IsoHunt Goes Secure, Adds SSL Encryption
Written by Ernesto on June 27, 2008ISPs and authorities increasingly use Deep Packet Inspection hardware to block access to BitTorrent sites, or spy on users’ browsing habits. To offer its users more privacy, isoHunt has now added SSL encryption, making it impossible for your ISP or the authorities to monitor your activities on the BitTorrent site.
Last week, The Pirate Bay announced that it will allow its users to browse the site securely, this in response to the new wiretapping law that was recently approved in Sweden. Long before this law was passed, another BitTorrent site, isoHunt, decided to offer their users a similar service.
One of the reasons for isoHunt to implement SSL encryption, however, was a recent block by the Dubai government. isoHunt founder Gary Fung told TorrentFreak: “We decided to implement SSL to avoid eavesdropping on search, to bypass slow proxies, and to get around blocks like in Dubai.”
Earlier this year, Dubai started to block access to several BitTorrent sites, including isoHunt. With SSL, however, the site can be reached again, without any problems. There seems to be quite a demand for secure browsing as according to a poll on isoHunt, more than 80% of the users indicated that they will browse the site on an encrypted connection from now on.
Not only is isoHunt now accessible via SSL, its sister site TorrentBox, and the TorrentBox forums can also be reached over an encrypted connection. In the weeks to come, the isoHunt team will monitor how many users are browsing over SSL.
“We’ll be evaluating how much extra load this places on our servers over the next few weeks, and if there’s a large outpouring of people preferring to browse isoHunt or TorrentBox securely, we’ll be investing in some dedicated hardware to handle the SSL connections.”
For now, SSL is a great, and much needed, solution to censoring ISPs. Dubai is not the only country that blocks BitTorrent sites. Turkey does the same, so does a Danish ISP, and earlier this year the Kuwait government ordered ISPs to block access to 20 BitTorrent sites.
Previously: Arrested OiNK Uploaders’ Bail to be Extended
Next: Malaysian Government Orders Torrent Sites Shutdown
48 Responses
Pages: [1] 2 » Show All
what.cd did the same thing
tpb is about to add it as well
YESSSSS! The next step in our evolution and the only logical way to proceed with present governments all over the world caving in to big corporation / MAFIAA pressure, they started this escalation and they sure as hell are going to pay for it.
Encrypted P2P… welcome, make yourself at home!
Cheers!
Question: this is only for the site, not the tracker connections? That would be a good idea, if practical.
I noticed today that torrentbox added SSL. I must applaud everyone at sites that offer encryption for anything - encryption is great :)
The 80% figure isn’t really accurate as only a small portion of users have voted thus far. In reality many of the sites visitors will probably not even vote in that poll.
I have been running a similar poll for 2 weeks now - these are the current response stats:
How important is a secure (SSL) (https) login for you on websites and irc?
I guess it is handy on some occasions. 39%
Very, I must have one! 32%
It does not really concern me at all. 19%
What is that? 10%
Votes: 1,122
Well, as far as i have understood SSL it encrypts the traffic coming from the client with a provided async-key from the server and vice versa.
if you want to block a website the only thing you have to do is to blacklist the ip you want to be blocked. meaning as far as not blocking isohunt goes, this would not be a very effective countermeasure.
as far as content goes: SSL does encrypt the content, still an “eavesdropper” would see the URL you request. And since isohunt can be accessed by everyone the information can be restored by browsing the same URLs as the person you want to surveil.
same problem for search: isohunt uses the GET-Method that basicaly appends your search-term in the URL. The content would be save if they were using the POST-metho, but here we have the same problem as with the content, since the URL can be seen by anyone even when using SSL and therefore the content or the searchterm can be restored.
Sure thing it will work to overcome proxys that block the download of .torrent-files, but the other three cases are AFAIK not very effective counter-measures.
just gotta do
https://www.isohunt.com
notice the “s” for SECURE
well, well done.
https://isohunt.com/torrents/?ihq=test
notice the “?ihp=test” in the URL? test is my searchterm, and as said before URLs are still seen even when the connection is encrypted via SSL.
@6 So is this really worth the bother?
It costs money to by cert’s and if they buy more servers that ups the cost even further! And for what purpose?
Debate…
the people in crazy countries should add the sufu rss feed so they can direct download .torrent files without visiting any websites ;)
http://superfundo.org
http://feeds.feedburner.com/superfundo-torrents?format=xml
@20 well in general SSL is very usefull, for example if you need to login to view a page it would help to protect the content, since the URL would not help an attacker.
as soon i have to enter some sensitive information i look for a SSL connection, but in this case i dont see the reason to implement it. but the guys at isohunt are smart, there is probably a good reason for it, still i cant see it at the moment.
If you clicked any of those links, and your not running Kaspersky, you’ve been infected with a trojan.
@54,
bullsh!t, I’ve clicked on them, they are not trojans, just a funny video site. You’re just paranoid.
/Br!t0n
@56, haha lol is that you?
Now we just need search engines created for Firefox to search these secure sites. Currently the ones available are the unsecured websites.
“If you clicked any of those links, and your not running Kaspersky, you’ve been infected with a trojan.”
Also detected by ESET, update your AV and do an immediate scan.
I clicked one, Firefox prompted me to download the file, which I did. I then saw that it was a .COM file and deleted it. It never ran so it never had a chance to infect my system.
Hannes you’re full of shit.
SSL isn’t “aware” of HTTP as its an underlying layer that any upper protocol such as HTTP can ride upon.
The SSL session begins first before the HTTP GET request ever happens, so tell me how one can “Sniff your URL” if everything is encrypted after the initial SSL handshake?
I suggest you read up on SSL and how it actually works before spouting bullshit.
Now, if they wanted to know what TLD’s you visit they can easily do this by sniffing your DNS requests, but again that will only give them the TLD.
Someone please get rid of the comment with the virus link…
Yeh liked the service at ISOhunt but i’ve been put off them for sometime now due to there innacurate and hefty spam content.
how does one enable ssl? is it just browser or does it have to be in the torrent program also?
I hate Bell because they throttle everything now, even xbox live! stupid jackholes.
btw piratebay also has its tls/ssl active now =)
https://thepiratebay.org/
Cert Summary:
Holder: thepiratebay.org, thepiratebay.org
Issuer: Equifax Secure Global eBusiness CA-1, Equifax Secure Inc.
Expires: 26/06/09 01:41:00 PM GMT
Encryption Protocol: TLS v1.0 256 bit AES (1024 bit RSA/SHA)
Ernesto … doe dit eens lezen … http://www.spitsnieuws.nl/archives/tech/2008/06/downloaden_toch_illegaal.html
I don’t know, as far as I can remember, that was called “impossible to crack” encryption wise (at least theoretically)….does anyone know why they are doing it if SSL is immune to all DPI/hacking? I would guess that it means there are weaknesses to SSL (which on wikipedia, they did point out a few on SSL v2, but not SSL v3….), if so, then ernesto, please, don’t tell everyone here that SSL is some miracle non-decryptable/DPI’ed/some other method. If not, then nvm, I don’t really have a clue personally…..just trying to use logic.
There’s no such things as unbreakable encryption . but to do that you will need time and that is something DPI don’t have.
a simple logic . a super computer can decrypt one packet encrypted in 16 bit in less than 5 minute . in here we are talking on one packet but on ISP level we are looking at thousand to millions packet .
now you understand just try use your brain
Pages: [1] 2 » Show All
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.