Block illegal streaming

Installing and Using OpenWrt Network and Wireless Configuration
1

there is a flat that is rented for short term (booking, airbnb, etc) and has an internet connection. i would like to block the illegal streaming and illegal sites. i know it is a long shot, but i need to start somewhere.
illegal streaming is the first that needs to be tackled.
is there a way that i could achieve that, without having to go through one by one the allowed/blocked IPs, please?

2

Install adblock package on openWRT and use Hagezi’s blacklist: https://github.com/hagezi/dns-blocklists?tab=readme-ov-file#skull-anti-piracy---protects-against-piracy-

And maybe > https://github.com/hagezi/dns-blocklists?tab=readme-ov-file#outbox_tray-dohvpntorproxy-bypass---prevent-methods-to-bypass-your-dns-

To ensure the bootstrap is your DNS server you must redirect or block standard DNS outbound (TCP/UDP 53) and block all DNS over TLS/QUIC (TCP/UDP 853) outbound.

5 Likes
3

Or same (adblocking + DNS redirection) but with adblock-lean. If you don't care about adblocking and only want to block certain domains, pick the 'mini' preset, then replace any adblocking list URLs in the config file with this one:
https://raw.githubusercontent.com/hagezi/dns-blocklists/main/wildcard/anti.piracy-onlydomains.txt
(you may also need to adjust some min_ values in the config file if the blocklist get rejected).

Then

service adblock-lean start
4

Please describe "illegal" on terms of domains & IP addresses & content & ...
The challenge is that there is no "networking rules" based definition available for "illegal".

The adblockers described above can help you in preventing users from accessing known/suspected advertising sites, piracy content index sites, etc. by their domain names, but they won't prevent an individual user from accessing a private child-porn site by IP previously known to user. And IP address based streaming will still be possible.

Adblockers are just DNS based based name search blockers, none of the adblockers analyse content, so transferring anything to/from non-blocked sites is still possible. But that is maybe best that you can do.

9 Likes
5

You cannot block "illegal streaming" without being very specific, down to ip address, for every conceivable illegal stream... And any blocking can usually be bypassed using a VPN.

Ask yourself - What do hotels, coffee shops or other public venues do?
For commercial (or use for profit), in most countries, you, or the person running the business will by default be legally liable for any misuse unless you can prove you have passed that responsibility to the customer.

The answer is a captive portal, where:

  1. People have to log in after accepting they have read and understand the Terms of Service and Privacy Notice that pass on liability from the business to the customer.
  2. The captive portal keeps a "log of logins" that complies with the Privacy Notice.

At this point when the Internet Police come knocking at your door, you can (subject to legal warrant), give them the customer details and you are good.

A sensible captive portal will also have some sort of Fair Usage Policy that kicks in and reduces data rates very significantly if a lot of torrenting type of traffic is generated by a user, thus discouraging such usage. The details will depend on a lot of things, like the capacity of your feed etc.. Bare in mind most people at public venues will be using a mobile device with a small screen, so super high resolution video from the usual video streaming services will not be necessary.
The opposite applies to people wanting to upload their vacation photos and video clips, you probably want to keep them happy and let them save and or share their photos etc.

In summary, it is not practical to block all illegal streaming, but you can pass liability to the end user.

5 Likes
6

Or,
and hear me out:

You can install Wireguard and not worry about what they stream...

7

This makes Mr Internet Cop's job a bit little bit harder, but when he comes knocking and finds out you facilitate suspected evil deeds on behalf of your customers, well, basically, you are stuffed.

2 Likes
8

What??

Noooooo. Uhhuh..

I was protecting the privacy of my clients because they are stupid and I do not want to be sued because their privacy was not respected.

Cameras on the outside, blinds inside.
It's an Airbnb...
What happens inside stays in a virtual tunnel; then runs naked and freeeeeee!
:joy:

2 Likes
9

Yes, but simultaneously and, IMO, with a higher priority, you need to cover your own back.
Or maybe you will feel good about not being sued by your customer as you serve your sentence and/or pay your fines....

1 Like
10

That is not, really, my job in the U.S.

I'm not the content police.
Matter of fact, in the U.S. I'm under zero obligation to report a crime.
The intent to hurt oneself or others is a grey area not yet worked out.

11

As others said, that is not really feasible, what you can do is to show some effort, but whether that gets you off the hook legally is an open question. Keep in mind, if you give enough internet to be useful your guest will likely be able to run a VPN to tunnel through your security measures and whether that leaves you on of off the hook is again a question that you might want to think about...

12

FYI: Here is a useful guideline summary, obtained from legal council, for operators of public venue networks in the US (Disclaimer: consult your own lawyers for verification). I hope it is of some interest.

Under U.S. law, film and TV companies can trace and prosecute torrent downloaders for pirating their content, but the process and likelihood depend on several factors.

Copyright holders can identify torrent downloaders by monitoring peer-to-peer (P2P) networks used for torrenting. They often hire third-party firms to track IP addresses sharing or downloading their copyrighted content. These IP addresses can be linked to individuals through internet service providers (ISPs), who may be compelled to provide subscriber information via a court subpoena under the Digital Millennium Copyright Act (DMCA).

Civil Lawsuits:

Companies can sue downloaders for copyright infringement under 17 U.S.C. § 501. Penalties can include statutory damages ranging from $750 to $30,000 per infringed work, or up to $150,000 if the infringement is deemed wilful.

Criminal Prosecution:

While rare for individual downloaders, criminal charges are possible under 17 U.S.C. § 506 and 18 U.S.C. § 2319 for wilful infringement involving significant scale or commercial gain. This typically applies to distributors rather than casual downloaders. Penalties can include fines or imprisonment.

In the U.S., a captive portal at a public venue (e.g., a Wi-Fi login page requiring user agreement to terms) can help shift liability for copyright infringement to the end user, but it does not fully absolve the public venue service provider of potential liability. The effectiveness of this approach depends on legal, technical, and practical factors under U.S. law, particularly the Digital Millennium Copyright Act (DMCA) and related case law.

DMCA Safe Harbor Provisions (17 U.S.C. § 512):

Public venue Wi-Fi providers (e.g., coffee shops, hotels, or libraries) can qualify as "service providers" under the DMCA, potentially shielding them from liability for users' copyright infringement if they meet safe harbor requirements.

These include:

  • Not having actual knowledge of infringing activity or promptly removing infringing material upon notice.
  • Not directly financially benefiting from the infringement.
  • Adopting and implementing a policy to terminate repeat infringers.
  • Accommodating standard technical measures to protect copyrighted material.

A captive portal with clear terms of service (ToS) prohibiting illegal activities like copyright infringement can strengthen a provider’s claim to safe harbor by demonstrating a policy against unlawful use.

Role of Captive Portals:

  • A captive portal typically requires users to accept ToS before accessing Wi-Fi. If the ToS explicitly state that users are responsible for their actions and prohibit copyright infringement (e.g., torrenting protected content), this can serve as evidence that the provider does not condone or facilitate illegal activity.

  • By requiring users to acknowledge their responsibility, the provider may shift primary liability to the end user, as the user is contractually agreeing to comply with copyright laws.

  • Some portals log user activity or IP assignments, which can help providers identify and respond to infringement claims, further supporting safe harbor compliance.

  • ToS Enforcement: A well-drafted ToS in a captive portal can deter users and provide a legal defense, but it relies on enforcement. For example, providers can block users who violate terms or cooperate with copyright holders by providing user data (if legally compelled via subpoena).

  • Captive portals that require user authentication (e.g., email or phone number) or log IP assignments make it easier to trace infringement to specific users, reducing the provider’s liability by pinpointing the responsible party.

DMCA Notices:

Providers often receive DMCA notices from copyright holders. By promptly forwarding these to users or taking action (e.g., suspending access), providers can maintain safe harbor status and shift responsibility.

Case Law:

Courts have generally upheld that Wi-Fi providers are not automatically liable for user actions if they act as neutral conduits. For example, in Cobbler Nevada, LLC v. Gonzales (2018), a court ruled that an IP address alone does not conclusively identify an infringer, protecting providers from blanket liability.

Challenges and Risks:

  • If the Wi-Fi is open or the captive portal doesn’t require identifiable information, tracing infringement to a specific user is difficult, potentially leaving the provider as the target of legal action.
  • Even if a provider qualifies for safe harbor, defending against lawsuits can be costly, especially for small businesses.
  • Aggressive monitoring or cooperation with copyright holders (e.g., sharing user data) may alienate customers, while lax enforcement may attract legal scrutiny.

Best Practices for Providers:

  • Use a captive portal with clear ToS prohibiting copyright infringement and stating that users assume liability for their actions.
  • Register a DMCA agent with the U.S. Copyright Office to receive and respond to takedown notices.
  • Implement reasonable network monitoring to detect and address egregious violations (e.g., blocking known torrent sites).
  • Log user sessions or require authentication to facilitate tracing if needed.
  • Consult legal counsel to ensure compliance with DMCA and local laws.

Conclusion:

A captive portal with robust ToS can significantly reduce a public venue provider’s liability for copyright infringement by shifting responsibility to the end user and supporting DMCA safe harbor eligibility. However, it does not guarantee immunity, especially if the provider is negligent, profits from infringement, or ignores notices. Liability ultimately depends on the provider’s policies, response to infringement, and the specifics of the case.

2 Likes
13

Anyway...

Send that to Facebook, Apple and everyone else, in the U.S., that offers e2e encryption/anonymity and post their reply.

14

Unfortunately, end to end encryption does not hide source and destination addresses. Torrent trackers are resolvable urls and peer addresses, both seeders and leeches, are easy to get if you are wanting to find out where copyrighted material is unofficially hosted and where it is going to. Just sayin'.... :man_tipping_hand:

15

Okay,
you can't, completely, block those: all someone needs is a VPN.

You can try the suggested whack-a-mole approaches.

But if China and Russia can't do it...

1 Like
16

you need do the other way. allow only some ""ip"". just use ip rules and that's game over.

17

thanks a lot for the replies. really helpful the adblock part.
In most of EU the appartments/rooms that are offered for renting, need to have free wifi access and as i said it is a long shot and i have to protect myself from fines of illegal access/downloads.
by finding the offending IPs it is not an easy task, nor it is possible to keep track.
i was asking merely if someone new a way to block especially illegal streamings and allow only the legit. not by IP.

18

Perhaps something is lost in translation here, but I'm afraid I find myself taking the cynical view.

No, it is not true that apartments or rooms offered for rent in the EU are legally required to have free Wi-Fi access.

There is no EU-wide regulation or directive mandating that rental properties must provide free Wi-Fi as a standard amenity.

Internet access, while increasingly considered essential, is not classified as a basic utility like water or electricity under EU law, and landlords are not obligated to supply it.

So I am reading between the lines and guessing that you are wanting to provide "free wifi" as a service you can sell to landlords.

Be honest, are you wanting us to design your product for you so you an make money from it?

I also have a legal guideline applicable to the EU and it is very similar to the one I posted for the US, so I will not post it here, the general principle is the same.

Attempting to block what people can download will only serve to make them use their mobile data instead of your system.

2 Likes
19

Most of all, either attempts can never be fail-safe, so you -foremost- need the legal get-your-heinie-out-of-jail card anyways (so proper accounting who had network access at which time). How you do that, is merely an implementation detail - be it via sophisticated self-serve registering (of which captive portals may be a part of) or low-tech (signed lease agreement with the T&C's, the time frame and changing access credentials afterwards). Keep in mind that at least on the Eastern side of the big pond, privacy considerations are also a major legal aspect, so (apart from noting who was responsible at which time) there is very little on the monitoring side you are allowed to do (which also considerably affects your blocking options, it isn't easy to distinguish legal and problematic content. Hint, your tenants may:

  • download copyrighted material from one-click-hosters
  • use dark-web market places (e.g. Silk Road successors)
  • send bomb threats via mail or webmail (to avoid the math test next morning…)
  • use closed fora do download illegal material of minors

Neither of these can be sensibly blocked by technical means - and simple file-sharing spends more time on evading filtering, than you can spend to keep up with blocking it.

If you intended to provide internet access as a service to strangers, get legal counsel in your local legislation first and foremost.

There's just one free advice I can give you regardless, at least if we're talking about longer term renting (3+ months), get yourself out of the firing line and make your tenants sign up with their preferred ISP directly. Yes, it would be nice if…, but you don't want to be their tech support 24/7, nor do you want to be on the hook for whatever.

4 Likes
20

I'm not @atux_null, but I think they mean that an internet connection is a common requirement from the customers, and many of them would not rent an apartment without it.

2 Likes