Slashdot Mirror
Researchers ID Skype, BitTorrent Users
itwbennett writes "Researchers have figured out a way to link online Skype users to their activity on peer-to-peer networks like BitTorrent. The team was able to sift out the nodes through which Skype calls are routed and determine the user's real IP address by sniffing the packets. To correlate the identified Skype users with files shared on BitTorrent, the researchers built tools to collect BitTorrent file identifiers, a BitTorrent crawler to collect IP addresses on the network and a verifier to match an online Skype user with an online BitTorrent user (PDF). 'As soon as the BitTorrent crawler detects a matching IP address, it signals the verifier, which immediately calls the corresponding Skype user and, at the same time, initiates a handshake with the BitTorrent client,' they wrote."
Ring ring... incoming Skype call, it's the RIAA.
If they were criminals, wouldn't they keep their methods secret in order to blackmail or otherwise monetize it in some way? Research like this is the only way that security gets better.
If the researchers can do it, the bad guys may already be doing it.
All it is is data mining packets from skype nodes and comparing them to open torrent peer lists. This is not really surprising or scary to me. There are other 'researchers' who can link alot more data to you then this.
Because NAT and UPNP wouldn't make a random Skype user and a different BitTorrent user appear to be coming from the same IP address..
If you use bittorrent, then you should expect no privacy at all as the protocol openly allows others to get the list of users.
What's illegal about it? What federal or state statute have they violated?
Wiretapping. Conspiracy to collect information assumed to be private, via technological means.
Robocalling (the Skype phone, duh). Wardialing (same thing).
They've violated a boatload of communications regulations... and the fact that they did it as part of a multi-researcher study means it was premeditated, and they conspired to do it. Conspiracy to commit a misdemeanor is a felony.
The problem here would be that anyone who tries to have them arrested and/or takes them to civil court will be presumed guilty of something, because why else would we care if someone can tie our online activities to our real-world identities?
This work is licensed under a Creative Commons Attribution 3.0 Unported License.
It should be considering it is the path to the machine that holds all of your personal information.
When you get a key duplicated, a key maker can easily sell a copy of that key, and link it to your name. What if your name is Bill Gates? "This key here is for Bill Gate's personal safe, and this one is for his house, perhaps you would like a copy?"
Just because its available, doesnt mean its not private, or doesnt come with some expectation of privacy. I dont expect the key maker to sell a copy of my key to someone who intends to harm me.
I think this is the real issue here. It all has to be coming from problems with skype's security and nothing else. Skype should take this as a huge warning and encrypt their packet information NOW. I don't care what this is used for, people sniffing packets and being able to tell who someone is on a program like skype that is often left on 24/7 is a huge security risk for the person involved! This should NOT be happening and it's all skype's fault.
You guys are getting to hung up on the bit torrent aspect of this and should realize that it's really a major skype fuck up.
d
all language nazi's will burne in heil!