My ISP thinks I downloaded GoT, but I didn't. What's going on?
April 26, 2016 5:54 PM   Subscribe

I guess Canadian ISPs are starting to contact pirates to say that their downloading has been detected, and warning them that the copyright holder has been notified. I just got one of these popups, and it says they caught me downloading the season 6 opener of GoT last night. Except I don't download torrents, haven't ever seen an episode past season 1, and nobody else has access to my network. What's the explanation?

I'm not concerned about repercussions from HBO. I can't imagine they'd go after someone they suspect of pirating a single episode of a single show. But something must have caused me to get flagged, and I'd rather this not happen again.
posted by GhostintheMachine to Technology (16 answers total) 1 user marked this as a favorite
It would be real weird for them to send you a pop-up rather than a paper or email letter. Especially if you've never knowingly downloaded any ISP software, which you should be highly suspicious of and probably remove if you have.

Have you run a malware scan recently?
posted by Lyn Never at 6:01 PM on April 26, 2016 [21 favorites]

In the US, you would get a letter through your internet provider. (I'm sure you can imagine how I know this...) I don't know if it happens the same way in Canada. Sounds fishy either way, though.
posted by ancient star at 6:04 PM on April 26, 2016

"Eastlink uses DNS injection to send notices and they don't care if you read them or not. Just like Bell doesn't care if you read the email they send.
Bill C11 just states that they have to forward the complaint along to the subscriber in some manner. As long as they comply with that, they have complied with the law."

Reddit discussion
posted by FallowKing at 6:12 PM on April 26, 2016 [2 favorites]

Any idea if your IP address from the ISP changes? (Uh, monitor some what is my ip sites, but i dont know which are dodgy or not) If it does the notice might have been for someone who downloaded with your IP previously.

I'd automatically assume any unexpected web popups are dodgy unless you can verify with your ISP about there veracity.
posted by TheAdamist at 6:39 PM on April 26, 2016 [1 favorite]

imho, the most likely explanations are, in rough order:
- someone in your household isn't as reliable as you think
- your network isn't as secure as you think
- the popup itself was spam / malware
- you have malware running on a computer connected to the network that is downloading stuff
- the hbo report had an incorrect time and your ip address is dynamic (so the report was actually for a time when someone else was assigned that address)
- your isp messed up in associating addresses and customers
you might be able to configure your router to block common ports (or track usage) to address the first couple of points.
posted by andrewcooke at 7:25 PM on April 26, 2016 [9 favorites]

Do you have a passwordless (or any, ultimately) wifi access point?
posted by rhizome at 7:48 PM on April 26, 2016

I just got one of these popups

What popups? If it's a thing you saw during the course of ordinary web browsing then my hunch is that this is a spam popup that knew nothing about you or what you had or hadn't downloaded.
posted by The Monkey at 8:39 PM on April 26, 2016 [4 favorites]

Yeah, I'm voting for spam or malware. A notice like that wouldn't be a popup.
posted by MexicanYenta at 9:16 PM on April 26, 2016

Its not impossible for this to be malware.

But it very much is possible for your ISP to inject a script to cause a popup over legitimate HTTP traffic and a technique that has been used by multiple ISP's over the years as a mechanism for sending notifications to customers. It does not require you to install any custom software it just requires you to request a webpage over http.

This has been done by ISP's many times from Comcast in the US to Delta/ Eastlink and Rogersin Canada.

I think the notice is legit. You might want to make sure your network is secure.
posted by bitdamaged at 9:33 PM on April 26, 2016 [4 favorites]

Your ISP did NOT send you a notice about illegal downloading via a pop-up.

Nope. No way. No How.

A legitimate notice will come as a cease and desist, from a lawyer, or the ISP's legal department. Also, I've never heard of being contacted for downloading, only seeding.
posted by humboldt32 at 3:00 AM on April 27, 2016 [1 favorite]

Your ISP did NOT send you a notice about illegal downloading via a pop-up.

Yes, they did. What I received was exactly as indicated here. So the notice is legit.

Household consists of my technophobic wife, my seven year old, or my 13 year old son. And yeah, that third option is most suspect, but he hates SF/fantasy, isn't as technologically adept as a teenager should be, and only has access to an iPod Touch.

WiFi, maybe? I've got a pretty strong password (random upper, lower, number combo), but maybe there's an opening. Still, very strange.
posted by GhostintheMachine at 3:41 AM on April 27, 2016 [1 favorite]

what's the password protocol? older routers using WEP passwords were pretty easy to crack. WPA / WPA2 is harder. so if you're still using WEP change to WPA(2) (it should say in the router config screen, and i think my laptop (linux) displays a different icon (yellow shield instead of red / green) for WEP).
posted by andrewcooke at 4:25 AM on April 27, 2016

I know someone who had this happen and we did a lot of detective work with the ISP. It turned out someone had hacked their wifi password. I'd start by changing the wifi password.
posted by beyond_pink at 5:51 AM on April 27, 2016

Does you son have friends that are neighbors or friends that may come over and use the wifi from time to time? I assume he knows the password - might he have given it out to someone else?

FWIW, it is possible to torrent on a (rooted) iPod touch.

Either way, my brother was a young teenager when he (definitely did) download something that triggered a notice like that, and it was a good age to have a relatively nuanced family discussion about the ethics of downloading, potential repercussions, etc. Not to say that none of us kids ever downloaded anything ever again, but it brought it out in the open and made it clear that our parents weren't idiots about our technology use. Doesn't solve your original issue, but hey, maybe it's kind of an upside...?
posted by R a c h e l at 5:55 AM on April 27, 2016 [2 favorites]

This is called notice and notice, and for the most part your ISP doesn't care about it. I say for the most part, because if 75% of one's notice and notice activity is all for the same user, that's a good candidate to dump or nudge in the direction of getting a VPN.

First of all, no one knows what *you* did. It's all based upon your IP. Is your wifi open? Is your password bad/guessable. As someone else mentioned, could your son have given out your wifi password? Are you using WEP instead of WPA? If so, it's quite possible that this is your neighbor, and you should be happy that it's your ISP giving you notice rather than CSIS or the RCMP coming because of worse downloads.

Even if your wifi/network is secure, one of more of the machines on your network could be the source. Heck, it could be the cable/dsl modem (not super likely, but there's a number of exploits for various modem/routers.

Lastly, either your ISP, or the copyright collector might have some bad data. In theory with timezones everything is exact. In actuality, spot checking the notices we recieve; we occaisionally get multiple copies, and we occaisionally receive hits for IP's which 100% were not in use at that time according to our data (and I know on the backend that it's all consistently in UTC and yes, radius stop/update packets are udp, and ours only have 3 retransmit attempts, but our network is solid enough that I solidly believe no one was on that IP. And no, our dsl/cable customers cannot spoof their IP (of course, someone else good, but they couldn't effectively download via the spoofed IP, unlike a customer could in theory spoof an IP in the /24 if our networking was crap)).

The copyright police know that notice and notice is only notice, so they don't really have a pressing need to be 100% accurate. If they accidentally log in local time, or with a machine without ntp keeping time in sync, it's no skin off their back; they won't be taking this to court.

Don't worry about it, but now's a good time to have a discussion with your kids about network security, and scan all systems for malware and check out any phones/tablet/ipods.
posted by nobeagle at 7:06 AM on April 27, 2016 [1 favorite]

I don't know if this is the explanation, but it might be an explanation.

Presumably you've got a dynamically allocated IP number on your cable modem, meaning it changes from time to time. Eastlink might keep records of which MAC address (which uniquely identifies your cable modem) was associated with which IP number at certain times, or they might not, or they might but the records are inaccurate.

If HBO sent Eastlink a complaint saying "we detected IP number downloading GoT, go send them a nastygram," Eastlink might have said "fine, we'll insert a nastygram into the traffic on," without really paying attention to whether the IP number had changed in the meantime. It's also possible that HBO didn't give Eastlink an accurate timestamp, or any timestamp, with which to correlate IP numbers to MAC addresses, even if Eastlink could make that correlation. In the USA, big media companies send notoriously ill-formed DMCA takedown notices (which are different, but related).
posted by adamrice at 8:53 AM on April 27, 2016

« Older Contact between dates   |   Trash-ure Hunt Newer »
This thread is closed to new comments.