At least three major torrent sites are currently exposing intimate details of their operations to anyone with a web browser. TorrentFreak understands that the sites use a piece of software that grabs brand-new content from other sites before automatically uploading it to their own. A security researcher tried to raise the alarm but nobody will listen. From the report: To get their hands on the latest releases as quickly as possible, [private torrent sites, or private trackers as they're commonly known] often rely on outside sources that have access to so-called 0-Day content, i.e, content released today. The three affected sites seem to have little difficulty obtaining some of their content within minutes. At least in part, that's achieved via automation. When outside suppliers of content are other torrent sites, a piece of software called Torrent Auto Uploader steps in. It can automatically download torrents, descriptions, and associated NFO files from one site and upload them to another, complete with a new .torrent file containing the tracker's announce URL. The management page [here] has been heavily redacted because the content has the potential to identify at least one of the sites. It's a web interface, one that has no password protection and is readily accessible by anyone with a web browser. The same problem affects at least three different servers operated by the three sites in question.

Torrent Auto Uploader relies on torrent clients to transfer content. The three sites in question all use rTorrent clients with a ruTorrent Web UI. We know this because the researcher sent over a whole bunch of screenshots and supporting information which confirms access to the torrent clients as well as the Torrent Auto Uploader software. The image [here] shows redactions on the tracker tab for good reason. In a regular setup, torrent users can see the names of the trackers coordinating their downloads. This setup is no different except that these URLs reference three different trackers supplying the content to one of the three compromised sites.

Rather than publish a sequence of completely redacted screenshots, we'll try to explain what they contain. One begins with a GET request to another tracker, which responds with a torrent file. It's then uploaded to the requesting site which updates its SQL database accordingly. From there the script starts checking for any new entries on a specific RSS feed which is hidden away on another site that has nothing to do with torrents. The feed is protected with a passkey but that's only useful when nobody knows what it is. The same security hole also grants direct access to one of the sites tracker 'bots' through the panel that controls it. Then there's access to 'Staff Tools' on the same page which connect to other pages allowing username changes, uploader application reviews, and a list of misbehaving users that need to be monitored. That's on top of user profiles, the number of torrents they have active, and everything else one could imagine. Another screenshot featuring a torrent related to a 2022 movie reveals the URL of yet another third-party supplier tracker. Some basic queries on that URL lead to even more torrent sites. And from there, more, and more, and more -- revealing torrent passkeys for every single one on the way.

A torrent site user accused of downloading and uploading at least 120TB of movies, TV shows, eBooks, music and software, has avoided an immediate prison term. The 28-year-old was arrested as part of a police operation against DanishBytes. A member of the same site was sentenced earlier this month after he uploaded Netflix content obtained using hacked credentials. TorrentFreak reports: Early November 2021, Denmark's Public Prosecutor for Special Economic and International Crime (SOIK) announced that six people had been arrested following criminal referrals by Rights Alliance. All were members and/or operators of ShareUniversity and DanishBytes. Prosecution of site operators is not uncommon but when it's deemed in the public interest, pirate site users can also face charges. Every case is unique so criteria differ, especially across national borders, but when evidence shows large volumes of infringement, successful prosecutions become more likely. That was the case when a former DanishBytes user was sentenced last week. According to Danish anti-piracy group Rights Alliance, the 28-year-old man was a regular site member and wasn't involved in running the site. That being said, evidence showed that for the period January 2021 to November 2021, he downloaded and/or uploaded no less than 3,000 copyrighted works, including movies, TV shows, music, books, audiobooks and comics.

Information released by the National Unit for Special Crimes (NSK), a Danish police unit focused on cybercrime, organized crime, and related financial crime, reveals that the user's traffic statistics interested prosecutors. "During the period, the man downloaded no less than 100 TB and uploaded no less than 20 TB of copyrighted material," NSK says. BitTorrent trackers operating a ratio model usually insist on a better ratio of downloads to uploads but DanishBytes' situation was out of the ordinary.

The site launched in January 2021 in the wake of other sites being shut down, so had to get going from a standing start with no users. Even when arrests were being made, the site still had a relatively small userbase, which can limit opportunities to upload more. That may have been a blessing in disguise. Faced with the evidence, the man decided to plead guilty and was sentenced last week at the Court in Vibourg. In common with similar prosecutions recently, he received a suspended conditional sentence of 60 days' probation, 80 hours of community service, and confiscation of his computer equipment. The case against the DanishBytes user began with a Rights Alliance investigation and a referral to the police. As part of his sentence, the man must pay the anti-piracy group DKK 5,000 (US$600) in compensation but Rights Alliance director Maria Fredenslund is focused on the deterrent effect of another successful prosecution.

The UK Treasury has opened an account on Discord to a torrent of abuse from users of the gamer-focused chat app -- abuse they managed to send despite the government blocking all comments on the service. The Guardian reports: With its community-focused approach, where servers encourage tight-knit groups to form and discuss issues related to the overall focus of the topic, Discord may seem an odd fit for the strait-laced world of government communications. But the app has a lot of users interested in finance, thanks to solid take-up among day traders and crypto fans, two groups the Treasury is eager to connect with. The result: a read-only Discord server, where the only user who is allowed to post is the snappily named HMTreasurySocialAdmin1, who shares tweet-length news about the Treasury and chancellor.

But trolls will always find a way. Although posting is banned, emoji reactions are enabled, letting any user respond to a post from the Treasury with a single emoji, and new users are cheerily announced in a "welcome" channel. That means the Treasury's server has been eagerly posting automated messages such as, "Welcome, LOCK UP PRINCE ANDREW. We hope you brought pizza," and "Welcome Jeremy Corbyn. Say hi!". The latter does not appear to be the real account of the former leader of the opposition. [...] UPDATE: Emoji reactions and the welcome channel vanished but eventually returned. According to the HM Treasure admin, Discord is the reason to blame for the issues.

"Due to the rapid growth of today's channel which has seen over 7,000 members join, a technical difficulty has led to reactions being paused," a post in the news channel read. "We are working with Discord to get reactions turned back on." The trolling can be continued here.

The Court of Rome has confirmed that Cloudflare must block three torrent sites through its public 1.1.1.1 DNS resolver. The order applies to kickasstorrents.to, limetorrents.pro, and ilcorsaronero.pro, three domains that are already blocked by ISPs in Italy following an order from local regulator AGCOM. TorrentFreak reports: Disappointed by the ruling, Cloudflare filed an appeal at the Court of Milan. The internet infrastructure company doesn't object to blocking requests that target its customers' websites but believes that interfering with its DNS resolver is problematic, as those measures are not easy to restrict geographically. "Because such a block would apply globally to all users of the resolver, regardless of where they are located, it would affect end users outside of the blocking government's jurisdiction," Cloudflare recently said. "We therefore evaluate any government requests or court orders to block content through a globally available public recursive resolver as requests or orders to block content globally." At the court of appeal, Cloudflare argued that DNS blocking is an ineffective measure that can be easily bypassed, with a VPN for example. In addition, it contested that it is subject to the jurisdiction of an Italian court.

Cloudflare's defenses failed to gain traction in court and its appeal was dismissed. DNS blocking may not be a perfect solution, but that doesn't mean that Cloudflare can't be compelled to intervene. [...] Cloudflare believes that these types of orders set a dangerous precedent. The company previously said that it hadn't actually blocked content through the 1.1.1.1 Public DNS Resolver. Instead, it implemented an "alternative remedy" to comply with the Italian court order.

Less than 1% of used clothing gets recycled into new garments, overwhelming countries like Ghana with discards. From a report: It's a disaster decades in the making, as clothing has become cheaper, plentiful and ever more disposable. Each year the fashion industry produces more than 100 billion apparel items, roughly 14 for every person on Earth and more than double the amount in 2000. Every day, tens of millions of garments are tossed out to make way for new, many into so-called recycling bins. Few are aware that old clothes are rarely recycled into new ones because the technology and infrastructure don't exist to do that at scale.

Instead, discarded garments enter a global secondhand supply chain that works to prolong their life, if only a little, by repurposing them as cleaning rags, stuffing for mattresses or insulation. But the rise of fast fashion -- and shoppers' preference for quantity over quality -- has led to a glut of low-value clothing that threatens to tank the economics of that trade and inordinately burdens developing countries. Meanwhile, the myth of circularity spreads, shielding companies and consumers from the inconvenient reality that the only way out of the global textile waste crisis is to buy less, buy better and wear longer. In other words, to end fast fashion.

[...] Globally, less than 1% of used clothing is actually remade into new garments, according to the Ellen MacArthur Foundation, a UK nonprofit. (In contrast, 9% of plastic and about half of paper gets recycled.) The retailers have vowed that what they collect will never go to landfill or waste. But the reality is far messier. Garments dropped at in-store take-back programs enter the multibillion-dollar global secondhand supply chain, joining a torrent of discards from charity bins, thrift stores and online resale platforms like ThredUp and Sellpy. The complex task of sorting through that waste stream falls to a largely invisible global industry of brokers and processors. Their business depends on exporting much of the clothing to developing countries for rewear. It's the most profitable option and, in theory, the most environmentally responsible, because reusing items consumes less resources than recycling them.

The RIAA has submitted its most recent overview of notorious markets to the U.S. Trade Representative. As usual, the music industry group lists various torrent sites, cyberlockers and stream-ripping services as familiar suspects. In addition, several 'AI-based' music mixers and extractors are added as an emerging threat. TorrentFreak reports: "There are online services that, purportedly using artificial intelligence (AI), extract, or rather, copy, the vocals, instrumentals, or some portion of the instrumentals from a sound recording, and/or generate, master or remix a recording to be very similar to or almost as good as reference tracks by selected, well known sound recording artists," RIAA writes.

Songmastr is one of the platforms that's mentioned. The service promises to "master" any song based on the style of well-known music artists such as Beyonce, Taylor Swift, Coltrane, Bob Dylan, James Brown and many others. The site's underlying technology is powered by the open-source Matchering 2.0 code, which is freely available on GitHub. And indeed, its purported AI capabilities are prominently in the site's tagline. "This service uses artificial intelligence and is based on the open source library Matchering. The algorithm masters your track with the same RMS, FR, peak amplitude and stereo width as the reference song you choose," Songmastr explains.

Where Artificial Intelligence comes into play isn't quite clear to us. The same can be said for the Acapella-Extractor and Remove-Vocals websites, which the RIAA lists in the same category. The names of these services are pretty much self-explanatory; they can separate the vocals from the rest of a track. The RIAA logically doesn't want third parties to strip music or vocals from copyrighted tracks, particularly when these derivative works are further shared with others. While Songmastr's service is a bit more advanced, the RIAA sees it as clearly infringing. After all, the original copyrighted tracks are used by the site to create derivative works, without the necessary permission. [...] The RIAA is clearly worried about these services. Interestingly, however, the operator of Songmastr and Acapella-Extractor informs us that the music group hasn't reached out with any complaints. But perhaps they're still in the pipeline. The RIAA also lists various torrent sites, download sites, streamrippers, and bulletproof ISPs in its overview, all of which can be found in the full report (PDF) or listed at the bottom of TorrentFreak's article.

An anonymous reader quotes a report from TorrentFreak: The Motion Picture Association (MPA) has sent its latest overview of notorious piracy markets to the US Government. The Hollywood group, which also represents Netflix, lists a broad variety of online piracy threats. Aside from traditional pirate sites, it also includes domain registries, hosting providers, advertisers, and apps. [...] The MPA report typically provides a detailed overview of the piracy landscape. This year, the USTR further asked rightsholders to explain how piracy impacts US workers. According to the movie industry group, the effect is significant. "In 2020, there were an estimated 137.2 billion visits to film and TV piracy sites globally, which cost the U.S. economy at least $29.2 billion in lost revenue each year. Specifically, piracy has been estimated to reduce employment in our industry between 230,000 and 560,000 jobs," MPA writes, citing external research. The MPA notes that piracy is a global problem that requires cooperation from the broader Internet ecosystem. Services that see themselves as neutral intermediaries, operating parts of the core Internet infrastructure, should take responsibility. "All stakeholders in the internet ecosystem -- including hosting providers, DNS providers, cloud services, advertising networks, payment processors, social networks, and search engines -- should actively seek to reduce support for notoriously infringing sites," MPA writes.

The industry group views Cloudflare as part of this group and mentions the US company by name in its submission. "Cloudflare's customers include some of the most notorious, longstanding pirate websites in the world, including the massively popular streaming site cuevana3.me and The Pirate Bay," MPA notes, adding that repeated notices of infringement elicited no action on Cloudflare's part. The notorious markets list is limited to non-US operations, so Cloudflare itself isn't one of the MPA's targets. Various other Internet services are, including several third-party intermediaries. The MPA's list of notorious markets calls out domain name registries, including the Russian .RU registry, and the companies that maintain the records for the .CH, .CC, .IO, .ME and .TO domain names. These continue to keep pirate sites on board, despite numerous complaints. The same is true for the payment provider VoguePay, which is reportedly quite popular among IPTV services. In addition, advertisers such as 1XBET and Propeller Ads are called out as well. The latter company rebutted MPA's accusations last year but that didn't prevent it from being highlighted again.

Hosting companies are also cited as intermediaries that could and should do more. Instead, some find themselves appealing to pirate services with products such as "bulletproof" hosting. Squitter.eu and Amaratu are two such examples, the MPA reports. In addition to third-party intermediaries, there is also a category of services that caters to pirates directly. These "piracy as a service" (PaaS) companies offer tools that allow people to start a pirate site with minimal effort. "PaaS encompasses a suite of often off-the-shelf services that make it easy for would-be pirates without any technical knowledge to create, operate, and monetize a fully functioning pirate operation," MPA writes. [...] Actual pirate sites themselves are also mentioned, including the usual suspects The Pirate Bay, RARBG and YTS. In addition to torrent sites, the MPA also lists direct download hubs, streaming portals and linking sites, including Uptobox.com, Fmovies.to and Egy.best. Various dedicated piracy apps get a mention as well, and the MPA further includes a long list of unauthorized IPTV services. The anti-piracy group says that it has identified more than a thousand pirate IPTV platforms, so the list provided to the USTR is certainly not exhaustive. In fact, the MPA says that all companies, sites, and services are part of a broader piracy problem. Those flagged in the MPA's report are just examples of some of the worst offenders, nothing more. A list of all sites and services that are highlighted and categorized in MPA's notorious markets submission (PDF) can be found in the article.

Florida's attorney general on Wednesday asked the Supreme Court to decide whether states have the right to regulate how social media companies moderate content on their services, a move that sends one of the most controversial debates of the internet age to the country's highest court. From a report: In its petition, the state asks the court to determine whether the First Amendment prohibits a state from requiring that platforms host certain communications and also whether the states can require companies to provide an explanation to users when they remove their posts. The petition sets up the most serious test to date of assertions that Silicon Valley companies are unlawfully censoring conservative viewpoints. The decision could have wide-ranging effects on the future of democracy and elections, as tech companies play an increasingly significant role in disseminating news and information about politics. Critics of the state social media laws and tech industry representatives also warn that if the Florida law were to take effect, it could lead to a torrent of hate speech, misinformation and other violent content that some major social media companies' policies currently prohibit. The petition is a response to a decision by the U.S. Court of Appeals for the 11th Circuit earlier this year that major provisions of a Florida social media law violated the Constitution's First Amendment. The law would bar companies from banning politicians from their services.

What do you when people hate your $10 billion selfie? "Mark Zuckerberg, in response to a torrent of critical memes mocking the graphics of Meta's newest project, has heard his critics — and changed his selfie," reports CNN: Zuckerberg debuted Horizon Worlds, a virtual reality social app, in France and Spain earlier this week, sharing a somewhat flat, goofy digital avatar in front of an animated Eiffel Tower and la Sagrada Família.

The internet immediately jumped in, mocking what many users viewed as (hopefully) preliminary graphics for a venture that Meta has spent at least $10 billion in the last year.

New York Times tech columnist Kevin Roose compared the graphics to "worse than a 2008 Wii game" on Twitter. Slate used the term " buttcheeks." Twitter was less kind: "eye-gougingly ugly" and "an international laughing stock" popping up. Many compared it to early 90's graphics and pointed out how lifeless and childish the Zuckerberg selfie looked. It quickly won the designation "dead eyes."

Well, Zuckerberg has apparently seen the memes, because on Friday he announced there are major updates coming — along with new avatar graphics.
In a CNBC report on how Zuckerberg "is getting dragged on the internet for how ugly the graphics of this game are," they'd actually quoted a Forbes headline that asked, "Does Mark Zuckerberg not understand how bad his metaverse is?"

An anonymous reader quotes a report from TorrentFreak: An Italian court has ordered Cloudflare to block three torrent sites on its public DNS resolver 1.1.1.1. The anti-piracy measures were requested by local music industry group FIMI and anti-piracy group FPM. [...] Rightsholders agree that there's no silver bullet to stop piracy, but they argue that Cloudflare can and should do more to address the problem. In a case before the Court of Milan, they argued that Cloudflare should go even further. In court, anti-piracy outfit FPM and the music group FIMI pointed out that Cloudflare's DNS resolver is problematic too. This DNS resolver helps people to access pirate sites, even when the sites are not using Cloudflare's CDN services. As such, Cloudflare should be required to block problematic sites on its DNS servers too. After hearing these arguments the Milan Court agreed. It issued an interim injunction that requires Cloudflare to block three torrent sites: kickasstorrents.to, limetorrents.pro and ilcorsaronero.pro. These sites are already blocked by ISPs in Italy following an order from local regulator AGCOM.

This is the first time that Cloudflare has been ordered to make pirate sites unavailable through its public DNS resolver 1.1.1.1. This is an important expansion since many Italians switched to public DNS resolvers to bypass ISP blocking measures. With the court order, rightsholders can remove this shortcut. "We welcome the Court's decision which will further strengthen the ongoing infringing site blocking program performed by AGCOM in Italy, whilst also increasing the efficiency of the enforcement actions carried out by the rightsholders to protect their online content," says FIMI CEO Enzo Mazza. [...] In theory, similar injunctions could follow against other DNS providers as well, including Google and OpenDNS. "The ruling opens the door to others that offer similar services, such as Google," Mazza told local media.

An anonymous reader shares a report: The Pakistani operator of popular torrent site MKVCage can be held personally liable for contributory copyright infringement in the US. The case in question was filed by the makers of the film Hellboy. US District Court Judge Seabright concludes that the use of US-based services invokes jurisdiction, even though a magistrate judge concluded otherwise.

Andy Maxwell, reporting for TorrentFreak: In response to Russia's invasion of Ukraine, several Hollywood studios announced the immediate suspension of new releases in Russia. Unexpectedly, some Russian theaters are still able to show movies such as The Batman on the big screen but this isn't down to the studios. The movies are sourced from illegal torrent sites and few seem afraid to admit it.

This week saw the 36th anniversary of the Chernobyl disaster -- which had occurred just days before the Soviet Union's annual May Day celebration in 1986 -- and featured lots of patriotic outdoor parades.

At the time Lev Golinkin was a 6-year-old living less than 300 miles away in the Ukrainian town now called Kharkiv. Writing for CNN, Golinkin remembers that Moscow "had remained silent, refusing to admit anything had occurred until the radioactive cloud from Chernobyl was detected in Scandinavia on April 28, making it impossible to hide the catastrophe any longer." Even then, Golinkin remembers that they "grossly downpayed the issue...." On April 29, three days after the Chernobyl disaster, Moscow issued a terse television announcement informing citizens that a reactor was damaged and aid was being provided to those who required it. The announcement was less than 20 seconds

The days and weeks that followed were filled with a torrent of rumors and innuendo swirling around living rooms across the USSR while Moscow continued to pile over the explosion with secrecy and obfuscation. The Politburo began to loosen up restrictions on freedom of speech, but the confusion remained. No one knew the truth, but everyone knew the Kremlin was lying -- and that was about the only certainty around...

[T]here was no rationalizing away the radiation. Moscow's refusal to cancel May Day festivities exposed the hollow horror of the Soviet Union -- even the most faithful believers in communism realized they lived in a country that thrust millions of people into danger just so it could hold a parade. Soviet Premier Mikhail Gorbachev himself admitted Chernobyl -- which eroded faith in the Soviet system, poisoned vast tracts of land and cost billions to clean up -- contributed to the collapse of the USSR more than any other factor. Decades of Moscow's secrecy around the disaster makes it impossible to arrive at an accurate estimate of casuaties, and to this day, experts continue to guess and reassess the true impact of Chernobyl....

For nearly 70 years, the Soviets in Kremlin had generations of citizens tolerate bloodshed papered over by mendacity and propaganda. The same is happening today, during Moscow's savage war in Ukraine. The media formats may be somewhat different, but the lies continue...

My family and I fled the Soviet Union in 1989. Watching the horrors in Ukraine unfold from America is surreal, in no small part because it feels like the intervening decades between the falls of communism and today have evaporated.

CNN profiles Bellingcat, a Netherlands-based investigative group specializing in "open-source intelligence". And investigator Christo Grozev tells CNN that authoritarian governments make their work easier, because "they love to gather data, comprehensive data, on ... what they consider to be their subjects, and therefore there's a lot of centralized data."

"And second, there's a lot of petty corruption ... within the law enforcement system, and this data market thrives on that." Billions have been spent on creating sophisticated encrypted communications for the military in Russia. But most of that money has been stolen in corrupt kickbacks, and the result is they didn't have that functioning system... It is shocking how incompetent they are. But it was to be expected, because it's a reflection of 23 years of corrupt government.
Interestingly there's apparently less corruption in China — though more whistleblowers. But Bellingcat's first investigation involved the 2014 downing of a Boeing 777 over eastern Ukraine that killed 283 passengers. (The Dutch Safety Board later concluded it was downed by a surface-to-air missile launched from pro-Russian separatist-controlled territory in Ukraine.) "At that time, a lot of public data was available on Russian soldiers, Russian spies, and so on and so forth — because they still hadn't caught up with the times, so they kept a lot of digital traces, social media, posting selfies in front of weapons that shoot down airliners. That's where we kind of perfected the art of reconstructing a crime based on digital breadcrumbs..."

"By 2016, it was no longer possible to find soldiers leaving status selfies on the internet because a new law had been passed in Russia, for example, banning the use of mobile phones by secret services and by soldiers. So we had to develop a new way to get data on government crime. We found our way into this gray market of data in Russia, which is comprised of many, many gigabytes of leaked databases, car registration databases, passport databases. Most of these are available for free, completely freely downloadable from torrent sites or from forums and the internet." And for some of them, they're more current. You actually can buy the data through a broker, so we decided that in cases when we have a strong enough hypothesis that a government has committed the crime, we should probably drop our ethical boundaries from using such data — as long as it is verifiable, as long as it is not coming from one source only but corroborated by at least two or three other sources of data. That's how we develop it. And the first big use case for this approach was the ... poisoning of Sergei and Yulia Skripal in 2018 (in the United Kingdom), when we used this combination of open source and data bought from the gray market in Russia to piece together who exactly the two poisoners were. And that worked tremendously....

It has been what I best describe as a multilevel computer game.... [W]hen we first learned that we can get private data, passport files and residence files on Russian spies who go around killing people, they closed the files on those people. So every spy suddenly had a missing passport file in the central password database. But that opened up a completely new way for us to identify spies, because we were just able to compare older versions of the database to newer versions. So that allowed us to find a bad group of spies that we didn't even know existed before.

The Russian government did realize that that's maybe a bad idea to hide them from us, so they reopened those files but just started poisoning data. They started changing the photographs of some of these people to similar looking, like lookalikes of the people, so that they confused us or embarrass us if we publish a finding but it's for the wrong guy. And then we'll learn how to beat that.
When asked about having dropped some ethical boundaries about data use, Grozev replies "everything changes. Therefore, the rules of journalism should change with the changing times." "And it's not common that journalism was investigating governments conducting government-sanctioned crimes, but now it's happening." With a country's ruler proclaiming perpetual supreme power, "This is not a model that traditional journalism can investigate properly. It's not even a model that traditional law enforcement can investigate properly." I'll give an example. When the British police asked, by international agreement, for cooperation from the Russian government to provide evidence on who exactly these guys were who were hanging around the Skripals' house in 2018, they got completely fraudulent, fake data from the Russian government....

So the only way to counter that as a journalist is to get the data that the Russian government is refusing to hand over. And if this is the only way to get it, and if you can be sure that you can prove that this is valid data and authentic data — I think it is incumbent on journalists to find the truth. And especially when law enforcement refuses to find the truth because of honoring the sovereign system of respecting other governments.
It was Bellingcat that identified the spies who's poisoned Russian opposition leader Alexey Navalny. CNN suggests that for more details on their investigation, and "to understand Vladimir Putin's stranglehold on power in Russia, watch the new film Navalny which premieres Sunday at 9 p.m. ET on CNN."

The movie's tagline? "Poison always leaves a trail."

An anonymous reader quotes a report from Motherboard: The NFT marketplace OpenSea is now facing at least three lawsuits over stolen cartoon apes after lawyers for a New York man filed a lawsuit in New York State Supreme Court claiming that his Bored Ape Yacht Club NFT was taken from him due to what he characterized as "security vulnerabilities" of the OpenSea platform. Lawyers unaffiliated with the cases told Motherboard that, whatever the merits of the individual suits, the situation has the potential to cause trouble for the $13 billion Web3 startup, often referred to as the "eBay of NFTs," as it could potentially reveal its inner workings and invite a torrent of other suits that the company will be forced to defend against. "I think they're sitting on a ticking bomb," said Max Dilendorf, a lawyer specializing in digital assets, cryptocurrency, and asset tokenization who is not involved in any of the Bored Ape lawsuits.

The newest $1 million lawsuit, filed on behalf of Michael Vasile, is similar to another lawsuit filed in February by the same lawyers on behalf of an aggrieved Texas man. In both cases, the men say they lost their apes because of alleged bugs in OpenSea's code that the company knew about but did not take appropriate steps to fix. A third ape-related lawsuit, filed in the U.S. District Court for the District of Nevada and also naming the NFT marketplace LooksRare and Yuga Labs, the company behind the Bored Ape Yacht Club, claimed OpenSea did not "implement common sense and reasonable security measures'' against fraud and instead put "all the onus" on users. Altogether, the cases against OpenSea and other platforms could prove to be an arena where the courts figure out if the platform or the individual should be to blame when people lose thousands of dollars in a matter of seconds to illicit and irreversible blockchain scams.

Regardless of the suits' merits, the unaffiliated lawyers said the OpenSea suits could place the popular NFT marketplace in a difficult position, as anything less than an all-out victory could invite a spate of similar lawsuits. Dilendorf added that OpenSea had reason to consider settling the case in order to avoid offering up the company's internal emails and documents during the discovery process. "I would not want to open up a Pandora's Box," Dilendorf said. "Because looking at how OpenSea operates the platform from a 10,000-foot view, it's very, very questionable."

Blocking access to internet resources requires lots of hardware but due to sanctions, there are fears in Russia that a breakdown in systems operations may be just months away. Andy Maxwell, reporting for TorrentFreak: Russia's invasion of Ukraine has been going on for more than a month. It isn't going to plan. In parallel with the terrible images being shared around the world, Russia is using its infamous site-blocking systems to deny access to websites that dare to challenge the Kremlin's narrative of Putin's 'Special Operation.' Telecoms regulator Roscomnadzor is working harder than ever to maintain its blockades against everything from Google News, Twitter, Facebook, and Instagram, to the thousands of pirate sites and other resources on the country's blacklists. But, like the invasion itself, things aren't going to plan here either.

A little over a week ago, local telecoms operators supplying internet access to Russian citizens were ordered to carry out "urgent checks" on their ability to continue blocking sites deemed illegal by the state. ISPs were required to carry out an audit and liaise with telecoms regulator Roscomnadzor. Today is the reporting deadline but according to several sources, problems are apparent in the system. With accurate and critical reporting being all but strangled by the state, it is not absolutely clear who or what ordered the review but the consensus is that prescribed blocking standards aren't being met. As previously reported, local torrent site RuTracker suddenly found itself unblocked earlier this month, reportedly due to issues at an ISP. Problems are also reported with the Roscomnadzor-controlled 'TSPU' Deep Packet Inspection (DPI) system embedded into the networks of around 80 local ISPs and recently used to restrict Tor, VPNs and Twitter traffic.

An anonymous reader quotes a report from Ars Technica: With Russian gamers effectively cut off from purchases on most major gaming platforms due to corporate sanctions against the country, the Russian game developer behind indie darling Loop Hero is encouraging Russian customers to pirate the game. In a Sunday post on Russian social network VK (Google translated version), Loop Hero developer Four Quarters said, "In such difficult times, we can only help everyone to raise the pirate flag (together with vpn)" to get the game. The developer then included a link to a copy of Loop Hero on a popular Russian torrent tracker to aid in that process directly.

In a follow-up post the next day (Google translated version), Four Quarters insisted that "we didn't do anything special, there's nothing wrong with torrents." The company also notes that players wanting to offer the developer donations in lieu of buying the game should refrain. "The truth is that everything is fine with us, send this support to your family and friends at this difficult time," they wrote.

While players outside of Russia should still be able to purchase Loop Hero on Steam, Valve said earlier this month that banking issues prevented it from sending payments to developers in Russia, Belarus, and Ukraine (ironically enough). Valve recently told PC Gamer that developers in these countries will have to provide "intermediary banking information" in a foreign country to receive the payments they're due. "It's a very frustrating situation, and we hope to find the resolution soon," Valve wrote in a note to affected developers. Russia is reportedly considering legalizing software piracy to combat the sanctions imposed on the country for its invasion of Ukraine.

TorGuard has settled a copyright infringement lawsuit filed by several movie companies last year. The VPN provider stood accused of failing to take action against subscribers who were pirating films. As part of the settlement, TorGuard agrees to block BitTorrent traffic on U.S. servers; however, it stresses that user privacy is in no way affected by this decision. TorrentFreak reports: "Pursuant to a confidential settlement agreement, Plaintiffs have requested, and Defendant has agreed to use commercially reasonable efforts to block BitTorrent traffic on its servers in the United States using firewall technology," a joint statement reads. This is quite a far-reaching measure as a broad BitTorrent blockade will also affect legal traffic, which includes software updates from Twitter and Facebook. That said, people can still use BitTorrent on servers in other regions. [...]

The company confirms that it's blocking torrent traffic on U.S. servers, but that doesn't change anything for the privacy of users. "TorGuard has not been forced to log network usage data. Due to the nature of shared IP's and related hardware technicalities of how TorGuard's network was built it is impossible for us to do so," the VPN provider writes. "We have a responsibility to provide high quality uninterrupted VPN and proxy services to our client base at large while mitigating any related network abuse that should arise. This commitment to user privacy and service reliability is the reason we have taken measures to block Bittorrent traffic on servers within the United States."

From news reports and social media posts to Ukraine University and government websites, archivists are in a mad dash to preserve the country's online history. From a report: As the Russian invasion of Ukraine accelerates, professional and hobbyist archivists alike are rushing to preserve Ukraine's online history, cataloging and storing everything from Ukrainian government and university websites, to the torrent of news and social media posts related to the accelerating conflict. The Internet Archive has been archiving the broader conflict in Ukraine since 2014. But as Ukraine government websites face prolonged outages due to sustained cyber attack -- as well as the looming risk of defacement or deletion -- the organization has taken on another monumental task: backing up the entirety of the Ukrainian Internet.

Using the crowdsourced auto-archiving software running on a virtual machine they've dubbed Archive Team Warrior, the organization has leveraged volunteers around the world, many of whom have donated countless terabytes of storage capacity for the project. These volunteers have been steadily backing up the Ukrainian Internet since before the war began. All told, 68 million items (web pages, documents, and other files) comprising more than 2.5 TB of data have already been hoovered up from various websites across the .ua top level Ukrainian domain. A second project dubbed Ukr-net aims to preserve tens of millions of additional items and terabytes of additional data across the Ukrainian Internet. Elsewhere, organizations like the Center For Information Resilience have built a crowdsourced map attempting to document every single war-related post to social media made in the region, ranging from civilian photos of the movement of heavy Russian weaponry, to Ukranian government claims of alleged bombing raids on kindergardens.

Microsoft's Azure DDoS Protection team said that in November, it fended off what industry experts say is likely the biggest distributed denial-of-service attack ever: a torrent of junk data with a throughput of 3.47 terabits per second. Ars Technica reports: The record DDoS came from more than 10,000 sources located in at least 10 countries around the world. The DDoS targeted an unidentified Azure customer in Asia and lasted for about two minutes. The following month, Microsoft said, Azure warded off two other monster DDoSes. Weighing in at 3.25Tbps, the first one came in four bursts and lasted about 15 minutes. The second December DDoS reached a peak of 2.54Tbps and lasted about five minutes.

The record beats a 2.5Tbps attack that Microsoft mitigated in the first half of 2021. Previously, one of the biggest attacks was 2.37Tbps in size, a 35 percent increase over a record set in 2018. A separate DDoS in 2020 generated 809 million packets per second, which was also a record at the time. Packet-per-second DDoSes work by exhausting the computing resources of a server. More traditional volumetric attacks, by contrast, consume available bandwidth either inside the targeted network or service or get between the target and the rest of the Internet. The 3.7Tbps attack delivered roughly 340 million packets per second.