DMCA And Privacy: Usenet Providers Answer

The Main Guru

The Best WordPress plugins!

1. WP Reset

2. WP 301 Redirects

3. WP Force SSL

For our series on DMCA requests, and for additional information about posting and downloading privacy, we send most large providers an email with a number of questions. No distinction was made between providers with their own architecture and “resellers” who merely resell Usenet access under their own name. Most did not respond at all or simply send us a link to their website, but some responded with more detailed information. See our original email and answers provided below.

Note: While some providers had no qualms having their answers published with their name included, some requested to have all references to their companies removed.

Our Original Email

Hello,

this is … from The Load Guru.com, a new reference for anything related to Internet privacy, downloading and Usenet. We’re currently doing some research about Usenet privacy and DMCA requests. In order to make our readers better understand your policies in these matters, would you please take the time to answer to the following questions:

About downloading privacy

– Do you create logs on what your users access on Usenet, such as which articles they read and what binaries they download?

About DMCA requests

– Do you process DMCA requests, or do you follow similar regulations that apply in your jurisdiction?
– In which way do you receive these requests: Automated bots, manual requests by the copyright holders, or do you offer some kind of API or panel for right holders to contact you?
– How exactly do you handle these requests? Are they manually reviewed and acted upon, or are there some automated systems processing the requests?
– If requests are handled manually, how do you verify if a request is valid or not?
– If a DMCA request is deemed as valid, what steps do you take to act?
– Approximately how many requests to you proceed?
– Could you name the major companies or entities filing these DMCA requests?
– Have you received complaints about wrongfully deleted files? If so, how often did this happen, and what actions are then taken?

About posting / uploading

– Do you allow your customers to post to Usenet, and is this restricted to certain groups (for example, only text groups and no binary groups)?
– Do you include information about customers in the X-Trace-Header of a post that would allow third-parties to identify them? Do you include information allowing it to you to track down users?
– Is there any other way for you to trace back a post made by one of your customers to said customer?
– If so, under what circumstances and for what reasons do you trace a post back to its creator?
– Have you ever received a request by a third party, requesting information about one of your customers or to identity an individual, and for what reason did this happen (for example, for posting copyrighted material)?

We look forward to your responses, they will surely give your customers and our readers a much clearer picture of these issues. If you don’t wish your answer to be published, please include a note.

Regards,
…, The Load Guru.com

Provider Responses:

1. Ngroups.net and Usenet-News.net

About downloading privacy

– Do you create logs on what your users access on Usenet, such as which articles they read and what binaries they download?
A: We do not log anything whatsoever about our users download activities.

About DMCA requests

– Do you process DMCA requests, or do you follow similar regulations that apply in your jurisdiction?
A: We process DMCA requests, if we get any. We get very few directly, but our back end providers receive and process a lot of DMCA requests, and that affects us. (We use a hybrid back-end using multiple first-tier providers as back ends.)

– In which way do you receive these requests: Automated bots, manual requests by the copyright holders, or do you offer some kind of API or panel for rightholders to contact you?
A: In the few cases we receive them, they are manual requests by the copyright holders.

– How exactly do you handle these requests? Are they manually reviewed and acted upon, or are there some automated systems processing the requests?
A: They are manually reviewed, and then forwarded to our back-end providers for action.

– If requests are handled manually, how do you verify if a request is valid or not?
A: There isn’t one specific thing, rally, but the whole… the requests have to follow a specific format, and be accompanied by correct information, and in most cases it’s quite obvious. If there are any questions, we may ask for clarifications form the submitter.

– If a DMCA request is deemed as valid, what steps do you take to act?
A: As mentioned before, in our case we just forward it to our back-ends, for takedown. They have scripts handling it.

– Approximately how many requests to you proceed?
A: Not many, but I don’t know why any provider should have to answer that type of question.

– Could you name the major companies or entities filing these DMCA requests?
A: No. Any who would it benefit if we could?

– Have you received complaints about wrongfully deleted files? If so, how often did this happen, and what actions are then taken?
A: No. Has never happened.

About posting / uploading

– Do you allow your customers to post to Usenet, and is this restricted to certain groups (for example, only text groups and no binary groups)?
A: Yes, posting is allowed, except for test accounts.

– Do you include information about customers in the X-Trace-Header of a post that would allow third-parties to identify them? Do you include information allowing it to you to track down users?
A: No third party can find out any information about a customer from any header, but we can identify spammers or other abusers if we see a hewader. (When we receive a complaint.) We can not track what a user has posted, but if we receive a complaint about a post, we can identify which user has made that post.

That is true for any provider. Any provider who didn’t do this would quickly get de-peered by all other providers, since it would be a heaven for spammers.

– Is there any other way for you to trace back a post made by one of your customers to said customer?
A: No. We have no posting logs or anything like that. The only way is for someone to complain about a spacific post.

– If so, under what circumstances and for what reasons do you trace a post back to its creator?
A: The only reason would be if we receive abuse complaints; Spamming, or similar.

– Have you ever received a request by a third party, requesting information about one of your customers or to identity an individual, and for what reason did this happen (for example, for posting copyrighted material)?
A: No, never.

Best Regards, Goran
Usenet-News.net & Ngroups.NET

2. Provider Wishing To Remain Anonymous

Hello …,

Thanks for the inquiry. We are happy to provide answers on background, but would rather you not publish our answers in a way that identifies our organization.

Privacy

We do not log or monitor what newsgroups or articles customers access or retrieve. We have no mechanism to do so.

DMCA

Yes, we respond to DMCA requests if we receive them. We are required by law to take steps as outlined for service providers in the DMCA to respond to requests we receive.

Posting

We allow customers to request posting privileges. Posting is granted unless we have a reason to deny permission related to the customer’s previous history. Each post has a unique identifier. The identifier does not allow third parties to identify the poster. We are able to use that identifier to match an account. We have not been asked to do so. A subpoena issued by a court of competent jurisdiction would be required to do so.

Regards,
R.

3. Larger Provider, Wishing To Remain Anonymous

Hi,
Interesting questions but honestly, the answers will not differ very much between all of the providers. At any rate, these answers are for […] since you sent the questions to […] at once. If you publish my answers, please keep them anonymous.
> – Do you create logs on what your users access on Usenet, such as which articles they read and what binaries they download?
No.

> – Do you process DMCA requests, or do you follow similar regulations that apply in your jurisdiction?
Of course. No way around it.

> – In which way do you receive these requests: Automated bots, manual requests by the copyright holders, or do you offer some kind of API or panel for rightholders to contact you?
I’m not sure I know what you mean here. They send an email to the abuse addresses to be handled.

> – How exactly do you handle these requests? Are they manually reviewed and acted upon, or are there some automated systems processing the requests?
Due to weaknesses in the DMCA laws and volumes of requests it creates there is no way to manually review each and every one. This is the case for any Usenet provider. I suppose even Youtube and the likes as well, but I digress.

> – If requests are handled manually, how do you verify if a request is valid or not?
It should be expected that a request would be valid if a request is going to be filed but again, weaknesses in the DMCA law have little to no penalties for false requests.

> – If a DMCA request is deemed as valid, what steps do you take to act?
Remove the copyrighted material.

> – Approximately how many requests to you proceed?
Thousands every week, the same for all providers.

> – Could you name the major companies or entities filing these DMCA requests?
No, but Google should give a decent idea of who handles these, at least the big players, not to mention if your posts are falsely removed and
you file a counter claim you would receive this information.

> – Have you received complaints about wrongfully deleted files? If so, how often did this happen, and what actions are then taken?

Not that I have seen (but it could certainly happen), which one side could then argue, means the automated systems of the rights holders work 100%.

> – Do you allow your customers to post to Usenet, and is this restricted to certain groups (for example, only text groups and no binary groups)?
Yes, full posting privledges

> – Do you include information about customers in the X-Trace-Header of a post that would allow third-parties to identify them? Do you include information allowing it to you to track down users?
X-Trace is encrypted so it is not publicly viewable. If a provider had no way to manage posts, they would be de-peered from the network due to the posting abuse coming from them.

> – Is there any other way for you to trace back a post made by one of your customers to said customer?
No. A post has to be specifically brought to our attention before we would be able to see who posted it. We can not simply bring up all posts
made by user “xyz123”.

> – If so, under what circumstances and for what reasons do you trace a post back to its creator?
N/A

> – Have you ever received a request by a third party, requesting information about one of your customers or to identity an individual, and for what reason did this happen (for example, for posting copyrighted material)?
Posting CP (child porn)

4. Sonic-News / AnarQy

Years ago when they were talking about laws requiring retention of logs for a number of years, I went through the source code of my server
software and edited log calls that refer to any user id or ip address, to log “anonymous user” rather than identifying data. I figured that what has never existed can’t be retained or subpoenaed. I haven’t received a DMCA notice in years. I think they have figured out to only go after the big providers, who will probably not answer your survey. Or they get better results going after P2P, where they can discover the actual downloaders.

Most of the original small providers have stopped running any sort of news-server altogether, and simply resell one of the big 3. I suspect
that they keep detailed logs, and would prefer not to disclose what they know. The reseller himself would have no knowledge about what groups are selected or articles are downloaded.

You can usually tell what service a reseller is selling, by doing a traceroute on their news ip.

Etian
sonic-news.com
AnarQy.com

5. Anonymous Provider

> – Do you create logs on what your users access on Usenet, such as which  articles they read and what binaries they download?
No, not even usage statistics

> – Do you process DMCA requests, or do you follow similar regulations that apply in your jurisdiction?
No. DMCA requests are handled by our supplier XSNEWS.
> About posting / uploading

Posting is allowed to all groups. X-Trace-Header does contain info on the poster (IP+account) and we can trace posts back to the account/poster. We have never had a request to identify a poster. We did however use that info ourselves to trace back a customer of ours who made serious threats to another usenet user in a text group after a received complaint.
ps: we delete all account information when a customer does not renew their account after 30 days.
pps: we use plain text (non hashed) passwords so we cannot identify a user for 100%, identifying really stops at the account number.

6. Altopia

About downloading privacy:

– Do you create logs on what your users access on Usenet, such as which articles they read and what binaries they download?
No.

About DMCA requests:

– Do you process DMCA requests, or do you follow similar regulations that apply in your jurisdiction.
Yes.

– In which way do you receive these requests: Automated bots, manual requests by the copyright holders, or do you offer some kind of API or panel for right holders to contact you?
These days, DMCA take-downs are generally emails from what appear to be automated bots. In the past, on occasion, there have been manual requests.

– How exactly do you handle these requests? Are they manually reviewed and acted upon, or are there some automated systems processing the requests?
I manually process the emails, using some unix tools to process the message-ids into a form that can then be automatically processed.

– If requests are handled manually, how do you verify if a request is valid or not?
I don’t have a way to really verify the bots.

– If a DMCA request is deemed as valid, what steps do you take to act?
The message is made unavailable to customers. When a customer tries to pull the message, the body of the message is replaced with: “The body of this message has been withheld for reasons of a civil law nature.”

– Approximately how many requests to you proceed?
Millions of messages per week.

– Could you name the major companies or entities filing these DMCA requests?
Entura International LTD, Morganelli Group, NBC Universal

– Have you received complaints about wrongfully deleted files? If so, how often did this happen, and what actions are then taken?
Not yet, as far as I recall. I’m not sure. I’d have to consult my lawyer and get recommendations.

About posting / uploading

– Do you allow your customers to post to Usenet, and is this restricted to certain groups (for example, only text groups and no binary groups)?
We allow posting to all groups. Our FAQ has additional information on this subject:  https://www.altopia.com/polfaq.html

– Do you include information about customers in the X-Trace-Header of a post that would allow third-parties to identify them? Do you include information allowing it to you to track down users?
No.

– Is there any other way for you to trace back a post made by one of your customers to said customer?
No. We use just the message-id. 

The message-id to poster information is kept for 30 days. It is automatically expired unless we receive a request to archive evidence of who posted a particular message.


– If so, under what circumstances and for what reasons do you trace a post back to its creator?
Summons by law enforcement (tends to be for child porn), or subpoena. In the case of a civil subpoena, we generally give the poster the opportunity to quash. Law enforcement tends to tell us know to disclose but in recent years service providers have begun challenging that, so that may be changing. It has been almost 5 years since our last summons or subpoena.

– Have you ever received a request by a third party, requesting information about one of your customers or to identity an individual, and for what reason did this happen (for example, for posting copyrighted material)?
Yes. Child porn investigations by law enforcement. Civil matters tend to be copyright violation accusations or libel/defamation issues. In the last libel/defamation-type issue, we worked with the EFF to ensure the poster’s rights were respected.

(…)

Happy to answer any other questions. Chris Caputo Chief Geek, Altopia Corporation

Table of Content