Hacker News new | comments | show | ask | jobs | submit login
EasyList: Ad-serving domain removed due to DMCA takedown request (github.com)
261 points by marksamman 11 months ago | hide | past | web | favorite | 71 comments



Thanks, just added it to my HOSTS file...

I don't know if the Streisand Effect is going to happen with this one, but it seems very odd that the DMCA could even be applicable here.

Edit: https://www.copyright.gov/help/faq/faq-protect.html#domain

Can I copyright my domain name?

Copyright law does not protect domain names.


> it seems very odd that the DMCA could even be applicable here

This is an invalid takedown request.


Diebold was sued successfully many years ago for DMCA abuse under 512f. See OPG v Diebold. EFF prosecuted and did a great job. Use this precedent!

Disclaimer: I was the plaintiff.


On behalf of everyone who has benefited from the precedent, thanks for fighting it! The EFF helped me with a DMCA abuse that threatened to escalate a few years ago and cited that case in the response.


EFF detail - https://www.eff.org/cases/online-policy-group-v-diebold

Note that HN has an issue linking to Wikipedia pages ending in a period, so add a '.' after this URL: https://en.wikipedia.org/wiki/Online_Policy_Group_v._Diebold....


Someone was kind enough to set up a redirect. :)

You can URL-encode the last character to make HN happy, i.e.:

https://en.wikipedia.org/wiki/Online_Policy_Group_v._Diebold...



It isn't, but legal threats have chilling effects.


It isn't legal but USA has an interesting (as in the curse "may you live in interesting times") legal system where this is rampant and no one will ever be punished for it.

Companies use it to hide criticism (VW with emission, game developers with reviews, etc.) and YouTube is full of whining on their idiotic quasi-DMCA process where companies can claim and then take down or monetize content they don't own (Kevin MacLeod's royalty free music, public domain music, static noise, game reviews that conain gameplay and are negative, etc.) and you have to dispute it and provide your real life details to Google as if they are a court to make it go away.


Yeah, first thing I did was add it to my uBlock filters.


Is just adding the line:

||functionalclam.com^$third-party

to "My Filters" the right way to do it?


I think so.


do you have any services running on the address to which you point such names or do you let the request time out?


I use 0.0.0.0 which is the defined "invalid" address, so any requests immediately fail.


I tried:-

echo "0.0.0.0 functionalclam.com" >> /etc/hosts

but a subsequent http request for http://functionalclam.com resulted in a page served by the web service listening on localhost.

edit: append to, don't clobber /etc/hosts


Try 127.0.0.254 then.


Or 0.0.0.1, and spare yourself the spurious loopback traffic.


Is 0.0.0.0/8 unused or something?


http://tools.ietf.org/html/rfc5735#page-6

It's known as "This" Network.


I've found 192.0.2.0 rather useful. It's designated as a test IP range and shouldn't route anywhere useful in normal local networks.


A quick glance at robtex suggests one would probably be safe to block the IP address: 104.198.107.72

Below are some of the other whimsical domains listed as pointing to this address.

Whether we send one of the names below in our Host: header or some randomly chosen name, we still get the same response, devoid of any content, except an <img> tag to track the user.

    1. anxiousapples.com

    2. beamkite.com

    3. calmfoot.com

    4. chickensstation.com 

    5. consciouscabbage.com

    6. copycarpenter.com

    7. crownclam.com

    8. functionalclam.com

    9. giddycoat.com

    10. guardedgovernor.com

    11. jewelcheese.com

    12. lizardslaugh.com

    13. loudloss.com

    14. photographpan.com

    15. profitrumour.com

    16. quaintcan.com

    17. scintillatingspace.com

    18. scrubsky.com

    19. shallowschool.com

    20. shelterstraw.com 

    21. sinceresofa.com

    22. snakesort.com

    23. storesurprise.com

    24. stormyachiever.com

    25. stormyshock.com

    26. swimslope.com


A much longer, more complete list: (formatted weirdly, but probably better than having it take up 115+ lines.)

abandonedclover.com abruptroad.com actuallysheep.com ambitiousagreement.com anxiousapples.com baskettexture.com bawdybeast.com beamincrease.com beamkite.com boilingbeetle.com brassrule.com broadboundary.com calmfoot.com cherrythread.com chiefcurrent.com chinchickens.com commandwalk.com concernrain.com consciouscabbage.com copperchickens.com copycarpenter.com copyrightaccesscontrols.com crawlclocks.com critictruck.com crownclam.com curtaincows.com cutecushion.com decisiveducks.com delightdriving.com differentdesk.com dk4ywix.com docksalmon.com doubtfulrainstorm.com dragzebra.com elasticchange.com elephantqueue.com exclusivebrass.com flavordecision.com floodprincipal.com functionalclam.com futuristicfairies.com fuzzyflavor.com ga87z2o.com giddycoat.com gorgeousground.com greetzebra.com guardedgovernor.com guitarbelieve.com hilariouszinc.com illustriousoatmeal.com incrediblesugar.com ivykiosk.com jewelcheese.com karisimbi.net limpingline.com lizardslaugh.com lopsidedspoon.com loudloss.com lp3tdqle.com lumpyleaf.com matchcows.com mixedreading.com mowfruit.com ovalpigs.com peacepowder.com photographpan.com pietexture.com possibleboats.com practicetoothpaste.com presetrabbits.com profitrumour.com provideplant.com quaintcan.com quicksandear.com readgoldfish.com receptiveink.com rulerabbit.com saysidewalk.com scarcestream.com scrubsky.com scrubswim.com separatesilver.com shakesea.com shakytaste.com shallowschool.com shelterstraw.com shiveringsail.com shockingswing.com simplisticnose.com sinceresofa.com snakesort.com sneaklevel.com sneakystamp.com spectacularsnail.com spillvacation.com squeamishscarecrow.com storesurprise.com stormyachiever.com stormyshock.com stormysponge.com straightnest.com strivesidewalk.com structuresofa.com succeedscene.com superficialsink.com terribleturkey.com thirdrespect.com throattrees.com tidytrail.com tracedesire.com trickycelery.com tritetongue.com unknowntray.com unusualtitle.com voicevegetable.com


NB: the following domains aren't currently used:

    karisimbi.net
    shallowschool.com


This is nicely formatted. Makes it easy to toss in a hosts file.


Someone needs to inform EFF, this sets an important precedent: Having to alter your software because it references a domain makes it dependent on all data being in line with DMCA requirements interpreted by the copyright holders(that is you can't use your software without complying with terms of domain owner). It transforms control of web experience. Imagine that a domain owner requests you mine some cryptocurrency to load his website and any browser that doesn't send him proof of mining is illegal(in reality this can be done with mandatory JavaScript and cookies checked on server for hash matches) due "access control" portion of DMCA. Most software makers can't afford to ignore DMCA or fight it.


IANAL, but I'm guessing the DMCA takedown request cites "circumvention of access control."[1] Would be useful if the maintainer published the request.

1. http://blockadblock.com/adblocking/is-adblock-plus-violating...


That would be a very odd interpretation of that phrase --- because when one usually thinks of "access control" and the DMCA, circumvention is about allowing access to copyrighted work. Adblocking is essentially all about disallowing access.

But if that interpretation does hold up in the courts, it could lead to a very slippery slope where it becomes illegal to refuse to consume specific content. The equivalent of not being able to change the channel on the TV or go do something else when the adverts start, or even... just close one's eyes and ears.


If I understood it correctly, that article is about anti-adblock, which denies access if you have an adblock. That is, the DMCA wouldn't apply to adblock, but would apply to anti-anti-adblock.

Yes, it does seem like a bizarre legal theory, since a simpler way to bypass the anti-adblock would be to disable the adblock. That is, it would be a DMCA violation to not block ads, since by not blocking ads you're bypassing the anti-adblock and watching the content!


Hope you're wrong because this is starting to look like a Black Mirror episode.


Fifteen Million Merits (S01E02) to be specific.


I really don't see what's preventing a site from saying, "in order to use this site you must turn off all forms of content filtering" and have that be enforced by a court.

I could see ad blocking spun as an unauthorized derivative work.


I am a lawyer, and "circumvention of access control" means defeating DRM measures, like when you rip a CD or DVD to make a copy on your computer. Someone would have to really torture their reading of the law to come up with "writing down a domain from which ads are served is prohibited by the DMCA."


It's the part that says "impairing a technological measure without the authority of the copyright owner" that I wonder if they're testing. I agree with you, it's still a stretch (how can the list itself be a violation? it is speech)


From the page you linked to:

"...Prohibited acts therefore include descrambling a scrambled work, decrypting an encrypted work, or otherwise avoiding, bypassing, removing, deactivating or impairing a technological measure without the authority of the copyright owner..."

It likely wasn't functionalclam.com itself that filed the request. Rather, the owner of a site that uses some ad tech hosted there is likely claiming that EasyList is aiding in the impairment of a technological measure they implemented, which according to this interpretation, is a violation of the DMCA.

It would likely be an interesting court battle, but apparently isn't one that the EasyList folks are willing to defend at the moment.


I wonder how it would hold up in court, since EasyList is just a list, not the technology itself (like uBlock for example).

Could my comment "Everyone, please block functionalclam.com" also be subject of a DMCA takedown request then?


Anyone can send you a scary letter claiming anything at any time. Your choices are always A. Ignore it B. Delete your comment or C. Pay a lawyer $500/hour for advice.

People have trouble conceptualizing small probabilities, so that minimum threshold of choosing A and being wrong times "all the money in the world"[1] might be > $500, so it's always rational[2] to delete your comment if you don't want to schedule time with a lawyer.

[1] http://www.pcworld.com/article/223431/riaa_thinks_limewire_o...

[2] https://en.wikipedia.org/wiki/Pascal%27s_mugging


So in other words, scary letters work because they're scary and make people scared. Sounds like the more people choose C the more these scary letters become self-fulfilling.


Can someone provide some context? How can a line in an adblock list be subject to a DMCA takedown request?


Yeah. How did this even happen?


Some people use the term "DMCA" for informal takedown requests. We need to see the actual form or at least get a definitive "yes, it was an actual DMCA" before speculating.


Someone already added a pull request to add it back.

https://github.com/easylist/easylist/pull/500


Yup ;)


For those who don't know what EasyList is:

The EasyList filter lists are sets of rules originally designed for Adblock that automatically remove unwanted content from the internet, including annoying adverts, bothersome banners and troublesome tracking.

https://easylist.to/


I wonder if these were included in the DMCA: unknowntray.com , broadboundary.com , anxiousapples.com , boilingbeetle.com , ... ( https://www.threatcrowd.org/domain.php?domain=functionalclam... )

There appear to be quite a few of these domains, serving the exact same landing page, with Namecheap whois protection, and hosted on Google Cloud.


Other weirdness in the commit log for that event: https://github.com/easylist/easylist/commit/1ba8d4afeec6d562... .

Not finding much else, except they do appear to be hosting ad-block detectionn ( https://unknowntray.com/4430b41e83ded20e5f99d3149b838ba9394d... , ref: https://forum.adguard.com/index.php?threads/resolved-venture... ).

Are they DMCAing about blocking ad-blocker-blockers being a tool to "circumvent copyright access controls"?


IANAL: Seems to me like EasyList would have a fair-use defense here, beyond the fact that I'm pretty sure you can't copyright a domain name (trademark is a different story). They created a curated, novel work using the domain, or they are making commentary on the domain like in a news story (the commentary here being that this domain serves ads).


Maybe someone should contact EFF to see if this might fit in their wheelhouse.



So you just list it because it was on another list, without gathering any proof yourself? What a great list you maintain.

Also slightly disappointing you take PayPal donations, if any party is nasty in the ad industry... it is them.


No. I went to the site first, which explicitly states that it's being used as a tracking domain. Then I added it.


Could you please elaborate where it mentions that it is used a tracking domain? Because I can read, and I don't read anything like this.

It does mention it records metrics to help understanding and authorising access to their site and copyrighted content. Afaik this is called logging; not tracking.


I consider it tracking if a domain is used to log data about users from multiple sites, for a tracking company.


Maybe, just a suggestion, also monitor the list of urls you provide. So many are no longer existing... Maybe if you want to provide this service, try to keep a certain quality.

That includes not listing things willy nilly because YOU think there is proper reason. At some point there will be a party that will call your efforts, in case you keep listing things without proof/reason, defamation or libel...


I do monitor the list. A script runs weekly that checks the validity of hosts in the list, and removes them after a number of failed checks. You can see failed checks in the details of a specific entry (eg: https://pgl.yoyo.org/adservers/details.php?hostname=addealin...).

I don't list things willy nilly. See here for the policy: https://pgl.yoyo.org/adservers/policy.php.


https://blog.getadmiral.com/dmca-easylist-adblock-copyright-...

so.. mr quality control, are you going to remove it again?


In the modern world, logging should be treated as tracking, because it usually is.


So you would favour blocking all sites and services that do any logging? I suggest you cancel your ISP membership if you really don't want to be logged anywhere.

Basically any sane site owner/operator logs access request to his or her site. Certain security policies like PCI also force parties in payment industry to log everything. Why then don't block PayPal? All credit card processors? If you think logging is the same as tracking.

At least then be consistent about it.

Though this was just a shameless plug by that blocklist operator. The url was the topic, he shows that he is is 'bad ass' and just lists it because it was removed at another party via DMCA (claimed by OP). Then says the site EXPLICITLY mentions it does tracking, while it doesn't show this at all.

Those blacklists have a very few unique parties that actually properly collect and maintain a list of urls. The rest just copies the others. Parties like pi-hole etc don't contribute anything, but integrate and copy years old blacklists of each other and then claim to be some internet saviour. If you really care about the connections you have outgoing, use proper egress filtering. (little snitch like apps e.g.) This way you will filter everything, and not just the list of urls that are known by those list maintainers.

If i was that party i'd consider legal actions. And dont read 'i say it doesnt do tracking', i say it doesnt mention it at all on the site, something the blacklist operator does claim. I prefer people have proper proof before claiming something and blacklisting a party.


As with any issue of security and privacy, there are tradeoffs.

> So you would favour blocking all sites and services that do any logging?

I make an effort to block as many as I can without breaking the page I'm trying to visit, yes. Usually this means having umatrix block about half the requests from a site.

> If you think logging is the same as tracking.

Logging by an analytics company, yes. And I do block those; Google is the most common, but this one counts.

> Parties like pi-hole etc don't contribute anything

This is a separate topic, but: Usability counts.


Still my point about the reason for the operator to list the url stands. There is no evidence on that page that says its used in such way, and thats' what reason is mentioned for listing it. And i think that's bad. If he had some proof of network traffic etc, showing tracking via this url, you would not see a comment by me. But stating they explicitly mention something, and its not there... Again could still be used for tracking.. but it certainly doesn't say so.

Usability, thats another topic indeed :) usability, should NEVER compromise quality!

And over years of dealing with many of them, i cannot give them any credit for their quality. Certainly not when i realised, found out, there are only a handful of 'original' source lists. And the rest 95% just blindly copies and appends from others, and never bother to revalidate their own list.

Regardless, this seems to become an endless loop, so lets exit() and i wish all a nice weekend!


Ah, the beauty of version control.


A copy of the request would be nice.


That DMCA request can't be valid.


I wonder if this can be worked around by storing a list of hashed domains to compare to instead?


I see no reason why that solution would not work, however, the overhead- looping all domains/elements, hashing them, then doing a key->value lookup- might not be worth the processing power. Good solution and worth looking into though!


Storing hashes in source repo would make it very hard to manage and I am not sure if processing raw names into hashes as part of build would be any help against such DMCA request.


Perhaps it was an automated DMCA complaint triggered by the target hostname appearing on a non-customer site?


Does not make much sense. Is the website address itself under copyright?


>Is the website address itself under copyright?

No. https://www.copyright.gov/help/faq/faq-protect.html#domain


It doesn't matter. Easylist does not have a registered dmca agent and is not eligible for dmca protection regardless of their response to dmca formated takedown requests.


Wouldn't Privacy Badger block this domain anyway?


Can the list be host fully somewhere else?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: