For services that prefer not to be overwhelmed by DMCA notices or taken offline unexpectedly, 'offshore hosting' is usually considered a positive step. For a major anti-piracy group tackling pirate IPTV providers, 'offshore hosting' enforcement challenges warranted a recent "call to action" at the UN-mandated Internet Governance Forum.

An awful lot has changed in the online piracy world over the last decade, but key fundamentals still underpin the entire ecosystem.

Many platforms depend on IP addresses, domain names, and a functioning DNS, but none can exist without some kind of hosting facility.

Numerous options are available, but service operators who value consistent uptime and a reduced chance of being linked to a piracy-facilitating server, tend to make their choices more carefully than others.

Offshore Hosting
One option is so-called ‘offshore hosting’ but what that actually means is open to interpretation. At a base level, it can mean that a server is based in a country that differs from that of the operator, but that in itself is nothing unusual.

When that second country has a lax attitude to infringement and when third, fourth or fifth countries enter the mix in various ways, ‘offshore hosting’ takes on a whole new character, one of particular interest to pirates hoping to stay both online and unidentified.

Of course, anything that helps pirates necessarily irritates those trying to stop them.

Internet Governance Forum – IGF 2022
The Internet Governance Forum (IGF) held this year’s meeting in Addis Ababa, Ethiopia. Under the overarching theme ‘Resilient Internet for a Shared Sustainable and Common Future‘ the event spanned five days from November 28, 2022, reportedly attracting more than one thousand speakers and visitors from 160+ countries.

The Audiovisual Anti-Piracy Alliance (AAPA) and beIN Sports, who together hold a key interest in tackling pirate IPTV providers, presented at IGAF 2022. AAPA described itself as a group that “lobbies for better antipiracy legislation and enforcement” while building “private and public partnerships to achieve more efficient and effective enforcement.”

aapa members 2022
The AAPA/beIN presentation centered on the challenges of offshore hosting, and as the above image shows, multiple billion-dollar businesses are seeking solutions.

Legitimate use of an ASN or a Subterfuge?
“The hosting provider landscape continues to evolve and has become proliferated with companies using the term ‘offshore’ hosting,” the presentation’s introduction reads.

“AAPA aims to highlight that many of these companies have become synonymous with cybercrime activities. Promoting safety for illicit activities in the knowledge they do not have to comply with national or international laws.”

According to AAPA and member beIN, an offshore host is an entity that is likely to own no physical hardware itself while operating from “fake or questionable” headquarters in countries with poor intellectual property legislation.

AAPA further notes that offshore hosts lease IP addresses from outside ASN-registered territory, while operating servers in the UK, EU and US. This topic warrants an article in its own right but AAPA’s example – an operation with a RIPE ASN, headquarters in Hong Kong, Seychelles IP addresses, and rented servers in the Netherlands – suggests significant challenges.

DMCA Notices Are Ignored
Another claimed feature of offshore hosts is their tendency to absorb DMCA notices rather than do much about them. An AAPA slide provides an example of how this feature is marketed to potential customers, and while they don’t mention the service by name, it wasn’t difficult to find.

An operation known as Koddos is featured in the recent Counterfeiting and Piracy Watch List published by the European Commission. According to the report, it has “office locations in Hong Kong (China) and Seychelles. It is reported by rightholders to consistently ignore their takedown notices.”

dmca messages forwarded
So how do offshore hosting providers manage to deflect DMCA notices when other platforms are expected to respond to them quickly, or else? The answer to that its relatively straightforward once a few terms are understood.

DMCA > RIR > LIR > ASN > AS > Hosts
The internet is not just a network, it’s a network of networks. Some very large internet networks (or groups of networks) are given the label Autonomous System (AS) since they serve the same assigned IP addresses and share a common list of other Autonomous Systems to which they connect.

IANA, the Internet Assigned Numbers Authority, assigns an ASN (Autonomous System Number) to an AS so that it can be identified online. Cloudflare’s ‘post office‘ analogy explains the system perfectly.

“Imagine an AS as being like a town’s post office. Mail goes from post office to post office until it reaches the right town, and that town’s post office will then deliver the mail within that town. Similarly, data packets cross the Internet by hopping from AS to AS until they reach the AS that contains their destination Internet Protocol (IP) address. Routers within that AS send the packet to the IP address,” the company explains.

cloudflare asn
In respect of offshore hosts, AAPA’s example sees ‘Host Company 1’ applying for an ASN number via a Local Internet Registry (LIR), which in turn is a member of a Regional Internet Registry (RIR).

Once the ASN is assigned to Host Company 1, it shares the same ASN with Host Company 2, and Host Company 3….and Host Company 4. From there they work as a team, behind a single ASN, as AAPA’s presentation shows.

aapa-asn-peer
The real stinger here is that any DMCA notices have to be sent to the email addresses registered with the RIR and they have a tendency to go unanswered. Physical addresses registered to the companies are “fake or PO boxes” AAPA says, meaning that identifying who owns them can be difficult or even impossible.

From an enforcement perspective, that’s less than ideal. AAPA reports that during the first six months of the football season, only 10% of the DMCA notices sent to one offshore hosting company were actioned.

“There is no repeat infringer policy. Outreach is ignored and legal action cannot be taken because no one knows where this company is or who the owners are. One company hosts almost 50% of a broadcaster’s infringing streams,” AAPA’s presentation reads.

Whether anything can be achieved in the short term is unknown but by delivering its presentation and “call to action” at the Internet Governance Forum, which operates under a United Nations mandate (pdf), the chances of connecting with powerful ears seems relatively high.

If nothing else, an anti-piracy group venturing this far into ‘enemy’ territory, seeking to disrupt ASNs rather than simple IP addresses, adds a new dimension to this evolving battle.