BitThief Spies on their Users

Ernesto
January 16, 2007
28
torrent
Print

BitThief, the BitTorrent client that downloads torrents without uploading is spying on its users. Apparently the client is not only cheating on the BitTorrent community, it could also be a potential risk for the leechers that use the client.

bitthief The Java based BitTorrent client continuously sends user data to their server. Currently it collects the torrent hash, total size of the download, the current version of the client, total number of pieces available, and the size of these pieces. Since the data is posted on their server, it is possible to link all this info to the users’ IP-address.

The current version of BitThief comes with a property file contained in the bitThief.jar. The actual data is posted to http://dcg.ethz.ch/projects/bitthief/et.php every time a torrent starts or stops.

It is unknown why the developers decided to collect the data. It could be that they collect these statistics for academic use, but I guess the more paranoid people among us could easily come up with other, more evil, motives.

The curious thing is that this “feature” of BitThief in not documented. The client is spying on you without your consent. Whatever the real motives are, it is yet another reason not to use this client.

Update: The BitThief homepage was updated a couple of hours after we posted this article. It now lists the spy feature.

Previous Post | Next Post

Follow @torrentfreak

sloncek

Way to go for the cheaters ;)
paperslug

PWNT!!!
Yatti420

PeerGuardian 2 Block Anybody?
Bogaa

Should have checked it before you post the initial topic, who knows how many ppl downloaded the thing.
http://torrentfreak.com Ernesto

[quote comment="40605"]Should have checked it before you post the initial topic, who knows how many ppl downloaded the thing.[/quote]

Here’s a quote from our first article on BitThief.

[quote]it is needless to say that this client will seriously hurt the performance of BitTorrent transfers, and I seriously hope that it will be banned and blocked wherever possible.[/quote]
Pingback: Bittorrent client Bitthief spies on users » gHacks tech news
Paul McMahon

It is documented

Note that, as it is a scientific project, we require measurements of the performance of our exploits. For that purpose, the client occasionally transmits data to our webserver. The transmitted data merely contains information about the time required to download files of any size. In particular, only a hash of the info hash is transmitted, which means that it is not feasible to determine what has actually been downloaded which is not of our concern. However, we advice all testers not to download any copyrighted material.

from http://dcg.ethz.ch/projects/bitthief/index.php
Keith

Thus, it means we are back to uTorrent and Azureus.Even BitComet was reported to be abusing the torrent network.
Pingback: BLOGical Thoughts » Wednesday, 17 January, 2007
http://torrentfreak.com Ernesto

[quote comment="41103"]It is documented

[/quote]

They updated their website thanks to this article.
Try Google cache for the older version.
Pingback: BitThief Spies on their Users « Cabories Digitals
John Smith

just add the 2 lines to your
C:\WINDOWS\system32\drivers\etc\hosts
file

127.0.0.1 dcg.ethz.ch
127.0.0.1 ethz.ch

and you’re clean!
yo mom

PWNT
justanobody

Why don’t you selfish greedy fucks that are posting how to fix the hosts file or saying you’re going back to azureus or whatever just do what we all do…..share you bastards!
Anonymous

On the BitTheif site it says:

If your host is behind a firewall, make sure it can receive incoming TCP connections on port 6811, as this will improve performance of BitThief significantly.

I’m guessing this is the incoming port. I have never used BitTheif, but somehow cant we configure our firewalls to block uploads on port 6811?
Xenocide

82.130.103.73 Traced IP Address to their server. blocking that should block the data upload sent to their server.
Steve Berry

Listen up people. Stop thinking “me..me..me” and start thinking “how will the protocol survive ?
I initially thought this was just nefarious – but as usual in life if you RESEARCH the answer becomes clear ( well..at leat to me it does ! ). I’ll admit I was wrong initially and I’m not ashamed to admit it !
Ask yourselves the question – why was BitThief created (and documented publically) in the first place ? It’s a scientific/research based project so the developers “believe” their intentions are in the right place.
They’re addressing this primarily at those that develop/understand the underlying protocol.
They’re trying to point out to the aforementioned people (and anyone else who is interested) that from the Developers perspective there is an inherent weakness in the BT Protocol which NEEDS to be addressed.
Bottom line – ideally clients like this should never actually have been allowed to be created in the first place – the protocol should inhibit it. The fact that it was and it works demonstrates what they’re talking about.
Reading between the lines I think the BitThief creators love the protocol/what it does/gives to the World and WANT it to survive which is why this work was published.
It’s the Jedi talking NOT the Sith !! ;)
I might even allow a BitThief client or two in a swarm if I see one ! ;)
Pingback: bitthief - what is it at happy indian
Chris

Sorry read the home page for the software http://dcg.ethz.ch/projects/bitthief/

They collect data from clients to data map how long it takes to download something without uploading.

They only collect the HASH which cannot be used to view what file(s) are downloaded.
raindance rob

im sorry but you cant just take someones word for something i mean sure BitThief claims that its for research but we only have their word for this i mean the internet is full of liers, fakes & cheats. eg lets say that i start up a website & make a program that claims to be the fastest torrent downloader on earth are u all gonna talk my word for it ?

also the fact that they didnt publish the above info should at least get alarm bells ringing. i mean why not publish this info if its genuine ? seems abit strange to me.

also the whole point in torrents is to share so by not uploading aint u just being selfish & just downloading what you want & not uploading so that over ppl can enjoy it also
fLuX

Even if it is as legitimate as they may claim, it seems a plague in the torrent society to “hit and run” or simply have a client that only downloads. Its called filesharing for a reason ya know. =/
Pingback: BitThief Spies on their Users « Susanwc’s Weblog
Sharing is caring

Start sharing you greedy bastards!
Odin

Oh, stop saying “start sharing”. It so idiotic…don’t you think the most people would like to share, but they can’t afford? I mean, how can I with 56k (I’m from Macedonia), how can I upload and download in the same time. It takes me ten min. to fully open my Yahoo mail, for heavens sake…how long do you think it takes me for torrents, hm?
I could swear to anyone on this world, I want to share…I share my books, my music, my movies with people, why wouldn’t I spend couple more minutes to upload something important to somebody, as much as something else is important to me?
Wihtout sharing, there were be no P2P. I appreciate the concept deeply.I want to share…I want to upload. But I CAN’T.
I do not like concept of revenge, but I would like all of you who sware and spit on those who can’t (not on those who don’t want, those we all hate) upload normaly, to be cursed for a week, with a download speed 1-3kb. I would see you then. Then you would sing a different song.
WEareNULL

I honestly believe that the only reason the information is sent to them is for academic reasons. I think they are trying to find out how effective they’re exploit’s are and are hoping to see that soon they no longer work.
jcidiot

@19/odin
i think dial up is symetrical… u can dl and upload at the same time. it’s just sharing a movie even with superseeding…might take a while :P
Frost

@Odin
Ya .. I agree .. I used to be on a 56k and know how bad it is. A person dloading at 56k is not a big leech and not a threat. But imagine the bigger guys, the ones who really use bit-thief are the ones with way more than 1 meg speed. Personally, I use a private tracker and try my best to make sure anyone who uses BitThief is banned. I’m not against BitThief. I am only against those fucking bastards who use it.
zOOz

Here are 2 ways to stop BitThief from spying on you:
http://limboinmetropolis.blogspot.com/2008/07/bitthief-how-low-can-we-go.html

TorrentFreak

The place where breaking news, BitTorrent and copyright collide

BitThief Spies on their Users

Related Posts

Previous Post | Next Post

NewsBits

Blu-ray Anti-Piracy Tech Stops Discs and Promotes Purchases

Foxtel Breeds Pirates by Locking Up Game of Thrones

UK Student Admits Breaching Sony Copyrights With Leak of PS3 SDK

Pirates Can Be Identified Despite Sharing IP Addresses, ISP Claims

Feds Seize Cash from Major Bitcoin Exchange’s Dwolla Account

MostDiscussed

Pirate Bay Takes Over Distribution of Censored 3D Printable Gun

McAfee Patents Technology to Detect and Block Pirated Content

Pirate Bay Finds Safe Haven in Iceland, Switches to .IS Domain

Game Pirates Whine About Piracy in Game Dev Simulator

Copyright Trolls Threaten to Call Neighbors of Accused Porn Pirates

CopyQuote

PopularArticles

VPN Services That Take Your Anonymity Seriously, 2013 Edition

Top 10 Most Popular Torrent Sites of 2013

Which VPN Service Providers Really Take Anonymity Seriously?

What’s The Best VPN / Proxy for BitTorrent?

BTGuard Review: How Does it Work?

Optimize Your BitTorrent Download Speed