TorrentFreak

• Ben Jones
• March 27, 2007
• 27
• piratebay,
  torrent_trackers
• Print

There is a statement you’ll often see on p2p forums, and in IRC channels. It usually comes in a discussion about “getting caught” or “letters been sent” and it goes something like “the safest thing is to join a private site. The other oft-proposed solution, blocklists, has been discussed before. Are private sites any safer though?

In preparing this piece, I spoke to several private site admins, and a few public tracker admins as well. The results may surprise you.

There are three main areas of concern, that the server may get seized, or that an anti-p2p agent may infiltrate the site. Seizure is a risk for all torrent trackers, or indeed all servers period, as both pirateBay, and indymedia can attest to. This has both good and bad points, in that you get the site shut down quickly, but on the downside, you REALLY have to have your ducks in a row before doing so. Additionally, you may take out the site admins, but you can often create a negative publicity backlash, especially if you take down other people’s servers at the same time. ‘Infiltration’ is a more time consuming method, but can yield better results. This was the method used to mount evidence for the elitetorrent raid (operation d-elite) in May 2005. The third method is describable in many ways, depending on your opinion of the target of it. It can range from “surrendering to extortion” to “getting paid off” but means the server owner has been contacted by one or more groups or agencies, and has agreed to hand everything over voluntarily. There is only one real example of this so far, Lokitorrent.

Seizure

Put simply, this is the method of :

** Going to the hosting company
** Gaining entry (with or without a 100% legal and valid warrant) and
** Physically removing the servers from their racks
** Then taking them into custody

Often, search warrants will also be served on any members of the site also within jurisdiction and considered ‘big enough’. Once they are taken into custody, the hard drives can then be examined and entered into evidence for possible criminal proceedings. How do private sites deal with this?

Well, depending on the site, you might be safe, whereas others you might as well just hand yourself in on others. All that I spoke to stored the total ratio (including upload and download counts) email address, and username/password. Many also save a list of what torrents you’ve uploaded to the tracker, although that list usually only contains active torrents active.

The email address and username/password is a bad thing. It counts as ‘personally identifiable information’, basically meaning you can’t say “it wasn’t me that did it’. Odds are you probably have an email from the torrent site in your email account with your username and password. If the password matches any other password you use, or if your computer shows records of having accessed that email account, that’s a link made to you that will be very hard for you to explain away.

Of course, such seizures are rare, and to date there has been no activity against individual users of the sites, but it must be pointed out that of the two public tracker admins I contacted, (Anakata of the pirateBay, and the one of the tracker suppliers to EZTV and VTV’s) both said that their trackers did not save any user data at all, it was all in volatile ram, meaning when they’re pulled, or even when the power goes out, the data is gone. Only the most secure of the sites I spoke to (scenetorrents) offered this for its uploaders and staff)

Infiltration

This is more the sort of thing that copyright enforcement groups are generally better at. It takes a lot of time, and manpower, which they have, unlike the understaffed and overworked criminal investigators the world over . Not to say that such departments are not capable, there really are more important ACTUAL crimes, that affect everyday people in a major way that they should be dealing with instead. At its most basic, its someone, joining a site, and collecting info. Depending on the sites membership policies, and its popularity, this can be very easy, it can be hard. Quite a few are now invite-only, so first you have to find someone with an invite, and acquire one somehow. Methods for this alone have a huge range, from “hey any1 got an invite to xyz’ on a forum [image], to building up a relationship and bona fides on an IRC network such as p2p-net, or EFnet. Others, such as the British TV+radio site UKnova are so popular that when an inactive account is purged, the empty membership can be snapped up within 5 minutes.

So, is there anything stopping these people joining? Well, in a word, no. It’s unlikely a member of the BSA will try and register for a site from his office computer, for instance, but there is nothing stopping someone from doing so. One site however (Bitsoup) did give a sign up warning [image], albeit an old favourite making a comeback. Once someone is on, they then have the job of collecting IP addresses from the tracker. In this regard, private trackers are inherently much less secure. On most private sites, all users can view all the usernames of peers also on the torrent with them, and sometimes their upload and download averages.

If they were to compile lists of users on a torrent with the IPs on the torrent, it might be hard to match them, but do it over a few dozen torrents, and they’ll start seeing the same IP ranges appearing only when a certain username is on it , they’ve now identified the IP address of that user. It is impossible to do this with a public tracker, as put simply, there is no username telling anyone when a certain person is on a torrent. Add in DHT, and that people tend not to have any loyalty to a certain tracker, mean its impossible to build this sort of complete peer overview without private sites.

So, copyright enforcers may be members of your favourite private tracker, do the sites do anything about it? Again, in a word, yes. None of the sites would go into detail with me how to monitor for such users (and I doubt I’d understand them if they did , software guys have a tendency to revert to their own private language when asked a technical question) but I was told by all of them that they employed a mixture of automated, and user-based methods to detect and report suspicious activity. Basically everything from a user reporting a peer acting suspiciously on up.

Conclusion

Whilst private sites can prevent you from getting the letters and emails from your ISP or enforcement agency, They are not a perfect solution. Dealing with these sites takes time and effort, a lot of it, and that’s more than many rights holders care to do right now. It is relatively easy to go to somewhere like mininova, and find a torrent for your property, then grab the IPs and send an email to the corresponding ISPs, it’s much more involved to do the same with private sites. In that aspect, private sites are safer. Until the majority (or at least a large percentage) of material on a private site belongs to one rights holder, that holder is unlikely to target that site. There are exceptions, of course, depending on the material in question , the elitetorrents bust over Star Wars Ep3 showed that.

In the long term however, when and if the procedure for prosecuting file sharers through civil court becomes easier, such sites will be far more hazardous to use. The very practice of restricting usage to certain identified members is its achillies heel. Using a groups own membership and activity records against itself has been a prosecution tactic for many decades. Seizures happen, infiltrations have gone on for a while now, and some might say it’s only a matter of time.

In their favour, private sites have generally much faster speeds than public torrents, meaning your window of exposure for downloading is shorter. However due to the more limited availability of the torrent, and the greater importance on ratio, you can have a vastly greater upload window, and it’s uploads that are usually targeted. They also generally have content policies, meaning fakes, malware and misnamed torrents are kept to a minimum.

Overall, in some ways they’re safer, in just as many ways they’re a liability. To put it another way, you’re safer from the more common small-time infringement notification, but a much easier target for the (much rarer) big-time operations.

With thanks to the following people:

In preparing this piece, I spoke to several private site admins, and a few public tracker admins as well. The results may surprise you. There are three main areas of...