Copyright: coming soon to PanPlay

|

ooadmn

Hi there, this post is all about copyright – yay!

Firstly, I would like to clarify: PanPlay is an HTML5-based player that runs in your web browser. Give it an audio medium and it will play it – that’s its job. If you use your own copy of PanPlay that you downloaded from GitHub, for example, that’s perfectly fine.

The problem starts when I see that the CDN version’s webstream module is being accessed to play music from illegal download sites. Of course, this is not okay.

What is the problem?

As the provider of PanPlay – legally speaking, as the operator of a website that plays music from various sources – I am responsible if copyright-protected content from illegal sources is played via the player. As a developer based in Germany (and therefore in the EU), I have to comply with the rules on “Stoererhaftung” (Breach of Duty of Care) and the EU Directive on Copyright in the Digital Single Market (2019/790). And that is – let’s say – not particularly nice.

So, now the bad word:
Content-Protection-Mechanism (CPM)

The CPM is a protective mechanism designed to save my – and you who use or fork PanPlay – legal butt. It ensures that I fulfil the requirements for a reporting and filtering system in accordance with EU Directive 2019/790. The aim is to prevent illegal or unlicensed content from being played. The mechanism is based on two components:

  1. Blocklist: PanPlay checks webstream URLs against a server-side blocklist on Pangom.net before they are played. If a URL is on the list, it is blocked. It is important to note that access to this blacklist only takes place on the server side. Neither the player itself nor the user’s browser have direct access.
  2. Reporting function: It will be possible to report suspicious URLs in the player. I will check these reports and block them if they turn out to be illegal.

Local or shared blacklist option

If you do not want your PanPlay copy to access the main blacklist on Pangom.net, you can configure the CPM to use a local blacklist. You can set this in the config file.

  • CPM with pangom (default): The blacklist requests are sent to Pangom.net, where the main blacklist is used. Formally, you are still responsible, but by bundling the requests on my side, the risk of further warnings on other copies of PanPlay is minimised, as blocked content is blocked on several platforms at the same time.
  • CPM on Local: A local blacklist is used here, which you must maintain yourself. Attention: The local list is empty by default and there is no synchronisation with Pangom.net. The reporting function will then also refer to a page that you must enter in the config and which should be located on your domain/subdomain.

The laut.fm module remains unaffected

The laut.fm module of PanPlay will not be affected by these changes. laut.fm has its own agreements with the German GEMA and its own mechanisms to protect content. It would be unfair to place additional filters on top of laut.fm, as they already take sufficient care of copyright protection.

All or nothing: the MIT licence

The good news is that forks of PanPlay can completely remove the Webstream module according to the MIT licence if the CPM is not to be implemented. If the module is removed, the CPM is no longer required.

Please stay clean!

However, the CPM is mandatory for all copies of PanPlay that retain the webstream module. Removing or manipulating the mechanism to play illegal content is not only against the licence terms, but also against copyright law. I don’t particularly like this law either, but if I allow the removal of the CPM or do not strictly enforce it, I run the risk of being accused of not protecting the mechanisms seriously enough.

I will not sue you if you remove the CPM from your copy. But be warned: In the legal sense, you are deleting copy protection or a DRM system from software – and that is illegal, regardless of whether the software is open source or under the MIT licence.

Copyright …

To be honest, I don’t think the law itself is particularly good. The smear campaigns and false reports that were spread when it was passed in 2019 were unpleasant. Nevertheless, the law is now in force, and since I am based in the EU and PanPlay is operated in cooperation with Danish data centres, I have to comply with these regulations.

When comes this function

That will take some time, so I am also making this announcement because I want to fulfil my intention of implementing the directive for rights holders, but the mechanism for doing so is still under development. So what does not yet exist will come in any case. I calculate September 2024 to May 2025 as the timeframe. There will be another update when there are more specific dates.

Closing words

Again, the MIT licence still allows the code to be used, modified and redistributed. Forks are allowed to remove the webstream module completely, but if the module is kept, the CPM must remain intact. You can switch it to local blacklists, but then you have to take care of their maintenance.

Even if I don’t like these regulations, I have to implement them in order to keep PanPlay legally compliant. You can continue to use, fork and customise PanPlay – as long as the content protection mechanism for web streams remains intact or the module is removed.

Then everything is fine.

With best regards,
Patrick Schneider @Pangom

Leave a Reply

Your email address will not be published. Required fields are marked *