Copyright Troll Offender Profiling – The Likely Suspect

It is no surprise that the various Copyright Troll outfits use some sort of filter to try determine who will respond best to their pressure.  Notice I do not say their efforts are designed to fully “identify the true infringer.”  Their efforts will undoubtedly identify “some” infringers, but not all.  The potential for error is there and the business model does not work well with the error factor.  So what is a Troll to do?  Press on like there is no error factor and rationalize their actions as just and right.

Here is what true Offender Profiling looks like

Clearly, then, there is a close relationship between profiling and ‘conventional’ detective work.  However, profiling differs from conventional detection in its attempt to use information about how an offence was committed to make suggestions about the psychological characteristics of the offender. Profiling cannot tell police exactly who committed an offence, but it potentially can make predictions about the characteristics an offender is likely to possess. This can help police target their investigation more effectively and prioritise suspects once they have been identified.  {What is offender profiling?, Aidan Sammons,}

In no way do I equate the efforts of the Trolls to anything to a true profiling effort.  In profiling you use the available information to help target and prioritize suspects.  This is the same as using the scientific method of letting the facts speak for themselves.  What the Trolls are doing on average is to try to make the facts fit into their belief that the ISP subscriber or family members are responsible.

As the description above indicates, offender profiling is used to “help” the investigation, not be the mainstay of it.  The Trolls will claim it is otherwise, but for the majority of the cases to date, any real investigative effort is minimal or possibly non-existent.

In one of my recent posts the local Troll only spent one hour on investigative work for a case.  For the Navsca case (3:12-CV-02396), the investigative work appears to be the running of a LexisNexis Accurint report ( on the ISP subscriber, Internet searches (Google), and an analysis of the results.  According to Paul Hansmeier (19 Feb 13 deposition – PHanmeier_Redac_Trans_08333(CA)), from the Accurint report, they try to determine the personnel living at the residence.

(Pietz) Q. Can I interrupt you. Can you tell us which particular services were used in this case?

(Hansmeier) A. I believe the service that was used in this particular case is a service called Accurint, A-C-C-U-R-I-N-T.

(Pietz) Q. And were there any other database searches conducted on the ISP subscriber?

(Hansmeier) A. To the extent you consider Google to be a database. The most formal database search and background search of the household was done through Accurint.  {Page 214}

Once they obtain the names, gender, and ages of the residents, they try to remove those persons that don’t fit their existing profile – namely females.  Paul Hansmeier did say it is not an automatic removal, but it is unlikely that a female would be the offender (Page 225).  The age of the residents are also used to rule out possible infringers (Pages 228 – 229).

While this going on, Prenda is also attempting to contact the ISP subscriber via letters and telephone calls.  This communication is in hopes of attaining a settlement or developing additional information to support their case.

They then attempt to evaluate everyone in the household on their technical competence in relations to computers.  Prenda Law believes that only people with a technical background are capable of running BitTorrent (Page 227).  No independent basis for this assumption was provided.

(Hansmeier) A. So the next step in the process — or the intensive process is doing significant research on these individuals through subsequent reports through finding out what these people do, what their educational background is, what their hobbies are, what evidence there is of them being involved in computer communities, checking out handles online and seeing if there’s some way to link someone on one of these piracy sites to one of these individuals and build as complete a profile as possible to determine whether someone is the likely infringer.

Now take a look at the last sentence from Paul Hansmeier.  Their profile (after an “intense process”) only provides them information to say who the “likely” infringer is.  LIKELY.

Prenda also takes a look at physical location of the residence in relation to neighbors and/or streets where unknown individuals could possibly access the ISP subscribers Internet WiFi connection (Page 229).  They use Google Maps.

Prenda Law assesses how long the BitTorrent activity has been occurring from the public IP address (Page 229).  They are of the opinion that prolonged BitTorrent activity is indicative of guilt.  I guess they never thought a neighbor could abuse an open WiFi connection over time.

likelycats1Prenda Law “LIKELY” Profile

Base on what Paul Hansmeier stated and other cases (link to other Ranallo case), I will make an estimate of who Prenda Law thinks is the likely infringer prior to naming them.

  • Male
  • Age – pubescent through pre-senior citizen
  • Technical background – a job with some specialized knowledge and experience in computers and network.
  • Plays computer games – Don’t laugh, I’m serious.  Watch out “Call of Duty” players.
  • Has an active “Online” presence – Facebook is like crack to some people.  In guess that means something to Prenda Law.

Here are some other factors Prenda Law will use to further try to rationalize their “Likely” infringer view.

  • Watches porn – Oh boy, that means a good majority of people probably guilty.
  • Specialized software – If you happen to use CCLeaner, Prenda is of the opinion you are destroying evidence (page 230).

(Paul Hansmeier) …And then — I mean, the follow-up I make to that is that Mr. Navasca’s deposition I think shows and is a great illustration of the effectiveness of our process. We had a guy there who uses technical – or who has a technical background, who does a lot of stuff with computers. I think I remember reviewing the transcript and seeing that he uses — plays games two hours a night. And further, frankly, the fact that he had that program on his computer where he’s destroying the forensic evidence that we would need to prosecute him.

Even if you have a program on your computer that is expressly designed to wipe files and drives (CCleaner isn’t expressly designed for this), it does not mean you are destroying evidence.

So where do you stand?  Are you one of the likely suspects?

As I have previously said, the Trolls don’t like to do investigations, as it brings down the profit margin.  Speaking of profit, see page 206-207 in the deposition – 6681 Forensics LLC is paid $6,000 a month from AF Holdings LLC!

11 March 2013 – should be interesting.

DieTrollDie 🙂

About DieTrollDie

I'm one of the many 'John Does' (200,000+ & growing in the US) who Copyright Trolls have threatened with a civil law suit unless they are paid off. What is a Copyright Troll? Check out the Electronic Frontier Foundation link -
This entry was posted in Uncategorized and tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

27 Responses to Copyright Troll Offender Profiling – The Likely Suspect

  1. Pingback: Deposition of Prenda’s Paul Hansemeier regarding AF Holdings: transcript | Fight Copyright Trolls

  2. warpath says:

    can I get a collective d’oh?

    I give you: 20 Million Ubuntu Linux users:

    – Comes bundled with Transmission BitTorrent Client
    – By nature, can wipe a hardrive with random data or make it look like it just came off the assembly line with this simple command every linux system can do e.i :

    sudo dd if=/dev/zero of=/dev/sda

    -offers to wipe a hard drive on install (slow format).

    -Many IT professionals will make a habit of encrypting, rebuilding and cleaning their disks on a regular basis.

    Can i ask for a clarifying question though? I see posts like this about trials, court dates judges etc and I also have read that not a single Doe has been brought to trial. Is that still the case? I suppose i’m just confused over the posts on DTD that seem like a lot of legal / court action is happening vs the rumor that Trolls have not actually successfully sued someone. I think the readers hear would appreciate an update on the likelihood that a Troll will actually get them into court provided they respond in a correct and legal fashion.

    PS – Back in the 80’s Weird Al came out with a song called “The Check’s in the Mail” which is all about blowing someone off who wants to sue you. Goes through my head every time I read these things.

    • DieTrollDie says:

      Listening to “The Check is in the Mail.” 🙂

      No, to date, no case has gone to full trial – been judged on its merits. There are a small number of cases where some form of discovery is going on/has gone on. I don’t know of any computer forensics that has formally taken place to date. The best we have seen is a troll like Prenda claim that the results of deposition showed a defendant destroyed evidence by running CCleaner. A real expert had to inform the court (and educate Prenda) that Cleaner was only run to fix the normally messed-up Windows OS and keep it running good (hopefully) and not to wipe the unused portion of the drive.

      it is still a very small percentage of cases that the Trolls actually make some move forward on. Even with the move forward, the Troll doesn’t to have to fight this out if possible. The generation of settlement revenue is the real purpose of these operations. The Troll knows the discovery phase is a knife that can cut both ways. Prenda was able to depose Mr. Navasca, but the results did not help their case. Ranallo and Pietz were then able to depose Paul Hansmeier concerning AF Holdings LLC. The results of that deposition will ready for use on 11 March 2013, when the Prenda Mafia is in the California court.

      Bottom Line: No cases yet has been judged on it’s merits. The Trolls have only gotten default judgements, settlements from Does, cases closed or dismissed for a variety of reason.

      DTD 🙂

  3. me says:

    I suppose they forgot to include people that have a hidden encrypted partition, on which there is a virtual machine with a VPN tunnel to a proxy server in Russia. CCLeaner? seriously?..
    /me is dissapointed

  4. prenda says:

    I can’t imagine how getting the lists of anyone who has accessed two particular sites can be at all helpful. I think I just might file my own patent, and sue everyone.
    A computer readable medium which accepts input, processes the data, and produces output.
    Now everyone will violate my patent. I’ll get Beeellllions.

  5. I am an IBMer says:

    I’ve used CCleaner (and software like it — IBM makes such software) in the past to clean up data from work for secretive governmental organizations (e.g., Department of Defense, Department of Energy, the National Security Agency, etc.). There is no way this is more than circumstantial. Of course, I’m also a computer science expert, which is why I have this data in the first place. THIS MUST MEAN I AM A PIRATE. SUE ME. It’s unfortunate that some lawyers would misuse their positions, granted by the public trust, to attack the public so circumstantially, in the effort to increase the value of a held asset. If there isn’t a law against such actions (aside from what might be termed racketeering), there ought to be. Two things: (1) I think there ought to be a legal defense fund set up pronto for at least DTD and FTC/SJD and (2) I think we ought to set up a legitimate PAC to donate to political candidates who aren’t willing to be servants of copyright maximalists and realize the government has gone way too far in the last couple decades in servicing Hollywood, et al.

  6. Anon_Lurker says:

    Is Prenda using profiling techniques correctly? From what I have seen about profiling it is not a check list process but a process that involves skill and a broad knowledge of human behavior. Also, profiling is not infallible and good investigators use it as tool to aid the investigation.

    Another issue is the skill level to use bit-torrent is not that high. If necessary, a Google search will probably give the average person enough information on how to use. Most people will know someone who can show them how to use such a tool. The sophistication is knowing to a VPN service before joining a torrent.

    The presence of bit-torrent client, standard install with Linux, proves nothing. Many Linux distros use torrents as their preferred or only method to download the iso.

  7. keep up the good fight, just saw your site on torrentfreak, this is an outrageous case and hopefully you slay these idiots in the courtroom

  8. Anonymous says:

    Wait, how do they determine that he played video games for 2 hours a night?

  9. that anonymous coward says:

    The best part of all… is I have all 5 indicators.
    They should so target me, well except for that whole I think naked girls are icky thing…

    • nlbstr says:

      I have a sneaking suspicion the Guava case is going to be about gay porn… Just another embarrassment factor to add on top…

      • that anonymous coward says:

        There have already been trolls working the gay porn side, what Evan Stone did really hurt their cause. I am aware of some smaller firms trying, and once you point out that the work in question has no US copyright and is barred from the big money damages they tend to shut right up…

  10. BelieveItorNot says:

    Any Judge with an ounce of reasoning and logic would conclude they don’t know and don’t do squat. A bunch of hustlers.

  11. KingLear says:

    I dispute this.

    You’re suggesting that proper offender profiling is used to prioritise “suspects” – i.e., to look at those you already suspect and working out which of them is the most likely offender. That is what this process does, but you’re suggesting “trolls” do this without an existing pool of “suspects”.

    What this does is look at an IP, and then use these factors to determine which of the people associated with that IP are most likely to be responsible for whatever activity was detected associated with the IP. That is “offender profiling”.

    To follow your logic, you’d be saying that what the “trolls” do is this but without the IP – so they’re saying the most likely “suspect” is black, male, aged 25-30, and watches porn, so they then try to sue every black male aged between 25 and 30 who watches porn. This is not what they’re doing at all.

    • DieTrollDie says:


      Sorry if I wasn’t clear. The Troll does have an IP to start with. They use some aspects of OP, but not to really filter out people. The Troll uses it to better tailor his settlement pressure. There is NO real investigation to determine who is the true infringer. OP is only tool and shouldn’t be a main aspect of a case. IMO once the Troll has the IP, they believe the right person or people associated to them are guilty. Doing anything else is not in the interest of the Troll.

      DTD 🙂

    • By my reading of the post, this is incorrect. DTD is not arguing that they are failing in their investigative duties _before_ they apply their profiling techniques. Indeed, they have gathered a list of suspects and are narrowing it with these techniques. So far, so good.

      The problem is what they do with the _output_ of these techniques. If using profiling properly this is where the investigation begins. You use the prioritized list of supects to perform an actual investigation to attempt to determine the activity of your top suspects. The problem, as I see it as presented in Mr. Hansmeier’s deposition testimony, is that this next level of investigation simply does not occur. After profiling, they then jump to applying legal threats and offering settlements with their top suspects.

  12. SuperDoe says:

    Do they ever sue these top suspects? or just use this investigation to scare someone even more without pursuing them thinking that if they know more about the infringer like how much that person downloads it will scare them more by thinking they might have some evidence on me? Cause I’ve read some letters saying in the settlement letter that if people don’t accept the settlement offer they will have no choice but to proceed with its investigation which you would think that if they are offering people settlements they would have already investigated the matter at hand.

    • DieTrollDie says:

      So far they have not actually taken anyone to a full trial – judged on its merits. Unless a Doe talks or they are able to get evidence from another location or person, they have a good chance of losing in a trial. All they have is a public IP address and it is weak. Couple that with the fact that most Troll operations do not want to expose their operation in open court. Take a read of the Paul Hansmeier deposition and see how evasive he is with the operation of Prenda Law and 6881 Forensics LLC.

      The only case I can think of where they had good information was the recent Flava case – The difference in this case was the movies in question were purchased by the defendant and the content owner added a hidden code into the movies. They were then able to determine who likely uploaded the movies to BT. It didn’t go to a full trial, as the defendant decided to default – the court awarded the max for the 10 movies – 1.5 Million.

      DTD 🙂

  13. Smokin Joe says:

    I have only been following this in the recent days, but it sounds like Prenda Law are the “Ambulance Chasers” of the internet. What can one do to assist in bringing down companies like this? I can code like a champ, and I have lots of servers at my disposal. Awareness? Trolling-for-trolls?

    • warpath says:

      Now that’s an interesting question. I’ve noticed a lot of IT professionals voicing an opinion on this site and others. It seems these company’s make money on the internet, through sales and subscriptions, but have also decided to attack a very large and random cross section of people consisting of scared kids and parents, people without the means to defend themselves and extremely capable and intelligent individuals who make the very medium this is all happening on work.

      Putting aside the fact that i’m caught up in this, and my good friend who is an attorney is foaming at the mouth waiting for this to ramp up in my direction, even if I found that everything was dropped and I didn’t have to think about a porn company trying to extort money from me, i’d still feel morally obligated to help others from being caught up in this.

      It professionals, by nature, are trained to see a problem, tear it down into component parts and come up with a solution. The internet is a force of nature that evolves changes over time. It’s an unstoppable force which shrugs off things like this like a vestigial organ.

      Will any of these attempts to silence, suppress and extort innocent people still be possible on the internet in 2 years, or 5 or 50? I don’t think so. So, perhaps these posts are the internet’s immune system kicking in. Beyond protecting ourselves and our personal interests from attack, how can we fix the internet? How can we, as IT professionals, fix the broken system in a beautiful and elegant way ?

      Off the top of my propeller hat:

      – Improving Open Source bit-torrent clients ability to recognize and block files seeded by trolls.
      – Improving systems like Tor for anonymous browsing – and volunteering bandwidth to those systems.
      – Posting your own blog on how to secure your online activities.
      – Writing a browser plugin for alerting a user they are wandering into troll territory
      – building a collaborative url/ip block list for all to share to make sure we don’t allow internet traffic to ANY websites the trolls are affiliated with. (choose your friends wisely)
      -I myself wrote a program that scanned my entire infrastructure searching for files with names similar to any copywrited material from any of the troll companies. It didn’t find any, and I see room for improvement there, scanning almost like a daily virus scan. I will post it as an open source project. Downloading file names like virus signatures.
      -Informing local media of local lawfirms bringing porn companies to their neighborhood by taking on such cases.

      What else?

      Sure, some of these may have the side effect of a reduced amount of traffic to websites affiliated to trolls, but that is nature. Things that hurt the organism are flushed out and rot off the vine.

      The Art of War teaches us the method of “attacking by stratagem”. There is nothing to gain by confronting this enemy head on, when the more you engage the more power they get over you. Rather build up your walls, wall them into the mess they made, live well and they will vanish.

      “Well I’m proud to say you’re not the only critic of mine
      So if you wanna sue me I’m afraid you’re gonna have to wait in line
      Take a number thanks for calling who loves you baby
      Don’t forget to read the fine print.” – Weird Al.

      • that anonymous coward says:

        “It seems these company’s make money on the internet, through sales and subscriptions,”
        Then why is it one of the titles that had multiple lawsuits filed by Prenda can’t be located for sale at any price anywhere? Can’t find any hits for the hash of the file anywhere but in their legal filings. I did some poking on 2 popular public trackers and located 2 IP’s seeding the file, but I didn’t obtain them for fear of daring to get a single packet of data and having my IP added to the list of targets.

        Sometimes they are not making money on the internet by offering the material.

    • doggedt says:

      Like where you’re going with this train of thought. Like working backwards from what we already know – for instance SJD posted on Apr. 30,2012 “IPP is no one else by Guardaley, a company that was found guilty in using unreliable soft in a Berlin court. Since then Guardaley masquerades itself as Baseprotect, logistep, IPP International etc. The software itself is a slightly modified open source Shareaza, which opens some uncomfortable questions about proper GPL licensing.” *IF* IPP International is the same as IPP Limited who uses the so called “forensic software” called International IPTracker v1.2.1 they might be here: Also wondering why Plaintiffs/attorneys in the US would use a German company in the first place? Maybe asking questions about the “unknown torrent file”; Who made it accessible? Why is it still accessible? Another thought was to mimick the “Great American Smoke-out campaign” by appealing to the Torrent sites and having something like a “No X-Art download day” on the Torrent sites. The question was would it mess up their tracking/harvesting software by not having any thing to harvest on said day? *Remember X-Art/Malibu Media/Lipscomb are very active, too.* (it’s sometimes hard to even believe this is happening in our own backyard!)

  14. Pingback: Update To The “Richard Pryor Response” OR What To Tell The Troll When He Calls | DieTrollDie

  15. GuardaLey Observer (rebranding) says:

    this is from –,27843032

    “The reason there isn’t a lot of information on GuardaLey Observer is that isn’t actually its name. The software is called International IPTracker. For information on how it works, check out this court declaration:•••rExA.pdf IPP is an (umm… what’s the nice word for alias) of GuardaLey. If you look at the picture on page 5 ( you’ll see the caption under their server is “GL Observer”. The affidavit that accompanies this declaration can be found•••eser.pdf and is eerily similar in parts to the one by Barry Logan that was served to TekSavvy.

    What I find really interesting is that the software is “based on Shareaza”, which was released under the Gnu General Public License which makes me wonder if GuardaLey or IPP have the right to sell the software to Canipre or if they are somehow in violation of the GPL? That could be one approach.

    Another perhaps is to question the validity of the program. Should they be required to release the source code in order for a (impartial or objective) third party to ensure that it actually does what is on the box? And along those lines, is there an affidavit from anyone familiar enough with the source code to make the claims, or is that part of the motion hearsay?

    There is some worrying history about this software to take what it does at face value, including the above referenced fiasco with Ipoque that ended up with GuardaLey being sued by one of their former law firm partners, Baumgarten Brandt.

    I don’t think the software angle is being played up enough. It is, after all the only “witness” against the John Does.”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s