news.buyenne.com

Since 1997, the Tonga Network Information Center (Tonic) has been responsible for the .to top-level domain

This country-specific extension is linked to the Kingdom of Tonga but the Tonic registry is incorporated in the United States and operating from the California city of Burlingame.

Compared to more than 160 million .com registrations, use of .to is relatively modest with just over 60,000. Interestingly, however, .to domain names appear to be somewhat of a magnet for pirate site operators.

This unusual attraction is a thorn in the side of rightsholders. Earlier this month, the MPA listed the registry in its overview of notorious piracy markets submitted to the U.S. Government, highlighting Tonic’s alleged inaction over piracy-related issues.

Warezio Sees Tonic as a Piracy Haven

Today, the .to registry is again at the center of a complaint. The Czech anti-piracy firm Warezio, which works on behalf of many local rightsholders, wrote a letter to the Internet Corporation for Assigned Names and Numbers (ICANN), urging it to take action, or else.

“As an anti-piracy company, we frequently encounter .to domains in our enforcement activities, which has given us firsthand insight into the registry’s problematic practices. This is not a coincidence but a direct result of the registry’s operational approach that prioritizes anonymity over accountability,” Warezio writes.

Warezio’s letter complains that the Tonic registry lacks basic transparency and accountability mechanisms. For example, there is no public Whois database and no formal terms and conditions for domain owners, which frustrates anti-piracy actions.

Fundamental deficiencies

The letter adds that the .to registry also lacks a dispute-resolution mechanism, does not publish sufficient contact information, and fails to comply with European privacy legislation.

Warezio Threatens ICANN with Legal Action

While complaints about Tonic are not new, Warezio addresses ICANN directly and suggests that the organization can be held legally responsible under the Czech Republic’s unfair competition law.

Warezio argues that by “knowingly tolerating a registry operator that facilitates unlawful commercial activities,” ICANN risks being regarded as an “auxiliary participant” in the alleged unfair competition that takes place through the .to domain ecosystem.

“Should ICANN continue to remain inactive despite having been duly informed of these facts, it would expose itself to potential legal actions for unfair competition before the competent Czech courts,” Warezio writes.

“Such proceedings could seek injunctive relief, corrective measures, and compensation for the ongoing market distortion and harm suffered by Czech rights holders and legitimate businesses.”

Threat and call to action

Warezio calls on ICANN to require domain registry operators to provide Whois data and take additional measures to guarantee transparency and accountability. This applies to Tonic, but also more generally to other registries that have similar shortcomings.

“The internet community deserves domain registries that balance legitimate privacy concerns with the need for accountability and legal compliance. We trust that ICANN will take swift and decisive action to address these critical issues.”

The anti-piracy outfit demands a response within seven days. If no action is taken, it reserves the right to follow up on the unfair competition claims.

ICANN’s Limited Authority Over ccTLDs

ICANN has yet to respond to the letter, but Warezio’s allegations appear to go beyond how the organization sees its own role in the domain name ecosystem.

Warezio wants ICANN to enforce new standards on the .to registry but ICANN has repeatedly stated that it lacks the authority to do so. According to ICANN, its compliance department “does not have contract authority to take compliance action against ccTLD operators.”

ICANN has significant influence over generic top-level domains (gTLDs), such as .com and .net, accrediting registrars and overseeing relevant policies for these domains. In contrast, country-code top-level domains (ccTLDs) operate differently.

These ccTLDs and their registries operate under local laws and regulations. This also applies to the implementation of policies concerning Whois requirements and domain name disputes.

“The ccTLD policies regarding registration, accreditation of registrars and Whois are managed according to the relevant oversight and governance mechanisms within the country, with no role for ICANN’s Compliance department in these areas,” ICANN writes.

Notably, the anti-piracy outfit is not threatening to take legal action against Tonic directly. At least, there is no mention of any direct threats against the registry or Tonga’s authorities.

Instead, Warezio’s letter appears to challenge ICANN’s policy, suggesting that it can be held liable for ccTLD-related issues under the Czech Republic’s unfair competition law. Whether this approach will work is unclear, but if it results in a legal battle, that would certainly be one to watch.

—

A copy of the letter, sent by Warezio’s CEO Jakub Hájek to ICANN’s legal department, is available here (pdf). This also includes more detail on a potential claim against ICANN.

From: TF, for the latest news on copyright battles, piracy and more.

Over the years, we’ve witnessed dozens of anti-piracy campaigns. Despite these efforts, reported piracy rates appear to increase, seemingly undeterred.

Research has indicated that piracy is a complex phenomenon that’s not always easy to grasp. However, understanding the motivations of pirates can be key to changing their behavior, new research suggests.

Piracy Study: Social Risks & Norms

An academic study recently published in Frontiers in Behavioral Economics, explores the social drivers of digital piracy, focusing on gender differences. The research, conducted by Kate M. Whitman and Joe Cox, looked at how perceptions of social norms and risks can impact people’s intention to pirate.

The rising tide of piracy

The researchers tackled the issue from two different angles, using an online survey of 684 participants.

First, they looked for a link between participants’ personal feelings and their past piracy consumption. They then checked if this was linked to people’s perceived “social risk,” including concerns that pirating would make them look cheap or unethical.

For the second angle, the researchers tested if they could change people’s minds about their future behavior. The respondents had to guess how common piracy is, and some of them were then shown the real piracy rate, taken from a large UK government survey.

This setup effectively created two experimental groups. One was explicitly told that their estimate of the piracy rate among their peers was “too high”, while the others were informed that theirs was “too low”. Finally, a control group received no comparison message at all.

Men Pirate More

The results of the study confirm the existing perceptions on gender differences. Men use pirate sources more often when they consume music or live sports, which are the two content categories addressed in the research.

In the music category, the rate was 3% for women versus 7% for men. The gender gap was even more pronounced for live sports, where men say that 21% of their consumption comes from pirate sources, compared to 8% for women.

“These results show that even when controlling for legal demand, men tend to pirate more than women. They also show that live sport consumers derive more of their consumption from illegal sources than music consumers,” the researchers conclude.

“Social Risk” & The Fear of Looking “Cheap”

The study also examined the link between perceived social risk and piracy. This was measured by asking to what degree friends and family would think the respondent was “unethical,” a “criminal,” or “couldn’t afford legal content” if they knew they pirated.

The perceived social risk score was not correlated with music piracy for men and women. Whether they pirated a lot or barely at all was not linked to these social drawbacks.

For live sports piracy, however, higher perceived social risk was associated with a lower piracy rate, particularly among men. While this is a correlational finding, the researchers suggest that it may be due to male sports culture.

“This aligns with masculine norms that emphasize status, independence, and financial competence, especially within male-dominated, group-oriented social contexts like sports fandom.

“In these settings, the reputational cost of appearing “cheap” or socially deviant may be particularly salient,” the researchers add.

Appearing cheap

Experiment: Piracy Statistics Can Backfire

The second part of the study was an experiment. It examined whether explicitly pointing out that people over- or underestimate the piracy statistics of their peers, would change their intention to pirate in the future. This led to some key results.

Those who overestimated the official Government data, thinking that piracy was more common among their peers, did not change their future piracy plans. That was true for both men and women.

Intriguingly, however, men who had underestimated how common piracy was increased their willingness to pirate in the future after they were informed that piracy is more prevalent than they thought. On women, this had little effect.

This means that campaigns, studies, and other reports that highlight how widespread piracy is, can actually backfire. Some men may see this as a justification to pirate more themselves.

“These findings highlight the risks of campaigns that emphasize how common piracy is, particularly among men, without considering how such information may inadvertently normalize and license the behavior,” the researchers write.

Limitations and Future Research

While these findings are new and noteworthy, this type of research, which relies on self-reported intentions and behavior, always comes with caveats. The authors of the paper realize this and mention it as one of the limitations.

For example, the social risk questions were asked before participants reported their past piracy behavior. This may have primed participants, influencing their own piracy score.

While not directly mentioned in the paper, the experimental part of the study could also be impacted. By putting participants in a “social risk” mindset, it may have influenced how they estimated peer piracy rates, systematically affecting who was placed in the “underestimator” and “overestimator” groups.

All in all, the study presents a clear takeaway for anti-piracy organizations. For decades, campaigns have focused on highlighting the massive scale of the piracy problem, but this research suggests that revealing how common piracy is could actually backfire.

—

Whitman KM and Cox J (2025) The rising tide of piracy: the influence of social roles, risks and norms on illegal consumption. Front. Behav. Econ. 4:1631329. doi: 10.3389/frbhe.2025.1631329

From: TF, for the latest news on copyright battles, piracy and more.

In October 2020, the RIAA filed a DMCA takedown notice at GitHub targeting ubiquitous YouTube ripping tool, youtube-dl.

“The clear purpose of this source code is to (i) circumvent the technological protection measures used by authorized streaming services such as YouTube, and (ii) reproduce and distribute music videos and sound recordings owned by our member companies without authorization for such use,” the notice declared.

Significant uproar ensued and the youtube-dl repo was subsequently reinstated. For Johnathan Nader, the operator of YouTube-ripping platform Yout.com, the event triggered a five-year legal battle with the RIAA that continues to this day.

Declaration of Non-Infringement

The dispute began in 2019 when the RIAA sent DMCA anti-circumvention notices to Google, claiming that Yout “circumvents YouTube’s rolling cipher, a technical protection measure, that protects our members’ works on YouTube from unauthorized copying/downloading.”

The allegations caused Google to delist Yout.com URLs from search, but Nader strongly believed that he’d done nothing wrong under the law. He decided to sue the RIAA with the primary goal of convincing the court to declare Yout.com non-infringing.

In late 2022, Judge Stefan Underhill concluded that Yout had failed to show that it doesn’t circumvent YouTube’s technological measures.

I agree with the RIAA that Yout’s circumvention entails bypassing YouTube’s technological measures and modifying YouTube’s ‘signature value’ to facilitate unauthorized access to a downloadable digital copy.

Because that bypass and modification constitute a ‘process,’ I conclude that Yout does not plausibly allege that it does not circumvent the YouTube TPM, within the meaning of section 1201(a).

The RIAA thanked the court. Nader filed an appeal to bring the issues before the Court of Appeals for the Second Circuit.

Concerns Mount Over District Court’s Decision

Heading towards a hearing at the Court of Appeals, an amicus brief from GitHub warned that the lower court’s order was too broad, exposed software developers to criminal liability, and as a consequence would chill innovation. The EFF highlighted the benefits of similar software, describing the expansion of Section 1201 liability as “unwarranted”.

Both called for the lower court’s decision to be reversed. The Copyright Alliance warned that a reversal would devastate “numerous business models.”

A hearing at the Court of Appeals early 2024 further highlighted the entrenched positions of the parties, while a series of important questions for YouTube served to address the elephant in the room. Or rather its complete absence. One of the judges commented that certain key issues “could be easily solved” with some informed input.

“But right now, YouTube’s staying out of [the case] and we’re kind of guessing,” he said.

Major Labels Sue AI Startups Suno and Udio

During the summer of 2024, members of the RIAA including UMG Recordings, Capitol Records, Sony Music Entertainment, Atlantic Records and Warner Records, sued AI music generators Suno and Udio in separate but almost identical lawsuits that accused both of “trampling on copyright.”

According to the complaints, the defendants “copied decades worth of the world’s most popular sound recordings” and then ingested those copies into AI models to generate outputs that “imitate the qualities of genuine human sound recordings” for the purpose of generating profit.

Almost 16 months later, there’s no dispute that both companies trained their AI on huge quantities of music. That the companies acquired that music without first obtaining permission is clearly unacceptable to the RIAA. However, since Suno and Udio are relying on a fair use defense, permission isn’t technically required. Recent rulings in other AI cases have affirmed fair use albeit under tight, case-specific details.

In Bartz v. Anthropic PBC and Kadrey v. Meta Platforms, Inc., the defendants argued that use of the plaintiffs’ copyrighted works to train generative AI models (Claude and LLaMa respectively), constituted fair use. The court affirmed fair use in Anthropic’s case, describing the use as “exceedingly transformative.”

In Kadrey v. Meta, the court said that while a transformative use carries weight, the extent to which Meta’s use impacted the market for the original works was more important. No evidence of harm was presented, so Meta’s fair use was affirmed but to an extent, albeit only by default.

Suno and Udio will need every possible break, because the RIAA isn’t conceding an inch. A recent move in both cases goes further still with an attempt to critically undermine their fair use defense.

Millions of Tracks Obtained From YouTube

Recent filings in connection with the labels’ first amended complaints in the Suno and Udio lawsuits claim to identify the main source of music and the method used by the companies to obtain it for training purposes. This establishes a direct link to the substance of the Yout vs. RIAA appeal.

“[M]any (if not all) of the copyrighted sound recordings in [Suno’s] training data [were acquired] by illicitly downloading them from YouTube using a notorious method of music piracy known as ‘stream ripping,’” the labels claim.

In line with the arguments used to convince the district court in the Yout matter, they state that stream-ripping is illegal due to circumvention of YouTube’s technological measures.

Suno’s unauthorized extraction, copying, and storage of Plaintiffs’ Copyrighted Recordings from YouTube for use in its training data was accomplished by Suno’s unlawful circumvention of YouTube’s rolling cipher and any other technological measures YouTube may have implemented to prevent the downloading and copying of licensed content.

Suno’s actions constitute a breach of the Copyright Act’s anti-circumvention provisions, which state, among other things, that “[n]o person shall circumvent a technological measure that effectively controls access to a work protected under this title.” 17 U.S.C. § 1201(a)(1)(A)

Their sudden interest in the Yout v. RIAA matter indicates the AI startups are leaving nothing to chance. There are no parallel claims of fair use in the Yout dispute, and for good reason. However, when viewed from a fair use perspective, a whole new landscape emerges in a five-year-old case in which seemingly every detail has already been debated to exhaustion.

Suno and Udio File Amicus Brief in Yout vs. RIAA

Suno and Udio filed their brief earlier this week. Their statement of interest in the case reads as follows:

“Both Amici assert that their use of pre-existing recordings to develop statistical insights about music, in the service of generating altogether new music, is a fair use under section 107 of the Copyright Act. The order on appeal is not about fair use. But Amici have an interest in this appeal because the ruling below jeopardizes the fair use doctrine by misconstruing the anti-circumvention provisions of section 1201 of the Digital Millennium Copyright Act (‘DMCA’).”

The brief states that Section 1201 governs the circumvention of technological measures, noting that Congress did not provide for a fair use defense under Section 1201. The brief contends that Congress took a different approach to accommodate fair use, and while not determinative in Yout’s case, is nevertheless critical for fair use.

Access Controls vs Copy Controls

According to the brief, Congress harmonized Section 1201 with fair use by establishing a clear distinction between two types of technological protection measures, summarized as follows:

1. Access Controls (§ 1201(a)): These measures control access to a copyrighted work. The startups state that the DMCA prohibits circumvention of access controls.

Conclusion: If a technological measure is an access control, the act of circumvention is presumptively unlawful.

2. Copy Controls (§ 1201(b)): These measures protect a copyright owner’s rights, such as preventing unauthorized copies. Congress did not prohibit the act of circumvention of copy controls. This asymmetry was intentional and designed to protect fair use. Prohibiting circumvention of copy controls would essentially allow copyright owners to block lawful fair uses of already accessible works.

Conclusion: If the technological measure is a copy control, the act of circumvention is perfectly lawful.

Herein lies the problem. ‘Copy Controls’ exist to prevent unauthorized copying, yet copying is permitted under fair use. If circumvention had been totally prohibited, copyright owners would’ve been gifted the de facto right to prohibit fair use.

That didn’t happen, as the brief explains.

US Copyright Office / Summary of statutory structure

“So while Congress enacted a prohibition on the provision of devices designed to circumvent copy controls, it declined to prohibit the act of circumventing those controls, so that it would not effectively impose liability on fair users.”

The Measure Under Review in Yout vs. RIAA is a Copy Control

According to the RIAA’s DMCA takedown notices against Yout, the purpose of the measure under review in the Yout matter is to “protect . . .works on YouTube from unauthorized copying/downloading.”

“That makes it a copy control, i.e., a “technological measure that prevents copying..[]..It is not an access control,” the brief states.

Suno and Udio note that the lower court’s ruling failed to recognize the importance of the Access Control/Copy Control distinction, or that the distinction exists to protect fair uses. In fact, the court declined to consider the Copy Control provision and went on to erroneously conclude that YouTube’s download prevention mechanism is an Access Control.

Implications Beyond Yout

The distinction between access controls and copy controls is unlikely to affect Yout’s mission to obtain a declaration of non-infringement. Yout was primarily accused of trafficking in a circumvention device/service and the DMCA’s anti-trafficking provisions apply equally to technology designed to circumvent access controls (s1201(a)(2)) and copy controls (s1201(b)(1)).

If the lower court’s decision is allowed to stand, Suno and Udio could be in trouble. Last Friday, lawyers for Suno described the RIAA’s addition of illegal stream-ripping allegations to their lawsuit as “a gambit to try to evade application of the fair use doctrine to Suno’s technology development process.”

In short, a denial of the companies’ chosen defense won’t just be a loss for Yout; it could also provide the RIAA with a powerful blueprint for dismantling the fair use arguments that are at the center of AI fair use lawsuits.

The Suno and Udio amicus brief, which was accepted by the court on Friday, is available here (pdf)

From: TF, for the latest news on copyright battles, piracy and more.

In 2021, German Internet providers agreed to voluntarily block structurally infringing pirate sites.

The ISPs teamed up with rightsholder groups and launched the “Clearing Body for Copyright on the Internet” (CUII), which became responsible for handing down blocking ‘decisions’.

In June, signatories to the blocking agreement amended their code of conduct, which fundamentally changed how CUII operates. Going forward, all blocking action will take place after a court orders at least one Internet provider to block a website. While the addition of judicial oversight is laudable, transparency remains lacking.

Fitgirl Repacks, RPG Only, and Anna’s Archive

In late August, many people noticed that the popular game piracy site FitGirl Repacks was unavailable through many German ISPs. The blocking action had all the hallmarks of an official blockade, but there was no mention of a new order on the CUII website.

The same was true for RPG Only, which was blocked last month, again without an official notice at the time. This pattern repeated itself a few weeks later, when shadow library Anna’s Archive was presumably added to the German blocklist.

These ‘surprise’ blockades were discussed on social media, attracting attention from German news site Tarnkappe. However, all this time there was no official confirmation from CUII, the organization responsible for coordinating blocking efforts across ISPs and transparently informing the public.

Needless to say, this lack of communication doesn’t make it easier for the public to follow these developments. It also makes it harder for the press to accurately explain what is going on.

Transparency on Demand

Last week, there appeared to be some movement in the transparency process as CUII published official confirmation on the RPG Only blockade. It confirmed that DNS blocking was implemented following an order by the Cologne court, which deemed the site to be structurally infringing.

There is no mention of the complaining rightsholder, but the German game industry group is a member of CUII, so that’s a likely candidate.

While researching the matter, we looked for official confirmation on the FitGirl and Anna’s Archive blocks, but nothing appeared. At least, not until we asked.

We asked CUII for clarification on September 30 and the next day, official confirmation of the FitGirl and Anna’s Archive blockades was published on the CUII website.

CUII’s spokesperson, subsequently responded to our questions. She confirmed that the Anna’s Archive blockade is based on an order from the Cologne Regional Court. The block against FitGirl Repacks, however, predates the updated agreement and was implemented based on a decision from CUII’s own panel.

While the documents themselves are dated earlier, our observation of CUII’s website shows the notice for RPG Only was published on September 24. The confirmations for FitGirl and Anna’s Archive only appeared on October 1, the day after our inquiry.

Not tipping Off Pirate Site Operators

In the case of the FitGirl blockade, the official announcement comes more than three months after the order was signed, which is a rather long delay.

After requesting an explanation for this delay, CUII’s spokesperson clarified that their goal is to “ensure the greatest possible transparency,” but that its orders are only published after all participating ISPs have implemented the blocks.

According to CUII, they do this for two reasons. First, to ensure that the public documentation accurately reflects the real-world status of the blockade. Secondly, it’s a tactical measure to prevent site operators from learning about a block before all of their domains are rendered inaccessible.

While these procedural and strategic reasons explain the delay, the effect on the public remains the same: a period of uncertainty where blocks are active without any official, public confirmation.

Opaque Transparency

The delay between the implementation of the blockades and CUII’s official publication is not the only point of frustration. Transparency is rather limited too, as the names of the parties involved, including the rightsholders and the targeted domain names, are all shielded from the public.

The underlying court orders are often anonymized as well, which is typical in Germany. Moreover, these orders are not made publicly available.

The website of the Regional Court in Cologne explains that interested parties can request a copy at NRWE, which we did last week. On Monday, NRWE informed us that they don’t have a copy, redirecting our inquiry back to the court. Since then, we haven’t heard anything new.

Opaque transparency is not very useful, to say the least. Ideally, blocking schemes should publish a full list of all currently blocked domain names so outsiders can scrutinize the measures and correct errors, which do happen.

Amidst all the opacity, there remains a glimmer of transparency. A German student previously launched CUIIListe, a monitoring portal where all blocked domain names are monitored. This homebrew transparency portal picks up blocked domains long before they are confirmed by CUII.

From: TF, for the latest news on copyright battles, piracy and more.