Slashdot Mirror
BitTorrent and End to End Encryption
An anonymous reader writes "As ISPs like Shaw and Rogers throttle their bandwidth to counter the growth of BitTorrent, BitTorrent developers are fighting back with end to end encryption. Oddly enough, Bram Cohen, the original brains behind BitTorrent, doesn't support this direction. Is there really anything he can do about it?"
The bigger problem is customers paying their ISPs, many of whom hold a local monopoly, and then the ISPs go around and turn their backs on the customers, leaving them without services like bittorrent that have a clear and growing legal use. Perhaps a boycott of ISPs that do that would be in order... except for that whole monopoly thing.
The proper solution when your ISP is deliberately crippling your service is to get another ISP. You paid for that torrent traffic, and if they don't carry it that's as good as stealing. Let your ISP know how you feel, and don't do business with crooks.
Give me Classic Slashdot or give me death!
Bram said he suspects that some developer has gotten rate limited by his ISP, and is more interested in trying to hack around his ISP's limitations than in the performance of the internet as a whole.
Isn't this what Open Source is about? The ability to make changes to a software to suit one's need? And if there are enough users, followers, developers and contributors (see Ubuntu from Debian), the new branch because a thing of its own.
So the day Bram opened his code, BT is subject to the same kind of treatment and only users can decide which way it will go.
Aren't there cases where someone compiled a BT client to act like a seeder with high ratio but is an ultimate leecher?
Uncensored Google results requested and delivered by email
ISPs are happy to lose those customers.
"Well, I'm not sure it's such a good idea. Cheeseburgers are delicious, let's go get some."
A) no. B) Even if he's really for it, he can't come out and say so, because he's jumped into bed with Hollywood with both feet.
FTA:
"...a wire protocol which transfers a lot of data bidirectionally and consistently looks like line noise with no header is only marginally more difficult to identify then one which uses fixed ports."
Sounds like a call to camoflage the traffic as several pipes between peers. Not just one tcp/ip connection, but several, with a jitter function to pick which pipe is used at the moment so it does not look consistant
-- 3 events that reshaped the world in the 20th century: WW1, WW2, and WWW
My connection is severly throttled by my pathetic aDSL upload speed, but that's another bitch entirely.
Man, you really need that seminar!
Bram may not like it, but one of the best things about sharing the source code, is that the 'market' so to speak will determine now where this protocol goes. If Bram doesn't like it, that's his right, but I expect the masses are going to use the program that best offers the features they want. And uTorrent and Azureus are the two 'big boys' on the block right now. And if someone can improve it further on down the road, the whole bittorrent history has shown that users will try it, especially if they aren't happy with the 'old' program they use.
Who is "End", and why are they partnering with BitTorrent to end encryption?
So when I buy an internet connection from an ISP, who says the connection is 4mb down and 256K up, and then I actually want to use all of the bandwidth I have been sold - then the ISP wants to crack down and limit my usage?
Someone should sue [insert favorite ISP here] for bait and switch. If what they're providing is 4mb/256K burst speed, with lower rates for continuous, then that's what they should say in their advertising. This is hardly a far cry from the shady camera outfits online (i.e. PriceRitePhoto). You pay every month for a service, and the service you're actually provided differs greatly from what you thought you purchased.
Web 2.0 == Giant Blogspam Circle Jerk
Don't forget part of the problem is that our connections are assymetric. 100+ kb/sec for downloads, but ~10 kb/sec for *any* uploading is the best you can hope for.
He released it as an open source project. He can't do anything about people modding it any more than Linus Torvalds could do anything about someone modding the Linux kernel--not that he would.
However, also like LT and most other major project figureheads, he holds a certain amount of political sway. His disapproval may be enough to keep some developers from pursuing certain paths. Of course, not everyone will care about what he thinks, but he does have SOME power.
I would like to say I am totally fucking furious that Rogers feels it can do this.
I appriciate that Bitorrent constitutes a gargantuan proportion of network traffic. I appriciate this is a problem.
However, the reason that I feel this is unfair, which nobody seems to have mentioned yet, is that Rogers customers are limited to 60 GB of transfer total, both ways, each month. (Unless, of course, you upgrade to the $50 account + modem rental which is 100 GB). If you exceed this limit, it's not just a matter of waiting until next month -- it is a matter of having your account shut down.
I think it is fair to do one or the other, but not both. I once wasted three days trying to figure out why Bittorrent wasn't working, only to find out it was thanks to Rogers. This was just as they had started shaping network traffic so I had no furious posts on message boards to turn to for the origin of the problem.
Sadly, there is no alternative to Rogers for high speed access in my area. It's Rogers or dial up.
Shaw and Rogers are the two major cable providers in Canada.
Does it affect a lot of people? You bet.
[alk]
Why don't the clients create a simple IPSEC connection between clients and tracker (Or client-client in a trackerless version). Granted, I'm not an IPSEC expert, but wouldn't this better accomplish their goals?
This would keep the connection and communication private, and they could run the standard BT protocol on top of IPSEC. On top of that, ISPs won't shape IPSEC down like Bit torrent traffic - because they would anger corporate VPN users.
ebob
If Bittorrent goes out of it's way to become unthrottleable and hard to detect, it will lead to it being outright banned in many places, and the ban enforced through more draconian means.
Like here on campus, we would prefer not to tell people what they can and can't do, however bandwidth is finite. We cannot afford to buy gigs and gigs of bandwidth just to allow people to P2P all the time, at least not without a tuition hike. The solution is to use a packet shaper, which puts P2P at a lower priority than other traffic. Usually, the line isn't maxed so P2P works as normal, however if the connection is slammed, non P2P traffic gets prefernce.
Works very well, P2P works and is generally very fast, and other traffic doesn't get bogged.
However, if it starts hiding from the packet shaper, things may be made a bit more compulsory like "You will make no use of Bittorrent unless it is for an approved research project. Failure to comply will result in a referal to the dean of students and possibly expulsion." Now I'd hate to see it go that way, but it will if it there's no reasonable way to keep P2P from clogging the network.
In semi-related news, BitTorrent Inc. and Opera announced today that Opera 9 will offer BT capabilities. I do remember that a beta of Opera 8 had BitTorrent built in, but that hasn't been present in versions released since (i.e. since it went freeware).
http://www.opera.com/pressreleases/en/2006/02/06/
Nonsense. Is using ssh guarenteeing illegal activity? Not at all. If I want to use my ISP to download the latest Ubuntu (and I will soon), I damn well want it via BitTorrents. And if I encrypt it, that's my business too!
--LWM
I use Shaw so aparently I'm a "victim" of this traffic shaping. I can't figure out what everyone is so up in arms about his for. I'm not a heavy BT user but I use it to grab a couple TV shows evey week, it works fine, usually takes me a few hours to ge a BSG episode tops. I got the entire second season of the OC for my g/f in 2 days. It's not like BT doesn't work anymore, if nobody told me about this I wouldn't have noticed.
With cable you still share a certain ammount of bandwidth with the people on your trunk, espescially on the upstream. Unfortunately some people are bandwith hogs. I see this as protecting me from the guy down the street with the warez fetish more than anything else.
Has anyone found themselves unable to use BT because of this?
You didn't RTFA, did you? They're using layer-7 filtering to shape BitTorrent traffic, in both directions, throttling it down to a mere trickle. I know this because I'm a victim of it. :(
People seem to be confusing the 2 issues.
Encryption here is just a mean, they don't care if the ISP sees WHAT they're sharing, they only care that the ISP recognizes that they ARE sharing (and throttling their connection accordingly).
I find the argument agains the tracker taking care of it quite silly. The guy from uTorrent says that the ISP would simpy find or modify the packet saying that obfuscation is wanted.
I would guess the ISP would just throttle all encrypted traffic going to random ports before it starts identfiying specific packets. They're as justified to limit it to BT as they are to do it with all unrecognized traffic.
BT is costing them a large amount of money so they start to throttle it. That means that they're not going to sit idly and not respond if it becomes obfuscated/encrypted.
I don't think it's an arms race that BT can win at all. If the ISP wants to limit the amount of bandwidth you're using, they will limit it, one way or another. For example, the ISP might throttle everything after a threshold per month is exceeded.
That's the main point that Bram is making, and I find it difficult to disagree with him.
cox.net straight up won't let you seed
once you get 100% of the torrent all incoming connections are closed
One thing I've done since I switched away from a packet shaping network is told all my non-geeky friends who are deciding what service to get to STAY AWAY from it [Eastlink] and switch to the good guys in my area [Aliant].
Maybe we can hurt these companies through word of mouth.
No.. No they're not. My ISP, TalkTalk, lied about the service they were providing me - even after I enquiered about p2p (GNUtella, Bittorrent) which they assured were totally unrestricted, they were quite happy to sign me up to a 12 month contract and totally restrict all traffic from the p2p clients. Don't worry, I've complained about a month ago and I'm intending to get out with out paying theur £70 cancellation fee. This is for users like me, who have been screwed over by greedy ISPs. And I welcome our new encripted overlords.
--
Just because he doesn't have ADHD doesn't mean the man can't appreciate a cheeseburger now and then. What are you, some kind of racist?
"Never attribute to malice that which can be adequately explained by stupidity." -- Hanlon's Razor
I live in an area where the best I've got is dial-up (and 28.8k at that). Once an ISP gets out here, I'll be the first to switch to them. ON ONE CONDITION: They allow bittorrent traffic.
Seriously, everyone I know who has gotten broadband has done so for P2P. Warez kiddies ^W^WLinux distro hunters are the cable companies biggest subscribers.
They are shooting themselves in the foot by not supporting us.
Obligatory Soundbite Catchphrase
I'd say that a significant number of users use p2p type stuff. Everyone I know at work uses some type of p2p software... eventually it will be impossible to restrict users of p2p unless you cut off all your users.
...way back when the monthly b/w limit on Roger's was 1gb.
That's right, 1, as in uno.
Now people are whining about 60-100?
How much warez are you fools downloading anyway?
The fact is that at the end of the day ISPs pay for bandwidtch per byte. I say charge people that 'need' >100gb per byte more then the rest of us.
This isn't a new problem. As long there's been broadband there's been people that absolutely, positively, MUST saturate their entire bandwidth 24/7/365, and these people cry bloody murder when someone tells them they can't.
Bittorrent just happens to be the way that warez junkies do this today. Think about it. If you're shaw/rogers, and you see that 90% of your bandwidth usage is bitttorrent packets being sent by 1% of your customers, what would you do?
Well thankfully here in europe we have no monopolistic companies trying to throtle torrents or have plans for to tier up the internet (yes im aware of the pun)
Here in ireland im currently on 3mbit NTL cable (soon to be upgraded to 10) with 40GB cap which is not enforced, i download over 100gb monthly
so pack ur bags and move back to the old world!
You forgot "No $40/month broadband".
I work at an ISP. We pay $50 per meg per month measured at the 95th-percentile of our monthly usage. We can use our bandwidth in essentially any legal way, and we get a pretty rock-solid SLA for our money.On the flipside, our providers should not go bankrupt supporting the service we buy.
I buy cable broadband at home. I pay $40/month flat rate and I agreed to a pretty restrictive AUP that allows no servers or P2P applications on my end of the connection. I could violate the AUP, like I'm sure many do. But if I did, I would not whine and complain when my ISP addresses the issue. Oh yeah, if I paid at home what I pay at work, I would be paying about $120/month for internet access. But then I could use P2P...whoop-dee-do!
Networks are very, very expensive. If my broadband provider doesn't stay in business, I won't be able to use P2P--or any other 'net application.
Bram Cohen was also originally against having an upload limiter in BT clients...but when everyone else had one, lo and behold, the official client gets one.
I wonder if this will turn out the same.
It's only an insult if it's not true.
That should be "BitTorrent and End-to-End Encryption".
Denham's Dentrifice, Denham's Dentrifice, Denham's Dandy Dental Dentrifice, Denham's Dentrifice Dentrifice Dentrifice.
A simple encrypted HTTP protocol without all the certificate crap would be JUST FINE. Just negotiate some form of encryption, exchange some random keys and do your stuff (like SSH basically does everytime you make a connection) -- this can be done complete secure, the only thing you donot have is a 100% guarantee that the website your talking to is really who they say they are -- in other words, just like normal HTTP, except that your ISP can't see what you are doing, nor can anyone else except the destination site (whoever that may be).
Having the option to use encrypted HTTP should involve nothing more than a flip of switch, just like having your HTTP stream gzipped compressed
Wow - didn't know that. Here in Nova Scotia, they've been behaving respectably (at least with broadband, can't speak for any of their other services). Sorry to hear that. Do you have an alternative over there?
Rogers and Aliant is it. The final nail in the coffin for me with Aliant was when I was away on business for a few weeks and they decided to start filtering inbound SMTP traffic. I called and asked about it and they claimed they weren't doing any filtering. When I replied with tcpdump output proving my case, they forwarded me to their abuse department. A few weeks without mail, so I immediately switched to Rogers when I got back.
Not only do I have a faster service (5Mbit with Rogers at the time, when Aliant was offering 2 or 3Mbit IIRC), but they only filter outbound SMTP (not a problem), I have a relatively "static" IP address, and I don't have to deal with the hassles of PPPoE.
Also, bundling our cell phones, television, and internet is a huge win. The Vibe Vision service was shut down, and reborn as Aliant TV some years later.. but it hasn't been rolled out in any areas other than Nova Scotia.
By the way, In the late 90s, things were different. Fundy Cable (who was purchased by Shaw, then by Rogers) had a one-way cablemodem. NBTel (part of Aliant) was trialing 10Mbit/10Mbit HFC service in my neighbourhood. For $39.95/month! It was incredible. The ride lasted a few years before they sent out an email about a "service upgrade", which was going to be $2/more per month, and mandatory. The "upgrade", of course, was the switch to 1.5Mbit ADSL with PPPoE.
No... I can't speak for the U.S., but in the U.K. you should not do this. Pay the bill to get away from the ISP and restore your service with another ISP -- this puts you firmly on the right side of the law. Then sue the original ISP in the small claims court... this is not the terrifying activity it sounds like. It's done locally and the small claims court is setup to deal with this sort of thing quickly (and hand hold newbies through the process), you don't need solicitors etc etc.
quick introduction. People do insist on stubborning it out, and often it's the worst mistake you can make.
If you were the first type, you change to a supplier that charges based on usage.
o rk-performance clause or more likely we-will-do-whatever-is-necessary-to-control-our-co sts-you-bandwidth-whores clause) in the contract with their ISP that has not been read or comprehended by the complainers.
If your supplier offers no restrictions on usage, it is reasonable to expect no restrictions. Particularly if you have entered into a contract to that effect.
What I suspect, though, is that in cases where people are complaining about p2p limiting, there was a we-will-do-whatever-the-hell-we-like clause (or even a we-will-do-whatever-is-necessary-to-maintain-netw
Well, except that in this case, you're not paying the ISP for the water but for the capacity of the pipes. The water is coming from sources outside of the ISP and thus isn't a scarce resource. In fact, when you signed up for your pipe-service, you understood that you were paying for the maintenance and capacity of the pipes, which is often claimed to be "unlimited", but upon having them installed, you notice that the same pipe is feeding both your home and your neighbor's home, and their neighbor's home.
you were the first type of customer, wouldn't you be annoyed if you found out you were paying the same as the second type? Wouldn't you expect them to pay more, or perhpas face some restrictions?
If the first type of customer gets upset at the second type of customer, then they should also get upset at buffets that charge the same amount of money to every customer regardless of the amount that they intend to eat. But then, that is the whole concept of a buffet, isn't it? You enter into an agreement with the provider knowing that you are getting a service that you value appropriately enough to pay for. If you think you should be getting a better deal because some people consume more per unit price than you do, then nothing stops you from trying to make your own arrangements, but if the business is not willing to enter into such an agreement with you, then you are free to find another who will. This is the market place at work, and how other people choose to spend their money has no impact on how you should choose to spend yours.
Encryption is the wrong tool for the job.
To get around ISPs throttling bt, the program should adapt it's ports and protocol negotiation so that it looks like other services (html, VOIP, etc).
Making bt fully protocol-adaptive would be take away all traffic shaping control from ISPs. Their response to this would likely be to look for high upload traffic from users and firewall off the users to stop all incoming connections.
There are counter-moves to this (client-mode bt), but an arms race between users and their service providers is going to be messy and one-sided (they write the T&Cs).
I think it's better that users should vote with their wallets.
If you have a _residential_ contract, you are distinctly _NOT_ being given an unlimited, dedicated 4.5Mb/s connection for $49. If you want to run a 24/7 hog like Bittorrent, purchase a business plan with guaranteed bandwidth and uptime, no port blocking and no QoS throttling--all stated clearly in the contract and available from all major ISPs.
They are well within their rights to ensure that everyone paying a certain price is given the same level of service. They're rolling out FIOS here. It can handle 622Mb/s and at $50/month, you get, basically, 1% of that. To not have to implement some kind of QoS throttling on your bandwidth-hogging butt, they'd have to run a separate backbone to every 100 houses and, guess what, that would cost a ton of money. So, voila, tiered pricing.
Deal with it.
Keep in mind that in many areas, there are lots of ISPs that can provide you with DSL service. This service is provided by either 1) using the telco's DSLAMs and ATM networks to connect your home to the ISP (the most common method), or 2) using ISP-owned DSLAM equipment co-located at the central office (Speakeasy/Covad, various local ISPs). If you're just using the telco to move your bits across town to the ISP, I doubt the telco is going to bother traffic shaping your data.
I mention this because I think a lot of people don't realize there are more DSL options than just the local telco's internet service. When you go to the telco's home page, they certainly don't go out of their way to let you know about this. There are lots of small and regional ISPs that would love to have your business.
The biggest problem you might encounter with DSL is that many telcos require you to subscribe to phone service before they'll allow you to subscribe to DSL. I know this is definitely the case in BellSouth territory. I've heard that you used to be able to get a "dry copper" (i.e. "alarm circuit") DSL line to an ISP in BellSouth territory (a friend of mine used to have this sort of hookup in Oxford, Miss.), but they've since put an end to that. Where I live (Denver, Colorado), the telco (Qwest) does offer "Naked DSL" so you don't have to bother with a landline if you don't want one.
I have DSL with a local ISP who runs their own DSLAMs in my neighborhood, and it works out well.
David
For those who are interested, the people who supply Shaw (who happens to be my ISP) their traffic shaping software (or is it an appliance?) is Ellacoya Networks. This bit of info was from some forum that I found when I first noticed that my maximum BT upstream got cut by about 60%.
FWIW, for those who aren't traffic shaped yet, don't be surprised if you are next if you are on a cable ISP -- the nature of the shared network means that the throughput gets choked for everyone when the upstream traffic gets too high (and ACKs get delayed). DSL providers don't really care about upstream as much, they worry more about total traffic which they can throttle in other, cheaper, ways.
"Pay the bill to get away from the ISP and restore your service with another ISP -- this puts you firmly on the right side of the law. Then sue the original ISP in the small claims court... this is not the terrifying activity it sounds like. It's done locally and the small claims court is setup to deal with this sort of thing quickly (and hand hold newbies through the process), you don't need solicitors etc etc."
;)
Good tip. Our American friends, though, will want a laywer rather than a door-to-door salesman.
DRM 'manages access' in the same way that a prison 'manages freedom'
Yet another feature that BitComet already has. Sadly, I expect Azureus and uTorrent to ignore this fact and implement their own standard. BitComet version 0.62 or 0.63 will probably conform to it. My point is, why doesn't anyone ever seem to know about BitComet's basic feature set? It's obviously a well known client. In fact, the last swarm I was in it was about equal in popularity to Azureus and BitTornado (only a couple people were using uTorrent, and someone was using the official client). If some feature has a possible exploit (like adding the DHT network as a backup in case the private tracker goes down) then everyone is up in arms about it. The useful features seem to go without notice, like UDP NAT bypass (great if you can't recieve incomming connections), an Intellegent Disk Cache (I WANT my torrent client to use more RAM so hard drive writing frequency is kept reasonable), Packet Header Encryption (the feature in question), the ability to share peer information even if the tracker goes down (implemented long before Azureus added DHT networks), sharing peer information between tracker updates (causes faster downloading), chatting with other BitComet users in the swarm, and others.
Needless to say, the poor restaurant owners were not real prepared for a dozen 250+lb college students to come in and eat many platefuls of food, and the owners were not very happy. They asked them to leave, and when they said "no, it's a buffet, we are just eating 'all-we-can-eat'", the owners called the cops on them.
Well, the cops showed up, and listened to the complaint, and talked to them. And decided against the owner! "If the sign says 'all-you-can-eat', you can't kick them out just because they can eat more than you want them to eat."
Not really applicable to the topic, but just seemed an appropriate anecdote. Not only internet companies want to cut off people who use over the average!
Wasn't the appeal of 'broadband' advertised to be 'always on, high speed, and unlimited transfers'?
It sure seems like all you folks in North America are getting a seriousl wallet raping by the telcos/cablecos.
Here in Japan (and I'm sure it's the same in S. Korea), we don't have any such tranfer caps. Bandwidth is also a non-issue here with 50MB ADSL and 100MB (up and down) FTTH. Also, the pricing is quite reasonable and ususally comes bundled with VOIP services. Some providers even offer TV over IP (Softbank BB).
Japan and S.Korea are living the broadband pipedream that North America had dangled in front of it but never got (until GoogleNet shows up, seeing as they are buying all the remnants of that pipe dream - unused dark fiber).
Every fraction of a second the lines are dark is investment lost, it costs a fixed ammount to install, and small cost of electricity to run the network, if its not being used than the capacity is wasted.
If north american ISP's would live up to the high bandwidth - fibre, true broadband they have been promising there would be no problem with quality of service, no problem with high bandwidth apps.
south korea and japan have 100mbit, 1gbit networks, 10 and 100mbit is available in many places in europe, if ISP's in north america would stop being driven by short term profit and invest something in the infrastructure as other places have done, even if its only 10/10mbit to the customers and new backbones, all the issues around bandwidth scarcity would virtualy dissapear.
From my experience (and I could remember this wrong, as I haven't touched IPSEC for over 5 years), the IPSEC protocol in the way as-is wouldn't work well with BitTorrent because it requires a PKI infrastructure so that the two ends can authenticate and exchange keys before the actual communications. And a PKI isn't easy to setup, and will require a central CA to handle all the certs.
Furthermore, IPSEC, by its old protocol has NAT transversal problems as in it cannot do NAT. And even the IPSEC with the NAT option, I think it is called IPSEC NAT-T, still requires the encrypting certificate to have a name matching the IP of the computer. Hence, requiring a static IP on the computer and/or the public interface on the router. Furthermore, it would cause problems if the two computers on both ends have the exact same IP in the private network (192.168.0.5 or something) as that would lead to interesting conflicts.
IPSEC isn't design for such a use like BitTorrent, it is more for securing the communications on a MANAGED local network, or a VPN, or a tunnel through the internet between networks, so that no one can sniff your data or spoof the destination/source computer. I believe in this case, IPSEC is the wrench while BitTorrent is the phillips screw; wrong tool for the wrong problem.
Huh, that's funny. Where is your proof of this? I would argue that geeks utilize bandwidth in a much more efficient way. Having done three years of technical support for a university, it was always the non-geeks that were generating the most traffic. When we did traffic reports, those generating the most traffic (a consistently high amount) in the dorms would have their network ports deactivated, and I would have to go figure out why. I only remember going into one geek's room to find out why. He was sharing out a whole lot of music. The rest of them? Malware, zombies, worms/viruses, etc. from unpatched, unprotected machines that are sitting wide open on the Internet. Most geeks downloaded locally available files (ala programs like Direct Connect), or used BitTorrent but had their upload throttled back a bit. Non-geeks just setup KaZaa or Limewire, and share out their whole C:\
So I would have to disagree with you from an ISP perspective.