Clickonomics: The use of Mediafire, Megaupload, Filesonic, Hotfile, Rapidgator, Rapidshare...

In January Ernesto talked about whether current “anti-piracy” measures were effective. A look at the subject in more detail from Tobias Lauinger, who tells us about his recent research.

Image: CC BY-NC-SA 2.0 Flickr: tpmartins

Tobias Lauinger is a PhD student in the Systems Security Lab at Northeastern University, Boston. In the past two years, his research has focussed on illicit activities in the One-Click File Hosting ecosystem.

The Digital Millennium Copyright Act (DCMA) already allows copyright owners to have infringing files taken down from hosting services and search engines. The Stop Online Privacy Act (SOPA) law proposal would have introduced a similar take-down scheme directed against entire web sites. But do these methods really work?

One-Click Hosters (OCHs) are web-based file hosting services. Users can upload potentially large files and obtain a unique download link in return. While OCHs such as Mediafire, Megaupload, Filesonic, Hotfile, Rapidgator, Rapidshare and several hundred others have various legitimate use cases, they are also frequently used to distribute copyrighted works without permission (“piracy”). In fact, download links for infringing files hosted on OCHs can be found on a wide range of blogs, discussion boards and other web sites, so-called indexing sites.

In the US, laws such as the Digital Millennium Copyright Act (DMCA) and the proposed – but later abandoned – Stop Online Piracy Act (SOPA) aim at combatting online piracy. Critics of these laws point to their potential for abuse as a danger to freedom of speech and question whether these laws effectively fulfil their purpose.

Measuring the visibility and effectiveness of current anti-piracy methods was the goal of our recent research. In a nutshell, we extracted download links to infringing content from 10 small and large indexing sites, and we checked for how long these files remained available on the respective OCH. We found that most infringing files remained available for rather long time periods: our data even suggests that only a surprisingly small fraction of the files were deleted due to DMCA takedown notices. The DMCA, or the way in which copyright owners were using it, was apparently not enough to render infringing content unavailable.

Analysing uploader behaviour and the structure of a few larger indexing sites, we found that there is no single indispensable actor in the OCH ecosystem. Uploaders of infringing content move to another OCH when the anti-piracy efforts of their current OCH become too restrictive. Furthermore, even shutting down a large OCH (such as Megaupload) tends to have little effect on the availability of infringing content because indexing sites often use many OCHs in parallel.

In conclusion, current anti-piracy efforts are visible, but they fail to make infringing content unavailable. So what about future anti-piracy measures? SOPA contained a takedown notice scheme to prevent “foreign US-directed sites dedicated to the theft of US property” from receiving funds or user traffic from US-based advertisement networks, payment processors and ISPs. Paradoxically, we would expect SOPA's anti-piracy tools to be most effective against OCHs, even though OCHs are probably not as problematic as most indexing sites from a legal point of view.

A recent development in this context is increased pressure from payment processors such as Paypal. In fact, most OCHs cannot accept payments through Paypal any more due to a change in Paypal's policies. If other payment processors follow the same strategy as Paypal, OCHs may be forced to intensify their own anti-piracy measures in order to maintain their capability of accepting credit card payments. The interesting observation is that this strategy closely resembles the ideas behind SOPA, but it could be realised even without SOPA's controversial takedown regime.

The current approach of economic pressure on payment processors may lead to a less profit-driven piracy ecosystem. However, it is difficult to envision that legal measures could make piracy disappear entirely in a free society. It is more likely that users will continue to have the choice between piracy and legitimate offers. Anti-piracy laws on the one hand, and the attractiveness (and availability) of legitimate offers on the other hand, will shape the mainstream user behaviour in the future. Certain levels of piracy will remain, but how much of an economic problem they represent is an entirely different question.

The full study is available online: Tobias Lauinger, Martin Szydlowski, Kaan Onarlioglu, Gilbert Wondracek, Engin Kirda, and Christopher Kruegel: Clickonomics: Determining the Effect of Anti-Piracy Measures for One-Click Hosting. It will be pesented at the 20th Annual Network and Distributed System Security Symposium (NDSS 2013) in San Diego, CA on 26 February 2013.