Reference Manual


HOW TO protect users against 'Abmahnungen'.

The recent wave of Abmahnungen (Copyright Infringement Notices) in Germany has been shown to be a carefully planned, fraudulent scam. Such scams rely on users accessing web pages that load additional content from other sites for the purpose of tracking the user's browsing habits. Examples of such tracking sites are www.google-analytics.com, tracker.vinsight.de and trafficholder.com.

Tracking sites record (at the very least) the IP address of the user and the HTTP Referer header field. That field contains the URL of the page from which the tracking request came. User tracking is widely used on the Web, with almost all sites linking to at least www.google-analytics.com and often to several others as well.

The problem with this is that many thousands of such tracking sites exist, and the vast majority of them cannot be trusted. Many of them will, for a fee, redirect to a third site before returning the user to the original site. That third site is also completely untrusted and could easily be recording IP and Referrer details on behalf of some other party.

In some countries, unscrupulous lawyers who have created such sites for tracking purposes can approach a local court and obtain the name and address of the user to which the IP address was assigned at the time. An Infrigement Notice is then issued.

In the case in question, sites that linked to trafficholder.com were redirected to another site movfile.net to which the lawyer in question most likely had access. That site then silently redirected back to the original site without the user noticing. The lawyer then presented a list of IP addresses to a court and requested name and address details on the grounds that the users had violated copyrights. A 250 Euro Infringement Notice was then issued, of which 15.50 Euro was paid to the alleged Copyright Holder.

[UPDATE 27.1.2014] The court in question has since ruled that it should not have released the address details in the first place and that the Infringement Notices are therefore illegal. [More]

The black-list used by NAT32 has included the trafficholder.com domain for over a year, and this means that NAT32 users will definitely have been protected against this scam.

SEE ALSO

Honeypot, No Google, HTTPS
Edit this page Back