Anti-piracy groups are monitoring millions of BitTorrent users every year. Whether their end-game is to warn, threaten or sue, all public BitTorrent trackers are populated with companies that harvest IP-addresses. A new paper published on these monitoring activities describes the variety of techniques being employed, and shows that P2P-blocklists offer little protection.
When people use BitTorrent to download copyrighted material, there’s a good chance that their IP-addresses are being logged by anti-piracy groups. Just last week we showed that two of these companies were snooping on thousands of torrents.
Many privacy-conscious BitTorrent users are well-aware of this kind of monitoring activity and take measures to remain anonymous. The preferred way for many is to use a VPN or proxy which conceals their ISP IP-address.
Another group of BitTorrent users prefer a free option in the form of a blocklist. These blocklists prevent a BitTorrent client from connecting to IP-addresses that presumably belong to anti-piracy outfits.
Monitored Torrents (see)
While these blocklists do provide some “security” they are not foolproof. Some anti-piracy groups are not recognized by the blocklist and therefore not blocked. This means that users who rely on them as their only means of protection are at risk of being logged.
In a new paper titled “The Unbearable Lightness of Monitoring: Direct Monitoring in BitTorrent,” researchers from the University of Birmingham try quantify this problem.
The researchers developed a methodology to detect which “peers” in a swarm are likely to be anti-piracy monitors. The research looked at 60 public torrent files and over a period of time they found 856 peers (on 5 subnets) that showed strong characteristics of monitoring agencies.
This data allowed them to compare their findings to the IP-addresses that are blocked by the popular i-Blocklist blocklist, to see how effective it is at keeping BitTorrent spies out.
Perhaps not surprisingly the blocklists doesn’t offer complete security. 69% of the IP-addresses of monitoring companies were blocked, but the other 31% were not. In other words, nearly one in three logging attempts bypassed the blocklist.
“Our direct monitoring analysis produced 593 peers (out of 856) that appear in subnets listed in the Anti-Infringement list. In addition, our analysis identifies 263 peers that, albeit displaying the same behaviour as monitoring peers do not currently appear in blocklists,” the researchers write.
“BitTorrent users should therefore not rely solely on such speculative blocklists to protect their privacy,” they add, suggesting that these BitTorrent users should add blocklists based on empirical research.
In addition to examining the effectiveness of i-Blocklist, the researchers also identified the prevalence of indirect versus direct detection methods.
In the past, indirect methods – where monitoring companies obtain lists of IP-addresses without connecting to the downloaders – have been heavily criticized. The main problem is that these lead to a high number of false accusations. For example, research has shown that due to shoddy techniques even a network printer can be accused of sharing copyrighted files on BitTorrent.
In the paper the researchers found that direct methods – where the anti-piracy group confirms that downloaders are actually sharing – are also widely used now. Their paper is first to provide evidence of direct monitoring, suggesting that monitoring companies are upping their accuracy.
For U.S. Internet subscribers the topic is relevant as the six-strikes anti-piracy scheme will be rolled out later this year. The Center for Copyright Information has yet to announce the names of the companies that will do the “spying” for the six-strikes system, and when they do it will be interesting to see what data gathering methods they use.
But whatever the answer, a blocklist alone is not going to prevent BitTorrent users from running into trouble.