If one could get after the fact coverage by just paying $75 when their house IS ON FIRE..... why would ANYONE. I mean ANYONE pay $75 before hand.
Simply don't pay. If you house doesn't catch fire... cool you saved $75. If it does then you just pay $75.
I mean it would be like not having health insurance, having a heart attack, getting $50K in bills. Then you call up insurance company and say. I will get insurance. I'll pay $400 premium for last month and you retroactively cover my $50K in expenses.
The insurance company would laugh you off the phone.
The guy is an idiot. He took a risk. Had it worked out over his life he would have saved a couple grand.
He didn't forget to pay. He chose not to pay. He received a bill and then a phone call and was advised his home would not be protected if he didn't pay.
No different then letting your life insurance policy lapse, then you die, and your spouse tries to collect $1 mil by paying this months premium.
Kinda like taking out a life insurance policy after you die? Or getting healthcare insurance after the triple bypass surgery? Or getting homeowners insurance after your house is on fire?
Obviously the $75 cost isn't per incident. It is per protected home and a small (1%) number of those homes catches fire each year.
No firedept could operate collecting only $75 per incident. The $75 from the 99 out of 100 homes which don't burn subsidizes the cost of operation for the 1 in 100 which does burn.
The problem is the end user's system can't ever be guaranteed secure.
Imagine a malware which infects voter's computers just prior to the election.
User logs into the voting site (or application), uses PIN & smartcard votes for candidate X. The malwae hijacks all that information and votes for candidate Z instead. It then hijacks the response from the server and shows a confirmation for candidate X.
As far as the server is concerned a valid registered and authenticated voter cast a vote for candidate Z. As far as the voter is concerned the valid voting server accepted and confirmed the vote for candidate X.
There is no electronic security if the endpoint is compromised. Given the easy and scope of malware infections the belief that all voter endpoints will be secure it naive at best.
A similar scenario would be online banking protected by SSL, a smartcard, and strong password. All that does nothing if the customer's computer is comrpomised.
You can't have secure networks without secure endpoints. We are nowhere close to secure endpoints.
Homicide rate in US is roughly 5 per 100K persons.
While that number may be higher than UK it is still extremely rare. In a pool of 100,000 Americans 99,995 won't be murdered.
The probability of being involved in a violent crime (in either UK or US) is a couple magnitudes higher.
That number isn't even evenly distributed. A significant portion of that is criminal on criminal violence. So if you are in a gang or involved in the drug trade then your potential homicide risk may be double or even triple the national average. The same applies to those living in an abusive home. However that law of average would indicate that those not involved in criminal behavior or living with an abusive spouse would enjoy a lower homicide rate.
As far as homicides related to a robbery (and your fear that criminals in the US will just kill you) that is just utterly unfounded.
Per the FBI there were 408,287 robberies last year and 849 homicides related to a robbery. So 99.8% of robbery victims were not killed.
The probability of being robbed and killed in the United States last year was roughly 1 in 360,000
In comparison the probability of an American dying in a car crash last year was about 1 in 7,000.
There is random data on your hard drive right now.
I believe it is kiddie porn. Provide the decryption key.
Prove that a) you don't have the decryption key b) the random data is just random data and not an encrypted file.
Meanwhile you will be going to jail until either you can prove the impossible or you decide to give us the key.
Starting to see the danger in the govt being able to point to any block of random bits and then putting you in jail until you provide a nonexistent key?
Slightly more esoteric. For any random block of data there is a key * algorithm that will output kiddie porn. So right now you DO have kidde porn on your computer. Now PROVE you don't know the encryption key required to reveal it.
Lots of innocent people in prison who went with that fail of a legal strategy.
The Police aren't the "good guys". The Police aren't there to "protect you".
The Police exist for one reason and one reason only. To capture (potential) criminals and gather evidence to sustain an case for the DA. Period.
So if the Police are asking you questions it is because you are the suspect.
There is a reason you are given Miranda warning verbally every single time (despite fact most people can state them from memory). There is a reason you are given the option to have legal counsel present. There is a reason you are given the option to decline to speak with the Police.
The Police aren't always seeking justice and always on the lookup to avoid tripping up the innocent. They have a crime it needs to be solved. If the evidence points to you (innocent or not) they will come after you. You helping them is just stupid.
To think that everything works as long as you are are innocent is naive at best.
Post your address so I can mail you a USB drive with random data on it.
Then a phone call to your local Police dept will be very interesting.
I see no legitimate reason why you would refuse to provide your local police the password to your USB drive full of kiddie porn. So just provide the password or go to jail.
Starting to see the problem?
There is no way to prove that you honestly DON'T know the password or even that the random data ISN'T an encrypted disk of kidde porn. When the govt simply has to point to random data and claim you are a criminal and all the burden is on you to prove that you aren't well you can be put in jail to any reason at anytime.
Likely there is some random data on your hard drive right now (in the "blank" space). Prove it isn't an encrypted kidde porn pic.
What if you use a randomizer (as recommended by DOD and other strong security policies) between reinstalls of the OS. Then you would have a disk of mostly random data.
So if using a randomizer now a crime? Good encryption (like true crypt) is not detectable from random data.
I wonder what Fowler would think if someone placed an encrypted USB drive in his residence and an anonymous tip was placed that he had kiddie porn on the encrypted drive.
So Mr. Fowler prove your innocence. Give us the password to the drive. If it has kidde porn well you are in trouble. If it doesn't you go free. Sorry we don't believe you that you don't know the password. 16 months for you.
The day he gets out rinse and repeat. For even more fun simply put random data on the drive and say it is protected by truecrypt. No way to prove it isn't.
There is nothing to prove the existence of truecrypt volume from random data. "Officer I ran a randomizing software before reinstalling windows". For added security you can create a "fake" volume. The password you provide the police reveals and decrypts the fake volume further creating deniability that other volumes exist.
While prosecution likely won't believe you the burden (at least in the United States and other free countries) would be on the prosecution to prove that the second partition actually exists and isn't random data.
Before you complain about the weak nationmaster source you can go to the original sources but honestly I don't care enough to look those up.
So your choices are: a) accept you are wrong b) refused to accept you are wrong and try to prove it only to discover you are wrong and the original sources confirm it c) live in denial.
Hell lets take an extreme guestimate that movie theaters got a staggering $100 CPM (roughly 500% of national TV rate) for the advantages of local & captive audience that works out to about $2 for a 10 minute block of commercials.
The persons I initially responded to indicated that w/o commercials the ticket price would be double. At best (500% of TV rate) they are making about $2 per person GROSS. Like you said the ad agency and other overhead will eat significantly into that gross.
Sadly both content providers and advertisers value our time very cheaply. TV rates work out to about $2.40 per hour. That is how little advertisers price your "attention".
1) The goal was for (at least on the windows platform) for IE to be the only browser. The browser as part of the OS and the OS linked to the browser. Sure maybe a few nerds will work around it but most users would accept IE as "the internets". That has completely failed. My mother in law installed firefox = microsoft fail.
2) 50% marketshare sounds great until you consider it was 90% less than a decade ago. Microsoft is passing through 50% on the way down and IE "brand" is damaged. IE 9 can't just be "good enough" to regain marketshare it needs to be superior.
3) There is now a lack of mono-culture. Website are being designed against standards. Standards Microsoft can't control. Less and less effort is being place on IE "optimized" websites. Sure websites still apply hacks to get the crippled IE 6 working but they are doing it less and less and it is more of an afterthought.
No Micrsoft KNOWS (not thinks) that Windows 7 marketshare will grow as a result of PC upgrade cycle. Old computers go offline, new computers sold with a Win7 license. Now you can install Linux but that doesn't change the fact that:
Virtually all PC systems sold come w/ an windows license. 99.9% of users will never install another OS. Hell they won't upgrade (or reinstall) windows either.
Many users treat OS as a fixed psycial part of a computer (as in "I bought a windows 7 laptop"). The idea that they "could" install another OS is foreign and not something they want to even consider. Windows 7 works and it comes for free* with the laptop why bother w/ anything else?
* You and I know W7 license isn't free but considering *MOST* (not all but most) PC have no option for "no OS" which is cheaper most consumers see Windows 7 as free and part of the new computer.
So the slow replacement of old hardware will cause Windows 7 (and thus IE9) marketshare to grow by 10%-15% a year. At this point Microsoft doesn't really need to do anything. If 5-6 years Windows XP will be as common as Windows 98 machines are now.
One would imagine that the "skip" cost would be comparable to the advertising value right?
Average TV commercial value is about $20 CPM. That is $20 per 1000 viewers. Per capita is works out to about $0.02. Every commercial you sit through the content provider picks up about $0.02. Now this varies somewhat based on view rate (people more likely to watch commercial on sports than on sitcoms) and the value of the timeslot (commercials earlier in show worth more as are first commercial in a break.
However as a rule of thumb content providers pickup about $0.02 per commercial. An hour long show has about 18 minutes or $0.72 of commercials. $1 for an hour long show ($0.50 for 30 minute spot) is more reasonable. One could figure that content providers could offer deals for prepaying an entire season. Say Google makes some money, content providers get a little bit more, consumer gets options. $2 is just highway robbery.
That can vary from $10 CPM to $50+ CPM (most valuable time slot in a major event like Superbowl).
CPM is cost per thousand viewers. Thus the per capita value of a 30 second commercial is about $0.02. We will be generous and double that (no way is a theater getting $40 CPM but for sake of argument lets pretend). That is mayb $0.10 per minute. Yup that is how unvaluable your time is.
Theater drops 10 minutes of mind numbing commercials on you and picks less than a buck. In reality it is much much much less more like $0.30.
Hell I would love for a theater to advertize. "No commercials, less than 10 minutes of movie previews, clean floors, and only 500% markup on food". I would gladly pay the $2 extra to cover that.
The split-off cable company now suddenly has radically different interests than the parent company. Prior to the split the cable division would likely haven't gotten a call to "comply" and drop any injunctions.
Also I do think NAT and IPv4 are significant roadblocks to a free evolution of the internet. Not just BT but future ideas, future protocols, future systems. Hopefully we will eventually be forced to migrate to IPv6.
Remember "firewalled != unable to download via BT". One can achieve high throughput even firewalled assuming there is sufficient bandwidth available among the "open" peers. When you add a dedicated "BT server" into the mix that changes things. The "BT server" could even be optimized to prefer firewalled peers (knowing those firewalled peers can provide pieces to open peers).
"Deep packet inspection (DPI) is the act of any packet network equipment which is not an endpoint of a communication using NON-HEADER CONTENT (typically the ACTUAL PAYLOAD) for some purpose.
While generally I don't rely on wiki for detailed analysis it works here since we are just looking at a high level definition.
The difference between SPI and DPI is that DPI looks at the actual payload. If one could ID and block BT based on the TCP header alone you wouldn't even need DPI. A simple stateful packet inspection would be sufficient to ID and block/throttle all BT data.
However the TCP header tells you very little other than. Where it is going, on what port, where this packet fits in the sequence and oh yeah TCP is being used. With the payload encrypted there isn't much else DPI can learn.
Now BT can be detected by heuristic network analysis but that is complex, sometimes error prone and in the future could be made difficult by some obfuscation on the part of BT protocol.
No there is no workaround for that. Firewalled clients can't upload to each other. A firewalled client can upload to "open" clients. An "open client" can provide data to other open clients or firewalled clients.
The swarm does require a critical mass of "open" clients (not necessarily seeds simply not firealled). I haven't seen any studies which show the effectiveness of the swarm mapped against % of firewalled clients but likely there is some inflection point.
Remember if BT replaced/supplemented conventional http/ftp filetransfer the EXISTING http/ftp server would be in essence be an always on super seed.
At worst a firewalled client would "only" be able to receive data from the server and any "open" clients.
Lastly the firewall issue isn't as significant as many make it out to be on home networks. uPNP is becoming more common and more standardized (not sure if that is a good thing from a security standpoint). Most bitorrent clients turn uPNP on by default. Many routers sold today have uPNP turned on by default.
I did an experiment. I turned uPNP back on (default option) on my DIR-655 router and installed utorrent (default options) on my wife's laptop. Via uPNP utorrent configured a port and NAT and was able to upload "open" with no interaction from the user.
The UDP header contains no information on the application.
Ports are how the OS routs data to applications.
The OS network stack receives a packet with a certain port say 28379. It then sends that packet to all applications listening on that port.
The TCP header is standardized: Source Port Destination Port Sequence Number Ack Number Data Offset Reserved Flags (CWR, ECE, URG, ACK, PSH, RST, SYN, FIN) Receive Windows Checksum Urgent Pointer
There is no bitorrent specific information in the TCP header. Now most applications also have an application header (which identifies the application, contains messages, has instructions, etc) however that is actually part of the TCP payload and with MSE it is encrypted.
Sometimes the term "header" is uses ambiguously. DPI looks at application header and application signatures to id the application and route accordingly. With MSE the app header (and all data other than TCP header is encrypted.
Looking at an encrypted TCP packet one can't determine which application it is used for.
Slashdot Mirror
If one could get after the fact coverage by just paying $75 when their house IS ON FIRE..... why would ANYONE. I mean ANYONE pay $75 before hand.
Simply don't pay. If you house doesn't catch fire... cool you saved $75. If it does then you just pay $75.
I mean it would be like not having health insurance, having a heart attack, getting $50K in bills. Then you call up insurance company and say. I will get insurance. I'll pay $400 premium for last month and you retroactively cover my $50K in expenses.
The insurance company would laugh you off the phone.
The guy is an idiot. He took a risk. Had it worked out over his life he would have saved a couple grand.
He didn't forget to pay. He chose not to pay. He received a bill and then a phone call and was advised his home would not be protected if he didn't pay.
No different then letting your life insurance policy lapse, then you die, and your spouse tries to collect $1 mil by paying this months premium.
Really?
Kinda like taking out a life insurance policy after you die?
Or getting healthcare insurance after the triple bypass surgery?
Or getting homeowners insurance after your house is on fire?
Obviously the $75 cost isn't per incident. It is per protected home and a small (1%) number of those homes catches fire each year.
No firedept could operate collecting only $75 per incident. The $75 from the 99 out of 100 homes which don't burn subsidizes the cost of operation for the 1 in 100 which does burn.
You might wanna re-re-read the summary.
The cable is (depending on size of sail) less than 1 km long.
Thus it would be sail -> up to 1km cable --> orbiting power sat ----- ? ----> earth
The ? is either a laser or microwave.
"There were no reports of fraud whatsoever" != "no fraud."
The problem is the end user's system can't ever be guaranteed secure.
Imagine a malware which infects voter's computers just prior to the election.
User logs into the voting site (or application), uses PIN & smartcard votes for candidate X. The malwae hijacks all that information and votes for candidate Z instead. It then hijacks the response from the server and shows a confirmation for candidate X.
As far as the server is concerned a valid registered and authenticated voter cast a vote for candidate Z.
As far as the voter is concerned the valid voting server accepted and confirmed the vote for candidate X.
There is no electronic security if the endpoint is compromised. Given the easy and scope of malware infections the belief that all voter endpoints will be secure it naive at best.
A similar scenario would be online banking protected by SSL, a smartcard, and strong password. All that does nothing if the customer's computer is comrpomised.
You can't have secure networks without secure endpoints. We are nowhere close to secure endpoints.
Well in 99.9% of the cases nobody is killed.
Homicide rate in the US is RELATIVELY high but it is still very rare occurrence overall.
http://www.fbi.gov/ucr/cius2009/data/table_01.html
Homicide rate in US is roughly 5 per 100K persons.
While that number may be higher than UK it is still extremely rare. In a pool of 100,000 Americans 99,995 won't be murdered.
The probability of being involved in a violent crime (in either UK or US) is a couple magnitudes higher.
That number isn't even evenly distributed. A significant portion of that is criminal on criminal violence. So if you are in a gang or involved in the drug trade then your potential homicide risk may be double or even triple the national average. The same applies to those living in an abusive home. However that law of average would indicate that those not involved in criminal behavior or living with an abusive spouse would enjoy a lower homicide rate.
As far as homicides related to a robbery (and your fear that criminals in the US will just kill you) that is just utterly unfounded.
Per the FBI there were 408,287 robberies last year and 849 homicides related to a robbery. So 99.8% of robbery victims were not killed.
The probability of being robbed and killed in the United States last year was roughly 1 in 360,000
In comparison the probability of an American dying in a car crash last year was about 1 in 7,000.
There is random data on your hard drive right now.
I believe it is kiddie porn. Provide the decryption key.
Prove that
a) you don't have the decryption key
b) the random data is just random data and not an encrypted file.
Meanwhile you will be going to jail until either you can prove the impossible or you decide to give us the key.
Starting to see the danger in the govt being able to point to any block of random bits and then putting you in jail until you provide a nonexistent key?
Slightly more esoteric. For any random block of data there is a key * algorithm that will output kiddie porn. So right now you DO have kidde porn on your computer. Now PROVE you don't know the encryption key required to reveal it.
Lots of innocent people in prison who went with that fail of a legal strategy.
The Police aren't the "good guys". The Police aren't there to "protect you".
The Police exist for one reason and one reason only. To capture (potential) criminals and gather evidence to sustain an case for the DA. Period.
So if the Police are asking you questions it is because you are the suspect.
There is a reason you are given Miranda warning verbally every single time (despite fact most people can state them from memory).
There is a reason you are given the option to have legal counsel present.
There is a reason you are given the option to decline to speak with the Police.
The Police aren't always seeking justice and always on the lookup to avoid tripping up the innocent. They have a crime it needs to be solved. If the evidence points to you (innocent or not) they will come after you. You helping them is just stupid.
To think that everything works as long as you are are innocent is naive at best.
http://www.youtube.com/watch?v=i8z7NC5sgik
Post your address so I can mail you a USB drive with random data on it.
Then a phone call to your local Police dept will be very interesting.
I see no legitimate reason why you would refuse to provide your local police the password to your USB drive full of kiddie porn.
So just provide the password or go to jail.
Starting to see the problem?
There is no way to prove that you honestly DON'T know the password or even that the random data ISN'T an encrypted disk of kidde porn.
When the govt simply has to point to random data and claim you are a criminal and all the burden is on you to prove that you aren't well you can be put in jail to any reason at anytime.
Likely there is some random data on your hard drive right now (in the "blank" space). Prove it isn't an encrypted kidde porn pic.
What if you use a randomizer (as recommended by DOD and other strong security policies) between reinstalls of the OS.
Then you would have a disk of mostly random data.
So if using a randomizer now a crime? Good encryption (like true crypt) is not detectable from random data.
I wonder what Fowler would think if someone placed an encrypted USB drive in his residence and an anonymous tip was placed that he had kiddie porn on the encrypted drive.
So Mr. Fowler prove your innocence. Give us the password to the drive.
If it has kidde porn well you are in trouble. If it doesn't you go free.
Sorry we don't believe you that you don't know the password. 16 months for you.
The day he gets out rinse and repeat. For even more fun simply put random data on the drive and say it is protected by truecrypt. No way to prove it isn't.
That only works in the movies.
step 1 is to take an image and the original is never touched again. It ends up locked and tagged in an evidence vault.
Step 2 is to make the image read only. It prevents needing to go back to the original.
Plausable deniability is far more useful.
http://www.truecrypt.org/docs/?s=plausible-deniability
There is nothing to prove the existence of truecrypt volume from random data. "Officer I ran a randomizing software before reinstalling windows". For added security you can create a "fake" volume. The password you provide the police reveals and decrypts the fake volume further creating deniability that other volumes exist.
While prosecution likely won't believe you the burden (at least in the United States and other free countries) would be on the prosecution to prove that the second partition actually exists and isn't random data.
I think you had a typo.
You were trying to write HIGHER crime rate than the US right?
http://www.nationmaster.com/graph/cri_tot_cri_percap-crime-total-crimes-per-capita
Before you complain about the weak nationmaster source you can go to the original sources but honestly I don't care enough to look those up.
So your choices are:
a) accept you are wrong
b) refused to accept you are wrong and try to prove it only to discover you are wrong and the original sources confirm it
c) live in denial.
Well that is why I doubled the CPM to $40.
Hell lets take an extreme guestimate that movie theaters got a staggering $100 CPM (roughly 500% of national TV rate) for the advantages of local & captive audience that works out to about $2 for a 10 minute block of commercials.
The persons I initially responded to indicated that w/o commercials the ticket price would be double. At best (500% of TV rate) they are making about $2 per person GROSS. Like you said the ad agency and other overhead will eat significantly into that gross.
Sadly both content providers and advertisers value our time very cheaply. TV rates work out to about $2.40 per hour. That is how little advertisers price your "attention".
Of course they failed.
1) The goal was for (at least on the windows platform) for IE to be the only browser. The browser as part of the OS and the OS linked to the browser. Sure maybe a few nerds will work around it but most users would accept IE as "the internets". That has completely failed. My mother in law installed firefox = microsoft fail.
2) 50% marketshare sounds great until you consider it was 90% less than a decade ago. Microsoft is passing through 50% on the way down and IE "brand" is damaged. IE 9 can't just be "good enough" to regain marketshare it needs to be superior.
3) There is now a lack of mono-culture. Website are being designed against standards. Standards Microsoft can't control. Less and less effort is being place on IE "optimized" websites. Sure websites still apply hacks to get the crippled IE 6 working but they are doing it less and less and it is more of an afterthought.
In this respect Microsoft has failed.
No Micrsoft KNOWS (not thinks) that Windows 7 marketshare will grow as a result of PC upgrade cycle. Old computers go offline, new computers sold with a Win7 license. Now you can install Linux but that doesn't change the fact that:
Virtually all PC systems sold come w/ an windows license.
99.9% of users will never install another OS. Hell they won't upgrade (or reinstall) windows either.
Many users treat OS as a fixed psycial part of a computer (as in "I bought a windows 7 laptop"). The idea that they "could" install another OS is foreign and not something they want to even consider. Windows 7 works and it comes for free* with the laptop why bother w/ anything else?
* You and I know W7 license isn't free but considering *MOST* (not all but most) PC have no option for "no OS" which is cheaper most consumers see Windows 7 as free and part of the new computer.
So the slow replacement of old hardware will cause Windows 7 (and thus IE9) marketshare to grow by 10%-15% a year. At this point Microsoft doesn't really need to do anything. If 5-6 years Windows XP will be as common as Windows 98 machines are now.
One would imagine that the "skip" cost would be comparable to the advertising value right?
Average TV commercial value is about $20 CPM. That is $20 per 1000 viewers. Per capita is works out to about $0.02. Every commercial you sit through the content provider picks up about $0.02. Now this varies somewhat based on view rate (people more likely to watch commercial on sports than on sitcoms) and the value of the timeslot (commercials earlier in show worth more as are first commercial in a break.
However as a rule of thumb content providers pickup about $0.02 per commercial. An hour long show has about 18 minutes or $0.72 of commercials. $1 for an hour long show ($0.50 for 30 minute spot) is more reasonable. One could figure that content providers could offer deals for prepaying an entire season. Say Google makes some money, content providers get a little bit more, consumer gets options. $2 is just highway robbery.
That can vary from $10 CPM to $50+ CPM (most valuable time slot in a major event like Superbowl).
CPM is cost per thousand viewers. Thus the per capita value of a 30 second commercial is about $0.02. We will be generous and double that (no way is a theater getting $40 CPM but for sake of argument lets pretend). That is mayb $0.10 per minute. Yup that is how unvaluable your time is.
Theater drops 10 minutes of mind numbing commercials on you and picks less than a buck. In reality it is much much much less more like $0.30.
Hell I would love for a theater to advertize. "No commercials, less than 10 minutes of movie previews, clean floors, and only 500% markup on food". I would gladly pay the $2 extra to cover that.
Meanwhile AT&T collects record revenue per iPhone subscriber while paying the least of all carriers on infrastructure (per subscriber).
So the solution is to not allow high data applications to go with these high cost data plans.
All profit and no cost. Aren't "free markets" wonderful.
One if Time Warner is now kicking themselves.
The split-off cable company now suddenly has radically different interests than the parent company.
Prior to the split the cable division would likely haven't gotten a call to "comply" and drop any injunctions.
Real issues but a minority I would say.
Also I do think NAT and IPv4 are significant roadblocks to a free evolution of the internet. Not just BT but future ideas, future protocols, future systems. Hopefully we will eventually be forced to migrate to IPv6.
Remember "firewalled != unable to download via BT". One can achieve high throughput even firewalled assuming there is sufficient bandwidth available among the "open" peers. When you add a dedicated "BT server" into the mix that changes things. The "BT server" could even be optimized to prefer firewalled peers (knowing those firewalled peers can provide pieces to open peers).
Forgot this:
http://en.wikipedia.org/wiki/Deep_packet_inspection
"Deep packet inspection (DPI) is the act of any packet network equipment which is not an endpoint of a communication using NON-HEADER CONTENT (typically the ACTUAL PAYLOAD) for some purpose.
While generally I don't rely on wiki for detailed analysis it works here since we are just looking at a high level definition.
The difference between SPI and DPI is that DPI looks at the actual payload. If one could ID and block BT based on the TCP header alone you wouldn't even need DPI. A simple stateful packet inspection would be sufficient to ID and block/throttle all BT data.
However the TCP header tells you very little other than. Where it is going, on what port, where this packet fits in the sequence and oh yeah TCP is being used. With the payload encrypted there isn't much else DPI can learn.
Now BT can be detected by heuristic network analysis but that is complex, sometimes error prone and in the future could be made difficult by some obfuscation on the part of BT protocol.
No there is no workaround for that. Firewalled clients can't upload to each other. A firewalled client can upload to "open" clients. An "open client" can provide data to other open clients or firewalled clients.
The swarm does require a critical mass of "open" clients (not necessarily seeds simply not firealled). I haven't seen any studies which show the effectiveness of the swarm mapped against % of firewalled clients but likely there is some inflection point.
Remember if BT replaced/supplemented conventional http/ftp filetransfer the EXISTING http/ftp server would be in essence be an always on super seed.
At worst a firewalled client would "only" be able to receive data from the server and any "open" clients.
Lastly the firewall issue isn't as significant as many make it out to be on home networks.
uPNP is becoming more common and more standardized (not sure if that is a good thing from a security standpoint). Most bitorrent clients turn uPNP on by default. Many routers sold today have uPNP turned on by default.
I did an experiment. I turned uPNP back on (default option) on my DIR-655 router and installed utorrent (default options) on my wife's laptop. Via uPNP utorrent configured a port and NAT and was able to upload "open" with no interaction from the user.
The UDP header contains no information on the application.
Ports are how the OS routs data to applications.
The OS network stack receives a packet with a certain port say 28379. It then sends that packet to all applications listening on that port.
The TCP header is standardized:
Source Port
Destination Port
Sequence Number
Ack Number
Data Offset
Reserved
Flags (CWR, ECE, URG, ACK, PSH, RST, SYN, FIN)
Receive Windows
Checksum
Urgent Pointer
There is no bitorrent specific information in the TCP header. Now most applications also have an application header (which identifies the application, contains messages, has instructions, etc) however that is actually part of the TCP payload and with MSE it is encrypted.
Sometimes the term "header" is uses ambiguously. DPI looks at application header and application signatures to id the application and route accordingly. With MSE the app header (and all data other than TCP header is encrypted.
Looking at an encrypted TCP packet one can't determine which application it is used for.