Slashdot Mirror

← Back to Stories (view on slashdot.org)

Site Offers History of Torrent Downloads By IP

Posted by Soulskill on from the exposing-the-obvious dept.

tsu doh nimh writes "You may have never heard of youhavedownloaded.com, but if you recently grabbed movies, music or software from online file-trading networks, chances are decent that the site has heard of you. In fact, you may find that the titles you downloaded are now listed and publicly searchable at the site, indexed by your Internet address. So far, youhavedownloaded.com has recorded more than 50 million unique Internet addresses belonging to file-sharing users. The site is searchable by file name and by Internet address. When you visit, it automatically checks and lets you know if your Internet address is in the database."

72 of 340 comments (clear)

  1. Honeypot? by Anonymous Coward · · Score: 4, Interesting

    Beware all you clickers!

    1. Re:Honeypot? by marcosdumay · · Score: 4, Insightful

      I was thinking on some sort of phishing scam...
      Honeypot for catching what? Visiting such a site is not evidence of piracy.

      --
      Rethinking email
    2. Re:Honeypot? by lorenlal · · Score: 4, Funny

      That site doesn't care...

    3. Re:Honeypot? by Vanderhoth · · Score: 2

      Whether they are recording file-share IPs from torrent downloads or not would be beside the point. The people who are visiting this site would be people who do file-share and my be concerned they'll be sued.

      Visiting the site will confirm they're on the list and they'll be "scared straight".

    4. Re:Honeypot? by shaitand · · Score: 4, Insightful

      They don't need evidence they just have send a letter to your ISP saying you are a pirate.

    5. Re:Honeypot? by MichaelKristopeit400 · · Score: 4, Insightful
      i don't "do file-share"... i visited the site... my current dynamically assigned IP wasn't on the list.

      you're an idiot.

    6. Re:Honeypot? by sinij · · Score: 4, Insightful

      I visited site out of curiosity. I don't pirate, yet they say I downloaded a bunch of shows (CSI Miami? Please, who watches that? Well, not me.) I am starting to think that site is not at all legit.

    7. Re:Honeypot? by Opportunist · · Score: 2

      Talk for your country. I live in one where "innocent until proven guilty" still means something.

      But we're working on that...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    8. Re:Honeypot? by sinij · · Score: 4, Insightful

      Not every Win PC (like my gaming rig for example) is automatically compromised and infected with bots. While it is possible, I see it as rather unlikely, since I have enough expertise to prevent anything that is not specifically target at me.

      Much more reasonable assumption is that a) I didn't notice recent IP shuffle b) Database is randomly generated c) Database is not randomly generated, but might as well be due to methodology flaws.

    9. Re:Honeypot? by PNutts · · Score: 3, Insightful

      If you are dynamic IP, that is why. In addition,

      There. Fixed that for ya.

    10. Re:Honeypot? by Anonymous Coward · · Score: 2, Funny

      Visit the site from a Tor address and see what pops up. ;)

    11. Re:Honeypot? by hedwards · · Score: 2

      It depends on your set up. I typically have the same IP address for long periods of time because the ISP doesn't reassign them unless you've gone offline for a period of time. If I turned it off and back on I might get a new IP, but as long as the connection is there consistently they don't bother handing out a new IP.

      When I checked the site it didn't have any information at all.

    12. Re:Honeypot? by smi.james.th · · Score: 2

      I've personally never bothered to check how long I have the same IP, but the router / modem which my ISP gave me as part of the bundle is quite crappy, so I need to reset it at least every couple of days. I checked on the list and nothing there matched what I'd actually been downloading.

      FWIW, for all those people saying "I don't download," torrents don't ONLY have "illegal" stuff. There's a lot of Creative Commons music available on torrent, (Jamendo for example) and most Linux distros distribute their isos with torrents as well as regular downloads. As I mentioned though, this website had a long list of stuff downloaded by this IP, but none of it was mine.

      --
      One thing I know, and that is that I am ignorant...
    13. Re:Honeypot? by AliasMarlowe · · Score: 2

      I also visited the site, out of a particular curiosity. It said my permanent IP address was not in their database.

      I'm not sure how to interpret this - I have used torrents, but only for Linux ISOs (a few flavors of Ubuntu and PCLinuxOS). However, the site does not appear to restrict itself to torrents of questionable legality, but apparently encompasses all file sharing, including the legal sharing of GPL and CC works. If you enter "Ubuntu" in their search box, it will return a number of ISO links along with links to videos, books, etc.

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    14. Re:Honeypot? by drb226 · · Score: 2

      Fortunately, this is slashdot. Nobody [of importance] actually clicks through.

    15. Re:Honeypot? by hedwards · · Score: 2

      I had a crappy ISP DSL modem which I ultimately replaced with a TP-Link 8816, quite nice and fairly inexpensive. I've had far fewer connection problems since it automatically dials in when it loses its connection without my having to intervene.

    16. Re:Honeypot? by Cederic · · Score: 2

      Nikita's a good film - definitely worth hunting down if you haven't seen it.

      Of course, its spiritual sequel, "Leon" is one of the greatest films ever made, but you needed Nikita first.

    17. Re:Honeypot? by Totenglocke · · Score: 5, Informative

      The best part is, the site wants you to log in using facebook to "prove you're human" - that way they can pin an IP address to an actual name and email address. If you don't use the facebook link, they provide something like a 26 letter long captcha (which as far as I can tell, will never let you in, thus forcing you to log in via facebook if you want to view the site). This site sounds like an extreme scam.

      --
      "The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants." ~Thomas Jefferson
    18. Re:Honeypot? by SteveTheNewbie · · Score: 2

      You do realise that this site (youhavedownloaded.com) doesn't record your private IP address if you are hidden behind a NAT device right ? and that DHCP leases will expire (and renew) and that your modem doesn't have to 'reboot' or 'crash' in order to get a new public IP address, and that, depending on the access technology and the time it happens, you may not even notice a new public IP address change ?

      Also, if you fire back with 'but I have a static public IP address' then none of your arguments make sense anyway ?

      Oh, and you may want to do some research into how worms work, I'll give you a starter.

      http://en.wikipedia.org/wiki/Computer_worm

    19. Re:Honeypot? by makomk · · Score: 2

      According to a comment someone left on the site, they apparently had records for the IP address 192.168.1.1 which have since been removed. So their data collection process is probably busted. (They probably got caught in the usual trap of assuming that trackers provide an accurate list of peers, or worse still assuming that DHT does.)

    20. Re:Honeypot? by iiiears · · Score: 3, Interesting

      http://panopticlick.eff.org/ - Why do browsers reveal so much about themselves?

      --
      15TW = 15,000 Nuclear Reactors. (Approx. one accident a month.)
    21. Re:Honeypot? by Adriax · · Score: 3, Funny

      That's because linux is free and therefor deprives an honest company of it's god given right to profit.
      Why would you freely admit to such unethical behavior, how can you be so proud of stealing caviar from the mouths of CEOs? You monster!

      --
      I don't suffer from insanity, I enjoy every minute of it!
    22. Re:Honeypot? by AmiMoJo · · Score: 5, Informative

      It looks like they scrape popular torrent sites like TPB and then list every address in the swarm. Problem one is that legal torrents are on there too, and problem two is that trackers list fake random IP addresses to make the data unreliable in court.

      My home IP address is listed with torrents I never touched, and so is my mobile one. That is despite that fact that Vodafone blocks BitTorrent and I have never used it on my 1GB/month plan.

      The whole site is a troll, clearly they either don't understand the data they are collecting or they are deliberately misrepresenting it.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    23. Re:Honeypot? by botFeeder · · Score: 2

      I have a torrent listed on my iphone, for pc software (I use mac and linux), at a file size that would kil my phone's bandwidth. Your comments are right on the money.

      --
      J/\/
  2. Geez, we're down to scare tactics now, huh by elrous0 · · Score: 2, Funny

    The MPAA must really be getting desperate. I guess owning Congress just isn't what it used to be.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
    1. Re:Geez, we're down to scare tactics now, huh by InsightIn140Bytes · · Score: 5, Insightful

      MPAA? It's just some russian guys. Besides, all of that data is already visible and copyright infringement companies are probably gathering much more data than some guys who made that site.

      It's not scare tactics to let you know what data there is out about you. Unless you want to be ignorant and feel happier if you don't know it.

    2. Re:Geez, we're down to scare tactics now, huh by ZackZero · · Score: 5, Informative

      Except there's also a disclaiming "Don't take it seriously" link at the page; essentially, they've only made a proof-of-concept.

    3. Re:Geez, we're down to scare tactics now, huh by dougmc · · Score: 3, Interesting

      It's a good tactic though. Public shaming has always been effective.

      It's likely to be more effective at stopping people than their mass lawsuits have been.

    4. Re:Geez, we're down to scare tactics now, huh by ackthpt · · Score: 2

      The MPAA must really be getting desperate. I guess owning Congress just isn't what it used to be.

      Probably going to throw the clamps on everyone who ever offered Free Wi-Fi and that wi-fi was used to torrent.

      "Mr. Starbucks, you owe us 1 million dollars!" *whisper* *whisper* "make that 100 billion dollars!!"

      --

      A feeling of having made the same mistake before: Deja Foobar
    5. Re:Geez, we're down to scare tactics now, huh by shaitand · · Score: 3, Insightful

      They should give links to the torrents in question when listing the files downloaded. Then the site would be useful.

    6. Re:Geez, we're down to scare tactics now, huh by Lashat · · Score: 3, Interesting

      Right. Because file sharing policy is the sole dictate of where I should live.

      --
      For every benefit you receive a tax is levied. - Ralph Waldo Emerson
    7. Re:Geez, we're down to scare tactics now, huh by Anonymous Coward · · Score: 5, Funny

      Here I come sunny Somalia!

    8. Re:Geez, we're down to scare tactics now, huh by NatasRevol · · Score: 3, Informative

      Actually, they do. Click on Some files others have loaded, click on one of those files - takes you to torrent page.

      Or type in name of software, click on link, click on software - takes you to torrent page.

      --
      There are two types of people in the world: Those who crave closure
    9. Re:Geez, we're down to scare tactics now, huh by turbidostato · · Score: 2

      "Right. Because file sharing policy is the sole dictate of where I should live."

      You can add a longer life expectancy too, for instance.

      But we were talking about sharing content on the Internet, weren't we? And then again, what part of *saner* did you find so cumbersome?

    10. Re:Geez, we're down to scare tactics now, huh by Reelin · · Score: 2

      Wait, does that mean....

      Finally! A bittorrent search engine that's legal in the US! Way to go **AA!

  3. indexed by your Internet address by smoothnorman · · Score: 5, Funny

    But my Internet address is not here. It's in Joe's house, that's right next to mine. And in the Kennedy house, and Mrs. Makelin's house, and a hundred others.

    1. Re:indexed by your Internet address by iluvcapra · · Score: 4, Informative

      Obscure, but I got it.

      --
      Don't blame me, I voted for Baltar.
    2. Re:indexed by your Internet address by _0xd0ad · · Score: 4, Funny

      With a username like "iluvcapra", I'd certainly hope you got it.

    3. Re:indexed by your Internet address by Almahtar · · Score: 3, Insightful

      You still watch TV?

  4. Re:Inaccurate by InsightIn140Bytes · · Score: 5, Insightful

    They obviously can't get information about who uses what IP at what times. But don't worry, when court orders come and you're going to be sued, your ISP has that info and will be able to find you.

  5. Facebook data harvesting tool by carlhirsch · · Score: 5, Interesting

    Well, at least we know how they're monetizing this admittedly slick database; they won't allow you to submit a removal request until you provide your facebook credentials. To even reach the text below, you need to unblock Facebook in NoScript:
    ______
    Removal Request

    What’s the matter? You’re brave enough to steal music, movies and programs but only because you thought you weren’t going to get caught? Well whoever told you that was completely wrong and now your information has gone public. Are you afraid of media companies finding out that you’re a pirate or are you afraid of your friends finding out exactly what you’ve been downloading? Whatever your reason may be, the internet is no place for secrets. Even if you use every precaution in the book, there’s always a chance that someone like us will figure out what you’ve been up to. Because, the reality is, if man made it...man will get around it...and man will figure out how to exploit it. It’s just human nature.

    Anyway, like we said before, luck is on your side today because we’re actually nicer than we let on. I never said we wouldn’t bust your chops about it, but at least we’re offering you a chance to redeem yourself — The details can be found after logging in to your Facebook account.

    --
    . We've got computers, we're tapping phone lines, you know that ain't allowed - Talking Heads, "Life During Wartime"
    1. Re:Facebook data harvesting tool by TheSpoom · · Score: 5, Interesting

      Said Facebook data will be fed into their publicly available Facebook database, to be released in a week.

      --
      It's better to vote for what you want and not get it than to vote for what you don't want and get it.
      - E. Debs
    2. Re:Facebook data harvesting tool by SirGarlon · · Score: 3, Informative

      The details can be found after logging in to your Facebook account.

      I know this is Slashdot and most people get it, but for those who don't -- this looks like a form of phishing to get your Facebook password. I'm not a security expert but I imagine they are using a man-in-the-middle attack to log your password while you log in.

      This is probably exactly what parent intended to imply.

      --
      [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
    3. Re:Facebook data harvesting tool by Bogtha · · Score: 3, Interesting

      Doesn't look that way to me - it's the standard Facebook Connect popup window that connects to Facebook.com via HTTPS.

      What part of it looks like phishing for passwords to you?

      --
      Bogtha Bogtha Bogtha
  6. Re:Not so much by jedidiah · · Score: 4, Interesting

    Ditto. This thing pegged me as downloading something from "Lil Wayne" while not correctly identifying the things that I have actually torrented. Although I usually stay away from stuff that RIAA or MPAA have any jurisdiction over.

    So they aren't going to publically shame me over downloading Centos? I'm so dissapointed.

    --
    A Pirate and a Puritan look the same on a balance sheet.
  7. Zero results by IANAAC · · Score: 4, Informative
    I tried it. Came up with zero results or me. I download a lot too.

    I don't do anything out of the ordinary to otherwise secure or anonymize my downloading using either Transmission or Vuze, for what it's worth.

    1. Re:Zero results by Hadlock · · Score: 5, Funny

      Yep (AC here - sorry!) Both myself and my neighbors (we share a connection) are pretty heavy BT users (we use Azureus or "Vuze Classic") and the IP didn't show up anything. We've had the same IP for at least 18 months. Either they're inflating their numbers drastically (who says they aren't lying horribly? This is the MPAA/RIAA after all) or only using encrypted trackers seems to have some effect.

      --
      moox. for a new generation.
    2. Re:Zero results by Hadlock · · Score: 5, Funny

      Hah. Uh, always hit preview when posting as an AC!

      --
      moox. for a new generation.
    3. Re:Zero results by _0xd0ad · · Score: 2

      By disabling the D2 system.

      Or right-click "Reply to This" and open it in a new tab, to bypass the Javascript and get the old posting form.

    4. Re:Zero results by Hadlock · · Score: 4, Insightful

      Uh, that's how it's always been, ever since 2001 or so. I've tweaked the hell out of my account settings over the years, and when they did that awful 2.0 update earlier this year I think (when the option later became available) I set the discussion style to "Classic Discussion System (D1)", which may allow that option. But I guess that's the pitfall of posting without a net!
       
      P.S. the stock D1 settings are terrible, adjust your score modifiers accordingly:
       
      Insightful +1
      Offtopic +1
      Flamebait +1
      Troll +1
      Informative +6
      Redundant -4
       
      Friend +6
      Fan+6
      Foe +6
      anonymous Modifier +1
      New User Modifier +1
      Small Comment Modifier1, -1
      Long Comment Modifier 1, +1
       
      And then browse at a threshold at +3, Threaded, Oldest First, Index Spill 600 and Reparent Highly Rated Comments as "True". Also helps if you have a healthy friends/foes list. Anybody willing to stick their neck out as an expert in a particular field and making a particularly informative post usually gets an add.

      --
      moox. for a new generation.
  8. Illegal by Anonymous Coward · · Score: 5, Interesting

    And if they track any IP address from Switzerland, they are breaking the Swiss data protection laws and can be sued for damages for collecting the IP and breach of privacy.

    See http://arstechnica.com/tech-policy/news/2010/09/switzerland-gathering-ip-addresses-from-bittorrent-sites-illegal.ars

    What happened to another IP slurper...
    "But Switzerland, which is not an EU member, has decided that it can't sanction Logistep's behavior. The country's Federal Data Protection and Information Commissioner, Hanspeter Thür, took Logistep to court and this week won a major victory. The Federal Supreme Court ruled that IP addresses are in fact personal information and that companies like Logistep can't go about slurping them up for mere civil cases like file-swapping lawsuits. Logistep must cease all current copyright infringement data collection.

    In a press release issued yesterday, Thür praised the court's decision. He sees Logistep as trying to "assume tasks clearly in the State's domain." Only the state can violate personal privacy, and only when pursuing criminal cases."

  9. Don't take it seriously by Frederic54 · · Score: 5, Interesting

    From the site:

    The privacy policy, the contact us page — it’s all a joke. We came up with the idea of building a crawler like this and keeping the maintenance price under $300 a month. There was only one way to prove our theory worked — to implement it in practice. So we did. Now, we find ourselves with a big crawler. We knew what it did but we didn’t know how to use it. So we decided to make a joke out of it. That’s the beauty of jokes — you can make them out of anything.

    However, if you have a better idea — don’t hesitate to contact us.

    --
    "Science will win because it works." - Stephen Hawking
  10. My Car by TheNinjaroach · · Score: 4, Funny

    Ha! They didn't catch me in the act of downloading my car.

    --
    I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
  11. cool by Anonymous Coward · · Score: 2

    now I can see what all the other people who share the DHCP pool at my ISP are downloading

  12. Re:Already defeated... by forkfail · · Score: 5, Funny

    Already defeated By-Tor

    Yes, the Snow Dog did.

    --
    Check your premises.
  13. Re:Not so much by Mordok-DestroyerOfWo · · Score: 5, Funny

    I swear, I was downloading Ubuntu for a friend. I'm a Fedora man through and through!

    --
    "Never let your sense of morals prevent you from doing what is right" - Salvor Hardin
  14. Re:Not so much by PerlJedi · · Score: 4, Interesting

    I'm with you on that. I was disappointed when I went there and they didn't list all the linux distro's I'm constantly seeding.
    I do find it funny though, they do list Pioneer One. That's right, shame on me for sharing a TV show that was made to be shared.
    lol.

  15. So that's how they'll figure out who to sue by SuperBanana · · Score: 5, Insightful

    Well, getting people's personal data voluntarily (well, okay, via semi-blackmail) is one way to reduce the workload for your legal staff.

    Seriously, who would be stupid enough to login to facebook and FURTHER link themselves? This is just asking to be sued.

    --
    Please help metamoderate.
    1. Re:So that's how they'll figure out who to sue by zill · · Score: 3, Funny

      Well, getting people's personal data voluntarily (well, okay, via semi-blackmail) is one way to reduce the workload for your legal staff.

      I just increased their workload by a dozen names:
      Oliver Clothesoff
      Al Coholic
      Jacques Strap
      Seymour Butz
      Homer Sexual
      Mike Rotch
      Hugh Jass
      Amanda Huggenkiss
      Anita Bath
      Ivana Tinkle
      Maya Buttreek
      Yuri Nater

  16. Well... by Ben_R_R · · Score: 4, Funny

    Slashdoting is one way to solve the problem.

    1. Re:Well... by Ichijo · · Score: 2

      "Nobody goes there anymore. It's always slashdotted." --Yogi Berra

      --
      Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
  17. imagination by poetmatt · · Score: 2

    how many of these downloads can they even validate occurred?
    how many ip addresses can they even confirm are valid?
    oh right, facts. forgot about those things.

    Instead, it's some RIAA themed site that says "Hi, Pirate!" at the top of it.

  18. Do take it seriously by AceJohnny · · Score: 4, Informative

    From the "Contact Us" page (which, among other things, lists a postal address in an Antarctic research base):

    This site is a joke. But its data is not.

    --
    Misleading titles? Inflammatory blurbs? Keep in mind that Slashdot is a tabloid.
  19. Re:missing link to actual users, dynamic IPs, etc by BagOBones · · Score: 2

    True but they state in there chat area that they store a full time stamp, they just display a vague one. Probably to keep other companies from scraping their database.

    --
    EA David Gardner -"... but the consumers have proven that actually what they want is fun."
  20. Site Only Lists the Foolish .. by DiabolicallyRandom · · Score: 5, Interesting

    ... And that's assuming their dynamic IP was even theirs at the noted time. Most people who download torrents on a regular basis disable DHT - and since their method of finding information is via DHT, then disabling BHT lowers any chance of showing in their lists to zero.

  21. I'll stand up and say it: by Thud457 · · Score: 3, Insightful

    "It's a Wonderful Life" is a horrible movie.
    The only reason it's remembered is because it fell into the public domain.

    see you in Hell, modpoints!

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  22. Because it's totally accurate... by MacGyver2210 · · Score: 5, Interesting

    Hi. We have no records on you.

    This means you are using a private torrent tracker or, of course, you may not be a torrent user at all!

    I torrent a ton. On that IP. I don't use private trackers. I am even seeding now.

    Their detection method is clearly terrible.

    --
    If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
  23. Wow by CapnStank · · Score: 4, Informative

    I sort of tire of the ol' Slashdot jumping to conclusions but here's how it works:

    1. They visit public tracker websites.
    2. They query the tracker for a list of peers given a torrent hash (not difficult)
    3. Dump all data into the database that can be searched through their website

    That means your data is not on there if you're a torrent user because you're using a tracker they aren't indexing or you have a dynamic ip that they haven't categorized yet. In the same way this is why you can get false positives. All this B.S. about honey pots or fear mongering is dumb considering how straight forward this website is.

  24. Sometimes.... by Foxhoundz · · Score: 2

    I'm thankful that I have a dynamic IP. It might the only defense I have if I get sued.

  25. What?! I'm outraged! by supercrisp · · Score: 2

    Someone at my IP address has been downloading porn! This indexing of that must stop!

  26. It's a facebook account/details farming scam by tommyhj · · Score: 5, Insightful

    Gathering torrent IP's from popular sites isn't difficult.

    But they clearly want people very badly to sign in with their facebook accounts. First they're scaring people to sign in by promising removal from their database. If you visit the site again they provide you with a choice - an impossible (!) captcha or facebook. It's social hacking.

    First off - don't let them scare you. Copyright holders has all the info anyway. Second, don't ever give away your facebook credentials to a third party that you don't trust. Third, don't trust these people.

  27. They just want your Facebook by Kernull · · Score: 3, Informative

    At the time of writing this comment, they have implimented a facebook-login in order to see your list. I attempted to use their captcha device instead, because I hate facebook (which was somewhere around 20 characters long, case sensitive). I tried to enter the captcha about 15 times using different images and each time it told me I was wrong. I don't believe it is possible to login by their captcha and they are mandating the facebook.com login. I suspect this website might be a trap / facebook scraper. Earlier in the day I was able to see 'my results' which were incorrect.