Running With Foxes

A couple months ago I posted a story on TechCrunch about a Belgian court ruling that ISPs have to enforce copyright. I made a small note in there talking about the strong-arm tactics artist groups were taking with ISPs and the general public. In response to my line about allegations over Miivi being a honey pot for catching p2p traffic, I got an email from Randy Saaf, the CEO of MediaDefender. I amended the story with their denial. Here’s the text of the email:

Hi Nick:

I saw your article today http://www.techcrunch.com/2007/07/05/belgium-says-isps-must-protect-copyright/

I am the CEO of MediaDefender. We have stayed largely silent on the issue because for the most part the story on torrentfreak is a complete fabrication. It is true that MediaDefender was doing R&D on a new type of video site that we had registered under MiiVi. All the other mumbo jumbo about working with MPAA, spyware, lawsuits, etc was a libelously fabricated story by a group of p2p blogs that are generally pro-piracy and anti-us. The blog story got on Digg where the masses loved a sensationalist story with no facts.

We have stayed silent because we did not feel that the people writing about this were unbiased reporters. However, since the story has crossed over to legitimate news sources, we want to make sure that our side is heard. MiiVi has nothing to do with the MPAA, the RIAA, or any music or movie studio. It was not even meant to be used by the general public. MiiVi has nothing to do with lawsuits. The original story is a complete fabrication.

My contact info is below if you would like to ask any particular questions.

Cheers,

Randy Saaf

CEO, MediaDefender Inc.

Turns out he was lying to me. Torrent Freak, the site that broke the original Media Defender story, has gotten their hands on a stack of internal Media Defender emails that, if true, blatantly speak to the contrary. Turns out MiiVi was a honey pot that they shut down because of the bad publicity. I guess next time they’ll spend the extra $5 to keep their registry private.

Particularly revealing was this message encouraging their team to play close to their standard PR line:

From Ben Grodsky, Media Defender

Subject: care in interviewing

Given all the recent Digg, SlashDot and derivative online articles about MD, be careful what you say in job interviews. Specifically, I’m concerned about giving any information BEYOND what’s already on the mediadefender.com website. I’m worried about someone interviewing for a position just for the purpose of getting more info to post online. For example, if anyone asks anything about MiiVi, just reiterate what Randy has said online (it was an internal video project that we probably should have password protected; we were in no way directed to, or working with, the MPAA on that project; NO part of the project was a honeypot designed to trap downloaders).

Update:

Further adding support to the claim that the site really was a honeypot, a series of tools were leaked as well.

I’ve decided to include the excepts from the Torrent Freak article for those not as familiar with the matter:

REMINDER: “The Simpson’s Movie” premieres this Friday (to Torrents).

* Decoy files are available in torrents MDfile server.
* Use Public Trackers for pre-Leak releases.
* Create two new trackers for this project.
o Ebert to inform Torrents of these new machines.
* Send a list of 5 release names from each torrent team member to Ebert.
* REMEMBER to input torrent file into interdiction if a real Leak is available this weekend.

It’s impossible to sum up all the juicy details in one post as the amount of information is staggering, so as much as we’d like to tell you about the custom Media Defender software (called ProxyMaster) included in the leak, we’ll focus mainly on the MiiVi case.

Let’s start off with their response to our story about MiiVi.com.

From: Ben Grodsky
Sent: Tue 03-Jul-07 20:19
To: MIIVI; Randy Saaf; Octavio Herrera; Steve Lyons
Subject: MiiVi got Dugg

Looks like the domain transfer has screwed us over:
http://torrentfreak.com/anti-piracy-gang-launches-their-own
-video-download-site-to-trap-people/
http://digg.com/users/AcePup/news/dugg

-Ben

And the response from Randy Saaf himself.

This is really fucked.
Let’s pull miivi offline.

Apparently our reports about MiiVi made them really paranoid. They are worried that reporters will apply for jobs just to find out more about their secret project.

From Ben Grodsky, Media Defender

Subject: care in interviewing

Given all the recent Digg, SlashDot and derivative online articles about MD, be careful what you say in job interviews. Specifically, I’m concerned about giving any information BEYOND what’s already on the mediadefender.com website. I’m worried about someone interviewing for a position just for the purpose of getting more info to post online. For example, if anyone asks anything about MiiVi, just reiterate what Randy has said online (it was an internal video project that we probably should have password protected; we were in no way directed to, or working with, the MPAA on that project; NO part of the project was a honeypot designed to trap downloaders).

Seemingly every last detail of the MiiVi preparations are laid bare for all to see, such as these attempts to deal with some unexpected content. Interestingly, if MiiVi was only an internal operation, where on earth did this content come from?:

From Ben Grodsky, Media Defender

Dylan,

I wouldn’t normally e-mail you directly about MiiVi stuff, because a lot of what I say about this is total crap (so keep that in mind) and Jay filters the crap from the important stuff for you. Is there a way to add this hash/title to the porn filter explicitly?

hash=30755326A4E4B28E678BFF8CB2AF5FC4A4FBF710&i=3 (the title is Celebrity deathmatch: Korn vs slipknot and the exact URL is http://129.47.9.160/zonie/media.php?hash=30755326A)

I just flagged it as Other Terms of Use violation. It’s a warthog (or maybe it’s a big bushy dog, I can’t tell) having sex with a woman and NOT a Korn vs. Slipknot mash-up video.

If this is a big deal, don’t worry about it for now.

And, If MiiVi was an internal project only, how does that sit with these attempts to generate lots of traffic?

Dylan,

Another thing we can do to increase Google and other search engine traffic is to get more link-ins. At the next MiiVi meeting, I’m going to ask Randy for permission to incentivize people to link-in a MiiVi video on their MySpace. Colin is already doing this and it helps the word-of-mouth spread, even if the link-ins are nominal. I’m not sure what we could do in the link-in regard early on, but getting the cumulative ~1000+ MySpace friends of MediaDefender employees to see MiiVi link-ins can’t hurt….

Colin — start coming up with a list the list of keywords and descriptors for hidden metadata entries, per Dylan’s e-mail below.

Thanks,
Ben

One can only speculate what the MiiVi client might’ve been capable of, should it have gotten off the ground:

From: Ben Grodsky
To: Jay Mairs
Cc: Randy Saaf
Sent: Wed Jun 20 23:36:54 2007
Subject: miivi emule spoof

Jay,

Do you think it would break a lot and take more time than its worth for the MiiVi application/installer also to act like Serge’s Proxy client and spoof on eMule?

-Ben

Just about every aspect of the company’s operations on every file sharing network is revealed in the emails, including their fake eDonkey server and Soulseek activities, not to mention payroll issues and discussions about what to eat for lunch.

Of course, Mr Saaf was always very keen to distance MediaDefender from MiiVi, as this email shows:

From: Randy Saaf
Sent: Wed 6/13/2007 12:54 AM
To: Colin Keller
Cc: Ben Grodsky; Steve Lyons; Jay Mairs
Subject: miivi emails

Colin:

Set up your email so that you always reply with a ckeller@miivi.com, dmca@miivi.com, or an info@miivi.com address respectively. I don’t want MediaDefender anywhere in your email replies to people contacting Miivi. Steve and Ben can help you set up your email for this. Make sure MediaDefender can not be seen in any of the hidden email data crap that smart people can look in.

I am setting up ckeller@miivi.com to forward to ckeller@mediadefender.com.

R

They made up fake company (MiiVi Inc.), edited their own Wikipedia entries and hosted Miivi on IPs that couldn’t be traced back to MediaDefender.

Ben E:

Can you please do what you can to eliminate this entry? Let me know if you have any success.

R

From: Jay Mairs
Sent: Tue 7/3/2007 9:59 PM
To: Steve Lyons; Randy Saaf; Octavio Herrera
Cc: Ty Heath; Dylan Douglas; Ben Grodsky; Ivan Kwok (gmail)
Subject: Re: MiiVi got Dugg

Steve, please redirect miivi.com to point to an ip that’s not one of ours (random ip or whatever).

Dylan, if there’s nothing critical running on the miivi server, please shut the computer down. If there is something critical on there, please let us know ASAP.

MediaDefender took down MiiVi.com but it seems they aren’t ditching the project but instead looking for a new name because domain names are really important for internal projects:

From: Randy Saaf
Sent: Friday, July 13, 2007 4:44 PM
To: Jay Mairs; Colin Keller
Subject: FW: New miivi name.

Do you like vidber.com or bivvid.com or vidorama.com?
——————————————————-
Reply from: Colin Keller

Vidorama would be my first choice (though it is a bit 70’s, kind of like a bad video rental store). Vidber doesn’t spark much interest (kind of ends too abruptly), and bivvid I’m not really feeling.

Or maybe they’ll just change the domain name to something similar, and move things round a little?

Subject: MiiVi (currently on www.viide.com)
From: grodsky@mediadefender.com
Date: 23/07/2007 18:05
To: michael.potts@artistdirect.com

Michael,

When you get a chance, we would love you to start taking a look at www.viide.com. That is the current home of our MiiVi site. We have totally locked-down the site, while we improve the look and feel from the blogosphere saw. Accordingly, to access the site you will need to login using the following login/password *****/**** (we have also made a login/password for Bobby, in case you think we could use some help with our graphics — *****/*****).

Once you log on the site, surf over to www.viide.com/download.php to get our application. The website currently acts a GUI for the application. When we go live with the site for the general public, there will also be a java applet that also minimal/one-off type use of MiiVi (but this feature is inaccessible with the current locked-down version of the site).

From: tabish@mediadefender.com
Date: 27/07/2007 23:56
To: MIIVI@mediadefender.com

I’m not sure if you guys are planning on going live with the Viide domain name….but in case you are….you might want to remove all references of Miivi on the homepage of viide.com before it gets Googled or someone public comes across it. For example, at the bottom under terms of service and on the HTML Title where it says “MiiVi, Inc”, and probably the default image of the skyscrapers (which are the same as Miivi).

Also, the WHOIS information is still linked to MediaDefender, Inc.

-TH

Yes, they need to get on top of the WHOIS situation before someone sees it.

After the MiiVi incident, we later reported that Media Defender owned the p2p.net domain name. A little later, our claims were proven correct when they made the p2p.net domain link back to our own article, which it still does to this day. We took this as a compliment and this is what the guys had to say about it:

From: Ben Grodsky
To: Jay Mairs; Ben Ebert; Octavio Herrera
Sent: Fri Jul 13 12:18:02 2007
Subject: FW: p2p.net on digg and torrentfreak

this is too funny. torrentfreak accused us of buying p2p.net on ebay earlier this year. Randy found out and redirected it to that vary article on torrentfreak. now there’s an article about the redirected p2p.net!

•