Vulnerability Renders MPAA/RIAA Copyright Warnings Useless

May 14, 2009

Companies like BayTSP have the honorable task of joining BitTorrent swarms and other file-sharing networks looking out for copyright infringers. When someone shares a piece of a copyrighted file with them, they log the IP-address, look up the ISP and send out a copyright infringement notice automatically.

These notices usually list details about the infringing file, the person’s IP-address and the time the infringement was recorded. In addition, BayTSP includes a link to a response form where you can indicate whether or not you will comply and remove the file from your computer.

The problem with these response forms is that they are not very secure. If you get a notice from BayTSP, someone else can easily find it through Google for example, and fake a response in your place. There is no way for them to tell who responded to the complaint unless the response originates from the IP-address linked to the infringement.

Google Copyright Warnings

notice

Perhaps even worse, anyone can send out a fake e-mail to someone claiming to be BayTSP. XSS vulnerabilities on the site make it pretty easy to fabricate fake complaints and convince innocent people that to avoid court they have to download trojans, or perhaps even enter credit card details to pay a small fine.

BayTSP told TorrentFreak that they are looking into the XSS issues, hopefully to solve the problem. They also admitted that their response forms are flawed, that everyone can indeed fill out the response form, and that they can’t be sure that the person who responded to it actually received the notice.

We concluded from this that the response form (and thus the warnings) are completely useless, but BayTSP disagreed with this assessment. “We’ll have to agree to disagree on this one,” was their final response after having exchanged some arguments back and forth.

For those people in receipt of an infringement notice it might be good to know that their case becomes closed as soon as they indicate that they have removed the infringing file from their computer. Easy as that. Those who do not comply will receive additional notices until they do so.

This post has been written by Ernesto on May 14, 2009 couresy of torrentfreak.com.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s