Slashdot Mirror
Privacy In BitTorrent By Hiding In the Crowd
pinguin-geek writes "Researchers at the McCormick School of Engineering and Applied Science at Northwestern University have identified a new 'guilt-by-association' threat to privacy in peer-to-peer (P2P) systems that would enable an eavesdropper to accurately classify groups of users with similar download behavior. While many have pointed out that the data exchanged over these connections can reveal personal information about users, the researchers shows that only the patterns of connections — not the data itself — is sufficient to create a powerful threat to user privacy. To thwart this threat, they have released SwarmScreen, a publicly available, open source software that restores privacy by masking a user's real download activity in such a manner as to disrupt classification."
Vuze (azureus), which I dropped because of how bloated it is. Why java? utorrent is the way to go.
Absolute power corrupts absolutely. indymedia
Now my downloading of Linux ISO's and pre-release movies is going to be mingled with horse porn. Just what I always wanted.
But now this thing will start running kiddie porn and illegal software, viruses and Malware though my connection as well so that I don't get classified as any.
I'd love to see what defence you use when your door gets bashed in in the middle of the night.
RIAA Lawyer: We obtained a warrant to search the defendant's home when traffic was identified as being characteristic of SwarmScreen. When the defendant's machine was recovered, we discovered they indeed had SwarmScreen installed--a program only used to subvert our techniques of classifying thieves. That, ladies and gentlemen of the jury, should be enough for indication of guilt.
...
The endless cat & mouse game continues
OK, so even if I only use bittorrent to download legal files like Linux disk images, SwarmScreen will randomly download packets that may or may not be chunks of a copyrighted file just to confuse the copyright police. Sounds like a great idea.
Bloat is not the word.
Vuze is a F-ing multimedia billboard.
It even plays commercials while you try to figure out what the F--k you just launched!
All the tools to tweak it as to not piss off my ISP are gone. I went uTorrent and kicked myself I didn't do it sooner.
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
Can companies that use bit-torrent to do legitimate work speak out in its defense? I fear the "guilty by association" is much more along the lines of "you use bit-torrent, therefore your guilty".
Frankly if this improves upon that, it might be a help to bit-torrent users that aren't pirates.
Think Deeply.
It does not necessarily have to do with stealing. It is a privacy concern. Do you want someone being able to watch you without you knowing and getting a ton of information about you by doing so? Whether or not I am stealing, I do not want that. I suspect you do not want that either.
Okay...
According to TFA, their software will download random data from BitTorrent to your system to hide what you really wanted to dowload within a cloud of random downloads.
Are you SURE you want to allow random data from BitTorrent to be downloaded onto your computer? There's a LOT of stuff out there that I wouldn't want even the remote chance (e.g. being selected randomly) of having it on my computer.
Just sayin'.
-JJS
Here's a summary of their findings, because the one provided by Slashdot doesn't really do a good job in my opinion of describing it.
BitTorrent downloaders apparently fall into "communities" that have very similar downloading patterns. In light of this, they think that it would be possible for an argument to be made, that if one member of a community is downloading X, that the behavior can be imputed through guilt-by-association onto all other members of that community. Therefore, you wouldn't necessarily need evidence that a given member of a community actually engaged in the downloading, due to the high degree of correlation between community member downloads.
This strikes me as a bit of dubious reasoning from a legal standpoint, as just because you hang out with a bunch of mobsters all day, and there's a high correlation of that with committing theft, doesn't mean they can try you for robbery just through guilt-by-association without more evidence that you're a robber. Still, courts have made weird conclusions in the past simply because computers and the Internet are involved.
For now, their software and idea mostly seems like a neat proof-of-concept. Until someone actually tries to deploy this legal argument in a court somewhere, I don't think I'll be losing too much sleep over this. Might be worthwhile for someone in a totalitarian regime that for some reason needs to be downloading over BitTorrent, but I don't know how realistic a concern that really is.
It seems like more and more of Cory Doctorow's book "Little Brother" is coming to life. In relation to this article, see chaff.
Could just save yourself the trouble and get a usenet account with SSL..
You can't take the sky from me.
...alright...why terminal? Raw socket is the way to go!
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Plus this is old news, apparently: Release Date: 6/18/2008
Unless you can interface directly with the network media using a battery and a metal pin, STFU.
Your head a splode
By firing up random connections, this only protects you from an ISP that is profiling your use. The MPAA can still go fire up a bitorrent client, join a swarm downloading content they claim copyright on and start writing down the IP of everyone who is participating. And then they call up your ISP. this 'masking' technique doesnt actually 'mask' anything very well.
While this seems like a great idea if you're being targeted at random to see what you're downloading (and by proxy getting the community at large) it won't help if Symantec, MS, EA, etc., catches you downloading their software from a honeypot seeder. It seems to be that the only true protection is the use of darknets and sharing with friends only.
The only problem there is it isolates the users from the community so much that it's hard to get the wares because there is no set distribution pipe, only the hopes that somebody in your darknet/friends list downloaded what you want. Otherwise you must begin the search for a network that has what you're looking for, and hope you can trust them to not be law enforcement.
Ah, if the concern is to perhaps be falsely accused of masking your download content with SwarmScreen, then why not just write in that feature to every torrent client out there?
Yes, we know where this COULD go in the legal system, but oddly enough, Common F. Sense has reported absent from our legal system for the last decade or two...
Anyone give that a shot? Memory serves it has a Tor plugin right off the bat...
I just stare very hard at the wire.
In a study I just made up, 67% of people who steal music are more relaxed, swear less and use less caps when posting on forums.
Can't I just mask my IP via a proxy and leave it at that? If they're watching traffic on 000.00.0.000 and I am using 000.00.1.000 then what is the consequence of someone monitoring the traffic?
Obligatory xkcd
The days of the digital watch are numbered.
I can get WiFi on the fillings in my teeth.
Oh, hang on a sec, downloading an attachment!
"But this one goes to 11!"
What do you need the battery for? Stick the pin in your brain at one end and use nerve impulses to generate the charge to send the signals with ...
Who's stealing? All I do is engage in consensual transfers of data with like minded individuals.
Give me Classic Slashdot or give me death!
I just buy my porn and stare at that instead.
So there is a potential privacy threat that is not currently being exploited. If it were to be exploited it would by at the ISP level, most of whom do not care one bit about copyright. They do however care about the huge amount of data transfer across their networks for BitTorrent.
So the solution to a "potential" threat the ISPs do not care about exploiting is to create a system that will increase data transfer amounts by X depending on the level you select. Which is something the ISPs WILL care about, and WILL do something about.
Maybe someone can develop a plug-in that will just paint a big bulls eye on my front door too... oh wait...
If that alone were not bad enough what about the harm this will do to BitTorrent directly? Random Idiot wants to download a single new release movie so they turn this POS on and start downloading another 10 "Cover Torrents"... great, now the extra load starts swamping trackers and real users can not connect to the tracker, at least not until the tracker forks over a bunch of cash for server upgrades. Then the swarms start to suffer because X percent of what everyone is seeding back is going to those "Cover Torrents" instead of to real users who may at least attempt to be good users and keep seeding a torrent back for some time.
Someone remind me what the point of this plug-in is again?
heh. wouldn't it be funny if a user was downloading soame basically inocuous copyrighted crap but the app swarmed him with kiddie porn, hehheh.
yikes.
- js.
Agreed. The word is adware.
Is your tooth blue?
That was a virus. Now you have AIDS.
At what point did it become OK to steal shit because we think the price is too high?
At the same point at which some people thought "there, I did some work, now you will pay me for the rest of my life and I won't have to work anymore. You, however, will have to work for the rest of your life, so that you could pay me for the rest of my life".
And I also record stuff from TV. I have 40 VHS tapes from the last year to prove it.
You're stealing everyone's time and bandwidth, posting uninformed crap like that.
I can get WiFi on the fillings in my teeth.
That's nothing. I have Linux in my brain implants.
Oops SwarmScreen: 3/9/2009: First version (0.2) released!
if this plugin creates connections to multiple torrents to disguise your behaviour, could you suddenly be getting cease and desist orders for stuff that you havent acctually downloaded or wanted in the first place ? that raises the question again of when you are committing piracy, when you download or when you use the download(app) or watch the movie? i m confused but i get confused easily.
Where do the faxes come out when you receive one?
what in the devil are you talking about? is that a new version? are you running it in simple mode?
seriously, i used Vuze last night. there were no ads, no commercials, nothing. i always run in advanced mode. there is a menu bar and 2 windows: uploads, and downloads. i don't use it to play media or manage the files. dump files to the desktop and i move them where i want.
shit, if there are commercials in the new version i am not going to update.
I taped music off the radio and LP's when I was a kid. It seems to me that people really are saying that they don't like the price and they aren't going to buy it. I think that radio is an outdated legacy medium and a waste of bandwidth that should die and the frequencies should be used for wireless digital networks. I also think that current concepts of patent and copyright are just as outdated and backward. Perhaps this is the wrong forum to express this view, but if you are basing your business model entirely on trying to make a commodity out of something that can be reproduced at no cost by anyone using ubiquitous technology you might want to reconsider your business strategy. That isn't a justification for stealing, that is pragmatic realism. No matter how loud you yell in ALLCAPS, the kids are just not going to get off of your lawn. It's not going to be practical to round them all up and send them to jail for stealing either, because there are just too many of them and the jails are already stuffed full of harmless pot dealers. I suppose you could try to fine the hell out of them to recoup perceived loss but you can't get blood from a rock, especially these days. It seems to me that massive civil disobedience can be literally construed as criminal conduct but historically it is usually an indication from the citizenry that the law needs to change somehow because it does not reflect modern moires and sensibilities.
Rather than hiding your intended activity by adding random connections which increase overhead, why not help the networks? Have the plugin pick random torrents to participate in, so it is helping others with their downloads. It sounds like this plugin only makes fake connections, rather than actually doing transfers which help random people.
What do you need a brain for? Oh wait.
If one doesn't like eavesdropping, what's wrong with simply dropping connection attempts from the IPs of known or suspected eavesdroppers? If I'm using PeerGuardian, why do I need SwarmScreen?
Yeah, turn off the stupid Vuze interface and go back to classic. No billboards, just the downloading and seeding panes with a menu bar. I couldn't stand the new UI either!
"a user can achieve plausible deniability by simply adding a small percent (between 25 and 50%)"
Unfortunately, his teeth only transmit over IPX. Since the end of the Doom era, all the files in his head have been imaginary.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
If you are so scared about eavesdropping, why not set up stunnel, or pay for a service like secure-tunnel and run everything through that.....
You know, this is a much more VC-pleasing term. Let's use that.
For a similar service for Google Search privacy, http://searchfuscate.com/ will do random searches on all the major search engines to mask your activity there too.
If you're ever questioned about your search history, "I didn't do that - my home paged searched for it automatically" might be a defense.
I used it on windows for almost 2 years before I discovered uTorrent.
Its small, but I'd rather use a command-line based program than bittornado ever again. And why not rtorrent or utorrent? They're both well-developed and work flawlessly...
We're well-provisioned with RAM and bandwidth, so any non-toxic BT client will work fine for me. BitTornado's use of screen real-estate is also a non-issue (dual monitors with multiple desktops). I might give rTorrent a whirl some time. We're a linux-only home, so uTorrent is not practical (don't use Wine or Windows in VMs).
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Brain signals aren't TTL, you need something to power the voltage converter.
"To thwart this threat, they have released SwarmScreen, a publicly available, open source software that restores privacy by masking a user's real download activity in such a manner as to disrupt classification.""
Yup, that's right. I download Linux ISOs via P2P and I don't want others to know our market share is growing.
I'll be damned if I'm writing up a whole new response every time someone equates copyright infringement with stealing, so instead you can read what is mostly a comment I posted to a discussion of The Pirate Bay's trial (edited a little to be more universal)
Copyright infringement is a distinct thing from theft. They are two separately defined legal terms, plain and simple, not the same thing. They are both illegal. They are not the same crime.
The ethics of whether copyright law should be changed or abolished, whether infringement should be made legal (and hence would no longer be "infringing") and whether illegal copyright infringement can be right or moral are all entirely separate issues. The only thing I'm saying here is that "Theft" and "Copyright Infringement" are two clear and distinct terms with different meanings under the law. There is no reason whatsoever to conflate them, and pretend they mean exactly the same thing.
Well, not quite true - there is one reason, and as far as I can see it's the only reason, and that's because "Pirates are stealing our music" has more emotional impact then "Our copyright is being infringed". The whole "you wouldn't steal a..." campaign, for example, relies on erasing the difference in people's minds between theft and infringement, to make them feel bad about something they may otherwise have been doing without thinking about it. This doesn't change the legal side of things, only peoples' perceptions, but perceptions can be powerful. The industry are using that to their advantage and I for one don't like their way of doing it, so I'll insist on correct use of the terminology.
You could even draw parallels with Orwell (although doing so feels cliched) - the 'Newspeak' idea revolved around removing words with similar meanings so that varied and nuanced ideas would be collapsed into a single concept. All forms of political dissent, freedom fighting and the like would be lumped together with terrorism and criminality, under the label "thoughtcrime", making the not-so-bad sound as bad as the very worst. Putting theft and copyright infringement together under "stealing" is the same - suddenly infringement sounds just as bad as theft because you're calling both of them stealing.
Legally speaking, they're separate, and whether infringement is as morally bad as theft or not is a side issue to be determined separately (and personally) but if we let them convince us that they're just the same thing then the debate will be over without it ever having taken place.
Stop stealing and you won't worry about this shit
Most of the stuff that is "stolen" is p0rn which nobody cares about.
-- It is the mark of an educated mind to be able to entertain a thought without accepting it. -- Aristotle
This should either be modded funny or not upranked. PeerGuardian does less to prevent data-mining than deer whistles do to keep animals off truck bumpers.
Atari 2600. The console had only 128 bytes of RAM for runtime data that included the call stack! There was no frame buffer-- but some amazing things were done in 128 colors. .docx or xml files. In short, if people stopped buying proprietary software and could find decent honest people to sell and service boxen, holier than thou WASTING attitude will mean something. As it is, your only stroking your own ego, or should I say UTILIZING it?
Actually I have a point here- No one cares what you could do with a 386! In two years time, the "Quad-Core" monstrosity will be small and puny, too. Feature bloat that remains below Moore's law is perfectly acceptable. This is part of why M$ can not only inflate MSOffice, but also make past versions incompatible. WP8 won't open
Their idea is that RIAA or some such group could launch a "guilt-by-association attack" and create a kind of "mailing list" of users (specifically through the ISPs of users) to send out lawsuits. Your comparison to mobsters doesn't apply, because the threat isn't from law enforcement, its about rogue groups slapping civil lawsuits on people, in which case they can bring you to court on guilt by association- which sucks even if you're clean as a whistle.
However, you are correct in that so far no one has deployed this tactic, and SwarmScreen won't do much good unless large numbers of people start using it. Which involves accepting a performance penalty, against a vague and uncertain threat, without actually protecting the users identity.
IMHO it is less than proof-of-concept, it's an elaborate exercise in providing a false sense of security to torrent users. Its almost ugly.
Where do the faxes come out when you receive one?
Yellow-on-white in wintertime.
True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
Sometimes I think the only way to have a censorship-free internet is to for the routers and fiber to be distributed and interconnected among our houses and buildings, not owned and managed by any one entity.
Build your own energy sources from scratch. http://otherpower.com/
Atari 2600. The console had only 128 bytes of RAM for runtime data that included the call stack! There was no frame buffer-- but some amazing things were done in 128 colors.
You basically had to chase the scan line on those things right?
I never did any 2600 coding. I grew up with the Atari 8-bit home computers, never got into consoles. The Atari 800 was f**kin awesome though. Very neat architecture.
Actually I have a point here- No one cares what you could do with a 386! In two years time, the "Quad-Core" monstrosity will be small and puny, too. Feature bloat that remains below Moore's law is perfectly acceptable.
If you're in the business of selling the latest and greatest barely-beta-quality-at-release software, then yes, you're right. Otherwise, people that have to use the things and think they have to buy way overpriced software every 2 years just to have a usable machine actually give a shit and can't stand it.
This is part of why M$ can not only inflate MSOffice, but also make past versions incompatible.
And this causes more user confusion and help desk calls than anyone cares to admit. This in turn eats into the bottom line of people that use said software because they have to have an extra help desk monkey just to tell people how to do a "Save As..." operation in Office 2007 for the 5,000th time.
This is also why we are phasing out Office on all machines but the classroom machines for *gasp* MS Office classes.
WP8 won't open .docx or xml files.
Who gives a shit, tell them to resend in an older Word format or a different format. If they can't figure out the "Save As..." dialog box, they shouldn't be anywhere near a computer. Hell, there isn't a single OS X app that can't write PDF's.
Just because they're silly enough to want to use docx doesn't mean the rest of the world is.
It won't read ODF either, oh nooooooo!!!!!
Just because it won't read some other format from a COMPLETELY different vendor does not make it useless. docx won't make you type faster or save any more disk space than a WPS file. And I don't know a single word processor that won't read RTF for basic documents.
In short, if people stopped buying proprietary software and could find decent honest people to sell and service boxen, holier than thou WASTING attitude will mean something. As it is, your only stroking your own ego, or should I say UTILIZING it?
Statements like that usually come from MS shills or Hardware manufacturers.
Does Word 6 or Word 97 no longer run? Are there too many features in Word 2007 that didn't exist in Word 6 that 98% of users truly use on a regular basis? Most users just think of Word as a typewriter with a nice backspace key and fonts. The "power users" might know how to use tables, tab stops and might be able to pull off a mail merge or maybe a chart.
Filling landfills with perfectly good computers is pointless when they are still capable machines that could still be doing mundane work somewhere.
I can get WiFi on the fillings in my teeth.
Oh, hang on a sec, downloading an attachment!
Hope it's not pr0n... too late!