Slashdot Mirror
New Tool Promises To Passively ldentify BitTorrent Files
QuietR10t writes "A new technique has been developed for detecting and tracking illegal content transferred using the BitTorrent file-trading protocol. According to its creators, the approach can monitor networks without interrupting the flow of data and provides investigators with hard evidence of illicit file transfers. 'Our system differs in that it is completely passive, meaning that it does not change any information entering or leaving a network,' says Schrader." I wonder if it can specifically identify legal content, too.
For the record, I have a rule in my iptables that specifically turns off the "evil bit" in any of outgoing packets. Thank God for Linux! =)
And my $200 24 port gigabit switch from Dell will do it. And that's a cheap piece of crap. For the 3 of you who don't already know, You specify one port on the switch to receive a copy of all traffic on the entire switch, a vlan or a specific port. Then you can hook etherial to that port and monitor all of the traffic without modifying the original. OOOOhhhh, magic eh?
Anyway, even after I RTFA, I still didn't see anything that this thing does that my cheap port and a P2 running etherial couldn't do.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
I wish people would stop repeating this urban legend. ISPs do NOT have common carrier status. I wish they did, but they don't.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
More restrictions on content? More encryption.
Better cracking techniques? Better encryption.
Tyrannical government? Revolution.
Another drawback is that the system cannot cope with encrypted files. "Today, about 25 percent of BitTorrent traffic is encrypted," says Schulze. If such a tool became widely used, then anyone with something to hide would almost certainly switch to using encryption, he says.
If you make breathing illegal, only criminals with breath.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
So, you're telling me that, given a set of hashes corresponding to "Prohibited content" and access to all the packets moving across a network, you can detect prohibited content? Why, it's a miracle of science!
Seriously, this is news? It has been possible, with the complicity of the router or physical access to the wire, to unobtrusively and undetectably tap a network since forever. That isn't news. And being able to identifiy files whose hashes you have ahead of time? Also not news, especially since bittorrent uses hashes extensively itself, and was never designed for subtlety or concealment.
I realize that Technology Review lost interest in technology years ago, and now spends most of its time fellating venture capitalists; but this is pathetic.
If I read the article correctly, what they're really doing is looking at the BitTorrent infohash, which is used when communicating with the tracker and other peers to identify the torrent. (The infohash uniquely identifies the torrent.) Having a different infohash for each peer would require significant BitTorrent reengineering, I would think.
However, it's defeated by encryption, cannot legally be used in the U.S. or Europe by ISPs, and relies on a blacklist of illicit torrents.
I'm assuming this has no chance of defeating encrypted connections?
The article explicitly says it cannot recognize encrypted files as the method cannot identify them with a hash. Although, I doubt anyone could think of a good way to ID files in encrypted BitTorrent.
I thought my summary submitted this morning did a better job describing this but you should note that this has some key things to overcome before it can be used:
They seriously need to overcome these obstacles before illegal file sharers should worry about it being used to target people.
My work here is dung.
They SHOULD. As long as they do not alter or supply content themselves.
The whole concept of common carrier was to account for services such as ISPs. Of course telephone systems were the first real examples, but the concept is still the same: a communications channel, where a service can carry those communications from point to point, without altering, supplying, or monitoring content.
I know of no logical reason why ISPs should not be "common carriers". They are ideal candidates to be. As long as they keep their fat fingers off the content.
And THEY should be in support of the concept, because if they cannot claim the "common carrier defense" (i.e., no responsibility for content), then they have some very heavy legal liability issues that common carriers do not have to deal with.
They seriously need to overcome these obstacles before illegal file sharers should worry about it being used to target people.
I strongly disagree. People need to start raising hell about this Big Brother bullshit now. Technology like this operates under the assumption that ALL users are criminals until proven innocent and blatantly violates the 4th amendment(in the U.S. at least).
Furthermore, does anyone here honestly believe that this type of technology will only be used to stop copyright infringement and kiddie porn? This technology smacks of oppression and the quashing of political dissent.
Power does not corrupt - power attracts the corrupt.
This doesn't identify someone downloading a file via bittorrent, it identifies someone downloading a *.bittorrent file (presumably via http).
This is a non-issue. If anyone actually starts using this, trackers will just start using shttp for their torrent files. They're small and (relatively) low traffic, so it would be a negligible performance issue.
The only notable thing about this article is that it points out how clueless tech journalists really are.
The reason ISP's are not common carriers dates back to dial-up modem Internet. The Telco's wanted to charge ISP's by the minute just like they do long-distance carriers for access to their network. The FCC got involved in this and used AOL as a model. AOL had these huge caching servers so AOL customer's web page requests rarely went out onto the Internet; instead they were served from the caches. So the FCC ruled that ISP's were delivering content and were not themselves carriers.
The Telcos are now (with broadband) satisfied with the content provider status as it saves them a lot of headaches, fees and taxes on their own Internet services. Broadband is far closer to a carrier service than a content service, but I don't see thing changing.
Here's my implementation. It also hasn't been tested for false-positives, but I'm hopeful: