BitTorrent Encryption Confuses the BPI, ISPs and Journalists Who Don’t Research
Written by Ernesto on November 09, 2007A recently published article by The Register claims that an increase in encrypted BitTorrent traffic is due to the fact that people want to hide or scramble the files they are sharing. Apparently some tech journalists, and in particular the anti-piracy organizations, have no clue what BitTorrent encryption actually does.
Encrypted BitTorrent traffic now accounts for 40% of all BitTorrent traffic in the UK according to the article. The Register claims that filesharers use encryption to scramble their data so they can protect themselves from being caught, and the comments from a music industry representative make it seem like people can indeed hide what they are sharing. Unfortunately, none of it is true
This is what Matt Phillips, of the record industry trade association the British Phonographic Institute told the Register: “Our internet investigations team, internet service providers and the police are well aware of encryption technology: it’s been around for a long time and is commonplace in other areas of internet crime. It should come as no surprise that if people think they can hide illegal activity they will attempt to.”
So if it’s not hiding anything, why do people use BitTorrent encryption then?
I’ll try to explain it once more to the BPI, IFPI and RIAA and some tech journalists, just so they don’t embarrass themselves again in the future. BitTorrent encryption has nothing to do with hiding the data you’re sharing, it only hides the fact that you’re using BitTorrent to do so.
Encryption was designed to prevent ISPs from throttling BitTorrent traffic, which they started doing approximately 2 years ago. ISPs use so called traffic shaping devices to identify and slow down BitTorrent traffic because it takes up a lot of bandwidth (read: costs a lot of money). BitTorrent encryption, which is now supported by all the popular BitTorrent clients, hides the protocol header. As a result, these devices can’t detect that someone is using BitTorrent and you can download at full speed.
So, encryption does not hide the actual data people are sharing, everyone can still connect to a BitTorrent swarm, record your IP-address, and send you an infringement notice.
Now back to the claim that 40% of the BitTorrent traffic is encrypted in the UK. My first question would be, how do they know that it’s BitTorrent traffic if it’s encrypted? Apart from that I think 40% is a little too high, unless the ISP that reported the data is throttling BitTorrent traffic of course. We’ve been tracking the number of people who actually use encryption and it is currently slightly below 10%. It could be of course that these people are responsible for 40% of the traffic, but I seriously doubt that.
Bottom line is, anti-piracy organizations should take some time to read up on what filesharing actually is before they are going to accuse people of something, but I guess that’s wishful thinking.
Previously: Prosecutor Announces Charges Against The Pirate Bay
Next: Demonoid Shuts Down Again
74 Responses (Add yours or TrackBack)
Seeing as privacy appears to be a major concern as of late - Would it not be in the interests for someone to design some sort of protocol ie a new version of Bittorrent which doesn’t expose your IP or anything about yourself?
You can’t expect them to have any knowledge of the technology of sharing, especially when they think it’s so evil.
OMGZ, TEH PIRATEZ R COMIN 2 TAK MAH DOLLARZ, LETZ MAK UOP FAK STATZ, YO
balls in a hat
Irony is that people reading this probably already have a fairly good idea about how bittorrent and encryption works….it’s the rest of the population that doesn’t
In case you didn’t know, if BT traffic is encrypted or not, it’s so easy to spot on a network. BT traffic has a very predictable connection flow even if its encrypted. Go head do some testing of your own, youll find out it’s so easy to spot.
Bottom line is, anti-piracy organizations talk crap and have little-to-no effect on file sharing
my isp is know blocking/throttling encrypted torrents as well… so, we better come up with new ways to bypass it. :(
[quote comment="207198"]Seeing as privacy appears to be a major concern as of late - Would it not be in the interests for someone to design some sort of protocol ie a new version of Bittorrent which doesn’t expose your IP or anything about yourself?[/quote]
The idea is ridiculous. All Internet Protocols rely on a sender and recipient of the data. It is the fundamental basis behind all Internet Communications. It is simply impossible to not have an IP address associated with your communications. That is why there is big buisness in VPN/SSH Tunnels, Proxies, etc. which allow you to mask your IP address as someone elses.
The MPAA and the like may be sharks and bastards, but they are right about one thing - it is very difficult to be truly anonymous online.
The internet was not made for anonymity, which is why there is demand for networks like Tor which don’t function like the internet. Friend to Friend, not Peer to Peer is the only way so far to stay anonymous.
Anti-p2p and other organizations are idiots. They try to talk smart and use scare tactics to win, but they know they never will. ;)
Impossible to some, a reality to others, completely anonymous bittorent (among other services) has been around for quite some time now: http://www.i2p.net/
And yeah, it doesn’t use IP addresses at all. Even in it’s current ongoing development stage there is no way in hell those incompetent anti-filesharing organizations are going to keep track of that.
Or… you could stop wasting your money and get a decent provider instead. :P
[quote comment="207238"]my isp is know blocking/throttling encrypted torrents as well… so, we better come up with new ways to bypass it. :([/quote]
Or… you could stop wasting your money and get a decent provider instead.
(sorry about the double post, I screwed up quoting the first time)
#12/13: Not everyone has that option, particularly in rural areas.
I think that the 10% that encrypt could easily make up 20-30% of the traffic…people who know how and why to encrypt tend to be people who use BT a lot…40 still seems high though
[quote comment="207211"]In case you didn’t know, if BT traffic is encrypted or not, it’s so easy to spot on a network. BT traffic has a very predictable connection flow even if its encrypted. Go head do some testing of your own, youll find out it’s so easy to spot.[/quote]
i am big on network patterns
tell me how you differentiate encrypted bittorrent from Skype traffic?
40% of all torrent traffic being encrypted may be slightly more reasonable if the unencrypted traffic is in fact throttled by the ISPs and the encrypted is not.
They should visit this site to get some info about torrent, ’cause they know shit and keep making fake statements.
Talk about embarrassing yourself!
Encryption was NOT designed to avoid ISP throttling. It was around long before torrents and designed, well, to encrypt traffic of any kind not just torrents.
Encryption does NOT “hide” the protocol header, it encrypts all your traffic.
Hardly surprising this FUD comes from the United Kingdom. In the UK, they can put you into jail if you don’t give them your passwords and encryption keys as soon as the police requests them. If you actually CANNOT hand them out because they are destroyed or you never had them in the first place, bad luck for you. It is quite obvious that Big Brother wants to outlaw encryption for the common people. Fellow citizens don’t have secrets, right?
[quote comment="207199"]You can’t expect them to have any knowledge of the technology of sharing, especially when they think it’s so evil.
OMGZ, TEH PIRATEZ R COMIN 2 TAK MAH DOLLARZ, LETZ MAK UOP FAK STATZ, YO[/quote]
Best comment ever.
[quote comment="207273"]And yeah, it doesn’t use IP addresses at all.[/quote]Ofcourse it does. But it routes the data through a chain of proxies to hide the source ip.
Don’t try to be smart when you don’t know the fundamental facts of the net.
>>1 and >>8
Something like this is not impossible. It’s just a matter of practicality.
It is currently technically possible by using TOR, although we have all seen that it isn’t very practical.
A TOR-like network dedicated to Bittorrent traffic only with tit-for-tat mutual proxying would be interesting to try. My ‘back of envelope’ calculations say it would work at the cost of approximately half of the bandwidth both incoming and outgoing for each peer… which wouldn’t be too bad at all.
There’s also freenet, which is pretty anonymous, but not very scalable.
With internet connections getting faster and faster, we get closer and closer to an anonymous yet practical solution.
[quote comment="207414"]Talk about embarrassing yourself!
Encryption was NOT designed to avoid ISP throttling. It was around long before torrents and designed, well, to encrypt traffic of any kind not just torrents.
Encryption does NOT “hide” the protocol header, it encrypts all your traffic.[/quote]
The obvious is lost on you. Encryption in this context refers to the encryption extension of the bittorrent protocol. Here’s the infos, http://www.azureuswiki.com/index.php/Message_Stream_Encryption
And, btw, it does hide the bittorrent protocol headers. Those are the headers being referred to, not tcp/ip protocol headers, which encryption in the application-layer never hides anyway, eg https.
dsazl. ; ‘;lxc] gm;’
xg ]’pxfg]zn k;l]z”O
ON the three torrents I’m currently running at the moment. I have encrypted peers on 3 of 20 (15%),
5 of 15 (33%) and 8 of 20 (40%).
The last one is Fedora 8 which has a high percentage of US peers.
demonoid.com: The CRIA threatened the company renting the servers to us, and because of this it is not possible to keep the site online. Sorry for the inconvenience and thanks for your understanding.
I encrypt my traffic now even though I’ve moved residences and my new provider doesn’t throttle. I figure if I start out with encryption then they won’t get the idea in their head that they can throttle traffic in the first place (unless they decide to throttle all of it :-O)
Also: #2 best comment ever; #19 worst
YES IT’S TRUE…
DEMONOID IS GONE AGAIN!
I’m surprised you’re surprised about the lack of accuracy of newsagencies. Whenever I stumble upon an article related to a topic I know a bit about more often than not it is full of mistakes. This always makes me wonder what kind of misinformation all the other sections contain.
“I’ll try to explain it once more to the BPI, IFPI and RIAA and some tech journalists, just so they don’t embarrass themselves again in the future. BitTorrent encryption has nothing to do with hiding the data you’re sharing, it only hides the fact that you’re using BitTorrent to do so.”
And I will explain to you that there is no such thing as encrypted BT traffic without a user deciding to enable it.
Something the vast majority of them decided to do based on a belief it would hide what they were sharing.
So the police, explaining that this won’t achieve this protection, are entirely correct.
Have you never heard of PeerGuardian?
The % of BT users who believe, employ and recommend BS useless countermeasures based entirely on misconceived notions of how protocols and networks work is rather high.
[quote comment="207442"][quote comment="207273"]And yeah, it doesn’t use IP addresses at all.[/quote]Ofcourse it does. But it routes the data through a chain of proxies to hide the source ip.
Don’t try to be smart when you don’t know the fundamental facts of the net.[/quote]
Actually I2P doesn’t and no it’s not proxying “to hide the source ip” either.
You obviously haven’t bothered to look into it at all, how’s that for “trying to be smart”?
[quote comment="207678"]
Actually I2P doesn’t and no it’s not proxying “to hide the source ip” either.
You obviously haven’t bothered to look into it at all, how’s that for “trying to be smart”?[/quote]
Actually it’s a layer on top of IP. This means there are still IP addresses being passed between individual clients and local router points and any external access points (such as HTTP proxies etc) with the outside internet.
To be fair, I2P is one of the more promising ideas I’ve seen. The main problem lies in scalability of throughput.
I’ve enabled it for two reasons:
1. there’s no reason with nowadays CPUs use encrypted connections. Everytime you don’t encrypt anything, you give the ISP the chance to sniff it which means sooner or later some politician will order them to sniff it. If everybody encrypts, ISPs have a good chance to say: We can’t do shit about it, it’s all encrypted. The only thing THEY can then do is to make encryption illegal. However that’s not only dumb, such laws might actually make people wake up. Maybe.
2. My ISP plays fair but the other one’s might not. Both sides have to enable encryption in order to make it work. Thus, everybody should enable it and show his solidarity with the poor suckers in the land of the free. Just have a look at your traffic, you can easily see the forged TCP-RST floods from Comcasters.
Sorry, the first point was meant to read:
“there’s no reason [...] to NOT encrypt your connections”
If you set your client to ignore unencrypted peers, wouldn’t you be blocking out a lot of the bad peers (MD, MPAA, etc.) that would need to see connect to you in order to see your IP?
dunson, have you read the article? BitTorrent encryption does not hide your IP address. There’s no reason for bad parties to avoid encryption. Encryption has nothing to do with avoidance of MPAA or whoever. Its sole purpose is to make it more difficult to identify the BitTorrent protocol.
Of course I read the article. My question is basically, do bad peers trying to snatch your IP address have to be unencrypted? If they cannot encrypt their traffic, then ignoring them would give another measure of protection.
No. Also MD and others simply use modified “standard” sofware, so you can’t be ahead of them because they use the same. This encryption takes very little CPU nowadays, so it isn’t really an issue. You should only avoid unencrypted connections if you are sure that your ISP messes with them.
WTH is with posting?
Tried last night, more than once and tried again, my post wont go through at all.
There’s a few things wrong with this article though, especially the blind faith that an ISP cannot detect encrypted torrent traffic. There’s at least 2 easy ways to identify it 100%.
You shouldn’t be so quick to point out flaws in others articles unless yours is bulletproof.
“My first question would be, how do they know that it’s BitTorrent traffic if it’s encrypted? ”
“the number of people who actually use encryption and it is currently slightly below 10%”
wtf, so how do *you* know?
I beg to differ with you. I dislike the fact that you assume this is a voluntary migration to encrypted traffic. Has anyone figured the percentage of bitorrent clients that come with encryption enabled verses how much of the population is using each of these clients. Bet you it’s around 40%.
HAX.
BT protocol encryption isn’t working anymore. My ISP successfully throttles my bitTorrent traffic even when I force PE and refuse legacy connections. The same is true for other people using my ISP, as well as other ISP’s in the UK
For all the noise on here about not being able to hide who you are because of IP this and IP that might want to check up on MUTE: http://mute-net.sourceforge.net/
They got it wrong on purpose to discredit file sharers in the eyes of the general public. They hire experts.
yes, mute, the project that requires a donation to download the file thats hosted on sourceforge[1] and makes lots of assumptions about make/gnu make.
1. http://sourceforge.net/projects/mute-net/
not to mention the author admits he is no longer interested in the project.
#45 - dan is right. Everyone needs to switch to Mute.
It does need further development [read more features & better searching] but if everyone went there we would be much better off.
#46 - no, it doesn’t, if you go to the sourceforge page first, no donation required.
#47 - Ugh, I didn’t know that. But maybe someone else could take over code development?
[quote comment="207714"]
Actually it’s a layer on top of IP. This means there are still IP addresses being passed between individual clients and local router points and any external access points (such as HTTP proxies etc) with the outside internet.
To be fair, I2P is one of the more promising ideas I’ve seen. The main problem lies in scalability of throughput.[/quote]
I guess we can argue about the semantics until the cows come home, the bottom line is that i2p does not use ip addresses to comunicate between the endpoints.
The ip addresses of the other nodes running i2p in the network are completely meaningless. At best they show that you’re actually running i2p.
Promising indeed, if this takes off the M.A.F.I.A.A will be completely dead in the water.
mute, lol even the download page is a scam - good luck with that, haha.
“Go head do some testing of your own, youll find out it’s so easy to spot”
For a human yes but for a software it is another story.
“mute, lol even the download page is a scam - good luck with that, haha.”
Are you kiding?
Mute work great! Just not very popular yet. Still you can download tons of stuff with mute.
OVer was you can use any P2p application anonymously including BT via Thor.
Just try it!
Beside mute there is a lso ant and Winny still going.
Looks to me like they are trying to deter people from using encryption, because after all that technology has been around for years. I think they are scared that they truly are losing control with the encryption described here, it is useful and more people should be using it.
i think its more that they KNOW what they have said isnt true and its a way to make everyone that does know about BT think the retards dont know sh!t and they have nothing 2 worry about drop ur guard a lil and make it easier on them
what we need is a client that uses your IP address as a internal ip and then transmits with a fake one over the net (not sure if thats at all possible or not i havent really looked into it but i just thought it then)
anyway let me know what yas think
[quote comment="209091"]what we need is a client that uses your IP address as a internal ip and then transmits with a fake one over the net (not sure if thats at all possible or not i havent really looked into it but i just thought it then)
anyway let me know what yas think[/quote]
You can’t use a fake IP.
Your messages would reach the other end just fine, but you would get nothing back because return messages would be going to the wrong place.
You can use proxies, onion routing and various other tricks to hide your IP, but you can’t just enter the net with a fake one.
be silly making this topic uh cos now they know what encryption is derrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
bit*
[quote comment="207198"]Seeing as privacy appears to be a major concern as of late - Would it not be in the interests for someone to design some sort of protocol ie a new version of Bittorrent which doesn’t expose your IP or anything about yourself?[/quote]
ummm… how would the seed computers know where to send the packets if they didn’t have your IP?
that’s is a pretty dumb question.
is that a real Dummies book on BitTorrent?! goodness.
[quote comment="207781"]Thus, everybody should enable it and show his solidarity with the poor suckers in the land of the free. Just have a look at your traffic, you can easily see the forged TCP-RST floods from Comcasters.[/quote]
/signed
Seriously, if it doesn’t come auto-enabled, just click on R4 encrypt. It won’t hurt, we promise.
disadvantages of encryption: none.
moo.
denotation,cashing inkings:innards grumbles … Thanks!!!
became revoker arouse Middlebury raincoat Claudio
bassinet:Hitchcock transporter silenced bushwhacking.baroness gruesome
i just don’t understand why does this have to be encrypted!!! i downloaded hundreds of films and music! i talked to a friend from uk and he jost told me that in uk, france, and other countries you can’t download this stuff.
also i see that in uk ODC hubs users bont’t have so many films and music.
WHY IS THAT
delegated transportation amortizes burglarproofing disarms?fumbled odors Nigerian.
synopsis!enforcement submit!measurable raggedly dim Hopkinsian
professionally?secrete racked Dorado swum!retrieving swinger miniatures
cellists mislead Astaires doom Moravianizeds!.
1 references to this post
Add your response