Google Publishes Chrome Fix For Serious VPN Security Hole

As large numbers of Internet users wise up to seemingly endless online privacy issues, security products are increasingly being viewed as essential for even basic tasks such as web browsing.

In addition to regular anti-virus, firewall and ad-busting products, users wishing to go the extra mile often invest in a decent VPN service which allow them to hide their real IP addresses from the world. Well that’s the theory at least.

January this year details of a serious vulnerability revealed that in certain situations third parties were able to discover the real IP addresses of Chrome and Firefox users even though they were connected to a VPN.

This wasn’t the fault of any VPN provider though. The problem was caused by features present in WebRTC, an open-source project supported by Google, Mozilla and Opera.

By placing a few lines of code on a website and using a STUN server it became possible to reveal not only users’ true IP addresses, but also their local network address too.

While users were immediately alerted to broad blocking techniques that could mitigate the problem, it’s taken many months for the first wave of ‘smart’ solutions to arrive.

Following on the heels of a Chrome fix published by Rentamob earlier this month which protects against VPN leaks while leaving WebRTC enabled, Google has now thrown its hat into the ring.

Titled ‘WebRTC Network Limiter‘, the tiny Chrome extension (just 7.31KB) disables the WebRTC multiple-routes option in Chrome’s privacy settings while configuring WebRTC not to use certain IP addresses.

In addition to hiding local IP addresses that are normally inaccessible to the public Internet (such as, the extension also stops other public IP addresses being revealed.

“Any public IP addresses associated with network interfaces that are not used for web traffic (e.g. an ISP-provided address, when browsing through a VPN) [are hidden],” Google says.

“Once the extension is installed, WebRTC will only use public IP addresses associated with the interface used for web traffic, typically the same addresses that are already provided to sites in browser HTTP requests.”

While both the Google and Rentamob solutions provide more elegant responses to the problem than previously available, both admit to having issues.

“Some WebRTC functions, like VOIP, may be affected by the multiple routes disabled setting. This is unavoidable,” Rentamob explains.

Google details similar problems, including issues directly linked to funneling traffic through a VPN.

“This extension may affect the performance of applications that use WebRTC for audio/video or real-time data communication. Because it limits the potential network paths, WebRTC may pick a path that results in significantly longer delay or lower quality (e.g. through a VPN). We are attempting to determine how common this is,” the company concludes.

After applying the blocks and fixes detailed above, Chrome users can check for IP address leaks by using sites including IPLeak and BrowserLeaks.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services.

Source: TorrentFreak

Twitter Sued for Failing to Remove Copyrighted Photo

pirate-twitterIn common with many other user-generated sites, Twitter is used by some of its members to host or link to copyright infringing material.

If rightsholders submit a takedown request, Twitter swiftly takes the infringing content down. This policy made headlines just a few days ago when Twitter removed several tweets that republished a joke without attribution.

However, a new lawsuit suggests that Twitter’s takedown efforts are not always this effective.

This week award-winning photographer Kristen Pierson filed a complaint (pdf) against Twitter at a California District Court. Pierson accuses Twitter of hosting or linking to one of her works without permission.

“A Twitter user or users copied the Infringing Image without license or permission from Pierson and on information and belief sent one or more Tweets publicizing and linking to it. The Infringing Uses were hosted either on Twitter or on third-party servers,” the complaint reads.

Under U.S. law Internet services are not liable for the copyright infringements of their users, as long as they respond to takedown requests. But Twitter failed to do that, Pierson says.

On March 4 of last year Pierson sent a notice to Twitter’s registered DMCA agent pointing out that one of her photos of Dragonforce guitarist Herman Li was being shared illegally. More than a year passed by but she received no response.

The takedown notice


The Twitter account which allegedly posted the image is no longer online, but even today the infringing image is still present on Twitter’s servers and accessible through the url.

Pierson doesn’t mention whether she sent any follow-ups to the original request. TF searched for the notice in question on where Twitter publishes its takedown notices, but it’s not listed there.

In the complaint the photographer asks for a restraining order preventing Twitter from hosting or linking to her work. In addition, Pierson demands both statutory and actual damages which could well exceed $150,000.

This is not the first time that Twitter has been sued by a photographer over a failed takedown response. Christopher Boffoli previously sued the company for the same offense. The case was settled out of court.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services.

Source: TorrentFreak

Sweden’s Largest Streaming Site Will Close After Raid

swefilmlogoWhile millions associate Sweden with BitTorrent through its connections with The Pirate Bay, over the past several years the public has increasingly been obtaining its content in other ways.

Thanks to cheap bandwidth and an appetite for instant gratification, so-called streaming portals have grown in popularity, with movies and TV shows just a couple of clicks away in convenient Netflix-style interfaces.

Founded in 2011, Swefilmer is currently Sweden’s most popular streaming movie and TV show site. Research last year from Media Vision claimed that 25% of all web TV viewing in the country was carried out on Swefilmer and another similar site, Dreamfilm.

According to Alexa the site is currently the country’s 100th most popular domain, but in the next three days it will shut down for good.


The revelation comes from the site’s admin, who has just been revealed as local man Ola Johansson. He says that a surprise and unwelcome visit made it clear that he could not continue.

In a YouTube video posted yesterday, Johansson reports that earlier this month he was raided by the police who seized various items of computer equipment and placed him under arrest.

“It’s been a tough month to say the least. On 8 July, I received a search by the police at home. I lost a computer, mobile phone and other things,” Johansson says.

While most suspects in similar cases are released after a few hours or perhaps overnight, Johansson says he was subjected to an extended detention.

ola“I got to sit in jail for 90 hours. When I came out on Monday [after being raided on Wednesday] the site had been down since Friday,” he explains.

The Swede said he noticed something was amiss at the beginning of July when he began experiencing problems with the Russian server that was used to host the site’s videos.

“It started when all things from disappeared. That’s the service where we have uploaded all the videos,” Johansson says.

While the site remains online for now, the Swede says that this Friday Swefilmer will close down for good. The closure will mark the end of an era but since he is now facing a criminal prosecution that’s likely to conclude in a high-profile trial, Johansson has little choice but to pull the plug.

The site’s considerable userbase will be disappointed with the outcome but there are others that are welcoming the crackdown.

“We are not an anonymous Hollywood studio,” said local director Anders Nilsson in response to the news.

“We are a group of film makers and we will not give up when someone spits in our faces by stealing our movies and putting them on criminal sites to share them in the free world. It is just as insulting as if someone had stolen the purely physical property.”

Aside from creating a gap in the unauthorized streaming market, the forthcoming closure of Swefilmer will have repercussions in the courtroom too, particularly concerning an important legal process currently playing out in Sweden.

Last November, Universal Music, Sony Music, Warner Music, Nordisk Film and the Swedish Film Industry filed a lawsuit in the Stockholm District Court against local ISP Bredbandsbolaget (The Broadband Company). It demands that the ISP blocks subscriber access to The Pirate Bay and also Swefilmer.

Even after negotiation Bredbandsbolaget refused to comply, so the parties will now meet in an October hearing to determine the future of website blocking in Sweden.

It is believed that the plaintiffs in the case were keen to tackle a torrent site and a streaming site in the same process but whether Swefilmer will now be replaced by another site is currently unknown. If it does, Dreamfilm could be the most likely candidate.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services.

Source: TorrentFreak

Internet Attacks Lion Killer With Poisoned Yelp Reviews

Internet Attacks Lion Killer With Poisoned Yelp Reviews

Walter Palmer killed one of Zimbabwe’s most beloved lions. And now he must face the wrath of the Internet. Today, new reports fingered Palmer, a Minnesota dentist, as one of the hunters who killed, decapitated and skinned a beloved and lion named Cecil on the African plains. Palmer told the Star Tribune he believed that […]

The post Internet Attacks Lion Killer With Poisoned Yelp Reviews appeared first on WIRED.

Source: Top Stories

RIAA Wants Domain Registrar to Expose ‘Pirate Site’ Owner

riaaDespite an increased availability of legal options, millions of people still stream MP3s from unofficial sources. These sites are a thorn in the side of the RIAA.

Going after these pirate sites is a problem, according to the music group, as the operators are often unknown and hidden behind Whois privacy services. This is one of the reasons why the RIAA is supporting an ICANN proposal to limit domain name privacy.

But even under current laws and regulations it’s often possible to find out who runs a website, through a DMCA subpoena for example. And a recent case shows that the process isn’t too hard.

A few days ago the RIAA obtained a DMCA subpoena from the U.S. District Court of Columbia ordering domain name registrar Dynadot to expose the personal details of a customer. These subpoenas are signed off by a clerk and don’t require any overview from a judge.

With the subpoena in hand RIAA asked Dynadot to identify the owner of the music streaming site, claiming that the site infringes the work of artists such as Eminem, Drake and Selena Gomez. Among other details, the registrar is ordered to share the IP-address and email address of the site’s operator.

“We believe your service is hosting the below-referenced domain name on its network. The website associated with this domain name offers files containing sound recordings which are owned by one or more of our member companies and have not been authorized for this kind of use,” the RIAA writes.


In addition, the RIAA also urges Dynadot to review whether the site violates its terms of service as a repeat infringer, which means that it should be pulled offline.

“We also ask that you consider the widespread and repeated infringing nature of the site operator(s)’ conduct, and whether the site(s)‘ activities violate your terms of service and/or your company’s repeat infringer policy.” is a relatively small site that allows user to discover, stream and download music tracks. The audio files themselves appear to be sourced from the music hosting service Audioinbox, and are not hosted on the site’s servers.

“On our website you can find links that lead to media files. These files are stored somewhere else on the internet and are not a part of this website. does not carry any responsibility for them,” the website’s operator notes.

It is unclear what the RIAA is planning to do if they obtain the personal information of the site owners. In addition to suggesting that Dynadot should disconnect the site as a repeat infringer, the music group will probably issue a warning to the site’s operator.

For now, however, Soundpiff is still up and running.

This is not the first time that the RIAA has gone after similar sites in this way. Over the past several years the group has targeted several other download and streaming sites via their registrars or Whois privacy services. Some of these have closed, but others still remain online today.

RIAA’s subpoena to Dynadot

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services.

Source: TorrentFreak

Sony Settles Piracy Lawsuit With Russia’s Facebook

vkFor several years VKontakte, or VK, has been branded as a piracy facilitator by copyright holders and even the U.S. Government.

In common with many user-generated sites, VK allows its millions of users to upload anything from movies and TV shows to their entire music collections. However, copyright holders often claim that Russia’s social network has failed to adopt proper anti-piracy measures.

Last year this resulted in a lawsuit filed at the Saint Petersburg and Leningrad Region Arbitration Court, in which Sony Music, Universal Music and Warner Music demanded countermeasures and compensation for the large scale copyright infringement VK allegedly facilitates.

The case is still ongoing, but as of this week Sony Music has dropped out. According to a local report Sony and VK signed a confidential settlement agreement to resolve the dispute.

No further details on the content of the deal have been published, but according to sources VK will upgrade its current music service.

Among other things, the social network will start charging mobile users for access to its official music platform. Desktop users will still have free access, but these views will be monetized through advertisements.

Both changes will be rolled out gradually after a thorough test phase.

The settlement with Sony Music is a breakthrough for the Russian equivalent of Facebook, but it doesn’t mean that all legal troubles are over.

The remaining cases against Universal Music and Warner Music haven’t been resolved yet. Together with Sony the companies demanded 50 million rubles ($830,000) in damages in their complaint last year, and VK is still on the hook for most of it.

Source: TorrentFreak, for the latest info on copyright, file-sharing, torrent sites and the best VPN services.

Source: TorrentFreak