I frequently receive cease and desist notices from "legal entities" demanding I stop selling the officially authorized clothing brands on one of my sites...I ignore them. Nothing ever happens. It's a competitor, or competitors, trying real hard to take over my search engine rankings by trying to shut my site down. These DMCA requests are the same thing - basically bullying or scare tactics. Real legal requests, etc. come in the form of physical paperwork, signed and sometimes notarized.
Sorry for the irrelevant reply, but I'm trying to get some attention on this.
This youtuber got a fraudulent DMCA notice, and his counter-notice got automatically rejected. The person who sent the notice isn't associated with the devs, and is asking for a $100 ransom to get the channel reinstated. How could this be fixed?
But in this case, we're talking about notice being served via service providers for hosting and domains. They have the choice to take immediate action or ask you (TFA was lucky) and let you have a period to refute or comply. At which point the complainant can take you to court and get a real order to remove the material. The service providers need to follow this formula to preserve "safe harbor"; otherwise they're seen as picking a side and would become liable.
If you ignore the DMCA takedown process from a service provider, you lose service.
That is to say, a real DMCA takedown involves no papers, no notaries, no being served or court summons. It's a quick and digital way to take something offline. If you ignore it, you'll learn that the hard way.
---
That all said, there are plenty of people who use real lawyers to send "I don't like what you're doing, [stop it, pay me]" demands. I still wouldn't ignore these. Some might have merit, you might have overlooked something and early compliance is often cheapest.
If these entities have a legitimate grievance with you such as passing off fake branded goods or a willful interference with a private exclusive licensing agreement for product resale (tortious interference with a third party contract, common law breach of design rights through passing off which is two torts and obviously the inevitable harm to the revenues expected from that agreement which was never open to you) they can just serve the DMCA notices on your upstream provider and enforce effective disconnections of your storefront.
This statutory and perfunctory hence effectively attorney free process would have relieved the beleaguered BIOS developer's concerns discussed here the other day and this is a and usually effective right of protection that's rare in its accessibility to the common man instead of the largest businesses.
If someone sends you a DMCA takedown request for URLs that aren't even valid, then you can reply that you've complied with their request and taken the (nonexistent) material down: you are no longer serving content from those URLs because you never were.
I think that what's going on here is incompetence, not fraud.
You shouldn't have to reply with anything. Entities with no proof, due diligence, or process shouldn't be able to make you incur a cost (of discovery of compliance) just because they feel like it.
Sure, in this case, 30 minutes spent and done.
Recently I got a per capita tax bill for a town I didn't live in. They wanted payment for the last 8 years. I lived in a different town entirely (2 towns during the time in question).
When I filled out their form to contest it, they asked for deeds or leases for the duration to prove I didn't live there.
I told them I wouldn't provide such documentation without some proof to the fact I didn't live where I said I did. They responded to ignore the bill, it would be removed (which it was).
To me even the time I spent on this was excessive. In a just world, they'd be liable for my time. Entities, private or government, shouldn't be able to incur costs on our time and life due to their bullshit reasons or error.
> I think that what's going on here is incompetence, not fraud.
There’s a middle ground: sabotage. DMCA complaints have asymmetric incentives. You can, afaik, send a near-infinite number of (generated, duplicated, likely-to-not-exist) complaints at the cost of an email. As a host, you are obligated to comply with each individual report. Automating the process of decoding arbitrary emails, mapping to content you have and verifying that it’s copyrighted is extremely hard if not impossible, so you end up with a manual defense against an automated attack. This can obviously be exploited for purposes of sabotage.
Imagine sending bulk emails to the police reporting all people you don’t like for all crimes you can think of, without any risk. Or if you could call mayday on the sea, get other ships to reroute and risk their lives, with no consequences.
"ddos" via DMCA requests is an actual thing. There are actual methods that a few ddos-as-a-service providers provide (aka booters or stressers) that will fling tons of DMCA/abuse reports at your hosting/cloud provider to get them to take action on you.
In this case the URLs contain valid IPFS hashes. The ones that I've tried all resolve to real files with the IPFS CLI.
The issue is they've never been requested from the gateway that the DMCA notices are being sent to. They might be blocked by the gateway, they might fail to resolve on the gateway for other reasons, or they might work. Nobody checked before sending the complaint.
Yeah, and then the sender writes back to complain about the 1 address that was real. If this person is a paralegal, complain to the law firm. If the law firm doesn't respond, complain to the bar.
I am sure I'm preaching to the choir here, but the DMCA is just such an egregiously bad law. Its main use cases are this kind of consequence-free fraudulent terrorism and the much worse draconian de facto state enforcement of extremely customer-hostile business models. It needs to be nuked from orbit
I think its main use case is safe harbour. Without the DMCA, if I posted something infringing copyright, Hacker News would be liable as the service provider. DMCA shifts the blame to me, but the publisher has to comply with takedown requests.
I think overall this is a good thing for an internet that hosts user-created content, which includes comments, but they could definitely tidy up the implementation. As it stands you are allowed to reject the claim if you think you are in the right, and the company should restore the disputed content if you do so - but some like YouTube operate above and beyond the DMCA and seemingly intentionally blur the lines a lot so people blame the DMCA and not their custom process.
When someone sends a DMCA notice, they state that "under penalty of perjury, they are authorized on behalf of the copyright holder". That is the only part that they can get in trouble for. Whether the work is identified correctly or not is irrelevant.
You can counterclaim that the content you're sharing is in fact fair use or otherwise not infringing, the original claiming party has some time to sue you, and if they don't, you can sue them for damages caused by the takedown. I don't know whether anything can be done about a takedown notice on content that never existed in the first place, perhaps some generic harassment complaint?
This youtuber got a fraudulent DMCA notice, and his counter-notice got automatically rejected. The person who sent the notice isn't associated with the devs, and is asking for a $100 ransom to get the channel reinstated. How could this be fixed?
I think this person, Gareth Young, has at some point worked for Covington (one of those LinkedIn scrapers seems to have caught their profile: https://www.arounddeal.com/p/gareth-young/m6oymuxsnd/ but those sites are usually trash so who knows when this was still relevant).
The ciu-online domain is hosted by https://www.ravensbay.co.uk/ which "developed a high performance database system to automatically track infringements and issue notices to website owners and other parties who are publishing their client’s intellectual property" and "maintain and develop automated web crawlers to search the internet for possible infringements and analyse the page content to identify actionable cases".
Based on the status of various URLs in the IPFS.io and Cloudflare IPFS gateway, I'm guessing these people are searching IPFS for copyright violations and forwarding takedowns to any IPFS gateway they can find. The timeouts the author has experienced may simple be because there is no server online that has the file pinned anymore. Grabbing the file from a random NFT IPFS host, it does seem like most of these links do indeed return copyrighted material.
Does one need to visit an IPFS relay to file a DMCA takedown? I would expect so, but the DMCA does allow anyone with good intentions to take down copyright (you only need to really believe that you have a claim on a DMCA takedown, an actual legal basis is only relevant after a counter filing).
the dmca takedown services are awful. They just do exact text match on titles of videos and submit dmca requests on behalf of the content owner. If you embed a video widget from the content owners official YouTube page on your blog for example and quote the title, often these services will still send a dmca request.
Even if you respond and say the complaint is invalid some services will still ban you for receiving too many requests.
Source: built a crappy content farm with video embeds. Received avalanche of requests.
It’s hard to cry about my case in particular since it was just a dumb content farm. But ops post is another example of this terrible software and legal process having wider implications.
So what you're saying is, I need to set up an IPFS gateway and populate it with lots of videos that I hold the copyright for, which happen to have names that match commonly-pirated movies?
I wonder if they bother to download them to check? Hours and hours of bars and tone...
I run a DMCA take down service where we remove revenge porn for people that are victimized by it. DMCA is the only tool we have to take these images down so as much as there are holes and gaps in that law, it's not all bad.
Oh, it's live and well, and compensated very well.
Just an example, TwoSetViolins did a live concert of some classical music pieces (no copyright would exist on them at this time and age) and their YouTube video got millions of views. A French music company did a DMCA claim against them and YouTube took down their video and transferred their ad money to the music company. They fought to get their video back. But but the kicker was that the music company got to keep the ad revenue generated during the dispute period, which was most of the money as many event based videos got most of their views from the initial release time frame due to promotion of the events by the video creators. Not sure what the eventual outcome was. As you can see, even if the false claims have failed, the DMCA filers still got a part of the money. The incentive is completely skewed.
I would be halfway willing to bet that some genius asked ChatGPT "please provide me with a list of URLs where my book is being illegally shared", or something similar, and then started firing off emails.
These are actual hashes for books that exist somewhere on the IPFS network. You can get a lot of them to resolve. They've just never been requested from the site the DMCA notices are being sent to.
It's more likely that someone downloaded an IPFS hash list from LibGen and started sending emails generated from that.
Yes. If you want to go on a fun legal adventure, sue them.
I used to run a legit DMCA takedown business and tons of competitors would just mass spam anything even remotely matching because their tech was trash.
Our software instead was accessing every infringing link before sending a request and requiring some human approval.
Most likely (I never worked with IPFS so no idea about it) they found those links linked by someone on some other page and believed the information on those links - or they just wanted to shut you down.
In practice, almost no-one wants to go through the hassle of actually suing you (especially if you're a 13 year old from another jurisdiction who makes 1k per month in ads on warez -what money can they expect to get from you?) so it's either a very large customer with money to waste (think Zumba Fitness big) or it's just an empty threat.
Unfortunately DMCA law is insanely bad as it's forcing compliance from small actors or you're risking legal action - but what can you expect from a government lobbied by copyright owners.
I run some website with user uploaded content right now - and I've implemented an automated takedown form which waits less than 24hrs from each takedown request and then automatically remove the content automatically.
Maybe it's more the "customs" side of this department that this referral is going to, but it also sounds to me like trying to wield the sledgehammer of an ICE officer showing up to an immigrant's door, a notoriously evil strategy employed by all sorts of businesses and government agencies to get what they want.
The DMCA abuse is disgusting, the ICE threat is evil.
I'd assume a dumb script. All the filenames in the first file end with "annas-archive.(extension)". Perhaps some search or lookup feature of Anna's archive generates URLs, and they assumed all URLs were genuine?
A lot of this stuff seems to be very blindly done. Companies have taken down their own content.
I find it unpleasant that Gandi forwarded the DMCA letters to the author. (Gandi is the registrar for hardbin.com.) I’ve never liked how the DMCA turns private companies into policemen.
If they’re going to tattle to hardbin.com’s mom, why stop there? Why not send the DMCA takedown to IANA too? And also to the authorities in France where (I think) Gandi are based?
Similarly, just as Gandi passed the DMCA letter on to the author, so too should he pass on the DMCA letter to whoever posted the IPFS content. I would suggest (tongue in cheek) having a link on hardbin.com where users can regularly check to see if their content has been issued a DMCA notice. Now hardbin.com can’t be liable any more — like Gandi, they’ve been a good private cop and passed the notice on, down the chain!
Just once I would like one of these DMCA clowns to try to hit someone with the time and money to do something about this. Get that perjury judgement, don't settle for anything less.
IPFS, I'm unfamilar with it - does a gateway have the ability to host anything from IPFS if it's requested to be pinned? Would the hash of the content be the same wherever it is being served? If the service was running could these books have appeared on the gateway?
If yes, it looks like they are sending notices to every gateway they can find assuming that the content could be hosted there as it might or might not and they dont check.
is it a kind of demanding adding something to a blocklist pre-emptively?
[+] [-] yooo000|2 years ago|reply
[+] [-] theemathas|2 years ago|reply
This youtuber got a fraudulent DMCA notice, and his counter-notice got automatically rejected. The person who sent the notice isn't associated with the devs, and is asking for a $100 ransom to get the channel reinstated. How could this be fixed?
Proof that the person sending the notice isn't "authorized on behalf of the copyright holder": https://twitter.com/Lionheart/status/1671349063931838464
Tweet about the automatic rejection of the counter-notice: https://twitter.com/Azrial_Vanity/status/1671696220190810113
Tweet about the initial DMCA takedown: https://twitter.com/Azrial_Vanity/status/1671323777978736643
Mention of the $100 ransom: https://twitter.com/Azrial_Vanity/status/1671332970836140032
Any youtube people on here can help? Or anyone else have any advice?
[+] [-] oliwarner|2 years ago|reply
But in this case, we're talking about notice being served via service providers for hosting and domains. They have the choice to take immediate action or ask you (TFA was lucky) and let you have a period to refute or comply. At which point the complainant can take you to court and get a real order to remove the material. The service providers need to follow this formula to preserve "safe harbor"; otherwise they're seen as picking a side and would become liable.
If you ignore the DMCA takedown process from a service provider, you lose service.
That is to say, a real DMCA takedown involves no papers, no notaries, no being served or court summons. It's a quick and digital way to take something offline. If you ignore it, you'll learn that the hard way.
---
That all said, there are plenty of people who use real lawyers to send "I don't like what you're doing, [stop it, pay me]" demands. I still wouldn't ignore these. Some might have merit, you might have overlooked something and early compliance is often cheapest.
[+] [-] mcwhy|2 years ago|reply
[+] [-] Cullinet|2 years ago|reply
This statutory and perfunctory hence effectively attorney free process would have relieved the beleaguered BIOS developer's concerns discussed here the other day and this is a and usually effective right of protection that's rare in its accessibility to the common man instead of the largest businesses.
[+] [-] tinus_hn|2 years ago|reply
[+] [-] Cthulhu_|2 years ago|reply
[+] [-] not2b|2 years ago|reply
I think that what's going on here is incompetence, not fraud.
[+] [-] Libcat99|2 years ago|reply
Sure, in this case, 30 minutes spent and done.
Recently I got a per capita tax bill for a town I didn't live in. They wanted payment for the last 8 years. I lived in a different town entirely (2 towns during the time in question).
When I filled out their form to contest it, they asked for deeds or leases for the duration to prove I didn't live there.
I told them I wouldn't provide such documentation without some proof to the fact I didn't live where I said I did. They responded to ignore the bill, it would be removed (which it was).
To me even the time I spent on this was excessive. In a just world, they'd be liable for my time. Entities, private or government, shouldn't be able to incur costs on our time and life due to their bullshit reasons or error.
[+] [-] klabb3|2 years ago|reply
There’s a middle ground: sabotage. DMCA complaints have asymmetric incentives. You can, afaik, send a near-infinite number of (generated, duplicated, likely-to-not-exist) complaints at the cost of an email. As a host, you are obligated to comply with each individual report. Automating the process of decoding arbitrary emails, mapping to content you have and verifying that it’s copyrighted is extremely hard if not impossible, so you end up with a manual defense against an automated attack. This can obviously be exploited for purposes of sabotage.
Imagine sending bulk emails to the police reporting all people you don’t like for all crimes you can think of, without any risk. Or if you could call mayday on the sea, get other ships to reroute and risk their lives, with no consequences.
[+] [-] catminou|2 years ago|reply
[+] [-] margalabargala|2 years ago|reply
Due to the following bit in the notice:
> Gareth Young, Internet Investigator, swears, under penalty of perjury, that the information in the notification is accurate
It would appear that in this situation, incompetence in fact constitutes fraud.
[+] [-] slang800|2 years ago|reply
The issue is they've never been requested from the gateway that the DMCA notices are being sent to. They might be blocked by the gateway, they might fail to resolve on the gateway for other reasons, or they might work. Nobody checked before sending the complaint.
[+] [-] unyttigfjelltol|2 years ago|reply
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] advael|2 years ago|reply
[+] [-] lja|2 years ago|reply
[deleted]
[+] [-] hnick|2 years ago|reply
I think overall this is a good thing for an internet that hosts user-created content, which includes comments, but they could definitely tidy up the implementation. As it stands you are allowed to reject the claim if you think you are in the right, and the company should restore the disputed content if you do so - but some like YouTube operate above and beyond the DMCA and seemingly intentionally blur the lines a lot so people blame the DMCA and not their custom process.
[+] [-] Dwedit|2 years ago|reply
[+] [-] jojobas|2 years ago|reply
You can counterclaim that the content you're sharing is in fact fair use or otherwise not infringing, the original claiming party has some time to sue you, and if they don't, you can sue them for damages caused by the takedown. I don't know whether anything can be done about a takedown notice on content that never existed in the first place, perhaps some generic harassment complaint?
[+] [-] theemathas|2 years ago|reply
Proof that the person sending the notice isn't "authorized on behalf of the copyright holder": https://twitter.com/Lionheart/status/1671349063931838464
Tweet about the automatic rejection of the counter-notice: https://twitter.com/Azrial_Vanity/status/1671696220190810113
Tweet about the initial DMCA takedown: https://twitter.com/Azrial_Vanity/status/1671323777978736643
Mention of the $100 ransom: https://twitter.com/Azrial_Vanity/status/1671332970836140032
Any youtube people on here can help?
[+] [-] jeroenhd|2 years ago|reply
Here's an article from 2014 mentioning the same person: https://www.publishersweekly.com/pw/by-topic/childrens/child... and a listing which puts Gareth with Covington & Burlap in 2018: https://www.resultsbase.net/event/4529/results/2491300
These people seem to have a history of bullshit takedowns: http://www.gregthatcher.com/Financial/THATCHER_TO_HOWARD_009...
The ciu-online domain is hosted by https://www.ravensbay.co.uk/ which "developed a high performance database system to automatically track infringements and issue notices to website owners and other parties who are publishing their client’s intellectual property" and "maintain and develop automated web crawlers to search the internet for possible infringements and analyse the page content to identify actionable cases".
Based on the status of various URLs in the IPFS.io and Cloudflare IPFS gateway, I'm guessing these people are searching IPFS for copyright violations and forwarding takedowns to any IPFS gateway they can find. The timeouts the author has experienced may simple be because there is no server online that has the file pinned anymore. Grabbing the file from a random NFT IPFS host, it does seem like most of these links do indeed return copyrighted material.
Does one need to visit an IPFS relay to file a DMCA takedown? I would expect so, but the DMCA does allow anyone with good intentions to take down copyright (you only need to really believe that you have a claim on a DMCA takedown, an actual legal basis is only relevant after a counter filing).
[+] [-] SnorkelTan|2 years ago|reply
Even if you respond and say the complaint is invalid some services will still ban you for receiving too many requests.
Source: built a crappy content farm with video embeds. Received avalanche of requests.
It’s hard to cry about my case in particular since it was just a dumb content farm. But ops post is another example of this terrible software and legal process having wider implications.
[+] [-] Gordonjcp|2 years ago|reply
I wonder if they bother to download them to check? Hours and hours of bars and tone...
[+] [-] srj|2 years ago|reply
[+] [-] shmde|2 years ago|reply
[+] [-] lja|2 years ago|reply
I run a DMCA take down service where we remove revenge porn for people that are victimized by it. DMCA is the only tool we have to take these images down so as much as there are holes and gaps in that law, it's not all bad.
[+] [-] brucethemoose2|2 years ago|reply
[+] [-] d4mi3n|2 years ago|reply
A few examples:
Bungie suing person responsible for multiple fraudulent Destiny 2 DMCA takedowns, 2022: https://www.vg247.com/bungie-suing-person-responsible-for-fr...
Using Youtube takedowns as extortion, 2017: https://www.techdirt.com/2017/10/25/using-youtube-takedowns-...
Warner Bros’ False Takedowns Stifle Free Speech, EFF Tells Court, 2013: https://torrentfreak.com/warner-bros-false-takedowns-stifle-...
[+] [-] ww520|2 years ago|reply
Just an example, TwoSetViolins did a live concert of some classical music pieces (no copyright would exist on them at this time and age) and their YouTube video got millions of views. A French music company did a DMCA claim against them and YouTube took down their video and transferred their ad money to the music company. They fought to get their video back. But but the kicker was that the music company got to keep the ad revenue generated during the dispute period, which was most of the money as many event based videos got most of their views from the initial release time frame due to promotion of the events by the video creators. Not sure what the eventual outcome was. As you can see, even if the false claims have failed, the DMCA filers still got a part of the money. The incentive is completely skewed.
[+] [-] EdwardDiego|2 years ago|reply
[+] [-] cheald|2 years ago|reply
[+] [-] slang800|2 years ago|reply
It's more likely that someone downloaded an IPFS hash list from LibGen and started sending emails generated from that.
[+] [-] ronsor|2 years ago|reply
[+] [-] geocrasher|2 years ago|reply
[+] [-] jokethrowaway|2 years ago|reply
I used to run a legit DMCA takedown business and tons of competitors would just mass spam anything even remotely matching because their tech was trash. Our software instead was accessing every infringing link before sending a request and requiring some human approval.
Most likely (I never worked with IPFS so no idea about it) they found those links linked by someone on some other page and believed the information on those links - or they just wanted to shut you down.
In practice, almost no-one wants to go through the hassle of actually suing you (especially if you're a 13 year old from another jurisdiction who makes 1k per month in ads on warez -what money can they expect to get from you?) so it's either a very large customer with money to waste (think Zumba Fitness big) or it's just an empty threat.
Unfortunately DMCA law is insanely bad as it's forcing compliance from small actors or you're risking legal action - but what can you expect from a government lobbied by copyright owners.
I run some website with user uploaded content right now - and I've implemented an automated takedown form which waits less than 24hrs from each takedown request and then automatically remove the content automatically.
[+] [-] annoyingnoob|2 years ago|reply
https://www.dmca.com/FAQ/How-can-I-eliminate-fake-DMCA-Taked...
[+] [-] komali2|2 years ago|reply
Maybe it's more the "customs" side of this department that this referral is going to, but it also sounds to me like trying to wield the sledgehammer of an ICE officer showing up to an immigrant's door, a notoriously evil strategy employed by all sorts of businesses and government agencies to get what they want.
The DMCA abuse is disgusting, the ICE threat is evil.
[+] [-] nitwit005|2 years ago|reply
A lot of this stuff seems to be very blindly done. Companies have taken down their own content.
[+] [-] nitwit005|2 years ago|reply
https://cloudflare-ipfs.com/ipfs/bafykbzaceadernoyib7mknhbdt...
Which is exactly the same as the given link, except for the domain:
https://hardbin.com/ipfs/bafykbzaceadernoyib7mknhbdtnrdem56o...
Perhaps cloudflare, or their ipfs servce, confused their script somehow.
[+] [-] faangsticle|2 years ago|reply
[+] [-] gorgoiler|2 years ago|reply
If they’re going to tattle to hardbin.com’s mom, why stop there? Why not send the DMCA takedown to IANA too? And also to the authorities in France where (I think) Gandi are based?
Similarly, just as Gandi passed the DMCA letter on to the author, so too should he pass on the DMCA letter to whoever posted the IPFS content. I would suggest (tongue in cheek) having a link on hardbin.com where users can regularly check to see if their content has been issued a DMCA notice. Now hardbin.com can’t be liable any more — like Gandi, they’ve been a good private cop and passed the notice on, down the chain!
[+] [-] account42|2 years ago|reply
[+] [-] jeroenhd|2 years ago|reply
[+] [-] thinkingemote|2 years ago|reply
If yes, it looks like they are sending notices to every gateway they can find assuming that the content could be hosted there as it might or might not and they dont check.
is it a kind of demanding adding something to a blocklist pre-emptively?
[+] [-] Tao3300|2 years ago|reply