Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anyone Can Play Big Brother With BitTorrent

Posted by timothy on from the shrinking-wilderness dept.

An anonymous reader writes "I was at the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats yesterday, and there were people from the French Institute for Computer Science who have continuously spied on most BitTorrent users on the Internet for 100 days, from a single machine. They've also identified 70% of all content providers; yes, those guys that insert the new contents into BitTorrent. As a BitTorrent user, I was shocked that anyone with a box connected to the Internet can spy on what everyone is downloading on BitTorrent."

14 of 436 comments (clear)

  1. An Opportunity by MarkvW · · Score: 5, Funny

    Looks like a good way to earn a paycheck from the RIAA.

    1. Re:An Opportunity by poetmatt · · Score: 5, Insightful

      looks like something that won't work for those who understand that plenty of these IP addresses could be spoofed or not even uploading, or knows what I2P does, or uses VPN. This is just a list of IPs that they are assuming are 100% valid because they were listed in the tracker when the content went up. They're saying that if someone is listed on more than one tracker, it confirms who they are.

      That= a bad study.

      All they're saying is "We can tie an IP to a torrent", but that doesn't mean you can get anything more than that. Judges already don't accept an IP simply being tied to a torrent.

    2. Re:An Opportunity by feepness · · Score: 5, Funny

      Judges already don't accept an IP simply being tied to a torrent.

      What do they accept? My, err, friend wants to know!

    3. Re:An Opportunity by Bigjeff5 · · Score: 5, Informative

      If you can get an IP, you can narrow down the area quite a lot without the ISP's cooperation, possibly enough to force the ISP's cooperation. With ISP cooperation you can narrow an IP down to a physical address. At that point, you're screwed.

      What people who don't understand how networking works is, if there is a connection then there is an IP address trail to follow. You cannot spoof an IP address and maintain a connection. You can spoof a MAC address just fine, because that is only used on the last leg of the connection, but the IP address is used the rest of the way and a link must be maintained if data is ever to get back to the source. Pretty much all IP spoofing is good for are cases where you don't want to receive the response, like a DOS attack (there are elaborate network hacks using IP spoofing, but they require direct access to the destination network). That's obviously no good for a BitTorrent connection.

      What you can do is sort of "launder" the IP address to make it difficult to trace - that is, to route it through multiple NAT services. Each NAT maintains an IP trail to the previous address though, or the connection would fail, so this is only obscuring the source, not erasing the trail. Someone diligent enough (and with sufficient authority to force cooperation from various ISP's) could potentially track any sufficiently current IP address from destination back to source. Also, setting up such a route would go a long way to establishing intent to commit a crime, which will blow most of your defense out of the water in such a case.

      There might be some honeybuckets in the tracker's list, which would be clever, but all it is going to do is waste a little bit of time for whoever is tracking these IP's, it's certainly no protection for anybody but the tracker (who would be monitoring the honeybucket, one would assume).

      --
      Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
    4. Re:An Opportunity by Shakrai · · Score: 5, Insightful

      With ISP cooperation you can narrow an IP down to a physical address. At that point, you're screwed.

      Speak for yourself. I do all my bittorrenting from open wireless networks ;)

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
  2. Redacted by StikyPad · · Score: 5, Funny

    [This post removed under the first rule of USENET.]

    --
    https://www.eff.org/https-everywhere
  3. Re:Copyright laws. by DarkKnightRadick · · Score: 5, Insightful

    I care about privacy and I only use bit torrent for legitimate purposes.

    --
    "There is a way that seems right to a man, but its end is the way of death." Proverbs 16:25 (NKJV)
  4. Re:Copyright laws. by loufoque · · Score: 5, Informative

    First off, Copyright infringement is not theft.

    Secondly, transmitting copyrighted material over a computer network is not necessarily copyright infringement, even if copyright holders would like it to be.

  5. Re:Shocked. Shocked! by peragrin · · Score: 5, Interesting

    you forgot the real part.

    You then have to download the entire thing to find out if those blocks are part of IronMan2.avi are actually part of ironman2 movie or some dumb students project on feeding excessive iron to a man.

    what percentage of the RIAA music takedowns where not actually infringing music but someone's project with a similar name? I know of at least 3 separate incidents where they made a school take down a professors own notes because of a file name.

    --
    i thought once I was found, but it was only a dream.
  6. fear-mongerish by drDugan · · Score: 5, Informative

    Saying you "can spy on what everyone is downloading on BitTorrent" and TFA stating "major privacy threat" are over-the-top and fear-mongering exaggerations.

    A more accurate way to state this is: Using BitTorrent will make our IP address public regarding what content is downloaded and shared online from that IP address. When someone monitors the same content, then they can log your IP address. This is obvious from how the protocol works to anyone who looks into privacy questions seriously. Yes, there is less privacy with what you download with BitTorrent compared to a direct download, as other people also sharing the same content can see your IP address.

    But remember, with every download method online someone else knows you have downloaded it, with direct downloads and with all the different peer-to-peer distribution options. If you go to Adobe and download the latest Photoshop demo, they know, they log your IP, and usually even ask for even more information about you.

    The only a real privacy problem (a "major threat") is for people using BitTorrent for illegal redistribution of content; it is not a major problem for distribution of open licensed or public domain content, businesses or organizations using BitTorrent for distribution to lower costs, or to distribute free content for viral or marketing purposes.

    (Disclaimer: our company, ClearBits, does exactly this, offers distribution as a service to others, and we use BitTorrent extensively)

  7. Re:This is not an important security article. by 0100010001010011 · · Score: 5, Funny

    I download something from Napster
      And the same guy I downloaded it from starts downloading it from me when I'm done
      I message him and say "What are you doing? I just got that from you"
      "getting my song back fucker"

    - bash

  8. Re:Copyright laws. by nmb3000 · · Score: 5, Insightful

    I'm not going to get into the copyright violation vs theft argument (again), but this is just plain WRONG. Drivel like this reeks of **AA and artist entitlement whining.

    YOU are denying the person who created the content the sale.

    No, because I had no plans on buying whatever it was I'm downloading. If I can get X for free, I'll grab it. If I can't, I'll do without. No sale lost.

    YOU have denied them the money they would have made.

    They wouldn't have made any money, ergo I denied them nothing.

    YOU have TAKEN from them something that was rightfully theirs. THE SALE.

    Again, there was no sale to be made. 0 - 0 = 0.

    If you want to argue on the basis of morals then I imagine most people would agree that violating a (sane) copyright is wrong. When you start talking about 120-year old copyrights or trying to prevent what most feel is fair use then people will start to disagree.

    Regardless of all that, the monetary value of a potential sale is exactly $0.00.

    --
    "What do you despise? By this are you truly known." --Princess Irulan, Manual of Muad'Dib
    /)
  9. Re:Copyright laws. by JesseMcDonald · · Score: 5, Insightful

    The enlightened argument is not that the act of copying is theft, but that illegal copying deprives the copyright owner of monetary gains which would otherwise have been earned.

    So does simply choosing to go without. Should that be illegal now as well?

    You can't "steal" the expectation of income. Only that which is owned is subject to theft, and theft only occurs when one is deprived of its use. If one cannot be deprived of the use of a thing—as is the case for everything subject to copyright, since mere duplication cannot deprive anyone of use of the original copy—then that thing cannot be stolen.

    --
    "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
  10. Re:Copyright laws. by thesandtiger · · Score: 5, Informative

    It's worse than that: they steal from us, the public.

    Back when copyrights were first codified into law, there was a deal:

    We, the people, gave protections to people who created works so that they could profit from those works, but in exchange for those protections, the creators of the works agreed to give us, the people, their work after a certain timeframe had passed.

    Works may now - if the copyright holder wishes - no longer come into the public domain because copyright holders are corporations who are solely interested in making a profit, and who use their political influence (money) to ensure that copyright NEVER expires.

    While it certainly won't give me any kind of legal defense, I simply do not care about copyright because the very basis for it has been completely violated by the holders of that copyright.

    If we go back to the original law - life of the initial copyright holder + a small extension past that, and only real-live human beings can be considered to be initial copyright holders - I will give up piracy. Until then, I really don't consider copyright law to be valid because the fundamental premise of it: you get yours, we get ours, has now become "they get theirs, everyone else gets fucked."

    Copyright no longer benefits anyone but the copyright holder, and that is NOT what it was intended to do.

    --
    Since I can't tell them apart, I treat all ACs as the same person.