Forgot your password?
typodupeerror
Piracy

What a 'Six Strikes' Copyright Notice Looks Like 273

Posted by Soulskill
from the horse-head-in-your-bed dept.
The new Copyright Alert System, a.k.a. the 'Six Strikes' policy, went into effect on Monday. Comcast and Verizon activated it today. Ars Technica asked them and other participating ISPs to see the copyright alerts that will be sent to customers who have been identified as infringing. Comcast was the only one to grant their request, saying that a "small number" of the alerts have already been sent out. The alerts will be served to users in the form of in-browser popups. They explain what triggered the alert and ask the user to sign in and confirm they received the alert. (Not admitting guilt, but at least closing off the legal defense of "I didn't know.") The article points out that the alerts also reference an email sent to the Comcast email address associated with the account, something many users not be aware of. The first two notices are just notices. Alert #5 indicates a "Mitigation Measure" is about to be applied, and that users will be required to call Comcast's Security Assurance group and to be lectured on copyright infringement. The article outlines some of the CAS's failings, such as being unable to detect infringement through a VPN, and disregarding fair use. Comcast said, "We will never use account termination as a mitigation measure under the CAS. We have designed the pop-up browser alerts not to interfere with any essential services obtained over the Internet." Comcast also assures subscribers that their privacy is being protected, but obvious that's only to a point. According to TorrentFreak, "Comcast can be asked to hand over IP-addresses of persistent infringers, and the ISP acknowledges that copyright holders can then obtain a subpoena to reveal the personal details of the account holder for legal action."
This discussion has been archived. No new comments can be posted.

What a 'Six Strikes' Copyright Notice Looks Like

Comments Filter:
  • "In-browser popups?" (Score:5, Interesting)

    by Animats (122034) on Thursday February 28, 2013 @03:24AM (#43031961) Homepage

    "In-browser popups?" On what pages? Is Comcast tampering with web pages not their own to insert messages? Do they do MITM attacks on secure pages to break in there?

    • by bhcompy (1877290) on Thursday February 28, 2013 @03:44AM (#43032035)
      I imagine it's through using their DNS
      • by shentino (1139071)

        If they start blocking outbound DNS afterwards I'm going to be pissed.

        My college wifi did that and it made their dns filtering software damn near bulletproof.

        • by Nikker (749551)
          Couldn't you just get a really cheap VPS and forward port 53 over 22(SSH)? Even run SSH on a different port everyday.
          • by shentino (1139071)

            They had a somewhat vigilant network administration department.

            Pulling something like that would likely have gotten me expelled for circumvention.

          • by Aaden42 (198257)

            DNS over SSH tunnel is surprisingly difficult. The default is UDP, not TCP. It's doable, but it's a PITA. Much simpler to just VPN the entire connection.

      • That's one way. I had an issue with Comcast that caused computers to be redirected to the modem registration page for no apparent reason. The only computer that wasn't affected was my computer which used Google DNS. They eventually fixed it, but if it wasn't for my daughter's computer defaulting to Comcast DNS, I would have never known there was an issue.

        Another way is that they could just simply redirect HTTP requests via you cable modem.

    • Since when can corporations act like governments?
      • by naff89 (716141) on Thursday February 28, 2013 @04:16AM (#43032153)
        Corporations have a right to run their businesses however they want. The problem here is that, by all agreeing to restrict the rights of their customers in the same way, the corporations are colluding with one another to prevent those customers from simply switching to a competitor.
        • by sqrt(2) (786011) on Thursday February 28, 2013 @04:22AM (#43032179) Journal

          In many regions, there's not even any collusion necessary, as there's only one ISP available for broadband.

        • by Anonymous Coward on Thursday February 28, 2013 @04:37AM (#43032237)

          Corporations have a right to run their businesses however they want

          You state that with such conviction. It's not true.

          Not even in the US with its institutionalized bribery and corruption is this true. It is FAR from true in many other places.

        • by oztiks (921504) on Thursday February 28, 2013 @05:26AM (#43032381)

          Corporations have a right to run their businesses however they want.

          Corporations don't have the right to run whatever however they want. As an executive or director you MUST always act accordingly and responsibly and you MUST maintain an ethical stature and operate within the confines within the law *.

          As a rule of thumb any new policies and procedures a company institutes which later affect another business' income, then for the suffering business suing for loss of business is quite possible and quite winnable regardless of any clauses in contracts that say things like "we can disconnect you for any reason".

          They weigh these new rules knowing that the risks of such things are low and they also know that a big and nasty enough legal defence can make those take down notices not worth the paper they are printed on. This is just an ass covering process for the ISP, nothing more.

          * Though seeing this is in practice is a rarity, it is actually supposed to be the norm.

    • by cbhacking (979169)

      Most people browse the vast majority of the web via HTTP. Even leaving aside sites that don't even support HTTPS, damn near everybody will visit an HTTP page at some point. Hell, Slashdot auto-redirects from HTTPS back to HTTP. Absolutely no need to MitM SSL connections (which they'd have to get an intermediate trusted CA cert for anyhow).

      • Most people browse the vast majority of the web via HTTP. Even leaving aside sites that don't even support HTTPS, damn near everybody will visit an HTTP page at some point. Hell, Slashdot auto-redirects from HTTPS back to HTTP. Absolutely no need to MitM SSL connections (which they'd have to get an intermediate trusted CA cert for anyhow).

        While the vast majority of sites may be HTTP or even HTTP only it is also true there is a significant percentage of users who ever go to a very short list of sites like facebook, google and youtube all of which have SSL. SSL use is growing significantly. In a few years time you will not be able to buy a server without AES-NI.

    • by Anonymous Coward on Thursday February 28, 2013 @04:16AM (#43032151)

      If it is legal to edit the source of a web page on the fly, why is it illegal for media boxes to skip advertisements on television programmes?

      • by shentino (1139071) on Thursday February 28, 2013 @09:08AM (#43033217)

        Because big corporations have more rights than individuals.

        Even completely ignoring the blatant corruption and bribery involved in politics, the corporation having a superior legal budget gives them a very strong de-facto immunity to many things you'd get hanged for as a person.

      • by dywolf (2673597)

        Hmmm. Dont those Computer or Wire fraud laws cover MITM attacks?
        Or would that only apply if your name is Aaron?

    • by Anonymous Coward on Thursday February 28, 2013 @06:06AM (#43032489)

      Is Comcast tampering with web pages not their own to insert messages?

      If they are, then they are making unauthorised derivatives of a copyrighted work.

      • by Rich0 (548339)

        They're making unlicensed copies of copyrighted works every time they retransmit a packet.

        For whatever reason this kind of trivial argument is allowed to make things like EULAs enforceable in some court rulings (you copy software into RAM to run it), but it doesn't apply to wire transmissions. The bottom line is that the first case gives big corporations more power, and the second case would just cost them money.

        The saner approach to copyright is to consider all of this stuff non-infringing - they aren't r

    • I haven't seen it, but this almost certainly works like captive portal wifi gateways. It'll spoof a 302, redirect your browser to a local WAN page with the warning, and then surfing will continue as usual. I expect the comcast rep simply didn't know the lingo.
    • No, this is common practice for a lot of ISPs. I believe they just re-direct you with DNS. This is why I don't use my ISPs DNS.

    • by Mashiki (184564)

      $20 says they're using sandvine boxes and injecting it right into the stream.

  • by ciurana (2603) on Thursday February 28, 2013 @03:30AM (#43031983) Homepage Journal

    Netflix Instant Play monthly cost: less than $10, vs. IPREDator or equivalent VPN at about $5. Get a half decent Usenet or BitTorrent client, and the system has been circumvented.

    I suspect that ISPs adopted these measures more to appease the content providers than to fight the actual problem.

    Why won't the content providers address the obvious, and just make the content available through Netflix/iTunes/Amazon/VUDU/etc. soon after release? Such venues would enable them to profit from the home user who'd then download and pay without a hassle, and at the same time protect secondary international markets where other deals may be in place.

    I guess these people learned nothing from Napster, iTunes, and music stores.

    Cheers!

    E

    • by Nyder (754090)

      Netflix Instant Play monthly cost: less than $10, vs. IPREDator or equivalent VPN at about $5. Get a half decent Usenet or BitTorrent client, and the system has been circumvented.

      I suspect that ISPs adopted these measures more to appease the content providers than to fight the actual problem.

      Why won't the content providers address the obvious, and just make the content available through Netflix/iTunes/Amazon/VUDU/etc. soon after release? Such venues would enable them to profit from the home user who'd then download and pay without a hassle, and at the same time protect secondary international markets where other deals may be in place.

      I guess these people learned nothing from Napster, iTunes, and music stores.

      Cheers!

      E

      I thought the content owners either were ISP also, or they are buying up various big ISP.

    • by guevera (2796207) on Thursday February 28, 2013 @04:26AM (#43032193)
      Why won't the content providers address the obvious, and just make the content available through Netflix/iTunes/Amazon/VUDU/etc. soon after release? Because a) they're whole strategy is to safeguard their cable revenue and b) netflix money is not cable money. Netflix costs $9 month. Cable costs 5-12 times that. You think some of the richest companies in America want to give up that kinda money? You think they'll give that up without a fight? Would you?
    • by skine (1524819)

      You seem to make the assumption that DVD + legal home downloads generates more money than DVD + suing people at random.

  • SOPA vs 6 Strikes (Score:5, Interesting)

    by ohnocitizen (1951674) on Thursday February 28, 2013 @03:43AM (#43032031)
    The outrage that defeated SOPA is missing. Is it because the harm isn't as clear, big companies like google aren't stepping into the fray, or the association with "pirates" is too toxic? Or is it d) all of the above?
    • Re:SOPA vs 6 Strikes (Score:5, Interesting)

      by ThatsNotFunny (775189) on Thursday February 28, 2013 @04:06AM (#43032117)
      Perhaps it's because it's the ISPs making the rules, instead of the government.
    • by mark-t (151149)
      Probably because the likelihood of identifying an IP that actually had nothing to do with an infringement is small to insignificant. If a person a) doesn't download infringing content in the first place, and b) doesn't casually permit connectivity to others (which they probably aren't supposed to be doing with residential ISP service anyways, according to their ISP's TOS), then it seems only natural that the likelihood they would ever even get a first notice is vanishingly small.
      • by biodata (1981610)
        P(false positive) >= P(downloading content which is incorrectly flagged as infringing +P(someone else spoofing ones IP) + P(software or database or configuration error at ISP) +..... All of these probabilities are unknown, so your statement about the likelihoods is baseless, unknown, and in my opinion wrong, unless you can offer evidence otherwise.
        • by mark-t (151149)

          1) Having actually read extensively about the exact process by which they will even identify infringement, it strikes me as highly unlikely they would wrongly associate incorrect content with infringement in the first place, since it evidently involves checking some of the actual file content associated with a suspect individual shared file, and verifying that the content really does belong to them before they can take action and request the ISP to issue an alert.
          2) IP spoofing involves either forging th

  • Pop-ups? (Score:5, Insightful)

    by flyingfsck (986395) on Thursday February 28, 2013 @03:50AM (#43032063)
    Who in this day and age still has pop-ups enabled in their browsers?
  • Apparently even if you successfully challenge the "back breaking straw" copyright alert that triggers a mitigation notice, you have to defeat at least half of ALL notices to get the mitigation removed.

    Kinda like getting your license suspended after getting your 6th ticket, but then having to overturn not only your 6th ticket but also 2 other tickets to get your license reinstated.

  • Firstly, I think popups are generally disabled by people who know how to use torrents. And secondly, they require the popup to be signed so you cannot say "I didn't know" further down the line. Now what happens if you see the popup and just close it (CTRL+W or CTRL+F4)? Does it count as seen? Or better still, pull the popup window to a side and keep doing what you are doing. And shutdown after you are done. Now does that count? And what if I challenge the ISP to show me proof for the notice. Will they do i
  • by Zembar (803935) on Thursday February 28, 2013 @04:04AM (#43032115)

    Apologies to the author of the original(can be found at http://craphound.com/spamsolutions.txt [craphound.com]):

    Your law advocates a

    (x) technical (x) legislative ( ) market-based ( ) vigilante

    approach to fighting piracy. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    (x) Legitimate bittorrent uses would be affected
    (x) It is defenseless against VPNs
    (x) It will stop piracy for two weeks and then we'll be stuck with it
    (x) Users of netflix will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    (x) Requires too much cooperation from pirates
    ( ) Requires immediate total cooperation from everybody at once
    (x) Many internet users cannot afford to lose business or alienate potential employers
    ( ) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    (x) TOR endpoints in foreign countries
    (x) Asshats
    (x) Jurisdictional problems
    (x) Unpopularity of net restrictions
    (x) Pop-up blockers
    (x) Eternal arms race involved in all filtering approaches
    ( ) Extreme profitability of piracy
    (x) Joe jobs and/or identity theft
    (x) Technically illiterate politicians
    (x) Dishonesty on the part of pirates themselves

    and the following philosophical objections may also apply:

    (x) Ideas similar to yours are easy to come up with, yet none have ever
    been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) IP headers should not be the subject of legislation
    (x) Blacklists suck
    (x) Whitelists suck
    (x) We should be able to watch youtube without being permanently disconnected from the net
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    ( ) Countermeasures must work if phased in gradually
    (x) Why should we have to trust you and your servers?
    (x) Incompatiblity with open source or open source licenses
    ( ) Feel-good measures do nothing to solve the problem
    (x) I don't want private corporations suing me for downloading my own files

    Furthermore, this is what I think about you:

    ( ) Sorry dude, but I don't think it would work.
    (x) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your
    house down!

  • by WaffleMonster (969671) on Thursday February 28, 2013 @04:10AM (#43032133)

    It is amusing to see comcast and others think just cause everyone else is doing it or because they have "industry" documents like RFC 6108 this somehow insulates them from "stupid".

    Injecting shit into http is HARMFUL no matter what BS you can get accepted by throwing your largess around and sponsoring IETF meetings. You simply cannot know a-priori what side effects of injecting javascript crap into HTTP transactions are. In case you have been living under a rock for the past decade sadly everyones using HTTP for transport these days.

    As I type no doubt the phishers are working overtime on fake popups emulating comcasts piracy notifications.

    I hope sleeping with the MPAA is worth bad press, legal exposure and pissing off your paying customers.

    • by nospam007 (722110) *

      "Injecting shit into http is HARMFUL no matter what BS you can get accepted ..."

      Wait and see.

      Some clever dude will analyze how it works exactly, build a special environment that is vulnerable to it, so that it loses data/business/whatever and sue their asses off.

      • by causality (777677)

        "Injecting shit into http is HARMFUL no matter what BS you can get accepted ..."

        Wait and see.

        Some clever dude will analyze how it works exactly, build a special environment that is vulnerable to it, so that it loses data/business/whatever and sue their asses off.

        This is a great idea -- use their own system against them. I hope that clever dude makes millions because that would encourage others to do the same!

        • Punitive damages would be fine too. I don't really care whether the clever dude MAKES millions, as long as those involved in six-strikes LOSE the millions.

  • No details offered? (Score:5, Interesting)

    by jd659 (2730387) on Thursday February 28, 2013 @04:12AM (#43032141)
    From the TFA, the message from Comcast reads:

    "As part of the Copyright Alerts System operated by the Center for Copyright Information, a copyright owner has sent Comcast a notice claiming your Internet service from Comcast was used to copy or share a movie, television program or song improperly...."

    There are absolutely no details about who the copyright owner is, what specific content was infringed, when the alleged infringement was made, what details identifies MY "Internet service", etc.

    A more legally correct wording could state "Someone who claims to be the copyright owner, claims that the copyright was infringed from the specific IP which we, Comcast, claim to be belonging to your account at the claimed time of the infringement." But that would be just too many "claims"!

    • by sqrt(2) (786011)

      Supposedly that information is sent to your @comcast.com e-mail account. You can probably count on one hand how many people actually use their ISP-provided e-mail address, so few people are going to see the details of their alleged infractions--by design, I'd say.

      • by dissy (172727) on Thursday February 28, 2013 @07:58AM (#43032913)

        I am a Time Warner customer, and I signed up during their beta testing roll out back in 1995. I still have my "signup packet" here sitting on the same shelf for these last 18 years, and this is the first time I've touched it in those 18 years.

        There is absolutely no mention of an account or an email address with them.

        I can only assume an email address would have been assigned to me, but I have no idea how to sign in to it. It looks like they now maintain a customer portal as well, but again I have no idea how to sign in to it.

        While I don't use bit torrent these days at all nor download commercial music or movies, for SOME silly reason I have little faith this new system will have zero false positives despite the lack of infringing activity.
        My online video watching is limited to youtube blip and twitch, primarily gaming videos (completely created by those that post them I should add) and whatever random link clicking youtube may take me to... At least until this last weekend.

        I noticed over the weekend my public IP changed, and ever since then my service has been running slow as shit.
        20+% packet loss, speeds under 1 megabit (for 10mbit down service), it takes a good 30 minutes to buffer a 10 minute youtube video, and for the first time ever my network meter app is showing a line reporting "Blacklisted IP ratio 5/72"

        I can't help but wonder if the two are related, and what sort of situation I might be/get stuck in.

        I use Firefox with adblock and noscript with a fairly tight whitelist. They give no details about what "popup" means but the traditional popup I will never see. At least I am not seeing any time warner related URLs under the noscript menu.

        I'm now thinking about trying out one of these many VPN services just to see what happens to my connection speeds. The first couple I checked have a free trial period (Either most do or I just got very lucky)

        Since the ISPs don't seem to have any issue throwing around accusations without proof, I won't feel so bad having not collected more proof when calling them up complaining about the results with my own assumed accusations.

        Perhaps if their phone support techs get enough comments about it, that count will get passed up to someone that matters. Doubtful, but you never know. Maybe I'll get lucky and be one of the calls monitored by a manager.
        I've never been one to yell or get angry at the poor tech answering the phone, but have no issue bringing up questions they are likely sick of hearing, nor mind playing dumb when they treat me as dumb first.

        "Yes sir I know, but we have to follow the trouble shooting guide. Now reboot your computer again, and reboot the cable modem again, I'll wait here..."

        "You know I've heard about this new internet monitoring spying thing the US is doing everywhere.. You think it's like in the movies where hearing breathing in the phone would cause my connection to have these problems? I bet that would cause a lot of problems, so many connections to keep up with. Are you absolutely sure that isn't the problem? It still sounds like it to me."

    • There are absolutely no details about who the copyright owner is, what specific content was infringed, when the alleged infringement was made, what details identifies MY "Internet service", etc.

      A more legally correct wording could state "Someone who claims to be the copyright owner, claims that the copyright was infringed from the specific IP which we, Comcast, claim to be belonging to your account at the claimed time of the infringement." But that would be just too many "claims"!

      It would be fun to see

      • by Shagg (99693)

        I assume the ISPs only accept copyright claims that come from the RIAA/MPAA/etc. I don't think everyone gets to file copyright claims under this policy.

  • ..."Aaron Schwartz: reasons for him being persecuted by DOJ were political" ( as admitted by the DOJ itself ) - and many others.

    US = nascent police state.

    • by rsborg (111459)

      ..."Aaron Schwartz: reasons for him being persecuted by DOJ were political" ( as admitted by the DOJ itself ) - and many others.

      US = nascent police state.

      What's nascent about it? It's here and in-force. Welcome to your neo-feudalist future.

  • They think that the copyright cartels are their buddies for taking their bribes and fighting their fight, but when this fails just like all the rest of their evil greedy plans of never letting so much as a penny slip through their fingers the ISPs participating in this may find it difficult to testify to a judge with a straight face that they have no control of the infringing content transmitted over their network. This strategy may not bite them in the ass today, or even next week or next month, but someda

    • by Lumpy (12016)

      News Flash: Comcast IS a Copyright cartel. They have been buying and merging with big media companies for a decade now...

  • 5 Strikes and i change my ISP!
    • Exactly how many broadband providers do you have in your area?

      And how many of them are just as good or better than your current one?

      What will I do? Probably cancel my premium cable and use the money to get a VPN service.

  • I always wondered why possession/acquiring of copyright material is a crime.

    The whole problem of making possession/downloading illegal is it tries to fight human nature in a clumsy way (I get that while downloading torrents you also MIGHT seed it - there might not be anyone else downloading from you). People will always want free stuff. If I find a copy of a popular book being sold at half price on the pavement, I will buy it (esp. if the print is great).

    At certain times, fighting human nature is import

    • It's not the download. When you're in a torrent swarm, you're uploading while you're downloading. The uploading is what they're anal about.

      That's why people only really get in trouble through torrents or other direct P2P activity.

  • Man in the middle attack is completely unacceptable.

  • attack computers on those networks then make those computers download copyrighted materials. Eventually 1000's will get the notice and maybe they'll notice.

  • Sigh. (Score:5, Insightful)

    by ledow (319597) on Thursday February 28, 2013 @06:23AM (#43032541) Homepage

    A pop-up I wasn't expecting inserted into my normal web browsers, and breaking any secure sites that it might pop up on prompting security warnings, asking me to click a button, sign-in, etc.?

    Yeah, that won't be a scam, will it?

    How about this - you have these people's address and billing details, send them a damn letter by recorded delivery if you want them to read it.

    Personally, everything I've been advising my users NOT to do for the last ten years would ensure that those warnings are ALL ignored and/or the person runs off to check their antivirus because they are quite obviously not supposed to be there when you have typed in www.google.com or whatever.

  • They explain what triggered the alert and ask the user to sign in and confirm they received the alert. (Not admitting guilt, but at least closing off the legal defense of "I didn't know.")

    If only there was some way of getting around that, like, um... not signing in and confirming you've received the alert? Yeah, that loophole's well and truly closed, well done.

  • by Jafafa Hots (580169) on Thursday February 28, 2013 @08:59AM (#43033177) Homepage Journal

    may not ever use account termination as a way of enforcing this, but I certainly will use account termination as a way of dealing with it.

    That thing where they tell you you have to call them?
    That call will be to cancel my service.

    (and no, I don't use torrents, (except steam) but that hardly matters)

    • There is always a way to vote when the offensive action is perpetrated by a money grubbing entity: with your wallet. Unfortunately, most people won't be willing to give up their darling televisions on principle alone. It is an inexpensive babysitter for some, a mind eraser for others, and an escape from the day for too many.
  • If anyone can pulls an alert from a public domain torrent, please post the link. I'd really like to get my 5 alerts out of the way this weekend so I can speak with the CAS team about how utterly useless they, and their entire scheme, are before my account cancels.

  • Will this work properly in Lynx? Or do I need to file a complaint about cross browser support?

  • How long until... (Score:5, Insightful)

    by Beorytis (1014777) on Thursday February 28, 2013 @11:19AM (#43034565)
    ...someone takes the CAS screenshots from TFA and incorporates them into a phishing scam popup?
  • "oh, no, not junior rodeo..."

    Seriously, wtf? By what right do ISPs have to be judge, jury, and executioner?

  • by ponraul (1233704) on Thursday February 28, 2013 @03:45PM (#43038131)
    Fake six-strikes popups which ask for credit card numbers to resolve the complaint.

Line Printer paper is strongest at the perforations.

Working...