What’s happened?
Since 2011, the Office of the US Trade Representative (USTR) has been issuing an annual “Review of Notorious Markets for Counterfeiting and Piracy,” also known as the Notorious Markets List (NML).
The report is meant to pressure governments, law enforcement agencies, and businesses to take action against piracy, and it’s no surprise that the US government is behind it: The US is the world’s largest exporter of intellectual property, with $127.39 billion of IP exported in 2022 alone, according to data from to the World Intellectual Property Organization (WIPO). (By comparison, the second-largest IP exporter, Germany, sold $52.97 billion, while the third-largest, Japan, sold $46.46 billion).
Citing data from the Global Intellectual Property Center, the NML said piracy cost the US economy $29.2 billion in 2019 alone – though it’s important to note that number includes physical markets, not just digital piracy.
On the digital side, this year’s NML reiterates many of the concerns over which music and other IP rightsholders have been raising the alarm for some time: Stream-ripping sites, torrent indexing sites, illicit IPTV providers, and some file-hosting services have been flagged for years as key parts of the mechanism by which intellectual property is pirated online.
But one area of this piracy mechanism got more attention in this year’s NML than it has in past years: “Bulletproof” internet service providers and web hosting services, which have made a business model out of ignoring IP takedown notices and other efforts to rein in piracy, in what appears to be a conscious effort to attract those engaged in facilitating unauthorized access to content.
“Bulletproof ISPs are characterized by terms of service that often explicitly advertise leniency in allowing their customers to upload and distribute infringing content,” stated the NML, which can be read in full here. The report added that some rights holders who made submissions to the USTR said the “reliance of pirate sites on these ISPs made it increasingly difficult for right holders to remove infringing content.
“This is especially true where ISPs disguise their ownership and locations, and refuse to respond to right holders’ communications and takedown requests.”
Among the groups and individuals who submitted their comments to the USTR was the Recording Industry Association of America (RIAA), which said these ISPs “support various types of criminality through considerable leniency in the kinds of materials they permit to be uploaded and distributed via their networks. These ISPs do not respond to notices of infringement or warning letters that the ISP is hosting and supporting known infringing sites.”
This comes in the wake of a series of lawsuits by music companies against (presumably non-”bulletproof”) ISPs in the US in recent years. The suits were built on a new, experimental approach to piracy: Suing internet providers who have not done enough to combat piracy by their customers.
The lawsuits have targeted numerous service providers, including Verizon, Altice, Charter Communications, and Grande Communications, among others.
But perhaps the most closely watched of these cases involves Cox Communications. In 2018, Sony Music Entertainment, Warner Music Group, and Universal Music Group sued Cox over repeated infringement of more than 10,000 musical works. In 2020, a jury awarded the three record companies roughly $1 billion in damages, but the case has since been mired in appeals. The case is now set to be decided by the US Supreme Court.
While this year’s NML focuses on a topic that’s not particularly relevant to the music business – illicit online pharmacies and counterfeit medications – much of the rest of the report touches on issues of interest to music rights holders.
It also reviews the proliferation of physical marketplaces where consumers can buy counterfeit goods, including physical music media. Douyin Mall, an e-commerce platform on Douyin, TikTok’s sister service in China, is among those marketplaces.
Here’s a breakdown of the most problematic services, platforms, and businesses enabling piracy, in the view of the USTR:
Identifying ‘bulletproof’ ISPs
Because of their shady business practices, bulletproof ISPs can often be hard to pin down – both in terms of their physical locations and their (copyright-infringing) customers.
This year’s NML lists several bulletproof ISPs and web hosting services, including Squitter (also known as ABC Consultancy), which hosts “a number of online piracy services,” including some called out in the NML report.
“Squitter’s domain registration suggests it may be in the Netherlands, but physical addresses associated with Squitter point to various other countries. Despite stakeholder investigations, the true locations of the site and associated companies are unknown,” the NML stated.
The service “operates under a variety of different names, making it more difficult to track and identify. Right holders state that Squitter has ignored thousands of takedown notices and does not respond to any communications,” the NML added, noting that an associated domain advertised “DMCA ignored” as a feature of its web hosting services, referring to the US’s Digital Millennium Copyright Act.
Also listed in the NML is Amarutu, also known as KoDDos, whose website advertises that “[DMCA] messages will be forwarded to the client for resolution but in most cases action is not required.” No location is given for Amarutu, and the NML noted that “some of the biggest piracy sites use Amarutu services.”
Believed to be operating out of Russia, DDoS-Guard is another web hosting service listed in the NML for its alleged habit of not responding to takedown requests. “DDos-Guard hosts a number of the most notorious cyberlockers and streaming and downloading sites offering pirated content in the world,” the NML stated. (For more on cyberlockers, see below.)
Virtual Systems LLC, believed to be operating out of Ukraine, “provides services to upwards of 5,000 infringing websites and IPTV services, including many sites highlighted in this NML,” the report stated.
“The Virtual Systems website reportedly advertises ‘DMCA Ignored’ hosting services and right holders state that the site continues to ignore thousands of takedown notices and does not respond to any communications.”
Another ISP/web hosting service flagged by the NML is FlokiNET, which “explicitly allows anonymous hosting of content, stating, ‘We do not require any personal details or identification, any valid e-mail address is enough information to be our client,’” the NML stated.
“FlokiNET reportedly has servers in Finland, Iceland, the Netherlands, and Romania and hosts many websites associated with copyright infringing activity.”
In a submission to the USTR last October, which can be read in full here, the RIAA listed two other “bulletproof” ISPs as well: Sweden-headquartered PRQ, which – according to the RIAA – was founded by two of the creators of the notorious torrent-sharing site The Pirate Bay and “has consistently hosted criminal content,” along with Frantech Solutions/BuyVM, a Canadian web hosting service that boasts its servers are located in Luxembourg (among other places) because of the tiny country’s “strong privacy and freedom of speech laws.”
The RIAA described those two, along with FlokiNET and DDOS-Guard, as “the most problematic bulletproof ISPs that support infringing activity relating to music.”
Torrent indexing sites
These “bulletproof” ISP and web hosting services are, of course, just one part of the digital web that enables piracy. The NML also lists numerous torrent-indexing sites – websites that offer users access to torrent files that can be used to download and share infringing media files.
These torrent files have become among the most common forms of file-sharing, and the NML includes a number of them, such as 1337X, which it describes as “one of the most visited pirate sites in Europe.” The site clocked 39 million visitors in August 2024 alone, the NML said, noting that 1337X has been the subject of blocking orders in Australia, Austria, Belgium, Denmark, India, Indonesia, Ireland, Italy, Malaysia, Portugal, and the United Kingdom.
The NML also named the notorious torrent file-sharing site The Pirate Bay, which it says “remains one of the most frequently visited BitTorrent sites in the world” and uses “reverse proxy services to mask the location of its hosting servers.”
The report noted that nearly two dozen countries have issued orders to block the site, including Australia, France, India, Indonesia, Italy, Malaysia, the Netherlands, Spain, Sweden, and the UK.
“A simple change in the country code or other top-level domain allows the site to reappear in top search results.”
Recording Industry Association of America
Also named in the report is Torrent Galaxy, a file-sharing site that grew in popularity following the shutdowns of ExtraTorrent in 2018 and RARBG in 2023.
“Torrent Galaxy has reportedly received over 320 million visits since August 2023,” the NML stated.
All three of these torrent sites were also listed by the RIAA in its submission to the US Trade Representative. The sites “demonstrate they are dedicated to infringement by the way they organize and display the files they index,” the RIAA stated. “Files are typically organized into categories of movie, music, software, and games with file names clearly and unmistakably describing content in a way that the operators know they are distributing torrents for copyright-protected content.”
The RIAA also said that these sites are increasingly registering multiple domains to get around domain blocking orders or seizures, and to avoid being shadowbanned by search engines.
“A simple change in the country code or other top-level domain allows the site to reappear in top search results,” the RIAA noted.
Besides those torrent sites flagged by the RIAA, the NML also listed Russia-hosted Rutracker as “one of the most popular torrent sites in the world, even though it does not provide access to the public and requires users to register an account with a username and password.” The site reportedly received 34.2 million visits from 6.1 million unique users in August 2024 alone.
The NML also lists YTS, also known as YIFY, as a major provider of pirated movies, with over 62,000 high-quality films available, “including high definition, 4K, and even 3D.” The site, hosted in Bulgaria, has been blocked in a number of countries, including France, India, Italy, and the UK, “but frequently changes domain names to avoid enforcement.”
Cyberlockers
File-sharing isn’t the only way to access pirated digital content; one of the simplest is to use file-hosting services – or what the USTR and RIAA call “cyberlockers” – that tacitly allow users to upload pirated content for others to download.
The NML listed a number of these cyberlockers, some of which appeared in previous versions of the report, including France-headquartered 1fichier (which one rights holder reported has a takedown request response rate of less than 17%), Krakenfiles (described as “a major source of infringing content, particularly pre-release music”) and Russia-based Rapidgator.
The RIAA’s submission added a few others, including Dbree, Ddownload, and Turbobit.
“Baidu has been the subject of several copyright infringement cases in China brought by other content distributors, but right holders report little change in the site’s enforcement measures.”
Office of the US Trade Representative
But one service mentioned in the NML, in particular, caught our eye: Baidu Wangpan, a cloud storage service operated by Baidu, China’s largest search engine provider.
“Users of this service are able to share links to files stored on their accounts with other users, and infringing content is reportedly disseminated widely through social media and other piracy linking sites,” the NML stated.
“Baidu has been the subject of several copyright infringement cases in China brought by other content distributors, but right holders report little change in the site’s enforcement measures.”
IPTV (“pirate cable”) and streaming sites (“pirate Netflix”)
Illicit internet protocol TV (IPTV) services and streaming services continue to be a major vector for piracy. IPTV services offer linear TV channels, much like a cable or satellite TV service, while streaming sites operate like Netflix or Amazon Prime Video, allowing users to watch or listen to content typically in an embedded player.
The difference between these services and legitimate IPTV and streaming services is that the pirate versions offer unlicensed content. Among those listed in the latest NML are GenIPTV, one of the largest illicit IP services in the world, offering unlicensed access to 10,000 broadcast and streaming channels, and a library of more than 50,000 copyrighted titles.
Also listed is MagisTV, which operates primarily in Latin America and offers on-demand access to TV shows and movies, as well as live sports and TV channels.
Among illicit streaming services, the NML called out Russia-based VK (Vkontakte), a social networking site operated by Mail.ru Group that allows users to share media files through an embedded player.
“Despite previous actions to improve copyright protection, right holders report that VK’s responsiveness to takedown notices has been inconsistent since 2022 and the site is overall less willing to cooperate with industry,” the NML said.
“Commonly, these [streaming] sites also provide unauthorized downloading of pre-release music, i.e., tracks and albums that have not yet been commercially released to the public.”
Recording Industry Association of America
The report also singled out HiAnime (formerly Aniwatch, formerly Zoro.to), an anime streaming site that keeps changing names as enforcement actions accumulate. The site, which primarily offers streaming of unlicensed anime, received 200 million visits in August 2024, the NML said.
Notably, this year’s NML didn’t mention many of the illicit streaming sites focused particularly on music. For that, we can turn to the RIAA’s submission. The industry group targeted half a dozen of these sites, including Newalbumreleases.net, Intmusic.net, Waploaded.com, Hiphopkit.com, Hiphopda.com, and Itopmusicx.com.
“Commonly, these sites also provide unauthorized downloading of pre-release music, i.e., tracks and albums that have not yet been commercially released to the public,” the RIAA noted.
Stream-ripping
Ever wanted to download a YouTube video, to watch later offline, or ad-free? It might sound convenient, but if that video is copyrighted content, downloading it amounts to piracy.
Interestingly, stream-ripping primarily targets YouTube, the world’s largest video platform, while YouTube owner Google’s search engine is a major avenue for finding such sites.
“The music industry has a program to report stream ripping sites to Google search,” the RIAA noted. “Google will eventually demote these sites in search based on these notices. However, ripper site operators have responded to this effort by creating new domain names to operate through that allow them to reappear at the top of search results.”
The latest NML lists two such services: SaveFrom (which has stopped operating in the US, UK, and Spain, following pressure from rights holders), with 100 million visitors per month, and Y2Mate, with 800 million visits annually.
“Previously, the site had voluntarily limited access from France, Germany, the United Kingdom, and the United States,” the NML noted. “However, these restrictions have reportedly been lifted and the site is now available in these countries.”
“Several sources online indicate that [Snaptube] has been caught distributing malware, stealing users’ data, and generating ad revenue in illegitimate ways.”
Recording Industry Association of America
The RIAA’s submission mentions some other stream rippers, including Ytmp3, Tubidy (where “traffic has increased dramatically since June 2023”), and the Snaptube app, which the RIAA describes as “one of the most problematic” of these services.
Designed for Android devices, Snaptube was banned from app stores but is “accessible through alternative app stores and affiliated websites,” the RIAA reported.
“Several sources online indicate that the app has been caught distributing malware, stealing users’ data, and generating ad revenue in illegitimate ways.”
A CMS just for pirates?
In a sign of just how lucrative piracy has become, the NML flagged the existence of a content management system for pirates. 2embed, as it’s called, “allegedly provides a large library of infringing content obtained by crawling many infringing websites and search engines and scraping infringing content.”
The NML said 2embed “offers its database to other illicit streaming websites and pirate IPTV apps, which can either use 2embed’s services for free (in which case 2embed monetizes the infringing content by inserting advertisements into the streams) or by paying to insert their own ads.”
ByteDance’s Douyin Mall
With music increasingly shifting to digital, physical marketplaces aren’t the primary target of the music industry’s efforts to squash piracy. Yet they still matter to an extent, especially given the resurgence of vinyl’s popularity.
Which is why it’s interesting to note that, among the dozens of real-world and online markets identified by the NML as selling pirated goods is one owned by a major player in the music space: The ByteDance-owned Douyin Shangcheng (Douyin Mall), an e-commerce platform on Douyin, TikTok’s sister app in China.
Despite Douyin’s purported efforts to crack down on piracy – which includes a takedown mechanism with multiple reporting portals and a one-stop platform for managing IP infringement reports – “stakeholders have described a ‘rocketing’ increase in the amount of counterfeit goods on the platform, an ineffective notice and takedown system, and reported lengthy delays in response to takedown requests, with little to no feedback on right holders’ complaints,” NML reported.
A final thought…
All of these various “businesses” listed above highlight an uncomfortable fact for intellectual property owners: Piracy is hugely lucrative. How else can you explain the existence of a content management system for pirates? Piracy is so big that it has triggered the launch of SaaS (software-as-a-service) companies just for illicit buying, selling, and sharing of content.
For the larger and more popular of these piracy services – be they cyberlockers, stream-ripping sites, or file-sharing indices – the threat of prosecution and shutdown may simply be part of the cost of doing business. Changing domain names once every now and then might be inconvenient, but if it keeps the site running, it may be worth it.
Faced with this reality, the music industry and other rights holders will have to be strategic – and aggressive – in their approach.
In some markets, particularly lower-income ones, cutting the cost of accessing content legally could reduce the appeal of piracy. In other cases, incentives will have to be created and commitments pursued. For instance, trade agreements can include clauses committing signatory countries to step up anti-piracy efforts, as we’ve seen with some trade deals in recent years.
Finally, just as brick-and-mortar retailers contend with shoplifting, so too do sellers of IP contend with piracy. That’s not an argument for complacency – after all, the cost of theft is ultimately borne by the rest of us, who consume content legally – but it is an argument for patience. The world of digital IP is still relatively new, and the avenues for combating piracy are still being worked out.
In the meantime, the USTR’s Notorious Markets List sends a clear message to the burgeoning piracy business: We’re on to you.Music Business Worldwide
