Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Thread Tools Search this Thread Display Modes
Old 08-10-21, 06:35 AM   #1
JackSpratts's Avatar
Join Date: May 2001
Location: New England
Posts: 9,927
Default Peer-To-Peer News - The Week In Review - October 9th, ’21

Since 2002

October 9th, 2021

Cloudflare Doesn’t Have to Cut Off Copyright-Infringing Websites, Judge Rules

Judge rules content-delivery service doesn't "contribute" to copyright infringement.
Jon Brodkin

Cloudflare is not liable for the copyright infringement of websites that use its content-delivery and security services, a federal judge ruled yesterday.

Cloudflare was sued in November 2018 by Mon Cheri Bridals and Maggie Sottero Designs, two wedding dress manufacturers and sellers that alleged Cloudflare was guilty of contributory copyright infringement because it didn't terminate services for websites that infringed on the dressmakers' copyrighted designs. The companies sought a jury trial, but Judge Vince Chhabria yesterday granted Cloudflare's motion for summary judgment in a ruling in US District Court for the Northern District of California.

Chhabria noted that the dressmakers have been harmed "by the proliferation of counterfeit retailers that sell knock-off dresses using the plaintiffs' copyrighted images" and that they have "gone after the infringers in a range of actions, but to no avail—every time a website is successfully shut down, a new one takes its place." Chhabria continued:

In an effort to more effectively stamp out infringement, the plaintiffs now go after a service common to many of the infringers: Cloudflare. The plaintiffs claim that Cloudflare contributes to the underlying copyright infringement by providing infringers with caching, content delivery, and security services. Because a reasonable jury could not—at least on this record—conclude that Cloudflare materially contributes to the underlying copyright infringement, the plaintiffs' motion for summary judgment is denied and Cloudflare's motion for summary judgment is granted.

While the ruling resolves the lawsuit's central question in Cloudflare's favor, the judge scheduled a case management conference for October 27 "to discuss what's left of the case."

Hundreds of counterfeiting websites

The companies' lawsuit said they "are two of the largest manufacturers and wholesalers of wedding dresses and social occasion wear in the United States" and "have developed many of the world's most unique and original wedding and social occasion dress patterns." They own the copyrights for those designs and for photographic images of the designs.

Most of the websites selling counterfeit versions of the dresses operate from China, the lawsuit said. In addition to Cloudflare, an amended complaint listed 500 "Doe" defendants whose real names were unknown. The lawsuit said the Cloudflare terms say that any violation of law justifies termination of service and that "CloudFlare's policy is to investigate violations of these terms of service and terminate repeat infringers."

The plaintiffs said they used a vendor called Counterfeit Technology to find over 365 infringing websites that are users of Cloudflare, including cabridals.com, bidbel.com, stydress.com, angelemall.co.nz, jollyfeel.com, russjoan.com, missydress.com.au, and livedressy.com. The plaintiffs said they sent Cloudflare thousands of takedown notices, and often up to four notices about the same infringing sites, but "Cloudflare has ignored these notices and takes no action after being notified of infringing content on its clients' websites.

"Specifically, even after learning of specific, identified acts of copyright infringement by the infringing websites through plaintiffs' takedown notices, Cloudflare continues to cache, mirror, and store a copy of the infringing websites and the infringing content on its data center servers, and to transmit upon request copies of the infringing content to visitors of the infringing websites," the amended complaint said. "Cloudflare's contributions allow the Internet browsers of visitors to the infringing websites to access and load the infringing websites and content much faster than if the user was forced to access the infringing websites and content from the primary host absent Cloudflare's services."

The plaintiffs argued that Cloudflare should have terminated caching services to these websites, blocked traffic traveling through Cloudflare's network to the websites, "and reconfigur[ed] its firewall settings so that users trying to access the infringing domain would be redirected to a blank page."

Cloudflare: “Lawsuit based on a fundamental misunderstanding”

Cloudflare argued that the plaintiffs "brought this lawsuit based on a fundamental misunderstanding of Cloudflare's services, the contributory copyright infringement doctrine, and the Digital Millennium Copyright Act, all in pursuit of a statutory damages windfall that has nothing to do with the harm they claim to have suffered." A victory for the plaintiffs would amount to "an expansion of the contributory infringement doctrine far beyond its established limits," Cloudflare told the court.

Cloudflare continued:

Cloudflare is nothing like the search engines and peer-to-peer networks that the [US Court of Appeals for the] Ninth Circuit has found "significantly magnify otherwise immaterial infringements." Whereas Cloudflare's services protect against malicious attacks and at most confer a split-second advantage to the loading time of a website someone is already visiting, the services previously considered by the Ninth Circuit actually helped visitors find infringing material they otherwise never would have found. There also is no 'simple measure' that Cloudflare failed to take to prevent further infringements in this case. Unlike hosting providers, Cloudflare could not remove allegedly infringing material from the Internet, and there is no question that those images would have remained available and equally accessible on the accused websites without Cloudflare's services.

Cloudflare offers a mix of free and paid services.

Judge explains why Cloudflare isn’t liable

A defendant is liable for contributory copyright infringement if it has knowledge of another's infringement and materially contributes to or induces that infringement, the judge noted in his ruling against the dressmakers. "Simply providing services to a copyright infringer does not qualify as a 'material contribution,'" he wrote. "Rather, liability in the Internet context follows where a party 'facilitate[s] access' to infringing websites in such a way that 'significantly magnif[ies]' the underlying infringement."

Although a defendant can be found to materially contribute to copyright infringement if it acts as "an essential step in the infringement process," this should not be interpreted too broadly, the judge wrote.

"As the Ninth Circuit has recognized, the language used in these tests is 'quite broad' and could encompass much innocuous activity if considered out of context. An analysis of contributory copyright infringement must therefore be cognizant of the facts in the key cases in which liability has been found," Chhabria wrote.

Mon Cheri Bridals and Maggie Sottero Designs alleged that Cloudflare contributes to copyright infringement by providing performance-improvement services, including its content-distribution network and caching capabilities that improve the quality of webpages and make them load faster, Chhabria wrote. But the "plaintiffs have not presented evidence from which a jury could conclude that Cloudflare's performance-improvement services materially contribute to copyright infringement. The plaintiffs' only evidence of the effects of these services is promotional material from Cloudflare's website touting the benefits of its services. These general statements do not speak to the effects of Cloudflare on the direct infringement at issue here."

The plaintiffs did not prove that the faster website-load times enabled by Cloudflare "would be likely to lead to significantly more infringement." Additionally, Cloudflare removing infringing material from its cache would not prevent users from seeing the copyrighted images. "[R]emoving material from a cache without removing it from the hosting server would not prevent the direct infringement from occurring," Chhabria wrote.

Security services “make no difference” to users

The plaintiffs also tried to prove contributory infringement by pointing to Cloudflare security services that detect suspicious traffic and prevent attacks on a website's host. The judge dismissed this argument, writing:

Cloudflare's security services also do not materially contribute to infringement. From the perspective of a user accessing the infringing websites, these services make no difference. Cloudflare's security services do impact the ability of third parties to identify a website's hosting provider and the IP address of the server on which it resides. If Cloudflare's provision of these services made it more difficult for a third party to report incidents of infringement to the web host as part of an effort to get the underlying content taken down, perhaps it could be liable for contributory infringement. But here, the parties agree that Cloudflare informs complainants of the identity of the host in response to receiving a copyright complaint, in addition to forwarding the complaint along to the host provider.

The plaintiffs had also sought a summary judgment against the Doe defendants "but abandoned this motion in their reply brief," the judge wrote.

Singapore Passes Foreign Interference Law Allowing Authorities to Block Internet Content

Experts have raised alarm the bill is a tool to crush dissent, with media watchdog saying it carries ‘the seeds of the worst totalitarian leanings’
Agence France-Presse

Singapore’s parliament has passed a law aimed at preventing foreign interference in domestic politics, which the opposition and activists have criticised as a tool to crush dissent.

The law, approved after a marathon session that stretched to near midnight on Monday, would allow authorities to compel internet service providers and social media platforms to provide user information, block content and remove applications used to spread content they deem hostile.

Groups and individuals involved in local politics can be designated as “politically significant persons”, which would require them to disclose foreign funding sources and subject them to other “countermeasures” to reduce the risk of overseas meddling.

Violators risk prison terms and hefty fines on conviction.

Campaigners say it is the latest piece of draconian legislation to be rolled out in a city-state where authorities are frequently accused of curbing civil liberties.

But in a lengthy address to parliament, law and home affairs minister K Shanmugam said Singapore was vulnerable to “hostile information campaigns” carried out from overseas and through local proxies.

“The internet has created a powerful new medium for subversion,” he said.

“Countries are actively developing attack and defence capabilities as an arm of warfare, equal to, and more potent than, the land, air and naval forces.”

His People’s Action Party, which has governed Singapore for more than six decades, stamped its parliamentary majority to push for the bill’s passage with 75 “yes” votes. There were 11 “no” votes and two abstentions.

The main opposition Workers’ Party had called for changes to be made to the draft bill, raising concerns about its broad provisions, while another opposition group called for further consultations.

Phil Robertson, deputy Asia director for Human Rights Watch, said Singapore used foreign influence as a “bogeyman to justify their expanded persecution of opposition politicians, civil society activists and independent media”.

Singapore’s international reputation “will take the hardest knock” from the new law, he said.

Media watchdog Reporters Without Borders (RSF) has warned the bill carries “the seeds of the worst totalitarian leanings”.

“This bill institutionalises the persecution of any domestic entity that does not toe the line set by the government and ruling party, starting with independent media outlets,” Daniel Bastard, the head of RSF’s Asia-Pacific desk, said.

He also warned there was a “lack of independent legal recourse for those who are given orders by the government” – although Shanmugam insisted the bill provided for adequate judicial review.

Independent media have faced increasing pressure in the city-state, with leading news website the Online Citizen suspended last month for failing to declare its funding sources. Mainstream media is mostly pro-government.

The bill comes two years after the introduction of a law aimed at combatting online misinformation that was criticised by rights groups and tech giants for curbing free speech.

New Study Reveals iPhones Aren't as Private as You Think
Paul Wagenseil

Android phones collect more data by volume, but iPhones collect more types of data, a study finds

Google's Android operating system is a privacy nightmare, a new study of cellphone data collection finds. Yet it turns out Apple's iOS is a privacy nightmare too.

"Both iOS and Google Android share data with Apple/Google on average every 4.5 [minutes]," a research paper published last week by Trinity College in Dublin says. "The 'essential' data collection is extensive, and likely at odds with reasonable user expectations."

Much of this data collection takes place after the phone is first turned on, before the user logs into an Apple or Google account, and even when all optional data-sharing settings are disabled.

"Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this," the paper adds. "However, Google collects a notably larger volume of handset data than Apple."

Quantity vs. quality

The study, led by Douglas J. Leith of Trinity's School of Computer Science & Statistics, found that Android phones send roughly 20 times as much data to Google servers as iPhones send to Apple servers.

"During the first 10 minutes of startup, the [Google] Pixel handset sends around 1MB of data ... to Google compared with the iPhone sending around 42KB of data to Apple," the paper said.

"When the handsets are sitting idle, the Pixel sends roughly 1MB of data to Google every 12 hours compared with the iPhone sending 52KB to Apple."

However, the researchers' iPhone transmitted more kinds of data, including device location, the device's local Internet Protocol (IP) address and the Wi-Fi network identifiers — the MAC addresses — of other devices on the local network, including home Wi-Fi routers.

The Android phone did not send back those types of data. The implication is that Apple might be collecting more data about nearby devices than Google does.

"It takes only one device to tag the home gateway [Wi-Fi router] MAC address with its GPS location and thereafter the location of all other devices reporting that MAC address to Apple is revealed," the study found.

The "sharing of these Wi-Fi MAC addresses" lets Apple, the paper said, build a "social graph" or relationship map of all Apple devices on a local network, indicating how users of those devices "in the same household, office, shop [or] cafe" might know and associate with each other.
Phones can't stay quiet, even when you're not using them

Both the iPhone and Android phone called home to Apple and Google servers every 4 or 5 minutes while the phones were left idle and unused for several days. The phones were powered on and plugged in, but the users had not yet logged into Apple or Google accounts.

Even when the iPhone user stayed logged out of their Apple account, the iPhone still sent identifying cookies to iCloud, Siri, the iTunes Store and Apple's analytics servers while the iPhone was idle. It also sent information about nearby devices sharing the same Wi-Fi network.

When location services were enabled on the iPhone, its latitude and longitude were transmitted to Apple servers.

On Android, data is sent to Google Play servers every 10 to 20 minutes even when the user is not logged in. Certain Google apps also send data, including Chrome, Docs, Messaging, Search and YouTube, although only YouTube sends unique device identifiers.

Even when the iPhone user stayed logged out of their Apple account, the iPhone still sent identifying cookies to iCloud, Siri, the iTunes Store and Apple's analytics servers while the iPhone was idle. It also sent information about nearby devices sharing the same Wi-Fi network.

'Remarkably similar' data collection

Leith and his colleagues ignored what kind of data apps send back to servers, because many studies have been done on that already. Instead, the study focused on what kinds of data the core operating systems sent back to Apple or Google servers.

"Much less attention has been paid to the data sharing by the handset operating system with the mobile OS developer," the paper said. "To the best of our knowledge, there has been no previous systematic work reporting measurements of the content of messages sent between iOS and its associated backend servers."

The researchers studied network traffic from both types of phones during six scenarios: during initial startup after a factory reset; when a SIM card was added or removed; during a prolonged idle state; during viewing of the settings screen; when enabling or disabling location services; and when logging into the App Store or the Google Play store.

Researchers essentially staged a man-in-the-middle attack on the phones, setting up a laptop to serve as a Wi-Fi hotspot while disabling cellular connections on the phones.

Traffic from the phones ran through the laptop, which decrypted logged and analyzed data, then re-encrypted the data and sent it on its way to the destination servers.

The phones used in the testing were an Apple iPhone 8 running iOS 13.6.1 and a Google Pixel 2 running Android 10. Both were jailbroken or rooted so that the researchers could add new HTTPS server certificates matching those on the man-in-the-middle laptop, permitting decryption of traffic.

The researchers said they were motivated to conduct this study because of the COVID-19 contact-tracing apps that had attracted a lot of publicity in Europe, especially in the United Kingdom and Ireland, in the past year. They found that in the long run, there wasn't much difference between Android and iOS in terms of gathering user data.

"On an iPhone running a COVID contact-tracing app the data collection by Apple iOS is remarkably similar to that by Google Play Services on Android phones," the paper said. "Users appear to have no option to disable this data collection by iOS."

Researchers get 'silence' from Apple

The Trinity College researchers reached out to both Apple and Google to notify them of the findings and seek comment.

"To date Apple have responded only with silence," the study paper said. "We sent three emails to Apple's Director of User Privacy, who declined even to acknowledge receipt of an email, and also posted an information request at the Apple Privacy Enquiries contact page ... but have had no response."

Google did respond with what the researcher characterized as "a number of comments and clarifications," all incorporated into the report, and said it "intend[ed] to publish public documentation on the telemetry data" it collected.

"This research outlines how smartphones work," a Google spokesperson told Tom's Guide following our query. "Modern cars regularly send basic data about vehicle components, their safety status and service schedules to car manufacturers, and mobile phones work in very similar ways."

"This report details those communications, which help ensure that iOS or Android software is up to date, services are working as intended, and that the phone is secure and running efficiently," the spokesperson added.

According to Google, the researchers' estimates of the volume of data sent by iOS devices to Apple servers does not account for data sent from Apple servers back to iOS devices.

An Apple spokesperson told Tom's Guide that it, too, had issues with the study, noting that the researchers seemed to get several sources of data confused. The spokesperson added that users' personal data was nevertheless protected and could not be traced back to specific individuals.

So what can you do about this data collection?

"Currently there are few, if any, realistic options for preventing this data sharing," especially on iPhones, Leith concluded.

Android phones — or at least the Pixel that the researchers worked with — can be started with network connections disabled.

If the user then disables Google Play Services and the Google Play and YouTube apps before connecting to the network, "this prevented the vast majority of the data sharing with Google," the paper said.

Those suddenly non-Google Android phones would need to use other app stores, much as Amazon Fire tablets or Huawei phones do. (Connecting to Amazon or Huawei raises other privacy issues.)

But iPhone users are stuck, because their devices need a network connection to be activated.

If users "choose to use an iPhone," the study observed, "then they appear to have no options to prevent the data sharing that we observe."

Until next week,

- js.

Current Week In Review

Recent WiRs -

October 2nd, September 25th, September 18th, September 11th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.

"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
Thanks For Sharing
JackSpratts is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM

All times are GMT -6. The time now is 09:01 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2021