Privacy In BitTorrent By Hiding In the Crowd

← Back to Stories (view on slashdot.org)

Privacy In BitTorrent By Hiding In the Crowd

Posted by CmdrTaco on Thursday April 9, 2009 @02:09AM from the even-kids-can-still-find-waldo dept.

pinguin-geek writes "Researchers at the McCormick School of Engineering and Applied Science at Northwestern University have identified a new 'guilt-by-association' threat to privacy in peer-to-peer (P2P) systems that would enable an eavesdropper to accurately classify groups of users with similar download behavior. While many have pointed out that the data exchanged over these connections can reveal personal information about users, the researchers shows that only the patterns of connections — not the data itself — is sufficient to create a powerful threat to user privacy. To thwart this threat, they have released SwarmScreen, a publicly available, open source software that restores privacy by masking a user's real download activity in such a manner as to disrupt classification."

49 of 240 comments (clear)

only works with by esocid · 2009-04-09 02:11 · Score: 3, Insightful

Vuze (azureus), which I dropped because of how bloated it is. Why java? utorrent is the way to go.

--
Absolute power corrupts absolutely. indymedia
1. Re:only works with by Akido37 · 2009-04-09 02:14 · Score: 5, Insightful
  
  Vuze (azureus), which I dropped because of how bloated it is. Why java? utorrent is the way to go.
  Vuze's bloat problem isn't Java.
  
  It's feature creep. Sometimes I just want to download a torrent.
2. Re:only works with by 0100010001010011 · 2009-04-09 02:17 · Score: 5, Funny
  
  Utorrent, which I dropped because of how bloated it is. Why GUI? rtorrent is the way to go.
3. Re:only works with by talz13 · 2009-04-09 02:18 · Score: 3, Insightful
  
  Since it runs on every platform that supports java? Since it has useful plugins? Since taking up 1% of my CPU and 300MB of ram to seed 10 torrents doesn't bother me much on a quad core with 4GB of RAM?
4. Re:only works with by FinchWorld · 2009-04-09 02:23 · Score: 2, Funny
  
  "Since taking up 1% of my CPU and 300MB of ram to seed 10 torrents doesn't bother me much on a quad core with 4GB of RAM?"
  So you like things needlessly eating up more resources? Man, you should run a vista vm, inside a vista vm, on vista!
  
  --
  "I may be full of crap about this game, and I may be wrong, and that's fine." -Jack Thompson
5. Re:only works with by Rip+Dick · 2009-04-09 02:24 · Score: 5, Funny
  
  Yeah, it's 4,500K memory footprint is ridiculous.
6. Re:only works with by courseofhumanevents · 2009-04-09 02:26 · Score: 4, Funny
  
  I wish there was a +1 Correct mod. This isn't exactly insightful or interesting.
7. Re:only works with by wud · 2009-04-09 02:27 · Score: 2, Informative
  
  i use torrent flux, and it destroys everything else. LAMP based, so I can access it from any computer in my house. I strongly recommend it. http://www.torrentflux.com/
  
  --
  wud
8. Re:only works with by Larry+Clotter · 2009-04-09 02:34 · Score: 2, Insightful
  
  So you like things needlessly eating up more resources?
  What's the point of buying RAM and CPU only to have it underutilized all the time? You might as well go back to only having 16 megs of RAM and a 386 if you are going to complain about 1% usage of CPU and 7.5% usage of total RAM.
9. Re:only works with by drchoffnes · 2009-04-09 02:37 · Score: 4, Informative
  
  (From the one of the software authors) UTorrent doesn't support plugins and is closed source. If that were to change, we'd happily develop for it.
10. Re:only works with by KenMcM · 2009-04-09 02:38 · Score: 5, Informative
  
  That'd be +1 Informative.
11. Re:only works with by Kjella · 2009-04-09 02:40 · Score: 3, Insightful
  
  Vuze's bloat problem isn't Java.
  While I know some stunning things done in java, the four most bloated applications I know are also written in java. I guess it's like C/C++ and buffer overflows, those who like the langauge say good developers don't do that but in practise java seems to lend itself easily to bloat. In theory any developer can do anything in any language that's Turing-complete, it all comes down to how productive real developers are in practise...
  
  --
  Live today, because you never know what tomorrow brings
12. Re:only works with by Anonymous Coward · 2009-04-09 02:42 · Score: 2, Funny
  
  What's the point of buying RAM and CPU only to have it underutilized all the time?
  You over bought then. If global warming is a real concern, then it should matter to you that software is inefficient. True it may not matter a lot that one person is running some bloatware, but when you've got three hundred million people running bloatware, then being a few percent more efficient makes sense.
13. Re:only works with by AliasMarlowe · 2009-04-09 02:45 · Score: 4, Funny
  
  Vuze's bloat problem isn't Java.
  It's feature creep. Sometimes I just want to download a torrent.
  I'd call it malfeature creep with a commercial bent, in an unnatural union with a hideously malformed GUI.
  I installed Vuze innocently and optimistically enough, but as soon as I started it and saw the abomination appear, its days - nay, minutes - on my system were numbered. It was utterly expunged after a quick kill.
  
  --
  Those who can make you believe absurdities can make you commit atrocities. - Voltaire
14. Re:only works with by Ilgaz · 2009-04-09 02:54 · Score: 3, Insightful
  
  Well, it seems to be open source and gives the developers all the stuff they need to code such a plugin. Except memory usage (which I got plenty to use), I don't see it uses more than 2-5% CPU too. As a person who wants to use P2P technology but in a way that I can pay for the content, their "Vuze Guide" gives me what I need too.
  and uTorrent? The one acquired by DRM loving Bittorrent.com because it was way too popular compared to their junk client and nobody knows what is inside it anymore? Before attacking an application as "bloated", pick your other suggestion well.
  Even if it supported plugins, releasing such a privacy enhancing plugin for uTorrent would be the irony of the month.
15. Re:only works with by Ilgaz · 2009-04-09 03:11 · Score: 3, Informative
  
  Set it to Run in "Advanced Mode" on startup. And for "just downloading a torrent", I don't think anything will beat rtorrent from console.
16. Re:only works with by Mister+Whirly · 2009-04-09 03:13 · Score: 5, Funny
  
  Exactly. What is the point of having your CPU idle? Wouldn't the ideal be to use as much resources as you can all the time? I have never understood why people build these massive computing machines and then never do any serious computing.
  
  --
  "But this one goes to 11!"
17. Re:only works with by Ilgaz · 2009-04-09 03:17 · Score: 2, Informative
  
  Funny is, these are the same people demanding 64bit Flash plugin because they run 64bit browser on an 64bit OS.
  If Apple was decent enough (or developers could code anything actually multi arch) to release Snow Leopard for 64bit G5 Macs, I would upgrade to 8 GB (from 4.5 GB) on my Quad G5 in no time. Its max is 16GB btw.
18. Re:only works with by Ilgaz · 2009-04-09 03:22 · Score: 2, Interesting
  
  It took uTorrent guys 1 or more years to ship a OS X version even while their code is still i386 only. The idea of "run on every platform which has a sane Java and support everything" will keep sending developers/researchers to Vuze no matter how much it is attacked by Java and even paid commercial content hating hating people.
  Let me remind again that uTorrent is NOT an open source software which is also owned by MPAA/RIAA members partners Bittorrent.com.
  They do a great job hiding that fact lately it seems.
19. Re:only works with by Anonymous Coward · 2009-04-09 03:28 · Score: 3, Funny
  
  Correct! :)
  I mean.. informative!
20. Re:only works with by Maxo-Texas · 2009-04-09 03:47 · Score: 2, Informative
  
  Openoffice is written in c++.
  http://download.cnet.com/OpenOffice-org-Windows/3000-2064_4-10263109.html ...OpenOffice.org runs on Solaris, Linux (including PPC Linux), and Windows. Written in C++ and with documented APIs licensed under the LGPL and SISSL open-source protocols, OpenOffice.org allows any knowledgeable developer to benefit from the source...
  
  --
  She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
21. Re:only works with by perryizgr8 · 2009-04-09 04:34 · Score: 2
  
  aww, i should have really listened to my teacher's "don't ever cite wikipedia!".
  
  --
  Wealth is the gift that keeps on giving.
22. Re:only works with by totally+bogus+dude · 2009-04-09 04:59 · Score: 2, Informative
  
  Your bizarre "I've got so much memory I'd better use 300 megs to do tasks that could be done in 3 so as not to waste it!" made me laugh, so thank you.
  
  But if you have more than enough RAM to cover all the other tasks along with the torrents you are running why should you care? You seem to be complaining about usage of the system resources that is a pittance in the total pool of available memory and CPU.
  You're making the assumption that there is enough RAM to cover all the other tasks, but that's an assumption you're making based on your own usage patterns. Wasting a few hundred megs will reduce the amount of memory you can comfortably allocate to virtual machines, for example. Some software will happily suck up as much memory as it can to improve performance, e.g. database software (maybe he does development against large databases on his machine)? Games can use a lot of memory and are also good candidates for using as much as they can get in order to improve responsiveness in a highly visible manner.
  Additionally, while you're correct in that any memory not being used in a given moment is in a way "wasted", in that it can't be saved for later use, you also need to factor in the extreme cases that might occur comparatively rarely. As the person you're replying to said, torrents are considered by many to be a background task. Even when it's finished downloading, it is still doing useful work, and so many people prefer to leave it running all the time. In the case of a developer working on a memory-intensive application, that 300 meg hit to have a bloated torrent client in the background may be too much of a hit to take, resulting in them having to keep stopping and starting it depending on their activity.
  This is fair enough and expected for a computer with limited memory -- you can't possibly do everything at once. However if there's no compelling reason for a torrent client to be using 300 megs of memory, why would you want to bother stopping and starting it every time you need to do a bit of heavy lifting? Why not just run a client that uses a tenth or a hundredth the amount of memory and leave it running all the time and never have to worry about it?
  The other obvious problem is that most people have more than one application running at a time. What if your torrent client, your instant messenger, your web browser, your music player and your email client all decide to use a few hundred megabytes of memory for no apparent reason? Now you need 2 gigs of memory just to do very basic things. That's a waste of memory, in very real terms, and it's also a waste that's forced on everybody, not just those who choose to overspec their machines "just in case".
Ahh, great, just what we needed by galorin · 2009-04-09 02:14 · Score: 5, Funny

Now my downloading of Linux ISO's and pre-release movies is going to be mingled with horse porn. Just what I always wanted.
1. Re:Ahh, great, just what we needed by ndavis · 2009-04-09 02:18 · Score: 2, Funny
  
  Now my downloading of Linux ISO's and pre-release movies is going to be mingled with horse porn. Just what I always wanted.
  Nope instead it will always show you downloading a CD from the RIAA so they can send you a bill. This is the new idea to raise money you write a program that makes everyone look like a criminal.
  Maybe if we did do this we could invalidate their methods?
So now not only am I guilty being a linux nerd by Captian+Spazzz · 2009-04-09 02:15 · Score: 2, Interesting

But now this thing will start running kiddie porn and illegal software, viruses and Malware though my connection as well so that I don't get classified as any.
I'd love to see what defence you use when your door gets bashed in in the middle of the night.
1. Re:So now not only am I guilty being a linux nerd by Ontheotherhand · 2009-04-09 02:24 · Score: 3, Insightful
  
  The best defence must be to start objecting to the state behaving in such a facist fashion. Probably best to start objecting before they break down the door, though.
2. Re:So now not only am I guilty being a linux nerd by castironpigeon · 2009-04-09 02:28 · Score: 5, Funny
  
  Help! Help! I'm being repressed!
  
  --
  mmmm...forbidden donut
I Know Where This Is Going by Anonymous Coward · 2009-04-09 02:15 · Score: 5, Insightful

RIAA Lawyer: We obtained a warrant to search the defendant's home when traffic was identified as being characteristic of SwarmScreen. When the defendant's machine was recovered, we discovered they indeed had SwarmScreen installed--a program only used to subvert our techniques of classifying thieves. That, ladies and gentlemen of the jury, should be enough for indication of guilt.

The endless cat & mouse game continues ...
Re:only works with Vuze by denis-The-menace · 2009-04-09 02:24 · Score: 2, Informative

Bloat is not the word.
Vuze is a F-ing multimedia billboard.
It even plays commercials while you try to figure out what the F--k you just launched!
All the tools to tweak it as to not piss off my ISP are gone. I went uTorrent and kicked myself I didn't do it sooner.

--
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
Legitimate uses by olddotter · 2009-04-09 02:25 · Score: 5, Insightful

Can companies that use bit-torrent to do legitimate work speak out in its defense? I fear the "guilty by association" is much more along the lines of "you use bit-torrent, therefore your guilty".
Frankly if this improves upon that, it might be a help to bit-torrent users that aren't pirates.

--
Think Deeply. ...
Re:Here's an idea... by holychicken · 2009-04-09 02:26 · Score: 5, Insightful

It does not necessarily have to do with stealing. It is a privacy concern. Do you want someone being able to watch you without you knowing and getting a ton of information about you by doing so? Whether or not I am stealing, I do not want that. I suspect you do not want that either.
Download random data from BitTorrent by JeffSpudrinski · 2009-04-09 02:30 · Score: 5, Insightful

Okay...
According to TFA, their software will download random data from BitTorrent to your system to hide what you really wanted to dowload within a cloud of random downloads.
Are you SURE you want to allow random data from BitTorrent to be downloaded onto your computer? There's a LOT of stuff out there that I wouldn't want even the remote chance (e.g. being selected randomly) of having it on my computer.
Just sayin'.
-JJS
1. Re:Download random data from BitTorrent by Kjella · 2009-04-09 02:54 · Score: 4, Interesting
  
  If you actually read the details you will find that it's not really random, but random from a set you give it. So, if you give swarmscreen a site w/, legal software, then it would only download from there.
  Unless there's a significant overlap between both sources causing confusion on whether you're downloading legal or illegal content, I don't see how it can work. If it's as distinct as they say it should be easy to create a signature of legal sites and subtract any connections to them from your total bittorrent presence, effectively dissolving the smoke screen.
  
  --
  Live today, because you never know what tomorrow brings
Summary of Story by manekineko2 · 2009-04-09 02:34 · Score: 5, Insightful

Here's a summary of their findings, because the one provided by Slashdot doesn't really do a good job in my opinion of describing it.
BitTorrent downloaders apparently fall into "communities" that have very similar downloading patterns. In light of this, they think that it would be possible for an argument to be made, that if one member of a community is downloading X, that the behavior can be imputed through guilt-by-association onto all other members of that community. Therefore, you wouldn't necessarily need evidence that a given member of a community actually engaged in the downloading, due to the high degree of correlation between community member downloads.
This strikes me as a bit of dubious reasoning from a legal standpoint, as just because you hang out with a bunch of mobsters all day, and there's a high correlation of that with committing theft, doesn't mean they can try you for robbery just through guilt-by-association without more evidence that you're a robber. Still, courts have made weird conclusions in the past simply because computers and the Internet are involved.
For now, their software and idea mostly seems like a neat proof-of-concept. Until someone actually tries to deploy this legal argument in a court somewhere, I don't think I'll be losing too much sleep over this. Might be worthwhile for someone in a totalitarian regime that for some reason needs to be downloading over BitTorrent, but I don't know how realistic a concern that really is.
1. Re:Summary of Story by hemp · 2009-04-09 02:50 · Score: 2, Informative
  
  What world do you live in?
  Associating with known terrorist groups will automatically get you labeled as a terrorist and win you either execution or jail time.
  
  --
  Skip ------ See the latest from http://www.anArchyFortWorth.com
"Little Brother" come to life by yourexhalekiss · 2009-04-09 02:36 · Score: 2, Interesting

It seems like more and more of Cory Doctorow's book "Little Brother" is coming to life. In relation to this article, see chaff.
.... alright... Why terminal? Raw socket is the wa by SmallFurryCreature · 2009-04-09 02:42 · Score: 5, Funny

...alright...why terminal? Raw socket is the way to go!

--

MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Re:.... alright... Why terminal? Raw socket is the by c0p0n · 2009-04-09 02:48 · Score: 5, Funny

Unless you can interface directly with the network media using a battery and a metal pin, STFU.

--

Your head a splode
Only protects from profiling ISPs by bjamesv · 2009-04-09 02:50 · Score: 5, Insightful

By firing up random connections, this only protects you from an ISP that is profiling your use. The MPAA can still go fire up a bitorrent client, join a swarm downloading content they claim copyright on and start writing down the IP of everyone who is participating. And then they call up your ISP. this 'masking' technique doesnt actually 'mask' anything very well.
This only solves part of the problem by Crashspeeder · 2009-04-09 02:50 · Score: 2, Insightful

While this seems like a great idea if you're being targeted at random to see what you're downloading (and by proxy getting the community at large) it won't help if Symantec, MS, EA, etc., catches you downloading their software from a honeypot seeder. It seems to be that the only true protection is the use of darknets and sharing with friends only.
The only problem there is it isolates the users from the community so much that it's hard to get the wares because there is no set distribution pipe, only the hopes that somebody in your darknet/friends list downloaded what you want. Otherwise you must begin the search for a network that has what you're looking for, and hope you can trust them to not be law enforcement.
Re:.... alright... Why terminal? Raw socket is the by Mister+Whirly · 2009-04-09 03:10 · Score: 5, Funny

I can get WiFi on the fillings in my teeth.
Oh, hang on a sec, downloading an attachment!

--
"But this one goes to 11!"
Re:.... alright... Why terminal? Raw socket is the by pbhj · 2009-04-09 03:11 · Score: 3, Funny

What do you need the battery for? Stick the pin in your brain at one end and use nerve impulses to generate the charge to send the signals with ...
Re:only works with Vuze by memorycardfull · 2009-04-09 03:47 · Score: 3, Informative

Agreed. The word is adware.
Re:only works with Vuze by YouWantFriesWithThat · 2009-04-09 04:38 · Score: 3, Informative

what in the devil are you talking about? is that a new version? are you running it in simple mode?

seriously, i used Vuze last night. there were no ads, no commercials, nothing. i always run in advanced mode. there is a menu bar and 2 windows: uploads, and downloads. i don't use it to play media or manage the files. dump files to the desktop and i move them where i want.

shit, if there are commercials in the new version i am not going to update.
Re:Here's an idea... by memorycardfull · 2009-04-09 04:52 · Score: 2, Insightful

I taped music off the radio and LP's when I was a kid. It seems to me that people really are saying that they don't like the price and they aren't going to buy it. I think that radio is an outdated legacy medium and a waste of bandwidth that should die and the frequencies should be used for wireless digital networks. I also think that current concepts of patent and copyright are just as outdated and backward. Perhaps this is the wrong forum to express this view, but if you are basing your business model entirely on trying to make a commodity out of something that can be reproduced at no cost by anyone using ubiquitous technology you might want to reconsider your business strategy. That isn't a justification for stealing, that is pragmatic realism. No matter how loud you yell in ALLCAPS, the kids are just not going to get off of your lawn. It's not going to be practical to round them all up and send them to jail for stealing either, because there are just too many of them and the jails are already stuffed full of harmless pot dealers. I suppose you could try to fine the hell out of them to recoup perceived loss but you can't get blood from a rock, especially these days. It seems to me that massive civil disobedience can be literally construed as criminal conduct but historically it is usually an indication from the citizenry that the law needs to change somehow because it does not reflect modern moires and sensibilities.
Re:Where no client has gone before... by sbeckstead · 2009-04-09 04:55 · Score: 2, Insightful

Actually you are quite wrong, we, the intelligent ones, have killed common sense ourselves by not having enough children WITH common sense to make a difference. Further we have disdained the voting process and let the morons run the school boards, the ogres run the police and the uninformed make the rest of our decisions for us. We need a smart people forced breeding program and a full eugenics program to make up for the idiocracy we have created.

--
Why bother
What's wrong with PeerGuardian? by macraig · 2009-04-09 05:05 · Score: 3, Informative

If one doesn't like eavesdropping, what's wrong with simply dropping connection attempts from the IPs of known or suspected eavesdroppers? If I'm using PeerGuardian, why do I need SwarmScreen?
Re:Here's a novel idea: Don't FUCKING STEAL !! by mpeskett · 2009-04-09 13:49 · Score: 3, Insightful

I'll be damned if I'm writing up a whole new response every time someone equates copyright infringement with stealing, so instead you can read what is mostly a comment I posted to a discussion of The Pirate Bay's trial (edited a little to be more universal)
Copyright infringement is a distinct thing from theft. They are two separately defined legal terms, plain and simple, not the same thing. They are both illegal. They are not the same crime.
The ethics of whether copyright law should be changed or abolished, whether infringement should be made legal (and hence would no longer be "infringing") and whether illegal copyright infringement can be right or moral are all entirely separate issues. The only thing I'm saying here is that "Theft" and "Copyright Infringement" are two clear and distinct terms with different meanings under the law. There is no reason whatsoever to conflate them, and pretend they mean exactly the same thing.
Well, not quite true - there is one reason, and as far as I can see it's the only reason, and that's because "Pirates are stealing our music" has more emotional impact then "Our copyright is being infringed". The whole "you wouldn't steal a..." campaign, for example, relies on erasing the difference in people's minds between theft and infringement, to make them feel bad about something they may otherwise have been doing without thinking about it. This doesn't change the legal side of things, only peoples' perceptions, but perceptions can be powerful. The industry are using that to their advantage and I for one don't like their way of doing it, so I'll insist on correct use of the terminology.
You could even draw parallels with Orwell (although doing so feels cliched) - the 'Newspeak' idea revolved around removing words with similar meanings so that varied and nuanced ideas would be collapsed into a single concept. All forms of political dissent, freedom fighting and the like would be lumped together with terrorism and criminality, under the label "thoughtcrime", making the not-so-bad sound as bad as the very worst. Putting theft and copyright infringement together under "stealing" is the same - suddenly infringement sounds just as bad as theft because you're calling both of them stealing.
Legally speaking, they're separate, and whether infringement is as morally bad as theft or not is a side issue to be determined separately (and personally) but if we let them convince us that they're just the same thing then the debate will be over without it ever having taken place.