TorrentFreak

The place where breaking news, BitTorrent and copyright collide

BitAudit: The Tool You Don’t Want Anti-Pirates To Have

BitAudit is by far the most elaborate tool to track communications between BitTorrent users we’ve seen to date. Although its creator built the application to give BitTorrent users insight into the inner workings of the protocol and the public nature of it, anti-piracy outfits might use it as inspiration to update their own tracking systems which are usually pretty weak.

bitauditTwo years ago a study by the University of Washington department of Computer Science and Engineering revealed that the evidence gathering software used by some anti-piracy outfits is not really up to par, to say the least.

By spoofing their presence the researchers managed to receive hundreds of infringement notices addressed to a networked printer that never actually shared a file. This showed that the companies involved do not actually verify whether an IP-address connected to a swarm is actually sharing the file they claim it is.

This could spell trouble for the tracking companies that are involved in the recent lawsuits against BitTorrent users, such as in the Hurt Locker cases. If their evidence gathering is as weak as that of the outfits which sent the infringement notices to the university printer, the courts might easily throw these cases out. This might be one of the reasons why copyright holders prefer the quick and easy settlement process instead of a full court battle.

The lack of effort that goes into evidence gathering is quite shocking in some cases. Just a few weeks ago we reported that an employee of a law firm that’s involved in these BitTorrent lawsuits bought such a tool on a rent-a-coder site for between $250 and $750. It only takes one settlement from a BitTorrent user to recoup this investment.

Although an IP-address is not a person, there are plenty of ways to gather more solid evidence that an IP-address was actually involved in a transfer, avoiding many of the false accusations that are common today. One tool that actually produces (more) valid logs is bitAudit. Its programmer, Sam, is currently looking for beta-testers.

As can be seen from the video below, bitAudit gives a detailed and accurate overview of what happens when you fire up your BitTorrent client. The application shows how public transfers on BitTorrent are, but it also reveals that not every IP-address in the swarm might be sharing the file.

What bitAudit Does

TorrentFreak spoke with Sam to find out why he decided to code the application, and to find out what purpose it would serve for the public.

“I’m an engineer and I’ve always liked knowing how things work. All BitTorrent clients I tried didn’t show well what happens behind the scenes so I thought I’d write some code to log things correctly,” Sam explained. He showed the logs to his friends who said they instantly better understood how the BitTorrent protocol works. This all happened about a year ago and Sam shelved the code until recently.

“Then as more news on BitTorrent lawsuits and evidence collection came out, I thought I’d try my code again but as an experiment to see how fast I could generate these logs and exchange pieces with peers,” Sam told us. “It was a fun process and I learned even more and found I had to toss many of the BitTorrent efficiency rules out to generate these logs quickly and efficiently. I even added checksums to ensure the data wasn’t modified/tampered with.”

Rather than shelving his program again, Sam has decided to share it with the public this time round. He’s currently looking for Beta testers to try the application and give him some feedback so he can make some improvements.

“There are a lot of BitTorrent users out there that have a minimal to average understanding of how it works and I see a lot of misinformation perpetuated in forums and comments. bitAudit gives users an inside glimpse into how BitTorrent works and what evidence collection looks like. Knowledge is power and making bitAudit available to the public can only help educate users on how to better and safely use BitTorrent.”

Aside from the application being an eye-opener for some BitTorrent users, it might also do the same for the outfits that are currently working with highly inaccurate tools to gather ‘evidence’ on BitTorrent users. On the one hand this is good news because applications like bitAudit have the potential to reduce many false accusations. But for those who do share files without permission from copyright holders, a better standard of evidence gathering could prove problematic.

Related Posts

Previous Post | Next Post

  • Tomas

    Sent a request to be a beta tester now. I hope he makes it open source in the future.

    I wonder how long it will take until this leads to a court case.

  • duane

    ???

    If this isn’t what the industry’s “experts” have been doing, then what HAVE they been doing?!

    Also, big deal! :P
    This looks like a program I could write in a few hours. Sam sounds like a lame script kiddie with a copy of libtorrent.

  • http://torrentfreak.com Ernesto

    @duane

    It’s not rocketscience by any means, but there’s no need to target Sam for that.

    The point (of the article) is that several anti-piracy outfits that are targeting BitTorrent users have no clue what they’re doing. If I understand it correctly that’s even news to you…

    From what I’ve seen Sam makes the communications in a BitTorrent swarm loggable like no other app out there does at the moment, if you can beat him to it please send a copy of the code to my email address ;)

  • Nice

    If you could have written it then why didnt you. Its easy to make a few $$$$ by selling it to an anti-piracy outfit.

  • Joe

    Haha, now that the source is out there no doubt anti piracy orgs will use this. Another reason why one should use usenet :P

  • duane

    Apologies to Sam…

    If they aren’t doing this already, he should patent his method!! Use their own weapons against them! :D

  • duane

    @4 Nice

    I would NEVER write a program like this, because I believe its morality is questionable. This is something whose *only* use is to spy on what other people are doing.

  • Anonymous

    He should make it available to everyone with the EULA stating that it is illegal to use for court cases. If the RIAA tries using it in court, sue ‘em!

  • Einstein

    Is it even necessary to write “specialty” programs in order to track ip addresses, when Utorrent displays lists of ips for all the world to see?

  • .neo.stylesnv|DX

    I just wonder about the checksum that he creates…. if you alter the entry of a line, you’ll just generated an updated checksum. How can that be prevented?

    Forging the info is still very likely.

  • hms-one

    Even the extensive logging that this program is capable of does not constitute proof of copyright infringement by an individual. It’s scary to think that ‘piracy’ cases are being fought and won, and that people are successfully extorted every day.. all based on evidence much flimsier than this.

  • PlayBoyMan

    I don’t like this tool one bit. Not one bit at all :S

  • fubar

    hes says
    “Why did I create bitAudit?
    It was a hobby project”

    No it isnt and will not be hes just proved to me hes like Brahm, once out of beta all info will be sold to mpaa so pple ignore this so called tool,is trying to make a quick mega $$$$

    ITS A TOOL THAT GATHERS YOUR INFO OF TORRENTING
    and hes asking normal noobies to beta test it to confirm shit

  • Anonymous

    @9: You’re one of the people that doesn’t know anything about bittorrent.

  • ccc

    a simple solution, just stop using bt

  • Anarnymous

    Just what we need: more tools to allow someone else to keep better tabs on us.

  • Soro

    No top 10 most downloads today then?

  • Rabbit80

    @6

    Agreed!!! If he patents his methods this will stop the data collection agencies in their tracks – then simply show the courts what proper data collection looks like and if the RIAA can’t match it, they’re screwed.

  • Anonymous

    The information is publicly available for everyone to see. Stop complaining. If you don’t want people to see this information, maybe you shouldn’t use Bittorrent. If I put up a sign in my window I can’t demand that people don’t read it.

  • duane

    @19 Anonymous

    Looking through your open window is also publicly available information, so it’s not at all an invasion of your privacy, right? If you don’t want people to see this information, maybe you shouldn’t have windows.

  • Some dude

    This is great. The more these kinds of tools are made, the sooner people will understand that we need more secure p2p solutions and there’ll be much more effort put into darknet (like Freenet/Gnunet etc) development.

    And the faster we get to secure & anonymous p2p, the fewer innocent people will have suffered from the extortions.

  • Anonymous

    @20 that’s not how analogies work. There are plenty of laws in place to make the two comparisons completely invalid.

    A better comparison would be in regards to security cameras at a public event (like a trade show) being able to track you.

    You voluntarily enter the public space knowing that others can observe what you’re doing (or you’re ignorant enough to believe you are, for some reason, invisible). As you make your way from booth to booth, anyone within the event can observe your transactions with vendors as well as security watching from cameras.

    There is nothing inherently “wrong” with this, it is just how reality works.

    As for this software… it is definitely controversial and absolutely has some potential, significant downsides to it…

    …but it didn’t invent or create the issue, it is only manipulating data that already exists — and would have existed regardless of whether or not this guy released the software.

    There are only two rational scenarios:

    1) This guy doesn’t release the software (or even if he hadn’t ever mentioned it or discussed his method). This means that someone else could (and would) eventually figure it out and possibly not even make it public. They could just perfect it and sell it behind the scenes to the anti-pirates.

    2) This guy does what he did and can possibly give a head start to people trying to circumvent this type of tracking or just be aware of it in general. There is no down side to being aware of danger.

    When WEP was finally cracked, it didn’t make computers less safe… it made the market shift to the more secure WPA and WPA-2 encryption. It would be ignorant and silly to have been mad at people like BackTrack and other security distros for making it easy to crack security when, in reality, it just makes people aware of issues with security.

  • Anonymous

    There is no morality in science. Only understanding and learning.

  • Anonymous

    @22
    You’re a moron

  • homer

    I’m sure the industry (MPAA etc) have had these tools nearly since the beginning of when BT took off. No point in trying to make this guy the bad guy, like #21 points out, it might only serve to make BT more safe. Not that ever will, unless they make it like TOR, and the horrendous performance will drive people away or create uber-eleet segregation of users. BT has enough of that bullshit already, so that will ultimately just drive MORE users away.

    Maybe I’m missing other factors that could change things, such as IPV6, if IP addresses are so plentiful it could make it easy to change IP addresses routinely or other such trickery.

  • Jay

    I have to agree with #21. Only by exposing the weaknesses of Bittorrent can they make a better program.

    Maybe this will push them to make Bittorrent more secure.

  • Anonymous

    @25: Clients will always need this data. There is no way to “secure” it.

  • Rass Moser

    Great, what kinda idiot makes a tool to “help” the anti pirate trade? Dude needs a serious beat down!

    real-anonymity.se.tc

  • Anonymous

    I’d imagine anyone who runs this tool will quickly find their IP added to a PG2/PeerBlock block list.

    Also, if this data is to be used for any sort of lawsuits, wouldn’t all the people providing info about this be required to have a Private Investigator’s license?

  • LiteHacker

    I can actually write up something like this. I have written up something that looks like BitThief before, just to see how the other piers will react, and to understand the protocol better.
    I would write up some kind of detailed analysis tool if I had an incentive to do so.
    (Main points of interest:
    1. What is the percent of people, downloading something illegal vs legal, who stop uploading right after they finish downloading?
    2. What is the percent of people using BitTorrent who cannot share pieces after download because they are behind a firewall?
    3. From which countries are the top original contributors of illegal content?
    4. etc.. the list goes on if you think hard enough.
    )
    I am very much against helping the copyright industry in anything. However I don’t built it, someone else will.
    I don’t have much of an incentive to programming this stuff other than finding out some key statistics. (I am particularly interested in #1 and #2 above.. But we don’t all have free time on our hands.. :P) If I had a demand for such information, I would consider building it..

  • Anonymous

    @23
    Idiot Monkey! 22 is correct, Science is amoral, it is just mans best attempt, so-far, at an iterative error-correcting system to reveal how nature and reality actually work, the opposite of superstition and dogma!

    “Morality” is just an arbitrary set of _social_ rules peoples use to constrain their actions, or attempt to persuade or impose on others, the later being called Dictatorship!

  • DJDANK

    What kinda duchebag made that program? Let’s hope it doesn’t get into the wrong hands….

  • kuru

    @22: yes, you’re the king of rationale, but you better believe me, one day life will catch up with you.

    As for the topic, i don’t give shit, these data can be gathered since bt exists, Bitaudit simply processes them quite smart.

  • Anonymous

    @29
    1. It depends on what is _actually_ lawful or not, legal is for suckers!

    2. Anyone trying to download behind a firewall is a fool because it is likely far more secure to use UDP rather than TCP, and it probably takes longer to download if you don’t upload, which is more risky!

    3. Again it depends on what the occupants of that country call illegal or not, not the corrupt media corporations and their politicians!

    I’m very much against respecting statutes, they aren’t even “law” if you don’t consent to contract, even the seemingly good ones are full of weasel words and deception going back centuries; the bar stewards!

  • Pal Al

    I wish the law would take the resources wasted on this and focus on dealing with gangs and gang violence…

  • DanielRemains

    I give the creator The Finger!!

  • Gavin

    This app could be grate for finding the IP address of computer in the swarm not doing normal things, i.e. not exchanging files, but logging IP adresses, for money demands.

    These IP adresses could then be gathered and used to block these companys, like what Pear Garidan dose.

  • LiteHacker

    @33:
    1. I mean legal or illegal by the definition noted within the rules of international copyright. I gather that there would be a higher chance of people not willing to share files that are noted to be illegal by those in power. Sorry for not being too philosophical.
    2. I don’t know how you found how the use of firewalls or UDP to be any more secure than plain TCP. I can easily see both without an issue.
    3. Refer to #1.

    You seem to be taking on an anarchy point of view in a semi-fascist world. Just because you disagree with the current form of government doesn’t mean it does not exist.
    Indeed, I refer to what is lawful and unlawful as that which was declared by those in power.

    My post was technical with computer science, not political science. I can speak with you about that at a different place, at a different time.

  • Anonymous

    This is what you call sharing code?

    If he really wants to prove it’s efficiency as provider of accurate data, first thing he should do is release it’s source code. Not that it makes any difference, other than it could bring out flaws in bitAudit itself if there are any.

    I don’t know what noob jobs are done by current data gathering agencies, but neither is this some miracle potion.

    On data checksum: I would be a true idiot if I would tamper the log files by changing IPs and not update the checksum. Just one question, how in the world is he going to prove that checksum is not updated later on?

  • Anonymous

    change the license so they are not legally allowed to use it for evidence gathering :+)

  • SwitchBlade

    The naivety of intelligent people never ceases to amaze me. When the fun of discovery is twisted into a tool to put youngsters in prison, tear families apart, and accuse the innocent with so called ‘hard eveidence’ (I can piggyback my neighbours broadband too)…twisted by a corporate monster whose only gain is profit…then tell me your a happy man Sam.

    There is a saying ‘just because you can doesn’t mean you should’.

    Read this rant and understand.

    http://www.p2pnet.net/story/41331

  • Whatever

    @3 Ernesto

    “It’s not rocket science” should be replaced with “It’s not quantum science” nowadays.

  • afhof

    @all_but_2

    This basically is a debug output of an early torrent program. Any programmer worth their salt could whip this up in a few hours.

    It would be foolish to think that well funded organizations don’t have this and more powerful tools at their disposal.

    @2, You’re right, this is just script kiddie who is demo’ing a program that, all in all, is not that impressive.

    my 10 cents anyway…

  • Klose

    @5

    You think you’re bright but it’s not

    Observe the 1st rule and shut up

  • MrWhiskers

    If this hasn’t already been implemented by anti piracy groups in some other form I would be shocked, I fail to believe they get paid to share files and simply copy the peer list and issue fines (although that is most likely the case).

    As other have said the information is there and available for everyone, truly there are people in the world already able to look at this information for more than a decade, it’s not the developers fault for creating a more user friendly way of viewing it. Obviously he must/was aware of the anti piracy implications, but thats his own justification.

    Do I agree with most anti piracy laws, not really, but when doing something against the law, one has to accept the consequences if you get caught, they may not be fair, but you are fully aware of the possibility of what might occur.

    Complaining about this program is like complaining about someone finding something thats hidden around a corner, all they had to do was take a few steps, now its up to the bittorrent community to find better ways of hiding this information

  • Cyberpiraten@tpb

    Why dont anyone make a program against this then! If they see our IP adresses then we’re pretty fuckt…

  • Ninja

    When it’s stable I’ll check it out. I don’t fully understand the bt protocol so it might be interesting.

    As for MAFIAA using it, it’s better since it prevents false accusations, or at least reduces it. Open wi-fi will still be falsely accused.

    As for me I would love to see them trying to accuse me of theft. I’ll first crush their arguments then I’ll sue them for moral damages and stuff like that =)

    File sharing is not theft. It takes only some original content and good argumentation to completely crush them. And you can earn easy money in the process =D

  • Ettore

    I hope he leaves it closed-source TBH. If so, then nobody can copy his code, and the likelihood of his software becoming “suitable for evidence gathering” is next to none. Effectively, eliminating the chance that evidence from his software can be used in a court of law.

  • Kaptain Krunch

    Just send them anti-pirates to a commet. Problem solved!

  • Anonymous

    This program points to an IP address not an individual. That is all.

  • lverona

    @22 Very well said.

    Plus, to people who suggest patenting, remember guys that patenting works only if you are a large company. If you are some kid, don’t think that the courts will say – okay, you all Disneys and Universals, sorry, this kid has got a patent so you cannot use it. They will find not only how to use this program, but they’ll sue the guy with their multi-thousand patent portfolio and that will be that. Patents in software work only to the benefit of large companies.

  • Netflix

    I’d like to see cheaper internet services to develop and internationally.
    I’d like to see the entertainment industry propose so cheap solution that is just better to subscribe than go on P2P or Usenet. Need early simultaneous releases (both Cinemas and web).I don’t believe in lawsuits or excessive file sharing.

    Again, STEAM is a good example of how to do it right. We need the same for TV and movies, and a worldwide Netflix, not just US.

  • Nick

    Finally some love for the BitTorrent protocol. There are too many people out there disseminating false information about how BitTorrent works.

    So I think this is very cool (it’s the sort of thing I would have liked to have done given some free time).

    As has been stated by several others, this information is all public anyway – if this guy didn’t do it, someone else would have.

    So stop the hating.

    The real challenge now is to innovate and engineer solutions to the problem.

    Anonymous systems such as Freenet are very secure and do not suffer from content availability. However they are mind-numbingly slow, require lots of overhead, and are often limited by the upstream speed of the slowest peer.

    Friend-to-Friend systems utilising encryption are safe and speedy (assuming someone on your network does not invite an adversary), but suffers from low content availability.

    Proxy services provided security, anonymity and speed. But at a price.

    None of the above solutions seem to be ideal. I think the best solution lies somewhere in between. A system which provides plausible deniability (but not true anonymity) could potentially be created with minimal overhead…

    -Nick

  • Anonymous

    Should be released under the most restrictive not-for-commercial use cc license.

    Other than that, great program to educate the masses – or it would be, but the majority those people will never hear, nor care about this.

  • james brown

    another reason why private sites are the safest way to get you files and remain safe with less worries.

    HD/HQ site…

    http://www.seed-bytes.com/signup.php

  • We The People…

    FREENET!

  • seedbox hoster

    Another reason to grab a seedbox. Faster speeds, take your files with you anywhere, stays running 24/7 so you don’t have to, and it’s of course anonymous.

  • An0nymous

    “private sites are the safest way to get you files and remain safe with less worries”

    Yeah – Right

    Ha ha ha ha ha

  • Pingback: Blue Microphones Yeti Professional USB Microphone

  • rollinginsanity

    @34

    Wouldn’t not uploading mean they’d only try and pin you for obtaining illegal stuff instead of also distributing?

  • Anonymous

    All he has to do is release it closed source, and when it’s running on an MPAA PC, (Domain Name or whatever) it just adds a ton of bad IP’s to the mix.

  • Pingback: BitAudit, un outil pour repérer les véritables peers sur BitTorrent - HADOPINFO.fr

  • swe

    Simply use VPN for downloads and seedbox to spread copyright material and they never catch you.

  • Anonymous

    And why are we supporting this when we know it can be used against us?

  • whipped

    It must possible to create a more advanced Bit Torrent Client? Then these problems caoud be solved.
    Could it not be written to use encryption that gives users anomymity?

  • elduka

    PLEASE DONT SHARE THIS SAM. DONT SCREW ME LIKE THIS BRO

  • StevO

    This still doesnt help all the open networks out there that can be accessed at any apartment building. I do not know how so amny are open but they certainly are. Consumers still have no idea how to secure their wireless networks. Until it becomes PUBLIC KNOWLEDGE, I dont know how anyone can be accused of filesharing. I can go to my “local” newspaper online classifieds and buy wireless routers for $25 and hook them up and there is no protection on alot of them. So how would the average consumer know. Hell they are happy they can sit down with their laptop and use the damn things, let alone know how to secure them. I would think if a judge actually thought this through, they probably have neighbors and family with open networks. Its just not PUBLIC KNOWLEDGE. Now that almost every phone and gaming console is wirless, theres more and more demand for routers. They are everywhere!!

  • Sigh

    ITT: a load of noobs who have no idea what they’re actually doing when they use BitTorrent.

  • Mr. Briggs

    I don’t see why so many people are against opening the source of this program.

    I entirely agree with #22 (Anonymous) – if this coder doesn’t release it publicly, he might be asked to privately release it to the copyright holders and then be bound under law not to release it to the public for fear of people inventing more secure methods of transfer that they can’t crack.

  • Pingback: Systema

  • ladygaga

    Anyone trying to download behind a firewall is a fool because it is likely far more secure to use UDP rather than TCP, and it probably takes longer to download if you don’t upload, which is more risky!

    Welcome to http://www.shox-footwear.com

  • Anonymous

    @66 I second this.

  • KamalaRider

    The whole concept of Internet when it started was for it to be open to use for anyone. Securing the Internet will only lead to contra measures as we see more and more. Securing your end is completely up to you, or securing your traffic. What the governments are trying to do are just going ways around to protect their income, taxes. Completely against free speech and civil rights whom are forfathers faught and won for us. LiteHackers has refreshening objective views and so don’t crack down on him/her. As a commercial system developer, I would love to even see more laws and restrictions on how to illegaly download mine or any commercial software, but from a personal perspective, my commercial rights has to forfit in favour to my personal freedom, even if it means I loose money. It’s up to me to protect my own property with encryption and safe means of distribution. This should be one of the ground rules for intellectual properties. I don’t have any qualms about the person cracking/distributing the cracked software goes to jail for an extended period of time though, but the receiver should be held unresponsible. Also, should libraries all around the world be held responsible for lending out books? Should the lender be prosecuted for just reading that book. The world have turned up side down in pursuit of money, governments, companies and lobby fractions. Like a book, if software, DVD/BR movies, music were fair priced, I think most would like to have a genuine copy, except those who would always prey on others work and efforts to make all our lives more fun and entertaining.

  • Adam

    I honestly thought this was the typical process the “antis” did to get their lawsuits rounded up in the first place…..

    All it takes is the one handshake, and the download initializing (downloading from the peer) – and you’ve been verified as a “distributor” (whether as a seed or peer).

    Only this takes it a little further to drown the peer deeper in water, cause they can go “oh my little tool told me you had the WHOLE file….so I can fine you more money”

    I understand the whole possibility of spoofed IPs, and such, disconnected hosts (I used to see torrent connection attempts in my firewall up to 30 minutes! after closing my client) – but I don’t understand the whole “spoofed IP” deal…..the way the protocol works, if you give the tracker a wrong IP address – nobody will be home, and you don’t get your goodies….I’d consider that like virtual ding-dong-ditch…..Ding Dong Ditch http://msgboard.snopes.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=28;t=001012;p=1 lol

  • Curious

    What ever happened with this? The website seems to be down. Did the code ever get released?

  • BTGuard - BitTorrent Anonymously

NewsBits

Even more news...

  • Blu-ray Anti-Piracy Tech Stops Discs and Promotes Purchases

    An anti-piracy system present in all official Blu-ray players since 2012 has received a fresh update...

  • Foxtel Breeds Pirates by Locking Up Game of Thrones

    One of the main reasons why people turn to piracy is the lack of legal alternatives....

  • UK Student Admits Breaching Sony Copyrights With Leak of PS3 SDK

    Last year an Internet user known as El Nomeo leaked version 3.70 of Sony’s Playstation3 SDK...

  • Pirates Can Be Identified Despite Sharing IP Addresses, ISP Claims

    Carrier-Grade Network Address Translation is a network mechanism through which many Internet subscribers can share the...

  • Feds Seize Cash from Major Bitcoin Exchange’s Dwolla Account

    The U.S. Government has taken a significant action against the web’s top Bitcoin exchange by seizing...

MostDiscussed

Below are TorrentFreak's most discussed articles of the past month. Join the discussion if you like.

CopyQuote

Left Quote

“The Pirate Bay has been one of the most important movements in Sweden for freedom of speech, working against corruption and censorship.

Peter Sunde Left Quote

PopularArticles

A selection of some TorrentFreak's classics dug up from our archives.