make statements in certain documents oathful. But it is the law, not the document, that decides that.
It seems like "swearing" has been overloaded in your jurisdiction?
In my common law country, at least, when you swear something, it's an oath, and only an oath. We have a non-religious variant, no almighty God required, where you solemnly affirm to the same effect, and false information provided is perjury, punishable by up to 7 years imprisonment (if you perjured yourself in a judicial proceeding), unless you perjured yourself to get someone falsely convicted for a serious crime, then it's up to 14 years.
We also do statutory declarations, where you only declare it to true, but false information in one of those is still a crime, with a lesser penalty.
Oh, and we have a fun wee clause that maybe your jurisdiction doesn't? Where if you swear an oath, it can still be perjury even if it's not being sworn in a judicial proceeding. Only 5 years though.
So yeah, what does "swear" actually mean in the US? I don't get how you'd swear a DMCA takedown without your oath being taken. I figured if it was legit sworn, they'd do the usual "sworn this day X at BLA, witnessed/authorised/etc by Z"
Are they just trying to sound legal and scary, or is that format required in a takedown?
Not a lawyer, nor do I play one on TV, but I've been an occasional customer of the judiciary sufficiently to pick up the vagaries.
You don't swear anything with a DMCA, the law says this in 3.A.vi:
> A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
If I say "I swear under penalty of perjury that the earth is flat" in a cease and desist letter, even if I know that the earth is not flat, I cannot be found guilty of perjury because it is not a context in which I can perjure myself - I am not under oath in a court of law, and there is no other law that constrains my freedom to say such a thing. Title 17, Section 512(c)(3)(A)(vi) says that a valid DMCA takedown request must contain an assertion, under penalty of perjury, that the author is authorised to act on behalf of the copyright holder, and as a result making that claim falsely would be perjury. But the reason it's perjury is that the law says that the claim is under penalty of perjury, not that someone wrote "Under penalty of perjury" at the beginning of the sentence.
If I understand this correctly, it's perjury if they claim ownership over a video of you playing some Bach on piano on Youtube (which has also happened), but it's not perjury if they claim ownership over something that doesn't exist at the claimed URL?
It's more complicated than that - recordings have copyright independent of the original works, so if you make a recording of Bach now, you have copyright over that specific recording even though the music itself is out of copyright. So if someone were to file a takedown request of someone playing Bach on piano on Youtube on the grounds that you had used a recording owned by someone they were authorised to act on behalf of (even if you hadn't used that recording!), that wouldn't be perjury. But if they were to make the claim that they were authorised to act on behalf of Bach himself (which, clearly, they're not), that would be perjury.
But if the video is simply you playing Bach, does that mean they fraudulently claim to represent you? Or are they fraudulently claiming Sony (or whoever) owns your video? Or are they merely correctly claiming that Sony owns something obviously unrelated to your video, and they're incorrectly but not fraudulently claiming that that thing is related to your video?
I guess it's the third option. Which is frustrating, because I think that it's still harmful, especially when it's so obviously false.
If they knowingly misrepresent a claim that content is infringing, they're liable for damages (17 section 512(k)(2)) but didn't commit perjury. If they are simply negligent in making a claim (eg, because a piece of software told them an infringement had occurred and they didn't actually verify that), they're probably fine. This obviously makes abuse trivial and if anything actively discourages people from verifying whether an infringement actually exists - if they do and then send the takedown notice anyway they're potentially liable for damages, whereas if they never bother then negligence doesn't seem to result in bad outcomes for them. The DMCA is bad law.
Can't somebody take the precedent set by those lawyers using ChatGPT to whip up nonsense for the court, and take these DMCA mills to tadk for conduct unbecoming for not verifying that, in fact, any software generated flag actually has merit before the Courts?
The Courts have been clear and unambiguous that their time is not to be wasted on BS, and that an attorney has the Duty of Care to ensure that what they vouch for is representative, and truthful.
Why is this still done at the scale it is if, in fact, the Courts are enforcing due rigor?
...The answer likely is, they aren't, and big tech is usurping the authority of the Courts to weigh in, thereby disrupting due process. In doing so, their legal team is committing the same censurious behavior, by advising their client to act unlawfully too.
Frankly, I'd start being thrilled at such notices if I could find an attorney willing to take a shot at holding notice generators to account for false positives, and service providers who cancel service without complying with due process accountable.
In fact, if the Courts were sufficiently dedicated to it, it would create a selection pressure on attorneys to ultimately be truthful, lest they be hunted by one of their fellow attorneys who actually is honest, and willing to check.
Who watches the watchers? Another watcher, with the incentive to reap a reward for proving the falsity of a claim.
Let the attorneys feast on one another for a bit, and eventually we should reestablish some sanity.
In this case the URLs contain valid IPFS hashes. The ones that I've tried all resolve to real files with the IPFS CLI.
The issue is they've never been requested from the gateway that the DMCA notices are being sent to. They might be blocked by the gateway, they might fail to resolve on the gateway for other reasons, or they might work. Nobody checked before sending the complaint.
Yeah, and then the sender writes back to complain about the 1 address that was real. If this person is a paralegal, complain to the law firm. If the law firm doesn't respond, complain to the bar.
I am sure I'm preaching to the choir here, but the DMCA is just such an egregiously bad law. Its main use cases are this kind of consequence-free fraudulent terrorism and the much worse draconian de facto state enforcement of extremely customer-hostile business models. It needs to be nuked from orbit
If i go to the website it looks like a service for porn producers like only fans to trigger DMCA to porn sites. So why are you coming with this story when the business model is something else. I guess to promote your site.
No we get 1000 signups a day for all revenge porn take down. We do help content creators but the vast majority of our customers are consumers taking down non-consensual intimate images.
Edit: HN isn’t our demo so I’m not trying to promote it here.
Any idea why these victims go through you rather than through charities like https://stopncii.org/ who offer takedowns for free? I can see the value-add of monitoring, but the price you're asking seems rather steep for (often vulnerable) victims of revenge porn.
You are abusing the wrong law to do the right thing. You should be using privacy related laws for revenge porn, not copyright ones. Your actions prove OP's point.
There is value in the Takedown service but our major value is the facial recognition search.
If you think that people won’t pay $25 to remove all the images and videos uploaded to porn across the internet with a few button clicks then you’ve clearly never had to worry about such things.
Someone would have to spend $500k to scan and process the internet before they could come close to offering the coverage we could for $25.
It’s incredible what kind of bubble HN lives in sometimes.
EDIT: also, we limit it to two free DMCA’s to prevent abuse and we have a tutorial on our site on how to do your own DMCA for free.
We’re not running an exploitative business, we’re helping people.
Yeah but if DMCA takedowns have a more immediate effect (the revenge porn is removed ideally before it has a chance to spread further), they're the better option in this case.
Could you do both? DMCA for a fast response, then a civil privacy related lawsuit for compensation etc? The civil suit can take ages.
There are no privacy laws that protect people from these kinds of uploads. We only have DMCA. Your vitriol only proves a lack of education around these topics.
Which country in the world do your customers live in where there's no privacy laws regarding revenge porn? I'll look them up myself, since ad hominem seems to be your only argument.
Inferring it's the USA from DMCAs, which states are lacking privacy laws, thus making revenge porn legal?
Our claims aren’t in personality/publicity rights it’s on model release forms. Literally an unauthorized model that they are commercializing from a non-public setting.
I would argue that’s a very good example of why it’s a bad law.
The intent is good, but what are we talking about here? This law, the “Digital Millennium Copyright Act”, used to pull down content that is effectively an invasion of privacy? How do those things at all intersect?
It’s too broad and too able to be abused. Laws should be very precise and narrow.
Regarding privacy, we should have laws on the books to protect one’s privacy in cases where the public as no interest of import.
We aren’t abusing it. These people featured in this non-consensual imagery haven’t signed model release forms so running ads on their content without reimbursing them is a commercial infringement.
We’re not arbitrarily sending DMCA’s to get things taken down. Our copyright holders haven’t approved of and are not benefiting from the financial gains of their stolen works.
It sounds cold to phrase it that way, but that’s how America protects its people, only as a function of money.
You’re not abusing it because it was written to be abusive. The law itself is abusive, your usage of it just illustrates its ability to be flexible enough to be used way outside its intended bounds.
I applaud your work and I stand by what I said about narrow and focused laws for protecting privacy. It’s not every day we can do something good with something bad, but I don’t know if the good that is done fully outweighs the bad that it causes, especially when better options could exist.
We have very close relationships with Trust and Privacy officers at both our payment providers and AWS. They love what we’re doing and have facilitated introductions to other organizations.
I think its main use case is safe harbour. Without the DMCA, if I posted something infringing copyright, Hacker News would be liable as the service provider. DMCA shifts the blame to me, but the publisher has to comply with takedown requests.
I think overall this is a good thing for an internet that hosts user-created content, which includes comments, but they could definitely tidy up the implementation. As it stands you are allowed to reject the claim if you think you are in the right, and the company should restore the disputed content if you do so - but some like YouTube operate above and beyond the DMCA and seemingly intentionally blur the lines a lot so people blame the DMCA and not their custom process.
If you're a service provider, you don't have to listen to a DMCA request; just the safe harbor the DMCA gives you evaporates and you're on your own (like service providers were before the DMCA).
I agree it would be good for the DMCA to be strengthened against abuse like this, but it's better for everyone than if we didn't have it.
Without the DMCA, any host could be liable for their users' content. The DMCA was created out of necessity; without it, the internet couldn't exist.
The implementation may be mostly written by the copyright industry, especially the way spurious takedowns are completely legal, but we're better off with the DMCA than without. With the power copyright and trademark institutions have now grown to, I also don't think I would like a modern re-interpretation of the law.
The EU did some copyright rework. As expected, lobbyists turned copyright law into a shitfest designed to serve large companies with boatloads of IP. I would hate for the USA to also fall victim to that.
The DMCA is very much a shitfest designed to serve large companies with boatloads of IP. The takedown notice procedure negates the benefits of "safe harbor", which has been pretty thoroughly weakened in other laws and rulings as well, but the harms of it are miniscule compared to the anti-circumvention sections, which has reshaped practically the entire economy to serve corporate power in a way that not only disadvantages, but often actively harms most individuals, especially if you believe that loss of freedom or livelihood is a harm
>Without the DMCA, any host could be liable for their users' content. The DMCA was created out of necessity; without it, the internet couldn't exist.
Wait, what? That seems at odds with section 230 of the CDA. What the DMCA established was the notice/takedown/counter-notice process. Section 230 makes hosts not liable for their users' content.
My understanding is that section 230 is more about free speech i.e. your defamatory statements do not allow me to be sued if you post them on my site as a comment. The protections do not cover illegal speech, such as copyright infringement.
That’s kinda like saying the law that allows you to only murder people on Mondays is great, because otherwise you’d be allowed to murder people every day. No, that is not great, that doesn’t enable anything, the proper solution is not being allowed to randomly murder people any day of the week.
Here is how my country does safe harbor: If you are a website like Hacker News that publishes user-generated data, you are considered a "hosting provider". Hosting providers have no responsibility to check or enforce legality of the user generated content as long as they log the IP addresses of the users for at least 1 year.
This in my opinion is a much neater solution than DMCA.
Citing from the related law:
>ARTICLE 2
>e) Access Provider means real persons or legal entities that provide access to Internet for its users,
>f) Content Provider means real persons or legal entities that create, amend or provide all kinds of information or data presented to users on the Internet,
...
>m) Hosting Provider means real or legal entities that provide or operate systems that host services and content,
...
>ARTICLE 5
>(1) Hosting provider is not obligated to check the content it provides or to investigate whether it is an illegal activity.
>(2) Hosting provider is obliged to remove the content that is against to law if it is notified according to Articles 8 and 9 of this Law.
>(3) Hosting provider is obliged to keep traffic information for the services it provides for a period of not less than one year and not more than two years, to be determined in the regulation, and to ensure the accuracy, integrity and privacy of this information.
...
>ARTICLE 8
>(2) The decision to block access is given by the judge in the case of the investigation and by the court in the case of prosecution. In case of any delay in the investigation, the public prosecutor may also decide to remove the content and/or to block access. In this case, the public prosecutor’s decision shall be submitted to the judge’s approval within twenty-four hours, and the judge shall make his decision within twenty-four hours at the latest. If the decision is not approved within this period, the measure shall be removed immediately by the public prosecutor.
>(3) A copy of the decision to remove the content and/or to block access given by the judge, the court or the public prosecutor shall be sent to the Authority for the further action.
>(4) The decision to remove the content and/or block access to publications whose content constitutes the crimes stated in the first paragraph shall be given ex officio by the President. This decision shall be notified to the relevant content, hosting and access provider and is asked to carry out its requirements.
When someone sends a DMCA notice, they state that "under penalty of perjury, they are authorized on behalf of the copyright holder". That is the only part that they can get in trouble for. Whether the work is identified correctly or not is irrelevant.
You can counterclaim that the content you're sharing is in fact fair use or otherwise not infringing, the original claiming party has some time to sue you, and if they don't, you can sue them for damages caused by the takedown. I don't know whether anything can be done about a takedown notice on content that never existed in the first place, perhaps some generic harassment complaint?
> and if they don't, you can sue them for damages caused by the takedown.
You can counter-sue them regardless of whether or not they sue you. They have made a claim that you are in violation of the law. You are allowed to go to court first to get a "declaratory judgment" that you are not. https://youtu.be/-7H8SZMwz24?t=1320 (30 seconds to watch relevant part)
Would there be damages if their claim was found false? If not, then that's still just legal noise to them (although it could be a step towards something that actually hurts).
This youtuber got a fraudulent DMCA notice, and his counter-notice got automatically rejected. The person who sent the notice isn't associated with the devs, and is asking for a $100 ransom to get the channel reinstated. How could this be fixed?
I think this person, Gareth Young, has at some point worked for Covington (one of those LinkedIn scrapers seems to have caught their profile: https://www.arounddeal.com/p/gareth-young/m6oymuxsnd/ but those sites are usually trash so who knows when this was still relevant).
The ciu-online domain is hosted by https://www.ravensbay.co.uk/ which "developed a high performance database system to automatically track infringements and issue notices to website owners and other parties who are publishing their client’s intellectual property" and "maintain and develop automated web crawlers to search the internet for possible infringements and analyse the page content to identify actionable cases".
Based on the status of various URLs in the IPFS.io and Cloudflare IPFS gateway, I'm guessing these people are searching IPFS for copyright violations and forwarding takedowns to any IPFS gateway they can find. The timeouts the author has experienced may simple be because there is no server online that has the file pinned anymore. Grabbing the file from a random NFT IPFS host, it does seem like most of these links do indeed return copyrighted material.
Does one need to visit an IPFS relay to file a DMCA takedown? I would expect so, but the DMCA does allow anyone with good intentions to take down copyright (you only need to really believe that you have a claim on a DMCA takedown, an actual legal basis is only relevant after a counter filing).
the dmca takedown services are awful. They just do exact text match on titles of videos and submit dmca requests on behalf of the content owner. If you embed a video widget from the content owners official YouTube page on your blog for example and quote the title, often these services will still send a dmca request.
Even if you respond and say the complaint is invalid some services will still ban you for receiving too many requests.
Source: built a crappy content farm with video embeds. Received avalanche of requests.
It’s hard to cry about my case in particular since it was just a dumb content farm. But ops post is another example of this terrible software and legal process having wider implications.
So what you're saying is, I need to set up an IPFS gateway and populate it with lots of videos that I hold the copyright for, which happen to have names that match commonly-pirated movies?
I wonder if they bother to download them to check? Hours and hours of bars and tone...
Unlikely they download them. Video embeds ads not copyright infringement as far as I understand since they give the tube site permission to display their work and broadly show it wherever they want. Still got dmcas.
I run a DMCA take down service where we remove revenge porn for people that are victimized by it. DMCA is the only tool we have to take these images down so as much as there are holes and gaps in that law, it's not all bad.
Not saying it makes DMCA perfect, just wanted everyone here to know there are some really awesome, clever uses of DMCA that people use for good and if we torch the DMCA we should make sure we don't leave those folks out in the cold.
Thanks for sharing the use case. However using it to defend the entire DMCA sounds like a false dichotomy. Surely there's a way to make rules only for those "awesome" uses, so that they don't have to be "clever" uses. C stands for Copyright and it's mainly used that way in practice.
Totally agree with everything you said, I just want to remind people that half of the story of DMCA is that we have really poor controls over our privacy and ironically DMCA is one of our only tools.
I applaud you for using the DMCA for good. You're doing good work, and please keep doing that. That doesn't mean that the DMCA can't also be used for evil, though.
It would be nice if it could only be used for good, but maybe that's impossible. It may also be possible to replace it with something more specifically tailored to take down revenge porn. I certainly think revenge porn is far more serious than a mere copyright violation.
Oh, it's live and well, and compensated very well.
Just an example, TwoSetViolins did a live concert of some classical music pieces (no copyright would exist on them at this time and age) and their YouTube video got millions of views. A French music company did a DMCA claim against them and YouTube took down their video and transferred their ad money to the music company. They fought to get their video back. But but the kicker was that the music company got to keep the ad revenue generated during the dispute period, which was most of the money as many event based videos got most of their views from the initial release time frame due to promotion of the events by the video creators. Not sure what the eventual outcome was. As you can see, even if the false claims have failed, the DMCA filers still got a part of the money. The incentive is completely skewed.
Sad thing is that under pretty much any other circumstances (as in not protected by a broken law) that sort of action would totally be straight-up fraud on the part of the filer (literally stealing ad revenue).
I would be halfway willing to bet that some genius asked ChatGPT "please provide me with a list of URLs where my book is being illegally shared", or something similar, and then started firing off emails.
These are actual hashes for books that exist somewhere on the IPFS network. You can get a lot of them to resolve. They've just never been requested from the site the DMCA notices are being sent to.
It's more likely that someone downloaded an IPFS hash list from LibGen and started sending emails generated from that.
Yes. If you want to go on a fun legal adventure, sue them.
I used to run a legit DMCA takedown business and tons of competitors would just mass spam anything even remotely matching because their tech was trash.
Our software instead was accessing every infringing link before sending a request and requiring some human approval.
Most likely (I never worked with IPFS so no idea about it) they found those links linked by someone on some other page and believed the information on those links - or they just wanted to shut you down.
In practice, almost no-one wants to go through the hassle of actually suing you (especially if you're a 13 year old from another jurisdiction who makes 1k per month in ads on warez -what money can they expect to get from you?) so it's either a very large customer with money to waste (think Zumba Fitness big) or it's just an empty threat.
Unfortunately DMCA law is insanely bad as it's forcing compliance from small actors or you're risking legal action - but what can you expect from a government lobbied by copyright owners.
I run some website with user uploaded content right now - and I've implemented an automated takedown form which waits less than 24hrs from each takedown request and then automatically remove the content automatically.
Maybe it's more the "customs" side of this department that this referral is going to, but it also sounds to me like trying to wield the sledgehammer of an ICE officer showing up to an immigrant's door, a notoriously evil strategy employed by all sorts of businesses and government agencies to get what they want.
The DMCA abuse is disgusting, the ICE threat is evil.
They are likely referring to Homeland Security Investigations, a division within ICE which is basically like a parallel FBI that handles white collar/CSAM/high level drug stuff. Usually not immigration related unless its related to migrant smuggling or visa fraud.
I'd assume a dumb script. All the filenames in the first file end with "annas-archive.(extension)". Perhaps some search or lookup feature of Anna's archive generates URLs, and they assumed all URLs were genuine?
A lot of this stuff seems to be very blindly done. Companies have taken down their own content.
Your average voter neither knows nor cares about the DMCA. We've all got things to do, people to see, and computing is just one industry/hobby.
Influential companies prefer predictable systems. They are thrilled that they can wash their hands of liability for their users' unvetted uploads. Having the removal process boiled down to a simple form they can dedicate an inbox to is icing on the cake.
Rightsholders are happy, because they can commit perjury with impunity in pursuit of defending their IP.
Legislators don't care, because their constituents are happy and their voters don't care.
I find it unpleasant that Gandi forwarded the DMCA letters to the author. (Gandi is the registrar for hardbin.com.) I’ve never liked how the DMCA turns private companies into policemen.
If they’re going to tattle to hardbin.com’s mom, why stop there? Why not send the DMCA takedown to IANA too? And also to the authorities in France where (I think) Gandi are based?
Similarly, just as Gandi passed the DMCA letter on to the author, so too should he pass on the DMCA letter to whoever posted the IPFS content. I would suggest (tongue in cheek) having a link on hardbin.com where users can regularly check to see if their content has been issued a DMCA notice. Now hardbin.com can’t be liable any more — like Gandi, they’ve been a good private cop and passed the notice on, down the chain!
Just once I would like one of these DMCA clowns to try to hit someone with the time and money to do something about this. Get that perjury judgement, don't settle for anything less.
IPFS, I'm unfamilar with it - does a gateway have the ability to host anything from IPFS if it's requested to be pinned? Would the hash of the content be the same wherever it is being served? If the service was running could these books have appeared on the gateway?
If yes, it looks like they are sending notices to every gateway they can find assuming that the content could be hosted there as it might or might not and they dont check.
is it a kind of demanding adding something to a blocklist pre-emptively?
> "I have now taken hardbin.com down completely because dealing with this sort of thing makes it less fun to run and more like hard work, but I do still have a copy of the log files."
Ultimately, a DMCA notification is a notification that you have infringing content that can in principle be accessed / hosted through your sites. It's effectively a "friendly heads up" from the copyright owner that prevents you from being sued if you can take the content down expeditiously. It's a copyright owner saying "here are some URLs that could be infringing, and they need to be blocked." The author says "you don't know if the hash is already blocked in the web server configuration, or if the server is broken in some way that prevents access to that hash, etc", but that doesn't really matter—if they're already blocked, or inaccessible, then all you need to say is that that's so. Otherwise, it's on you to block them—it doesn't matter if anybody accessed them or not, just that they would be accessible if they're not blocked.
