Slashdot Mirror
BitTorrent Devs Introduce Comcast-Proof Encryption
Dean Garfield writes "An article at TorrentFreak notes that several BitTorrent developers have proposed a new protocol extension with the ability to bypass the BitTorrent interfering techniques used by Comcast and other ISPs. 'This new form of encryption will be implemented in BitTorrent clients including uTorrent, so Comcast subscribers are free to share again. The goal of this new type of encryption (or obfuscation) is to prevent ISPs from blocking or disrupting BitTorrent traffic connections that span between the receiver of a tracker response and any peer IP-port appearing in that tracker response, according to the proposal.'"
Unless one side suddenly blows away the other, I don't see this ending. It may breed innovation, but said innovation only seems useful for this one problem.
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Most blocking systems use traffic analysis to block encrypted protocols, even the ones pretending to be something else. There's no way you can confuse p2p sharing with normal browsing if you look at the pattern of data flows.
Too bad we even have to fight this forgery by Comcast, but a technical option has its advantages, since a legislative option might get watered down by lobbyists and congress.
Encryption is always a good thing. The more people that use encryption, the less eavesdropping there will be.
How about, "if you have nothing to hide, hide it anyways"?
If I have nothing to hide, don't search me
I wonder how long it will take Comcast to figure out a way to thwart this new method. The blocking and obfuscation methods are only going to get more and more complicated from here.
What about BitTornado? Will it be patched to support this method? How about any other Linux-compatible BT clients?
-uso.
What you hear in the ear, preach from the rooftop Matthew 10.27b
Comcast will now probably simply impose soft traffic caps and soft caps on the number of connections users can make.
Comcast is trying to spin their actions as promoting fair use of the their networks. The truth is that ISP's profit from having data dumped INTO their network and have to pay hard cash for data LEAVING their network. By injecting RST's into the peers seeding traffic, they promote an asymmetric data flow that brings more data (and therefore money) into their network, while minimizing the money they have to pay other ISP's for data going out. This proposal provides protection against the throttling of their upstream Bittorrent traffic only if the ISP is not aware of the info_hash of the torrent. Once this data is known it is possible to apply common data tagging and congestion control techniques to squelch this traffic. All the service provider (or application developers like SandVine) has to do is monitor the common torrent sites, and dynamically update this hashes into the network filters. This is sure to deny a majority of the torrent traffic out there (movies, linux distro's, etc). Colin McNamara CCIE #18233
Colin McNamara - CCIE #18233 "The difficult we do immediately, the impossible just takes a little longer"
I am just a measly CCNA.
I am not worthy.
m(_ _)m
Now Comacast will need to keep a list of connections in order to guess that a torrent is running, instead of just looking at the packet. Good luck on that without a massive infrastructure upgrade.
"To those who are overly cautious, everything is impossible. "
It had to come to a head at some point. ISPs have been bitching about P2P for a while now. Let's get those secret docs on "unlimited" usage out in the open. Let's define what is acceptable and let's give users the ability to meter their usage. My prediction is 95-99% of us won't be affected by these new open bandwidth policies and ISPs can go back into the business of providing dumb pipes.
If you wanna get rich, you know that payback is a bitch
I agree that normal browsing and P2P are going to look obviously different so hiding P2P within HTTP is not going to be too difficult to detect. However, P2P could look a lot like an FTP download. How's traffic analysis going to be able to tell the difference between a P2P movie download that looks like FTP from real and legit FTP?
How long is it until they start throttling encrypted traffic too?
Wonder what the public key field is for?
They don't care about any protocol analysis. Any sufficiently long-lived, high volume, traffic flow between two IP addresses gets hit. I've had IPSEC VPN connections behave strangely and opened tickets, where the techs have admitted I had "accidentally" been flagged (IE, the IPSEC endpoints weren't on the whitelist, even though I have business class service).
The only way around this is to open multiple connections to different addresses, transfer small amounts per connection, and then shut it down, opening the next connection to a different endpoint. It requires a total reengineering of P2P, although the BitTorrent mechanism is closest to what would work.
I think the real trouble is the limit of forward data in general. Comcast along with ever other limiting provider needs to realize the needs of its users and open up a few more forward channels.
If they aren't already doing it (I dont know the exact technical details of what they are doing), ISPs like Comcast will simply start looking for anyone uploading large amounts of data (especially if they are uploading to a bunch of different people at once) and block that.
I'm surprised it took this long for the Bittorrent Devs to respond. Encryption is not a complete solution, as I have stated before, but it is a beginning. That is for certain .
.
It's going to get a lot more interesting from here on out. In the end, it will only benefit the consumers since they will receive technology that allows them to communicate a little more privately, and perhaps with a little luck, more anonymously too. One could only hope that TOR/Freenet technologies become as ubiquitous in their use as email. Perhaps a hybrid system with elements of Freenet, TOR, and Bittorrent all wrapped up into one would do the trick. I certainly think so.
I think, actually I know, that Comcast has fired the first shot in a losing battle.
I also just can't help pointing out the similarities to the Drug War. A million or so people in prison, and yet there are still plenty of users and suppliers. I would almost say it has effectively made no difference in the amount of people using drugs, or selling them. Especially, since the amount of drugs being sold and used in prisons is even higher then on the street.
So what is the point? If history has taught us anything, it is that governments (corporations even more so) will consistently fail at their attempts to limit/eliminate popular behavior. The elements may change from time to time, but the end result is always the same. The people will find a way to continue their behavior
"Greetings, Professor Falken. Strange game. The only winning move is not to play."
BitTorrent 1, Comcast 0 xD
One of the things I'm curious about is what kind of collateral damage this kind of thing does to legitimate traffic. Oddly enough, I couldn't get to expedia.com, transformers.com (hey, I have an eight-year-old), and store.apple.com when I first got Comcast. A couple of months later, when the news first broke that they were screwing with the traffic, those sites suddenly started working. Nothing changed at my house, and all of them started working at once.
Possibly coincidence. Possibly not.
Could one use port 80 and some kind of fake http encapsulation?
Or they could have gone with the simplest solution possible. Drop the hogs. Their TOS allowed them the legal right to, and it requires no investment in new hardware or software. As for the illusion of upgrading the network solving the unlimited problem?* Well unlimited by definition can't be solved by any technology. What comcast givith, hogs will find a way to take away. Maybe another arms race to P2P the vampire upgrade?
*Let alone physics tells you there's no unlimited communications network in existance. Every form of communications has limits of some kind.
http://it.slashdot.org/comments.pl?sid=450792&cid=22391864
Happened a little later than I expected, but it still happened! Good work.
Ok so we have Britain proposing the monitoring of the entire internet, Australia is proposing an ISP-level filter, US cable companies are doing their own selective torrent throttling and various countries such as China already have expansive firewalls and filters in place. Even if this proposal falls through, or is modified somehow, I think we're going to have to accept that governments are in the pockets of the media companies and service providers will target users of p2p because, in their opinion, they aren't making as big a profit as they might like.
The next step is to ask what we, as the science, engineering and computer-loving community who have been using BitTorrent and various other protocols for legitimate uses before all the kids figured out they could score Amy Winehouse albums for free, can do to either circumvent the policies initiated by the above various groups or to bypass them completely.
Napster, Limewire and the first generation p2p clients collapsed so BitTorrent was designed and users flocked to it. Now it appears that BitTorrent is going to suffer the same fate (if not now than definitely in the near future - the increasing pressure put on ISP's and governments around the world by copyright holders is going to see to that).
We can't afford to fight fire with fire. Invasive laws and techniques used by companies such as Comcast may be un-Constitutional, or against the terms of service but the average p2p-user can't afford to launch a civil case against one of the biggest corporations in the USA. My suggestion is for a new protocol to be established, with the emphasis on sharing legitimate files such as patches, Linux ISO's, videos, game demo's etc. Inevitably the first people to jump onto the new system will be the true geeks (By this I mean your average Slashdotter) and by doing so, they can utilise it to its full extent (Something like the early days of BitTorrent) whilst the MPAA/RIAA flog a dead horse.
Of course it's only a matter of time before pirates jump onto the new protocol and then we watch the whole show unfold again. However p2p-users have proven resourceful and it's only a matter of time before yet another protocol is developed and the cycle continues. But the advantage lies with us. The cost to the developer of something like BitTorrent is minutely small when compared to the hundreds of millions of dollars MAFIAA throws away in its attempt to stop piracy. If we keep it up long enough we might finally get the message across that p2p != piracy, or we might simply bleed them dry.
http://www.azureuswiki.com/index.php/Avoid_traffic_shaping
I thought azureus already did this?
Why does BitTorrent use TCP at all? If it used UDP, there would be many ways to detect and ignore forged packets.
Non-trivial applications are almost always better off managing their own connection state in my experience. A lot of TCP/IP networking code seems to be written to work around the quirks of TCP connections rather than to take advantage of them. UDP is clearly the better choice in cases like this.
Even if Slashdot's a little bit slow,
Your troll is going to fail, you know,
You just used up your last chance, yo,
If tits are a myth, then GTFO.
You impose a restriction somewhere and this will cause the system to react with a sollution to develope further...
;-)
Or is there some intelligent design behind it?
That is how much Comcasts revenue grew by last year - 54%.
I think they're probably ok with how their business is growing...
Anything stronger than rot-13 will do.
Even if it only takes an ISP 0.1 seconds to "crack" a packet then there's no way he can crack the millions of packets per second flowing through his routers.
No sig today...
If they ever do manage to completely block P2P then they might find themselves looking at a bunch of customers who only want 300kbit connections instead of 20mbits. What are they going to do? Slash their prices to the same as the small ISPs who can offer cheaper/slower connections? I think not.
No sig today...
Reportedly most of it comes from botnets:
Insecure machines that were taken over by hackers and whose clueless owners did not notice anything. Or even don't care.
Now if ISPs start selling traffic by the gigabyte (again - it was not uncommon a few years ago), the owner of those spam-slaves would notice it on their internet bills. At that point, I think securing one's machine would become a lot more popular and the botnets would shrink. Overall result:
less spam and DDOS attacks.
Considering the inbound hacking attempts, my father still has a 2 GByte/month plan and so far I've heard no complaints about suddenly increasing bills. So it seems to be not that much.
C - the footgun of programming languages
Allow for a proxy list where if a proxy connection is not working it is automatically connected to the next working connection. Everything on the proxy has multiple simultaneous connection where all Comcast sees is the one proxy connection. All the proxy sees is encrypted data flowing to multiple peers. As long as your proxy is not *iaa.net you should be good to go.
I regret that I only have one mod point to give per post.
From what I've seen so far, the devs all make any encryption in their clients optional. It's a feature the end-user has to enable. It doesn't do any good to continue to make the encryption optional, with the default setting being off. You can have all of the encryption in the clients/protocol you want, but if you don't force it to be on as the default, then a large majority of end-users probably won't be bothered to go hunting through settings to enable it either.
Ergo, there's no point to adding the encryption in the first place if hardly anyone is going to use it by default.
I happen to use it because my ISP does dirty tricks to torrent traffic (AT&T uses Sandvine as well, and they are my ISP's upstream provider, even though my ISP is a cableco and not a telco). With my hardware firewall (based on IPTables) configured to drop all RST packets on my torrent ports, and encryption enabled (and a sane number of total connections set in the client), I can actually torrent again just fine without any other added encryption at the protocol level. But that's because I actively put in a good amount of time researching how to do so and actually implementing it. Your average torrent/p2p user can't be bothered doing that.
@Mindless Drivel: 100% of Twitter posts ever Tweeted.
Really, everything should be encrypted and obsfucated in this day and age. I don't care if i'm just downloading the latest kubuntu CD which is legal ( today anyway ), its really not the governments/ISPs business.
As far as throttling, if they want to throttle ALL use and state that in their TOS that they now have speed-limits, fine. But don't pick out one or 2 things to monitor/throttle. because it *might* be used improperly. ( hint: anything can be, so its either all or nothing )
---- Booth was a patriot ----
You do know that by publishing this info Sandvine will find out, make a patch, and once again they will be in the same spot as before.
more like
(_)(_)|D
amirite
Interestingly enough, that's EXACTLY how I2P works.
http://www.i2p.net/
Comcast has decided that it is more profitable to not do the right thing. (typical old-school corporation)
Until the BS they're pulling somehow starts affecting their bottom line, they are not going to change. Most of their customers simply have no choice. It's business heaven for them.
And on the subject of affecting their bottom line, anybody got any ideas?
Mever nind the typos.
"Bandwidth in the US pretty much sucks. The lack of cheap&abundant bandwidth is motivator for things like P2P, not iTunes or Netflix."
This is just another P2P myth. There's no savings for you as far as bandwith is concerned. There's a savings for the originator, but not you and in fact since P2P requres you share that download, the bandwith consumed is greater than say a straight download.
Seriously, do not underestimate the transfer speed of a hard drive fedexed overnight.
I'm not sure what most banks actually use, I'm sure that the local 500 member Credit Unions doesn't get an OC-3 laid into their broom Closet I mean Data Center. Remember SQLslammer, it took out a lot of ATM machines by clogging the internet with jibberish, I think a lot of "banking security" is smoke and mirrors with a good dose of VPN for good measure.
We were discussing plans to roll out an optiman to one of our bigger offices, where Marketing may be relocating. When the monthly cost came up, a Marketing VP said, "Can't we use Comcast? They advertise the same speed and are a lot cheaper."
P.S. We have point to point T1s from our branches to our data center, with one central internet connection (not counting our backup stuff). Our branches and ATMs are all on our private network, not the general internet.