Good times w/ DMCA monkeys & katstorm.faith (et al.)

[df]

{direct link: cryptostorm.org/katandmouse + cryptostorm.org/katstorm}

BLAH BLAH NEW UPDATED SUPER-UPDATE:
So there's been quite a bit of back-and-forth, and we got a bit lazy about keeping this thread updated. Here's the tl;dr...

1. we currently have katstorm.faith working properly via a... clever multi-proxy thing. It's slow, and it's not https'd currently; depending on how things go, we'll adddress both of those issues & get it out of beta-jail sooner or later (probably sooner).

2. Meanwhile, we're redirecting most of the other katstorm TLD's over to our baystorm.org "officially approved" tracker proxy (which is pretty damned funny: official tracker proxies... really?), because TPB folks are alot less dick-ish than the KAT crew has been of late - if I may be so blunt.

3. There was a #3, but it's been forgotten - whoops.

More updates as soon as update-worthy stuff goes down


EVEN-MORE-LATEST UPDATE:
We're reconstructing the service using redundant domains katstorm.date and katstorm.xyz, as there's been some sort of fuckery wrt the katstorm.party domain itself (although the registrar, alpnames, seems to be doing their best to be stand-up - with the fuckery apparently coming down from the TLD organization itself). Currently both .date and .xyz just remap to this forum thread, but will be shifted over to the new site once we're ready.

Also we've written to the admins at kat.cr to see what's what, with the blockery coming from their direction. Sigh. Much block. So sad. Doge. Etc.

As to the rest of the trickery we're using to handle the cock-blockery from kat.cr... stay tuned!


LATEST UPDATE:

It appears that the admin(s) at kat.cr are actively blocking katstorm.party from connecting to kat.cr. At first I thought it was something happening on our end, but after reconfiguring katstorm to use GRE tunnels or haproxy instances running on other servers (which would cause the IP kat.cr sees katstorm coming from to be different than the IP katstorm's webserver is listening on), shortly after each attempt that exit IP would suddenly be unable to connect to any of the kat.cr IPs.

It's possible that one of our DCs is doing the blocking, but very unlikely since I tried several and they worked fine at first.

My guess is that the kat.cr admin(s) are blocking katstorm because we do a server-side thing that removes kat.cr ads for our visitors. That means kat.cr loses money because of us.... maybe?

In a short moment, we'll try to open a dialog with the admins at kat.cr to see if this is the problem, so we can get the block removed, maybe by simply allowing ads through. Dunno yet, we might just start proxying some other torrent site, or we might create our own.

I'll update this post as news becomes available.

In the mean time, if you still want to use kat.cr securely/anonymously, just get on CS first


here's the previous post...


For a long while, we were running an earlier version of our KickAss Torrents proxy on

Code: Select all

https://cryptostorm.is:8082/

and some other ports.

Since it seemed to be getting a good amount of traffic (and since the forces of censorship & media strangelhold seemed to be tightening around many of the other methods by which free access to KAT can be obtained by people seeking the ability to share digital data efficiently & cost-effectively ~ pj), we decided to replace it with a dedicated domain on a different server at katstorm.party.

At first it was running on an extra .eu server we had lying around (we usually have a few dev/test machines somewhere or other, helps when things move fast and we need extra capacity right away).

That was until this email from an anti-piracy company called comeso.org (or .de):

From: tracy@comeso.org
Dear sir or madam,

This is a notification of copyright infringement.

Ticket ID: (COMESOABUSE #5473)

We found cases of copyright infringements on the pages below:

Original Work: Session Keys Grand Y
Infringing URLs:
https://katstorm.party/e-instruments-se ... 86405.html

Original Work: Saint Seiya - Soul of Gold
Infringing URLs:
https://katstorm.party/anonimu-fansubu- ... 11888.html

Original Work: God Eater
Infringing URLs:
https://katstorm.party/horriblesubs-god ... 62544.html
https://katstorm.party/ohys-raws-god-ea ... 68073.html
https://katstorm.party/ohys-raws-god-ea ... 05371.html

Original Work: The iDOLM@STER: Cinderella Girls Second Series
Infringing URLs:
https://katstorm.party/horriblesubs-the ... 95369.html

I have a good faith belief that use of the copyrighted materials described above as allegedly infringing is not authorized by the copyright owner, its agent, or the law.
I swear, under penalty of perjury, that the information in the notification is accurate and that I am the copyright owner or am authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

I ask you to take down this content within 48 hours and I would be grateful if you could send me a short message when you have accomplished the deletion.

To which I responded:

From: df@cryptostorm.is
The website https://katstorm.party/ doesn't host any content, it's a simple proxy to the website https://kat.cr/, so we have no control over the content.
If we took down the proxy, there are hundreds of others on the internet, all easily accessible via Google.

For example:
http://kickass-download.cf/
http://freeproxy.io/o.php?u=https://kat.cr
http://thekat.tv/
http://kickassto.co/
http://katproxy.is/
http://kat.cr.prx.websiteproxy.co.uk/

If you want the copyrighted materials you described to be removed from the internet, you would have to contact the people operating https://kat.cr/

To which Comeso responded:

From: tracy@comeso.org
Not my problem. You provide access to illegal content so you are 100% responsible for your "proxy".
Also other services similar to yours are able to block content that we report.

Since I didn't feel like dealing with this nonsense anymore, I passed it off to PJ

Here's his response to the above email:

From: pj@cryptostorm.is
Herr "Tracy" -

First off, my apologies if I have chosen an inaccurate honorific in my salutation; despite reading through the growing correspondence we've received from you thus far, I see no surname and cannot but guess at the appropriate term.

While we are heartened to hear of your "good faith beliefs" in various elements of consensus reality, it is unfortunately the case that personal beliefs rarely have the force of substantive justification for claims made under the legal systems of any of the possible jurisdictions covered under the activities being discussed - or alleged - in your correspondence thus far. Put another way, it may be the case that I have a "good faith belief" that our planet's sole moon is made of a particularly pungent French cheese. Alas, that belief won't get me a shot at winning a claim for all that delicious dairy product in a legitimate court of law. Nor will it, in fact, get me much beyond pitying stares from those with a more robust connection to objective reality.

In much the same way, your claims thus far teeter precariously somewhere between childish fantasy and delusional personal pocket-universe. In crassly quotidian terms, you've provided not one whiff of forensic or objective evidence in support of these fantastical assertions of some transgression of a right under (civil) law of some party which may or may not be in any legally substantive relationship with whoever you are. One finds it often to be the case that courts do, speaking in general terms, expect to be provided with more than flights of imaginary fancy when it comes to tort claims (or jurisdictionally equivalent legal assertions).

This is the place in this process where, therefore, we respectfully request that you provide to us substantive and independently verifiable forensic data to back up the oddly faith-based statements you've produced in early messages to our staff. We assume, given that you purport to do this for a living ("this" being some form of low-rent mercenary activity putatively on behalf of some kind of intellectual property "owner" somewhere in the world), you are familiar with the standards and expectations of digital forensics in the context of provisioning of network-based resources and claims made that such resources emanate from particular physical hardware devices under the custody and/or control of specific legal entities or individual persons. Because, obviously, if you don't know what you're doing wrt forensic standards one might well wonder if there's other "oopsie" holes in your knowledge praxis when it comes to other elements of your shakedown - let's be honest and call it what it is: extortion - attempt.

Once we receive those data - and don't stress over the method used to provide them to us, as we're pretty flexible in being able to accept most any commonly-supported format, channel, method, or encoding of said data - we will do our own close review to determine if they are congruent with your claims thus far.

If they aren't, we'll review our own legal rights to seek compensatory, punitive, and whatever other damages ("karmic retribution," perhaps?) duly-constituted courts of law might consider in the case of a lame-brained digital extortion attempt gone wrong.

It's worth noting, further, that such desperate ploys for easy money (or, worse yet, censorious removal of shared cultural patrimony) generally run afoul of criminal statutes in most every jurisdiction one might choose to visit on this beautiful planet of ours. Although we're somewhat well known for our tendency to avoid wasting LEO time on such picayune matters, one nevertheless remains aware that it's entirely possible some public prosecutor or similar figure will choose to take up such a criminal case and, as the saying goes, put your snarky ass in jail for a minute or three.

So there's that.

As to what is or is not "your problem," I'd personally suggest that you are underestimating the potential scale and scope of the set of things that could well become "your problem" as time goes by. The universe we share is funny like that: merely asserting one is free of problems isn't terribly effective in magically making any such problems vanish. Or so we've been told, for what it's worth.

While Goebbels was a big fan of "blocking content," we're not so much in that particular camp. Anyone holding one's breath for that to take place is likely to find themselves short of oxygen long before we start censoring packets coming across our network because some tinpot Torquemada decides to email us about his (her?) personal fantasies and other idiosyncratic belief quanta. We just don't roll that way, yo.

With... well, not so much respect as something more like contemptuous bemusement...

~ cryptostorm's contumacious network topologist-at-large, aka "pj"

After the above email was sent off, we never heard back from "tracy@comeso.org".

A week or so passes by, then suddenly the main cryptostorm.is IP gets blocked at the router/firewall by one of our longest-duration service providers, in Europe - folks we have worked with for years and who know our ways pretty well. (this is, incidentally, why we had a hiccup of about 36 hours in automated 'tokenbot' token deliveries - with that IP nullrouted, we also lost email comms on the box... and yes we're now separating out those two systems because redundancy & minimised cross-channel attack surfaces ~ pj)

So we contact them to see what's up, turns out they just received some correspondence from the CEO (one of them) of Comeso.org, a "Jan Wilkens". (I'm not yet finished checking into this putative "CEO," but look forward to publishing the results of our inquiries shortly ~pj}

Jan's email contains basically the same complaints Tracy had about katstorm.party, but this time Jan is referring to the old KA proxy we still had running on:

Code: Select all

https://cryptostorm.is:8082

Since we've been with this particular service provider - the one housing the server on which this nullrouted IP currently lives - for quiet some time now, they didn't immediately kill the entire server, but they did firewall off the cryptostorm.is IP to prevent people from accessing whatever alleged "illegal content" was being passed through by our just-passes-along-packets proxy there. Even so, doing that also prevented everyone from accessing our main corporate website.

So I told respectfully requested of (~ pj ) this service provider that I would modify the proxy pass-through service so that it's no longer passing across KickAss Torrent content "directly," but instead it simply redirects to the dedicated katstorm.party resource that itself lives in a different IP block, at a different hosting facility, in a different country (or countries - redundancy).

That made them happy, so they brought the cryptostorm.is IP back up.

Fast forward a few more days, the katstorm.party website that at the time was living on a different .eu-based server suddenly goes down.

We contacted the colo/DC provider from which we have purchased our rights to this machine to see what's up, and it's basically the same story as what the earlier service provider did.

So I go out and buy a couple of VPSes that advertise as being the type of provider that ignores all DMCA and related complaints. We decided as a team to seek additional network infrastructure via providers that are less easily swayed by false information pushed out by these worthless media cartelbots and their various assorted henchmen, toadies, and stooges. (~ pj)

I setup nginx on both VPSes (with no logging of anything sensitive like visitor IPs), then change katstorm.party's DNS to a round robin that switches between the two, and the rest is history

For the curious, the nginx.conf that powers katstorm.party is available @ our github katstorm repository, in full detail. Who knows... it might prove handy to others who face similar challenges.

[vpnDarknet]

nslookup whoami.cryptostorm.is is returning:

connection timed out; no servers could be reached

is this related?

[df]

No, that service was running on a different server that's now also dead and has since been replaced.
Also I forgot about that service..
Lemme throw it up somewhere else... aaand done.

[BubuAnabelas]

As you've given me a VPS, I started to run, among other things, a kat.cr proxy. It's reachable at http://cryptos.date in case any user need to use it.

If you need me to run anything else just tell me and I'll try to do it ASAP!

[cryptostorm_admin]

Hello good people of kat.cr...

We write to you, here, because we're not sure what email address works or who makes up the admin team - so it's efficient to post the text here and hope we can direct your attention to it for a moment.

A week or three back, it seems pretty clear that you started blocking our katstorm.party proxy-service site to KAT. That was sort of a surprise - we figured at first it was a datacentre thing, and did some workarounds to fix that problem... only to figure out it wasn't the DC, but rather kat.cr.

We're not sure what we did to cause this, but we did notice this torrenfreak article from back in 2013. It reads, in part:

Going into some detail, the proxy operator then explained that Kickass (for unknown reasons, but possibly to save bandwidth) set their site up in a way that makes it extremely difficult to get proxies working. We didn’t get a comment on that specifically from Kickass, but they did give us an explanation as to why some proxies had stopped working.

“We have banned some proxies which were replacing ads. The only reason is that we don’t want to lose our traffic because of proxies which are not even showing our ads while they are providing additional load on our servers,” the Kickass operators explained.

So what we have here is Kickass being blocked in the UK in the first instance due to its claimed disruptive effect on the revenue models of the entertainment industries, followed by proxies being blocked for having a similar effect on the revenues Kickass. Hmmmm.

Additionally, Kickass also told us that they blocked some proxy sites for doing too well in search engine results.

“Another reason [for banning proxies] is that for some queries in Google, proxy’s pages were placed even higher than [Kickass’ results],” the site explained.

Quite why proxy sites have been outgunning the official domain in Google’s results is uncertain, but the search engine may well be down-ranking ‘pirate site’ domains as it promised the music industry it would.

We also do some flow-thru filtering of potentially dangerous content categories on all the proxy services we maintain. This began in earnest with our torstorm .onion gateway service, since security issues are absolutely top priority in that use-case scenario... and we've carried the practice forward to our torrent proxies, over the years, as well. We also maintain "cs_filters" across our private network itself, for a host of high-threat packet classes with no legitimate uses and serious security implications for members.

Which is to say, we're not stripping out ads because we're dicks - nor because we want to starve you into pernury. We do it as a matter of security policy. Yes, we stick a cheeky header on top of all proxy pages (see, for example, hacking.technology, our HackingTeam mirror) - it's not exactly heavy advertising, but at least it provides folks with "attribution" as to who runs the proxy service in question... as well as links to published source code and whatnot in public repositories, and so forth.

That seems fair; anyway, it's never been a problem with anyone else, previously. And: we've been doing various flavors of tracker proxies, in particular, for... shoot, five years or more by now. So we're not spring chickens in all this - and we've been through the wringer with DMCA bullshit in the process, more than once.

But proxy access to trackers has been an important free speech issue for years. It still is. That's why we go to the trouble to do proxies, for the community overall (not limited to only cryptostorm members, to be clear). We also make sure to do our proxies properly, so folks using them aren't being banged with malware, binary inject/wrapper nonsense, rogue 303/304/307 resource redirect corruption attacks, and so forth. Do it right, or don't do it; we've done our best to do it right.

But now we're cockblocked, repeatedly, in accessing KAT's stuff so our proxy can run. That's harshing more than a few mellows, as it were.

Let's go back to the torrentfreak article for some more info (albeit from 2013):

But despite KAT’s approach to some proxies, it is possible for them to work with others.

Drastik, the admin of PirateProxy.net, the world’s largest Pirate Bay proxy, told TorrentFreak that he had previously spoken with the KAT admins about ads and had reached an agreement.

“When my KAT proxy (katproxy.com) started getting a lot of traffic, I contacted a KAT admin and asked if I could add one banner advertisement to cover my server costs. They said that it was okay and I added that one ad. My proxy has been running fine,” he explained.

So, yeah... we're happy to talk with you good folks about any of this. We don't survive based on adverts, and indeed we don't actually run advertisements for cryptostorm anywhere (except those little cheeky header mentions, per above). It's just not how we've grown our membership base... so it's not like we're in conflict with your advertising framework, in structural terms.

We do like to make sure adverts coming through a proxy we're providing to the community aren't full of evil - which isn't to say yours were (or weren't, or aren't)... just saying so in general. Remember back when TPB was serving up all that malware in their ads? Yeah. That. That was lame. We don't pass crap like that through.

But apart from that, have your people contact our people! Help us... help you!

j/k - just drop us a note (admin@cryptostorm.is will hit the admin team), or via twitter, or whatever. We can see if we can work stuff out. That'd be good, for everyone. We think, anyhow.

Alternatively, we're sort of using the experience to learn about overcoming IP-based cockblocking and we've got some neat ideas about how to make that kind of blocking really hard. We're not trying to be contumacious in doing so - we're just curious how it plays out. You can block IPs... but there's lots of IP space out there, eh?

Final quote from the torrentfreak article:

“In the nearest future a number of official proxies will be started as well so KAT definitely will be available through its official proxies even in case of any issues with our main domain,” KAT concludes.

Maybe you just don't want solid proxy sites out there passing along KAT stuffs, whatsoever. That's fair, in terms of a desire you may (or may not) have... but the internets, being made of tubes and whatnot, might not agree that you are able to unilaterally make that choice. Information, and wanting to be free, and routing around censorship, and all that. Trite, of course - but also more or less true.

We could do some more kat-and-mouse tech trickery - which we love, and is our bread and butter (basically our R+D process, too) - or we can talk, and get things back on smooth terrain. Takes two to tango - more than two, if one of them sucks at dancing, actually - so we're ready to dance if you guys are. Terrible metaphor, but there you go.

Lastly, for now anyhow, thanks for running a seriously kick-ass tracker (sorry, had to!). We mean it - it's nicely done, top to bottom, and we offer proper respect for the work you do. We'd love to be a constructive part of the ecosystem that supports that work, however that wants to be arranged... but we need some guidance, so we can merge in with the good flows.

Tally ho,

~ cryptostorm

[Pattern_Juggled]

Perhaps this helps explain the situation more fully:

Also this unsettling situation.

[huh]

They made a post today accusing proxy hosts of having malicious code. They also mentioned "ridiculously expensive VPNs" to which I assume they don't mean CS, because $4 a month is the cheapest I've seen.

https://kat.cr/blog/post/look-mama-i-m-popular/

Sounds like they're painting broad strokes with a large brush..

[Pattern_Juggled]

While it's not entirely clear who kat.cr's admins are pointing the finger at in this recent blog post, suffice to say that the nastyware issues relating to kat.cr are not limited to "lazy" people running "unofficial" proxies or mirrors (some of which are, without doubt, totally evil and filled with nasty injections).

There's raw data already being collated in our github repo - feel free to add to it if the spirit moves you - and those data will fuel a proper forensic analysis in due course. It's... not very pretty, the picture overall.

Not the least of it is the empirically-verified tight interconnection between kat.cr and the shady, malware-laced "hide.me" VPN.

Stay tuned.

Cheers,

~ pj

[cryptostorm_admin]

After a bit of back-and-forth, it looks like the katstorm.party TLD - which we enabled last year, early on, as a core director to our KAT proxy itself - has been removed from registrar jail by Alpnames. That's good stuff.

We're still talking with them about the "use" to which we put that domain, so it's still possible they'll re-jail it. The domain was offline all winter, and... well, we even received ny detailled official explanation from Alpnames as to why it was imprisoned in the first place (if we did, and it was misfiled somehow, we apologise for that & we'll update this note with corrected info). Which wasn't good stuff.

But, well, let's leave that in the past and have hopes things improve moving forward - right? For those curious, the domain was offlined back on 1 October 2015 by Alpnames, which they told us was done at the request of the underlying TLD registry:

(insert necessary joke about the .party TLD being no party when it comes to such things, apparently)

Here's the text of our latest discussion with Alpnames, just so we can keep the community up to speed on what's what. Well, this is our reply to them; we generally don't post email communications from third parties (unless they expressly authorise us to do so), as it goes against our respect for private communications in general. In any case, Alpnames simply told us the domain was "unsuspended following [their] preliminary investigation," and asked us what our "purpose of the domain name" is going to be.

We (actually, it was pj) replied replied as follows:

Greetings -

That's good news to hear that our domain has been un-blackhoied after the passage of time since it was turned off last fall.

That domain is one of a number of mirrored TLDs that, together, at as pointers to our transparent proxy to the KAT content search engine. As a network security service, we provide a number of such dedicated transparent web proxies, with the primary goal of enabling secure access to widely-available web resources for our members. Often, alternative proxy access to such search engines come laden with aggressive - and often security-negative - advertising resources; we limit the transmission of such "badware" on the proxies we make available, thus substantially improving the security and usability of web access for our members - and for the broader online community.

(similar, but parallel, benefits accrue to our members through our "TrackerSmacker" anti-adware DNS cleansing function)

These resources are, in summary, a "give-back" we provide at no cost and for which we receive no financial benefit. But, we're believers in the "what goes around, comes around" approach to business - it's worked well for us over the years, and we are always appreciative when our vendor colleagues resonate with this approach, as well.

There's considerable detail on the technical underpnnings of this particular transparent proxy in our corresponding forum thread {which simply links to this thread ~admin} on the topic.

Meanwhile, if we can be of further assistance, please do not hesitate to let us know. Generally, it's more efficient for everyone involved when such communications takes place. That's not to say we all necessarily reach automatic agreement simply through communication; fair minds can - and do - disagree on important and complex topics. Rather, it's to acknowledge that failing to communicate rarely if ever helps move that process along in a healthy and efficient way.

With regards,

~ pj