this post was submitted on 12 Jan 2024
1109 points (99.0% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54716 readers
156 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] SGG@lemmy.world 132 points 10 months ago (2 children)

They don't care. It's the film industry equivalent to the Microsoft support scammers. Get a bunch of targets, spam out hundreds of thousands of threatening emails, profit off the small percent of people who fall for it.

[–] vrek@programming.dev 61 points 10 months ago (1 children)

I had a Microsoft support scammer once... I let him in to my system too..well not really.

I quickly spin up a quick fresh install of slack ware Linux in a virtual machine that didn't even have x11 never mind wine installed. When it was up I told him a friend uses something called tellynet (aka telnet but I was playing dumb) to help me on the computer.

He telnetted in and could not understand why any of his malware wasn't working...

[–] FutileRecipe@lemmy.world 28 points 10 months ago (2 children)

uses something called tellynet (aka telnet but I was playing dumb)

I wonder if he got the joke, or was a scriptkiddie who just relies on existing tools without understanding them, and thought you meant television or similar.

[–] nilloc@discuss.tchncs.de 22 points 10 months ago

They’re basically telemarketing workers with hacking tools provided by an employer. They follow scripts and click the buttons they’ve been trained to use.

I’m surprised they got in with telnet and not their usual RDP. However I’m not sure they would have gotten anywhere on a Linux box with commands that are so different, unless they were a little familiar with at least MacOS (bash or zsh based now a days).

[–] vrek@programming.dev 1 points 10 months ago

I don't know, this was back around 2007 so I don't remember his specific reaction

[–] hoshikarakitaridia@sh.itjust.works 9 points 10 months ago (1 children)

they don't care

Yes they do. They are boxed in neatly in the current laws and unless you are discussing specifics about doing a crime in the past or future, they will not get that subpoena and thus they are in a catch 22.

Now if you are actively torrenting, chances are you could run into one of those fake peers that will grab your IP and they can start suing you. But other than that they would need real good evidence to subpoena.

[–] bamboo@lemm.ee 1 points 10 months ago (1 children)

Subpoenas are tools the government uses to compel a private entity to provide information. This isn’t that though, this is one private entity asking another private entity to just give them data. It’s not a legal case, and because of our non-existant privacy regulations in the US, Reddit is free to just hand over this information, or not if they want. No crime has to even be alleged, Reddit can just hand that information out.

[–] hoshikarakitaridia@sh.itjust.works 1 points 10 months ago (1 children)

Ok yes sorry I should have specified, what you're saying might apply to the US.

What I said applies to the EU.

Thing is, companies need to know beforehand if they are dealing with a user from US or EU because they don't wanna break laws when they have to deal with the court system anyway on stuff like this. So technically they could transmit information about US citizens, but in practice this is super tricky and risky.

Let's say you got an IP. Alright you can pinpoint The location. Problem: you don't know whether you just grabbed the target IP or an IP from a VPN or a proxy. There's ways to obscure this so you might not even be able to find out. Now if you turn this over, there's a small risk you just did a crime because they are spoofing their location. And if you just captured a VPN or proxy, you are now pursuing the wrong person and in EU law this won't go over well.

So in practice there's basically no way to do this and be sure you didn't make a mistake, and mistakes in law are risky and costly. No company would ever take such a risk.

Now I could go into detail about all the technical details on why things work like that but it would make this twice as long.

TL;DR in theory you are right for US users, in practice there's no way to tell and it gets risky pretty fast.

Also obligatory IANAL and always check in with a lawyer if you need specific legal advice.

[–] bamboo@lemm.ee 1 points 10 months ago (1 children)

That’s a really interesting point, has it been tested in court? The article is about US companies and US websites so I figured EU law was irrelevant, but I am curious to see if the EU can claim jurisdiction for actions foreign companies take outside the EU, regardless of if they have any official EU presence.

[–] hoshikarakitaridia@sh.itjust.works 1 points 10 months ago* (last edited 10 months ago) (1 children)

Well I can not give you a specific case for that, but it widely accepted that online actions against users from the EU that violate laws in the EU can get persued.

Do you remember seeing some US websites saying "we don't service EU users at the moment"? That's because they didn't want to get a lawyer so they can comply with the EU GDPR back then. I assume this is because they knew there was some precedent.

If you are keen on it I can go digging for case law though.

EDIT: Nevermind I literally only had to do one Google search and here's an official link: https://gdpr.eu/compliance-checklist-us-companies/

Note that one of the headings literally says "Why US companies must comply with the GDPR" and the answer is "because it is extra-territorial in scope".

[–] bamboo@lemm.ee 1 points 10 months ago (1 children)

On that page you linked, they say “So far, the EU’s reach has not been tested, but no doubt data protection authorities are exploring their options on a case-by-case basis.” So it hasn’t really been tested yet it seems. It’s true that there are extradition treaties and interpol that aid in cross-border prosecution, but that tends to be used primarily when the alleged crime happened in the prosecuting country’s jurisdiction, or the alleged crime is handled similarly in both countries. A GDPR violation by a US company wouldn’t be considered a crime at all in the US, so it’s entirely possible that they might decline to assist in prosecution.

[–] hoshikarakitaridia@sh.itjust.works 2 points 10 months ago* (last edited 10 months ago) (1 children)

Ok you wound me up now so I had a little scouring of the internet.

Yes, I can not find case law of extradition of US based companies through US entities.

What I can find is a couple of cases against bigger companies that also act in the realm of the EU. Google has been fined in the Netherlands for global violations if I understand correctly. Meta has been fined even a few times for global violations, enforced in Ireland.

So yes, technically enforcement in the US is not guaranteed, but they basically can't build up their company in the EU anymore unless they deal with it. It's not perfect, but violations can still suck for business expansion, and that is good. and then I do have to look into the new EU data privacy laws if they changed enforcement or anything else important.

[–] bamboo@lemm.ee 2 points 10 months ago (1 children)

That makes sense. Companies with no presence in the EU can likely skirt the rules, but any large company with an EU presence will be compelled to follow them.

[–] hoshikarakitaridia@sh.itjust.works 2 points 10 months ago (1 children)

Yeah

Also genuinely thank you for making me look into this. It's nice to know how it works:D

[–] bamboo@lemm.ee 2 points 10 months ago

Glad we both leaned something :)