IP Harvesting: Filesharers Guilty Until Proven Innocent

Written by Ernesto on February 07, 2007 

Research on the behavior of fake RIAA and MPAA trackers shows that these organizations have no proof that you actually tried to share infringing content. Even worse, it is extremely easy for someone to make it look like you shared an infringing file, even if you’ve never used a filesharing application.

fake bittorrent trackers mpaa riaaInspired by our previous posts on fake BitTorrent trackers, Ben Maurer decided to take a good look at the behavior of these trackers. For this research he used a BitTorrent client, and started to connect to fake torrents. The torrents were hosted by BayTSP, a company that collects IP addresses for several anti-piracy organizations.

The findings are quite shocking, but at the same time good news for filesharers who receive DMCA notices from their ISP. Ben found what some of us already expected. BayTSP only records who connects to the tracker, and has no proof that the alleged pirates actually tried to download infringing content. BayTSP merely collects IP addresses and forwards them to anti-piracy organizations. The anti-piracy then send a letter to your ISP, accusing you of sharing copyrighted material.

The really scary thing about this is that it is extremely easy for other people to make you receive a DMCA notice from your ISP, and possibly get disconnected if that happens more than once. As Ben points out, one way to make someone connect to a fake tracker (don’t try this at home) is by letting them click on a link like this:

http://tracker.com:12345/announce?info_hash=579CC43E4D6.

Their IP will then be recorded by the fake tracker, and they will probably receive an infringement notice soon after that. Even if they’ve never heard of BitTorrent at all! Another way to set someone up is by using “peer exchange“. All you have to do is enter someone else’s address, and the fake tracker will record it.

All this is actually good news for people who receive these DMCA notices. As Ben points out in his post: “If your ISP forwards a DMCA notice from these guys, point them here. This research suggests that they have no evidence of wrong-doing. If ISPs learn that the folks sending them DMCA notices are not being completely honest, they may be willing to reconsider their position about how they respond to the notices.”

If you don't like torrents try MP3 Fiesta. They hold nearly 67,000 albums from nearly 17,000 artists. Prices are around the $0.10 mark for single tracks with full albums coming in at roughly $1.00. Tracks are available from 192kbps and they take major credit cards and PayPal

Previously: Create Torrents out of YouTube Videos

Next: Drag-and-Drop Torrent Creation on the Mac

28 Responses (Add yours or TrackBack)

1 Feb 07, 2007 at 21:39 by jasperwillem

Great News

2 Feb 08, 2007 at 00:20 by paperslug

Great News. Thanks for this

3 Feb 08, 2007 at 00:47 by Alex

I wonder what exactly they’re recording. It shouldn’t be hard to create a program that spoofs IP addresses and then initiates fake conversations with these honey pot torrent servers. Not a DoS attack, but enough to make their logs pretty much useless.

4 Feb 08, 2007 at 02:27 by Ben Maurer

I’d love to see solutions that try to corrupt the logs of these folks. For example, with the cooperation of torrent indexers, fake torrents could be generated for the crawlers of these folks, etc.

We could also put lots of people doing fake conversations on real torrents, however, this could degrade performance for legitimate illegal users ;-)

5 Feb 08, 2007 at 05:19 by trat for

This will all end with crying.
http://www.tratfor.com

6 Feb 08, 2007 at 05:28 by Richard

This article is pure baloney. The author doesn’t have ANY knowledge or experience on this topic. Not as someone who works for anti-piracy organization, not as someone who works for an ISP, and not even as someone who knows the law.

What is described here does not take place in reality. IPs are not collected for simple connections.

Just as a reference, look up the procedures for sending out take down notices, they are clearly set forward in the DMCA text. Copyrighted material that was infringed on must be specified, and this article wants to make you believe the opposite.

7 Feb 08, 2007 at 09:13 by Shine

See this…. Looks Awesome…http://enginepuller.com/

8 Feb 08, 2007 at 09:32 by guenthar

They would have specific files you tried to download since each ip address would be connected to a specific torrent which would be named the same as a copyrighted file. They would then take your ip address and the name of the copyrighted material you tried to download and send a letter. (even if you were tricked or someone else put your ip address in peer exchange.

9 Feb 08, 2007 at 13:38 by kdsde

@Richard #6

What part of

“For my investigation, I wrote a very simple BitTorrent client. My client sent a request to the tracker, and generally acted like a normal Bittorrent client up to sharing files. The client refused to accept downloads of, or upload copyrighted content. It obeyed the law.
[...]Because the university’s information security office is very diligent about processing DMCA notices, I would be able to tell if the BayTSP folks sent notices based on this. With just this, completely legal, BitTorrent client, I was able to get notices from BayTSP.”

haven’t you understand?

I read from it, that he did get notices from those guys without doing actually any illegal sharing!
Or to put it in laymans words: BayTSP is a company that LIES!

10 Feb 08, 2007 at 14:20 by Mark

I think judges simply do math. Should they let 99% of all criminals get away with a crime or convict them and have 1% who are not guilty convictet. Judges decide for the second method, simply because a proof in court is not the same as an exact mathematical proof.

11 Feb 08, 2007 at 15:21 by heavybags

even the article here is misleading…

“Inspired by our previous posts on fake BitTorrent trackers, Ben Maurer decided to take a good look at the behavior of these trackers. ”

mr. maurer’s blog does not take a look at the behavior of the fake trackers. it only deals with a company like baytsp that sends out dmca complaints. he doesn’t mention using a fake tracker at all.

the fake trackers are used to frustrate people with torrents that never complete. it’s much like the fakes that infest kazaa and the like.

his whole article is flawed because of a lack of information and proof. where is the source for this ‘client’ that he coded? which tracker was the file being tracked by? where is a copy of the dmca letter (with personal info blacked out)?

“I believe that ISPs should require that any peer-to-peer related DMCA notice include a statement regarding exactly what evidence of sharing was found.”

obviously he didn’t receive a real dmca notice, which would have included that information. baytsp notices include the infringing information, including the name of the infringing work, the filesize, the network used.

12 Feb 08, 2007 at 17:32 by Ben Maurer

[quote comment="47055"]
“I believe that ISPs should require that any peer-to-peer related DMCA notice include a statement regarding exactly what evidence of sharing was found.”

obviously he didn’t receive a real dmca notice, which would have included that information. baytsp notices include the infringing information, including the name of the infringing work, the filesize, the network used.[/quote]

They do include this, however it’s not enough. Anybody can *say* they saw Foo on your computer. They need to post data that the ISP can verify. For example:

- Computer Bar uploaded bytes N-M of file Foo to our computer ZZZ between times A and B which have a SHA1 of X. (This shows that they did in fact take the effort to get an upload — also the ISP can verify that Bar communicated blah bytes to ZZZ between times A and B)

I’m reluctant to share the information in my DMCA notice because much of it could be used to track my computer.

13 Feb 08, 2007 at 19:24 by Arqentus

Here is what they send you ( a nice example from a mate of mine who was so stupid to download Quake 3. Yes! Even Quake3 what isent anymore in shops, still seems to get monitored. In case you are wondering, the one’s on mininova are tracked ).

Title: Quake
> Infringement Source: BitTorrent
> Infringement Timestamp: 27 Jan 2007 17:02:53 GMT
> Infringement Last Documented: 27 Jan 2007 17:02:53 GMT
> Infringer Username:
> Infringing Filename: quake3
> Infringing Filesize: 482674606
> Infringer IP Address: xxxx
> Infringer DNS Name: xxxx
> Infringing URL: http://www.torrent-downloads.to:2710/announce

14 Feb 09, 2007 at 02:49 by Killswitch

I have checked some of the tracker address from Fenopy through WhoIs, and some really do not seem to me to be fake.

One site on the list, http://bitseeker.sixth.biz was reported as a fake tracker, but the owner of the site also owns a IP Proxy website, changeip.com.

if you whois.net sixth.biz you can get the owners phone number, he lives in California. Someone call him and ask about it :p

There is a tracker listed with the domain root of jkub.com, and their whois information is private, which leads me to believe that this is a fake (its registered with Network Solutions).

15 Feb 10, 2007 at 13:21 by Colin

by letting them click on a link like this:
http://tracker.com:12345/announce?info_hash=579CC43E4D6.

Or even without clicking on a link:
[img width="1" height="1" style="visiblity: hidden" src="http://tracker.com:12345/announce..."]
(change [ and ] to html tags).

16 Apr 26, 2008 at 02:30 by friend

I received a notice from my isp telling me what programs i downloaded and even what time they completed downloading. 2 torrents i had finished closely together and 3 days later i got the notice saying my internet service would be turned off in 7 business days if i did not call to explain my actions. the letter cited some part of their contract i supposedly signed when i signed up for their service. all i have to say is *WOW*

Add your response

It takes approximately 1 minute for your comment to appear on TorrentFreak after it's posted.