Video: How People Are Tracked Using BitTorrent
Written by enigmax on January 14, 2008Being tracked by anti-piracy organizations and receiving infringement notices on file-sharing networks is becoming more common. A security project manager has just released a short video showing how it’s done.
A common question from BitTorrent users is how anti-p2p outfits trace and trace file-sharers in order to send infringement notices. We’ve reported on one technique in the past and now, thanks to Dan Morrill, a Security Project Manager with VMC Consulting in Redmond Washington, we have a short video illustrating another basic technique which is easy to understand.
Dan’s example involves him downloading a large file with the popular Azureus client, while giving a commentary on the various types of information offered by the client, a brief overview of how BitTorrent works, how it’s possible to be tracked and how the gathered information could be processed. He also touches on anonymity and the use of blocklists.
A popular piece of IP blocking software is Peerguardian, which can be downloaded at Phoenix Labs, with the blocklists available from Bluetack. Users seeking anonymity can achieve this by using a free proxy server but in reality, most don’t offer performance anywhere near good enough for BitTorrent. VPN services such as VPNTunnel aren’t free but they’re reliable and generally protect users from the techniques shown in the video.
Just one criticism; Dan states towards the end of the video that if you don’t use blocklists you are almost guaranteed to be ‘nabbed’. The majority of people don’t use blocklists and the majority of those are not getting ‘nabbed’.
Indeed, most of the cases we hear of from the United States are people who don’t use BitTorrent at all. On the other hand, blocklists mostly offer pseudo-security, since there’s no guarantee that you are not tracked while using them.
Previously: TorrentFreak Interviews a Lawyer Defending 500 File-Sharers
Next: MediaDefender Hacker Speaks Out
93 Responses
Pages: « 1 2 3 [4] Show All
A program that blocks millions of connections or allows you to block additional IP addresses has to offer some security then not blocking any IP addresses at all.
The video is useless, your comments push it ahead.
@ skyforce (38) : You are right PG blocks direct connection, but they already know my IP from the peer.
Maybe that they have an advantange from that. They not contribute the -maybe- illegal act but only watching it. But wait: without them in the swarm it would not be the same… Any idea?
@ system (32) : you say: “In short, the information they log is part of their “conversation” with you and can be legally recorded. Logging all data flowing in and out of someone elses machine would involve electronic eavesdropping, and would be illegal.”
So they do NOT know in real what is inside the package I am sharing.
The name of a torrent does not prove for its content.
- All torrents should be named away from the files it stands for, all files in the package should get different labels too.
- The real filenames should be shared with a second torrent. A clever software should assemble files and real file names on my computer.
OK… first of all… this guy is a total n00b and knows fuck all about BitTorrent and obviously just installed Azureus 5 minutes before he started to make that video.
Next, total anonymity is the holy grail of piracy… a fantasy that is impossible to acheive without utter chaos and disorder and on top of that a global network that doesn’t function properly a mile away from where you are.
And finally… PeerGuardian 2 is just about the best protection you can get for free… sure it’s not foolproof, but it helps and with all the enemies P2P filesharing has made over the years, we need as much helps as we can get. If you don’t use PG2, don’t come out and spout shit about something you don’t know enough about, and if you use PG2 and think that you are totally protected, you are just as much of a n00b as that retarded video guy.
In short, use PG2, know you’re never going to be fully protected.
For those who are saying PG (and similar) is a complete waste of time because “I haven’t been sued”: this is a non-argument. The number of people sued just by the RIAA in the US is currently over 25,000. In Germany it’s over 200,000. I don’t know the numbers for the UK, but it’s definitely in four figures. HOWEVER, the more important stat is the number of people file-sharing: millions of people every single day. So yes, sure, you can not use PG and your chances of getting sued are already statistically minute. However, PG provides an extra layer of protection and makes it even less likely that you’ll be sued.
To those saying that PG is a waste of time because it’s amateur, blocks arbitrary domains, etc. So what? If it does not negatively effect the use of your computer it’s still better protection than no protection, even if it’s nowhere close to perfect.
And finally, to those saying that copyright owners have to download data from you in order to sue you, this is incorrect: in the US, for example, the RIAA has *never* had to prove that what you are sharing is actually the copyrighted material that their client owns. Courts all over the country have been satisfied with the RIAA simply showing that the defendant was a) using a P2P app, and b) making available a file with a name and filesize that makes it likely to be the copyrighted file in question. They’ve never had to prove that an actual transfer of copyrighted work occurred. In all but a very few of their 25,000+ cases, the “making available for sharing” argument has won the day and the defendant has been hit with a hefty judgment.
I hope they won’t find me in my Saddam Hussein Spiderhole™ now with air conditioning. LONG LIVE THE TUESDAY NIGHT TECH DOT COM SHOW!
HAY GUYZ BIG NEWZ THEY IS TRACKING YUO BY LOGGING CONNECTIONZ LULZ
#78, you’re absolutely right about media companies not needing to prove that you’re actually hosting the file in order to slap a lawsuit on you.
In other words, all they really need is to see your IP address associated with the torrent.
In other words, they don’t need to connect to your IP address directly, they only need to connect to the tracker, read your IP address from there, and add you to the list of “get affidavits about the following IP addresses.”
In other words, PG and its ilk are useless, *if* your goal in running them is to prevent being sued by the *IAA. None of these blockers prevent your IP addresses from being recorded on the tracker, and the companies don’t need to connect to you to sue you.
(In other words, what system and Cain have been saying.)
Total privacy is not obtained correct, but one thing for sure is when I receive a complaint to my home address I know that Comcast has given up my personal information.
I am now with outside vpn providers, and have not had this happened. It’s maybe too much work for them.
Currently I am with StrongVPN since they have no bandwidth limits.
http://www.strongvpn.com
http://www.vpnaccounts.com
http://www.findnot.com
there are others, just google
just officially notified today of my copyright infringements, for everyone that doesn’t think it can happen to the casual user, you’re wrong, i torrent about one file a week tops.
total piracy can never be nullified
http://www.classicarcadegames.us
Only best free news! :
http://american-citysearch.com
Thank you ! Good info…..
I’ve been sent a DMCA violation take down notice when I used to be a Comcast customer. Was a few years ago.
The guy can’t even say the word, ‘queries’ right. There’s no ‘a’ in ‘queries’…
3 references to this post
Pages: « 1 2 3 [4] Show All
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.