The Piracy Risk of Using File Sharing Websites

A few days ago I published, on Amazon, a primer to help freelancers come to grips with technology.

If you’re interested, check out The Confused Freelancer’s Guide to Technology: The Bare Essentials You Need to Get Your Freelance Business Online (1st Ed.)

Ironically, one of the chapters covers cybersecurity and staying safe online 😳.

What can I say other than that you live and learn?

I have not yet begun actively promoting the book yet — there’s a whole campaign calendar plotted out and undoubtedly you’ll see me giving the book a plug on this Medium account from time to time. But the activity, up to this point, has been on the DL.

Nevertheless, before publicizing it on Amazon, I wanted to offer it to my professional network off the bat for advance review — and particularly those who freelance. It’s always good to spread the word and what not.

So, towards the end of last week, I:

  • Uploaded a password protected PDF to a website that I manage
  • Uploaded a the same password protected PDF to a Google Drive folder that I shared with some more contacts

This was all well and good until I made a minor modification to the cover art and decided to upload it to a third website and send that group to another pool of individuals (a Facebook group that I administer).

This time, however, I didn’t bother encrypting the PDF and setting a password to unlock it.

Much more problematically, I decided that I didn’t want to go through the bother of logging in to my web hosting and stick it there. Instead, I relied upon the services of a few file sharing websites to quickly upload the PDF and send out a download link.

To make matters worse, I ended up using not one of these file sharing sites but a few because there were some hitches during the upload process with those that I tried. I firstly tried an ephemeral file sharing service but then gave up on the idea of using ephemeral file sharing (we’ll call this ‘suspect one!’).

Next I tried another file sharing service I had not heard of which but which looked easy to use (‘suspect two’!)However the upload process seemed to mysteriously keep failing 🤔. Finally, I decided to just use something I was familiar with — WeTransfer.

All seemed to be going well until I began getting some Google Alerts using the alert I had set up with an exact search match for the book’s title. I began finding links like this:

Sanet.St — the website did quickly honor a copyright request to have the ebook removed

To my dismay, the review version of the e-book (thankfully, an abridged prepublication file) had been pirated and was now being offered for download on various torrent and file sharing sites.

There’s even a Reddit user hocking it (the file, for those wondering, appears to be down):

I managed to get the file taken down from one site — Sanet.st — by filing a DCMA notice. But once a pirated version of your content is in circulation tracking down all extant copies of it — particularly on the dark web — is virtually impossible.

So a lesson learned:


Assume That Any Untrusted File Sharing Site Is Being Maliciously Scraped — And Anything You Upload To It (Of Potential Value) Will Be Pirated

This was a pretty interesting case for me —because the time from uploading the PDF to the file sharing sites and it turning up on various Torrent download sites and Reddit was less than twenty four hours.

My pool of suspects is also rather small. So pulling apart cause and effect here doesn’t require the detective skills of Sherlock Holmes.

I have confidence in WeTransfer — they follow a freemium model and the company is transparent about who’s behind the operation.

The other entities that will have to remain nameless?

I’m not leveling a direct allegation against either but I don’t think that there are any other credible suspects.

There are a few things worth knowing about e-book piracy.

And this blog from Dave Chesson does a nice job of explaining why — in a sense — it almost doesn’t matter that people pirate your authorship and it’s almost inevitable that it’s going to happen.

As Dave points out, people that steal your e-books are not really your target market anyway. Amazon allows users to download purchased content. And if you’re really sufficiently motivated to do so, removing DRM protection is within the technical reach of most tech-savvy users. Ie, if a sufficiently motivated party decides that they want to pirate your book, it’s going to happen.

Nevertheless, as Dave writes, it makes sense to fight back with whatever vigor you can muster.

And I’ll one-up him and say: it makes sense to try play the pirates at their own game too.

As preventative measures to stop pirating from happening you can:

It’s worth configuring Google Alerts like this to try catch pirates quickly

Assume that any file sharing website you do not fully trust is unsafe. It’s possible, but unlikely, that they’re providing a backdoor directly to pirates. A more likely scenario, however, is that the filesharing site has lax security and any uploads to it are being continuously scraped by bots that win pirates their bounty (if you don’t know what web scraping is, I’ve provided a resource below).

Apply DRM on all your e-books in Kindle Direct Publishing (KDP).

If you are going to be using third party file sharing websites that you don’t trust and are worried might be intent on scraping your PDF then either encrypt the file with a PGP key or set the strongest password that you canPGPTool is a good tool for encrypting files and doing so end-to-end is far safer than relying upon any web UI that could conceivably be capturing your keys. Most likely, a pirate is not going to be prepared to expend exhaustive effort attempting to brute force his/her way into your book.

Using PGPTool on Ubuntu 20.04


An Idea To Exploit This To Annoy E-Book Pirates

Here’s another idea:

  • 1: Develop a teaser version of your e-book. You could cut out the first two chapters or else pull together something yourself that includes all the most juicy nuggets — those parts most likely to actually entice readers to download the book.
  • 2: Deliberately title the file to mislead would-be pirates into believing that it represents the whole book. An example would be ‘My Great Ebook — Full Version for KDP.pdf’. Alternatively you could emphasize that it isn’t password protected: ‘My Great Ebook — No Password.pdf.’ You could even roll the file into a compressed archive and pretend that it’s something else entirely.
  • 3. Scour the internet for the most dubious looking file sharing websites. Upload various versions of your file to all of them, making sure to change the name slightly each time. Find a few on the dark web for good measure. Emphasis on ‘all’ here: the more effort you put into this the greater the probability that it’s going to end up in circulation.

Alternatively, you could just throw together a quick one page document like this and then seed it to said websites:

The first approach might potentially convince somebody to actually shell out for your work. The second would be a good way of taking a small stand against ebook piracy.

In conclusion:

  • Don’t upload stuff you don’t want to be pirated to file-sharing websites you’ve never heard about.
  • Without question, don’t upload any personally identifiable (PII) there either — or even think of putting anything financial.
  • Actually, don’t trust any website at all with your data unless you trust their ability to govern it securely and prevent malicious bots from scraping and pirating your data.