Downloading files via BitTorrent is about as public as file-sharing gets, and it’s safe to say that most popular BitTorrent swarms are being monitored one way or the other. To protect the privacy of its users BitTorrent Inc. therefore decided to randomize the peer-id uTorrent users display to other peers and the tracker. While the new feature makes it more difficult to track the download habits of individual users, IP-addresses still remain public and trackable.
Privacy is in short supply on the Internet, especially on BitTorrent networks. Those who fail to take measures to hide their IP-addresses leave a prominent trail of information behind them.
Besides IP-addresses there’s a second variable that can be used to gather intelligence on downloaders, namely the peer-id. For uTorrent and BitTorrent mainline users the peer-id has always been constant for connections with trackers and peers.
This means that tracking companies can use the information to build a rather accurate database of downloads that come from the same client, regardless of the IP-address. While this information might be of use to private BitTorrent trackers, on public ones it poses a clear privacy threat.
BitTorrent Inc’s uTorrent developers recognize this security concern and have decided to prevent this type of tracking by implementing a new feature. The change in code was not widely announced, apart from the following update in the changelog of the uTorrent alpha release.
“Feature: don’t use a consistent peer-id (to mitigate tracking)”
TorrentFreak got in touch with BitTorrent Inc. who told us that the new feature only applies to public torrents. It is a change to the core code, so users don’t have to enable it.
“This feature’s operation randomizes peer ids in an n-hour cycle to mitigate tracking of our users when they use non-private torrents. The effect is increased control for our users of their own information and activity which, just like users of any service, our users ask for and are entitled to,” TorrentFreak was told.
Thanks to the new feature it is no longer possible to track BitTorrent users based on their peer-id for a longer period of time. However, users should be aware that IP-addresses are still public and trackable.
According to BitTorrent Inc. the new feature was implemented to protect privacy, which is a great concern not only for BitTorrent users, but Internet users in general.
“Our users are as concerned as anybody about the free flow and use of their personal information and habits,” BitTorrent Inc. told TorrentFreak.
“So we work on features such as this to protect their privacy, just as companies such as Google, Firefox and Microsoft, in particular with IE8, bring their users more control of their information with things like easy, prominent private browsing features.”
BitTorrent can be applauded for taking the privacy concerns of its users seriously, but the mass-monitoring of BitTorrent downloads is not going away any time soon. Over the years dozens of tracking companies have specialized in tracking BitTorrent downloads, and this number appears to increase year after year.
That said, the less private information that’s available to these tracking companies, the better.