Slashdot Mirror
BitTorrent and End to End Encryption
An anonymous reader writes "As ISPs like Shaw and Rogers throttle their bandwidth to counter the growth of BitTorrent, BitTorrent developers are fighting back with end to end encryption. Oddly enough, Bram Cohen, the original brains behind BitTorrent, doesn't support this direction. Is there really anything he can do about it?"
FTA:
"...a wire protocol which transfers a lot of data bidirectionally and consistently looks like line noise with no header is only marginally more difficult to identify then one which uses fixed ports."
Sounds like a call to camoflage the traffic as several pipes between peers. Not just one tcp/ip connection, but several, with a jitter function to pick which pipe is used at the moment so it does not look consistant
-- 3 events that reshaped the world in the 20th century: WW1, WW2, and WWW
Your suggestion assumes that everyone has a choice about their ISP. There are still many places in this country where broadband access is only available through one or two local monopolies.
I would like to say I am totally fucking furious that Rogers feels it can do this.
I appriciate that Bitorrent constitutes a gargantuan proportion of network traffic. I appriciate this is a problem.
However, the reason that I feel this is unfair, which nobody seems to have mentioned yet, is that Rogers customers are limited to 60 GB of transfer total, both ways, each month. (Unless, of course, you upgrade to the $50 account + modem rental which is 100 GB). If you exceed this limit, it's not just a matter of waiting until next month -- it is a matter of having your account shut down.
I think it is fair to do one or the other, but not both. I once wasted three days trying to figure out why Bittorrent wasn't working, only to find out it was thanks to Rogers. This was just as they had started shaping network traffic so I had no furious posts on message boards to turn to for the origin of the problem.
Sadly, there is no alternative to Rogers for high speed access in my area. It's Rogers or dial up.
I'm with a canadian isp in ontario and my bw maxes out at roughly 380-400KBytes/sec downloading.. uploading is capped at 75KBytes/sec. When I pass 90 gigabytes of bw usage they start sending me emails, asking me turn off possible viruses and whatever.. at 120 gigs they phone me up and ask me to upgrade to the deluxe edition or whatever it is heh.
Why don't the clients create a simple IPSEC connection between clients and tracker (Or client-client in a trackerless version). Granted, I'm not an IPSEC expert, but wouldn't this better accomplish their goals?
This would keep the connection and communication private, and they could run the standard BT protocol on top of IPSEC. On top of that, ISPs won't shape IPSEC down like Bit torrent traffic - because they would anger corporate VPN users.
ebob
If Bittorrent goes out of it's way to become unthrottleable and hard to detect, it will lead to it being outright banned in many places, and the ban enforced through more draconian means.
Like here on campus, we would prefer not to tell people what they can and can't do, however bandwidth is finite. We cannot afford to buy gigs and gigs of bandwidth just to allow people to P2P all the time, at least not without a tuition hike. The solution is to use a packet shaper, which puts P2P at a lower priority than other traffic. Usually, the line isn't maxed so P2P works as normal, however if the connection is slammed, non P2P traffic gets prefernce.
Works very well, P2P works and is generally very fast, and other traffic doesn't get bogged.
However, if it starts hiding from the packet shaper, things may be made a bit more compulsory like "You will make no use of Bittorrent unless it is for an approved research project. Failure to comply will result in a referal to the dean of students and possibly expulsion." Now I'd hate to see it go that way, but it will if it there's no reasonable way to keep P2P from clogging the network.
Fourth, when it comes to dealing with ISPs, obfuscation is some combination of hostile, unprofessional, and harmful. Software projects which value quality over featuritis generally steer clear of such things, especially when their potential effectiveness level is the equivalent of spitting in one's face than actual utility.
Of course, the ISPs that do traffic shaping where bittorrent is treated like something akin to a medieval plague ship are cooperative, professional, and beneficial?
Individuals pay ISPs to carry data. While I'm sympathetic to ISPs that limit the quantity of data that an individual can receive or transmit per period of time (face it, pay-for-use is not unfair), I'm not sympathetic to ISPs that decide what type of data that individual can receive or transmit (excluding clearly malicious traffic).
Cohen ignores that many of these ISPs have localized or regionalized monopolies and that they don't want to accommodate P2P users. The users are probably in the top 5% of traffic usage, so there's no incentive to accommodate their desires, but there's the obvious desire to keep their monthly ISP payments, hence draconian shaping policies.
Cohen also ignores that encrypting the traffic has merit. "[A] wire protocol which transfers a lot of data bidirectionally and consistently looks like line noise with no header is only marginally more difficult to identify then one which uses fixed ports. I can think of at least a few applications that look like this. It's called a remote desktop (whatever the protocol, but especially if it's not X Windows based) or remote office over VPN. People use it to telecommute. People would be VERY ANNOYED if that traffic was shaped like bittorrent traffic. Companies use it to connect branch offices. Companies would be VERY ANNOYED if that traffic was shaped like bittorrent traffic. Unless the shaping software is distributed widely enough and close enough to the end user to "see" that they have 20-40 VPN-like connections to the network, I fail to see how you definitively differentiate between the two.
I use Shaw so aparently I'm a "victim" of this traffic shaping. I can't figure out what everyone is so up in arms about his for. I'm not a heavy BT user but I use it to grab a couple TV shows evey week, it works fine, usually takes me a few hours to ge a BSG episode tops. I got the entire second season of the OC for my g/f in 2 days. It's not like BT doesn't work anymore, if nobody told me about this I wouldn't have noticed.
With cable you still share a certain ammount of bandwidth with the people on your trunk, espescially on the upstream. Unfortunately some people are bandwith hogs. I see this as protecting me from the guy down the street with the warez fetish more than anything else.
Has anyone found themselves unable to use BT because of this?
You didn't RTFA, did you? They're using layer-7 filtering to shape BitTorrent traffic, in both directions, throttling it down to a mere trickle. I know this because I'm a victim of it. :(
cox.net straight up won't let you seed
once you get 100% of the torrent all incoming connections are closed
One thing I've done since I switched away from a packet shaping network is told all my non-geeky friends who are deciding what service to get to STAY AWAY from it [Eastlink] and switch to the good guys in my area [Aliant].
Maybe we can hurt these companies through word of mouth.
No.. No they're not. My ISP, TalkTalk, lied about the service they were providing me - even after I enquiered about p2p (GNUtella, Bittorrent) which they assured were totally unrestricted, they were quite happy to sign me up to a 12 month contract and totally restrict all traffic from the p2p clients. Don't worry, I've complained about a month ago and I'm intending to get out with out paying theur £70 cancellation fee. This is for users like me, who have been screwed over by greedy ISPs. And I welcome our new encripted overlords.
--
Uhhh, once the encrypted session is negotiated, the only in-the-clear headers are the IP/TCP headers. Moreover, SSL negotiations all look the same, so if the implementers were to use SSL (which I don't think they do... but that's a mistake, IMHO), then there would be no way to tell one SSL-encrypted session from another.
...way back when the monthly b/w limit on Roger's was 1gb.
That's right, 1, as in uno.
Now people are whining about 60-100?
How much warez are you fools downloading anyway?
The fact is that at the end of the day ISPs pay for bandwidtch per byte. I say charge people that 'need' >100gb per byte more then the rest of us.
This isn't a new problem. As long there's been broadband there's been people that absolutely, positively, MUST saturate their entire bandwidth 24/7/365, and these people cry bloody murder when someone tells them they can't.
Bittorrent just happens to be the way that warez junkies do this today. Think about it. If you're shaw/rogers, and you see that 90% of your bandwidth usage is bitttorrent packets being sent by 1% of your customers, what would you do?
Well thankfully here in europe we have no monopolistic companies trying to throtle torrents or have plans for to tier up the internet (yes im aware of the pun)
Here in ireland im currently on 3mbit NTL cable (soon to be upgraded to 10) with 40GB cap which is not enforced, i download over 100gb monthly
so pack ur bags and move back to the old world!
I am sorry to say that the growing trend to throttle bittorrent is not based entirely on issues of piracy (although it is somewhat to blame). Many ISP's main reason for this is quality of service. While you may not intend to suck up all of the bandwidth that your ISP has, Bit torrent is notorious for sucking up bandwidth. Bit torrent has a rather poorly designed (for packet efficiency) protocol. It is terrific for other things, but not packet efficiency.
Bit torrent has the problem of opening a lot of connections (the larger the torrent storm, the more connections). While each of these connections to other seeders/leechers may only be passing small amounts of information, they tend to take up a lot of the routers memory (especially for very slow connections that stay open even though they don't pass much if not any information). This kills a router. You might not ever notice it at your own home but having a lot of people on torrents can take drop a router, and make the internet slow for all of the other users using your ISP.
While I don't agree with the actions of these ISPs I thought others might want to know other reasons for throttling this type of bandwidth. As for breaking this throttling your options is very limited. Most ISPs use a layer2 packet shaper, which has the ability to determine the actual content of a packet regardless of port. This is quite common these days.
As far as I know the only real option to get around it requires that you have a server outside of your ISP's network. If you have such a server or a friend somewhere with a nice fast connection (up and down), you would need to set up a tunnel. On top of that you would most likely need to setup a secure tunnel to avoid the packet shaper from understanding the packet data. You can do this using an SSH tunnel, or you can try to setup a site to site VPN tunnel (both of which you would want encrypted). Doing these things is not easy tasks and requires a fair amount of knowledge concerning the way networks works. There are several how-to's discussing how to setup a VPN tunnel and/or SSH tunnel.
Like I said these are not for the novice. It would however be a great opportunity to learn quite a bit more about networks than even the more network savvy people. Chances are most people are just going to have to live without torrent, or switch to a provider that doesn't throttle torrent activity.
Bram Cohen was also originally against having an upload limiter in BT clients...but when everyone else had one, lo and behold, the official client gets one.
I wonder if this will turn out the same.
It's only an insult if it's not true.
When I signed up for Rogers it was pretty wide open after all I had the 'Unlimited' Package - decent throughput, no blocked ports, no DL limits. They started blocking certain ports (HTTP, SMTP) a while ago, and now with packet shaping to strangle what services are left.
The problem with Rogers is that they are primarily a content provider - they offer cable television, pay per view tv, a chain of video rental stores, plus cell phone services, and now, VOIP. They also own the coax coming into your house and provide broadband access on it. Technology like BT, which is used primarily to traffic in movies and television shows impacts the demand for their traditional services while cutting into the profitability of their ISP services. Clearly the media monopoly side of the business is going to win out against the concept of providing unfettered Internet access.
No... I can't speak for the U.S., but in the U.K. you should not do this. Pay the bill to get away from the ISP and restore your service with another ISP -- this puts you firmly on the right side of the law. Then sue the original ISP in the small claims court... this is not the terrifying activity it sounds like. It's done locally and the small claims court is setup to deal with this sort of thing quickly (and hand hold newbies through the process), you don't need solicitors etc etc.
quick introduction. People do insist on stubborning it out, and often it's the worst mistake you can make.
If you were the first type, you change to a supplier that charges based on usage.
o rk-performance clause or more likely we-will-do-whatever-is-necessary-to-control-our-co sts-you-bandwidth-whores clause) in the contract with their ISP that has not been read or comprehended by the complainers.
If your supplier offers no restrictions on usage, it is reasonable to expect no restrictions. Particularly if you have entered into a contract to that effect.
What I suspect, though, is that in cases where people are complaining about p2p limiting, there was a we-will-do-whatever-the-hell-we-like clause (or even a we-will-do-whatever-is-necessary-to-maintain-netw
Encryption is the wrong tool for the job.
To get around ISPs throttling bt, the program should adapt it's ports and protocol negotiation so that it looks like other services (html, VOIP, etc).
Making bt fully protocol-adaptive would be take away all traffic shaping control from ISPs. Their response to this would likely be to look for high upload traffic from users and firewall off the users to stop all incoming connections.
There are counter-moves to this (client-mode bt), but an arms race between users and their service providers is going to be messy and one-sided (they write the T&Cs).
I think it's better that users should vote with their wallets.
If you have a _residential_ contract, you are distinctly _NOT_ being given an unlimited, dedicated 4.5Mb/s connection for $49. If you want to run a 24/7 hog like Bittorrent, purchase a business plan with guaranteed bandwidth and uptime, no port blocking and no QoS throttling--all stated clearly in the contract and available from all major ISPs.
They are well within their rights to ensure that everyone paying a certain price is given the same level of service. They're rolling out FIOS here. It can handle 622Mb/s and at $50/month, you get, basically, 1% of that. To not have to implement some kind of QoS throttling on your bandwidth-hogging butt, they'd have to run a separate backbone to every 100 houses and, guess what, that would cost a ton of money. So, voila, tiered pricing.
Deal with it.
For those who are interested, the people who supply Shaw (who happens to be my ISP) their traffic shaping software (or is it an appliance?) is Ellacoya Networks. This bit of info was from some forum that I found when I first noticed that my maximum BT upstream got cut by about 60%.
FWIW, for those who aren't traffic shaped yet, don't be surprised if you are next if you are on a cable ISP -- the nature of the shared network means that the throughput gets choked for everyone when the upstream traffic gets too high (and ACKs get delayed). DSL providers don't really care about upstream as much, they worry more about total traffic which they can throttle in other, cheaper, ways.
Yet another feature that BitComet already has. Sadly, I expect Azureus and uTorrent to ignore this fact and implement their own standard. BitComet version 0.62 or 0.63 will probably conform to it. My point is, why doesn't anyone ever seem to know about BitComet's basic feature set? It's obviously a well known client. In fact, the last swarm I was in it was about equal in popularity to Azureus and BitTornado (only a couple people were using uTorrent, and someone was using the official client). If some feature has a possible exploit (like adding the DHT network as a backup in case the private tracker goes down) then everyone is up in arms about it. The useful features seem to go without notice, like UDP NAT bypass (great if you can't recieve incomming connections), an Intellegent Disk Cache (I WANT my torrent client to use more RAM so hard drive writing frequency is kept reasonable), Packet Header Encryption (the feature in question), the ability to share peer information even if the tracker goes down (implemented long before Azureus added DHT networks), sharing peer information between tracker updates (causes faster downloading), chatting with other BitComet users in the swarm, and others.
Wasn't the appeal of 'broadband' advertised to be 'always on, high speed, and unlimited transfers'?
It sure seems like all you folks in North America are getting a seriousl wallet raping by the telcos/cablecos.
Here in Japan (and I'm sure it's the same in S. Korea), we don't have any such tranfer caps. Bandwidth is also a non-issue here with 50MB ADSL and 100MB (up and down) FTTH. Also, the pricing is quite reasonable and ususally comes bundled with VOIP services. Some providers even offer TV over IP (Softbank BB).
Japan and S.Korea are living the broadband pipedream that North America had dangled in front of it but never got (until GoogleNet shows up, seeing as they are buying all the remnants of that pipe dream - unused dark fiber).