Slashdot Mirror
Encrypted Torrents Growing Fast In the UK
angryphase writes "The British Phonographic Institute (the UK's RIAA) has noticed a significant increase in the amount of encrypted torrents — from 4% of torrent traffic a year ago to 40% today. Whether it follows a trend for hiding suspicious activities or an increased awareness of personal privacy is up for (weak) debate. Either way, this change of attitude is catching the eye of ISPs, music industry officials, and enforcement agencies. Matt Phillips, spokesman for the UK record industry trade association explains, 'Our internet investigations team, internet service providers and the police are well aware of encryption technology: it's been around for a long time and is commonplace in other areas of internet crime. It should come as no surprise that if people think they can hide illegal activity they will attempt to.'"
Maybe it's because all the more recent clients are supporting encryption by default?
Life, the Universe, and Everything... in my image.
why anyone thinks the encryption will be effective? Since the RIAA (for example) catches torrenters by downloading the file from them in order to prove that they were 'making copyrighted content available', it doesn't really seem to matter whether or not it's encrypted. You're sending the RIAA a file that won't be encrypted on their end....
I'm curious. Do we all have a right (by DMCA in US) or otherwise to the encryption we put on our data? Does it take a court order or other legal instrument to lawfully break encryption? IANAL, but I would think that decrypting the traffic would be unreasonable search and invasion of privacy myself.
... or is this yet another hit on the use of privacy-protecting encryption?
I use encryption all day long in a very legal, legitimate form. (ssl/ssh/mcrypt) It's a core part of my operating principles - I don't even allow unencrypted connections to my production systems - EVERYTHING IS SSL ENCRYPTED.
So it really annoys me when the case is made that (encryption == criminal). Yes it can be used for illegal purposes. So can cars, guns, and tennis rackets. It's not the tool that identifies the crime, it's the crime that identifies the crime.
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Why why why why is it automatically assumed that encryption by non-government entities is in actual fact an attempt to cover up illegal activity?
I believe that in general, western societies have set up laws that generally respect the rights of an individual to whisper a secret in the ear of a friend and not be forced to reveal the message to anyone else. If I choose to encrypt email and torrent files, there is no reason that I should be thought guilty of some crime... fscking idiots.
It would entertain me greatly for them to find out that these illegal encrypted downloads were in fact, a Linux distribution.
Support NYCountryLawyer RIAA vs People
you know how antibiotics have a huge downside, in that the infection can evolve and become resistant? There's a similar downside to the RIAA's tactics with regard to torrents- now that everything is heading towards being encrypted, it's going to create a (somewhat) safe haven for child pornography to skip through undetected. If the traffic can't be monitored at all, then people you really are trafficking something terrible are going to be able to do it more easily.
From my research into the daily actions of differing people I meet and know, I would say that legal actions are hidden more closely than illegal ones. I grew up in a "mob town" of Rosemont, Illinois, and saw that most illegal activity was out in the open, relatively known by common citizens and the police department (both corrupt and straight). In the town I live in today, the drug dealers, prostitutes and other "criminals" are relatively out in the open also. Sure, there are a lot of criminals who attempt to obfuscate their identity or actions to try to get ahead of the law, but in reality, the best way to perform a crime profitablly is to just pay off the overseers of the law. Problem solved, and you can expand your market because you can be more open about it.
Yes it is the LEGAL activities that surprise me at how much people try to hide. Look at slashdot. My name, my real name, is right here. You can look me up and call me or visit my home. I hide nothing, why should I? Yet most of you are hiding your identities for whatever reason -- and how many of you are doing something illegal by posting here? Browse the blogs, too, and see how many people use their real names.
We hide more than that -- I brought up the question of sex (marital) with a friend, and he freaked when I asked him about his sex life. As if sex when you're married is immoral or illegal, but still people hide behind the idea that we need privacy about such matters.
Most of what the law officers do is hidden, with even FOIA acts not bringing much information to light. This is supposedly legal operations of people who serve me, and yet I have no ability to discern what they're doing, and if they're doing their jobs right. Again, hidden yet probably legal actions.
The more I look around my life, the more I am amazed at how private people are, because they're afraid that some of their actions may be construed as immoral, or immature -- yet most of the people in my life are doing the exact same thing as others, and just hiding it. We post on forums and blogs, but we feel we must keep our names private because others might see what we write, even if others are thinking the same thoughts, or if those same others pretend to believe in freedom of expression but may secretly use it against you.
In terms of encrypting torrents, I do. I run a video sharing site for church videos, and all our torrents are legal and public domain. Yet we encrypt it because unencrypted torrents seem to run slower (I'm sure there is a reason for this, but I never really inspected the protocol specs). Therefore, we encrypt not to obfuscate the legality of what we're sharing, but because the market's limitations on torrent sharing give us a need to encrypt so we can provide a higher bandwidth for the sharing of legal, public domain content.
Are most torrents legal? I have no idea, but I do use torrents to send large files to multiple people every day in a variety of markets I do business in. For me, the torrent is an awesome solution to a problem I've had for years dealing with large files.
This reminds me of an old quote,
"The internet interprets censorship as damage and routes around it."
Recording Industry associations: You are now being routed around. Congratulations.
Paul Anderson
"I drank WHAT?!" -- Socrates
Since when is BitTorrent only used for copyright violation and stealing music? I could be using BitTorrent completely legally, and still have an ISP trying to delay/block/throttle/etc those packets. If I encrypt them, it's harder to do.
Everything I say is a lie. Except that... and that... and that, and that, and that, and that... and that.
I had a talk about P2P networks recently with someone who is very non-tech (his son has a computer, and he won't go near it without a good reason and maybe some holy water to dispell the bane that resides within, despite being anything but a religious person). We had a talk about illegal filesharing and lawsuits, and it culmunated in his question "why don't they just outlaw that crap?"
I was kinda taken aback by that and had quite some trouble retaining my calmness at the question alone. But he was dead serious. Outlaw that crap and the problem is gone.
His train of reason was that he can't check what his kid does on the computer, whether he engages in the sharing of copyrighted files and thus it's easier for him if it was just outlawed. What doesn't exist can't be a problem.
That was quite an eye opener for me, especially why crap like our current legislations can happen without any kind of resistance. Actually, there are people supporting it. Mostly because they don't know jack about the situation at all. My question why he would like to incriminate his son automatically when he uses the program was answered with "If it is illegal to have it, he can't get it". It took quite a while to explain to him that the internet is international and that it's no problem to get it from abroad.
I received a horrified blank stare at this revelation. And the quite insecure question "He can get it from abroad? He doesn't have a credit card, he can't get stuff from there."
I'm not kidding you, this is not made up, this is real. Those people do exist. They don't realize that borders are meaningless on the internet, that national laws prohibiting the possession of software don't affect a thing, except to criminalize people who did nothing wrong. I had a very hard time convincing him that a law against P2P would only harm his son, not solve the problem.
I think this was the moment when I learned that I have to reconsider my strategy for getting support against such BS laws. First of all you have to explain to people that laws like this only criminalize the ones they want to protect, their kids, but laws like this don't protect their kids from breaking the law, intentionally or unintentionally. They want to protect their kids by eliminating the problem rather than trying to solve the problem. They do not want to deal with it.
And that's the underlying problem.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
This is easily detectable and rejectable.. Unless they are going to have different certificates for each site they are intercepting, and are willing to forge (and the CA is willing to forge) the certificate info to mask what is really happening.
It's also probably illegal, and definitely unethical, to circumvent the network security this way.
You misunderstand how HTTPS works.
When I connect to a https site, during the handshake the remote site gives me a copy of its certificate. I (my browser) do two things with that certificate: I validate that the domain name embedded in the certificate matches the name of the website I was asking to connect to, and I verify the signature on the certificate using the public key of the signing authority.
Unless the ISP has private key of the signer, there is no way that they could possibly generate a false certificate on the fly - so I *know* I am talking to the server I wanted to connect to, not to an intermediate proxy server.
once that handshake is complete, I and the remote site have a private encryption key which we both use to encrypt/decrypt traffic between us. The ISP can't do anything with that traffic but pass it through (or block it).
The *only* way that an ISP could get in the middle would be for them to block ports 80 and 443 and insist that you configure your browser to use *their* proxy server. If you ever come across an ISP that does this, don't walk, run, to another ISP.
Really?
There's over 100 million units of firearms in private hands in the USA. If the majority of them were used for crime, there'd be a lot of crime...
You understand how HTTPS works, but not how a proxy works for HTTPS.
When your browser connects to a proxy for an HTTPS method, it makes a CONNECT request. The proxy makes a TCP connection to the IP address and port requested and passes the traffic both ways unchanged and uncached. The browser then performs the usual certificate validation on the contents received from the remote web site.
An ISP could force the use of a proxy. An ISP could disable HTTPS through their proxy. An ISP could slow down HTTPS through their proxy. An ISP could monitor your traffic volume through their proxy (or their routers). An ISP could record every encrypted bit going both ways. An ISP could also corrupt the encrypted traffic bits. But an ISP cannot interpret the bits in your encrypted traffic, nor modify them, in any meaningful way, without cracking the encryption.
now we need to go OSS in diesel cars
> The real world security breaches have shown the need.
I don't know if it's "security breaches" per se. After all, encrypting the torrent does NOTHING to prevent anyone who knows that that torrent contains copyrighted material from finding your IP from the tracker and going after you legally.
The ONLY thing it does is bypass some ISP-level throttling aimed at BitTorrent traffic. In other words, the ONLY reason people use it is because it makes the torrents go faster, rather than being stuck at low speeds.
That said, more people are probably doing it because it's on by default. And the reason it's on by default in more clients is because it's faster.
So yeah, the spokesman here is an idiot. Encrypted torrents will NOT help you evade responsibility for sharing copyrighted materials. Not even a little bit. This guy is a dumbass.
It is a given that there are 100 million privately owned small arms in the US of A.
(It is actually 192 million, including 65 million handguns, ref. Cook PJ, Ludwig J. Guns in America: Results of a comprehensive national survey on firearms ownership and use. Police Foundation. Washington DC. 1996.)
You assumed that the majority of them used for crime.
A majority is more than 50 percent.
50 percent of 100 or 192 million is 50 or 96 million.
The fact that you can step outside your home without being peppered with lead should make it clear that you're wrong on the majority = crime part.
And I won't try debating with you about the fact that criminals will always have guns, as they always had. And I will not say that short of orbital bombardment there is only one thing to keep YOU safe from millions of enemy guns: billions of guns in the hands of neighbors that are mentally sane, lawful and courageous. (It's actually sufficient to have them sane and friendly.)