TorrentFreak

The place where breaking news, BitTorrent and copyright collide

Some File-Sharers Leave Trails To Their Front Door

Following the publication of a paper which investigates how using the same username across multiple web sites may expose Internet users to scammers, TorrentFreak decided to apply the same research idea to a random sampling of file-sharers, with some eye-opening results.

A team of researchers from the French National Institute of Computer Science (INRIA) has just published their study of over 10 million usernames collected from Google profiles, eBay accounts and other sources. They discovered that around half of the usernames could be linked to another matching online profile, which could enable scammers to build up a more detailed profile of individuals they wish to target.

“A scammer could use this information to build a profile of a person and then target them with convincing phishing messages—perhaps referring to specific purchases on another website,” writes TechnologyReview in response to the study.

But while this research is certainly relevant to Internet users in general, it is also of great interest to those who may be sharing files online without the copyright holder’s permission.

TorrentFreak learned last year, perhaps unsurprisingly, that anti-piracy companies are increasingly using profiling techniques to identify and track the habits of the more prolific file-sharers, in particular initial uploaders.

However, while it’s unclear to what use this gathered data is being put, we can confirm 100% that users targeted in so-called Speculative Invoicing (we caught you sharing files, pay us money to go away) campaigns are being tracked through their general Internet use and comments they have made used as leverage against them.

In several cases last year, Internet users caught up in ACS:Law’s pay-up-or-else sweep asked for advice on how to respond to the law firm using online forums. The usernames they used were not unique. In fact they corresponded perfectly with ones they used on other forums where they had been less careful about disguising who they were.

In at least one case a user even discussed downloading the material he was accused of, albeit some months earlier. In another there was general talk about file-sharing, hardly proof of infringement, but it doesn’t help a case longer term.

Another person, who contacted TorrentFreak with his plight, had previously emailed ACS:Law using the same email address. We Googled that and found a site where the person mentioned his website, which led to a WHOIS which, coupled with his forename posted freely on the forum, conveniently supplied his surname and address.

From that information we were able to discover not that he had infringed, but had just come into some money – valuable information to a law firm looking to screw someone for hard cash.

In another recent case which ended particularly badly for one confirmed file-sharer, armed with nothing but an email address and a forum post we were able to follow a trail which led into highly personal aspects of the individual’s life. Our deep suspicions, without compromising this person’s privacy further, is that this same trail was cynically exploited by copyright holders to extract a very sizeable settlement.

Today, while writing this post, we spent just an hour on a private torrent tracker researching the site’s top 20 uploaders. In 13 cases we were able to find the users on other sites, including YouTube, Last.fm, eBay and any number of non-filesharing related forums. In 4 cases we were able to quickly identify real names. Given more time the exposure would almost certainly prove greater.

As the INRIA researchers note, people using unique and easily identifiable usernames are more vulnerable to cross-site profiling. Others with common usernames are far more difficult to track down and in our quick tests we have to agree.

Try Googling your regular usernames and email addresses….

Food for thought.

Related Posts

Previous Post | Next Post

  • http://www.facebook.com/people/Freeda-Weed/100001728244194 Freeda Weed

    Security is only as good as the end user!

  • http://www.facebook.com/people/Freeda-Weed/100001728244194 Freeda Weed

    Security is only as good as the end user!

    • Anonymous

      True.. But it will take a read of this article for some people to be aware of that fact.
      (even then ,some guys would still do Snooki without a hat on)

      it is really EASy to defeat this type of profile mining.

      Different user and pass for every site.
      NEVER give links to personal data.. eg..links to facebook.
      OR even better , don’t have personal data online.

      Firefox makes it easy to have a different password/Username for every site.
      use firefox…
      install the addon password-exporter https://addons.mozilla.org/en-US/firefox/addon/password-exporter/

      Firefox will automatically remember your user and pass..
      You can even export all the details into an encrypted file or plain .xml for backup.

      Also.. using this method makes your passwords easier to manage… hence easier to create a secure password or every site.
      eg.. a very secure pass:
      sd@fhe34£$%[[]ds67we723jhwef9vk48$^@t387@$%&DFgge£$£1.,

      **If you have only one alias…. Ask the site admin’s to change your username.

      • Anon

        Personally I use lastpass, its secure as hell, and I trust them.

    • Bob

      This end user has just messed his pants. Its all sticky and gooie and running down my legs….. Eww…Mummmmmmmmmmm

  • Durpdedoo

    If I’m dumb I deserve to get sued.

    • http://www.facebook.com/people/Michael-Kuznar/100001582401831 Michael Kuznar

      There was a guy I worked with who downloaded illegal photos of children and they caught him that way. I was happy about that.

      Send people to your website http://www.webdesignandmarketing.us Internet Marketing’s not the future, it’s the present.

    • DarknessFallz

      Its not just about getting sued… its about some duche bag building up enough information to spam your email box’s your home address and possibly even your place of work.

    • DarknessFallz

      Its not just about getting sued… its about some duche bag building up enough information to spam your email box’s your home address and possibly even your place of work.

  • Durpdedoo

    If I’m dumb I deserve to get sued.

  • Lord Peter Mandelson

    A Good reason to never use your real name Online

  • MonsterCock89:D

    as true as this is, this holds absolute no legal value. to put it simply: in the law there is a list of characteristics that could be used to ID a person. That’s your legal name, your birth date, your address etc. An username online is not such a legal characteristic and would not hold up in court by any means. Anyone could call him/herself MonsterCock89. Keep that in mind, before punting your tinfoil hats on.

    • ItsHuge

      So thick and veiny…

    • Ven

      But lawyers could simply supeona user information from those other sites. If all of them point to the same email address, then odds are good they are all the same person.

      It is basic social engineering in the digital age. People actually choose to post every little thing about their life on the internet every single day, and then wonder why people are able to abuse their privacy.

    • DocGerbil100

      I want to like your comment, but I can’t get over your insane username – ROFL! :D

    • DocGerbil100

      I want to like your comment, but I can’t get over your insane username – ROFL! :D

    • JoselitoS

      MonsterCock89:D : Age 21 Sex: Man, Sexuele Vorlieben: Gay Größe 174-184 it is really you?

  • C6041955

    Identifiers being used to identify people.

    Oh god oh god everybody run????

  • Anon

    I’m pretty surprised by this. Not by the fact that using the same handle everywhere is a good way to get caught, but I am surprised that some top uploaders don’t realize this.

    • Anonymouse

      I’d say top uploaders are some of the most likely to do it, as they like to have a reputation among sites.

  • Pingback: Some File-Sharers Leave Trails To Their Front Door - Torrent Invites - Get your free private torrent tracker invites!

  • Pingback: Tweets that mention Some File-Sharers Leave Trails To Their Front Door | TorrentFreak -- Topsy.com

  • President Obama

    Digital Gestapo collecting usernames on internet? I will fix that in 2012….

    • God

      No need to. I’ll have it done by the time you decide to do it.

  • Peter Benjamin Mandelson

    This is ridiculous How many people use the nick Neo or Morphius ore even Anon

    Or as above Lord Peter Mandelson LOL Perhaps more should use that one.

    I’m always Downloading the latest Movies, Music, Software, Porn lets see them bust me for the name I use online

    • Abraham Licoln

      Oh, I download those too. God bless America.

    • Bob233

      Not that ridiculous, you make an upload using the same user name that you use everywhere else on the internet and then start blabbing about it and the things you say verify that you did it. You have hung yourself.

      Then all the lawyers have to do is connect the dots.

  • Lothor The Evil

    Bottom line: keep your big mouth shut. Don’t go onto forums and sites blabbing about what you download by exact name of the content. Sure they can track you down and find out what forums and sites you post comments to and what not. But if you say you downloaded X movie, it can and will be used against you in court. I’m sure you’ve all heard of people violating restraining orders for commenting on a person’s Facebook page when they are not suppose to be in contact with that person. You have to be careful on the web cause these anti-pirate assholes will look for anything to literally hang you with, even your own underwear.

    • Lothor The Evil

      The facebook thing was just an example of how what you post on the net can get you into trouble. Be smart and use your heads out there.

      • Biief

        I always use a different nick… not like you :P

        • Biief

          Oi… stop using my username. I always use this one for downloading pirated midget donkey porn!

        • Guy

          You watch too much animal planet

      • Sesame1

        Yes, by using your head you make your Facebook profile unsearchable and if it is searchable you can stop everyone seeing what is on it apart from friends via the security settings.

      • Sesame1

        Yes, by using your head you make your Facebook profile unsearchable and if it is searchable you can stop everyone seeing what is on it apart from friends via the security settings.

    • Sesame1

      I download hundreds of movies and tv programs and i dont mind letting every fcuka know….why ? well because i use online sites like Love film and video ondemand that feeds it all to my shiny multimedia bluray player.

      Some of these trolls need to get with it cos just because you have “downloaded” a movie, a tv episode, porn or music it doesnt mean its bloody illegal. I had somebody a few years back telling me they were gonna grass me up cos i was illegally downloading music from i-tunes bacause they in their deluded mind after watching the disinformation news channel thought everything containing the word “DOWNLOAD” was illegal which just goes to show some people are thicker than pig sh*t and uncannily easy to track on the internet by coincendence…

      It is pretty amazing what a bluray player can do these days ha ha ha although it had a fit trying to play that new Jennifer Aniston movie…or maybe it was a CAM ha ha ha

  • Sunshine1970

    I try to use different names/emails on forums, well I really try to. I have about 7 I rotate out.

    Speaking about security and posting, I like Disqus so I don’t have log in to comment on different sites (lazy wins out), but this is bad for my security as this handle can be traced to all the different sites I post on. I think I’ll be changing up things.

    I’m glad you wrote this article. I’m going to look in to switching things up a bit more.

  • Senddaddyhismail

    Where does it discuss file sharers in this paper? I don’t see it. Bad title to this article unless I missed it.

    • Blarford

      If you read the article properly you’ll see that this article was inspired by the research and the title is valid whatever :/

      • Senddaddyhismail

        the original article does not mention file sharing…You can just apply that to file sharers. Don’t be a moron.

        • Senddaddyhismail

          Also, just because the TF crowd spent an hour looking up a few people who are on a private site means jack and shit. You could use my username on the sites i’m on and not find me. Even posts on here are with usernames that are in no way related to me…..someone else maybe? But definitely not me.

        • Anonymous

          Chris (Not going to post your last name)
          Columbia, SC
          Phone: (803) 920-3429 (Laurens, SC registration company?)
          Cell tower trace: Latitude:34.01 Longitude:-81.03 (Could be off not going to spend more than 5 min. on this)
          Senddaddyhismail@yahoo.com
          Siame cat
          Blackberry 9530
          b+ in math

          And i’m not from the States, i don’t know what half the stuff means. So i could have missed clues. Total time 10 min of backtrace. Y dun goof’d.

        • Bob

          I couldnt help it….I just messed myself….My pants are full of shit. Oh Dear!

        • Anonymous

          Last name Lothridge? http://www.pageinsider.com/candcbuilders.com ?
          Earl, Sandra ect. Laurens, Potomac Cir xxxx ect ? Once listed as 37yr and once as 45yr ?

        • Sesame1

          that site about buying houses really put the pin in the map lol

        • Sesame1

          Quite prolific at posting on various sites i see…

        • Sesame1

          Quite prolific at posting on various sites i see…

  • Ninja

    Actually, both my usual nick and my usual e-mail address have been used without my consent (ppl trying to impersonate me). Which proves that not everything that is written about your alias can be taken into account. Disqus is a nice example, I can use whatever e-mail I want and it’ll accept, what prevents me from writting as if I were another person?

    In any case, I grew aware of this issue a while back and poof, deleted my profiles in the social networks. The internet has a pretty long memory and can be pretty evil if you don’t take care. I’m pretty sure my data is still flowing around despite the lack of success in finding it on Google. It’s a matter of knowing what to search.

    Unfortunately we are living in an age where ppl will dig stuff you said and try to use it against you, even if they have to use misinterpretations for this. And then again, it’s your own opinion..

  • John Smith

    And this is why you should always use common words as a usernames and register with disposable emails. Good luck data mining with a name like “Sandwich”.

  • Astatalker

    make nickname as Obama or Putin and you will never have such a problem )

    http://astatalk.com

  • Free Hardcore Porn

    Come on, try googling my username and see if you can find me.

    • face palm

      Ok Trish, i guess it’s that easy..

    • ..

      Come on, try googling my username and see if you can find me.

  • Ps3luxton

    9trillion results lol

  • Ps3luxton

    9trillion results lol

  • Ps3luxton

    9trillion results lol

  • Ps3luxton

    9trillion results lol

  • Billy

    Y’all do know that thepiratebay team provides an awesome service for providing fake e-mail addresses? Check out Slopsbox on TPB home page at the bottom. Fantastic service they provide.

  • Billy

    Y’all do know that thepiratebay team provides an awesome service for providing fake e-mail addresses? Check out Slopsbox on TPB home page at the bottom. Fantastic service they provide.

  • Billy

    Y’all do know that thepiratebay team provides an awesome service for providing fake e-mail addresses? Check out Slopsbox on TPB home page at the bottom. Fantastic service they provide.

  • Sounds Dumb

    So how can they prove that it was me and not just someone using an alias I used to get me in trouble for something such as illegal downloading??

    • Guest

      They can’t really. You can claim anything, just like them ;)

    • Guest

      They can’t really. You can claim anything, just like them ;)

  • Anonymous

    Wow, kinda scary when you think about it. Never been a better time to use a good and trusted privacy service. Mask your real IP address in everything you do online!

    http://www.privacy-online.au.tc

  • Whatever

    That’s why every login on every site is different, the number of sites for which login is needed as limited as possible and temporary E-mail addresses used for those.

    And TF also gets the first imaginary E-mail adres i could make up that was acceptable for TF since that an E-mail address is required now.

    BTW: Rule number one for registering for anything is that if they don’t need to send anything always use an imaginary E-mail address.

  • Gayemailsystemhere

    complete an utter crap who the hell would use the same user name on a bizness site as the do on a torrent site and if the did a torrent site does not have real name and adresss so theres ALWAYS deniablity

    • Nowhere

      As the article points out – quite a number of people do that. Why exactly is another reason (separating your “gray area” actions from your “official” stuff seems to me common sense).

  • Straw Bear

    “Try Googling your regular usernames and email addresses….”

    Not a sausage.

    • Sesame1

      I have and as i’ve been surfing the super highway for 15 years there is quite a trail of breadcrumbs out there. Obviously they are all usernames i have used in that 15 years but they are there page after page of forum links to long dead sites that are archived somewhere and still show up in a search.

      For security reasons i cannot say the names as they are covered by the NONOFYABUSINESS act :p

  • http://disqus.com/ Rob8urcakes

    Hey!!! I don’t ever have an opinion about anything and even if I did I would only tell my cat (whose name is Bubbles, social security number …. )

  • Hs3D4DcfYwaaIZVvXyHB

    Random username, random password, and all of this in one file with KeePass…

  • Hs3D4DcfYwaaIZVvXyHB

    Random username, random password, and all of this in one file with KeePass…

  • Anonymous

    No one can find out who I am. Not quite 100% but close enough.

    And if you think this public details problem is bad you should see what many people do with their computer security. Front door open, back door open, and others walk through everything they have.

    One day I should write a guide on how to clean out the crap and lock your doors.

    What is most funny that governments want everyone online. A good way for stupid people to join a botnet.

  • Guest Who

    This is why I’ve a split personality. The logic of using the same nick on sites so you can be identified is quite logical, I’m surprised it’s actually had research!
    I still use this logic, however I’ve always had a line between me and my torrenting alter-ego.

  • Anon

    This is true, not thought about it much, but considering Aaron Barr used the same trick, which can work but it’s not proof, I’m thinking or trying to remove as many instanced of my commonly used username, Anonymous, man I’m everywhere! :D

  • Anon

    Demonoid is on google… i feel mad exposed

  • Aaron Barr
  • Guest

    I showed up :(

  • Anonymous

    When I see someone who uses a username across multiple sites, I use it myself on other sites & act as fucked up as I want.
    After a while, I find a new one.

    My facebook name is Ivanna Shitonyou & I live at 1313 Mockingbird Ln in Transylvania Wisconsin.

    I used pirated wifi & STILL use proxies on some sites where I know I may get in trouble or banned for what I’m about to do.

    Come & get me.

    • Sesame1

      My UserName is :

      Lucey Lykz,
      The Cockwell Inn,
      Tillet,
      Herts,
      i12 4Q

      Beat that one…happy searching suckers [sic]

  • http://pulse.yahoo.com/_CNZMEFEMO255IIEI3D6HQ4JCXQ Liutianxiang

    Firefox makes it easy to have a different password/Username for every site.
    use firefox,verl slowly!

  • Ivanna Huggnkissu

    great article , kinda makes me paranoid tho, that ppl (including some here that have “tracking skillz”) can find me thru Ebay and such ,BUT NOT Fa(g)cebook i`m the last one on earth NOT using it……..

  • Pingback: Internet Trails and Privacy Concerns | News.ChalkHQ.com

  • Lord Herbert MacPhearson

    Question:
    Is there much value to just creating a shit load of GMAIL accounts? Has anyone read Google’s privacy policy and cares to comment on how easily they will reveal all the activity tied to a given IP address?

  • Donotreply

    I use quite a large variety of user names/passwords etc.
    I try to never use the same one on two different websites but after you visit a huge number of websites after a few years on the web sooner or later you’ll leave a trail.
    This won’t necessarily keep MAFIAA etc from tracking you down as another method is to look at how you compose/write a comment/post/blog and then compare your writing style on other suspect sites you may have visited.
    Similar user names such as blue, blu3, b1u3 could also be linked in some cases so be wary of that as well.

    “Try Googling your regular usernames and email addresses….

    Food for thought.”

    OK; here’s what I found, enjoy!

    http://blog.washingtonpost.com/securityfix/2008/03/they_told_you_not_to_reply.html

    Oh; and please donotreply, Chet Faliszek probably is far too busy to read through all that email including any directed there.

    Sorry Chet for redirecting you my fair share of junk mail; I hope my new non.zip addy doesn’t cause the same problems elsewhere =S

  • JuicyBug

    That’s why you shouldn’t use utorrent. It helps to link you to Facebook, Skype, and what not. Use Tixati instead. It’s more secure.

  • S Hare

    Wow – my common name is linked to someone elses flickr account.. That’ll confuse ‘em!

  • Bubanee

    i just googled my username and it sent shivers down to my ass!

    • P!ssed off

      just googled my regular email address I have just found an email I sent for a job application to a language school last year, it was used as an example of an excellent application letter on an English language forum, they had included my name, address, email and phone! WTF – the didnt even reply let alone offer me a job, and have posted everything online!
      how can people be so stupid!

  • Pingback: PREMIUM Rotors + Pads (FRONT +REAR) (Fitment: GS Sedan) | www.governmentgrantwizard.com

  • Bart Fart

    Holy shmoly! My ghostery plugin is blocking ten trackers at this site. They know more about you than you think.

    • Sesame1

      Thanks for that i just downloaded it…interesting piece of wares…

    • DocGerbil100

      That’s a very relevant point. For anyone who doesn’t already know, some things are strongly recommended if you want any degree of online security.

      (1) Don’t use Microsoft’s Internet Explorer. Ever. It’s a privacy death magnet.

      (2) Make sure you have effective anti-virus and firewall software installed and running on your system. Nothing puts you in harm’s way faster than malware and it’s inevitable that MAFIAA companies will try to use it sooner or later, if they haven’t done so already. Avast! Home Edition and PC Tools Firewall Plus should serve if you’re on a Windows machine.

      (3) Use a totally separate browser for any kind of social networking. There are many alternative browsers and also portable versions of FireFox and Opera, so you should be able to find something to your taste. Take a look.

      (4) If you want to see and control what information is visible to others, the following add-ons are available for FireFox and are very strongly recommended, if you want to visit any site you’re not really supposed to:

      • WOT (allows you to see if a site hosts malware or ignores your privacy);
      • NoScript (allows you to see and control what scripts are run on websites);
      • Ghostery (allows you to specifically see and control tracking scripts);
      • Adblock Plus (stops ad-servers from embedding malware and tracking scripts);
      • Flashblock (allows you to see and control embedded flash programs);
      • BetterPrivacy (allows you to manage cookies not deletable by your browser).

      (5) I strongly recommend viewing the cookies in your browser and purging anything and everything you don’t recognise. Make sure you kill any and all cookies from social networking sites. They tend to leak like a sieve. If you want to visit FaceBook, read point (3) again and do that.

      (6) RTFM is a universally-used abbreviation for ‘Read The Fucking Manual’. Learn how to use what you’ve installed properly. Try to know what you’re doing (and what the consequences will be) before you do it, not afterwards. On the internet, preventing a problem is always a hell of a lot easier than fixing a problem.

      (7) The less information you give out, the fewer potential problems you need to worry about. Use your common sense, if you have any at all. Trust no-one, unless you’re very certain they can be trusted. Never trust the internet herself. She is a fickle mistress who will turn on you when you least expect it.

      (8) Don’t use Microsoft’s Internet Explorer. I realise this is strictly just point (1) again, but it’s such an important point, I think it’s worth mentioning twice.

      I hope this can be of help to someone on here. :)

  • ARTiST

    Well, my require username is same as that of a rapper. Beat that ;P

  • Guest

  • Pingback: Some File-Sharers Leave Trails To Their Front Door | Systema

  • Pingback: Internet Trails and Privacy Concerns - YoavGivati.com

  • BTGuard - BitTorrent Anonymously

NewsBits

Even more news...

  • Blu-ray Anti-Piracy Tech Stops Discs and Promotes Purchases

    An anti-piracy system present in all official Blu-ray players since 2012 has received a fresh update...

  • Foxtel Breeds Pirates by Locking Up Game of Thrones

    One of the main reasons why people turn to piracy is the lack of legal alternatives....

  • UK Student Admits Breaching Sony Copyrights With Leak of PS3 SDK

    Last year an Internet user known as El Nomeo leaked version 3.70 of Sony’s Playstation3 SDK...

  • Pirates Can Be Identified Despite Sharing IP Addresses, ISP Claims

    Carrier-Grade Network Address Translation is a network mechanism through which many Internet subscribers can share the...

  • Feds Seize Cash from Major Bitcoin Exchange’s Dwolla Account

    The U.S. Government has taken a significant action against the web’s top Bitcoin exchange by seizing...

MostDiscussed

Below are TorrentFreak's most discussed articles of the past month. Join the discussion if you like.

CopyQuote

Left Quote

“The Pirate Bay has been one of the most important movements in Sweden for freedom of speech, working against corruption and censorship.

Peter Sunde Left Quote

PopularArticles

A selection of some TorrentFreak's classics dug up from our archives.