Daniel sent us this one — and given that he's a home networking guy, open source, home firewalls, the whole setup, this is very much in his wheelhouse. The question is about something called the dodgy box. What exactly is it, how does it work technically, why are authorities going after it specifically when plenty of other forms of streaming piracy are just... sitting there untouched, and where does it fit in a longer global tradition of similar devices? Because apparently this is not a new phenomenon, just a new flavour of it.
Over two million households in the UK alone are estimated to be running one of these things right now. That number stopped me cold when I came across it. And in Ireland, the Irish Times had a piece earlier this month suggesting it's in roughly one in five homes. One in five.
Which is not a fringe thing. That's a dinner party thing. That's a "yeah my brother-in-law set one up" thing.
By the way, today's episode is powered by Claude Sonnet four point six.
Our friendly AI down the road. And yet, here we are, two million households deep into a legal grey zone that authorities are only now starting to take seriously. The tension is real — consumer demand is enormous, the price of legitimate streaming has crept up to the point where people are doing the maths, and on the other side you've got Sky going to the Irish High Court in March to get the names, addresses, and bank details of three hundred and four dodgy box users.
That's the shift. That's what makes this moment interesting. Let's get into it.
At its core, what are we actually talking about? Because "dodgy box" is a beautifully vague name for something with a fairly specific technical architecture.
Right, so the canonical version is a modified streaming device — most often a jailbroken Amazon Fire Stick, sometimes an Android TV box — that comes pre-loaded with an IPTV subscription and whatever software the seller has configured to pull in those streams. IPTV being Internet Protocol Television, essentially live and on-demand content delivered over the internet rather than through a traditional broadcast or cable signal. The user plugs it in, connects to their home network, and it just works. That's the pitch. No technical knowledge required.
Plug-and-play piracy. Which is genuinely a product innovation, in its way.
And the geo-restriction evasion piece is layered on top of that — sometimes a VPN baked into the device, sometimes sold separately. The Irish Times piece from earlier this month put the typical cost at around eighty to a hundred euros a year for the IPTV access itself, plus roughly a hundred and fifty for a VPN if users want to mask what they're doing. So you're looking at two hundred and fifty euros annually, all-in, for what is effectively an unlicensed version of every premium sports package and streaming service simultaneously.
Compare that to what Sky Sports alone costs and the maths writes itself.
Which is exactly why this has gone global. The same basic model — cheap hardware, pre-configured streams, minimal setup — has shown up in Southeast Asia, across Latin America, in parts of the Middle East. The device changes, the app names change, the local sports rights that make it attractive change. The underlying logic doesn't.
The content industry built a wall, and this is the ladder that got commoditised.
The technical mechanism behind that ladder is worth pulling apart, because it's not actually that complicated once you see it. The IPTV streams themselves are sourced from pirate server networks — some of them enormous operations running thousands of channels simultaneously. The dodgy box is just the last-mile delivery vehicle. The device talks to those servers, the VPN masks the traffic from the ISP, and from the user's perspective it looks more or less identical to Netflix.
The geo-restriction evasion isn't even the hard part. It's almost incidental.
That's right. The VPN handles geo-restrictions as a side effect of hiding the traffic generally. You're not primarily trying to watch BBC iPlayer from outside the UK — you're trying to make sure your internet provider can't see you're pulling down a live Premier League match from a server in Moldova. The geo piece is a bonus.
How does the actual stream get to your TV, though? Like, at a packet level, what's happening? Because I think people imagine it's some kind of dark magic, but it's not, is it?
It really isn't. The pirate IPTV services almost universally use a protocol called M3U — it's essentially a playlist file. Your dodgy box has an app, something like TiviMate or IPTV Smarters, and that app fetches an M3U playlist from the pirate server which contains URLs pointing to the actual video streams. When you click on a channel, the app requests that stream, the server sends back the video data in chunks — usually using HLS, HTTP Live Streaming, the same protocol YouTube and Netflix use — and your TV decodes and displays it. The whole thing is architecturally identical to legitimate streaming. The only difference is who owns the content rights.
If you stripped away the legal question, a dodgy box and a legitimate streaming stick are doing exactly the same thing.
Byte for byte, more or less. Which is part of what makes it hard to block at the network level. Your ISP can't easily tell the difference between you watching a licensed stream on Disney Plus and you watching an unlicensed stream from a server in Eastern Europe, unless they're doing deep packet inspection — and even then, if there's a VPN in the way, they're largely blind.
Which raises the obvious question. Torrenting has existed for decades. Stream-ripping tools, Usenet, private trackers — none of this is new. So why are authorities going after the dodgy box specifically? Why this, why now?
A few things converging. The first is scale. An individual torrenting a film is one thing. A commercial IPTV operation serving, say, fifty thousand subscribers simultaneously is a broadcast-scale piracy operation. The revenues involved are significant — we're talking operations that can turn over millions annually. That changes the enforcement calculus.
It's the difference between someone shoplifting a chocolate bar and running a counterfeit goods warehouse.
The second thing is traceability. With torrenting, the technical and legal effort to identify individual users is substantial and the payoff is limited. With IPTV subscriptions, there's a payment trail. Someone sold that subscription. Someone took a bank transfer or a PayPal payment. Sky's Irish High Court action in March was specifically targeting a payment processor — that's how they got to three hundred and four users. Follow the money, find the customers.
That's a interesting enforcement mechanism. It's not about intercepting the stream. It's about the commercial transaction that preceded it.
It's not unprecedented, either. The music industry used almost exactly the same playbook against early peer-to-peer networks in the early two thousands. The RIAA went after Napster not by trying to block individual downloads but by going after the company's banking relationships and the payment infrastructure around it. Once you cut off the money, the service collapses even if the technology is still technically running. The dodgy box crackdowns are the same logic applied to a different layer of the stack.
The attack surface moved from the technology to the commerce around it.
And that's also why the UK crackdowns in 2025 focused heavily on distributors rather than end users, at least initially. The Premier League has been particularly aggressive — they've funded operations targeting resellers, not just the upstream server operators. When you arrest someone selling fifty pre-configured Fire Sticks out of a market stall, you get press coverage, you get a deterrent signal, and you potentially unravel a supply chain.
Though from what the Irish Times was reporting, the deterrent signal is now being aimed directly at consumers. The Sky action is a warning shot. They're not suing all three hundred and four people. They're making sure three hundred and four people know they've been identified.
Which is psychologically quite effective. You don't need to litigate every case. You need people to wonder whether they're on a list.
There's a name for that tactic, isn't there? The music industry used it so aggressively they eventually had to back off because of the PR damage.
The RIAA sued something like thirty thousand individual file-sharers between 2003 and 2008 — including, famously, a twelve-year-old girl and a deceased grandmother. The legal logic was sound but the optics were catastrophic. It became a story about a corporate giant bullying ordinary families rather than a story about protecting artists. Sky is being much more surgical about it. Three hundred and four identified users, no lawsuits filed yet, maximum press coverage. They're trying to get the deterrent effect without the backlash.
Whether it works is a different question.
The legal grey area here is real though. Buying a device that's capable of accessing pirated streams isn't itself illegal in most jurisdictions. It's the act of accessing the unlicensed content that crosses the line. And that distinction matters because it complicates prosecution at the consumer level considerably.
In Ireland and the UK, the legal position is that knowingly streaming unlicensed content infringes copyright, but the evidentiary bar for proving that a specific user knowingly accessed a specific unlicensed stream is not trivial. The Sky action sidesteps that by using civil rather than criminal law — they're seeking to identify, not immediately to prosecute.
The actual legal exposure for most users is probably lower than Sky would like them to think, but not zero.
And the malware angle makes it messier still. Interpol and Ireland's National Cyber Security Centre have both flagged something called BadBox two point zero — malware that ships pre-installed on some of these Android TV boxes and exfiltrates banking credentials from connected devices. So you might avoid a Sky lawsuit and still have your bank account emptied by whoever assembled your box.
The device is stealing from you while you're using it to steal from Sky. There's a certain poetic justice in that, if you squint.
The mechanism is worth understanding, because it's not like someone manually hacked your specific box. BadBox works at the firmware level — it's baked into the operating system image that the manufacturer flashed onto the device before it ever shipped. So by the time you plug it in and connect it to your home network, the malware is already running. It can intercept traffic from other devices on the same network, inject ads into your browser sessions, use your device as a proxy for other malicious traffic. You're not just a victim, you're potentially part of someone else's botnet.
Which is a alarming thing to have sitting next to your router.
And it's hardly a phenomenon unique to Ireland or the UK — that same dynamic has played out in remarkably similar ways across completely different markets.
Where else are we seeing this?
Southeast Asia is probably the most instructive comparison. In countries like Malaysia, Thailand, Indonesia, you have Android TV boxes running local variants of the same IPTV stack — different apps, different server infrastructure, but structurally identical. The driving factor there isn't sports rights specifically, it's the combination of expensive legitimate services relative to local incomes and patchy licensed availability. A lot of content that streams freely in the US or UK simply isn't licensed for those markets at any price.
The dodgy box fills a gap that the market created and then left empty.
And in those contexts the cultural stigma around it is essentially zero. It's not even thought of as piracy in the way we'd frame it — it's just how you watch television.
Which gets to something worth naming. The moral framing that content industries use — you're stealing from creators — lands very differently when the creator's distributor has simply decided your country isn't worth licensing to.
The Kodi phenomenon in the US is a slightly different flavour. Kodi itself is legitimate, open source media centre software — Daniel would know it well — but the ecosystem of add-ons built around it turned it into something else. At its peak around 2017, 2018, you had add-ons like Exodus and Neptune Rising pulling unlicensed streams directly into what looked like a polished media interface. The MPAA went after the add-on developers rather than Kodi itself, which was the right legal distinction but didn't stop the behaviour.
The tool isn't the crime. The configured tool is.
And what happened in the US is instructive for where Ireland and the UK are now. The add-on crackdown pushed users toward IPTV subscriptions rather than torrent-based streams, which actually made the piracy more centralised and therefore more traceable. Enforcement pressure on one part of the ecosystem redirected demand toward a part that was easier to follow.
The crackdowns arguably made the problem more legible to authorities, not smaller.
Though the thirty percent drop in UK dodgy box sales following the 2025 distributor crackdowns suggests some deterrent effect did land. It's not nothing.
I want to go back to the Southeast Asia comparison for a second, because I think there's something there about the history of this that people don't appreciate. The dodgy box isn't even the first hardware device to do exactly this. There's a longer lineage, isn't there?
A much longer one. If you go back to the satellite era — the nineties and early two thousands — you had what were called FTA boxes, Free-To-Air receivers, that were modified with what the industry called "pirate cards" or later "card sharing" software. The idea was the same: a legitimate-looking piece of hardware that had been configured to decrypt satellite signals you hadn't paid to receive. In the UK, there was a massive market for modified Sky digiboxes that would give you the full Sky Sports package without a subscription. The technology was completely different — you were descrambling an encrypted satellite signal rather than pulling an internet stream — but the value proposition was identical.
Same ladder, different wall.
Before that you had cable descramblers in the US in the eighties. Little grey boxes you'd plug into your cable connection that would unscramble premium channels. HBO, Showtime, the early pay-per-view events. The cable companies tried technical countermeasures, the countermeasure manufacturers updated their boxes, it was a decade-long arms race. The dodgy box is just the current iteration of something that has existed as long as there have been paid television signals to intercept.
There's almost a folk tradition to it at this point.
And that historical context matters for understanding why enforcement has such a ceiling. You're not fighting a new behaviour. You're fighting something people have been doing, in various forms, for forty years. The technology changes but the appetite doesn't.
For content creators and distributors, the implications cut in different directions. The distributors — Sky, the Premier League, the major studios — have a clear financial stake in enforcement. The creators themselves are a more complicated story.
Much more complicated. The IPTV economy doesn't really compensate creators at all — the money flows to whoever is running the pirate servers, not upstream. But the counterargument you hear is that access drives cultural engagement, and cultural engagement drives long-term fandom, and long-term fandom eventually converts to paying customers. It's not a clean argument, but it's not nothing either.
It's the argument the music industry ignored for a decade and then streaming proved partially right.
The question for the next few years is whether content distributors adapt their pricing and availability models fast enough to undercut the value proposition of the dodgy box, or whether enforcement alone is expected to carry the load. Because historically, enforcement alone has not carried the load.
The wall gets higher, the ladder gets cheaper. That's been the pattern.
There's a pricing psychology element here that I don't think the distributors have fully reckoned with. When Netflix launched, it was cheap enough that the mental calculation was easy — just pay for it, it's not worth the hassle of piracy. But subscription fatigue is real now. People are paying for Netflix, Disney Plus, Apple TV, maybe a sports package on top of that, and the aggregate monthly bill has crept up to a point where the dodgy box starts looking rational again. The content industry solved piracy once by making legitimate access cheap and easy. Then they gradually made it less cheap and less easy, and now they're surprised the problem is back.
They ate the seed corn.
And the sports rights piece is particularly acute, because live sport is the one category where streaming hasn't really democratised access. A film will eventually show up somewhere affordable. A live Champions League match is only available through specific, expensive channels, at the specific moment it's happening, and if you can't afford those channels you simply miss it. That urgency is exactly what the dodgy box exploits.
What does that mean practically for someone listening to this who maybe has one of these boxes, or is thinking about it?
The first thing I'd say is get clear on what your actual legal exposure is, because it varies a lot depending on where you are. In Ireland and the UK right now, the realistic risk for end users isn't criminal prosecution — it's civil action, and even that's being used primarily as a deterrent. But "primarily" isn't "never," and the Sky case in March showed that the infrastructure to identify users is now demonstrably in place.
The malware risk is arguably more immediate than the legal risk for most people.
Considerably more immediate. If you bought a cheap Android TV box from a market stall or an unverified online seller, the BadBox two point zero findings from Interpol should concern you. That's not hypothetical — those devices have been found exfiltrating banking credentials. The content industry wants your subscription money. The malware wants your actual bank account.
The practical first step is: if you have one of these boxes, don't have it on the same network as anything you care about.
Network segmentation is the minimum. Daniel would set up a separate VLAN without thinking about it, but most people don't have a home firewall configured that way. If you don't, the honest advice is that the device is a liability regardless of the content question.
For people who want the access without the risk — legal alternatives have improved.
A reputable VPN plus a legitimate streaming subscription from another region is often surprisingly affordable and carries none of the malware exposure. It's not identical to what a dodgy box offers, but for most of what people actually want to watch, it gets you there.
The broader thing people can actually push on is licensing availability. When a distributor simply refuses to make content available in a given market, that's a policy choice, not a technical constraint. Audience pressure on that front does occasionally move things.
The streaming services are watching the piracy data closely — they know which titles are being pulled from which regions, and that's leverage they can use in licensing negotiations. There's a version of this where sustained, visible piracy demand in a specific market actually accelerates the legitimate licensing deal, because the rights holder can point to the data and say: look, there are clearly a hundred thousand people in this country who want to watch this, and right now none of them are paying us.
Piracy as market research.
Uncomfortable framing for the content industry, but not entirely wrong. And that raises the bigger question: if pricing and availability models don't shift, does enforcement actually bend the curve, or does it just reshape where the demand goes?
I don't know. The thirty percent drop in UK sales after the 2025 crackdowns is real, but thirty percent down from a very large number is still a very large number. And the Irish data — one in five homes — suggests that in markets where the cultural normalisation is deep enough, legal pressure alone has a ceiling.
The Sky High Court action in March might be the more interesting experiment. Targeting users rather than sellers is a different kind of deterrent. It's personal in a way that a market stall arrest isn't.
If it changes behaviour at scale, it'll be studied. If it doesn't, the content industry will need a harder conversation about why two million households in the UK decided a dodgy box was worth the risk in the first place.
The answer to that question isn't really about piracy. It's about what people think they're owed for the price of a legitimate subscription.
Which is where content distribution has to go next. The technology for global, flexible, affordable access exists. The licensing structures that would make it commercially viable are the constraint. That's a negotiation problem, not an engineering problem.
Those tend to take longer.
But they do eventually move. The music industry took roughly fifteen years from Napster to Spotify to find a model that worked well enough to pull the majority of listeners back into legitimate channels. Television is probably somewhere in the middle of that same arc right now.
With the dodgy box playing the role Napster played — not the final answer, but the thing that proved the demand was there and the existing model wasn't meeting it.
That's a reasonable read. Napster didn't win, but it changed everything. The dodgy box probably won't win either. But it's already changed the conversation about what a fair price for television access looks like, and that conversation isn't going back in the box.
Something to watch. Thanks to Hilbert Flumingtop for producing this one, and to Modal for keeping the infrastructure running behind the scenes. This has been My Weird Prompts. Find us at myweirdprompts.com, and if you have a moment to leave a review, we read them.
Until next time.
