The Price of Free Illegal Live Streaming Services

As Internet streaming of live content has gained on traditional cable TV viewership, we have also seen significant growth of free live streaming services which illegally provide free access to copyrighted content over the Internet. Some of these services draw millions of viewers each month. Moreover, this viewership has continued to increase, despite the consistent coupling of this free content with deceptive advertisements and user-hostile tracking. In this paper, we explore the ecosystem of free illegal live streaming services by collecting and examining the behavior of a large corpus of illegal sports streaming websites. We explore and quantify evidence of user tracking via third-party HTTP requests, cookies, and fingerprinting techniques on more than $27,303$ unique video streams provided by $467$ unique illegal live streaming domains. We compare the behavior of illegal live streaming services with legitimate services and find that the illegal services go to much greater lengths to track users than most legitimate services, and use more obscure tracking services. Similarly, we find that moderated sites that aggregate links to illegal live streaming content fail to moderate out sites that go to significant lengths to track users. In addition, we perform several case studies which highlight deceptive behavior and modern techniques used by some domains to avoid detection, monetize traffic, or otherwise exploit their viewers. Overall, we find that despite recent improvements in mechanisms for detecting malicious browser extensions, ad-blocking, and browser warnings, users of free illegal live streaming services are still exposed to deceptive ads, malicious browser extensions, scams, and extensive tracking. We conclude with insights into the ecosystem and recommendations for addressing the challenges highlighted by this study.

[1]  Craig E. Wills,et al.  What Ad Blockers Are (and Are Not) Doing , 2016, 2016 Fourth IEEE Workshop on Hot Topics in Web Systems and Technologies (HotWeb).

[2]  Wouter Joosen,et al.  Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting , 2013, 2013 IEEE Symposium on Security and Privacy.

[3]  Vern Paxson,et al.  Ad Injection at Scale: Assessing Deceptive Advertisement Modifications , 2015, 2015 IEEE Symposium on Security and Privacy.

[4]  Rebecca Balebako,et al.  Variations in Tracking in Relation to Geographic Location , 2015, ArXiv.

[5]  Adrienne Porter Felt,et al.  Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness , 2013, USENIX Security Symposium.

[6]  Gianluca Stringhini,et al.  Movie Pirates of the Caribbean: Exploring Illegal Streaming Cyberlockers , 2018, ICWSM.

[7]  Wouter Joosen,et al.  It's Free for a Reason: Exploring the Ecosystem of Free Live Streaming Services , 2016, NDSS.

[8]  Shigeki Goto,et al.  Detecting Drive-by-Download Attacks based on HTTP Context-Types , 2016 .

[9]  Jun Zhao,et al.  Measuring Third-party Tracker Power across Web and Mobile , 2018, ACM Trans. Internet Techn..

[10]  Christopher Krügel,et al.  Hulk: Eliciting Malicious Behavior in Browser Extensions , 2014, USENIX Security Symposium.

[11]  William K. Robertson,et al.  TrueClick: automatically distinguishing trick banners from genuine download links , 2014, ACSAC '14.

[12]  Steven Englehardt,et al.  Automated discovery of privacy violations on the web , 2018 .

[13]  Sufian Hameed,et al.  Clicksafe: Providing Security against Clickjacking Attacks , 2014, 2014 IEEE 15th International Symposium on High-Assurance Systems Engineering.

[14]  D. Leporini,et al.  Architectures and protocols powering illegal content streaming over the Internet , 2015 .

[15]  Stefan Savage,et al.  Malicious Browser Extensions at Scale: Bridging the Observability Gap between Web Site and Browser , 2017, CSET @ USENIX Security Symposium.

[16]  Constantinos Patsakis,et al.  I know what you streamed last night: On the security and privacy of streaming , 2018, Digit. Investig..

[17]  Emiliano De Cristofaro,et al.  Adblocking and Counter Blocking: A Slice of the Arms Race , 2016, FOCI.

[18]  Niels Provos,et al.  Trends and Lessons from Three Years Fighting Malicious Extensions , 2015, USENIX Security Symposium.

[19]  Dan Boneh,et al.  Busting frame busting a study of clickjacking vulnerabilities on popular sites , 2010 .

[20]  Arvind Narayanan,et al.  Online Tracking: A 1-million-site Measurement and Analysis , 2016, CCS.

[21]  Arvind Narayanan,et al.  The Web Never Forgets: Persistent Tracking Mechanisms in the Wild , 2014, CCS.

[22]  Zhiyun Qian,et al.  The ad wars: retrospective measurement and analysis of anti-adblock filter lists , 2017, Internet Measurement Conference.

[23]  Sunny Consolvo,et al.  Improving SSL Warnings: Comprehension and Adherence , 2015, CHI.