In December of last year, a YouTuber by the name of Lord Nazo received copyright takedown notices from CSC Global — the brand protection vendor contracted by game creator Bungie — for uploading tracks from their game Destiny 2’s original soundtrack. While some content creators might remove the offending material or appeal the copyright notice, Nazo, whose real name is Nicholas Minor, allegedly made the ill-fated decision to impersonate CSC Global and issue dozens of fake DMCA notices to his fellow creators. As first spotted by The Game Post, Bungie is now suing him for a whopping $7.6 million.
“Ninety-six times, Minor sent DMCA takedown notices purportedly on behalf of Bungie, identifying himself as Bungie’s ‘Brand Protection’ vendor in order to have YouTube instruct innocent creators to delete their Destiny 2 videos or face copyright strikes,” the lawsuit claims, “disrupting Bungie’s community of players, streamers, and fans. And all the while, ‘Lord Nazo’ was taking part in the community discussion of ‘Bungie’s’ takedowns.” Bungie is seeking “damages and injunctive relief” that include $150,000 for each fraudulent copyright claim: a total penalty of $7,650,000, not including attorney’s fees.
The game developer is also accusing Minor of using one of his fake email aliases to send harassing emails to the actual CSC Global with the subject lines such as “You’re in for it now” and “Better start running. The clock is ticking.” Minor also allegedly authored a “manifesto” that he sent to other members of the Destiny 2 community — again, under an email alias — in which he “took credit” for some of his activities. The recipients promptly forwarded the email to Bungie.
As detailed in the lawsuit, Minor appears to have done the bare minimum to cover his tracks: the first batch of fake DMCA notices used the same residential IP address he used to log-in to both his Destiny and Destiny 2 accounts, the latter of which shared the same Lord Nazo username as his YouTube, Twitter and Reddit accounts. He only switched to a VPN on March 27th — following media coverage of the fake DMCA notices. Meanwhile, Minor allegedly continued to log-in to his Destiny account under his original IP address until May.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Bungie slammed YouTube’s Digital Millennium Copyright Act (DMCA) process in a lawsuit against 10 John Doe defendants accused of sending fraudulent takedown notices against Destiny 2 videos.
“Doe Defendants were able to do this because of a hole in YouTube’s DMCA-process security, which allows any person to claim to be representing any rights holder in the world for purposes of issuing a DMCA takedown,” Bungie wrote in a complaint filed Friday in US District Court for the Western District of Washington. Bungie continued:
In other words, as far as YouTube is concerned, any person, anywhere in the world, can issue takedown notices on behalf of any rights holder, anywhere. A disgruntled infringer or a competitive content producer, for example, can issue takedown notices purportedly on behalf of Disney, or Fox, or Universal—or even Google itself. All they need to do is: (1) fill out the video removal form… (2) have a Google account—including, upon information and belief, one created that same day and with fake information; and (3) fill out information and click verification buttons fraudulently certifying that they have the right to submit the takedown request, with no verification done by YouTube.
While YouTube and its owner Google were not named as defendants, they feature heavily throughout Bungie’s complaint. The 10 Doe defendants haven’t been identified yet because of “the Byzantine procedural labyrinth Google required before it would address the fraud its users were committing, let alone identify who its fraudsters were,” Bungie wrote.
The fraudulent notices were apparently sent in retaliation by Destiny 2 players who had received Bungie’s legitimate takedown requests, the lawsuit said. The fraudsters apparently targeted other YouTubers who had received official Bungie takedown requests and then sent emails to the victims that claimed the official Bungie notices were also fraudulent.
“YouTube’s easily gamed reporting system”
The fraudulent notices began on or around March 17 and targeted Destiny YouTubers including My name is Byf and Aztecross, who have 967,000 and 595,000 subscribers, respectively. Even Bungie’s official Destiny YouTube channel got served a fraudulent takedown notice, the lawsuit said. The notices were sent from “a fake Gmail address that was, upon information and belief, newly created, which did not match the addresses used by Bungie’s brand protection vendor for legitimate DMCA notices.”
“Thanks to YouTube’s easily gamed reporting system, the attack was a success, and videos were removed (and YouTubers given ‘copyright strikes’ that, under YouTube rules, threaten the future viability of their YouTube channels) on the basis of the Fraudulent Takedown Notices,” Bungie wrote.
Afterward, “the Destiny community was bewildered and upset, believing that Bungie had reneged on a promise to allow players to build their own streaming communities and YouTube channels on Destiny 2 content. Destiny community members were also misled to believe that Bungie’s brand protection agent was also fraudulent, causing confusion among users as to the authenticity of legitimate DMCA notices,” Bungie said.
Bungie said its attempt to solve the problem was “complicated by the fact that while YouTube has a form that allows anyone to claim to represent a copyright holder and issue copyright strikes, it has no dedicated mechanism for copyright holders who are being impersonated to let YouTube know about the DMCA fraud.”
When contacted by Ars, a YouTube spokesperson said, “We take abuse of our copyright takedown process seriously and terminate tens of thousands of accounts every year for violating our policies, which prohibit submitting false information in a takedown request. We’ll continue our work to prevent abuse of our systems, and we’re committed to taking appropriate action against those who knowingly misuse our tools.”
YouTube also said that copyright law compels the website to take DMCA complaints at face value and quickly remove content when someone alleges their copyrights are being violated. YouTube further said it has employees and systems that work to detect suspicious behavior but acknowledged that trolls and bad actors can sometimes circumvent the measures.
Bungie seeks defendants’ real names
Bungie uses the vendor CSC Global to send its actual takedown notices, which are sent only after specific approval from Bungie’s legal department, the lawsuit said. After learning of the fraudulent Aztecross takedown, “CSC issued a retraction notice requesting reinstatement of the video, but on Monday, March 21 it reported that YouTube had denied the retraction request because the retraction notice was not sent from the same email that had issued the initial Fraudulent Takedown Notice,” Bungie’s lawsuit said.
At 3:18 pm local time on March 22, after more urgent requests from Bungie, “Google provided an update: it had terminated the accounts that submitted the fraudulent requests and all fraudulent submissions would be reversed, but Google would not share any information identifying who the fraudulent users were, including channel identifiers, email addresses, or other identifying information, without a law enforcement request or civil process. Fortunately for the people whose videos were targeted by the Fraudulent Takedown Notices, Bungie has the financial resources to begin that civil process in order to meet Google’s requirements.”
Bungie’s lawsuit said it is “entitled to damages and injunctive relief, including enhanced statutory damages of $150,000 for each Fraudulent Takedown Notice that willfully infringed Bungie’s copyrights.” Bungie also accused the defendants of business defamation, violation of the Washington Consumer Protection Act, and breach of contract (the Destiny 2 software license agreement). Bungie said it suffered “significant reputational and economic damage.”
As players continue to criticize the recently releasedGTA Trilogy remastered collection, Rockstar Games parent company Take-Two Interactive has decided this is the perfect time to use DMCA takedown notices to remove some more GTA mods and fan projects.
On November 11, according to the folks over at the GTA modding site LibertyCity, Take-Two contacted them and used DMCA strikes to remove three different GTA-related mods. The three removed mods are listed below:
GTA Advance PC Port Beta 2
The Lost and Damned Unlocked for GTA 4
GTA IV EFLC The Lost And Damned (65%)
GTA Advance PC Port is a fan-developed project attempting to port the game into the GTA 3 engine. Developed by Digital Eclipse, GTA Advance was only released on the GameBoy Advance in 2004.
The Lost and Damned Unlocked for GTA IV is a mod released in 2009 which lets players swap out the star of GTA IV, Niko Bellic, with the protagonist of the Lost and Damned DLC, biker Johnny Klebitz. It also included some new biker outfits and icons.
Finally, GTA IV EEFLC (65%) isn’t even a mod! It’s just a save file for the game that lets players start from 65% completion. Yes, Take-Two used a DMCA strike against a save file for a game released over a decade ago.
These are just the latest in a growing number of GTA mods Take-Two has gone after and removed using legal DMCA notices. Over the last year, the company has been on a takedown spree, like a GTA character on a rampage. It has also sued fan devs over source code projects and led to some old mods, like GTA Underground, shutting down over fears of more legal and financial trouble.
G/O Media may get a commission
The last time these kinds of mod takedowns happened, they mostly targeted classic PS2-era GTA games, like Vice City. Not long after, and following Kotaku’s own report in August, Rockstar confirmed remastered versions of all three classic PS2 GTA games were to be released this year. Those games have since released earlier this week to mostly negative reactions, with fans sharing numerous bugs and graphical glitches on Twitter and Reddit.
Because of what happened last time, some are speculating that these takedowns are evidence that a GTA IV remaster might be coming sometime in the future. According to sources who have spoken to Kotaku in the past about Rockstar’s future remasters, GTA IV as well as Red Dead Redemption remasters are possible. Though plans can and do change and with the recent backlash facing the GTA remasters, Rockstar might be more hesitant to greenlight future re-releases.
Regardless of if these takedowns are evidence of a future GTA IV remaster or not, it still is a frustrating situation for modders and community devs who have spent decades improving, porting, and maintaining the classic GTA games, allowing fans to play them years after Rockstar had moved on. Kotaku spoke to some modders who seemed fed up with Rockstar and many more have moved on to other games from other companies, worried about the potential legal pitfalls for continuing to mod Grand Theft Auto titles.
Despite unprecedented growth and burgeoning mainstream acceptance—or perhaps, in part, because of them—Twitch’s past year and change has been defined by DMCA woes. While it doesn’t seem like they’re going to abate anytime soon, a developer has created an intriguing workaround.
Per TorrentFreak, a game developer named Peter “Pequeno0″ Madsen is working on a Twitch extension called SpotifySynchronizer. The basic idea is relatively simple: The extension, which you can download on Twitch, syncs viewers’ Spotify accounts with a streamer’s so that viewers can listen to what the streamer is listening to—but via official channels instead of secondhand. In theory, viewers hear all the same music at the same time as the streamer, but musical artists (or, more accurately, Spotify and labels) still get paid. Meanwhile, viewers who aren’t using Spotify just hear standard game audio.
What this means is that even though it’s a sneaky backdoor solution to Twitch’s problem du jour, it’s above board. Madsen made this happen by working within the bounds of Twitch and Spotify’s APIs, which both companies provide freely to developers.
That said, there’s some jank to it. For example, streamers have to press a “force sync” button if they want to switch to different music mid-song. This was born of limitations within Spotify’s API, but unfortunately, every bit of friction means that the bulk of streamers and viewers are less likely to use it. Also—and this should go without saying—Twitch’s DMCA dilemma is the kind of monster you can’t slay without cutting off countless heads, and Madsen’s Twitch extension only takes aim at one or two, tops.
Madsen said SpotifySynchronizer was inspired, in part, by GTA RP streamers who listen to music to accentuate the vibe of whatever crimes or fast-food industry work they might be doing, but streamers have historically used music for a plethora of other purposes. They’ve also run afoul of the music industry’s ever-watchful automated eyes due to ancient VODs from eras long before labels ever cared about Twitch, in-game sound effects, and other forms of audio that aren’t even music.
G/O Media may get a commission
All of which is to say that SpotifySynchronizer is a cool idea, but not a silver bullet. That said, it still represents ingenuity that arguably outstrips Twitch’s own efforts, which have largely revolved around giving streamers ways to nuke their own content from orbit, just to be safe. It will be interesting to see if big streamers turn this extension into a Twitch mainstay, or if it ultimately fades into quiet obscurity.
CD Projekt Red is taking some quick steps to stop the spread of its games’ source code, particularly via social media. The company had game code stolen and allegedly sold off as part of a hack earlier this month, and the company is doing everything in its power to prevent the code for games like Cyberpunk 2077 and The Witcher 3 from spreading online. One strategy it’s using is serving DMCA notices to those trying to share the code online. It remains to be seen how effective this strategy will be.
According to Vice, on Thursday, February 18, two different Twitter users were notified of a DMCA takedown related to sharing code for the card game Gwent. At least one of the tweets in question contained a link to the game’s source code.
The hackers left a ransom note after committing the attack against CD Projekt, but the company said it wasn’t going to give in to these demands when it initially shared the news, knowing the data could be released if it didn’t agree.
The note itself said four different projects’ source code was stolen, including the aforementioned three games as well as an unreleased version of The Witcher 3. Other administrative data was stolen, as well. Plenty were quick to jump in with jokes about how the interface for hacking in Cyberpunk 2077 made this all possible.
CD Projekt Red continues working on updates to improve Cyberpunk 2077, as its public image took a huge hit in December when the game released in a borderline-broken state. The game was even pulled from sale on PlayStation Store, and refund programs were enacted for unhappy customers. True next-gen versions are planned for later this year, and there is also a multiplayer experience on the way.