uTorrent Increases Privacy and Counters Mass-Monitoring of Downloads

Ernesto
September 21, 2012
79
CAS,
utorrent
Print

Downloading files via BitTorrent is about as public as file-sharing gets, and it’s safe to say that most popular BitTorrent swarms are being monitored one way or the other. To protect the privacy of its users BitTorrent Inc. therefore decided to randomize the peer-id uTorrent users display to other peers and the tracker. While the new feature makes it more difficult to track the download habits of individual users, IP-addresses still remain public and trackable.

mass monitoring Privacy is in short supply on the Internet, especially on BitTorrent networks. Those who fail to take measures to hide their IP-addresses leave a prominent trail of information behind them.

Besides IP-addresses there’s a second variable that can be used to gather intelligence on downloaders, namely the peer-id. For uTorrent and BitTorrent mainline users the peer-id has always been constant for connections with trackers and peers.

This means that tracking companies can use the information to build a rather accurate database of downloads that come from the same client, regardless of the IP-address. While this information might be of use to private BitTorrent trackers, on public ones it poses a clear privacy threat.

BitTorrent Inc’s uTorrent developers recognize this security concern and have decided to prevent this type of tracking by implementing a new feature. The change in code was not widely announced, apart from the following update in the changelog of the uTorrent alpha release.

“Feature: don’t use a consistent peer-id (to mitigate tracking)”

TorrentFreak got in touch with BitTorrent Inc. who told us that the new feature only applies to public torrents. It is a change to the core code, so users don’t have to enable it.

“This feature’s operation randomizes peer ids in an n-hour cycle to mitigate tracking of our users when they use non-private torrents. The effect is increased control for our users of their own information and activity which, just like users of any service, our users ask for and are entitled to,” TorrentFreak was told.

Thanks to the new feature it is no longer possible to track BitTorrent users based on their peer-id for a longer period of time. However, users should be aware that IP-addresses are still public and trackable.

According to BitTorrent Inc. the new feature was implemented to protect privacy, which is a great concern not only for BitTorrent users, but Internet users in general.

“Our users are as concerned as anybody about the free flow and use of their personal information and habits,” BitTorrent Inc. told TorrentFreak.

“So we work on features such as this to protect their privacy, just as companies such as Google, Firefox and Microsoft, in particular with IE8, bring their users more control of their information with things like easy, prominent private browsing features.”

BitTorrent can be applauded for taking the privacy concerns of its users seriously, but the mass-monitoring of BitTorrent downloads is not going away any time soon. Over the years dozens of tracking companies have specialized in tracking BitTorrent downloads, and this number appears to increase year after year.

That said, the less private information that’s available to these tracking companies, the better.

Previous Post | Next Post

Follow @torrentfreak

Roswell1701

Big fucking deal! :)
- Gues911
  
  what there blocking is a great way actually because recent cases have said ip doesnt equal the person, this detailed tracking which they depend on will be thawrted now, many people have static or dynamic , which changes or doesnt change, try explaining all that to a jury , thats why these type of cases need to be detailed which this plan actually helps alot in detailed tracking they do .
  - ScrewEwe2
    
    I think another important thing is get what you need, not everthing you can get, and under any scenario, stay the fuck away from Justin Beiber’s crap. Greed can be dangerous and have unpredictable outcomes.
    - Bastage
      
      “Stay the fuck away from Justin Bieber’s crap” is a fine rule, whether engaging in piracy or not
    - Guest
      
      justin beiber really isn’t that bad. you just gotta give him a chance and realize he’s trying to sell himself. anybody who has ever chilled with him has said he was cool. ludacris. tyler the creator. pretty much everyone says he’s cool. the beats are just as good as all the other mainstream crap out there. the beiber hate is so last summer bro. get over it.
    - ScrewEwe2
      
      Reply to Guest: “justin beiber really isn’t that bad. you just gotta give him a chance and realize he’s trying to sell himself.”
      
      At 57, Static X is a little closer to where my musical tastes run, :-)
      
      Deeper, harder, faster.
    - http://twitter.com/AdamSmi58530464 AdamSmith
      
      Gregory responded I am dazzled that any body can earn $4293 in four weeks on the network have you seen this(Click on menu Home)
    - http://twitter.com/AdamSmi58530464 AdamSmith
      
      …
      goo.gl/zwenV
    - yello
      
      so with static x as the example, your saying your tastes run with music, as opposed to autotune… very nice sir
  - JerryWoo
    
    Use vpnbook http://www.vpnbook.com … they have a free OpenVPN account, located in EU, i use it whenever i download torrents to stay safe!
MuhammadEpstein

“I prefer okra over asparagus because Jesus was not married,” said the former senator to his astronaut neighbor at the annual father-daughter rugby match in Tuscaloosa, Spain. This is the very reason why all options must be riveted to the ground-level opportunities vested in the forgone conclusion peeking around the vast crevice between rookie baseball players and international diplomats. Of course we would rather be massaged with a splash of balsamic readouts, leveling accusations at half breed liquid varicosities, but wouldn’t you rather be syncopated in a murky semisolid frosh than extracted by linseed oil vomit mattresses? I think not!
- meowmix
  
  great, all we need, fucking bots on here.
  - Mc
    
    if you reply to spam, it cant be deleted. tard.
Pingback: uTorrent Increases Privacy and Counters Mass-Monitoring of Downloads | SKP News
ofproto

Good for you uTorrent.
ROMaster2

At least it’s a step forward.
Riii

yay…….wish you guys started that before the flippin ESA sent me a warning.
- ElseAndrew
  
  That’s not uTorrent’s fault, it’s yours for not hiding in the first place.
  
  Good step in the right direction though.
- puddpuddi
  
  this still won’t help you, geta seedbox
- http://twitter.com/krozareq krozareq
  
  Yeah do as @ae0d62ae034f677a0c78c8b8abebc583:disqus suggested and get a seedbox. You can find decent ones for €10 and 200-300GB ones for €15/mo with the right people.
- Sketch
  
  VPN OR DIE
John Space

OK. The logical step should be updating uTorrent, BUT are they still including ads (or something like that, I don’t remember) in new versions of uTorrent?
- http://twitter.com/krozareq krozareq
  
  Just get an advert URL list and place it in your hosts file. Problem solved.
- XFyrios
  
  They added an opt-out option. No worries!
Ukwje

is utorrent still closed-source ? How can they be credible in this case ?
I am still running v1.6
- ktetch
  
  Yes, it’s always been closed source. And WHY you’re running such an old version (from late 05 – the first of the bittorrent inc releases iirc) with such a lot of exploits. Seems a but stupid to me.
TuxPaper

Vuze commit on Oct 12 10:48:45, 2004 (released with Azureus 2.2.0.0): “added option to use different peer id for tracker and data comms”
Tools->Options->Tracker->Client->(last option)Granted, Vuze has no cycling of your peer-ids (that I’m aware of).. but what does it matter if your IP address doesn’t change?
http://twitter.com/krozareq krozareq

It’s a nice and rational change. Looks to be most helpful for someone who unintentionally torrents while the VPN is off. With the peer ID, they could still track the user with a different IP. But I have no doubt that the US intelligent agencies are matching VPN IPs with client IPs through sites like Google, Facebook, etc for when someone is logged in and suddenly changes IP. Need to step it up and have a different browser (preferably Firefox, since you can run multiple configs) that’s set up for your VPN and another config for TOR.

But your IP is still there, so if you don’t have a VPN, seedbox, SSH tunnel, etc then you better stay off the popular torrents.
- Gues911
  
  i even heard some forms, javascript etc , activex , plugins , real ur real ip sometimes , its all confusing to me, in the end im sure no one will be able to hide online, who knows ..but the shadow
  - Gues911
    
    Reveal*
ingo

Some torrents have 25,000 seeds or more. I’ve always wondered if having that many seeds makes a difference to a swarm. Now they’ve montored the 8 million torrent downloads of Ed Sheeran does that mean we will have 8 million “cease and desist” letters. That’ll cost too much and thats just in stamps and envelopes. I don’t know maybe they should offer the 8 million torrent downloaders tickets for concerts. Might get people into going to see him live.
- http://twitter.com/krozareq krozareq
  
  They’ve largely gone digital with the notices. Most US ISPs now directly deliver them to the user via browser.
  - Pelham123
    
    NBC Comcast Universal probably does not mind footing the bill for sending notices to sharers of its own content … but the notification process is an enormous pain in the ass. How many of your 25,000 Ed Sheeran seeds are hosted by Comcast users, for example? Just finding that out is a huge task.
    
    And now that we are seeing proof that such hassling does not improve sales and pushes sharers completely off the grid, more and more monitoring may simply become a formality and a research tool.
Pingback: Torrent News » uTorrent Increases Privacy and Counters Mass-Monitoring of Downloads
WigFow

lol no doubt about it VPN up or use a public acccess point.

AnonFolks.tk
Darkknight145

so where is this setting “don’t use a consistent peer-id”
- Dark
  
  it’s automatic. lern2read.
  - Darkknight145
    
    The article says it’s NOT enabled by default and has to be enabled.
    - Darkknight145
      
      Whoops sorry, just re-read the article it is auto enabled…. Sorry!
- gubatron
  
  it’d be so easy to find out if only it were open source like FrostWire or Vuze.
Pingback: uTorrent Increases Privacy and Counters Mass-Monitoring of Downloads | Zombie Torrents - Ultimate Torrents Downloads
Pingback: uTorrent Increases Privacy and Counters Mass-Monitoring of Downloads | Best InfoTips
Utlan

The change log for uTorrent 1.1.3 has the following entry:

“Randomize peer id when µTorrent starts.”
- Me
  
  this was always the case anyway. the peer id always changed if you stopped the client and then restarted it.
  - gubatron
    
    the only difference now it seems, is that the peer id will change without having to restart.
    
    I wonder what impact this will have on performance, how will trackers know who much you seeded, you know, the old “give and you will receive” mantra of bittorrent must be kind of fucked after this.
    
    doesn’t sound like it protects or hides you in any way, yet seems like it’ll result in slower downloads.
dionrook

http://al.ly/ELM
Geigh

What the hell is uTorrent? Is it really that difficult to use the ‘µ’ character?
- Trashbash
  
  I just came to say you are great. The best. Smart too. You tell em dood. utorrent utorrent utorrent. I had no idea what the article nor the comments were about until I read yours.
- Guest
  
  I actually don’t know how to type that character. Is it an Alt+### combination like ê (Alt+136) is?
  - Ddd
    
    alt + 230 i think, im on a laptop so i can’t verify.
    - UNICODE_EXPERT
      
      You’re a looser too.
  - Rallias
    
    Highlight. Copy. Paste.
    
    There. Got it for you.
    - UNICODE_EXPERT
      
      And you’re a lazy mother fucker. Copy ‘n’ paste ? Fucking toser.
  - UNICODE_EXPERT
    
    You are loser.
    - Nonaste
      
      You should be proud. You’ve proven what an obnoxious twit you are.
- UNICODE_EXPERT
  
  For most plebs it is. They haven’t a clue about ALT+0181.
  
  Well done Geigh.
  
  As for the rest, they’re fucking losers.
  - UNICODE_EXPERT
    
    Fuck you Nonaste you cunt bastard.
- BJonesTF
  
  in headline’s, yes. it cane break some stuff.
Waseihou

I would like to bittorret clients to add another privacy extension – to encrypt all application settings including downloading history by password into one well encrypted file. User would have to enter the password when starting a bittorrent client and also if he was idle for some time (so that a screenshot of what he was downloading could not be made). This extension would make it difficult to make any computer forensic analysis. Any temporary files would have also to be encrypted and stored in incomprehensible way. In many p2p application (eMule, RetroShare, …) I have seen that cache files contains potentially interesting information, like what was downloaded or searched for.

While for people like me it is not a problem to store all the settings into encrypted drive, it would be better if this functionality came with the application and was enabled by default. If everyone knew that a certain bittorrent or p2p application is difficult to obtain forensic information from, they would not be so tempted to obtain the user’s computer. In some jurisdictions, filelist from p2p application is an important evidence, so why should it be so simple to get it? Of course, bittorrent programmers should not post this as a reason to add this enhancenment, just state that it is to “enhance user’s privacy”, but the effect would be obvious.

If we want to attack MAFIA further, privacy enhancenments should not only aim at better encryption, proxying, splitting file into blocks to scatter responsibility and other similar ideas. Privacy enhancenments should directly make an attempt to hamper any evidence gathering process, like computer forensic analysis. It should be almost impossible to obtain data from the application if computer is switched off, and hard to obtain even if the program is running and police officer get access to it. Even so trivial thing like requiring password after the user was not interacting with torrent would bring some trouble the attacker (cannot get screenshot of filelist), and some innovative way to store crucial information in memory might be helpful too, so that application would be able to operate while it would be difficult to obtain information from memory dump (for example store everything encrypted in memory, save decryption key in CPU or somewhere else, and make all opertions in a way that key is not in memory, maybe for some time it would possible to use even GPU for doing some operations and data storage…).
ScrewEwe2

Instead of using the internet to get content, why not steal a big rig tractor and trailer, back through the wall of a well known multimedia chain store, take every CD and movie in site as well as computers, game systems and HD TV’s. At least your peer id wouldn’t be involved. At worst, maybe you drivers license.

Naww, I think I’l stick with BitTorrent.
- meowmix
  
  i dunno. i think you are on to something. if you get caught, you’ll get less time in the slammer/smaller fine than you would for copyright infringment.
  - Bob
    
    ^this :)
None

Freedom vs corporate greed and power …
It’s a war that never ends.
Midas

Meh, just got myself a year of UseNet so doesn’t really mater to me anymore. Strange days living in the EU now.
- meowmix
  
  giganews is your friend and worth every penny.
Pingback: Torrent News » Utorrent améliore la confidentialité de ses utilisateurs BitTorrent
gubatron

peerID randomization has long been an option of the Vuze core (same on FrostWire), it comes turned off by default. how’s this news? slow day?

I suppose it comes off because even though it might protect you somewhat, you probably get penalized by the trackers as you look as someone new, so the whole “give and thou shall receive” mantra is affected. Hopefully uTorrent put this as an option that you can turn off.

No need to be half ass anonymizing yourself if you’re using BitTorrent to download the millions of legal files out there.
- Red
  
  which mafiaa and friends track also
Xult

all seems pointless.
another reason to stick to 2.2.1 and vpn.
equalizir

It is a good idea not to be greedy. I only download music files that are a few years old. Don’t like most of the new music anyway. I do download tv shows but not too many new ones, mostly older shows that I missed or didnt know about. I dont download new movies period. I do use a vpn and utorrent 2.2.1
- meowmix
  
  i do pretty much the same. if i do want something my nntp server is my best friend.
Beebsucks

justin beeber is a homo
- UNICODE_EXPERT
  
  He’s a little cunt. Asshole.
Pingback: µTorrent ????? ?????? ??? ?????? peer-id, ????? ???????? ?????? | ?????????? ???????
Pingback: uTorrent Increases Privacy By Randomizing Peer-IDs
shaqimnsnsn

http://lnk.co/I2VI9
zhuweng

http://lnk.co/I2VI9
Pingback: UnblockMySchool » uTorrent Increases Privacy and Counters Mass-Monitoring of Downloads
Pingback: uTorrent se preocupa por nuestra privacidad

TorrentFreak

The place where breaking news, BitTorrent and copyright collide

uTorrent Increases Privacy and Counters Mass-Monitoring of Downloads

Related Posts

Previous Post | Next Post

NewsBits

The Pirate Bay Isn’t Down Completely, Just Having a Few Issues

Pirate Bay Founder Gottfrid Svartholm on Freedom of Speech

Blu-ray Anti-Piracy Tech Stops Discs and Promotes Purchases

Foxtel Breeds Pirates by Locking Up Game of Thrones

UK Student Admits Breaching Sony Copyrights With Leak of PS3 SDK

MostDiscussed

Pirate Bay Takes Over Distribution of Censored 3D Printable Gun

McAfee Patents Technology to Detect and Block Pirated Content

Pirate Bay Finds Safe Haven in Iceland, Switches to .IS Domain

Copyright Trolls Threaten to Call Neighbors of Accused Porn Pirates

Game Pirates Whine About Piracy in Game Dev Simulator

CopyQuote

PopularArticles

VPN Services That Take Your Anonymity Seriously, 2013 Edition

Top 10 Most Popular Torrent Sites of 2013

Which VPN Service Providers Really Take Anonymity Seriously?

What’s The Best VPN / Proxy for BitTorrent?

BTGuard Review: How Does it Work?

Optimize Your BitTorrent Download Speed