Ein weiterer Blick hinter die Kulissen der deutschen Abmahnindustrie:
steigerlegal.ch/2026/01/12/c...
#copytrack #copyident #abmahnungen #deutschland
3
1
0
0
#copytrack
Latest posts tagged with #copytrack on Bluesky
Trending
Posts tagged #copytrack
2 months ago
Kerst 2025
Ik wist gelijk welke surprise voor mij was. Al heeft de trol wat weg van een olifant... in de kamer (zwijgen en wegkijken).
Op tweede kerstdag een verzoek om hulp... Trollen werken dag en nacht door.
#auteursrecht #fotoclaims #copytrack
0
1
0
0
3 months ago
The Unrest: India Corruption Research Report 2025
The Unrest: India Corruption Research Report 2025. The magazine also addresses the ongoing failure of the Delhi High Court’s e-Filing portal.
🚨 The Unrest: India Corruption Research Report 2025 🚨
Download and Read: www.ramanmedianetwork.com/the-unrest-i...
#DonaldTrump #Russia #Ukraine #CorruptioninIndia #NATO #Oscars #DelhiHighCourt #Copytrack #DelhiPollution
0
0
0
0
3 months ago
Copytrack’s Global Intimidation Campaign: Victims Accuse German Firm of Extortion and Harassment - RMN News
Copytrack’s Global Intimidation Campaign: Victims Accuse German Firm of Extortion and Harassment If you’ve received a suspicious email or threats from Copytrack or similar copyright enforcement agents...
🚨 Global Copytrack Intimidation Exposed! Victims worldwide are accusing German firm Copytrack...
🔗 Report: rmnnews.com/2025/11/22/c...
#Copytrack #DigitalRights #CorporateAccountability #GlobalExtortion #CopyrightAbuse #JusticeMatters #SystemicHarassment #LegalReform #TechEthics #VictimsVoices 📰⚖️📢
1
0
0
0
6 months ago
Copytrack’s Global Intimidation Campaign: Victims Accuse German Firm of Extortion and Harassment - RMN News
Copytrack’s Global Intimidation Campaign: Victims Accuse German Firm of Extortion and Harassment If you’ve received a suspicious email or threats from Copytrack or similar copyright enforcement agents...
🚨 **Global Alert: Victims Speak Out Against Copytrack** 🚨
📩 Threatening emails
💶 Demands for hundreds of euros
🧑💻 Legit images
📢 It's time to expose !
📄 Full investigation: rmnnews.com/2025/07/14/c...
#CopytrackScam #Copytrack #CopyrightAbuse #CreatorsUnite 🧠🌍✊
0
0
0
0
7 months ago
Copytrack’s Global Intimidation Campaign: Victims Accuse German Firm of Extortion and Harassment - RMN News
Copytrack’s Global Intimidation Campaign: Victims Accuse German Firm of Extortion and Harassment If you’ve received a suspicious email or threats from Copytrack or similar copyright enforcement agents...
Victims 😪 accuse German firm Copytrack of extortion. 💰 Read statements of victims: rmnnews.com/2025/07/14/c...
#Copytrack #Germany #Cybercrime #Copyright #RMNNews
0
1
0
0
7 months ago
#CORRUPTION #SupremeCourtofIndia #YashwantVarma #delhischools #IAS2025 #Copytrack #RMNNews Judge Corruption Case: The Integrity Bulletin of RMN News – July 2025 Issue. | Rakesh Raman
#CORRUPTION #SupremeCourtofIndia #YashwantVarma #delhischools #IAS2025 #Copytrack #RMNNews Judge Corruption Case: The Integrity Bulletin of RMN News – July 2025 Issue. 👉Download: https://lnkd.in/gMDB...
#CORRUPTION #SupremeCourtofIndia #YashwantVarma #delhischools #IAS2025 #Copytrack #RMNNews Judge Corruption Case: The Integrity Bulletin of RMN News – July 2025 Issue. 👉Download: www.linkedin.com/posts/rakesh...
0
0
0
0
8 months ago
Copytrack’s Global Intimidation Campaign: Victims Accuse German Firm of Extortion and Harassment - RMN News
Copytrack’s Global Intimidation Campaign: Victims Accuse German Firm of Extortion and Harassment If you’ve received a suspicious email or threats from Copytrack or similar copyright enforcement agents...
🎧 Don’t just read — listen too!
Access the audio analysis of our detailed report on Copytrack’s alleged global extortion campaign. Victims speak out. 👇
🔗 rmnnews.com/2025/07/14/c...
#RMNNews #Copytrack #AudioReport #PressFreedom #DigitalRights #Germany #MediaWatch #NewsAnalysis 🔊
0
0
0
0
8 months ago
Copytrack’s Global Intimidation Campaign: Victims Accuse German Firm of Extortion and Harassment - RMN News
Copytrack’s Global Intimidation Campaign: Victims Accuse German Firm of Extortion and Harassment If you’ve received a suspicious email or threats from Copytrack or similar copyright enforcement agents...
🚨 Global Alert: Victims are speaking out against Copytrack for using threats to demand money over image usage. 📸💰
🗣️ Read real stories. Join the fight.
👉 rmnnews.com/2025/07/14/c...
#Copytrack #CopyrightScam #OnlineExtortion #DigitalRights #StopCopytrack #RMNNews #PressFreedom #VictimSupport
0
0
0
0
9 months ago
Dealing With Nuisance Abuse Complaints
This week, I've been wrong about (at least) two things, believing that:
* I was done with the Copytrack stuff: I sent them proof of license and subsequently audited my image use to ensure they'd never have any excuse to darken my virtual doorway again.
* I could have a lazy Friday afternoon: I had a day off and intended to doze in front of Four in a bed.
Unfortunately, I was wrong on both counts.
Not long after I had settled down to watch people complain about the quality of sausages, my phone went "bing", indicating the arrival of an email (soon followed by another).
It seems that Copytrack's customer had decided to start filing abuse reports with various service providers, insisting that they either take down my Copytrack blog post or _suspend my service entirely_.
I imagine that there's an opportunity here for others to learn from my experiences, so this post takes a look at those complaints.
As you might imagine, though, I _am_ going to choose my words a bit more carefully than normal.
* * *
#### Oh, Do Fuck Off
This isn't the first legal threat that I've had to deal with in my time scrawling on the interwebs, so intimidation really wasn't on the cards.
I choose my service providers quite carefully, looking to use those that are competent rather than focusing solely on things like price. That's done more with service quality in mind than abuse report handling, but oddly enough, providers that invest in service quality also tend to have good customer facing teams.
But still... of all days, this just **had** to happen on what was supposed to be a relatively restful and stress-free day...
* * *
#### Contents
* Oh, Do Fuck Off
* Contents
* The Complaint
* Claim 1: The Content Is Defamatory
* Statement Of Fact
* Is It Defamatory?
* Claim 2: It Violates GDPR
* Legal Basis For Processing
* Right To Be Forgotten
* Rights To Object
* Claim 3: It violates the Acceptable Use Policy
* Follow Up Claim: Give Me His Info
* TL:DR Summary
* Received A Complaint? What To Do
* Conclusion
* * *
### The Complaint
I'm not going to publish the originator's details here: inclusion of them would serve no material purpose and I don't _really_ want to give them a second URL to try and complain about. Instead, I'll simply refer to them as the complainant.
When an abuse complaint is received, most service providers will send you a copy (for obvious reasons, it's sometimes redacted to strip the originator's details) and ask you to respond within a specific time-frame.
Let's walk through the complaint email, which starts by providing an overview:
> To the Legal Department,
>
> I am contacting you in my capacity as the legal representative of REDACTED, a French audiovisual production company headquartered at REDACTED
>
> This is to formally notify you of defamatory and unlawful content hosted on your infrastructure, accessible at the following URL: https://www.bentasker.co.uk/posts/blog/general/copytrack-sent-me-a-copyright-claim.html
>
> This article references REDACTED, in the context of a copyright enforcement case managed by COPYTRACK, a company with whom we are legally and professionally affiliated.
The email then moves onto giving a more detailed description of the grounds for their complaint (we'll examine each of these in more depth shortly):
> 1. **Defamation and Reputational Damage** : The article portrays our company as engaging in “copyright trolling” practices and uses derogatory language that undermines the legitimacy of our copyright enforcement efforts. These statements are entirely unfounded and constitute defamation under the UK Defamation Act 2013, resulting in reputational and financial harm to our business.
>
> 2. **Breach of UK GDPR / Data Protection Law** : The article discloses identifiable information about our company and myself, in a hostile and non-journalistic context, without consent. This violates the UK GDPR, specifically Article 6 (Lawfulness of Processing) and Article 17 (Right to Erasure).
>
> 3. **Violation of PlutoDNS Acceptable Use Policy** : Your published terms (https://plutodns.com/terms.html) prohibit the transmission or storage of content that is defamatory, illegal, or infringes the rights of third parties. The content in question clearly falls within these prohibited categories.
>
>
Item three contains a pretty major mistake: PlutoDNS are **not** the provider that the complaint was sent to. In fact, I'd never even heard of them until now and they don't appear to be in any way affiliated with any of my service providers.
It's quite an odd mistake to make.
The best that I can conclude is that either the complainant was raising complaints about multiple people with multiple providers, or they've been using something like ChatGPT and not properly checking the output.
Anyway, the mail then moves on to requesting that the service provider complete specific actions:
> In accordance with your obligations as a hosting provider under UK law and the retained EU e-Commerce Directive (2000/31/EC), I formally request that you:
>
> 1. Remove or disable access to the infringing page mentioned above.
>
> 2. If moderation is not feasible, suspend or terminate the account responsible for hosting the domain bentasker.co.uk, due to repeated violations of your Acceptable Use Policy.
>
>
There's also a small mistake here, in that none of the providers that complaints were sent to provide me with hosting services.
This might sound like semantics, but it matters because the obligations (and exemptions) imposed by the E-Commerce directive vary depending on the nature of the provider:
* A hosting provider may themselves become liable if they do not remove/disable once relevant content is reported to them.
* A caching provider (e.g. a CDN), though, is exempted until they become aware that the upstream hosting provider has removed/disabled (or they receive a court order etc).
* Providers acting as a mere conduit (for example, a connectivity provider) will almost never become liable.
Obviously, the complainant has no way to know whether a CDN provider might also be acting as a hosting provider, but that's not the case here.
It's inclusion in a complaint mail is also, somewhat unnecessary: providers are very aware of their responsibilities and duties and 2000/31/EC is not in-and-of-itself grounds for a takedown. Mentioning it feels more like a threat that you could try and come after them if they don't accede to your demands.
The demand to terminate my account on the basis of "repeated violations of your Acceptable Use Policy" is also mildly interesting, in that the complainant is only actually alleging one occurrence.
The complaint email then closes out with a set of links labelled as references and a request that the provider respond within 7 days:
> REFERENCES
>
> Infringing content: https://www.bentasker.co.uk/posts/blog/general/copytrack-sent-me-a-copyright-claim.html
>
> PlutoDNS Terms of Service: https://plutodns.com/terms.html
>
> Our company website: REDACTED
>
> UK ICO: https://ico.org.uk
>
> CNIL (France): https://www.cnil.fr
>
> We kindly request written confirmation of the actions taken within 7 working days. Failure to act may result in escalation to the appropriate legal and regulatory authorities in both the UK and the EU.
I'm not _quite_ sure what purpose the links to the homepages of the UK and French data protection authorities are actually supposed to serve - again, this feels a bit GPTesque to me.
Anyway, moving on, let's take a closer look at each of the claims made.
* * *
#### Claim 1: The Content Is Defamatory
> 1. **Defamation and Reputational Damage** : The article portrays our company as engaging in “copyright trolling” practices and uses derogatory language that undermines the legitimacy of our copyright enforcement efforts. These statements are entirely unfounded and constitute defamation under the UK Defamation Act 2013, resulting in reputational and financial harm to our business.
>
##### Statement Of Fact
The post being referenced was originally about a different company: Copytrack.
In the original version of the post, the complainant's company was mentioned in passing, noting that
* Copytrack claimed to be acting on their behalf
* The complainant's company was not listed as the author on stock photo sites
* I had been unable to find any evidence suggesting a link between the complainants company and the image that Copytrack had contacted me about
Ten days later, an update to the post referenced the complainants company some more.
This update was made because Copytrack provided documentation indicating their right to act on behalf of the complainant (who in turn had signed a Copytrack provided document stating that they hold the rights to the image).
The complainants name appeared because it featured prominently on both of these documents - documents that, in the unlikely event that the dispute proceeded to court, would also enter the public record.
Given the concerns raised, on sites across the web, of Copytrack seemingly being (mis)used by copyright trolls, the post goes on to perform some basic due diligence checks on the complainant's company, noting that:
* They do appear to be a real (and long standing) business
* Their website states that they work with Copytrack
* The name on the document does appear to be a real person, at that company
The post goes on to note that the company's Trustpilot page carries an interesting statement (translated from French):
> VERY IMPORTANT | LEGAL STATEMENT | Protection of Intellectual Property `COMPANY` would like to remind you that any infringement of intellectual property, including the unauthorized use of our visual, audiovisual, or textual content, constitutes an offense punishable by civil and criminal prosecution, in accordance with applicable national and international laws.
>
> We reserve the right to take any necessary legal action against individuals or legal entities who have published defamatory or false opinions or who have exploited our works without prior authorization.
>
> Furthermore, any attempt at public defamation or publication of misleading content aimed at harming our reputation may be reported to the relevant platforms as well as to the competent authorities in the author's country of residence.
It also notes that the same Trustpilot page carries Copytrack related reviews and quotes a relevant excerpt from one of them.
> We have been an Elements member for nearly 5 years and support a lot of small creators, but shady tactics from this company are now making us consider even using stock images going forward.
>
> They are wasting a lot of our time with aggressive copyright claims for images - and unrealistic threatening demands for hundreds of pounds required in compensation.
From there, my post
* References a post by another blogger which claims to have made contact with the author of their photo, who denied any knowledge of the complainant or his company
* Notes that there are reviews mentioning the complainant on Copytrack's Trustpilot page too, giving an example
The final paragraphs of that section note that it's not possible to definitively say that the complainant is acting in bad faith and, in fact, goes so far as to suggest alternative possibilities:
> In fairness, there's no way to definitively say whether Copytrack's customer is acting in bad faith - they could as easily be someone who doesn't understand how Copytrack works, or someone who's bought the rights (or believes they have) from some other org.
##### Is It Defamatory?
The abuse complaint specifically references the UK Defamation Act 2013.
UK defamation law is known to be a bit of a minefield, but the law provides for a number of defences, including Truth and Honest Opinion.
**Truth**: if the complainant does not, in fact, own the rights to the image in question, any imputation in my post of them being a copyright troll would, in fact be true and not defamatory.
To date, I've not put much effort into tracking down the original author to check with them, but it shouldn't be necessary: Copytrack provided a signed statement from the complainant stating that they had acquired rights to the image via a licensing agreement with the original author.
The complainant should therefore be able to clarify the nature (and/or existence) of this agreement (in fact, section 10.2 of Copytrack's enforcement terms require that their customers be able to do so, on demand, something that Copytrack didn't appear to do when I requested proof).
**Honest Opinion**: The main thrust of the article is **not** that the complainant is a copyright troll - it's focus is around the idea that Copytrack's mode of operation (and an apparent lack of due diligence) appears to enable (and even encourage) copyright trolling.
The complainant's company was **not** randomly selected or presented as an example of this. They appear in the post _because_ they are the originator of the claim that Copytrack sent to me.
Where the post does make reference to the rightfulness of this claim, it is quite clearly expressed in an opinionated manner:
> Although it was still not clear that the claim is legitimate, I was fed up of having Copytrack in my inbox (with their ever present instructions on how to pay), so emailed over the uncropped screenshot that they'd asked for.
It seems unlikely that the content of my post could be construed as being particularly defamatory about the complainant and their business:
* That Copytrack said they were acting on behalf of the complainant is factual
* That the complainant uses Copytrack is factual and documented, both on their own site **and** in the complaints that they sent to my service providers
* Although the post suggests that Copytrack's communication style is reminiscent of copyright trolls, any suggestion that the complainant might be a troll is clearly caveated and never stated as fact
* * *
#### Claim 2: It Violates GDPR
The second claim in the complaint email stated that my post violates GDPR:
> 1. **Breach of UK GDPR / Data Protection Law** : The article discloses identifiable information about our company and myself, in a hostile and non-journalistic context, without consent. This violates the UK GDPR, specifically Article 6 (Lawfulness of Processing) and Article 17 (Right to Erasure).
>
Let's walk through this one bit by bit (The UK's implementation of GDPR is in the Data Protection Act 2018, but for consistency's sake I'll refer to it simply as GDPR):
> 1. Breach of UK GDPR / Data Protection Law: The article discloses identifiable information about our company
>
GDPR defines rules relating to the protection of data about "natural persons".
A company is **not** a natural person, and so processing of company data is not subject to GDPR (though, of course, processing of data about individuals within the company may be).
There's no need to take my word for it, because the European Commision even has a page on it (for the record, the complainant's company does not appear to be a single person company - their website lists 5 people).
> and myself,
As noted in the Commission link above, GDPR _does_ apply to personal data relating to people in the course of a professional activity. This is not particularly surprising, given that that would otherwise be a **huge** loophole.
So, let's look at what information the post shared about the complainant specifically:
* Their name: this featured prominently on documents provided by Copytrack and was also referenced in the article body
* A link to the complainants public profile on their company website
It's worth noting that there was also some redacted personal data: the Copytrack documents included the complainant's business address (which might, of course also prove to be the complainants home). At no point was this information published unredacted (although, for the record, it appears that the same details _are_ published on the complainant's own site).
I didn't seek those address details out: Copytrack sent them to me (and in fact, for other reasons, my 2025-05-10 update actually noted that I believed Copytrack's systems might not be safely handling EU user's data).
So, the published personal data is a name: one which (demonstrably) appears in a number of locations around the web (though this, of course, is not a defence under GDPR) and is easily discoverable by searching the complainants company name.
Given the wide availability of this information, the risk of harm is likely to be very low.
> in a hostile and non-journalistic context,
The term "hostile" can be quite loaded - some use it as an extremely strong term, others simply mean a less than friendly environment. It's inclusion here, though, doesn't seem _particularly_ pertinent to the application of GDPR.
On the face of it, the reference to a non-journalistic context might also seem irrelevant, but has likely been included because the Data Protection Act 2018 includes exemptions for
* The purposes of journalism
* Academic purposes
* Artistic purposes
* Literary purposes
It doesn't seem worth going into too much depth assessing whether any of these might apply here, given that there are other aspects of the claim which may obviate the need to do so.
Instead, lets move onto the real bones of the GDPR claim:
##### Legal Basis For Processing
> without consent. This violates the UK GDPR, specifically Article 6 (Lawfulness of Processing)
This part of the complaint echoes a common misconception that consent is the only lawful basis under which GDPR allows personal data to be processed.
In reality, though, consent is one of six:
> a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
>
> b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
>
> c) processing is necessary for compliance with a legal obligation to which the controller is subject;
>
> d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
>
> e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
>
> f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
There's very little processing of personal data performed for the purposes of running my blog, but almost all is performed under the basis of Legitimate Interests.
My Privacy Policy also clearly explains that I may sometimes share or publish information:
It could, perhaps, also be argued that this processing could occur under the basis of being in the public interest: adding to the communal body of work (i.e. comments and posts) warning about concerns with some of the financial demands being made, by a company (Copytrack) seemingly associated with problematic claims and indiscriminate working methods, in the name of the complainant and others.
One noteworthy aspect of processing under Legitimate Interests, though, is that it does give the data subject the right to object to that processing.
So the complainant _could_ have contacted me and asked that I (re)assess whether my interests in the inclusion of that data were sufficient to override their rights. Within a month of that request, I would need to perform a new Legitimate Interests Assessment (LIA) and then act upon the result.
Instead, they opted to file (quite poorly substantiated) complaints with my service providers. This does not _remove_ their right to object, but it does imply that they may be trying to make a point/example (by getting service suspended) rather than actually trying to exercise their GDPR rights.
We're still not quite done with the GDPR claim though, because the email continues.
##### Right To Be Forgotten
> and Article 17 (Right to Erasure).
Article 17 of the GDPR is sometimes known as the "right to be forgotten".
It gives data subjects the right to request erasure of data where one of the following applies:
> a) The data is no longer required for it's original purpose
>
> b) the data subject withdraws consent where processing was on the basis of consent **and** no other lawful basis applies
>
> c) The data subject objects to the processing **and** there are no overriding legitimate interests
>
> d) The data has been processed unlawfully
>
> e) The data must be erased to comply with a legal obligation
>
> f) The data was collected in relation to the offer of information societies in Article 8
The most important thing to understand here, though, is that it places a duty on the **Data Controller** (in this case, me). Outside of a court order, Article 17 is of bugger all relevance to intermediate service providers and is not something which would or should cause someone like a CDN or DNS provider to suspend services.
Ignoring that, though, the right to erasure is **not** absolute and Article 17 provides exemptions where processing is necessary:
* for exercising the right of freedom and expression
* for compliance with a legal obligation
* for reasons of public interest in the area of public health
* for archiving in the public interest, scientific or historical research (but only if erasure would mean it cannot be achieved)
Running a **personal** blog should fall, quite squarely into that first exemption. But, as above, it's all rather moot because Article 17 requires that the complainant make a request to the controller (me) rather than invoking references to it in complaints to random service providers.
##### Rights To Object
Instead of attempting to have a third party interrupt my service, the complainant had two valid routes to request that I re-assess the inclusion of their name in my post:
* The right to object to processing under Legitimate Interests
* The Article 17 right to request erasure
Despite specifically referencing GDPR in their complaint email, the complainant has not chosen to exercise either of these rights.
Splitting hairs a little, it could also be argued that the phrasing used in the complaint emails is problematic. GDPR provides data subjects with various rights, however the complainant clearly expresses that they are communicating on behalf of their company (which has no GDPR rights):
> I am contacting you in my capacity as the legal representative of REDACTED, a French audiovisual production company headquartered at REDACTED
None-the-less, having become aware that the complainant has objections, I have proactively completed a Legitimate Interest Assessment to balance their rights against my interests.
* * *
#### Claim 3: It violates the Acceptable Use Policy
Here, I'll be generous and ignore that the complainant is referencing the acceptable use policy of an **entirely unrelated and unassociated company**.
> 1. **Violation of PlutoDNS Acceptable Use Policy** : Your published terms (https://plutodns.com/terms.html) prohibit the transmission or storage of content that is defamatory, illegal, or infringes the rights of third parties. The content in question clearly falls within these prohibited categories.
>
What I have to be less generous about, though, is the apparent mischaracterisation of that company's terms, which don't actually make any reference to defamation or to content which "infringes the rights of third parties".
It doesn't seem to be that the author mistakenly inserted the wrong link because searching PlutoDNS's site doesn't reveal any other relevant policies.
The most likely explanation seems to be that the complainant is lawyering-by-GPT: asking an LLM to summarise the page and not noticing hallucinated portions of the response.
If we look, instead, at my CDN provider's AUP we can see that it covers a range of things:
* Material protected by copyright, trademark, trade secret or other IP rights (and without proper authorisation)
* Material that is obscene, defamatory, constitutes an illegal threat or violates export control laws
* Illegal material (CSAM, malware, scams etc)
What this tells us is that, in order to compel a takedown, the complainant would need to adequately demonstrate that the post is defamatory.
* * *
### Follow Up Claim: Give Me His Info
Unfortunately, this was not some fire-and-forget attempt: when providers processed my dispute and closed the claim, the complainant attempted to argue against it.
I'm (obviously) not privy to the full communications, but I understand that the complainant tried to insist that the service providers release details about me, requesting
* Records relating to any agreements that we may have (even if indirectly)
* Confirmation of the types of service provided (DNS, email, hosting etc).
In support of this request, they referenced GDPR Article 15 (Right of access by the data subject).
This claim is **absolute bollocks** : In the context of data about **me** , the data subject is **me** and not the complainant.
I've noted a few times above that I thought the complainant might be using ChatGPT (or some other LLM) and, for me, this rather cements that. I'm just not sure that I can be convinced that anyone could independently believe that Article 15 of the GDPR provides each of us the right to run around demanding information about _other data subjects_.
If true, it really would be quite ironic that someone so apparently invested in copyright enforcement is relying on a system who's creators claim is only possible by ignoring copyright.
The information that the complainant wanted would only generally be released to a third party in response to a court order. Even then, it's not quite clear what bearing information about things like who provides my email would have.
* * *
### TL:DR Summary
I've written quite a lot in this post, so to summarise my response for each of the claims:
* **Defamation** : The post is unlikely to be considered defamatory, the sections of the post relating to the complainant are either factual or quite clearly stated as opinion. The post even offers viable alternative explanations. Any mention of copyright trolling is in reference to the way in which Copytrack operates or is offered as commentary on reports of similar issues elsewhere on the web.
* **GDPR** : The complainant's name **is** used (and covered by GDPR), however this is performed under a valid lawful basis and (given that the complainant's name is publicly documented, including on their own company website) the risk of harm is assessed as low. The remainder of the complainant's GDPR claims are invalid, as they either misunderstand the principles of GDPR (which applies to the personal data of natural persons, not companies) or misunderstand the applicability of parts of it (such as Articles 15 and 17). In any case, complaints would need to be filed with the data controller (me) or a supervisory authority (the ICO) and not an intermediate service provider.
* **Acceptable Use Policy Violations** : Under my various providers AUP's, the complainant would need to demonstrate that the blog post is defamatory or otherwise illegal. They do not appear to be able to do so.
* * *
### Received A Complaint? What To Do
This seems like a good point to talk about what you should do if you've received notification of an abuse complaint.
First, **breathe** : service providers don't generally take action immediately - you'll often have at least a day to respond.
Once you've calmed yourself:
1. If your service provider provides the means to do so, acknowledge that you've received the report and are looking into it
2. Sit and re-read both the content and the complaint
3. Try to identify whether there are any possible grounds to the claim: perhaps you wrote something which can be read in a different light? Are you publishing something questionable that someone else said unnecessarily?
4. If you conclude that it's appropriate, make changes to (or remove) the content, but keep a note of exactly what you've changed (I track changes in git, but if you're running Wordpress, something like the Simple History plugin can do this for you).
Once you're ready, respond to your service provider, but keep it brief - they don't need to know minutiae, nor do they need to hear how unfair it is. All that they need is the information necessary to be able to quickly assess whether you (or they) need to do more.
For all that I've written here, what I actually sent to most service providers was along the lines of:
> The grounds for the complaint are invalid.
>
> The content being complained about is not defamatory (it's factual) and is not in violation of GDPR (which applies to information about individuals, not publicly accessible details about companies).
>
> Please close the abuse case - FYI the same individual has made complaints to some of my other providers too.
Your provider will also have reviewed the content, and if they need more information, they'll generally reply and ask for it.
If you believe that this is part of a campaign and that complaints may also be sent to other service providers, it's worth contacting their abuse teams to give them a heads up. They can't simply ignore complaints and will still need to follow their policies, but getting ahead of the curve will help empower them to resolve the complaints quickly.
Finally, don't be like me: you _probably_ shouldn't blog about it. It might be tempting to rant and rave (or wose, gloat) but, if further action is subsequently taken, your lawyer may well observe that you've made your own life harder.
* * *
### Conclusion
Receiving notification of an abuse complaint can be quite stressful: is a provider going to over-react and turn everything off on the say-so of a somewhat dubious claim?
The answer to that is almost always "no". If a provider _does_ turn things off without giving you adequate time to respond, you should probably consider that a good sign of a bad service provider. Nuisance reports, by all accounts, are not uncommon and good providers invest in teams able to handle them.
Once you've received a report, you need to move relatively quickly but without panicking: assess the details of the complaint against the content being complained of - can it reasonably be construed in the described way?
Be aware that, in some cases (like mine), the complainant may also include claims which don't stand up to scrutiny.
In a world full of genAI originated inaccuracies, you should also check that everything the complaint says is actually accurate (a **good** provider should also be checking this, but LLMs include such foundational mistakes that they can be easy to miss).
By extension, **never ever use ChatGPT (or Copilot, Gemini etc) to respond** , LLM's are incredibly unreliable sources, prone to just making shit up and you **need** to be sure that you'll be able to stand by anything that you've sent in response.
Having gathered the facts, send your service provider a brief overview of your findings - if there's no apparent issue, state why. If there was an issue, state how you've addressed it, etc. A good provider will (almost always) want to work with you to resolve things if they feel that you need to do more.
Unfortunately, if you're writing critically about things that involve other people, however careful you are, you _will_ sometimes attract complaints and nuisance reports. They're not the end of the world, but you do need to be willing to address them as objectively as possible.
Dealing With Nuisance Abuse Complaints
Author: Ben Tasker
www.bentasker.co.uk/posts/blog/law/handling-...
#abuse #analysis #copytrack #defamation #gdpr #law
0
2
0
0
9 months ago
Automating an audit of my image use
Earlier this month, I ended up with a known copyright troll in my inbox.
As a result of not doing much (if any) due diligence, Copytrack seem to have acquired a customer base who (if reports are to be believed) like to upload other peoples stock images and then try their luck at milking royalties from anyone unfortunate enough to have used that image.
It often won't _really_ matter whether you correctly acquired a license or not: many of those reporting these behaviours note that they acquired the image quite a long time ago.
Am I likely to remember _where_ I acquired an image half a decade ago? If I can, does the service even still exist? If not, then Copytrack (and others like them) will try to claim that many hundreds of euros are "owed" for use of what was probably a royalty-free stock photo.
Although these claims don't have much merit, they're a nuisance to deal with and there are better things that I could be doing with my time than entertaining the likes of Copytrack.
So, to reduce the risk of having to deal with them in future, I decided to run an audit of images on my site with a view to pro-actively replacing anything that might enable trolls in future.
I started by checking how many images there are on `www.bentasker.co.uk`:
find ./images -type f | egrep -i '\.(jpg|jpeg|png|gif|bmp|webp)' | wc -l
3641
Given that the site also hosts an archive of benscomputer.no-ip.org, it could have been _far_ worse (thankfully, though, I very rarely used images back then).
Still, there were too many to check manually so I decided to write a script to automatically run a reverse image search of each, flagging any that appeared on other domains.
This post (mostly) talks about the process of doing that.
* * *
#### Finding a Suitable Reverse Image Search Service
Google don't offer an API for reverse image searches and I didn't _really_ want to spend time building a one-off scraper to use it, so, I searched around for pre-existing solutions.
The first that I found was PicDefense which almost sounded ideal... until I checked their pricing:
**Ouch.**
Next I found SerpAPI's offering, it was much cheaper but still a quite meaty $75 for 5000 searches.
Although both prices are, arguably, a bargain compared to being on the hook for €500 per-image, there was no realistic prospect of me actually being in that position: after all, I _knew_ that the majority of images were ones that I'd taken and the aim was to find any odd exceptions.
Next I found Copyseeker:
Pricing was a much more reasonable $30 for 5,000 requests.
It seemed perfect for my needs... at least, until I tested it by searching for an image that I knew that there should only be one of:
import os
import requests
img = "https://www.bentasker.co.uk/images/BlogItems/zafira_dogboot_build/boot.jpg"
url = f"https://reverse-image-search-by-copyseeker.p.rapidapi.com/?imageUrl={img}"
headers = {
"x-rapidapi-key": os.getenv("RAPIDAPI_TOKEN", ""),
"x-rapidapi-host": "reverse-image-search-by-copyseeker.p.rapidapi.com"
}
response = requests.get(url, headers=headers)
print(response.text)
The result looked like this:
{
"Source": "https://www.bentasker.co.uk/images/BlogItems/zafira_dogboot_build/boot.jpg",
"BestGuessLabel": "car",
"Pages": [
{
"Url": "https://www.bentasker.co.uk/",
"Title": "Ben Tasker",
"MatchingImages": [
"https://www.bentasker.co.uk/images/BlogItems/zafira_dogboot_build/boot.jpg"
],
"Rank": 3.69
}
],
"Entities": [
{
"Score": 0.92187047,
"Description": "Car"
},
{
"Score": 0.63688356,
"Description": "2010 MINI Cooper"
},
{
"Score": 0.61004996,
"Description": "MINI"
},
{
"Score": 0.4674,
"Description": "used"
},
{
"Score": 0.4362,
"Description": "finished"
},
{
"Score": 0.3483,
"Description": "Battery"
},
],
"VisuallySimilar": [
"https://images-na.ssl-images-amazon.com/images/I/813egTIW9sL._AC_UL495_SR435,495_.jpg",
"https://m.media-amazon.com/images/S/aplus-media-library-service-media/87f4b44f-1492-4a89-9c9e-829a4b38c91b.__CR161,0,1279,1600_PT0_SX362_V1___.jpg",
"https://i.etsystatic.com/24088658/r/il/e8aa83/2721525335/il_fullxfull.2721525335_p3dk.jpg",
"https://frankfurt.apollo.olxcdn.com/v1/files/mptqc6ngzynv3-RO/image;s=1020x1360",
"https://www.tesmanian.com/cdn/shop/products/model-x-pc01-2.jpg?v=1668795464&width=1000",
"https://d3bp3uid63eixr.cloudfront.net/production/catalog/product/3/2/32347053_xc90_cargo_mat.jpg",
"https://avatars.mds.yandex.net/get-autoru-vos/1889124/0083ecbf89710619984ae043d8ad05cc/456x342",
"https://www.infinitiusa.com/content/dam/Infiniti/US/assets/2025/qx60/accessories/qx60-a38.jpg",
"https://%D0%BA%D0%B8%D1%82%D0%B0%D0%B9%D1%81%D0%BA%D0%B8%D0%B5-%D0%B0%D0%B2%D1%82%D0%BE%D0%BC%D0%BE%D0%B1%D0%B8%D0%BB%D0%B8.%D1%80%D1%84/wp-content/uploads/2023/12/tank_500_mishin_5_1000.jpg",
"https://carnewschina.com/wp-content/uploads/2024/08/autohomecar__Chtk2WazTVGALrlFAAdPPZ36qUw589-800x1001.jpg",
"https://cache.willhaben.at/mmo/4/201/321/0474_428074999.jpg",
"https://images.craigslist.org/00H0H_4PW93jz8Suy_0CI0t2_600x450.jpg",
"https://www.lincoln.com/accessories/product/images/LC5Z7811600BA_0.jpg",
"https://%D0%BB%D0%B0%D0%B4%D0%B0.%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD/uploads/posts/2023-08/thumbs/1693202261.webp",
"https://pbs.twimg.com/media/GnYYfc9WsAAwsgq?format=jpg&name=large",
"https://www.ford.com/accessories/product/images/VNL1Z7813046A_10.jpg"
]
}
The results weren't limited to exact matches, but included anything which looked even remotely similar:
It turns out that, in my eagerness to find a solution, I'd missed something quite important on Copyseeker's homepage:
The API is built on top of AI, with the inevitable result that it's shit.
In the hope that exact matches might be reported differently, I tried again using an image that I knew existed elsewhere (the chocolate image that Copytrack had contacted me about). Unfortunately, the results were still classed as "visually similar" with no programmatic way to discern between matches and lookalikes.
The only thing that could possibly be worse than having to manually check 3600 images would be having to also sift through an AI's hallucinations for each of them.
Copyseeker, clearly, wasn't able to do what I needed.
* * *
#### Ninjas to the rescue
Without much hope left, I went back to searching until I stumbled on OpenWeb Ninja:
As well as having a free trial, the entry point into the paid tier was a reasonable $25 for 10,000 requests:
Their API is also offered via the RapidAPI Hub, so I set up a free trial and tested with the same image as I'd tried with Copyseeker:
import os
import requests
url = "https://reverse-image-search1.p.rapidapi.com/reverse-image-search"
querystring = {"url":"https://www.bentasker.co.uk/images/BlogItems/zafira_dogboot_build/boot.jpg"}
headers = {
"x-rapidapi-key": os.getenv("RAPIDAPI_TOKEN", ""),
"x-rapidapi-host": "reverse-image-search1.p.rapidapi.com"
}
response = requests.get(url, headers=headers, params=querystring)
print(response.text)
With this API, there were no false positives in the response:
{
"status": "OK",
"request_id": "c74425ab-8e74-42a2-b671-a02389149dab",
"parameters": {
"url": "https://www.bentasker.co.uk/images/BlogItems/zafira_dogboot_build/boot.jpg",
"safe_search": "blur",
"limit": 500
},
"data": [
{
"title": "Ben Tasker",
"link": "https://www.bentasker.co.uk/",
"domain": "www.bentasker.co.uk",
"logo": "https://encrypted-tbn2.gstatic.com/faviconV2?url=https://www.bentasker.co.uk&client=HORIZON&size=96&type=FAVICON&fallback_opts=TYPE,SIZE,URL&nfrp=2",
"date": null,
"image": null,
"image_width": 600,
"image_height": 472
}
]
}
I searched again for the chocolate image and the API helpfully provided a list of sites that had used it.
* * *
#### Scripting
Now that I had the means to programatically search for images, I needed to chuck together a script to do so.
I've got sites running a variety of technologies, so I decided against having the script enumerate images itself - instead it iterates through a list of URLs provided via `stdin`:
def getImageCandidates(sess, skiplist):
''' Iterate through the list of images and then return
a dict of those which show up elsewhere
'''
toCheck = {}
failures = []
# Note the start time
st_time = time.time()
# Read URLs from stdin
for line in sys.stdin:
img = line.rstrip()
r = searchImage(img, sess)
# Did the search fail?
if not r or "status" not in r or r["status"] != "OK":
# The API had some kind of issue
# back off and then move on
print(f"Failed to check {img} ({r})")
failures.append(img)
time.sleep(10)
continue
# Otherwise, continue
for res in r["data"]:
# Check whether the domain is in the skip list
# (the skiplist contains my domains)
if res["domain"] in skiplist:
continue
# Otherwise we've work to do
if img not in toCheck:
toCheck[img] = []
toCheck[img].append(res)
print(f"Checked {img}")
# Dump a snapshot of progress to disk every 2 minutes
# this allows me to check progress and also means we won't
# have to redo everything if something fails at a late stage
if (time.time() - st_time) > 120:
# Dump toCheck to disk as JSON
writeDump(toCheck)
# Reset the time counter
st_time = time.time()
return toCheck, failures
My first attempt didn't include the failure block. However, although the API usually returned almost exactly the information that I needed, it seemed to be quite prone to timeouts.
Each URL is passed into `searchImage()` which is basically just a modified version of the python that I'd used to test the API
def searchImage(imageUrl, sess):
''' Call the reverse image search API
'''
url = "https://reverse-image-search1.p.rapidapi.com/reverse-image-search"
querystring = {
"url": imageUrl,
"limit":"10",
"safe_search":"off"
}
headers = {
"x-rapidapi-key": os.getenv("RAPID_API_TOKEN"),
"x-rapidapi-host": "reverse-image-search1.p.rapidapi.com"
}
try:
response = sess.get(url, headers=headers, params=querystring)
return response.json()
except Exception as e:
print(f"ERROR: Request failed for [{imageURL}]: {e}")
return False
Once `getImageCandidates()` has worked through all of the images, the script writes a list of any that failed into a file called `failures.txt`:
candidates, failures = getImageCandidates(sess, skiplist)
with open("failures.txt", "w") as fh:
fh.write("\n".join(failures))
This made re-running failures easy (because of the API's unreliability, I ended up doing this twice).
The script goes on to write markdown to a file, embedding any images which appeared on other domains along with a list of the relevant domains:
def writeCandidates(candidates):
''' Write a formatted file detailing matches etc
'''
# Iterate through the candidates and structure a table
rows = []
for url in candidates:
row = {
"image": f"",
"hits" : len(candidates[url]),
"domains" : ", ".join(set([x["domain"] for x in candidates[url]]))
}
rows.append(row)
# Generate a markdown document listing the matches
#
# We use replace on the output because the format isn't
# one that Obsidian recognises
tbl = markdown_table(rows).set_params(
row_sep="markdown",
quote=False
).get_markdown().replace("+-", "--").replace("-+","--")
md = "# Image Matches\n\n" + tbl + "\n"
# Write it to a file
with open("results.md", "w") as fh:
fh.write(md)
A full copy of the script is available on Codeberg.
* * *
#### Building a list of images
In order to run the script, I needed to generate a list of URLs for it to iterate through.
The simplest way to do this was to use `find` to locate appropriate files and then prefix scheme and domain, for example:
PREFIX="https://www.bentasker.co.uk"
find images -type f | egrep -i '\.(jpg|jpeg|png|gif|bmp|webp)' | while read -r line
do
echo "$PREFIX/$line"
done > image_list.txt
Crucially, iterating through the filesystem included images that crawling the site might not have done: there _may_ have been images in there that haven't been embedded or linked to (or worse, were previously but no longer are).
This matters because the server will still serve those images - the only real difference between them and others is discover-ability (which is no protection at all).
* * *
### Results
The reverse search API wasn't particularly fast, so it took the better part of a day for the script to chug through all of the images (which was still likely faster than I could have achieved).
It flagged 771 images as needing eyeballs.
I opened the report in Obsidian and added a column (`Problem`) so that I could track progress and decisions:
As I scrolled through, I realised that I'd actually been quite a bit more exposed to nuisance claims from copyright trolls than I'd realised.
This site used to run on Joomla and had JoomShopping installed. Both come with sample image sets which were still in my images directory:
None of these images were _currently_ embedded into pages, but there was no way for me to _definitively_ say whether they ever had been.
There's no licensing issues associated with this, but, if a copyright troll _were_ to pop-up, would I recognise any of these images as coming from sample data? Even if I did, they're all years old, so tracking proof down in a revision control system might be more than a little challenging.
* * *
#### Result Breakdown
I worked through the list and found that the images almost all fit into the following set of categories:
Category | Description
---|---
**Fair Dealing** | UK Copyright law doesn't actually have a broad "fair use" category, these images fall into one of the exceptions.
Most images fell under one of
- Criticism, review and reporting current events
- Parody, caricature and pastiche
**Replace** | An image that I don't own/didn't create and should look to replace and remove.
**Sampledata** | Images that were part of my prior Joomla! install. Images may or may not have been used previously but are no longer referenced by any pages
**No Issue** | An image created or owned by me
* * *
##### SexiezPics
The web being the web, the results inevitably included a slightly bizarre one.
Assuming that they haven't repressed it (sorry!), some readers might recall this screenshot from my experimentation with Bing's AI Chatbot:
It's been scraped and nicked by `sexiezpics.com`:
The site appears to be an index of adult (and particularly, AI generated) images and is, _quite clearly_ automated even down to the text that they've put under my image:
> This **Messing Around With Bing S AI Chatbot Possibly NSFW Bentasker Co Uk** pictures is one our favorite collection photo / images.
Why did no-one telI me that I'm such a porn icon? /s
The "Related Pictures" are _definitely_ NSFW. Unfortunately this is where the site stopped being quite so funny: they appear to have scraped an awful lot of non-consensual celebrity AI slop (aka deepfakes).
More amusingly, the cheeky bastards also suggested this as related:
Thanks, because that's just what I need under my name in a world where LLMs imbibe random shit and spit it back out.
Not wanting my name on the same page as a bunch of AI celebrity fakes, I sent the site a takedown request.
As a side note: the site is also clearly not compliant with the Online Safety Act:
Who could _possibly_ have predicted that the more problematic sites would be the ones not to comply?
* * *
#### Speaking of AI
Getting back to the consequences of Copytrack's business model, it's worth thinking about where this might lead in a world that now has genAI available to it.
Copytrack (claim to) exist in order to protect the rights of artists, photographers and other creatives: finding those who improperly use their images and extracting renumeration from them.
But, Copytrack happily letting anyone claim any image increases the risk associated with using stock images _at all_ (if only because of the increased admin required to ensure that licensing records are retained, potentially for decades).
The most likely outcome is that users will turn away from stock images and start using generative AI instead (something they're already likely to be drawn towards by price).
That's really not an improvement for creators. Not only are they still not getting paid, but the money is instead going to AI companies who built their products by crawling the net and ripping off creators _en masse_ .
To be clear, that's not hyperbole. Recently, Nick Clegg warned that attempts to enforce copyright could kill AI:
> Nick Clegg, former Meta executive, has expressed strong opinions about the demands artists are making regarding copyright laws and AI training. He argues that requiring tech companies to seek permission before using copyrighted material to train AI is simply unworkable and could end up killing the AI industry altogether.
Similarly, OpenAI has noted that even the EU's quite limited opt-out is problematic
> The European Union, for one, has created “text and data mining exceptions” with broadly applicable “opt-outs” for any rights holder—meaning access to important AI inputs is less predictable and likely to become more difficult as the EU’s regulations take shape. Unpredictable availability of inputs hinders AI innovation, particularly for smaller, newer entrants with limited budgets.
>
> The UK government is currently considering changes to its copyright regime. It has indicated that it prefers creating a data mining exception that allows rights holders to “reserve their rights,” creating the same regulatory barriers to AI development that we see in the EU
What they seek, instead, is full application of the fair use doctrine: carte blanche to grab everything that society has to give.
There _are_ creators out there who have blogged about using services like Copytrack. Although understandable, the problem (IMO) is that it helps to lend legitimacy to an organisation who don't appear to be particularly good at filtering illegitimate claims out.
The end result of that, unfortunately, may be that more people are dissuaded from buying & licensing stock photos, instead spending their money with companies who promise (rightly or wrongly) to be able to generate images without any copyright concerns.
* * *
#### Conclusion
It took a little bit of hunting around to locate a suitable service, but once I'd found one, making use of it to build an image auditing script was very little work.
As a result, I'd audited image use across all of my domains within the space of a couple of days.
The effort didn't turn up any definitive liabilities, though it did identify some avenues by which an illegitimate copyright troll could potentially make a bit of nuisance of themselves.
It also identified some (unexpected and odd) misuse of some of my images by an adult image indexer.
New #Blog: Automating an audit of my image use
Author: Ben Tasker
www.bentasker.co.uk/posts/blog/software-deve...
#audits #copyright #copytrack #genai #photos #search
0
0
0
0
9 months ago
Copytrack auf Abmahnjagd: Abzocke im Namen des Urheberrechts?
Copytrack geht auf Abmahnjagd: Mit fragwürdigen Methoden fordert die Berliner Firma Geld für angebliche Bildrechtsverletzungen.
Der Artikel <a href="https://tarnkappe.info/artikel/rechtssachen/copytrack-auf-abmahnjagd-abzocke-im-namen-des-urheberrechts-315594.html">Copytrack auf Abmahnjagd: Abzocke im Namen des Urheberrechts?</a> erschien zuerst auf <a href="https://tarnkappe.info">TARNKAPPE.INFO</a>
📬 Copytrack auf Abmahnjagd: Abzocke im Namen des Urheberrechts?
#Rechtssachen #Abmahnung #Berechtigungsanfrage #Copytrack #CopytrackGeschäftsmodell #CopytrackmaschinelleBildersuche #Urheberrecht
1
0
0
0
10 months ago
Examining A Copyright Claim From Copytrack
This morning, I awoke to find an email from Copytrack in my inbox.
If that name sounds _vaguely_ familiar, it's because they made a bit of a name for themselves as a copyright troll in the early 2020's (including by trying to enforce "rights" on a photo of a postcard from the 1900s and threatening a White house reporter with legal action over his own photos).
Although their name has come up less frequently since then, Copytrack didn't stop operating and were, apparently, investigated by the Italian Competition and Market Authority last year.
The way that Copytrack works is:
* Someone signs up for their services (it's even free!)
* That person uploads images that they want Copytrack to "enforce" rights on
* Copytrack performs reverse image searches to identify usage
* The user marks usage as "legal" or "illegal"
* Copytrack contacts those who've used it, seeking proof of license or settlement
* Copytrack take a 45% commission
You'll notice that there seems to be quite an important step missing: Copytrack do not appear to independently check whether the user's claim is valid (or whether the use might be permissible), outsourcing that effort and stress onto the poor schmucks at the other end.
More than a few of those claiming to have been affected over the years had _done the right thing_ by paying for images on stock photos site, only to be targeted years later. Anecdotally, it sounds like they're prone to targeting smaller operations and individuals (i.e. those less likely to have the resources and appetite for a fight).
Copytrack's email was quite strongly worded, but looking into it quickly raised concerns about the veracity of their claims.
In fact, the more that I looked into Copytrack the shoddier things seemed to be. So, I thought "fuck 'em" and decided to play around to see just how robust their offering actually is.
In this post, I'll start by discussing the issues with their claim and then I'll move onto talking about what creating a claim on their system as a purported copyright holder looks like.
* * *
### Their Claim
The claim email is quite long, so I'll just quote the relevant parts (I've also added line breaks as some of their paragraphs are fairly dense)
> We, COPYTRACK, are writing to you on behalf of our client CONCEPT-PRODUCTION, who has assigned us the monitoring and protection of their licenses and image rights.
>
> On April 25, 2025 we have been informed that recipebook bentasker is likely using an image **without permission** and the client has exclusively commissioned us with the clarification, administration of the image rights **for the territory of the Federal Republic of Germany** and, if necessary, the enforcement of any copyright infringement through our partner lawyers.
>
> Images are protected by copyright law almost worldwide and infringements are actionable under the respective national law.
>
> Please see the attachment below for details.
It's worth noting here that the email had no attachment - if you've read some of the historic stories about them, you'll have seen that they used to attach a PDF detailing their claim. Presumably, the final sentence is a sign that they've not updated their template since then.
They insist that the email's recipient is obliged to do the legwork for them:
> Please note that you are obliged to provide the necessary information about the usage of the image to allow our client and us to verify the lawfulness of such usage.
This, frankly, is bollocks: You are not actually _obliged_ to do anything, however if you don't they're going to keep nagging and _might_ even instruct solicitors (sounds quite a lot like TV Licensing under Crapita).
The strong wording seems to be designed to help push people into panicking and blindly complying.
They promise that, if proof is provided, they'll close the case off.
> Show us proof of your license by uploading it or providing any other legal justification to use these images and if it is valid, we will close your case immediately;
They note that, if the usage _isn't_ authorised, there are a couple of ways in which you can settle the complaint:
Payments are made by logging into `portal.copytrack.com`.
They go on to explain that the amounts requested are not random and instead that
> We calculate these fees based on our client's license history, as well as the duration of use and type of rights infringement.
This does seem to _mostly_ be true (when submitting a claim, Rightsholders are asked how much they want and then what percentage of that they consider the minimum).
To ensure a sense of urgency, a relatively tight deadline is set:
> To avoid further action, including legal action, provide proof of a valid license or any other relevant information by **May 19, 2025** , or acquire it by making payment in our online portal.
Strong wording, monetary demands and deadlines... no wonder so many people think "scam".
* * *
#### The Rights Are Held By Who Exactly?
The opening paragraph of their email asserts that the rights to the image in question are held by `CONCEPT-PRODUCTION`.
A quick bit of searching for them, though, doesn't yield any obvious results (though there was a post warning about both Copytrack and CONCEPT-PRODUCTION).
Reverse image searching the image with CONCEPT-PRODUCTION doesn't yield any results at all.
I appear to have had the image in question since about 2019, so it wasn't _immediately_ obvious to me where I might have acquired it from.
A reverse image search brought me to Dreamstime:
The author's name is in the bottom right of the image and is **not** `CONCEPT-PRODUCTION`.
I had a little bit of a search around, and although I found the author's profile on a number of (more modern) sites, I couldn't find anything to link that author back to the name of the org that Copytrack claimed to be acting on behalf of.
Out of curiosity, I logged into Copytrack's portal and found that it provided some information which hadn't been included in the original email:
It's not clear what "Assignment Received On" indicates: at first I assumed that it was when the image was uploaded to Copytrack, but that date falls a couple of weeks after Copytrack claim to have received a complaint.
The line that I've highlighted is more interesting though, as it provides the filename of the image that the "rightsholder" uploaded (`Fotolia_7042846.jpg`). This is useful because we can see that it begins with the name of a stock-image site (though Fotolia no longer really exists, having been borged by Adobe).
The number at the end of the filename _appears_ to be an ID.
If you go to `https://en.fotolia.com/Info/Images` you'll be redirected to Adobe's stock image site (`https://stock.adobe.com/images/`).
By choosing an image and looking at the URL, we can see that the site constructs URLs using the following format
https://stock.adobe.com/images/<meaningless slug>/<id>
This means it's possible to construct a URL which led to the original listing: https://stock.adobe.com/images/are-copytrack-taking-the-piss/7042846:
So even on (what was) Fotolia, the listed author was not the one that Copytrack claimed to be acting on behalf of.
I sent them an email which laid this out and explained that, given the inconsistencies in their claim, I didn't feel comfortable providing them with too much information
> Given that your claim appears to be erroneous and, on closer inspection, seems to meet the pattern of behaviour associated with copyright trolling, I do not feel particularly comfortable providing further information.
I explained that, if they wished to proceed further, they would need to provide proof that their client actually holds the rights
> Given the apparent issues with your claim, I do not feel it would be wise to release any additional details to you until and unless you are able to provide adequate proof that you are in fact representing the true copyright holder and that this is not, instead, the result of a poorly targeted dragnet operation.
I _did_ however send them a very tightly cropped screenshot of a license to use the item in question - no point in having them hang around.
* * *
### Their Setup
#### Beware of Scams
With my response sent, there wasn't much for me to do but grumpily toot about it. Unfortunately, in the process of doing so, I nerd-sniped myself.
At time of writing, when you visit `www.copytrack.com` you receive a big warning that they are aware of an active scam using a typo-squat domain:
Note the addition of a hyphen in `proof@copy-track.com`.
You see, it seems that these self professed experts in online rights protection failed to recognise the threat posed by typo-squatters and so did not pre-emptively acquire `copy-track.com`.
The result of this oversight is that there are now scammers apeing Copytrack's own scam-esque behaviour. Wunderbar...
* * *
#### Dodgy Website Links
You would, of course, hope that recipients could still tell the difference between the "legitimate" provider and others through the sheer quality of their site.
Unfortunately, Copytrack do not seem to have invested very much effort into proof-reading their own site (under Muphrys law, I've just guaranteed myself a typo), to the extent that their **own FAQs** manage to include a link pointing not to a domain, but to an IP (and using plaintext HTTP at that):
Worse, the link _even_ works, switching the user to an insecure connection.
What's particularly curious about this is that requests to the root **are** redirected back to HTTPS:
GET / HTTP/1.1
Host: 3.72.104.87
User-Agent: curl/7.81.0
Accept: */*
HTTP/1.1 301 Moved Permanently
Date: Sat, 10 May 2025 17:49:26 GMT
Server: Apache
X-Redirect-By: WordPress
Location: https://www.copytrack.com/
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Whereas requests to non-existent paths redirect to a domain that no longer exists:
GET /foo HTTP/1.1
Host: 3.72.104.87
User-Agent: curl/7.81.0
Accept: */*
HTTP/1.1 301 Moved Permanently
Date: Sat, 10 May 2025 17:50:32 GMT
Server: Apache
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
X-Redirect-By: WordPress
Location: https://copytrack-gxzmht2vp9.live-website.com/de
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Paths that exist are served up:
GET /about-us HTTP/1.1
Host: 3.72.104.87
User-Agent: curl/7.81.0
Accept: */*
HTTP/1.1 200 OK
Date: Sat, 10 May 2025 17:54:23 GMT
Server: Apache
Link: <https://www.copytrack.com/wp-json/>; rel="https://api.w.org/", <https://www.copytrack.com/wp-json/wp/v2/pages/10592>; rel="alternate"; title="JSON"; type="application/json", <https://www.copytrack.com/?p=10592>; rel=shortlink
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
All in all, this has the smell of an ageing Wordpress install that's not been competently maintained when moving the site between domains.
Even their privacy notice contains (mis-written) references to this IP
> If you have any questions, please contact us using the form provided on the website (http://http://3.72.104.87/de/kontakt/).
Much like their email template, their privacy notice doesn't appear to have received much love over the years, with a note implying that it might not have been reviewed since 2019.
To put this into context, email recipients are being asked to part with money based solely on the word of a company who's website is being actively (and predictably) typo-squatted, is poorly maintained and has the sort of typos and mistakes that even modern phishing sites don't feature.
* * *
#### Signing Up For The Service
Each of the site's pages contain a call to action:
Given that Copytrack appeared to be trying to assert rights on behalf of an org who _didn't appear_ to own those rights, I decided I'd sign up and see just how careful Copytrack actually are.
So, I signed up with (fairly obviously) fake details
Arthur Chex, geddit?
Once signed up, you're asked to detail what type of user you are:
I chose "Photo Enthuisiast"
Copytrack asks you to confirm that you are the author and/or that you have exclusive rights:
I clicked `Skip` to see if it would ask me again later.
I started by uploading a copy of a distinctive images that is very definitely mine:
Disappointingly, the platform doesn't immediately start generating matches. However, it turns out that it's also possible to manually submit violations:
Upon submitting, the report is validated in the background (Copytrack's website suggests that they use AI). If a report isn't considered valid (for example, the reported image is different or doesn't load), nothing happens (not so much as a notification).
If it _does_ validate, the violation shows up in the dashboard and even suggests how much you can extor^H^H^H^H^H claim from the victim
To see what the process looks like, I hit `Submit Claim`.
It begins by making you provide address and bank details, so that they can pay out your gains.
Next, you're presented with a checklist requiring that you declare that you hold the rights:
The first two questions don't seem to matter, it's only the question on whether you're entitled to claim compensation which is able to block the process (being commission based, Copytrack aren't interested in handling claims where there's no chance of a payout).
So, Copytrack **do** _technically_ ask whether you have the rights to the image. All the same, it's not a particularly robust check and feels _very much_ like this:
I didn't hit submit on the claim, because it would bring CopyTrack's enforcement terms and conditions into effect and I didn't really fancy exposing my image to some of those terms.
What seems clear, though, is that there is very little to stop someone from creating a Copytrack account, uploading someone elses images and using Copytrack to launch a speculative campaign - pocketing whatever is paid by hurried and panicked webmasters.
* * *
##### Uploading Other's Work
In fairness, it _might_ be quite difficult for Copytrack to assess whether a customer does or does not own the rights to an image (although, IMO, that doesn't absolve them of the responsibility to _try_).
What they _should_ be able to do, is to ensure that any image in their index only has one "rightsholder" active at any one time.
So, I wanted to see whether Copytrack _at least_ prevent multiple accounts from claiming the same image.
Knowing there was a "hit" on the image that they had emailed me about, I grabbed a fresh copy from the Adobe Stock photos and tried uploading that.
The platform didn't even bat an eyelid, so I decided to try uploading something a bit more recognisable
Despite talking a lot about their image index, Copytrack's platform doesn't appear to be set up to be able to handle even the most basic of abuse.
In fact, it turns out that Copytrack don't _even_ prevent matching against their own site and assets
I **did** hit Submit claim on that one.
* * *
#### Information leakage
In the images above, you may have noticed that there are clickable links to the "infringing" content.
However, Copytrack's interface doesn't make use of `Referrer-policy`, which means that there's potential for a bit of information leakage. The user's browser will send a `referer` header, allowing us to identify requests which occurred as a result of activity in the Copytrack portal.
I headed to my access logs and searched for `app.copytrack.com` (the domain of their user portal)
# grep app.copytrack.com access.log.2025042*
access.log.20250428-0600:156.59.126.78 - - [28/Apr/2025:05:56:19 +0000] "GET /posts/dessert/chocolate-orange-sauce.html HTTP/1.1" 200 5676 "https://app.copytrack.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36" "136.158.x.x"
The IP that we care about is in the X-Forwarded-For header at the end (I've redacted the last two octets)
A quick `whois` shows that this is in a block operated by an ISP in the Philipines. Given the timing, it seems likely that this was someone reviewing the page on behalf of Copytrack rather than the original customer.
However, it's **also** possible to identify when a user is adding a "manual violation", because the portal attempts to hotlink the "infringing" image
This, of course results in entries in access logs. But, because it uses `onkeydown` events, it attempts to hotlink on every keystroke, leading to requests for invalid paths
[10/May/2025:16:31:09 +0000] "GET /BENTEST. HTTP/1.1" 404 958 "https://app.copytrack.com/" "Mozilla/5.0,(X11; Ubuntu; Linux x86_64; rv:138.0),Gecko/20100101,Firefox/138.0" "<MY IP>"
[10/May/2025:16:31:10 +0000] "GET /BENTEST.j HTTP/1.1" 404 958 "https://app.copytrack.com/" "Mozilla/5.0,(X11; Ubuntu; Linux x86_64; rv:138.0),Gecko/20100101,Firefox/138.0" "<MY IP>"
[10/May/2025:16:31:10 +0000] "GET /BENTEST.jp HTTP/1.1" 404 958 "https://app.copytrack.com/" "Mozilla/5.0,(X11; Ubuntu; Linux x86_64; rv:138.0),Gecko/20100101,Firefox/138.0" "<MY IP>"
[10/May/2025:16:31:10 +0000] "GET /BENTEST.jpg HTTP/1.1" 404 958 "https://app.copytrack.com/" "Mozilla/5.0,(X11; Ubuntu; Linux x86_64; rv:138.0),Gecko/20100101,Firefox/138.0" "<MY IP>"
The result is that Copytrack's user portal is (unnecessarily) leaking information about it's customers to those that it may then go on to accuse of copyright infringement.
* * *
#### Image Formats
It seems worth saying: Copyright exists (or is supposed to exist) for the public good.
So there is an argument that, run responsibly, services like Copytrack could _perhaps_ be beneficial and defend creative rights.
The problem, though, is that Copytrack's offering isn't actually all that good anyway.
For all their talk of advanced scanning (and using AI because, of course) they only support a handful of formats:
Any _theoretical_ benefit brought by Copytrack's offering immediately disappears if an infringer uses any other format.
Their system also needs Support intervention to be able to handle scenarios where the embedding page and the image do not use the same domain (so `www.example.com` embedding `cdn.example.com/foo.jpg` wouldn't be caught):
> * The domain of the page URL and the domain of the image URL are the same. If this is not the case, you will get an error message and you cannot proceed. You can contact us and send us both the link to the page URL and the image URL. We will check them and connect them within our system to make the manual submission possible.
>
With the platform having such limited capabilities, it's _probably_ no surprise that most reports of interactions with Copytrack seem to err towards copyright trolling.
* * *
### If you receive an email
If you've received an email from Copytrack it's probably not wise to ignore it: Copytrack aren't lawyers, but reports online suggest that they do sometimes instruct legal teams (and they certainly post about "wins").
At the same time, though, don't panic and rush to give them the money that they demand.
To deal with them, reply to their original email (don't use the portal, it doesn't send you a copy and only allows for limited responses).
You should
* Insist that they provide proof that their client owns the copyright in question (as we've seen above, they won't have checked in any meaningful way)
* Work out where you acquired the image - is the copyright holder the one Copytrack have listed?
* Grab proof that you licensed the image (if you can)
The odds seem to be in favour of this causing them to quickly close the case - the model relies quite heavily on scaring and bullying people into paying over the odds.
If for some reason they don't back down, at the very least, it seems that they'll often offer a reduction from the original demand.
Going forward though, make sure you keep meticulous records (along with proof) of where the images that you use are licensed from.
Personally, though, I've started the process of replacing and removing stock images: their widespread use makes them an attractive target for copyright trolls and I don't fancy spending future money on something that leaves me open to this kind of hassle.
* * *
### Conclusion
There are quite a few posts on the web about Copytrack and their lacklustre record. Some of those posts refer to Copytrack as a scam, but I don't think that's entirely the right label, because they seem to be something _worse_.
Copyright claims come via Copytrack, but they're not generally launched _by_ them.
Instead, Copytrack provide a platform which, through lax checks, enables _others_ to easily conduct copyright trolling campaigns.
Unless a recipient challenges a claim, there doesn't seem to be _anything_ to stop someone from creating a Copytrack account and laying claim to a wide assortment of other peoples images.
In other words: Copytrack's platform facilitates **much** more widespread abuse than that achievable by a simple copyright troll. If copyright trolls are mercenaries, then Copytrack are the arms dealers.
This undesirable reputation isn't really helped by the fact that their website doesn't instil much confidence - their claim emails lean heavily on the side of "trusts us because we said so" but they can't even review their Privacy Policy properly.
In comments to the media, Copytrack talk about their social good - they're fighting for the rights of photographers dontchaknow - but the limitations of their platform do seem to suggest that they're unlikely to be quite as effective as they claim.
New #Blog: Examining A Copyright Claim From Copytrack
Author: Ben Tasker
www.bentasker.co.uk/posts/blog/general/copyt...
#analysis #copyright #copytrack #general
0
0
0
0
10 months ago
#copytrack #copyright #copyrightlaws #imagetheft #imagelicence #stockphotos
0
0
0
0
1 year ago
Is Copytrack.com Targeting AI-Generated Images for Copyright Claims?
've been exploring whether Copytrack.com pursues claims on AI-generated images. Their outdated 2019 stance on AI copyright conflicts with the 2023 U.S. Copyright Office guidelines. An update from Copy
Copytrack's outdated 2019 stance contrasts with the 2023 U.S. Copyright Office guidelines, highlighting the need for an updated perspective.
#copytrack
0
0
0
0