By their very nature BitTorrent networks are very happy to spill the locations of any user in the swarm. After all, there’s data to be shared, and without knowing where to send it that can’t happen.
Despite this fairly common knowledge, even some experienced BitTorrent users can be a little surprised to learn that someone has been monitoring their activities. This was highlighted perfectly when a site called YouHaveDownloaded appeared in 2011 claiming to have gathered data on more than 51 million BitTorrent users sharing more than 103,000 torrents.
Although it generated considerable interest, YouHaveDownloaded stopped collecting data last year and is currently offline. However, we’ve now been made aware of another site offering a service that is just as scary.
ScanEye is a product of Polish company called Kalasoft Sp. z o.o. The company told TorrentFreak that it pulls torrents from two indexes – TorrentReactor and adult site NuTorrent – but where the .torrent files come from is largely irrelevant since they are available from many other sites too.
The main ScanEye system has been operating out of a Polish datacenter since November 2011. To date its operators say they have collected 430,000 torrents, that’s 400% more than the haul at YouHaveDownloaded. This figure is reportedly increasing by 1000 torrents every day.
In an attempt to blend in, the peers ScanEye uses masquerade as various torrent clients and are operated behind dynamic IP addresses in the three separate countries – Poland, Sweden and Romania. Despite these measures at least one peer was easy to spot – we were alerted to ScanEye by a reader who noticed some unusual activity in a BitTorrent swarm.
But while YouHaveDownloaded said their aim was to draw attention to the lack of anonymity on BitTorrent networks, the operators of ScanEye have a very different agenda. They are a piracy intelligence company gathering information on behalf of their customers.
For privacy reasons regular visitors can only see information on their own IP-address. Full addresses are only shared with parties who either own the content that was allegedly downloaded, or the IP-addresses that were “caught”.
“Copyright holders can view IP addresses of specific countries for very specific copyrighted content. For example, BMW AG can check who has downloaded ‘BMW DVD Navigation 2012′, but they can not see what else the IP has downloaded,” the company told TorrentFreak. “Network owners, for example Al Jouf University, Saudi Arabia, can view all shared content for its own network.”
But it is the public-facing service, the IP check, that is the same kind of product previously offered by YouHaveDownloaded. By visiting this page your current IP address will be matched against the databases held by ScanEye and a list of your downloads from the past few months should appear.
TorrentFreak carried out a few tests and as can be seen from the screenshot below, we got busted for downloading a VODO torrent.
Of course, users with dynamic IP addresses might find they get ‘busted’ for someone else’s downloads, or find that ScanEye reports they’ve never downloaded anything at all. Users who share an Internet connection with other file-sharers may very well get ‘busted’ for their behavior. Nothing much can be done about that, such is the nature of IP address evidence.