Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content MC 359 (Lot 3 Label 9 and Label 13)

Appendix

For OFCOM

50090 – November 2015

 IDATE Project Manager Vincent BONNEAU +33 (0)4 67 14 44 53

[email protected] "

About IDATE and DigiWorld Institute

Founded in 1977, IDATE has gained a reputation as a leader in tracking telecom, Internet and media markets, thanks to the skills of its teams of specialized analysts. Now, with the support of more than 40 member companies – which include many of the digital economy’s most influential players – the newly rebranded DigiWorld Institute has entered into a new stage of its development, structured around three main areas of activity: • IDATE Research, an offer of market intelligence publications • IDATE Consulting, time-tested analysis • DigiWorld Institute, a think tank on the digital economy.

Copyright IDATE 2015, CS 94167, 34092 Montpellier Cedex 5, France All rights reserved. None of the contents of this publication may be reproduced, stored in a retrieval system or transmitted in any form, including electronically, without the prior written permission of IDATE. IDATE, DigiWorld, DigiWorld Institute and DigiWorld Yearbook are the international registered trademarks of IDATE. Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Contents

1. Regulations against piracy ...... 5 1.1. Example of policies in various countries ...... 5 1.2. Graduated responses schemes ...... 5

2. Content delivery techniques ...... 6 2.1. P2P solutions ...... 6 2.2. Facebook strengthening anti-piracy after complaints from rights holders ...... 11 2.3. Popcorn Time ...... 12 2.4. Periscope ...... 12 2.5. UltraViolet ...... 14 2.6. Licensed Digital Rights Cloud ...... 18 2.7. Digital copy ...... 20 2.8. Procedure to set up private game servers ...... 21

3. Benchmark of lawful offerings ...... 22 3.1. Content catalogue ...... 22 3.2. Technical limits ...... 30 3.3. Reasons for infringing ...... 36

4. Unauthorised content techniques ...... 37 4.1. Detection solution providers ...... 37 4.2. Case of wrong detections ...... 38 4.3. List of major privacy techniques ...... 42 4.4. Blocking by legitimate services...... 45 4.5. Freenet & F2F ...... 46 4.6. BGP blocking ...... 47 4.7. DPI techniques ...... 48 4.8. Hybrid blocking ...... 50

5. Estimates and forecasts of lawful and unauthorised content ...... 52 5.1. Main objectives ...... 52 5.2. First module: breakdown of files consumed per category of content ...... 53 5.3. Breakdown of time spent per device ...... 54 5.4. Dataset ...... 56

www.idate.org © IDATE 2015 3 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Tables & Figures

Table 1: Main characteristics of antipiracy policies in Common Law and Civil Law countries ...... 5 Table 2: Examples of graduated response implemented by selected countries ...... 5 Table 3: Delivery modes and limitations for the different solutions ...... 35 Table 4: Storage options for the different solutions ...... 35 Table 5: Assessment of the different detection solutions ...... 37 Table 6: Analysis of cases ending up in detection errors ...... 42 Table 7: Main add-on privacy techniques are the following: ...... 42 Table 8: Main “new” piracy systems include the following ...... 44 Table 9: Categories of content and scope of products and services covered ...... 52 Table 10: Sources, 1st module ...... 53 Table 11: Sources, 2nd module ...... 54 Table 12: Results of the 1st module: Volumes of content legally and illegally consumed par category of content ... 56 Table 13: Results of the 1st module: Volumes of content consumed through illegal distribution channels ...... 57 Table 14: Results of the 2nd module: Volumes of content consumed per device ...... 57

Figure 1: Publishing the file with BitTorrent ...... 8 Figure 2: Receiving the file with BitTorrent ...... 8 Figure 3: Receiving the file after the source has left the swarm ...... 9 Figure 4: Integration of DHT, PEX and Magnet Links on a P2P and trackerless network ...... 10 Figure 5: Operating principles of Content ID ...... 12 Figure 6: Screenshot of a Periscope stream, from a TV set (Mayweather-Pacquiao fight, 3rd May 2015) ...... 13 Figure 7: UltraViolet offering ...... 15 Figure 8: UltraViolet satisfaction ...... 15 Figure 9: Upgrade of the DRL account by the user for digital content purchase ...... 16 Figure 10: Disc to digital process ...... 17 Figure 11: General scheme for the consumption of content from one device ...... 18 Figure 12: The Disney Digital Copy service ...... 20 Figure 13: Reasons for infringing ...... 36 Figure 14: Perception of content availability ...... 36 Figure 15: Man-in-the-middle attack ...... 41 Figure 16: Operating principles of VPN ...... 43 Figure 17: Operating principles of TOR ...... 43 Figure 18: Operating principles of seedboxes ...... 44 Figure 19: Anonymous P2P file transfer (with an Anti-Piracy peer) ...... 45 Figure 20: Applications identifications with DPI ...... 49 Figure 21: Deep Packet Inspection mechanism ...... 49 Figure 22: DPI and policy management market, 2015-2019 (million EUR) ...... 50 Figure 23: Illustration of calculation principles of the 1st module ...... 54 Figure 24: Illustration of calculation principles of the 2nd module ...... 55

www.idate.org © IDATE 2015 4 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

1. Regulations against piracy

1.1. Example of policies in various countries

Table 1: Main characteristics of antipiracy policies in Common Law and Civil Law countries Common Law countries Civil Law countries • No specific law or minimal legal • Enactment of specific laws pointing OTT Regulation system framework ; services. • Strict appliance of copyright. • No specific organism ; Competent bodies • Creation of dedicated organization(s). • Civil and criminal courts. • Public organizations; • Publishers / right-holders associations • Non-commercial organizations; Initiative and/or federations. • Publishers / right-holders associations and/or federations. • Preventing illegal commercial uses; • Limiting personal illegal practices; Main objectives • Limiting personal illegal practices. • Providing legal support to right-holders. • USA; • France; Country sample • UK; • Germany; • Canada; • Netherlands Source: IDATE, 2015

1.2. Graduated responses schemes The table below provides an example of various graduated response implemented by few countries.

Table 2: Examples of graduated response implemented by selected countries

Country Name of the law Aim of the law

Canada Copyright The new law states that infringer will get notices from their ISP asking them Modernization Act to stop. Latter proceeding can be intended by right holders on the bases of (2011) the received mails.

France HADOPI law (2009) This law states the creation of a dedicated organization called HADOPI to track infringers and to implement the graduated response.

New Zealand Copyright Infringing In this Act, the copyright owner has to determine the fixed-line infringing the File Sharing law through a file-sharing network, and to notify it to the ISP. The graduated Amendment Act response is then done by the ISP. (2011)

South Korea Korean Copyright Act In South Korea, the ISP is in charge of the graduated response: it has to (2009) send a notification to both the infringer and the right holder for the copyright infringement.

Taiwan Copyright Act (2009) Taiwan graduated response is similar to the Korean one, as the ISP is in charge of it. The termination of Internet service for an infringer can occur in case of 3 infringements.

Source: IDATE, 2015 Another popular method against infringing individuals is fines, for example the German system based on immediate financial sanctions of 1 000 EUR per infringed item on average.

www.idate.org © IDATE 2015 5 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

2. Content delivery techniques

2.1. P2P solutions

Napster With first P2P solutions like Napster, the discovery mechanism for peers and resources was based on a central index that would index all files (without having a copy of them) and associated peers with their IP addresses. Without the central index server, no peer would have been able to find a file. Any new file to be shared was then declared to the central server. Any Internet user wanting to get a specific file would look for it in the central server through a search engine and connect to the IP address of the peer that has the file. The download of the file itself occurred only between peers (and did not go through the central index). The central index server, hosted within the P2P architecture, was clearly seen as a major drawback of the solution when facing legal procedures and was abandoned by later P2P solutions. With Napster, the solution was also mono-source, which means that the content was downloaded from only one peer. This has been improved since then. It should also be noted that with Napster, peers that want to download do not need to upload any content or share any content.

Gnutella In Gnutella versions (up to version 0.4), there is no need for a central server. Each peer indexes its own files. To look for a file, each peer makes some request to its closest peers. Requests go then step by step through a tree-like approach and results are returned in the opposite way. Peers then exchange content directly.

Gnutella stopped this approach, which proved to be too inefficient to handle both connections from narrowband and broadband users. The data propagation (for requests) was slow due to the bottlenecks created by narrowband users.

eDonkey To solve the bottlenecks problem of Gnutella, eDonkey introduced an “intermediate mechanism” (in this case the eD2k servers), so that files could be searched independent of nodes. Servers are used to discover content, but they do not actually host it

www.idate.org © IDATE 2015 6 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Kad Network The Kad Network involves no servers, but each computer within the network communicates with each other acting like a mini server. An important concept here is “bootstrapping”: to join the Kad network, the user is required to know the IP address and port number of any other computer within the network.

BitTorrent BitTorrent is designed around the connection of peers and the exchange of resources for a specific content file. With BitTorrent, peers look first for specific content then connect to a non-generic tracker, in charge of that specific content, before exchanging with relevant peers.

www.idate.org © IDATE 2015 7 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

First publication; A to “upload” the file

Figure 1: Publishing the file with BitTorrent

1. A either creates a new tracker, or uses an existing tracker run by various torrent communities. (The latter case is much simpler for A and is the majority case, and thus this will be assumed for the diagram. But should A create its own tracker, then A acts as the tracker as well as the original seed) 2. A creates a torrent file, which includes metadata on the file and the tracker 3. A uploads the torrent file onto a web server, usually through the website of the tracker used (but the content file stays on the computer A) 4. Using a BitTorrent client, A starts seeding (allowing for other peers to connect in order for the file to be distributed) 5. The tracker is updated (to know that A is seeding)

Receiving the file part 1; how a peer receives parts of the file from the seed

Figure 2: Receiving the file with BitTorrent

6. B finds torrent file created by A inside the torrent website 7. B downloads the torrent file 8. B opens the torrent file with a BitTorrent client 9. B connects to the tracker specified in the client 10. B receives information on the seeds and peers currently present in the swarm (in this example, it is just the original seed A) 11. B is registered as a peer by the tracker 12. B connects to A directly

www.idate.org © IDATE 2015 8 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

13. B downloads a part of the desired file 14. B remains connected as a peer to receive further pieces of the file, either from A or other peers who may have joined during the download in process 13.

The original seed A may disconnect, but file sharing can still be completed through file sharing of peers. Underlying operations are detailed in Appendix.

Receiving the file part 2; original seed A may disconnect, but file sharing can still be completed through file sharing of peers

Figure 3: Receiving the file after the source has left the swarm

15. A disconnects from the swarm (whilst A can remain in the swarm as long as it likes in order to continue distributing parts of the file, once it has delivered all parts of the file to other machines, it no longer needs to remain in the swarm) 16. The tracker is updated to exclude A from the swarm 17. D finds, downloads and opens the torrent file (process 6 to 8) 18. D connects to the tracker specified in the client 19. D receives information on the seeds and peers currently present in the swarm; peers B and C are present who have parts of the file 20. D is registered as a peer by the tracker 21. D connects to B and C directly, but not to A 22. D exchanges files with B and C (B and C may also be exchanging files with each other during the process of D joining the swarm) 23. So long as B, C, and D are connected, they remain peers accessible by other peers and seeds for further file exchange Notes: - For simplicity reasons, the diagram has only 4 computers, but in reality many more computers can take part simultaneously, exchanging data between each other. - BitTorrent relies on the web (in the general sense) for the distribution of its torrents. Thus users search for torrents via a search on the Internet, rather than within a specified website.

www.idate.org © IDATE 2015 9 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

It should also be noted that the tracker may not be updated (operation 16) during a certain time. D would then connect to the tracker and would try to connect to A (without success) but would still be able to connect to B and C and exchanges files with them.

Interface On a more practical level, for a user to use BitTorrent, he or she must first download a client. A popular client is, for example, utorrent, easily downloadable from utorrent.com. Once the client is downloaded, then the next step is to look for the desired content (discovery). Once the desired .torrent file has been downloaded, by double-clicking it the utorrent client will open automatically, and the file can be downloaded through BitTorrent file sharing. It is worth noting that there are many guides available on the Internet, readily available, explaining how to use BitTorrent and download contents.

DHT, PEX and magnet links As explained in the main text, internal indexes typically use techniques such as DHT, PEX and magnet links. The figure below shows the integration of the 3 techniques in a P2P and trackerless network.

Figure 4: Integration of DHT, PEX and Magnet Links on a P2P and trackerless network

Source: IDATE

DHT – Distributed Hash Table The concept of DHT has been developed, in the P2P area, to avoid the use of centralized trackers (or user database) on P2P networks (and especially Torrent). Rather than having a database of all peers including the list of content provided by each peer centralized in a unique (or few) server, developers made a new kind of decentralized database. With DHT, the content of the whole database is spread on all peers. Each one owns a part of the global database (about 100 peers listed for 1 P2P client user). To avoid that a part of data disappears when a peer is disconnected, each part of the database is duplicated to other peers.

www.idate.org © IDATE 2015 10 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

In the case of BitTorrent, a content index outside the network is still necessary. Indeed, with a trackerless system using DHT, the traditional torrent file is replaced by a Magnet Links (cf. description below). This link allows a peer to find other peers who own the specified content. In the case of P2P clients (such as eMule or the Kademlia network) that use an internal content search engine, there is no centralized content index anymore as they use a DHT to list content stored by peers.

However, most of those clients can work with a DHT and with a centralized tracker. The aim of this idea may be to maximize the probability to find the content on a peer computer.

Magnet Links As explained in the main text, the magnet link is actually the next generation of the torrent file. A magnet link contains a “hash” that can be considered as an ID, unique to a content. It can also contain a tracker address if necessary. Magnet links are actually not “links” but rather a metadata containing at least the content ID. It is not a hyperlink or a link toward a webpage or a server. A magnet link looks like: magnet:?xt=urn:btih:f105dd901e63e3319c2b259b055fbb6e08a65ab5&dn=Star+Wars%3A+Episode+I++ The+Phantom+Menace+%281999%29+1080p+BrRip+x26&tr=udp%3A%2F%2Ftracker.openbittorrent.co m%3A80&tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp%3A%2F%2Ftracker.istole.it%3A6969 &tr=udp%3A%2F%2Ftracker.ccc.de%3A80

However, these links are unique for specific file and not for a specific “content”. For instance, the movie Star Wars episode 1 in its original language may have multiple file versions even if the movie and the song are still the same.

PEX – Peer Exchange PEX is a technique allowing peers to exchange their data stored on their part of DHT, typically peers information. Without any central tracker or entity, peers have to communicate automatically in order for new peers to join the network. PEX then have an important role in the bootstrapping process of a “decentralized” P2P, but cannot be used alone in this process. The initial contact is usually done with the help of a server giving a part of the DHT (usually not up to date) and then a first peer to contact. If a tracker is still available, PEX allows reducing the tracker load, and allows peers to exchange information that they already get from the tracker with other peers. Such a system makes the exchange of information faster, as the tracker may take time to answer a request, in case of a heavy load of tracker.

2.2. Facebook strengthening anti-piracy after complaints from rights holders In May 2015, major TV stations in France (TF1, M6, Canal+ and France Télévisions) sent an official letter to both Facebook and Twitter requesting more measures be taken to fight piracy through social media. The complaint was that their programs were being illegally shared on the social media sites. In June Facebook responded by deploying Audible Magic, a system which uses audio fingerprinting technology to help identify and prevent unauthorized videos from being uploaded (a system whereby uploaded videos are matched against a database containing information on copyrighted contents, provided to Facebook by the rights holders). There are also tools whereby content owners can report to Facebook, upon which illegal videos can be removed by Facebook, and IP policies are in place so that serial offenders can be identified. The idea here is to combat not just TV programs but all “freebooting” activities, where third parties “steal” video content from elsewhere and upload it to Facebook, potentially gaining huge and unfair view counts. Then in August 2015, as explained in the main text, Facebook declared updates to their video management through its blog, enhancing the Audible Magic system and building new video matching technology that will evaluate millions of video uploads quickly and accurately, and when matches are surfaced, publishers will be able to report them to Facebook for removal. This is expected to be tested through a beta launch (as of August 2015). It is in fact similar to the process YouTube has gone through (which in itself could be considered as a social network), which applies a Content ID system scanning uploaded videos against a vast database of videos submitted by copyright holders.

www.idate.org © IDATE 2015 11 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Figure 5: Operating principles of Content ID

Source: Google/YouTube

2.3. Popcorn Time As detailed in the main text, Popcorn Time offers P2P streaming in an easy-to-use Netflix-style interface. Below is a description of the operating principle of Popcorn Time.

Operating principle As it is based on P2P, the movies are not hosted in any server and are streamed using the P2P Bit Torrent protocol. All movies are pulled in from the YIFY movie database. Depending on the content, the application uses different torrents, as for illustration: • Movies are uploaded by YTS. As of June 2015, YTS is the 2nd ranked torrent site, as ranked by Alexa, subsidiary of Amazon Web Service. With a global ranking of 777 (at the time of writing) and India rank of 275, yts.to is one of the most popular torrent websites for movie and TV show addicts. The website is quite popular in India, the United States, Saudi Arabia, Egypt and Pakistan, to name a few. • TV Show episodes from EZTV. TV-torrent distribution group EZTV was a niche site specializing in TV content only. Because of its narrow focus, EZTV’s traffic varies in line with the TV seasons. Despite posting only a few dozen torrents per week it attracts millions of visitors. Created in 2005, it was dissolved in April 2015, after a hostile takeover of their domains and brand by "EZCLOUD LIMITED". EZTV and its RSS website ezRSS are currently blocked by multiple ISPs in Italy and in the UK at the request of MPA and FACT

2.4. Periscope Periscope is a live video streaming application for iOS and Android systems. The service allows users to stream live video from their phones, by using the embedded camera. In March 2015, Twitter paid slightly less than 100 million USD to purchase the company. Periscope claims 10 million accounts, as of early August 2015. Periscope lists the current live broadcast with large, full-width images. During a live stream, the watcher can comment and the broadcaster sees the comments. However, as so few people watch each stream, broadcasters often respond directly on camera. Periscope does not pull in live Twitter responses during Periscope broadcast. Instead, all the comments are Periscope-only. Moreover, those who follow the Periscope link on the original Tweet will be able to watch and engage with the live video in the app (if they have it on their iOS device) or in a pop-up screen (for Desktop and Android users) where they'll still see comments and hearts, but not be able to add any of their own.

www.idate.org © IDATE 2015 12 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Different features are included: • Replay: When the broadcast is over, the broadcaster can make it available for replay so viewers can watch later. Viewers can replay the broadcast with comments and hearts to relive the full experience. Replays currently last 24 hours. The broadcaster can delete the replay at any time. • Private: If the broadcaster wants to broadcast to specific people, he needs to press the ‘Private’ option before going live and choose who he wants to invite to his broadcast. • Twitter: the broadcaster can choose to share his Periscope broadcasts on Twitter by tapping the bird icon before he starts broadcasting. When he goes live, he’ll tweet a link so that his Twitter followers can watch on the web (or in the app). As a reminder, Twitter is the owner of the Periscope application. • Manage notifications: Periscope will suggest people for the broadcaster to follow based on his Twitter network. He can always follow new people, or unfollow them if he doesn’t want to be notified when they go live. He can also adjust notification preferences in Periscope Settings.

Adapted to piracy, the service allows people who did pay for the content to use their smartphones (or tablets) to re-transmit it to users of Periscope. It could also be provided by a person who broadcasts a pirate stream from his TV set. For live events (sports or music concert), this could also be done even by an attendee of the show who has effectively paid his entrance ticket. The quality of the video usually, (very) far away from HD quality, even though the quality of the smartphone camera is improving. Nevertheless, it is free. Indeed, this wouldn't necessarily be acceptable video quality for a movie but for a short-term, highly expensive live event, it has proved workable for many fans. One of the peak consumption moments occurred during the very popular boxing fight in early May 2015, in Las Vegas, between Pacquiao and Mayweather.

The Mayweather-Pacquiao fight cost up to 100 USD to purchase in-home, with exponentially higher fees for bars showing the fight (people paid a 20 USD entrance fee to get into the bar to watch the fight). HBO and Showtime had been aggressive in chasing down sites illegally streaming the fight, filing lawsuits well before Saturday night. So Periscope was privileged by many internet users to circumvent traditional streaming websites.

Figure 6: Screenshot of a Periscope stream, from a TV set (Mayweather-Pacquiao fight, 3rd May 2015)

Source: Periscope

Even fight attendees became broadcasters for the Periscope audience.

www.idate.org © IDATE 2015 13 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

2.5. UltraViolet

Description UltraViolet concept features are described in the table below. Updated information on the system are mainly provided from UltraViolet FAQ (UVDemystified.com/UVfaq.html ) written by Jim Taylor. Ultraviolet Details Availability Service launched commercially in the US in 2011 Available in the other following countries: Australia, Austria, Belgium, Canada, France, Germany, Ireland, Luxembourg, Netherlands, New Zealand, Switzerland and United Kingdom Phased launch: streaming commercially available, download available on UV players only. Common File Format (CFF) still waiting for approval was expected to be launched end of 2014. Origin Initiative started in 2007 with a project called Open Market (from Mitch Singer from Sony) and went public in 2008 under the name Digital Entertainment Content Ecosystem (DECE) DECE is non-profit organization. [Not chartered as a non-profit for tax purposes, but set up as a cost-recovery organization to be self-funding, not to make a profit.] Backed more than 80 members of the DECE consortium including major movie studios, retailers, consumer electronics manufacturers, cable companies, ISPs, network hosting vendors and security vendors Promoted under the brand name UltraViolet in 2010 The Digital Entertainment Group1 (DEG) that promotes home entertainment products is also supporting UltraViolet Main stakeholders • Studios/content providers including Sony Pictures, Universal, 20th Century Fox, Paramount Studios, DreamWorks, BBC • Consumer electronics manufacturers: Philips, Sony, Panasonic, Samsung • Cable companies: Comcast • Technology providers: Rovi, Akamai • Retailers: Amazon, Flixster/Warner, Wal-Mart/Vudu, Barnes&Nobles/Nook, M-Go, CinemaNow/Best Buy, Blinkbox, Target, Sainsbury’s, Nolim/Carrefour Characteristics Type of content Movies and TV shows from UV-enabled vendors (both online and physical retailers). Some services like Flixster may focus on some types of videos (movies only) Only commercial video contents (no personal contents) Still some discussions to extend to music, ebooks, video games and smartphones apps in UV roadmap but with no clear development or plan yet2 Limitations • Up to 6 members within the household (per account) regarding devices • Up to 12 devices for download as offline viewing or progressive download (requiring registered account) Delivery modes • Streaming (up to 3 simultaneous access) • Download (up to 3 simultaneous download files from the same selling retailer) Compatible devices • Windows • Mac • iOS (iPhone and iPad, including AppleTV • Android (including Kindle Fire and Nook tablets) • PlayStation 3 and 4 • Xbox 360 and Xbox One • Roku • Chromecast • Google TV • Plus, connected Blu-ray players, connected TVs, and home media hubs

1 The DEG pushed the launch of DVD and Blu-ray. 2 Jim Taylor, DECE, 2015 “We’ve talked about adding support for music, ebooks, games, and anything else that gives consumers a better experience with UltraViolet’s open ‘digital library’ model.”

www.idate.org © IDATE 2015 14 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Ultraviolet Details Retro-compatibility The feature allowing consumer to add content previously acquired is now supported An "upgrade" with disc-to-digital can be made available from a studio enabling the conversion of an existing purchase to UltraViolet. However, the number of upgradable movies is limited to the content catalogue of UltraViolet. Content location Cloud, physical (DVD, Blu-Ray) and local storage DRM compatibility 5 DRM systems selected allowing restrictions management on a broad range of devices • Google Widevine • Marlin • CMLA-OMA V2 • Microsoft PlayReady • Adobe Primetime DRM Only 2 DRMs were really operable with UltraViolet when it was launched commercially in 2011 It is still the case; Adobe Primetime and Marlin are waiting final approval.

Figure 7: UltraViolet offering

Source: Irdeto

Figure 8: UltraViolet satisfaction

Source: NPD survey on UltraViolet, February 2014

www.idate.org © IDATE 2015 15 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

UltraViolet operating principles The operating principles encompass three main stages: 1. account registration and account/content linking 2. acquisition of rights of the content 3. consumption of content in streaming and/or download modes through a different provider and/or a different device

The first stage is the registration of the user (first member) basically made through an online registration, with a login and a password. This first member of the UltraViolet account can add other members with the same account (up to 6 members). The acquisition of rights of the content stage differs depending how the content title was purchased: physically (physical support, like DVD, Blu-rays) or digitally. This part distinguishes the DRL account upgrade for each case.

Figure 9: Upgrade of the DRL account by the user for digital content purchase

Source: IDATE

Hence, the phase (1) corresponds to the online content purchase of digital content. As illustrated on the figure below, partnered retailers (like Vudu here) allow the user to link their retail account with the Ultraviolet account. Once content is purchased, the Ultraviolet account is automatically upgraded (with the newly purchased title). During the phase (2), the retailer #1 records the transaction in the locker. The phase (3) refers to the registration of the consumer rights defining, for each piece of targeted content, the associated usage rights in terms of access (for instance subscription, video on demand, rental) and in terms of devices authorized (and type of DRM supported). Then the DRL code of the purchased title has been added to the Ultraviolet content library (corresponding to the user’s DRL account). Phases (4) and (5) are confirmation links. The other option is to manually upgrade directly the user’s account. When the user purchases its physical content (a DVD or a Blu-ray with the UV sticker), he upgrades its account by entering itself a code. The objective here is to upgrade purchased discs to the DRL (Disc to Digital). Users are also allowed to purchase the UltraViolet version of their existing physical disc for 2$ for standard definition and 5$ for HD.

www.idate.org © IDATE 2015 16 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Figure 10: Disc to digital process

Source: Vudu

The last stage of UltraViolet principle is the consumption of the content. Today, members are allowed to stream content purchased or downloaded it on UV players from any device and regardless of the content providers. There are five ways for the consumption: • Content consumption in streaming mode from the same device (detailed below) • Content consumption streaming mode using another device • Content consumption streaming mode through different providers • Content consumption in download mode • Additional copy already downloaded

In the first case illustrated below, the consumption of the content is purchased from retailer #1 on a first device (tablet on the figure). The operating principle is quite simple, very similar to usual cloud-based solutions. For the other ways, another device and another provider have been added. So, when streaming from the dame device, once the content is purchased on a retailer site and rights acquired in the UltraViolet account of the consumer, the content can be accessed. The phase (1) indicates the launch of a request to the retailer #1 by the device to play the content by streaming, embedding device specifications (screen’s size, resolution, throughput, etc). Actually at this point, the DRM client requests for a license using an URL that points to the DRL (UltraViolet) as shown in the phase (2). Phases (3) and (4) verify information regarding the account and associated rights. Once verified, the DRL requests the appropriate license to the DRM License Server in the phase (5) while confirming to the Retailer its request. In the same time, the Right Locker gives access of the whole customers' UV collection to the Retailer #1 though an overlay, hence this latter has updated information of the content of the user and associated rights (purchased or not at the given Retailer). The DRM License Server then authorizes content delivery and informs the Locker Access Service Provider to generate the license as well as to stream the content targeted by the user (Phase (7)). Once delivered, the DRM client validates the user and usage rights (descrambling if required). Then the content can be played. It should be noted that usually the Locker Access Service Provider role is done directly by the Retailer.

www.idate.org © IDATE 2015 17 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Figure 11: General scheme for the consumption of content from one device

Source: IDATE.

2.6. Licensed Digital Rights Cloud

www.idate.org © IDATE 2015 18 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Solution Main features Content accessibility CatchMedia Legally delivery of users' licensed content Contents are scanned and matched across multiple devices from anywhere with the Smart Cloud that includes: Features include the synchronization of home • A registry of users and their devices user library • A registry of the users’ content B2B service, CatchMedia is now available in • Digital Service Providers to deliver UK via Carphone Warehouse, in the US via content to specific devices BestBuy and in India via Hungama • The post-acquisition content Contents include: music, video, book digital licences games

Compatible with PC, Android, Blackberry, iPhone, TV sets, cable & satellite receivers and Physical to Digital option available in-car entertainment systems iTunesMatch/iCloud Music purchased from iTunes store (with Music collection stored in iCloud rights) available on every devices • up to 25000 songs Users' music collection stored in iCloud including music from CD or purchased elsewhere from iTunes 24.99$/year (no free option) Compatible devices: iPhone, iPad, iPod touch, Mac, PC, or Apple TV Amazon Cloud player With the Amazon Cloud Player Plus plan Music is stored in the Amazon cloud premium (24.99$/year), users can “store” (scan & match player, accessible through the web, or process) (including music from CD or illegal mobile/dedicated application MP3) in addition to Amazon MP3 files. • Up to 250 000 songs Compatible devices: iPhone, iPad, iPod touch, Mac, PC, Kindle fire, and some connected audio/video devices (e.g. Roku) Google Play Music This service allows users to “store” with a scan Music is stored in the Google Play & match process. Only music from a computer Music cloud can be scanned. • Up to 50000 songs Free option, upgrade for free-ad option and offline mode for 9.99€ per month Contents can be streamed or downloaded from the web platform or through a mobile application. Content can also be shared with Google+ users. The service is only available through the web (PC and Mac) and using an Android App. Apple devices cannot access this service. Source: IDATE

www.idate.org © IDATE 2015 19 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

2.7. Digital copy

Figure 12: The Disney Digital Copy service

Source: Disney

Solution Main features Content accessibility Blinkbox Based on UltraViolet digital copies service The user can redeem an UV code (2$ for standard definition and 5$ for HD) from DVD or Blu-Ray It requires the creation of UV account Vudu (Walmart) Based on UltraViolet digital copies service The user needs to use Vudu To Go (2$ for standard definition and 5$ for HD) application application when It requires the use of Vudu To Go converting DVD or Blu-Ray application Users can also go into any Walmart stores with physical disc where digital copies are created and stored in the Vudu digital locker Disney Disney allows its users to redeem a digital The user has to insert the DVD or copy of some of its titles. The digital copy BluRay Disc on his computer, and can only be downloaded on the user then enter the redemption code. computer, but can be transferred then into The movie is then transferred on multiple devices. The digital copy is a the computer. Windows Media file or an iTunes file (both with DRM). The service is only available in the USA. Video files are compatible with Apple devices and with Windows Media files player. Source: IDATE

www.idate.org © IDATE 2015 20 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

2.8. Procedure to set up private game servers

Source: heroes-wow

www.idate.org © IDATE 2015 21 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

3. Benchmark of lawful offerings

3.1. Content catalogue Benchmark of online video services (October 2015)

Model Bundled SVOD Rental VOD & EST Rental VOD & EST Stand-alone SVOD Stand-alone SVOD OTT linear channels Parent company Amazon.com, Inc. Tesco PLC Apple Inc. Netflix Inc. Sky PLC Country of origin USA UK USA USA UK Price range Amazon Prime Instant video Rental: from 0.99 GBP to Rental: from 0.99 GBP to Free trial for a month then: Entertainment pass: 1 GBP is bundled with Amazon's 3.49 GBP 3.99 GBP • 5.99 GBP per month for the first month then 5.99 GBP Prime membership SD content on 1 screen per month Buy: from 1.89 GBP to Buy: from 5.99 GBP to • 7.49 GBP per month for Free trial for a month then 10.99 GBP 13.99 GBP HD content on 2 screens Movies pass: Free trial for a three plans: • 8.99 GBP per month for month then 9.99 GBP per • 5.99 GBP per month HD content on 4 screens month • 79 GBP per year • 39 GBP per year for Sport pass: from 6.99 GBP to students 9.99 GBP per day Content volume 15 000+ movies & episodes 15 000+ Movies (including 45 000+ films (including 1 000+ movies and 400 TV Entertainment: 13 Pay-TV of TV shows premieres) and TV shows premieres) and 190 000 series channels and 250TV series episodes of TV shows on demand

Movies pass: 1 000+ movies (including up to 16 premieres per month + exclusivity on

Sport pass: 24 hour Sky sport access

www.idate.org © IDATE 2015 22 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Availability PC, Mac PC, Mac PC, Mac PC, Mac PC, Mac

Smartphones: Fire Phone, Smartphones: iPhone, Smartphones: iPhone Managed Networks: Virgin Smartphones: iPhone, iPhone, Android phones Android phones, Windows Media Android phones phone Tablets: Kindle Fire, iPad, Tablets: iPad, Android Tablets: iPad Smartphones: Android Tablets: iPad, Android tablets tablets, Windows tablets Android tablets phones, iPhone, Windows smartphones OTT boxes: Apple TV Smart TV sets: LG Smart TV sets: Samsung, Smart TV sets: Samsung, LG, Toshiba LG, Panasonic and Sony Tablets: Kindle Fire, iPad, Game Consoles: Xbox 360, Android tablets, Windows Xbox One, PS3, PS4 tablets Game Consoles: Wii, Wii U, Game Consoles: Xbox 360, Xbox One, PS3 Xbox 360, Xbox One, PS3, OTT boxes: Now TV box, PS4 Smart TV sets: Gründig, LG, Google Chromecast, Roku, OTT boxes: Fire TV, Fire TV OTT boxes: Google Panasonic Philips, Samsung, Youview Stick, Apple TV Chromecast Sharp, Sony, Toshiba

DVD players: Samsung, LG, DVD players: Samsung, LG Game Consoles: Wii, Wii U, Panasonic, Sony Xbox 360, Xbox One, PS3, PS4

OTT boxes: Apple TV, Roku 3, Youview, Google Chromecast, Nexus Player

DVD players: Panasonic, Samsung, Toshiba, Sony, LG. IDATE according to service publishers

www.idate.org © IDATE 2015 23 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Benchmark of online music streaming services (October 2015)

Model Bundled subscription Media center + stand-alone Media center + stand-alone Stand-alone FTA and Stand-alone subscription streaming service audio streaming service linked audio streaming service subscription audio streaming audio streaming service to proprietary ecosystem linked to proprietary service ecosystem Parent company Amazon.com, Inc. Apple Inc. Google Inc. / Alphabet Inc. Spotify Ltd. Aspiro AB. Country of origin USA USA USA Sweden Norway Price range Amazon Prime Instant 9.99 GBP/month per individual 9.99 GBP/month per Free trial for a month, 20 GBP/month video is bundled with individual then 9.99 GBP/month Amazon's Prime Family plan: 14.99 GBP/month 4.99 GBP for students membership for up to 6 people Family plan: 14.99 GBP/month for up to 6 Free trial for a month then people three plans: • 5.99 GBP per month • 79 GBP per year • 39 GBP per year for students Content 1 million tracks 30 million tracks 18 million tracks 30 million tracks 30 million tracks Availability PC, Mac, Fire Phone, Mac, PC, iOS Smartphones Mac, PC, Android phones, PC, Mac, iPhone, iPad, PC, Mac, iPhone, iPad, iPhone, Android phones, and tablets, WatchOS, Android Android tablets, iPhone, Android Phones, Android Android Phones, Android Kindle Fire, iPad, Android devices (coming autumn 2015) iPad, iPod Touch. tablets. tablets. tablets IDATE according to service publishers. Extra source: Dailymail.co.uk3.

3 http://www.dailymail.co.uk/home/event/article-3119837/Apple-s-launching-new-music-streaming-service-does-stack-rest.html www.idate.org © IDATE 2015 24 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Music: availability of best-selling artists, albums and songs on selected audio streaming services (September 2015)

UK all time best-selling artists UK all time best selling Albums UK 2015 best-selling Artists UK 2015 best-selling Songs 1 The Beatles Queen – Greatest Hits Sam Smith – In the lonely Hour Marc Ronson ft. Bruno Marts – Uptown Funk Av.: None Av.:     Av.:     Av.:      2 Elvis Presley ABBA – Gold: Greatest Hits Ed Sheeran – X Hozier – Take me to Church Av.:     Av.:     Av.:     Av.:     3 Cliff Richard The Beatles – Sgt. Pepper's Lonely Hearts Club Band George Ezra – Wanted on Voyage OMI - Cheerleader Av.:      Av.: None Av.:      Av.:     4 Madonna Adele – 21 Taylor Swift – 1989 Ellie Goulding – Love me like you do Av.:      Av.:      Av.:  Av.:     5 Michael Jackson Oasis – (What's the Story) Morning Glory? Hozier – Hozier Wiz Khalifa ft. Charlie Puth – See you again Av.:     Av.:     Av.:     Av.:     6 Rihanna Thriller – Michael Jackson James Bay – Chaos and the Calm James Bay – Hold Back the River Av.:     Av.:     Av.:     Av.:     Elton John Pink Floyd – The Dark Side of the Moon Noel Gallagher's High Flying – Chasing Yesterday Rihanna/Kanye West/Mc Cartney – Fourfive 7 Seconds Av.:     Av.:     Av.:     Av.:    8 Queen Dire Straits – Brothers in Arms Meghan Trainor – Title Maroon 5 – Sugar Av.:     Av.:     Av.:      Av.:     9 ABBA Bad – Michael Jackson Paloma Faith – A perfect Contradiction Years & years – King Av.:     Av.:    Av.:      Av.:     10 David Bowie Queen – Greatest Hits 2 Mumford & Sons – Wilder Mind Ed Sheeran – Thinking Out Loud Av.:      Av.:     Av.:     Av.:     Officialcharts.com as of 09/21/2015. Services' websites.

Colour code:  Amazon Prime;  Apple Music;  Google Music;  Spotify;  Tidal.

www.idate.org © IDATE 2015 25 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Benchmark of eBook subscription services (October 2015)

Model Subscription online library Reading app linked to online bookstore Subscription online library & online bookstore Parent company Amazon.com, Inc. Apple Inc. Oyster / Highland Capital Partners Country of origin USA USA USA Price range Free trial for a month, From 0.99 GBP Free trial for a month, then 7.99 GBP/month then 9.95 GBP/month Content 700 000 eBooks and Audiobooks 2.5 million eBooks 1+ million eBooks Availability Kindle, Kindle Fire Android, iOS, Windows Mac, iPad, iPhone, iPod Touch. iPhone, iPad, Android, Kindle Fire, Nook HD, Mac, Phone and Blackberry Devices PC IDATE according to service publishers

www.idate.org © IDATE 2015 26 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Books: availability of physical and online best-selling books on subscription services (October 2015)

Amazon UK bestselling books for The Guardian UK top 10 bestselling The Guardian UK top 100 bestselling The Telegraph UK bestselling authors

2015 books of 2014 books of all time of the decade Ella Woodward – Deliciously Ella: Awesome Guinness World Records 2015 Dan Brown – The Da Vinci Code J.K. Rowling 1 ingredients, incredible food that you and your body will love Av.: ×  Av.: × × Av.: ×  × Av.:    2 Paula Hawkins – The Girl on the Train David Walliams – Awful Auntie J.K. Rowling – Harry Potter and the Deathly Hallows Roger Hargreaves Av.: ×  × Av.: ×  Av.:    Av.:   E.L. James – Fifty Shades of Grey Jeff Kinney – The Long Haul: Diary of a Wimpy Kid J.K. Rowling – Harry Potter and the Philosopher's Dan Brown 3 Stone Av.: ×  × Av.: ×  Av.:    Av.: ×   Amelia Freer – Eat. Nourish. Glow: 10 easy steps Lynda Bellingham – There’s Something I’ve Been J.K. Rowling – Harry Potter and the Order of the Jacqueline Wilson 4 for losing weight, looking younger & feeling Dying To Tell You Phoenix healthier Av.: ×  × Av.: ×  × Av.:    Av.: ×   5 Harper Lee – Go Set a Watchman Zoe Sugg – Girl Online E.L. James – Fifty Shades of Grey Terry Pratchett Av.: ×  × Av.: ×  × Av.: ×  × Av.: ×   6 Mary Berry – Mary Berry's Absolute Favourites Gillian Flynn – Gone Girl J.K. Rowling – Harry Potter and the Goblet of Fire John Grisham Av.: ×  Av.: ×  × Av.:    Av.: ×  × Emma Healey – Elizabeth is Missing Jamie Oliver – Jamie’s Comfort Food J.K. Rowling – Harry Potter and the Chamber of Richard Parsons 7 Secret Av.: ×   Av.: × × Av.:    Av.: ×  Jasmine Hemsley – The Art of Eating Well Boris Johnson – Churchill Factor J.K. Rowling – Harry Potter and the Prisoner of Danielle Steel 8 Askaban Av.: ×  Av.: ×  × Av.:    Av.: ×  × 9 Harper Lee – To Kill A Mockingbird Guy Martin – My Autobiography Dan Brown – Angels and Demons James Patterson Av.: ×  × Av.: ×  Av.: ×   Av.: ×  × 10 Jessie Burton – The Miniaturist Tom Kerridge – Best Ever Dishes J.K. Rowling – Harry Potter and the Half Blood Prince Enid Blyton Av.: ×  × Av.: ×  Av.:    Av.: ×  × UK bestselling books for 2015: http://www.amazon.co.uk/gp/bestsellers/2015/books/ref=zg_bsar_cal_ye ; excluding colouring books. UK top 10 bestselling books of 2014: http://www.theguardia n.com/books/2014/dec/23/readers-turn-over-new-leaf-celebrity-memoirs-slip-out-booksellers-top-10 UK top 100 bestselling books of all time: http://www.theguardian.com/news/datablog/2012/aug/09/best-selling-books-all-time-fifty-shades-grey-compare UK bestselling authors of the decade: http://www.telegraph.co.uk/culture/books/6866648/Bestselling-authors-of-the-decade.html

Colour code:  Amazon Kindle Unlimited; × Amazon.com;  Apple iBooks; × iTunes Store;  Oysters Unlimited × Oysterbooks (sales); .

www.idate.org © IDATE 2015 27 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Video games: Top 25 video game distribution websites, based on number of visitors

Rank Name Primary Rank Visitors' country of origin and % of total visitors target user Global USA    1 Steam Hardcore 265 235 USA, 34.0% Japan, 5.0% Russia, 5.0% 2 Battle.net Hardcore 345 282 USA, 35.5% Germany, 7.8% Russia, 6.6% 3 GameStop Hardcore 840 317 USA, 79.0% Mexico, 1.9% Netherlands,1.8% 4 Miniclip.com Casual 1 193 1 619 USA, 19.1% India, 13.8% UK, 7.7% 5 Humble Bundle Hardcore/Indy 1 345 880 USA, 45.7% S.Korea, 5.8% UK, 5.1% 6 Kongregate Indy 1 360 842 USA, 39.4% India, 5.3% Russia, 4.6% 7 Pogo.com Casual 1 713 573 USA, 68.3% Canada, 8.4% UK, 3.4% 8 EA Origin Hardcore 2 213 2 373 USA, 24.7% Russia, 6.7% S. Korea, 6.6% 9 GOG Hardcore 2 296 1 962 USA, 35.5% Russia, 6.9% UK, 6.1% 10 Big Fish Games Casual 2 842 1 623 USA, 38.8% UK, 7.9% Australia, 5.0% 11 Greenman Gaming Hardcore 4 931 3 178 USA, 43.5% UK, 7.7% Japan, 6.4% 12 Bundle Stars Hardcore 6 270 4 083 USA, 30.7% S.Korea, 8.2% Japan, 7.2% 13 IndieGala Indy 7 765 5 082 USA, 27.0% S.Korea, 14.3% Russia 6.7% 14 My Real Games Casual 11 100 n.a. India, 16.2% Pakistan, 12.6% Indonesia, 7.3% 15 Gamersgate Casual 11 967 9 128 USA, 29.6% S.Korea, 11.9% Japan, 10.7% 16 Shockwave.com Casual 12 466 5 546 USA, 42.8% UK, 5.9% Russia, 5.8% 17 Game House Casual 17 125 8 187 USA, 40.9% India, 6.7% Indonesia, 5.4% 18 Itch.io Indy 21 161 8 252 USA, 45.6% France, 4.5% UK, 3.9% 19 Nuuvem Hardcore 21 551 26 513 S.Korea, 24.3% Brazil, 21.7% USA, 19.1% 20 Desura Indy 24 936 15 375 USA, 32.9% Russia, 5.7% UK, 5.3% 21 GamesPlanet Hardcore 44 460 n.a. S.Korea, 28.2% France, 12.2% Germany, 11.9% 22 Direct 2 Drive Hardcore 74 635 38 918 USA, 62.1% UK, 10.8% Canada, 3.5% 23 IndieGameStand Hardcore 88 496 45 923 USA, 33.5% Singapore, 11.4% UK, 4.5% 24 Gamesrocket Hardcore 124 457 82 710 USA, 24.8% Germany, 20.5% Spain, 14.2% 25 GamesRepublic Hardcore 170 742 114 205 USA, 42.5% Germany, 4.9% n.a. Source: IDATE, from Alexa.com, Video Games in the Cloud, June 2015

www.idate.org © IDATE 2015 28 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Video games: Top 10 game publishers on Facebook

Rank Publisher Best title ranked No. of applications of the editor 1 King Candy Crush Saga 19 2 Zynga Texas HoldEm Poker 122 3 Supercell Hay Day 2 4 Social Point Dragon City 29 5 Peak Games Spades Plus 36 6 Miniclip.com 8 Ball Pool 16 7 Etermax Trivia Crack 4 8 Pretty Simple Criminal Case 3 9 Kiloo Games Subway Surfers 1 10 SGN Cookie Jam 80 Source: Appdata, April 2015

www.idate.org © IDATE 2015 29 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

3.2. Technical limits

Benchmark of restrictions of lawful offerings (October 2015)

Type of Service Paid service Compatible OS Compatible Number of Delivery Number of Simultaneous Storage DRM Other content name device devices modes users/Sharing usage options restricions limitations Video Netflix Yes, Mac OS, iOS, Android devices, Currently Streaming 1 account only, Yes, Cloud DRM- 3 paying Android, smart iPad, iPhone, MAC implicitly Including 5 1 stream allowed protected, packages: TV, set-top box, and PCs, Amazon unlimited (as individual profiles for basic users, 2 Microsoft (Basic, media streamer, Fire Phone, Apple of September linked to a single or 4 streams for Silverlight Standard, Blu-ray players, TV, Windows 2015); Netflix account other packages Premium) Game console, Phone devices; Limited to 6 Home cinema YouView box; registered system LG Roku, Western devices per Digital streamer; account until Samsung, LG, 2013 Sony, Panasonic & Philips Blu-ray players; PS3, PS4, Xbox 360, Xbox One, Wii U, Wii, Xbox 360, Xbox One Video Amazon Yes, Mac OS, iOS, iPad, iPhone, Implicitly Streaming, 1 account only Yes, Cloud + DRM- Instant -Pay per Android, smart Kindle Fire tablet; unlimited for Download On 2 devices Local protected, Video consumption TV, set-top box, MAC & PCs; streaming (impossible to Discs for Widevine; -One-year media streamer, Amazon Fire TV; Per purchased stream the same hard-copy Microsoft Prime Blu-ray players, LG, Sony & video could be video rental Silverlight package; Game console, Samsung, smart downloaded to simultaneously) Home cinema TVs & Blu-ray -Digital up to 2 system players; Xbox 360, devices; rental+hard PS3, PS4, Wii, Wii copy rental by Per rental U; Sony set-top video limited to LoveFilm by boxes & home Post one device; cinema set Prime users have extra download limit Video iTunes Yes, iOS, MAC OS, iPhone, iPod touch, 10 devices Download 6 Apple IDs Yes, iCloud+ DRM- Purchase or Windows 7 and iPad and Apple TV, including up to to iTunes (account) for numbers not Local protected, rental per later PC and MAC 5 computers library Family sharing specified FairPlay consumption

www.idate.org © IDATE 2015 30 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Type of Service Paid service Compatible OS Compatible Number of Delivery Number of Simultaneous Storage DRM Other content name device devices modes users/Sharing usage options restricions limitations Video Now TV Yes Mac OS, iOS, Now TV streaming 4 devices (1 Streaming 1 account only 2 devices Cloud DRM- (Sky) Android, smart box; iPad, iPhone, changed per protected, TV, set-top box, Android devices, month) Microsoft media streamer, PC or Mac; Apple Silverlight Blu-ray players, TV, LG Smart TVs, Game console YouView boxes, Roku; PS3, PS4, Xbox 360, Xbox One, Google Chromecast Video Blinkbox Yes, Mac OS, iOS, iPhone, iPad, Up to 5 Streaming, 1 account only Not allowed Cloud+Loc DRM- Purchase or Android, smart Android devices, devices for Download al protected, rental per TV, set-top box, Windows 8 tablets; video Microsoft consumption media streamer, PC or Mac; purchase Silverlight Blu-ray players, Samsung, Philips, (in case of Game console LG & Toshiba rental, Smart TVs; LG & restriction on 1 Samsung Blu-ray device to players ; LG boxes, stream a Philips boxes downloaded Technika boxes; video, 2 Xbox 360, PS3, devices if Xbox One, Google streaming) Chromecast Hosting Dropbox Free for basic Web, Android, Desktop; iPhone, No limitation Download 1 account only for Yes, Cloud + DRM-free 10GB or service iOS, BlackBerry iPad, mac; Android basic users; implicitly Local less/file Paying OS, Windows phones & tablets, Multiple accounts unlimited (2GB for uploaded features XP and later, Windows phones & for paying users basic through the Linux, Mac OS tablets; (numbers not users; website Kindle Fire; specified) 1T or more Blackberry for paying consumers ) Hosting iCloud No: 5GB iOS, MAC OS, iPhone, iPad, MAC, No limitation Download 1 account only Yes, Cloud + DRM-free Yes: Windows 7 and iPod touch, PC with implicitly Local) 20 GB - 1 TB later Windows unlimited Music iTunes Yes, iOS 5.0.1 and iPhone, iPad, MAC, 10 devices, Download 1 account only Yes, numbers not iCloud + DRM-free (storage) Match Yearly later, MAC OS iPod touch, Apple including up to specified Local (though subscription TV 5 computers DRM- protected music can be played)

www.idate.org © IDATE 2015 31 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Type of Service Paid service Compatible OS Compatible Number of Delivery Number of Simultaneous Storage DRM Other content name device devices modes users/Sharing usage options restricions limitations

Music Apple Music Yes (9.99£ for iOS, Watch OS, iPhone, iPad, Mac, 10 devices, Streaming, 1 Apple ID for Yes for Family iCloud + DRM- Up to 30 single MAC OS, iPod touch, PC, including up to Offline local Single; 6 Apple membership, Local for protected, days for membership Windows 7 and coming to Apple TV 5 computers device IDs (account) for device number offline FairPlay offline and 14.99£ later, coming to & Android devices playing family restriction not mode playing, for family Android in fall the fall 2015 membership specified online sharing 2015 connection is option) required to activate offline mode Music Spotify Free Basic Windows XP IPhone, iPad, Mac; Unlimited Streaming, Free Basic users Not allowed (1 Cloud + DRM- Up to 30 service; and later, Linux, Android phones & devices for Offline local not specified, track only) Local for protected, days for Paying Mac OS, tablets; streaming device implicitly (1 Yes for Family offline proprietary offline Premium Android, iOS, Windows phones & mode playing for account only); plan, device mode solution playing, services Symbian, Web computers; 3 devices for premium Up to 5 accounts number online (29.99£ when syncing offline users for Premium restriction not connection is Amazon Kindle required to adding 5 Fire; playlist Family Plan specified profiles to the activate account) Third parties’ offline mode devices: Samsung Smart TV, Sonos, Squeezebox, Telia Digital-tv, TiVo, WD TV, Onkyo, Parrot, Car system, etc. Music Amazon Yes, iOS 6 and later, Fire tablets (except Implicitly Streaming, 1 account only Not allowed (1 Cloud + DRM-free Up to 30 Prime Music Amazon Mac OS, Kindle Fire 1st unlimited Offline local track only) local, days for Prime Android 4.0 and Generation), Fire 4 devices for device Export offline subscription later, Fire OS, phone, Amazon offline mode playing outside of playing, Windows, Fire TV, Fire TV Amazon online Amazon.com Stick, Music app connection is Amazon Echo; impossible required to iPad, iPhone, iPod activate touch, PC & Mac; offline mode Android devices Music Amazon Yes, iOS, Mac OS, Fire tablets (except 10 devices Streaming, 1 account only Not allowed Cloud + DRM-free Cloud player app is free, Android 4.0 and Kindle Fire 1st Offline local local, (Amazon music should later, Fire OS, Generation), Fire device Export Music app) be purchased Windows, phone, Amazon playing possible to from Amazon Amazon.com, Fire TV, Fire TV Windows music store Amazon music- Stick, Media enabled car Amazon Echo; Player or system iPad, iPhone, iPod iTunes on www.idate.org © IDATE 2015 32 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Type of Service Paid service Compatible OS Compatible Number of Delivery Number of Simultaneous Storage DRM Other content name device devices modes users/Sharing usage options restricions limitations touch, PC & Mac; MAC and Android devices, PCs Roku, Sonos, Samsung Smart TV and Home Audio Products, BMW, Ford and Mini Music Google Play Yes, Android, iOS, Android phones 10 devices (up Streaming, 1 account only Not allowed Cloud + DRM- Music All Monthly Web and tablets, to 5 Offline local Local for protected, Access suscription iPhone, iPad, iPod smartphones) device offline Widevine Touch, MAC; including 4 playing mode Chromecast, device Android TV, Sonos deactivations per year Music Tidal Yes, Windows XP iPhone, iPad, Mac; Implicitly Streaming, 1 account only Not allowed Cloud + Implicitly with 2 paying and later, Linux, Android devices; unlimited Offline local Local for DRM, not packages: Mac OS, Web Player on 3 devices for device offline clearly Premium & Android, iOS, PCs; offline mode playing mode specified Tidal HiFi Web Home Audio Players (IXON, Linn, etc.); Sonos Book iBooks Yes, iOS, Mac OS iPhone, iPad, iPod 10 devices, Download 6 Apple IDs Yes, iCloud+ DRM- Purchase or touch, Mac including up to (account) for Limited to Local+ protected, rental per 5 computers Family sharing; number of Print PDFs FairPlay consumption devices Book Amazon Yes, Fire OS, iOS, iPhone, iPad, Mac Generally 6 Download 6 accounts for Yes, Cloud + DRM- Kindle Purchase per MAC OS, and iPod touch, devices, other family program: 2 Limited to local protected, consumption Android, Android, Samsung, limits on the adults and up to 4 number of Local only KF8, BlackBerry OS, PC Windows 8, number for children devices available Mobipocket, Window, Kindle E-Readers specific books to account Topaz Webapp 3.4 and later, owner, not Kindle Cloud to invited Reader; Fire tablet accounts and phone, Amazon Fire TV devices, Amazon Echo

Book Oyster*(Netfl Yes, iOS 7.1 and iPhone, iPad, iPod 6 devices Streaming, 1 account only Not specified Cloud + DRM- Offline www.idate.org © IDATE 2015 33 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Type of Service Paid service Compatible OS Compatible Number of Delivery Number of Simultaneous Storage DRM Other content name device devices modes users/Sharing usage options restricions limitations ix for books) -Monthly later, Android Touch; Android Download local protected, reading subscription; 4.0 and later, devices; non-first for offline Proprietary limited to 10 -Purchase per web reader via generation Kindle reading & solution most book the Chrome, Fire; Nook HD; purchase recently- Safari & Firefox PCs through web opened reader books Software Apple App Free and iOS iPhone, iPad, iPod 10 devices, Download 6 Apple IDs Not specified, Local DRM- Store paying apps Touch, Apple including up to (account) for Implicitly protected, Watch 5 computers Family sharing unlimited FairPlay Software Google Play Free and Android Android Not specified, Download 1 account only Not specified, Local DRM- paying apps smartphone and Implicitly Implicitly protected, tablet unlimited unlimited Widevine Video Steam Free and Windows, PC, Mac, Linux 10 devices Online + 5 accounts via Not allowed (1 Cloud + Some games paying games Mac OS X, box, mobile device, offline for Family Sharing player only) local for DRM- games may SteamOS+Linux television single- offline protected and be , player single DRM-free unavailable Android, iOS games player games for sharing Proprietary solution Video Battle.net Yes Windows, Mac PC, Mac, mobile Not specified, Online 1 account (can be Not allowed Cloud Games games OS, Android, device, television Implicitly shared between protected with iOS unlimited to legal guardian proprietary mobile devices and a single solution minor child) Video Miniclip.com No iOS, Android, PC (web browser), Not specified, Online + 1 account n/a Cloud + Games games Web Android phone & Implicitly In-app (sharing not local protected with tablet, iPhone, unlimited playing specified) proprietary iPad, iPod Touch & solution MAC, Windows Phone

*Oyster: In September 2015, the co-founders of Oyster announced in its blog the coming close down of its Oyster services over the next few months, and that customers’ requests for refunds over the next few weeks would be honored.

www.idate.org © IDATE 2015 34 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Delivery modes

Table 3: Delivery modes and limitations for the different solutions Type of services Streaming feature Download feature Digital Rights Lockers Yes (often the main option, some Yes (with limits) limits) Personal Cloud No (optional, only a few operating Yes (main option, no limits) systems) Licensed Digital Rights Cloud Yes Yes Video service Yes (as the main option) Yes (few services) Music service Yes (as the main option) Yes (increasingly included in the prime option) Books No (Oyster, the only existing ebook Yes (as the main option) streaming service will shut down) Software No Yes (as the main option) Video games Yes (as the main option) No Source: IDATE

Storage options The type of storage is directly linked to the delivery mode and is also influenced by both technical and business issues. Clearly, content storage on consumer equipment is not necessary with rentals or subscriptions and with streaming delivery modes, which by nature use cloud-based storage. Cloud-based providers and device players are also likely to have different strategies. The importance of the different players is likely to influence the preferred option for storage. Device players such as Amazon (with its Kindle) and Apple are notably pushing local storage in addition to other forms of storage.

Table 4: Storage options for the different solutions Type of services Cloud Local Device Physical media Digital Rights Lockers Yes (main storage) Yes Yes (DVDs/BRs, but also SD cards) Personal Cloud Yes (main storage) Yes No Licensed Digital Rights Cloud Yes Yes (main storage) No Video service Yes (main storage) Yes Yes (few) Music service Yes (main storage) Yes only for offline mode No Books Yes (main storage) Yes (main storage) No Software No Yes (main storage) No Video games Yes Yes No Source: IDATE

Content protection used by service providers is the detection of irregular activities of content. Different solutions exist in Automatic Content Recognition such as Content ID used by YouTube, while other names include Audible Magic used by Facebook, discussed below. The system is based on ensuring copyright compliance.

www.idate.org © IDATE 2015 35 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

3.3. Reasons for infringing

Figure 13: Reasons for infringing

Source: Online Copyright Infringement Tracker

Figure 14: Perception of content availability

Source: Digital Entertainment Survey 2013, Wiggin (www.des2013.co.uk)

www.idate.org © IDATE 2015 36 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

4. Unauthorised content techniques

4.1. Detection solution providers The table below provides an assessment describing the capability of the solutions described above to detect consumers distributing or accessing unauthorised copies of content.

Table 5: Assessment of the different detection solutions Company name Content Content Type of Downloaders Uploaders Robustness detection analysis detection detection detection and scalability Hologram Automated Automated Direct, but No Yes No false Industries queries of analysis of real don’t share First positive (Acquired keywords content using the content uploaders (according to Advestigo in fingerprinting (no upload) may be them) 2009) technology detected, Scalability but this is depends on not computing guaranteed power and memory Irdeto USA Automated Automated Direct and Yes (through Yes, No (previously queries of analysis of real Indirect indirect including information BayTSP) keywords content method) first on false constantly (combination of uploaders positives scanning fingerprinting (Early IP detection the file and Propagator process is sharing watermarking product) robust for networks technologies) uploaders and human only review Scalability depends on computing power and memory MarkMonitor Automated Depends on the Direct Yes Yes, No false (previously queries of type of content including positive DtecNet), keywords and customer first (according to acquired by requirements uploaders them) Thomson (manual (according Scalability Reuteurs analysis for to them) depends on games and computing software / power and fingerprinting for memory audio / watermarking for video) Peer Media Automated Automated Direct Yes Yes, No false Technologies - queries of analysis of real including positive (cf. ArtistDirect keywords content (use of first Advestigo) (previously Advestigo uploaders Scalability MediaSentry and fingerprinting (Early Leek) depends on MediaDefender) technology) computing power and memory

www.idate.org © IDATE 2015 37 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Company name Content Content Type of Downloaders Uploaders Robustness detection analysis detection detection detection and scalability TMG (Trident N/A N/A Direct, with Yes Yes Scalability Media Guard) false First depends on information uploaders computing sent to the are not power and tracker and specifically memory no upload targeted Source: IDATE

4.2. Case of wrong detections

In some cases, even when using the solutions or techniques presented above, copyright holders may collect erroneous IP addresses. Main reasons for wrong identification can come from: • technical solution itself generating false positive • initiatives from end-users willingly adding false positive solutions • Anonymity solutions used by infringers to prevent their identification such as IP spoofing, the use of an anonymous proxy server, a VPN or onion routing to access file sharing networks, or the use of a seedbox (see following section).

A detection company will provide to an ISP the following typical report. Typical infringement report

Title: Dead Like Me - Season 2 Infringement Source: BitTorrent Initial Infringement Timestamp: 5 Aug 2004 11:02:55 GMT Recent Infringement Timestamp: 5 Aug 2004 17:04:46 GMT Infringer Username: Infringing Filename: dead.like.me.s02e02.the.ledger.dvd-rip.xvid.dd3.avi Infringing Filesize: 362383360 Infringers IP Address: 68.11.102.162 Infringers DNS Name: ip68-11-102-162.no.no.cox.net Infringing URL: 68.11.102.162:6883/dead.like.me.s02e02.the.ledger.dvd-rip.xvid.dd3.avi

The error can therefore mostly come from an error on one of the following elements: • the content itself • the timestamp • the IP address

Fake content The content itself may be a source of error. Indeed, the content downloaded or uploaded may be fake, which means that the file name may not correspond to the right content. The file name may either correspond to some other infringed content or to content with no specific rights. Fake files are most of the time found on P2P networks. However, in order to reduce the pollution level, some torrent sites may manually inspect new content, in order to remove fake content, content with low perceptual quality, and content with incorrect naming. In that case, the error comes from directly the content itself which is fact not really infringed in the first place.

www.idate.org © IDATE 2015 38 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Wifi access When connecting through a Wifi router (either at home or at a company), the IP address that is seen by a third party to exchange data is not the IP address of the end-user (and its associated computer) but that of the router itself. The user’s computer has a private IP address (e.g. 192.168.0.2). However, the recipient does not know this address. The problem is solved by a solution called NAT router, integrated into almost all routers, which is in charge of substituting its private address by the public IP address that the ISP assigns to the network (e.g. 90.80.34.202) and a free random port number (9000). Hence, even in a local network case, only the (public) IP address of the modem is used during external communication. In the case of a Wifi home router, errors can come from the fact that the actual end-user may not be the owner of the box, in case of connection to the router through a wireless access, especially through WiFi. In that case, the detected IP address is right but the real pirate may not be the one that is directly in control of it. In the case of a public Wifi hotspot, the network is mostly operated by a public administration or by a commercial company offering the service for free to its unregistered customers like McDonalds. It can also be operated by a regular WiFi ISP (either dependent from a wireline or wireless telco, or a pure player like The Cloud). It should be noted that a few ISP already stand out on this topic. Indeed, some ISPs assign new IP address to public network users as they (outside the home network) could be better identified and could also benefit from the same features (like in their home, P2P for instance). Technically, they use an authentication on a web interface, such as BT for its partnership with FON (using another CPE than the regular Fonera) or Free with http://wifi.free.fr. Indeed, the Free ISP provides several IP addresses on their WiFi router. With this approach, the CPE owner’s IP address is not detected. It is the IP address of the pirate that would be detected.

Pollution of trackers in BitTorrent or similar technologies With BitTorrent or similar technologies, trackers are used by clients to obtain the IP addresses of other peers associated with a torrent, and to exchange the client's transfer statistics. Clients contact the tracker which responds with the addresses of the other peers. The tracker does not know which nodes have which pieces; its job is simply to tell its clients where to find each other. Some BitTorrent tracker implementations support an optional extension that allows clients to specify a different IP address that the tracker should record in its list of peers instead of the actual client’s address. This is intended to provide support for proxy servers, peers behind NAT routers, etc. But this may lead to incorrect IP addresses being reported. Indeed, the standard tracker protocol is based on HTTP, which allows malicious clients to easily update the tracker with arbitrary IP addresses, thus declaring them as peers, and implicating them in the swarm, though they might have never downloaded or uploaded the content. Since BitTorrent trackers do not include any sanity check, meaning that IP addresses are not checked, nothing prevents this from happening. Consequently, anti-piracy companies using an indirect detection mechanism based on the observation of the tracker, and which gather all the IP addresses associated to a tracker without checking that they are really involved in the swarm, may encounter a certain amount of false positives.

www.idate.org © IDATE 2015 39 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

1. Peers 1 2 3 are connected to tracker 2. Peers 1 2 3 update the tracker with their IP address

Peer 1

Tracker

Peer 2 6. A-P connects to tracker 7. A-P receives info on peers

Peer 3 List of IP addresses issued by the tracker Swarm Torrent website 3. X connects to tracker 4. X updates tracker with 5. A-P downloads torrent forged IP addresses Computer X

Torrent Computer A-P Tracker data Connection 8. A-P has a list of infringing IP addresses including false positives

Actually, this is the main reason why malicious clients started polluting trackers: tracker owners are aware of such methods used by anti-piracy companies, and trick them by polluting the list of IP addresses the tracker returns. Some academics were even able to have their printer receive a DMCA takedown notice after updating trackers with some networked printers’ IP addresses4. Though polluting trackers degrades the overall performance and costs extra traffic and connections, it is one of the techniques The Pirate Bay used, for example, to show how inaccurate such an IP detection method is and to force copyright holders to acquire hard evidence against file sharers. This error can be avoided with the direct detection method, in which the detection company will exchange data with the user.

Man-in-the-middle attacks In a man-in-the-middle attack (MITM), the attacker inserts himself between two nodes without being detected. He can then choose to stay undetected and spy on the communication or more actively manipulate the communication. He can achieve this by inserting, dropping or retransmitting previous messages in the data stream. A man-in-the-middle attack is thus a form of active eavesdropping in which the attacker makes the victims believe that they are talking directly to each other, when in fact the entire conversation is controlled by the attacker.

4 Michael Piatek, Tadayoshi Kohno, Arvind Krishnamurthy, Challenges and Directions for Monitoring P2P File Sharing Networks – or – Why My Printer Received a DMCA Takedown Notice

www.idate.org © IDATE 2015 40 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Figure 15: Man-in-the-middle attack

Intended connection

Computer A Computer B

3. Attacker sends message to B 1. A sends a message to B 4. B thinks it comes from A

MITM attacker 2. Attacker intercepts message

Source: IDATE

Man-in-the-middle attacks have become popular network-based attacks as they are quite straightforward. In particular, this type of attack is a common risk to web-based financial transaction systems - e.g., e- business websites, payment gateways, online banking, insurance and credit card servicing platforms. Man-in-the-middle attacks may indeed lead to identity thefts and financial frauds, as the attacker might be able to intercept the public key, modify it and provide a different public key instead. To prevent such attacks, most cryptographic protocols include some form of endpoint authentication, like SSL.

The errors presented before in this section have very different levels of impact, as the errors have different origins and would impact different types of users: • the type of error (linked to IP source or linked to the content). If the error is related to the content itself, the direct method will not provide an error, as the content will be checked anyway. Other type of errors may apply to all forms of detection. • the type of users that could be concerned by such errors (tech-savvy vs regular users, Wi-Fi users, etc…).

Major errors would impact all forms of detection, even though the indirect method is clearly less reliable because of the possibility to alter trackers or to distribute fake contents. But the direct detection has also some flaws, especially in the case of Wi-Fi router. A few major errors could come from active users wanting to create difficulties for detection companies by deliberately accusing innocent people in an attempt to show that traditional detection techniques are inefficient. Fake content, piggybacking on Wi-Fi access, botnets or even man-in-the-middle attacks can be classified in that area. They still should have an overall low to medium impact as they could only be initiated by a few tech-savvy users. They are therefore not really scalable. The major remaining error, not coming from “activists” is clearly open wireless access with set-top boxes enabling access to a large number of people, without the knowledge of the Wi-Fi router owner. Numerous errors could be expected there, even with the detection method.

www.idate.org © IDATE 2015 41 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Table 6: Analysis of cases ending up in detection errors Type of erroneous Type of Detection Type of users Overall Potential counter- identification/false error method risk measure positive impacted Fake content Content Indirect Any user High Use watermarking or downloading fingerprinting technology the content to automatically check content When downloading, check comments/ratings or the names of the parts uploaded by other peers Open wireless access IP All Any user on High Provide 2 IP addresses (1 address/User WiFi for public usage, 1 for private usage) Piracy on secure Wi-Fi IP address All Any user on Medium for Upgrade encryption keys access /User WiFi with low encryption Enable a list of restricted security Low for MAC addresses settings MAC Pollution of trackers in IP address Indirect Possibly any Medium Connect to the user and BitTorrent or similar Internet user or exchange content technologies machine Man-in-the-middle IP address All Possibly any Low Connect to the user and attacks Internet user or exchange content machine Source: IDATE

4.3. List of major privacy techniques The table below lists the privacy techniques described in the main body text, with complementary diagrams for VPN, Onion Routing and seedboxes.

Table 7: Main add-on privacy techniques are the following: Anonymity solutions Short description of the solution To be used with Blocklist software Software that avoids accessing a server or a computer to specific IP P2P address. Blocklists have become a common method employed by users to avoid systematic monitoring. Users prevent any suspect third party (like anti-piracy monitoring agents) from scanning and monitoring the traffic activity to their computer. Anonymous proxy server An anonymous proxy server generally attempts to anonymize web P2P, DDL, surfing. The targeted server receives requests from the anonymizing streaming proxy server, and thus does not receive information about the end user's address. However, the requests are not anonymous to the anonymizing proxy server. Virtual private network Computer network that is implemented in an additional software P2P, DDL, (VPN) layer (overlay) on top of an existing larger network for the purpose of streaming creating a private scope of computer communications or providing a secure extension of a private network into an insecure network such as the Internet. Onion Routing Messages are repeatedly encrypted and then sent through several P2P, DDL network nodes called onion routers. Each onion router removes a layer of encryption to uncover routing instructions, and sends the message to the next router where this is repeated. This prevents these intermediary nodes from knowing the origin, destination, and contents of the message. Seedbox Private dedicated server used for the uploading and downloading of P2P digital files. (BitTorrent) Source: IDATE

www.idate.org © IDATE 2015 42 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

The figure below shows how a VPN can be used in conjunction with BitTorrent in order to avoid detection by anti-piracy authorities.

Figure 16: Operating principles of VPN

The figure below shows how TOR (The Onion Router) works when a computer X wants to send a message or a file to computer Y:

Figure 17: Operating principles of TOR

The figure below shows the operating principles of seedboxes, where the user remains hidden in a similar way to proxies.

www.idate.org © IDATE 2015 43 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Figure 18: Operating principles of seedboxes

Table 8: Main “new” piracy systems include the following Anonymity Short description of the solution Examples of solutions solution Anonymous P2P Peer-to-peer distributed application in which the nodes or participants are I2P application anonymous or pseudonymous. Anonymity of participants is usually achieved based, iMule, by special routing overlay networks that hide the physical location of each StealthNet, node from other participants. Encrypted P2P In this P2P application, files are encrypted for the transfer, and decrypted after I2P application the reception. Some P2P applications can both be anonymous and use based encryption for files transfer. Friend-to-Friend Type of peer-to-peer network in which users only make direct connections with OneSwarm, (F2F or people they know. Passwords or digital signatures can be used for Freenet, GNUnet, Darknets) authentication. Retroshare F2F networks which do not offer automatic anonymous forwarding are ordinary private P2P networks. Encrypted cloud Cloud storage services that encrypts files when stored on the service Mega storage provider’s servers, and during the download and upload process. Moreover, to access a file, the “downloader” has to get the unique key, related to the file. This key can be got integrated in the download link, or separated. Source: IDATE

The figure below shows the mechanism of anonymous P2P transfers, where the file transfer is done through multiple intermediaries (with an Anti-Piracy peer in this case). In this figure, Peer 1 sends a copyrighted file to the A-P computer, through peer 2 and peer 3.

www.idate.org © IDATE 2015 44 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Figure 19: Anonymous P2P file transfer (with an Anti-Piracy peer)

Source: IDATE

4.4. Blocking by legitimate services During the summer of 2014 Sony Pictures conducted research to identify the IP-ranges of various VPNs and proxies. These results were shared with Netflix and other streaming services so they could take action and expand their blocklists where needed.

www.idate.org © IDATE 2015 45 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

4.5. Freenet & F2F Here, the example of Freenet will be used to explain the operating principle in more detail. Freenet is one of the most famous F2F networks, aiming to provide freedom of speech through a P2P network with strong protection of anonymity and is notably used for the distribution of censored information all over the world including countries such as China and the Middle East. In the diagram below, computer A requests some data and computer D has this data. In a darknet configuration, A and B are friends, meaning that if B had the data, it would send it directly to A. Here is how it works: 1. A requests the data to B. B doesn’t have the data, B has 3 other friends (C, E and F) in the network 2. B forwards the request to C 3. C doesn’t have the data and doesn’t have any other friends: it is a dead-end 4. B forwards the request to E 5. E doesn’t have the data but has another friend, F, so E forwards the request to F 6. F doesn’t have the data but has another friend, B, so F forwards the request to B 7. B has already received a similar request so B identifies a loop and tells F that it doesn’t have the data 8. F forwards the message (request failed) to E 9. E has another friend, D, so E forwards the request to D 10. D has the data, so D sends the data to E 11. E forwards the data to B 12. B forwards the data to A

Some of the most popular F2F clients include Freenet and OneSwarm, with various others such as GNUnet, Tribler and RetroShare. It should also be noted that the term “darknet” is increasingly becoming used to refer to the “dark web”, including services such as Tor and I2P which contain “hidden services” through an overlay network (such as the black market “Silk Road” existing within I2P and Tor, as explained earlier).

www.idate.org © IDATE 2015 46 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

4.6. BGP blocking BGP is the core routing protocol of the Internet. BGP blocking relies on the principle of re- routing specific IP addresses to be blocked to a router that implements a particular treatment to this traffic. It uses the BGP protocol that routes traffic in the IP network between autonomous systems (AS) and uses aggregation of routes in order to limit the size of routing tables. This protocol was originally only supported by core network routers or peering routers with learning routes functionalities from routers to which they are interconnected. But increasingly routers today have this capability. Therefore, this blocking can be implemented at any level of the ISP network.

Operating principle BGP blocking, in all its forms, is based on the implementation of a BGP router which announces specific routes to its neighbours. With a blocking purpose, this router will announce to the rest of the network equipment the list of IP addresses of sites to be blocked. Dynamically, each packet (having its destination IP address a site to be blocked) is redirected to the specific BGP router. Even though this general principle remains valid, many implementation options exist depending on who hosts the BGP router.

Option 1: BGP router is hosted by the authorities Here, the goal is to falsify routes announcement to the IP addresses to be blocked at a BGP router level and that will be made available to ISPs by the authorities (or a subcontractor of the authorities). The router can be located at a colocation centre (also called Internet eXchange Point – IXP) where all ISPs are already interconnected. It will then interconnect with the peering routers of each ISP. The list of IP addresses of sites to block will be updated at the level of that BGP router which will publish the routes announcement to other networks dynamically. In the end, it could be compared with a situation with two ISPs interconnected through a peering agreement. This technique is commonly known as “Sink Hole”. Specifically, the BGP announcement router told its neighbours the routes towards the addresses with the highest local preference. This means that announced routes will be systematically used by the packets, even though there are different from the actual routes in a non blocking situation. This option has the advantage of being similar for all ISPs which are interconnected with the specific BGP router. They therefore do not have to manage the IP address list or update their router configurations.

Option 2: BGP router announcements are hosted by ISPs In case the authorities do not wish to centralize the BGP router, each ISP must set up such a router in the network. The lists of IP addresses to block are regularly received from the authorities and injected into the BGP router. Everything else works in the same way, with the simple difference that the authorities no longer host any equipment. The impact to the ISP is the implementation in its network of one or more announcement BGP routers and a specific information system. Compared to Option 1, this implies additional investment and operating costs.

Option 3: BGP blocking with URL inspection (instead of IP addresses) There is a third BGP blocking implementation option but it is conditional on the provision by the authorities of a list of URLs of websites to block, not just a list of IP addresses. By announcing the routes for these IP addresses to the rest of the network, it attracts and concentrates all suspect IP traffic. Unlike the two previous options, the treatment does not end at the BGP router. The latter relays the traffic to a DPI server that analyzes the URLs and compares them with those from the blacklist. When the URLs match, packets are sent to a server hosting a specific page, which notifies users with the blocking reasons. In the event that the URL does not match, the traffic is not to be blocked and it is routed through a dedicated link to a transit operator responsible for the route to its final destination. Compared with the two BGP blocking options presented above, it offers a higher granularity and only blocks sites whose URLs are listed. However, it requires higher investment and operating costs because of the DPI server and IP transit link to set up and reconfiguration of BGP routes for each update of the list of URLs. A variant of this BGP blocking option exists and is called hybrid (detailed in “hybrid blocking” section).

www.idate.org © IDATE 2015 47 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Impacts Over-blocking induced BGP blocking is identical to IP blocking. Indeed, BGP blocking is based on IP addresses to block the flow, causing a risk of intrinsic over-blocking. This side effect applies to options 1 and 2 described above, when IP flows to be blocked are concentrated on a single router the ISP network and do not undergo any further analysis. In Option 3, the additional level of blockage that the DPI represents eliminates the risk of over-blocking related to IP addresses, since only a list of URLs (and not all domains with the same IP address) is blocked. In return, the DPI can be a bottleneck because its capacity is limited, and can cause significant congestion, if an IP address with high traffic (eg. Google server, Youtube) was inserted in the list of IP addresses by mistake. Moreover, it is difficult to size ex ante the IP transit connection at the output of DPI, due to the non-predictability of blocked traffic, which can reach high levels if all the corresponding IP flow is redirected to the DPI inspection. Moreover, the BGP is a complex protocol and its implementation does not imply frequent route updates, because it was not originally designed for blocking, but for routing packets between interconnected networks. It is therefore sensitive to errors that may occur with updates and frequent reconfigurations. It should be stressed that this risk is already assumed when peering. In practice, BGP is used by all ISPs at peering routers where the entire Internet traffic transits.

Option Pros Cons

Option #1: BGP router hosted Ease of implementation Risk of over-blocking by authorities BGP not designed for blocking

Option #2: BGP router hosted Ease of implementation Risk of over-blocking by ISP BGP not designed for blocking

Option #3: BGP blocking higher granularity and only blocks sites higher costs (compared to option #1 & combined with URL analysis whose URLs are listed (compared to #2) option #1 & #2) No risk of over-blocking

Source: IDATE

4.7. DPI techniques Main solutions for telcos relate to some of kind of filtering: • full (full disconnection/blocking) or partial filtering • volume-based filtering (filter only when a threshold of volume is reached) • time-based filtering (filter only during certain periods of the day) • bitrate-based filtering (limit the speed) • activity-based filtering (block only certain applications) • destination-based filtering (block only connection to some IP addresses)

Deep Packet Inspection (DPI) is a generational evolution of packet filtering technique allowing the observation and traffic analysis. It's not a simple filtering technique looking only into the header where only basic information (IP address and port number) can be identify.

www.idate.org © IDATE 2015 48 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Figure 20: Applications identifications with DPI

Source: Qosmos

Given the name, DPI inspects deeper in the packet by scanning the entire packet in both its header and payload. It provides up to application awareness by operating in the application layer of the OSI model in order to identify and to authenticate the content of the information packet conveyed by IP. In fact, the DPI engine ‘dissects’ the entire IP packet in real time.

Figure 21: Deep Packet Inspection mechanism

Application P2P: Bittorrent, e-donkey Webmail: ymail (Yahoo!mail), gmail, Hotmail Presentation Audio/Video : YouTube, Dailymotion, Deezer

Session FTP, http, DNS…

Transport TCP, UDP

Network IP Data Link

Physical

Deep Packet Inspection

Source: IDATE

It's a technique enabling to detect user activities in real time and to gather information from subscriber traffic such as determining which application is used for a given session and given flow. Similar to fingerprints used to identify person, signatures are used to identify applications and protocols. To develop a signature, several analysis techniques (regularly combined) are used and look like a traffic parse (semantically and grammatically). • by port (such as incoming email/POP3/110; 995 if it is secure; outgoing email: 25) • by string match (such as the word ‘Kazaa’ is embedded within Kazaa application protocol) • by numerical properties (such as payload length, number of packet sent…) • by behaviour (such as packet length histogram: few hundreds bytes: HTTP; shorter: P2P)

Based on the signature database, DPI is able to identify and classify traffic, allowing a tight control according to the application (such as peer-to-peer, browsing, VoIP and gaming). The classified packet can then be rerouted, marked/tagged, blocked, and reported to a reporting agent in the network. Spending on DPI and policy management solutions (PCRF) is increasing. IDATE estimates an annual growth rate at 23% between 2015 and 2019. The driven factor is due to mobile operators looking to manage and control the traffic while monetize data.

www.idate.org © IDATE 2015 49 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Figure 22: DPI and policy management market, 2015-2019 (million EUR)

Source: IDATE

4.8. Hybrid blocking This technique relies on the principle of communication by a national authority of a URL blacklist that lists the sites offering illegal content. Once the list loaded in the blocking system, the latter performs a DNS resolution allowing it to find the IP addresses of hosts with URLs to be blocked. The list of IP addresses is then injected into a BGP router, which announces the corresponding routes and gets all flows towards these IP addresses. The IP streams are then routed to a nearby DPI server that operates a URL inspection to match them with the blacklist. • If there is a match, the flows/streams are rejected or routed to the blocking page hosted on a nearby server. • Otherwise, they are routed to their final destination through a dedicated IP transit link, avoiding re- injecting into the network the packets whose IP addresses are attracted by the BGP router and thus creating infinite loops.

It is also possible to introduce into the system a white list, which contains the list of URLs not to filter, even though they are in the blacklist. This mechanism helps to prevent the URL hosted on the operator's servers from a blocking by error. It is also possible to introduce, in addition to the list of national authorities, some lists of other countries, still in a secure mode, ensuring the required confidentiality for such a mechanism.

Thus, two blocking levels are performed • A first IP address blocking is used to select only the suspicious part of the traffic. • A second deeper/fiercer blocking at the URL level is performed by a DPI server

This cascade system can greatly reduce the volume of data to be processed, reducing overall system load and thus its implementation cost. The implementation of this solution in a DPI server (flanged with URLs inspection) can theoretically extend the inspection to a deeper level even up to image recognition. But the processing load is such that the solution becomes cost prohibitive.

www.idate.org © IDATE 2015 50 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Impacts Hybrid blocking experiences cumulative drawbacks of the final DPI blocking. Traffic redirected to the blocking platform and in particular the DPI equipment, must be absorbed at any time, which raises a design problem5. It is similar for IP transit connection to the output of the DPI to evacuate traffic which appears normal (after URL inspection). In the event of high traffic sites such Google, Youtube or Facebook being found in the blacklist, the system can quickly be overloaded and induce significant service degradation for users. This may be acceptable in a small ISP network (ideal for local ISPs). However, it is not acceptable in the case of national ISPs. Indeed, their networks are split hierarchically and geographically, and are based on a large number of routers that distribute the traffic. Focusing the blocked traffic at a single point in the network would be incompatible with the network architecture of large ISPs and would bring high risks in case of congestion of the hybrid blocking platform. In the event of generalized hybrid blocking where several operators use this mechanism at their networks and exchange traffic through peering agreements, successive inspections would introduce latency and huge packet loss probability due to the significant increase in the risk of errors in the lists used. Pros Cons • Efficiency (due to the • drawbacks of the final DPI blocking cascade system) • not designed for high traffic websites • not designed for national/large ISP network implementation Source: IDATE

5 Here are some minimum precautions to be taken by ISPs that want to deploy this type of blocking: • a large oversizing of the solution, • a frequent updating of lists • traffic monitoring procedures alerting operational when there is platform overload, • release procedures static system when limits are reached

www.idate.org © IDATE 2015 51 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

5. Estimates and forecasts of lawful and unauthorised content

5.1. Main objectives Estimates of consumption in volume are expressed in number of files consumed by adults 12+ in the UK and detailed per OTT distribution channel and per device. The dataset covers the period starting from 2012 to 2018.

Definitions Files are considered as consumed once they have been downloaded, streamed or accessed online. • Streamed or access: any content viewed, listened to or played directly through the Internet without downloading a copy. • Downloaded: transfer of a copy of the file to a device.

Model structure The model producing estimates and forecasts is divided into two modules: • the first module provides estimates and forecasts of per category of content and subcategories based on distribution channels; • the second module provides estimates and forecasts of number of files consumed per device for each of the identified distribution channels.

Categories of content and scope of products and services covered:

Table 9: Categories of content and scope of products and services covered Category Definition Included services Video Movies and TV programs EST, rental VOD, SVOD, online Playback TV Music Music tracks and albums Singles tracks and album, audio-streaming services Books eBooks Online book stores, online libraries

Video Games Video games software excluding patches and Online stores (including app stores), online upgrades games Computer software Computer software, excluding mobile phone Downloaded software, cloud based apps and patches / upgrades to already software owned software Source: IDATE.

www.idate.org © IDATE 2015 52 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

5.2. First module: breakdown of files consumed per category of content The first module provides estimates and forecasts of number of files per category of content. To ensure the homogeneity of outputs, evaluations of historical data used in the first module are based on the results of the 5 waves of the OCI tracker study, conducted by Kantar Media for OFCOM then IPO (UK Intellectual Property Office) between 2012 and 2015. Below, a detail of the quoted references:

Table 10: Sources, 1st module Report Release date Period studied Kantar Media for OFCOM: Online Copyright Infringement November 2012 May 2012 – July 2012 tacker Wave 1 Kantar Media for OFCOM: Online Copyright Infringement March 2013 August 2012 – October 2012 tacker Wave 2 Kantar Media for OFCOM: Online Copyright Infringement November 2012 – January May 2013 tacker Wave 3 2013 Kantar Media for OFCOM: Online Copyright Infringement October 2013 March 2013 – May 2013 tacker Wave 4 Kantar Media for IPO: Online Copyright Infringement tacker July 2015 March 2015 – May 2015 Wave 5 Source: IDATE.

As volume data provided by OCI tracker are quarterly results, IDATE provides estimates based on waves 1 & 2 for 2012, waves 3 & 4 for 2013, wave 5 for 2015. Chronological series for year 2014 are reconstructed using growth estimates extracted from IDATE Content Economics 2015 study6. Due to a shift in the methodology between waves 1 to 4 and wave 5, the results of wave 1 to 4 are re- evaluated using a blend of median averages and mean scores. As said in the last edition, the resultant mean scores are highly influenced by a few respondents with high levels of activity. As a result the mean volumes are noticeably volatile from one wave to the next for all content types covered […].The median […] has proved to be much more stable for these metrics7. The blended solution satisfies both the need for stability in chronological series and coherence in volume size. The model also provides gross estimates of files (any type of content) accessed through illegal distribution channels: P2P, cyberlockers & newsgroups, illegal streaming. Volumes of content downloaded or accessed using P2P, cyberlockers (DDL) and illegal streaming are estimated according to use figures published in the 5 waves of IPO Tracker (table 2.2.1d).

The Forecasting model Forecasts are modulated according to the following parameters: • the evolution of both legal and technical antipiracy measures; • for both lawful and unauthorised services, the ease of use and the accessibility of online platforms including: ­ general platform ergonomics; ­ the evolutions of content discovery techniques; ­ the state and perspectives of issues consumers face when accessing lawful and unauthorised online content offers including the restriction of usage (devices, storage, DRMs, etc.) and the cost of circumvention techniques; • the relative attractiveness of legal offers as compared with infringing ones. Several criteria are be taken in account: ­ the volume of content available; ­ the availability of most popular content; ­ the evolution of price positioning of legal offers.

6 IDATE. Content Economics 2015. Montpellier, 7 Kantar Media for IPO: Online Copyright Infringement tacker Wave 5, pp.13.

www.idate.org © IDATE 2015 53 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Perspectives concerning those entries are discussed in other tasks of the study. Below, a description of the general calculation principles of the first module of the model used by IDATE:

Figure 23: Illustration of calculation principles of the 1st module

Source: IDATE

5.3. Breakdown of time spent per device The second module provides a breakdown of files consumed per content type for each of the following connected devices: Desktop/Laptop, Smartphones and Tablets. The breakdown of content consumption per device is based on data extracted from the two waves of OFCOM Digital Day 2010 and Digital Day 2014 studies. Chronological series are reconstructed using growth estimates of time-spent per devices provided by eMarketer8.

Table 11: Sources, 2nd module Report Release date Period studied OFCOM, Digital Day 2010 December 2014 April 2010 – May 2014 OFCOM, Digital Day 2014 October 2014 March 2014 – April 2014 eMarketer, Average Time Spent per Day with Major Media October 2014 October 2014 by UK Adults, 2010-2014 Source: IDATE.

The Forecasting model The forecasting model will be articulated around two series of parameters: • the evolution of selected connected device ownership in the UK; • the availability of each distribution channel on each of these devices (downloaded application, direct Internet access) and ease of use.

8 http://www.emarketer.com/Article/UK-Consumers-Spend-over-9-Hours-per-Day-Consuming-Media/1011314

www.idate.org © IDATE 2015 54 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Below, a description of the general calculation principles of the 2nd module used by IDATE:

Figure 24: Illustration of calculation principles of the 2nd module

Source: IDATE

www.idate.org © IDATE 2015 55 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

5.4. Dataset

Table 12: Results of the 1st module: Volumes of content legally and illegally consumed par category of content 2012 2013 2014 2015 2016 2017 2018 CAGR 2012/2014 CAGR 2015/2018 Digital Content Consumption 4498.8 4841.6 5087.0 5331.8 5594.8 5886.7 6233.3 6.3% 5.3% Music 2985.9 3163.0 3282.0 3401.0 3502.2 3606.4 3682.4 4.8% 2.7% Video 1038.8 1162.0 1270.4 1378.7 1521.1 1689.6 1941.3 10.6% 12.1% eBooks 192.7 225.5 232.7 239.9 247.2 254.8 262.6 9.9% 3.1% Video games 137.7 146.8 155.6 164.1 172.0 179.6 186.6 6.3% 4.4% Computer software 143.7 144.2 146.3 148.2 152.2 156.3 160.4 0.9% 2.7% Legal Digital Content Consumption 3080.4 3713.9 4108.6 4472.4 4825.3 5189.7 5597.7 15.5% 7.8% Music 1916.1 2370.0 2643.0 2873.7 3057.9 3225.1 3349.7 17.4% 5.2% Video 796.1 930.3 1030.8 1144.5 1294.1 1472.4 1737.1 13.8% 14.9% eBooks 166.2 193.5 198.3 202.1 206.4 211.4 217.0 9.2% 2.4% Video games 115.2 126.9 137.0 146.6 155.6 164.1 172.0 9.0% 5.5% Computer software 86.7 93.2 99.5 105.5 111.3 116.7 121.9 7.1% 4.9% Illegal Digital Content Consumption 1418.5 1127.6 978.5 859.5 769.5 697.0 635.6 -16.9% -9.6% Music 1069.8 793.0 638.9 527.2 444.3 381.4 332.7 -22.7% -14.2% Video 242.7 231.7 239.5 234.3 227.0 217.2 204.1 -0.7% -4.5% eBooks 26.6 32.0 34.5 37.9 40.8 43.4 45.6 13.9% 6.4% Video games 22.4 19.9 18.7 17.5 16.4 15.5 14.6 -8.7% -5.7% Computer software 57.0 51.0 46.8 42.7 40.9 39.5 38.5 -9.3% -3.4% Share of Illegal consumption 31.5% 23.3% 19.2% 16.1% 13.8% 11.8% 10.2% -21.9% -14.2% Music 35.8% 25.1% 19.5% 15.5% 12.7% 10.6% 9.0% -26.3% -16.5% Video 23.4% 19.9% 18.9% 17.0% 14.9% 12.9% 10.5% -10.2% -14.8% eBooks 13.8% 14.2% 14.8% 15.8% 16.5% 17.0% 17.4% 3.6% 3.3% Video games 16.3% 13.6% 12.0% 10.6% 9.5% 8.6% 7.8% -14.1% -9.7% Computer software 39.7% 35.4% 32.0% 28.8% 26.9% 25.3% 24.0% -10.2% -5.9% Source: IDATE

www.idate.org © IDATE 2015 56 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

Table 13: Results of the 1st module: Volumes of content consumed through illegal distribution channels 2012 2013 2014 2015 2016 2017 2018 CAGR 2012/2014 CAGR 2015/2018 Illegal Digital Content Consumption 1418.5 1127.6 978.5 859.5 769.5 697.0 635.6 -16.9% -9.6% P2P 771.7 638.6 525.0 432.5 371.5 322.2 280.7 -17.5% -13.4% DDL 286.6 219.2 198.5 183.0 165.7 151.5 139.2 -16.8% -8.7% Illegal Streaming 360.1 269.8 254.9 244.0 232.3 223.4 215.8 -15.9% -4.0% Source: IDATE

Table 14: Results of the 2nd module: Volumes of content consumed per device 2012 2013 2014 2015 2016 2017 2018 CAGR 2012/2014 CAGR 2015/2018 Music 2985.9 3163.0 3282.0 3401.0 3502.2 3606.4 3682.4 4.8% 2.7% Desktop / Laptop 1933.5 1951.5 1932.6 1905.0 1845.8 1774.1 1678.0 0.0% -4.1% Smartphone 830.1 926.3 1012.6 1105.4 1199.2 1300.9 1399.3 10.4% 8.2% Tablet Computer 222.3 285.2 336.8 390.5 457.2 531.4 605.1 23.1% 15.7% Video 1038.8 1162.0 1270.4 1378.7 1521.1 1689.6 1941.3 10.6% 12.1% Desktop / Laptop 647.6 696.3 739.8 782.4 829.0 907.9 1012.9 6.9% 9.0% Smartphone 217.5 199.9 171.5 142.6 133.9 111.5 114.9 -11.2% -6.9% Tablet Computer 173.7 265.9 359.0 453.8 558.3 670.2 813.5 43.7% 21.5% eBooks 192.7 225.5 232.7 239.9 247.2 254.8 262.6 9.9% 3.1% Desktop / Laptop 29.7 29.2 25.5 23.7 21.3 17.5 16.5 -7.3% -11.3% Smartphone 148.3 161.2 114.3 80.5 50.3 35.5 27.4 -12.2% -30.2% Tablet Computer 14.8 35.2 92.9 135.7 175.6 201.8 218.7 150.3% 17.2% Video Games 137.7 146.8 155.6 164.1 172.0 179.6 186.6 6.3% 4.4% Desktop / Laptop 100.6 98.2 93.8 89.6 85.5 81.7 78.0 -3.4% -4.5% Smartphone 22.7 26.6 30.8 35.1 39.4 43.6 47.7 16.6% 10.8% Tablet Computer 14.4 22.0 31.0 39.4 47.1 54.3 60.9 46.6% 15.6% Computer software 143.7 144.2 146.3 148.2 152.2 156.3 160.4 0.9% 2.7% Desktop / Laptop 103.8 90.3 78.8 72.5 69.5 67.4 65.7 -12.9% -3.2% Smartphone 30.9 39.0 45.0 49.4 53.4 56.8 59.8 20.7% 6.6% Tablet Computer 9.1 14.9 22.5 26.3 29.3 32.1 34.9 57.6% 9.9% Source: IDATE

www.idate.org © IDATE 2015 57 Online Content Study: Changes in the distribution, discovery and consumption of lawful and unauthorised online content - Appendix

www.idate.org © IDATE 2015 58