BitThief Spies on their Users
Written by Ernesto on January 16, 2007BitThief, the BitTorrent client that downloads torrents without uploading is spying on its users. Apparently the client is not only cheating on the BitTorrent community, it could also be a potential risk for the leechers that use the client.
The Java based BitTorrent client continuously sends user data to their server. Currently it collects the torrent hash, total size of the download, the current version of the client, total number of pieces available, and the size of these pieces. Since the data is posted on their server, it is possible to link all this info to the users’ IP-address.
The current version of BitThief comes with a property file contained in the bitThief.jar. The actual data is posted to http://dcg.ethz.ch/projects/bitthief/et.php every time a torrent starts or stops.
It is unknown why the developers decided to collect the data. It could be that they collect these statistics for academic use, but I guess the more paranoid people among us could easily come up with other, more evil, motives.
The curious thing is that this “feature” of BitThief in not documented. The client is spying on you without your consent. Whatever the real motives are, it is yet another reason not to use this client.
Update: The BitThief homepage was updated a couple of hours after we posted this article. It now lists the spy feature.
Previously: TorrentFreak 2.0
Next: Isohunt and Friends Taken Down by the MPAA
28 Responses
Pages: [1] 2 » Show All
Way to go for the cheaters ;)
PWNT!!!
PeerGuardian 2 Block Anybody?
Should have checked it before you post the initial topic, who knows how many ppl downloaded the thing.
[quote comment="40605"]Should have checked it before you post the initial topic, who knows how many ppl downloaded the thing.[/quote]
Here’s a quote from our first article on BitThief.
[quote]it is needless to say that this client will seriously hurt the performance of BitTorrent transfers, and I seriously hope that it will be banned and blocked wherever possible.[/quote]
It is documented
Note that, as it is a scientific project, we require measurements of the performance of our exploits. For that purpose, the client occasionally transmits data to our webserver. The transmitted data merely contains information about the time required to download files of any size. In particular, only a hash of the info hash is transmitted, which means that it is not feasible to determine what has actually been downloaded which is not of our concern. However, we advice all testers not to download any copyrighted material.
from http://dcg.ethz.ch/projects/bitthief/index.php
Thus, it means we are back to uTorrent and Azureus.Even BitComet was reported to be abusing the torrent network.
[quote comment="41103"]It is documented
[/quote]
They updated their website thanks to this article.
Try Google cache for the older version.
just add the 2 lines to your
C:\WINDOWS\system32\drivers\etc\hosts
file
127.0.0.1 dcg.ethz.ch
127.0.0.1 ethz.ch
and you’re clean!
PWNT
Why don’t you selfish greedy fucks that are posting how to fix the hosts file or saying you’re going back to azureus or whatever just do what we all do…..share you bastards!
On the BitTheif site it says:
If your host is behind a firewall, make sure it can receive incoming TCP connections on port 6811, as this will improve performance of BitThief significantly.
I’m guessing this is the incoming port. I have never used BitTheif, but somehow cant we configure our firewalls to block uploads on port 6811?
82.130.103.73 Traced IP Address to their server. blocking that should block the data upload sent to their server.
Listen up people. Stop thinking “me..me..me” and start thinking “how will the protocol survive ?
I initially thought this was just nefarious - but as usual in life if you RESEARCH the answer becomes clear ( well..at leat to me it does ! ). I’ll admit I was wrong initially and I’m not ashamed to admit it !
Ask yourselves the question - why was BitThief created (and documented publically) in the first place ? It’s a scientific/research based project so the developers “believe” their intentions are in the right place.
They’re addressing this primarily at those that develop/understand the underlying protocol.
They’re trying to point out to the aforementioned people (and anyone else who is interested) that from the Developers perspective there is an inherent weakness in the BT Protocol which NEEDS to be addressed.
Bottom line - ideally clients like this should never actually have been allowed to be created in the first place - the protocol should inhibit it. The fact that it was and it works demonstrates what they’re talking about.
Reading between the lines I think the BitThief creators love the protocol/what it does/gives to the World and WANT it to survive which is why this work was published.
It’s the Jedi talking NOT the Sith !! ;)
I might even allow a BitThief client or two in a swarm if I see one ! ;)
Sorry read the home page for the software http://dcg.ethz.ch/projects/bitthief/
They collect data from clients to data map how long it takes to download something without uploading.
They only collect the HASH which cannot be used to view what file(s) are downloaded.
im sorry but you cant just take someones word for something i mean sure BitThief claims that its for research but we only have their word for this i mean the internet is full of liers, fakes & cheats. eg lets say that i start up a website & make a program that claims to be the fastest torrent downloader on earth are u all gonna talk my word for it ?
also the fact that they didnt publish the above info should at least get alarm bells ringing. i mean why not publish this info if its genuine ? seems abit strange to me.
also the whole point in torrents is to share so by not uploading aint u just being selfish & just downloading what you want & not uploading so that over ppl can enjoy it also
Even if it is as legitimate as they may claim, it seems a plague in the torrent society to “hit and run” or simply have a client that only downloads. Its called filesharing for a reason ya know. =/
Start sharing you greedy bastards!
Oh, stop saying “start sharing”. It so idiotic…don’t you think the most people would like to share, but they can’t afford? I mean, how can I with 56k (I’m from Macedonia), how can I upload and download in the same time. It takes me ten min. to fully open my Yahoo mail, for heavens sake…how long do you think it takes me for torrents, hm?
I could swear to anyone on this world, I want to share…I share my books, my music, my movies with people, why wouldn’t I spend couple more minutes to upload something important to somebody, as much as something else is important to me?
Wihtout sharing, there were be no P2P. I appreciate the concept deeply.I want to share…I want to upload. But I CAN’T.
I do not like concept of revenge, but I would like all of you who sware and spit on those who can’t (not on those who don’t want, those we all hate) upload normaly, to be cursed for a week, with a download speed 1-3kb. I would see you then. Then you would sing a different song.
I honestly believe that the only reason the information is sent to them is for academic reasons. I think they are trying to find out how effective they’re exploit’s are and are hoping to see that soon they no longer work.
5 references to this post
Pages: [1] 2 » Show All
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.