Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encrypted Torrents Growing Fast In the UK

Posted by kdawson on from the deeply-inspect-all-you-want dept.

angryphase writes "The British Phonographic Institute (the UK's RIAA) has noticed a significant increase in the amount of encrypted torrents — from 4% of torrent traffic a year ago to 40% today. Whether it follows a trend for hiding suspicious activities or an increased awareness of personal privacy is up for (weak) debate. Either way, this change of attitude is catching the eye of ISPs, music industry officials, and enforcement agencies. Matt Phillips, spokesman for the UK record industry trade association explains, 'Our internet investigations team, internet service providers and the police are well aware of encryption technology: it's been around for a long time and is commonplace in other areas of internet crime. It should come as no surprise that if people think they can hide illegal activity they will attempt to.'"

7 of 432 comments (clear)

  1. Re:Could someone clarify... by fictionpuss · · Score: 5, Informative

    Torrent encryption was developed primarily to avoid traffic-shaping. E.g. a good percentage of those legitimately downloading Fedora 8 today via torrent will probably use encryption just to ensure a quicker download.

  2. Re:Could someone clarify... by DaleGlass · · Score: 5, Informative

    It's not for that.

    Encryption prevents traffic analysis, which means that a router can't easily detect that something is a BitTorrent connection and throttle it.

    Really this seems to be a case of "the more you tighten your grip, the more will slip through your fingers". The excessive amount of filtering first made sure that about everything learned to talk over port 80. Now they'll add encryption over that, so that ultimately a large percentage of traffic will be completely opaque and going through port 80, making it pretty much impossible to filter.

    There might be a consequence for the RIAA though: It means that no traffic analysis will tell you what somebody is downloading. Sure you can see which computers and tracker are involved, but you don't know what's the file being transferred. So no way to tell anything by listening to traffic at strategic points, now you need to maintain a connection with a tracker for every file you want to monitor.

    As an user this doesn't seem like such a bad thing, but as a sysadmin it has the potential of becoming quite annoying. Read on what it takes to stop Skype from working for a preview of what might become universal eventually.

  3. Then they will throttle all encrypted traffic by cybergrue · · Score: 3, Informative

    Like a certain Canadian ISP is doing now.

  4. Re:Won't Work by PhilipPeake · · Score: 4, Informative

    You misunderstand how HTTPS works.

    When I connect to a https site, during the handshake the remote site gives me a copy of its certificate. I (my browser) do two things with that certificate: I validate that the domain name embedded in the certificate matches the name of the website I was asking to connect to, and I verify the signature on the certificate using the public key of the signing authority.

    Unless the ISP has private key of the signer, there is no way that they could possibly generate a false certificate on the fly - so I *know* I am talking to the server I wanted to connect to, not to an intermediate proxy server.

    once that handshake is complete, I and the remote site have a private encryption key which we both use to encrypt/decrypt traffic between us. The ISP can't do anything with that traffic but pass it through (or block it).

    The *only* way that an ISP could get in the middle would be for them to block ports 80 and 443 and insist that you configure your browser to use *their* proxy server. If you ever come across an ISP that does this, don't walk, run, to another ISP.

  5. Re:Won't Work by Skapare · · Score: 4, Informative

    You understand how HTTPS works, but not how a proxy works for HTTPS.

    When your browser connects to a proxy for an HTTPS method, it makes a CONNECT request. The proxy makes a TCP connection to the IP address and port requested and passes the traffic both ways unchanged and uncached. The browser then performs the usual certificate validation on the contents received from the remote web site.

    An ISP could force the use of a proxy. An ISP could disable HTTPS through their proxy. An ISP could slow down HTTPS through their proxy. An ISP could monitor your traffic volume through their proxy (or their routers). An ISP could record every encrypted bit going both ways. An ISP could also corrupt the encrypted traffic bits. But an ISP cannot interpret the bits in your encrypted traffic, nor modify them, in any meaningful way, without cracking the encryption.

    --
    now we need to go OSS in diesel cars
  6. Re:Or maybe.... by Technician · · Score: 3, Informative

    I'm simply delighted how law enforcement is called bad guys in this analogy =^.^=

    There is more than just law enforcement that is interested in the contents. BSA, RIAA and MPAA are the ones I was not mentioning by name. The US post office can open your mail.. But there is a huge red tape procedure to follow. X-ray is one thing to look for explosives. Opening every letter to see if it has the lyrics of a popular song by the RIAA is not permitted by the post office. Inspecting every letter by the DHS for bomb plans is also not permitted, except electronic mail. The post office may know you mailed a CD to your buddy. The package is not inspected to see if it contains the latest teen pop rap.

    Online the privacy standards are now seen as a problem to internet users as attacks on users are clogging up the court system an fleecing many to pay the extortion money to the settlement support center. If there was privacy, this would not be a problem.
    http://www.p2pnet.net/story/6337
    http://recordingindustryvspeople.blogspot.com/2005/09/suits-against-settlement-support.html
    http://arstechnica.com/news.ars/post/20051004-5382.html

    I did a Google search for the settlement support center. It must not be very popular. I could not find a link to the site.

    I had to search for RIAA demand letter to find the info. Even then, I found just refrences to the letter, but not a copy of the letter with information to the settlement support center.

    http://recordingindustryvspeople.blogspot.com/2007/04/uc-santa-cruz-passes-along-riaa.html

    --
    The truth shall set you free!
  7. Re:I tracked down the settlement support center by Technician · · Score: 3, Informative

    It took some looking. The article has a link to the extortion letter. The letter has the URL for the settlement support center. The URL in the PDF is not clickable.

    The page with the link to the letter is here; http://consumerist.com/consumer/riaa/the-riaa-p2plawsuit-letter-sent-to-college-students-241054.php

    The Settlement demand letter is here; http://consumerist.com/assets/resources/2007/03/riaaletter.pdf

    https://www.p2plawsuits.com/ Settlement support center link is here.

    --
    The truth shall set you free!