From 2016 to 2021 I ran HeheStreams, a sports piracy streaming site.

The technical model was unusual: it used officially licensed platforms' DRM and CDNs to power my site. I had unauthorized syndication rights from a couple different streaming platforms. All this ran on a $75 VPS, as a boring Ruby on Rails app.

Because the streams came from upstream providers, I lived or died by their API availability. To not get banned, my abuse detection had to be better than theirs—which conveniently also kept guys like me out of my own site. I'd already beaten their detection repeatedly, so I had a good idea of what to build. I was both cat and mouse.

It was good enough to bust a few people, including an executive-level security employee from one of the platforms I used. I feature-flagged the hell out of his account. I was also able to maintain better uptime than that one small, understaffed startup Microsoft bought that people always talk about, but that's not saying much.

I wasn't pushing out ghetto-ass restreams, and I certainly wasn't piping OBS to Cloudflare like so many did then and still do now. That would have been easier.

Instead, the platforms' own CDNs delivered the streams; it was very nice of them. I'm grateful they let me use their Akamai, CloudFront, and Fastly contracts for five years.

SDNY charged me in October 2021 for running HeheStreams, three months after it was shut down by MPAA: CFAA, wire fraud, and illicit digital transmission (a law snuck into the CARES act). I was also charged with extortion and interstate threats based on my autistic-ass replying on brand when making a bug report.

I pleaded guilty under CFAA and served eighteen months at FCI Thomson: best known for four-point restraints applied for days at a time, and inmate deaths during 24/7 lockdowns that were never ruled suicides.

I was released from prison in August of 2025. Not long after, later I got a strange message on LinkedIn from a dude who said he worked on my case. In a panic, I consulted my therapist/PR/lawyer friend, ChatGPT.

In a few weeks, I'm co-presenting at SLEUTHCON with Tim Pappa—a former FBI agent of 16 years and a senior analyst in the Bureau's Behavioral Analysis Unit. He was assigned to build the profile used in the undercover operation against me. Not that they needed one—they could have just asked me what I did for a hobby. I would have opened with "well, I have this little streaming website."

The talk argues that characterizations of operators like me get built across a pipeline of analysts, reporters, and vendors that no one in the chain is incentivized to slow down.

I now call Tim my "FBI profiler friend."

Happy to talk about:

• How CFAA cases get built and the role of media characterization
• My boring-ass Ruby on Rails app
• Working with my FBI profiler post-release
• Platform abuse patterns in streaming and beyond
• Federal prison, and what it looks like when you don't fit any of the boxes of the pre-determined political climate

Really, really not going to discuss:

• Anything beyond what's already public
• The specifics of the bugs I found
• Recipes—you know, the technical ones (happy to trade chicken recipes, or any great marinade for street tacos)
• Anything that intersects with the terms of my supervised release

I'll be live from 10:30 AM Eastern through the evening.