IsoHunt Goes Secure, Adds SSL Encryption
Written by Ernesto on June 27, 2008ISPs and authorities increasingly use Deep Packet Inspection hardware to block access to BitTorrent sites, or spy on users’ browsing habits. To offer its users more privacy, isoHunt has now added SSL encryption, making it impossible for your ISP or the authorities to monitor your activities on the BitTorrent site.
Last week, The Pirate Bay announced that it will allow its users to browse the site securely, this in response to the new wiretapping law that was recently approved in Sweden. Long before this law was passed, another BitTorrent site, isoHunt, decided to offer their users a similar service.
One of the reasons for isoHunt to implement SSL encryption, however, was a recent block by the Dubai government. isoHunt founder Gary Fung told TorrentFreak: “We decided to implement SSL to avoid eavesdropping on search, to bypass slow proxies, and to get around blocks like in Dubai.”
Earlier this year, Dubai started to block access to several BitTorrent sites, including isoHunt. With SSL, however, the site can be reached again, without any problems. There seems to be quite a demand for secure browsing as according to a poll on isoHunt, more than 80% of the users indicated that they will browse the site on an encrypted connection from now on.
Not only is isoHunt now accessible via SSL, its sister site TorrentBox, and the TorrentBox forums can also be reached over an encrypted connection. In the weeks to come, the isoHunt team will monitor how many users are browsing over SSL.
“We’ll be evaluating how much extra load this places on our servers over the next few weeks, and if there’s a large outpouring of people preferring to browse isoHunt or TorrentBox securely, we’ll be investing in some dedicated hardware to handle the SSL connections.”
For now, SSL is a great, and much needed, solution to censoring ISPs. Dubai is not the only country that blocks BitTorrent sites. Turkey does the same, so does a Danish ISP, and earlier this year the Kuwait government ordered ISPs to block access to 20 BitTorrent sites.
Previously: Arrested OiNK Uploaders’ Bail to be Extended
Next: Malaysian Government Orders Torrent Sites Shutdown
49 Responses
what.cd did the same thing
tpb is about to add it as well
YESSSSS! The next step in our evolution and the only logical way to proceed with present governments all over the world caving in to big corporation / MAFIAA pressure, they started this escalation and they sure as hell are going to pay for it.
Encrypted P2P… welcome, make yourself at home!
Cheers!
Question: this is only for the site, not the tracker connections? That would be a good idea, if practical.
I noticed today that torrentbox added SSL. I must applaud everyone at sites that offer encryption for anything – encryption is great :)
The 80% figure isn’t really accurate as only a small portion of users have voted thus far. In reality many of the sites visitors will probably not even vote in that poll.
I have been running a similar poll for 2 weeks now – these are the current response stats:
How important is a secure (SSL) (https) login for you on websites and irc?
I guess it is handy on some occasions. 39%
Very, I must have one! 32%
It does not really concern me at all. 19%
What is that? 10%
Votes: 1,122
Well, as far as i have understood SSL it encrypts the traffic coming from the client with a provided async-key from the server and vice versa.
if you want to block a website the only thing you have to do is to blacklist the ip you want to be blocked. meaning as far as not blocking isohunt goes, this would not be a very effective countermeasure.
as far as content goes: SSL does encrypt the content, still an “eavesdropper” would see the URL you request. And since isohunt can be accessed by everyone the information can be restored by browsing the same URLs as the person you want to surveil.
same problem for search: isohunt uses the GET-Method that basicaly appends your search-term in the URL. The content would be save if they were using the POST-metho, but here we have the same problem as with the content, since the URL can be seen by anyone even when using SSL and therefore the content or the searchterm can be restored.
Sure thing it will work to overcome proxys that block the download of .torrent-files, but the other three cases are AFAIK not very effective counter-measures.
just gotta do
https://www.isohunt.com
notice the “s” for SECURE
well, well done.
https://isohunt.com/torrents/?ihq=test
notice the “?ihp=test” in the URL? test is my searchterm, and as said before URLs are still seen even when the connection is encrypted via SSL.
@6 So is this really worth the bother?
It costs money to by cert’s and if they buy more servers that ups the cost even further! And for what purpose?
Debate…
the people in crazy countries should add the sufu rss feed so they can direct download .torrent files without visiting any websites ;)
http://superfundo.org
http://feeds.feedburner.com/superfundo-torrents?format=xml
@20 well in general SSL is very usefull, for example if you need to login to view a page it would help to protect the content, since the URL would not help an attacker.
as soon i have to enter some sensitive information i look for a SSL connection, but in this case i dont see the reason to implement it. but the guys at isohunt are smart, there is probably a good reason for it, still i cant see it at the moment.
If you clicked any of those links, and your not running Kaspersky, you’ve been infected with a trojan.
@54,
bullsh!t, I’ve clicked on them, they are not trojans, just a funny video site. You’re just paranoid.
/Br!t0n
@56, haha lol is that you?
Now we just need search engines created for Firefox to search these secure sites. Currently the ones available are the unsecured websites.
“If you clicked any of those links, and your not running Kaspersky, you’ve been infected with a trojan.”
Also detected by ESET, update your AV and do an immediate scan.
I clicked one, Firefox prompted me to download the file, which I did. I then saw that it was a .COM file and deleted it. It never ran so it never had a chance to infect my system.
Hannes you’re full of shit.
SSL isn’t “aware” of HTTP as its an underlying layer that any upper protocol such as HTTP can ride upon.
The SSL session begins first before the HTTP GET request ever happens, so tell me how one can “Sniff your URL” if everything is encrypted after the initial SSL handshake?
I suggest you read up on SSL and how it actually works before spouting bullshit.
Now, if they wanted to know what TLD’s you visit they can easily do this by sniffing your DNS requests, but again that will only give them the TLD.
Someone please get rid of the comment with the virus link…
Yeh liked the service at ISOhunt but i’ve been put off them for sometime now due to there innacurate and hefty spam content.
how does one enable ssl? is it just browser or does it have to be in the torrent program also?
I hate Bell because they throttle everything now, even xbox live! stupid jackholes.
btw piratebay also has its tls/ssl active now =)
https://thepiratebay.org/
Cert Summary:
Holder: thepiratebay.org, thepiratebay.org
Issuer: Equifax Secure Global eBusiness CA-1, Equifax Secure Inc.
Expires: 26/06/09 01:41:00 PM GMT
Encryption Protocol: TLS v1.0 256 bit AES (1024 bit RSA/SHA)
Ernesto … doe dit eens lezen … http://www.spitsnieuws.nl/archives/tech/2008/06/downloaden_toch_illegaal.html
I don’t know, as far as I can remember, that was called “impossible to crack” encryption wise (at least theoretically)….does anyone know why they are doing it if SSL is immune to all DPI/hacking? I would guess that it means there are weaknesses to SSL (which on wikipedia, they did point out a few on SSL v2, but not SSL v3….), if so, then ernesto, please, don’t tell everyone here that SSL is some miracle non-decryptable/DPI’ed/some other method. If not, then nvm, I don’t really have a clue personally…..just trying to use logic.
There’s no such things as unbreakable encryption . but to do that you will need time and that is something DPI don’t have.
a simple logic . a super computer can decrypt one packet encrypted in 16 bit in less than 5 minute . in here we are talking on one packet but on ISP level we are looking at thousand to millions packet .
now you understand just try use your brain
You can all ready access tpb via https.
https://thepiratebay.org
client connects to $hostip, requests SSL handshake
$hostip responds with certificate, SSL connection is established
client performs GET on $hostip, which may or may not be a request to a vhost AFTER the SSL connection is setup and secure
Basically, the idea is that they can see that you’re connecting (in this case) via port 443 to 208.71.112.30 (isohunt.com), but they can’t see what you’re looking at/for without attempting to break a 1024-bit connection. So, https://isohunt.com/torrents/test (a search) would in fact only show that there’s a connection *to* isohunt, but not what’s being searched for, since none of the communication is ‘in the clear.’
“ISPs and authorities increasingly use Deep Packet Inspection hardware to block access to BitTorrent sites, or spy on users’ browsing habits. To offer its users more privacy, isoHunt has now added SSL encryption, making it impossible for your ISP or the authorities to monitor your activities on the BitTorrent site.”
as if anyone’s been done for browsing a torrent website. they can still join the swarm, find your IP, go to your ISP and issue you a DMCA.
this is basically ridiculous tinfoil hattery.
Or they can bypass the cost and go with a free certificate authority like cacert.org
torrentfreak is for n0bs
anyone else having trouble accessing superfundo.org?
according to their backup domain, superfundo.co.cc, it’s been shut down…noooooooooooooooooooooooooooooooooooo!!!
SceneTorrents.org is using SSL encryption too!
Comment 17’s link is a bloody trojan!! DO NOT CLICK. I clicked on link, firefox asked me to download a .com file, i obviously cancelled, but AVG still came up and moved it to the vault. if you’ve clicked the link run a virus scan now!
Use only there SSL URL, think of it as protection if that makes you use it.. lol.
Yup, no doubt about it. SSL totally ROCKS. All sites should have an SSL cert.
http://www.Ultimate-Anonymity.com
constant banning of ip making uploading torrent difficult
mininova are heavily moderator by lazy fat jerk who has too much free time screw them all. i hope mininova.com goes down.
one of the worst site IMHO
they think they can be an ass and get away with it.
rofl at secure public trackers…
“this is basically ridiculous tinfoil hattery.”
True, but a good start is still a good start, is it not?
i read it here http://tinyurl.com/3pz7t2
https://feedthe.net is also using encryption to hide their criminal activities
this blanket blocking of sites seems to be a creeping death. Yet if the encryption helps then good. But what does it matter if search terms can still be seen or users’ IPs can be traced? I thought uploading was the issue. Even uploading a torrent doesn’t prove distribution. Intent is not enough. As far as monitoring seeders goes, it must be done independently and not by cartel interests, as they are obviously biased, self-interested, and proven liars and criminals. Proxies need to be anonymous or something
@40 That’s good. It must be effective then
VIRUS WARNING IS TRUE????????????
scroogle offers SSL anonymous search engines. now i understand why.
It is interesting that “search terms” seem to be the most valuable bits of information used to track an individual.
I am guess it is much more difficult to process actual data that people download.
ANOTHER STEP IN THE ARMS RACE! MUAHAHAHA
100% security = cancel your internet
should i care about security? for me not really but it does help some of the people are scared out there. if they want to know what i am doing then fine with me because no matter what i do somebody is watching. most security out there for the everyday consumer is out of date by a few years. it is just a way for the companies to make money by releasing stuff part by part. do you really think the everyday consumer gets to use the security that the governments use? no we don’t. but hey i could be wrong but who cares.
To Hannes,
Once the site is on https. The url can only be seen by you. No matter the method of pushing the data.
so its impossible my ISP to track me
great news…
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.