Why Encrypting BitTorrent Traffic Is Good
Written by Ernesto on December 24, 2006Recently, the topic of traffic shaping and BitTorrent encryption was once again resurrected, this time by Wired News writer Michael Galore. In a recent post he explains that encrypting BitTorrent traffic is bad. But is this really the case?
The post over at the Wired blog, Monkey Bites concludes that encryption doesn’t fool many ISPs, and that it is a poor method of evading traffic shaping ISPs. I tend to disagree.
First of all, at this point, encryption is the only way to get around ISPs that throttle BitTorrent traffic. Sure, encrypting BitTorrent traffic is bad from an ISPs perspective, but most BitTorrent users with traffic shaping ISPs have no other choice.
Let’s take a look at the arguments that are supposed to support the claim that encryption is a bad thing. Most of these arguments come from a blog post that Bram Cohen, the inventor of the BitTorrent protocol wrote earlier this year.
1. A massive bi-direction file transfer, even when it’s encrypted, still looks like a massive bi-directional file transfer to sniffers and shapers. It doesn’t take a lot of deep science for an ISP to deduce that it’s BitTorrent traffic.
Well, this argument doesn’t really explain why you shouldn’t at least try encryption, if your ISP is throttling BitTorrent traffic. It says something about the effectiveness of encryption, but from a quick survey among friends that have to face up against packet shaping ISPs, I’ve learnt that encryption works excellently for most of them. And aren’t there more massive bi-direction transfers? VOIP for instance?
2. Obfuscation results in incompatibility between encrypting clients and non-encrypting clients.
True, but so does DHT, that was introduced in the official BitTorrent client by Bram Cohen, was implemented in other clients soon afterwards. You can always allow incoming and outgoing connections to non-encrypted clients (ensuring compatibility) as a milder form of encryption. Even Bram Cohen realized that it’s not all that bad, because the latest versions of the mainline client now support encryption.
3. Encryption damages any BitTorrent data caching efforts put forth by your ISP.
I haven’t heard of any ISP throttling and caching BitTorrent traffic at the same time. Caching essentially helps your downloads, so an ISP that’s caching BitTorrent traffic is not likely to throttle it as well.
4. By encrypting BitTorrent transfers, you’re just being hostile towards your ISP. Not to get all weepy over the poor ISPs, but it will only make them resent you more.
The ISPs are being hostile towards their customers if they start to limit BitTorrent traffic, often even without letting them know. Sure, encryption is probably not the best solution for both parties, but if my ISP was limiting my BitTorrent download speed to 10kb/s, they leave me with no other choice.
BitTorrent encryption is currently supported by the following BitTorrent clients, and a detailed article on how to encrypt BitTorrent traffic can be found here.
Clients supporting encryption:
I encourage ISPs to find better ways to manage the huge amounts of traffic BitTorrent is generating. Some ISPs may make it look like this is only a bandwidth problem, but in fact it may have more to do with money than most people assume. External traffic costs ISPs a lot of money. One possible solution is the Cache Discovery Protocol that was recently implemented in the mainline client.
The “Cache Discovery Protocol” allows ISP’s to detect the most popular torrents, cache the data, and seed it. ISP’s like this solution, because it’s cheaper to use bandwidth within their network than to use external traffic.
But for now I would say: Encrypt!
Previously: Mosts Popular DVDrips on BitTorrent (wk51)
Next: Merry Christmas!
22 Responses
Only rtorrent 0.7.0 supports encryption, so it’s not in the stable release yet.
The new version [0.3.18] of BitTornado also supports encyption.
*http://bittornado.com/*
[quote comment="32184"]The new version [0.3.18] of BitTornado also supports encyption.
*http://bittornado.com/*[/quote]
About time ;)
[quote]but from a quick survey among friends that have to face up against packet shaping ISPs, I’ve learnt that encryption works excellently for most of them.[/quote]
I would be interested to see this survey, which countries it covers and which ISP’s.
Most ISP’s have started to use “deep packet inspection” which means it’s not just the headers that are checked, it looks for the encrypted headers used by the protocol and deep inspects the data packet. It checks that it’s traffic that should be restricted and takes the relevant action, some ISP’s have their systems setup so that should over 40% of your data packets turn out to be restricted traffic that they don’t bother inspecting the rest just restrict all your traffic.
[quote]I haven’t heard of any ISP throttling and caching BitTorrent traffic at the same time. Caching essentially helps your downloads, so an ISP that’s caching BitTorrent traffic is not likely to throttle it as well.[/quote]
NTL, in the UK, was one of the first to trial bit torrent caching and whilst they don’t traffic shape all areas of their networks they do some, at the same time they do cache data.
[quote]The ISPs are being hostile towards their customers if they start to limit BitTorrent traffic, often even without letting them know[/quote]
This is a silly way to react to an ISP, before joining an ISP you should do good research on them to ensure that you are switching to a suitable provider for your needs. If ISP’s do start to traffic shape after you have joined them and fail to let you know, if would be worth checking your T&C’s and considering complaining if they have breached them, a further idea would be to complain to the regulator of the industry to get this practice stamped out.
As an overview I do agree with your arguments FOR encryption, why not make everyone switch it on? Those ISP’s that don’t invest in their network or are simply hostile to the protocol might find their customers do get faster access. However I do feel your arguments lack research or any evidentiary support.
Finally turning on encryption inside your client isn’t the only way to try and bypass traffic shaping. In fact there is a far more effective way around it. Setting up a VPN connection with a company like relakks.com not only encrypts ALL your internet traffic meaning it can’t be shaped by your ISP it also protects against deep packet inspection as the data packets look like VPN traffic rather than bit torrent, meaning it doesn’t get throttled, the vast majority of ISP’s don’t throttle VPN traffic (in fact some have it in its top tier) and probably never will do so as it’s used by so many business users.
ISPs that artificially restrict BitTorrent violate network neutrality.
There’s ways to restrict BitTorrent that *don’t* violate network neutrality; for example they can simply give users a weekly or monthly budget and start progressively traffic shaping the whole connection. That way you only get the restrictions kicking in if you overdo the downloads (of whatever protocol, http, ftp or BT etc. etc.)
Who do the ISPs think they are to restrict what use you make of your connection anyway? Restricting *overuse* is fair enough if it exceeds the contention ratio you’ve *paid* for. Otherwise it’s censorship. Why pay for an ISP that censors you?
I work for ISP that uses Ellacoya for traffic shaping, AFAIK the current version of their software is able to correctly classify encrypted bittorrent traffic.
This is not a question of “restricted” content or “censorship”. It’s an arms race! Rather than stopping the fair use of the Internet, which BT really is, why don’t ISPs just actively make users may more for their connections, and use that money to fund “fatter pipe” for them? Oh right, I forgot.. that would make sense. They would rather try to gather the money in an offshore bank, and keep their users restricted.
As an interim solution, this is fine; if a user is over-using their paid-for quota, then warn them and cut them off if they do not pay for premium service. I’m all for that. But classic protocols probably don’t account for the caps that most people have. I’m paying for it, I want to use it. If you cannot offer it, don’t make me pay for it. Or, do, but upgrade the service to match what my expectations are.
Over-inspecting traffic is ridiculous, it results in spending money on software and hardware that doesn’t need to exist; it should be going into infrastructural and protocol improvements.
Most UK ISP’s inherit most of their costs from providing the final connection between the EU and the POP. These costs can often be huge, for example an 8mb line maxed out 24/7 (as often happens) costs an ISP upwards of £2,000/month. Considering the adverage cost of an 8mb line is £25/month or less, you can see why this is needed.
In this scenario, caching does not help, the only place you could cache would be on the EU’s computer…. and what’s the point in that?!?
Personally I prefer good honest upfront usage caps.
Its my bandwidth, and my business what I send over it. Encrypting is my right, and none of any ISP’s business. Random data to them, I say!
I think that the poster item #3 and those that responded supporting it do not understand the place that ISP’s are in.
Bandwidth is not free. ISP’s are doing an amazing job of making it look very very cheap. It is Street Magic otherwise known as sleight of hand but it is an illusion.
To do this illusion, they are using statistics that have some built in assumptions based upon what they expect a user to be doing. Bittorrent as we are currently using it is breaking those assumptions, that is a bad thing for everybody. Having the illuison appear to be real is in everybodies best intrest.
What needs to happen is that we need to find a way so that the virtual networks that are created by bit torrent and other P2P protocols map correctly on top of the real networks. This would allow things like your machine would look for people on the same ISP to provide the data to you before going outside of your ISP. As said internal ISP traffic is very cheap and can be very high speed as compared to traffic that has to come or go outside of your ISP.
To see the slight of hand look at the following:
what is the cost of a T3 like what your ISP would have to buy? 5k-15k per month according to http://www.t1-service.us/t1-internet-service-research.htm (I thought that it was a little cheaper) That can handle 30 DSL connections that offer 1.5 Mbit connections. 30 DSL connections at 50 USD per month income of: 1500 OPS!! where are they getting the other 3.5-13.5k USD? magic.
First. doesnt BT split downloads between a swarm of servers?
So really encryption is only a benefit if you store your downloads online/share out files. DEPENDING on the layer that the encryption occurs at (IPSEC at net? SSL or SSH at upper layers?). To prevent snooping by ISP/RIAA (etc), you would need to do 1 – encrypt headers (include hide protocol info that could be used against you) OR 2 anonymizer – prevent them from knowing what sites you are visiting, including the swarm identities. hiding header/protocol could be done via IPsec. SSL/SSH would be a good add-on to protect login info, but off the top of my head, not helpful to hide. Any number of anonymizer/proxy/reverse proxy would be handy to keep ISP, RIAA,m etc. guessing (at least for a while).
If you look at it, the content if the torrent download is essentially encrypted (er, obfuscated, at least…) by going through the swarm.
Any other ideas?
re: ” … DHT, an invention by Bram Cohen that was implemented in other clients soon afterwards … ”
hmmm… statements like that suggest that the author only stepped into the P2P world recently. DHT was once a major conversation topic within the P2P community long before DHT was ever adopted by BitTorrent.
Cohen did not invent DHT (distributed hash tables), nor was he the first to create a major DHT decentralized network. Azureus’s DHT was developed months earlier (which explains why there are now two competing and incompatible DHT (BT) protocols, since Cohen decided against using Azureus’ existing DHT implementation) Other decentralized P2P networks such as eDonkey’s Overnet started implementing DHT about two years before Bittorrent.
DHT is only one form of decentralized P2P network. Anatomic P2P was actually the first decentralized Bittorrent (not counting Exeem), but Anatomic P2P’s network protocol was based on a Gnutella-like Supernode network configuration, instead of DHT.
Here’s the money shot.
http://img187.imageshack.us/img187/1444/diggthingtg0.png
two torrent freak stories on the top stories part of the site in digg and one on the front page. Torrentfreak FTW
[quote comment="32344"]re: ” … DHT, an invention by Bram Cohen that was implemented in other clients soon afterwards … ”
hmmm… statements like that suggest that the author only stepped into the P2P world recently. DHT was once a major conversation topic within the P2P community long before DHT was ever adopted by BitTorrent.
[/quote]
changed the wording ;)
[quote comment="32344"]re: ” … DHT, an invention by Bram Cohen that was implemented in other clients soon afterwards … “[/quote]
Nicely said old-time p2p’er, I was going to say the same thing. The original motivation for research into DHT’s was not for p2p apps, but for large-scale, fault-tolerant networked applications. Given their suitability for p2p, they were of course quickly picked up by the community.
Point ‘3′ misses one of the reasons ISPs may be throttling BT:
If the ISP is trying to protect it’s internet-side links, then there is a good reason to both throttle, AND cache. Any BT traffic coming out of its cache does not (appreciably) go over the internet-side links, so there’s less reason to throttle it. This, of course, means that BT traffic that comes out of the cache is far faster than traffic that has to go through the throttling AND the internet-side link, so it favours BT data that’s already in the cache.
The same applies if the ISP is trying to both protect it’s downstream AND upstream links.
But when you think about it… when lots of people start using encryption it WILL be discovered and ways to counter WILL be found.
Let’s say every torrent user would encrypt his BT-traffic, don’t you think isp’s would find it weird that all the default BT-traffic has disappeared and then something new starts to slurp alot of bandwidth from them?
[quote comment="32358"][quote comment="32344"]re: ” … DHT, an invention by Bram Cohen that was implemented in other clients soon afterwards … ”
[/quote]
changed the wording ;)[/quote]
It’s still not correct though as it is Azureus that introduced DHT into the BT world, and then Bram chose to implement another flavor in his client.
As for Bram “choice” to implement encryption I don’t think it’s because it became “good” to his eyes, it’s simply because it became a necessity to not be left behind.
drugstore456.1111mb.com
I have to accord with the author in some things, encryptation it’s for now, and for users control, the best solution.
I’m from Chile and here most of the ISP do traffic shapping, and it’s been discussed in high levels, from users of the community to parlammentaries, but fromm now we don’t have a thing to do beside encryptation. I have 2mb bandwidth and some time ago i couldn’t download more than 1kb/s, wtf that speed if not acceptable.
thanks
In most countries with “unlimited” Internet plans, ISPs are not responsible for the content of their caches, therefore, they could legally cache as many bittorrent blocks as they like without any legal issues. The issue is that Bram was late to the party – people had been requesting extra support in the protocol for caching for a long time before he added his pitifully documented implementation. I think the most responsible thing that Bram could do now is to write a sample bittorrent cache server that plays well with clients, and simply stores blocks without logging (and preferably without enough information to log meaningfully). Something that ISPs could drop in today with minimal hassle.
On another note, somebody should write a personal bittorrent cache, which simply latches onto popular torrents and helps to seed – with the aim of plausible deniability. Where FreeNet is legal, so should this be.
Can you let me know hoe to encrypt the traffic in BitTorrent?
9 references to this post
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.