Thursday, December 30, 2021

DMCA To The Rescue!

In NFTs and Web Archiving I pointed out that the blockchain data representing an NFT of an image such as this CryptoPunk is typically a link to a Web URL containing metadata that includes a link to the Web URL of the image. That post was about one of the problems this indirect connection poses, that since both the metadata and the data are just ordinary Web URLs they are subject to "link rot"; they may change or vanish at any time for a wide variety of reasons.

I Confess To Right-Clicker-Mentality discusses another of the problems this indirect connection causes, namely that trying to create "ownership", artificial scarcity, of an image represented by a Web URL is futile. Anyone can create their own copy from the URL. Miscreants are now exploiting en masse the inverse of this. Because art images on the Web are URLs, and thus easy to copy, anyone can make a copy of one and create an NFT for it. No "ownership" of the image needed. Liam Sharp suffered this way:
Yet another externality of cryptocurrencies!

Follow me below the fold for an explanation of how the DMCA was used to fix the problem.

The Digital Millennium Copyright Act (DMCA) was passed in 1998. It mandates a "notice and takedown" process for copyright content online, which has ever since been problematic:
First, fair use has been a legal gray area, and subject to opposing interpretations. This has caused inequity in the treatment of individual cases. Second, the DMCA has often been invoked overbearingly, favoring larger copyright holders over smaller ones. This has caused accidental takedowns of legitimate content, such as a record company accidentally removing a music video from their own artist. Third, the lack of consequences for perjury in claims encourages censorship. This has caused temporary takedowns of legitimate content that can be financially damaging to the legitimate copyright holder, who has no recourse for reimbursement. This has been used by businesses to censor competition.
2016's Notice and Takedown in Everyday Practice by Jennifer M. Urban, Joe Karaganis & Brianna Schofield reported on the problems:
It has been nearly twenty years since section 512 of the Digital Millennium Copyright Act established the so-called notice and takedown process. Despite its importance to copyright holders, online service providers, and Internet speakers, very little empirical research has been done on how effective section 512 is for addressing copyright infringement, spurring online service provider development, or providing due process for notice targets.
The findings suggest that whether notice and takedown “works” is highly dependent on who is using it and how it is practiced, though all respondents agreed that the Section 512 safe harbors remain fundamental to the online ecosystem. Perhaps surprisingly in light of large-scale online infringement, a large portion of OSPs still receive relatively few notices and process them by hand. For some major players, however, the scale of online infringement has led to automated, “bot”-based systems that leave little room for human review or discretion, and in a few cases notice and takedown has been abandoned in favor of techniques such as content filtering. The second and third studies revealed surprisingly high percentages of notices of questionable validity, with mistakes made by both “bots” and humans.
Now, via one of David Gerard's invaluable news posts we find this innovative solution to Liam Sharp's problem.

The leading site for creating and trading NFTs is OpenSea. Because they are focused on making a quick buck from the muppets, not the long-term future of their NFTs, they store the images in Google's cloud. This provides victims like Sharp with an opportunity. Because major corporations like Google operate an automated DMCA takedown mechanism victims can send Google a takedown notice. The result will be that the fraudulent NFT will end up pointing to "404 page not found". @CoinersTakingLs explains:


David. said...

Adi Robertson reports on Two NFT copycats are fighting over which is the real fake Bored Ape Yacht Club:

"A pair of non-fungible token projects are testing the boundary between plagiarism and parody. Digital marketplace OpenSea has banned the PHAYC and Phunky Ape Yacht Club (or PAYC) collections, both of which are based on the same gimmick: selling NFTs with mirrored but otherwise identical versions of high-priced Bored Ape Yacht Club avatars. Now the dueling projects are selling their apes while dodging bans from other marketplaces, becoming the latest example of how the NFT world handles copied art.
Somewhat ironically, PAYC and PHAYC have since fought on Twitter over which one is the authentic Bored Ape Yacht Club ripoff, with PAYC’s founder referring to PHAYC as a “cash grab fraud project.” PHAYC charged people to mint its apes, and CoinDesk reports that it took in around 500 ETH (or around $1.8 million) in sales. By contrast, it says PAYC earned around 60 ETH (or roughly $225,000) from its paid sales."

David. said...

Brian Eno is a very smart guy, and Evgeny Morozov's interview with him is a must-read:

"I see a set of solutions but I don’t know what problems they exist to solve other than 'How can we use these to absorb all this spare money that’s washing around?'. Most of the conversation I hear is asking the question ‘What could we do with these technologies?': which doesn’t mean 'how could we change the world into a better place?' but 'How could we turn them into money?'.
NFTs seem to me just a way for artists to get a little piece of the action from global capitalism, our own cute little version of financialisation."

David. said...

Mike Masnick's Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title is yet another illustration of how incredibly "problematic" the DMCA's "notice and takedown" system is because there is no penalty for false notice.

David. said...

It turns out that the attack surface of the NFT ecosystem is even bigger than we thought. In DISCORD HACKING IS THE NEWEST THREAT FOR NFT BUYERS, Corin Faife reports on how trust in trustless systems can be abused:

"nOn Tuesday, December 21st, two NFT projects fell victim to the same attack. Like many projects in the crypto world, the NFT collection Monkey Kingdom and in-game asset marketplace Fractal both engaged heavily with their communities through Discord chat servers. Both projects were about to distribute rewards to their community members: Monkey Kingdom through an NFT presale on the day of the 21st and Fractal through a token airdrop — essentially a free distribution to early supporters — a few days later.

Then, disaster struck. Posts appeared in the official “announcements” channel of each project claiming that a surprise mint would reward community members with a limited edition NFT. Hundreds jumped at the chance — but for those who followed the links and connected their crypto wallets, a costly surprise was waiting. Rather than receiving an NFT, wallets were being drained of the Solana cryptocurrency, which both projects used for purchases."

The loot amounted to around $1.5M - a nice little haul. Faife writes:

"Neither attack targeted the blockchain or the tokens themselves. Instead, the thieves exploited weaknesses in the infrastructure used to sell the tokens — specifically, the Discord chatrooms where NFT fans gather. It’s a reminder of a persistent weakness in the growing NFT economy, where surprise drops have primed buyers to move fast or risk missing out. But the same techniques that hype up a sale can also open the door to hackers — and in this case, a single compromise can end up spreading to more than one community at once."

David. said...

Kevin Collier's NFT art sales are booming. Just without some artists' permission. illustrates yet another failure of trustless "web3":

"As the NFT art market takes off, systems to ensure a buyer is making a legitimate purchase of digital ownership have failed to keep up. Anonymous thieves now regularly steal whatever digital art they can find online and pass it off as their own to sell. While NFT proponents tout the technology as a way to revolutionize arts patronage, the rapidly growing digital marketplaces that enable those sales have so far done little to stop that piracy."


"the actual idea of copyright in the NFT space is tricky, said Brian Frye, a professor of intellectual property law at the University of Kentucky who has sold his own art as NFTs.

Since an NFT isn’t an actual image, but rather a receipt or digital deed that points to an image, its sale wouldn’t violate an artist’s copyright, he said. Only the image uploaded to and hosted on OpenSea would.

“All [an NFT] is, is a URL saying ‘Look at this place on the internet,’” Frye said."

David. said...

Edward Ongweso Jr. keeps up the good work with People Building ‘Blockchain City’ in Wyoming Scammed by Hackers:

"On Monday, CityDAO—the group that bought 40 acres of Wyoming in hopes of "building a city on the Ethereum blockchain”—announced that its Discord server was hacked and members' funds were successfully stolen as a result.

"EMERGENCY NOTICE. A CityDAO Discord admin account has been hacked. THERE IS NO LAND DROP. DO NOT CONNECT YOUR WALLET," the project's Twitter account declared."

Discord channels are yet another centralized locus of trust in the "trustless" NFT ecosystem. Combine this with FOMO and greed and "investors" are chickens waiting to be plucked. Next up, Neom and Cryptoland.

David. said...

Edward Ongweso Jr. covers the evolving farce of Cryptoland in

"Over the past few days Cryptoland, the moonshot project to turn a private Fijan island into a crypto-utopia, has taken to posting through a PR crisis following widespread mockery of its animated marketing video and a wave of criticism about the project.
Cryptoland is also being accused both of stealing assets to use for its animated short film that went viral because it was indistinguishable from satire. One artist claimed Cryptoland stole a 3D asset she created—a dancing animated seagull in the video—for unauthorized commercial use. She was blocked shortly after pointing this out."

David. said...

Corin Faife reprots on yet another Discord-based hack in Ozzy Osbourne’s NFT project shared a scam link, and followers lost thousands of dollars:

"Like the majority of NFT projects, CryptoBatz uses Discord as a place to organize its community. The official CryptoBatz Discord is now accessed through the short link But previously, the project used a slightly different vanity URL at

When the project switched to the new URL, scammers set up a fake Discord server at the old one. But neither CryptoBatz nor Ozzy Osbourne took the precaution of deleting tweets referencing the previous URL, meaning that old tweets from Osbourne himself were left directing followers to a server now controlled by scammers."

David. said...

Alas for hopes of more comedy gold, it appears that the sole legacy of Cryptoland will be the most self-satirizing video evah! Ben Butler reports in Cryptoland runs aground as $12m bid to buy Fiji island for resort falls through :

"the project appears to have hit a bigger hurdle than bad publicity. The real estate agent selling Nananu-i-cake, Rick Kermode, of New Zealand firm Bayleys, told Guardian Australia that the contract to sell it to Cryptoland’s backers fell through this week and the island was back on the market.

“We’re telling people that it was under contract during the period of time that they had the contract but it has come back on the market,” he said."