All posts for the month March, 2017


Avast, mateys: here be dragons!

Well now, here’s a touchy subject in the world of cord-cutting: piracy.

A while back, an acquaintance posed a question to me, the presumed cord-cutting expert.

He said a “friend of his” was wanting to buy something he called a “DigiXtream Kodi box” that would let him stream TV shows and movies, even if they were still in the theater.

His question was, could this be legal?

I told him that I didn’t know anything about his friend’s prospective purchase, but in no way could I imagine that it would be legal.

Subsequently, I looked into his question.

At that time, the only way I knew for pirated content to be mass-distributed was with BitTorrent software. BT is a way to download files hosted on multiple users’ computers around the world.

When you initiate a file download (from a torrent link), free BitTorrent software on your PC pieces it together segment by segment from other computers around the world with the partial or complete file. Then if someone else wants the same file, your computer, running the BT software, may automatically offer to upload segments to that user.

BitTorrent (using peer-to-peer file sharing, or “P2P”) has many legal uses, but downloading pirated movies isn’t one of them.

Back in the early 2000s, I used BT a few times to retrieve episodes of “Survivor” that my wife somehow missed recording. More recently, I downloaded an obscure and unavailable British movie called “Let’s Kill Uncle”, which I wrote about in this post: Let’s kill Uncle first!.

I wouldn’t do that again, due to the way BT shares files. The MPAA (Motion Picture Association of America) or any content rights holder can easily join a popular torrent themselves and capture a list of users’ internet addresses. They are probably more interested in downloaders of current, popular movies, but in retrospect, I was rolling the dice.

I know of a friend of a friend here in Tulsa who got a warning from Cox in just that way.

Kodi, I did know about. I’ve talked about it here numerous times.

It’s legitimate open-source free media player software. I have a Raspberry Pi I use as a media computer, running on free OSMC software. (OSMC is a minimal, self-updating version of Linux, packaged with a Kodi front-end.)

There are many addons in the official Kodi repository for audio, video, pictures, weather, games, etc. I’ve been using the Pi to stream our own in-house content with Plex, plus internet music and video content, as intended by its creators.

To my surprise, I found that Amazon sells a plethora of cheap computers, preloaded with custom builds of Kodi and third-party unofficial addons whose sole purpose is to pirate video content.

Apparently, selling the boxes is legal, but their purpose is clearly illegal. Isn’t it? People would seem to be taking a big chance, buying one of these boxes and yo-ho-ho-ing merrily away, bottle of rum in hand.

The Kodi developers are striving to keep their trademarked name dissociated from these boxes and addons. Read this lengthy and angry thread on their forum. Here is Kodi’s statement last year: The Piracy Box Sellers and YouTube Promoters Are Killing Kodi.

So I looked at Amazon user comments about the various boxes. They ranged from “perfect for cord-cutters”, to “returned; too hard to use”, to “broke after two months”.

But nowhere did I see comments like “beware, I got busted”, “had to pay a big fine”, or “doing time in Federal ‘PMITA’ prison” (“Office Space” reference).

How could that be?

Turns out there are a lot of websites offering “free” streaming movies via file sharing services called cyberlockers. If you go searching for free versions of any current movie, you will find them.

Clearly, pretty much all the content in these lockers is pirated. The quality is highly variable.

If you watch these “free” movies on your computer via browser, the price you pay is taking a high risk of malware infection and identity theft.

The newer unofficial Kodi third-party addons (some older ones use BitTorrent) dodge this specific risk by navigating an ever-changing landscape of direct link addresses to the cyberlockers’ contents without exposing you to high-risk websites.

But the custom Kodi builds and third-party addons themselves (both created by parties unknown) can compromise your security. There is no accountability beyond the user community.

A news story last month described how the creator of one of these addons inserted malicious code that turned users’ computers into a DDoS (distributed denial of service) “botnet” to attack his “enemies”.

A few non-dangerous downsides, particularly for non-techies:

  • Locating specific content of adequate quality is often hit-or-miss and time-consuming.
  • These addons are not always user-friendly, and they can break or lose support over time.
  • Patience and know-how are required to keep up with changes in the legitimate Kodi software as well as the 3rd-party addons.

The cyberlockers’ business model is multi-level marketing. Read the sordid details here: Cyberlockers: Explaining Piracy’s Profit Pyramid.

As the article notes, to supplement their ad income, many cyberlockers now charge a subscription fee for premium pirated HD content and faster downloads. The addons cannot bypass these fees.

Streaming or downloading via third-party addons involves only three parties: the user, his ISP, and the cyberlocker. That makes it difficult for content owners to trace users.


Currently, it would be impractical, though not impossible, for the ISP to act on its own.

It would need to be capturing the user’s stream in real time to determine what was being watched, even if they had determined that the source site was a cyberlocker.

But only the copyright owner of that specific content is in a position to initiate legal action, so the ISP would need to notify it.

That is too much expense and trouble for an ISP to undertake without a compelling reason to do so. (A huge amount of bandwidth would need to be consumed to warrant their attention these days.)

But what if the copyright holder offered a bounty to the ISP? (to keep the terminology piratical). Or what if the content owner and the ISP were under the same ownership (e.g., Google)?

Could the MPAA set up a “honeypot” file at their own cyberlocker, and nail any miscreants who show up for the free goodies? I don’t see why not, though that may constitute entrapment.

Might the entire process of detection and documentation be automated, subsidized by the content owners?


I have read numerous opinions and have yet to find a clear-cut answer to the legality question. It differs from country to country. For the U.S., the following comment on Reddit perhaps best captures the general understanding, or lack thereof:

“Is watching streaming movies illegal?

“There is currently no definitive answer to this question. Depending on the site and file type, online streaming may create a full-length temporary copy of the movie on your computer. Alternatively, the program may delete the data as you watch.

“Some courts have held that even temporary copies may violate the law. However, the Copyright Office contends there is no violation when ‘a reproduction manifests itself so fleetingly that it cannot be copied, perceived or communicated’.

“Though the law is unclear, it is useful to note that owners, such as the MPAA, rarely go after individuals who watch streaming movies. Illegal or not, it’s much more difficult to track these users down. Unlike BitTorrent downloads, the MPAA can’t just sign into a program and snag IP addresses.”

At best, this is a gray area, ethically and legally. It does pose a risk, though of a kind different from browsing cyberlocker websites or BitTorrent downloading. From a practical standpoint, the third-party addons are likely to let you down as a consistent source for an evening’s entertainment.

Content owners have become increasingly interested in finding ways to offer their movies and TV shows on a subscription basis, since they have found that most people prefer to enjoy quality, worry-free, and user-friendly offerings.

Pay services have arrived in the form of smartphone/smart TV apps or Roku channels, such as Sling TV, WatchESPN, HBO GO, Showtime, CBS All Access, as well as old standbys Netflix, Amazon Prime, and Hulu.

Using the legitimate services assures that you won’t be wasting your time, or walking planks of any kind.


Amazon Echo Dot, aka Alexa, “thinking” in our theater room.

The Amazon Echo Dot with Alexa does many fun and useful voice-controlled things, including playing Jeopardy! and Seinfeld trivia, or giving you the local weather. You can place one anywhere you have an AC outlet, and you can have them in different rooms.

But instead of using it as a standalone device, I plugged one into our theater room sound system (with a 3.5mm plug to RCA stereo cable).

Our receiver must be on and set to the proper input to hear Alexa speak or play. I leave it on most of the time so I can call out any Pandora station or Tunein radio station (“Alexa, play Jazz 89.5 on Tunein”), or put on an environmental sound (“Alexa, play thunderstorm/rain/ocean sounds”).

(Most local stations are available via Tunein, including my favorites, KWGS 89.5 HD1-Public Radio/HD2-Jazz.)

You can also tell Alexa to set a sleep timer to turn off your sounds in an hour, or whatever time period you want.

I like this so much, it is now my primary way to listen to radio in our theater room. The data usage is negligible even on our second-from-the-bottom tier of Cox internet service (“Essential”: 1024 GB/month data usage, 15 Mbps max download speed).

I don’t need the receiver to be on to voice-control our home automation, though I prefer to hear her feedback, in case there is a miscommunication.

These features alone have made the Echo Dot well worth the price for me.

One hitch: if we are listening to non-Alexa music or TV sound at a decent volume, we would have to yell to get a command through to Alexa, due to her proximity to the speakers. (When Alexa herself is the sound source, she quiets it down once she hears the word “Alexa” spoken.)

To avoid yelling, mute the receiver (though you wouldn’t hear Alexa’s response), or temporarily switch the receiver to Alexa’s input.

Since I use a Logitech Harmony remote, I built soft buttons into every “Activity” so I can easily switch to Alexa’s sound briefly, then switch back to the sound input we are currently using (e.g., “InputTv” for Activity “Roku”).

Harmony remote “Activities” screen / Roku “Activity” detail: custom receiver sound input buttons