One of the most common recurring questions in respect of downloading, sharing and even streaming, is whether service X or platform Y is 'safe' to use, from a copyright-infringement perspective. Recent developments show that no matter how safe users think they are, security is something that should never be taken for granted.

When mainstream piracy was in its infancy two decades ago, the majority of file-sharers had no idea that they were even at risk from snoopers. Thanks to a massive wave of lawsuits from the RIAA in 2003, that perception soon changed.

Somewhere around 2004, the MPAA embarked on a parallel campaign to drive the message home to pirates that the Internet is not anonymous.

“If you can think you can get away with illegally swapping movies, you’re wrong,” the ‘You Can Click But You Can’t Hide’ posters read. “Illegally trafficking in movies is not just a dirty little secret between you and your computer. You leave a trail.”

The MPAA also gave unquestionably good advice: the only way to guarantee that users weren’t caught for sharing pirated movies was not to share them at all. Of course, millions didn’t listen and by the time that VPNs really started to take off around 2006/2007, file-sharers were laughing into their keyboards.

The biggest threat back then (as it is now) was sharing torrents without protection. Torrents are public and any rightsholder can monitor them before filing a lawsuit for damages. But by 2009 or so, when streaming sites had already embedded themselves as the next big thing, a whole new click-and-play generation had become complacent again, lulled to sleep by the perceived security offered by third-party hosting sources.

Today, millions of people are streaming content via apps and so-called Kodi boxes, mostly with zero protection. The idea, if people even consider it, is that ‘pirate’ sites can’t or won’t give up their information. That is a dangerous assumption.

As recently documented here on TF, there is a worrying situation playing out on YTS, one of the Internet’s most popular torrent indexes. Taking all the facts at hand and adding in some educated guesses, it seems that after being subjected to massive legal pressure, the owner of that torrent resource may be handing information on some of its users to movie companies.

To many file-sharers, that might seem an outrageous proposition but when faced with multiple six-digit claims for damages, no one should expect anything different. Once the identity of the site’s operator became known to the movie company plaintiffs, the pressure seems to have increased to the point that skin-saving might now be the order of the day. That seems to have been the case at Cotomovies as well.

The thing is, if a torrent site or app developer can be pressured in this way, so can any other site holding potentially incriminating user data. There can be little doubt that many file-hosting and streaming platforms carry detailed logs and if the proverbial hits the fan, they could be handed over. Even some so-called debrid download sites, that appear to offer enhanced security, state that they carry download logs for up to a year.

The bottom line is that if users are expecting pirate sites (or even gray area sites like the now-defunct Openload) not to store their personal information or carry download and upload logs, they are effectively banking on a third-party’s security and their determination not to buckle under the most severe pressure imaginable.

In 2020 and after almost two decades of aggressive litigation, it’s perhaps surprising that anyone is taking such things for granted. But people do. They use their regular email addresses to sign up for questionable services, access all kinds of pirate sites without using a VPN, use their personal PayPal accounts for payments and donations, and generally fail to take seriously what could be a very expensive exercise in complacency.

As an example, just last week a user on Reddit reported that a copyright troll in the US had tracked him down with evidence that he’d shared 20 movies. To put that into settlement terms (to make a lawsuit go away) that could mean paying out $20,000, $40,000 or even $60,000 – a potentially life-changing or indeed life-ruining sum.

A decade-and-a-half ago the MPAA’s “Click But Can’t Hide” campaign declared that the Internet is not anonymous. It was accurate (at least by default) but many people continue to believe that security isn’t important. The truth is, the Internet is getting less anonymous every single year and rightsholders know how to exploit that.

Like the apparent YTS fiasco, expect more preventable ‘surprises’ in the months and years to come.