Jump to content

DMCA Notices for downloading .TORRENT files. Is BTJunkie wiretapped?


Recommended Posts

I would like to alert the community to the latest unethical practice of the Media Mafia.

I just received two DMCA takedown notices, my first ever. Ironically, neither was for a file I actually downloaded - not that I ever do, of course. Both notices were generated by downloading only a .torrent file. The first was an accident - I was trying to expand the torrent info on something on BTJunkie and hit the download arrow instead of the plus sign. I didn't want the item and discarded the .torrent file. A couple of days later, bam, DMCA notice. I didn't download a single byte of that media file. It was never opened in uTorrent or any other client so it could never have appeared on a tracker. It was never served on my network.

I decided to test this yesterday and went to BTJunkie again and selected a file type I an unable to use, downloaded the torrent file, then deleted it. I made absolutely sure that it did not open and that no extraneous traffic left the machine. Next day, bam, another takedown notice. Here are some details from the notice:

Initial Infringement Timestamp: 19 Jul 2010 19:17:23 GMT

Recent Infringement Timestamp: 19 Jul 2010 19:17:23 GMT

Infringers IP Address:

Protocol: BitTorrent

Infringed Work: Random Unusable Item

Infringing File Name: Some Random File

Infringing File Size: 445644343

Port ID: 0

Note that there is zero duration and no network port listed. The "infringed" work was never shared or downloaded. No torrent client was running and no client started due to the .torrent file download. I had Wireshark running for the entire session and nothing happened that wasn't suppose to happen.

The most likely way to have generated that notice is for someone to have intercepted the HTTP download of the .torrent file. This would require either my ISP, BTJunkie's ISP, or BTJunkie themselves to be monitoring HTTP downloads of torrent files. My ISP says they had nothing to do with it, and I tend to believe them. That leaves two primary suspects.

So be forewarned, someone highly unethical is up to no good, at least on BTJunkie. I haven't tested anything other torrent site.

There is one other other thing I noticed and that is that the BTJunkie site has started keeping a list on your computer of all the torrent files you have downloaded from them. They store them in a cookie named history and display them under a link titled: "n unreported torrents" on the page. I suppose that could set you up for a cross site attack, but that would be a lot harder to do, unless BTJunkie has been turned to the dark side.

Why are they still up, anyway? No one seems to be suing them. Could they be a false flag operation?

I would be interested to know if anyone else has received these bogus notices.

Link to comment
Share on other sites

I got them the usual way; via email from my ISP.

I downloaded only (dot) .TORRENT files from BTJunkie. No movies, no music, no media of any kind. Not a single byte. The .TORRENT files were never opened. My IP never appeared on a tracker. Someone intercepted the HTTP downloads of the .TORRENT files from the BTJunkie web site and used that information to file DMCA takedown notices.

The long and short of it is that either: (in order of probability)

a. BTJunkie's ISP is acting as an agent of the MPAA

b. BtJunkie is acting as an agent of the MPAA.

c. My ISP is acting as an agent of the MPAA

It is highly unlikely that my ISP was involved. I am in a business relationship with them and could sue their a55es off for making perjured claims, maybe even put someone in jail. This is also costing them time and effort - they have no motive to do this.

I want to know why BTJunkie has not been sued out of existence by the MPAA. Everyone else has, why not them? Why do they not have forums? Who runs it? What is their business model? It has no ads, it sells nothing, so how the he!! does it stay in business? Who is paying their bills?

If there are no logical answers to those questions, then you have to at least consider the possibility that the site is being run by the enemy to collect information about P2P users.

Link to comment
Share on other sites

No-one's ISPs are. The MPAA doesn't have the power to either. only the copyright holder or their legally appointed agent can make a DMCA notification. Also, downloading a torrent file, the copyright of the .torrent belongs to the person that created it, so if you did not actually download any of the torrented data, you're fine, and youhave a clear counter-claim.

You sent me an email just now Merk, so I'll discuss the rest through there

Link to comment
Share on other sites

I agree, ISP's aren't allowed to do these kinds of things. There was no infringement in any case, and no intent to infringe. One instance was a fat finger error, the other was a deliberate test with no intent to download anything other than the .torrent file.

What happened here is that someone unwisely tipped their hand and exposed a technical capability that should have been preserved for more appropriate use. I presume that management was involved. I've seen that before.

I am not worried about my exposure or I would not have posted. I analyzed the situation and decided to make it public. If the owners of the BTJunkie site want to come forward, tell us who they are and what they are doing, then we may regain some confidence in them. If not, we have to assume that they are working for the other side until proven otherwise.

Link to comment
Share on other sites

Some torrents are tagged by certain isp.....i.e. Cox....they will block your internet until you delete the downloaded torrent. I've found some watched torrents on pirate bay as well, these sites have went down hill lately anyways. The site i go for most of my torrents now is...Demonoid and their private tracker.

Link to comment
Share on other sites

Switek:: "Just downloading the .torrent file but never starting it in a BitTorrent client triggered the DMCA notice?"

Absolutely. Someone is in the path sniffing HTTP downloads of .torrent files. It is apparently operating against a keyword list because the first one shared a title with a newer release from a major studio, but the file referenced was from the early 50's. It was a very old torrent with only a handful of peers. It isn't likely anyone was watching that specific torrent. They were looking for the newer release featuring a prominent scientologist.

The second file was chosen by its placement on the top-30 list, and its lack of usability for me. I assumed it would be watched, and it was.

Link to comment
Share on other sites

no you can't, because there has been no invasion of privacy. they are not monitoring you.

A company has observed the ip one way or another, and then sent a letter to the isp to be forwarded to the user that had the IP. No invasion of privacy, and in fact, this is the way that KEEPS it.

Link to comment
Share on other sites


They have embedded an HREF on the page that points to http://btjunkie.org/?do=report. This only comes up if you have a cookie from their site named "history". The cookie itself contains only a 32-byte hex number (a GUID?) that is sent up to their site during the session setup. If you run the report it passes your cookies back up to the site and runs the report there, sending back a list of all the torrent files you have downloaded.

The information about the torrents is NOT stored anywhere on your computer. It is stored on the BTJunkie site. I made absolutely sure it was not coming from anywhere on the machine.

This could be a real problem if they are ever subpoenaed by the media mafia, or if they are the media mafia.

Given the threat environment why would anyone NOT trying to harm users collect and store such a treasure trove of information of such great interest to the media mafia?

Not to belabor the point - but who exactly pays their bills? I see no real revenue generators on the site, no donation buttons, no mention of who they are and what keeps them running. High bandwidth web sites backed by huge, highly available databases are extremely expensive to run. Are they altruists, or have they been taken over or co-opted by the MPAA/RIAA cabal?

Even if you delete that cookie the data on their site will still be there. If they store an IP and a time stamp along with the torrent metadata they have everything the MM needs to go after their users.

If you want to mess up their data, open up your Firefox cookies database in SQLITE and insert some random hex data into the value field. This will fragment their data sets and make reconstruction more difficult, but not impossible. They will reset the cookie at some point and start tracking again but the earlier torrents will be in a different record set.

> sqlite3 cookies.sqlite

sqlite> update moz_cookies set value = '00000000000000000000000000000000' where host like '%btjunkie%' and name = 'history';

I haven't seen them put a cookie into IE yet - it may be that they are concentrating on FF. If they also do IE, the cookie should be a text file in the Cookies folder and you can do the same thing to it by altering the hex value in the history cookie. Google for "random hex generator" - there are a number of sites that create random hex strings. That would be better than using all zeros or something else easily detected, just grab 32 bytes (characters) of random hex and stuff it into the cookie.

This unreported torrents feature may be an innocent attempt to add value to their site, or it may be hostile. If the former, it is an incredibly clueless thing to do, if the latter, it should be countered by every means possible.

Link to comment
Share on other sites

But if all they have observed is a transfer of a torrent file (clearly not the files in question), Can they even legally require your ISP to forward that email to you, They don't even have proof you're using it. Sounds to me like they're hoping for a response in order to get a real name to try to pin something to.

It's like me sending a takedown notice to everyone who reads this line. Claiming they downloaded the text in order to post it somewhere.

I have absolutely no way of finding out it's been posted somewhere else until it is. Until then they take-down notice along with the legal requirement to have it passed on by the ISP is void. And because they made the takedown notice without proof of it ever being posted, by the time it is they're gonna need a new notice anyways cause it won't have been referring to the same thing.

Just noticed something, on that last link (http://btjunkie.org/?do=report.) there are options to disabling logging and to clear the log, I'm curious if the torrents in question are on that log on your end and what happens when you clear it. Maybe they just found a way to check all these logs somehow, or even check the logs on each individual torrent. In which case the site should be notified of their security flaw.

However it's happening I'm changing my hosts file immediately to make sure I never end up there again.

Link to comment
Share on other sites

I'm not at all worried about the notices. They were perjured. My ISP insulated me from them and they are now aware that the notices were bogus and are checking for indications of that in the future. Whoever submitted them (and I don't know who) has lost any credibility they ever had with my ISP.

What I am worried about is that BTJUNKIE is storing data like this. Data never really gets deleted. There are backups, transaction logs, and copies of the copies of every bit of data you ever collect. In fact, most DBA's never actually delete data, they just add a flag field to the table that marks a row as deleted so it does not display. The data itself stays and is available to anyone who can get to it, by hacking or by suing.

I don't know how the notices happened. They could have been the result of traffic sniffing, hacking into the BTJUNKIE database (if they store IP's and times), or something else I haven't thought of.

What it tells me is that we are entering into an aggressive new phase. I think we can look forward to the emergence of bounty hunters (see http://forum.utorrent.com/viewtopic.php?id=81164) and fast-buck sleazebag operators of every type, including some with law degrees who are looking for something that requires less effort than ambulance chasing.

We need something better than BT, something less traceable. Or maybe something better than the Internet, like a massive expansion of the TOR network or something like it. A Darknet.

Link to comment
Share on other sites

You can disable the reporting history by clicking on disable! The session IDs are not linked to your IP address and according to their privacy policy, they don't store IP addresses at all. Also download history is automatically removed when it gets so old.

Merkwurdigliebe may want to put down the pipe and take off the tin foil hat!

Link to comment
Share on other sites

Just because you are paranoid doesn't mean they aren't out to get you. The only responsible thing to do in this era of multi-million dollar infringement lawsuits is not to collect such data in the first place. It is ridiculously dangerous.

And sorry, I don't smoke (anything) and the hat is a professional requirement.

"BTJunkie.org is committed to protecting your privacy. BTJunkie.org does not sell, trade or rent your personal information to other companies. BTJunkie.org will not collect any personal information about you except when you specifically and knowingly provide such information."

That leaves a heck of a lot of wiggle room. Doesn't say a word about not turning it over to the MPAA, does it? Doesn't say anything about not giving it away either.

If you don't know that you are specifically providing your IP address to a web site when you access it, then perhaps you don't know too much about how the web works. Every web server in existence logs that information by default, usually as data point numero uno.

And helloplease1, if you have any technical points you'd like to discuss, I'd love to hear them, but you can leave the ad hominem attacks on the playground where they belong.

Link to comment
Share on other sites

  • 2 months later...

Sorry but this seems really far fetched. If I was running a huge torrent site I doubt I'd be leaving my name and address around the place either. As for calling for their names to be revealed in order to resotre confidence, why? Btjunkie are way too pro torrent anyway to be from the government, and they only store your email, password, besides ip address.

Link to comment
Share on other sites

  • 1 year later...

Hi All,

I just got this E-Mail from my ISP on a DMCA Infringement Notification. By downloading files. I dont know any other way to download files with out geting in trouble. When i live back up in ct. I had comcast and never once got in trouble. I download over 5TB of files and not once got in trouble. But sence i move down south I started to get in trouble. They said IF i have one more Complaint they will ban me and I will no longer to be able to use any isp providers. Here is what the E-Mail said.

The purpose of this warning is to inform you that CenturyLink has received multiple

notices of copyright infringement sent pursuant to the Digital Millennium

Copyright Act ("DMCA") in connection with your account. The DMCA, passed by

Congress in 1998, allows copyright owners to notify a service provider such as

CenturyLink of alleged copyright infringement carried out on the provider's network.

Copies of the DMCA notifications CenturyLink received are included below.

Please be reminded that unauthorized posting of copyrighted material is a

violation of Qwest's Acceptable Use Policy (AUP) and High Speed Internet

Subscriber Agreement which prohibits use of the CenturyLink Network and Services in

any manner that would infringe, dilute, misappropriate, or otherwise violate

the intellectual property rights of others.

The Qwest Acceptable Use Policy and the High Speed Internet Subscriber

Agreement provides that CenturyLink may suspend or terminate your service for

violation of the AUP and/or Subscriber Agreement.

Please be advised that if this violation continues, or in the event that

additional violations occur, CenturyLink may take further action, including the

suspension or termination of your Service.

Please note that if you use the Internet for Voice over IP services (VoIP)

to support Internet based calling, you will not be able to make any incoming

or outgoing calls, including 9-1-1 calls, from your service address unless

you have Internet service.

Also, disconnection of a bundled service may result in loss of your bundle


If you believe the enclosed DMCA notices were sent to CenturyLink in error, you may

contact the copyright owner directly within the next five (5) days and email a

copy of your correspondence to CenturyLink at abuse@centurylinkservices.net.

CenturyLink will give consideration to this challenge in enforcing its AUP.

If you choose not to challenge the notices, we will assume for purposes of

enforcing our AUP that they were not sent in error.

Complaint Summary:


Ticket # IP Addr Offense Date CustomerID (circ) Download Data

C20766026 2012-02-07 09:08:22 username method=BitTorrent, title='True Blood', filename='TRUE BLOOD Season 1-2-3 Complete 480p x264-BoB'

C20720168 2012-02-04 22:13:04 munleygarmoul549 method=BitTorrent, title='True Blood', filename='True.Blood.S04E11.HDTV.XviD-LOL.avi'

C20633761 2012-01-29 16:28:09 munleygarmoul549 method=BitTorrent, title='True Blood', filename='True Blood Season 4 Complete 720p'

C20588192 2012-01-25 17:43:21 munleygarmoul549 method=BitTorrent, title='True Blood', filename='true blood season 1 DVDRip'

C20396975 2012-01-11 08:02:27 munleygarmoul549 method=BitTorrent, title='Zoolander', filename='Zoolander(2001)[DVDrip]-Spectrael.avi'

C19139230 2011-09-30 14:55:53 munleygarmoul549 method=BitTorrent, title='Harry Potter And The Deathly Hallows Part 2', filename='Harry Potter and the Deathly Hallows Part 2 2011 TS UnKnOwN'

C19034886 2011-09-19 14:28:31 munleygarmoul549 method=BitTorrent, title='Harry Potter And The Deathly Hallows Part 2', filename='Harry Potter and the Deathly Hallows Part 2 2011 TS UnKnOwN'

C19026684 2011-09-17 16:42:26 munleygarmoul549 method=BitTorrent, title='Death Race 2', filename='Death Race Saga'

C19026683 2011-09-17 16:40:54 munleygarmoul549 method=BitTorrent, title='Death Race (2008)', filename='Death Race Saga'

C18863207 14:17:21 munleygarmoul549 method=BitTorrent, title='Harry Potter And The Deathly Hallows Part 2', filename='Harry Potter and the Deathly Hallows Part 2 2011 TS UnKnOwN'

Complaint Details:


Complaint #1

X-From: hbo_p2p-no-reply@copyright-compliance.com

Subject: HBO P2P Notice ID: 315-5233781 Notice of Infringement

To: infring@qwest.com

Content-Type: text/plain; charset="UTF-8"

Date: Tue, 7 Feb 2012 14:35:18 -0800

X-TM-AS-Product-Ver: IMSS-

X-TM-AS-Result: No--19.447-3.0-31-10

X-TM-AS-User-Approved-X-TM-AS-User-Blocked-X-TM-AS-Result-Xfilter: Match text exemption rules:No

X-MSS-For: abuse@qwest.net

X-MSS-Leg-Qwest: true


Hash: SHA1

Qwest Communications Corporation


RE: Unauthorized Distribution of a Copyrighted HBO Television Program

Dear Qwest Communications Corporation:

We are writing this letter on behalf of Home Box Office, Inc. ("HBO").

We have received information leading us to believe that an individual has utilized the below-referenced IP address at the noted date and time to offer downloads of copyrighted television program(s) through a "peer-to-peer" service.

The distribution of unauthorized copies of copyrighted television programs constitutes copyright infringement under the Copyright Act, Title 17 United States Code Section 106(3).

Since you own the below-referenced IP address, we request that you immediately do the following:

1) Disable access to the individual who has engaged in the conduct described above; and/or

2) Take other appropriate action against the account holder under your Abuse Policy/Terms of Service Agreement.

On behalf of HBO, owner of the exclusive rights to the copyrighted material at issue in this notice, we hereby state, that we have a good faith belief that use of the material in the manner complained of is not authorized by HBO, its respective agents, or the law.

Also, we hereby state, under penalty of perjury, under the laws of the State of New York and under the laws of the United States, that the information in this notification is accurate and that we are authorized to act on behalf of the owner of the exclusive rights being infringed as set forth in this notification.

Please direct any end user queries to the following address:

Osama Hussain, Esq.

In-House Counsel

Irdeto (fka BayTSP.COM Inc.) - as an Authorized Agent of Home Box Office, Inc.

3255-3 Scott Blvd. Suite 101 Santa Clara, CA 95054


*pgp public key is available on the key server at <http://pgp.mit.edu>

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...