Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Anyone Can Play Big Brother With BitTorrent

timothy posted more than 4 years ago | from the shrinking-wilderness dept.

The Internet 436

An anonymous reader writes "I was at the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats yesterday, and there were people from the French Institute for Computer Science who have continuously spied on most BitTorrent users on the Internet for 100 days, from a single machine. They've also identified 70% of all content providers; yes, those guys that insert the new contents into BitTorrent. As a BitTorrent user, I was shocked that anyone with a box connected to the Internet can spy on what everyone is downloading on BitTorrent."

cancel ×

436 comments

Sorry! There are no comments related to the filter you selected.

An Opportunity (5, Funny)

MarkvW (1037596) | more than 4 years ago | (#32021280)

Looks like a good way to earn a paycheck from the RIAA.

Re:An Opportunity (5, Insightful)

poetmatt (793785) | more than 4 years ago | (#32021480)

looks like something that won't work for those who understand that plenty of these IP addresses could be spoofed or not even uploading, or knows what I2P does, or uses VPN. This is just a list of IPs that they are assuming are 100% valid because they were listed in the tracker when the content went up. They're saying that if someone is listed on more than one tracker, it confirms who they are.

That= a bad study.

All they're saying is "We can tie an IP to a torrent", but that doesn't mean you can get anything more than that. Judges already don't accept an IP simply being tied to a torrent.

Re:An Opportunity (5, Funny)

feepness (543479) | more than 4 years ago | (#32021690)

Judges already don't accept an IP simply being tied to a torrent.

What do they accept? My, err, friend wants to know!

Re:An Opportunity (5, Informative)

Bigjeff5 (1143585) | more than 4 years ago | (#32021878)

If you can get an IP, you can narrow down the area quite a lot without the ISP's cooperation, possibly enough to force the ISP's cooperation. With ISP cooperation you can narrow an IP down to a physical address. At that point, you're screwed.

What people who don't understand how networking works is, if there is a connection then there is an IP address trail to follow. You cannot spoof an IP address and maintain a connection. You can spoof a MAC address just fine, because that is only used on the last leg of the connection, but the IP address is used the rest of the way and a link must be maintained if data is ever to get back to the source. Pretty much all IP spoofing is good for are cases where you don't want to receive the response, like a DOS attack (there are elaborate network hacks using IP spoofing, but they require direct access to the destination network). That's obviously no good for a BitTorrent connection.

What you can do is sort of "launder" the IP address to make it difficult to trace - that is, to route it through multiple NAT services. Each NAT maintains an IP trail to the previous address though, or the connection would fail, so this is only obscuring the source, not erasing the trail. Someone diligent enough (and with sufficient authority to force cooperation from various ISP's) could potentially track any sufficiently current IP address from destination back to source. Also, setting up such a route would go a long way to establishing intent to commit a crime, which will blow most of your defense out of the water in such a case.

There might be some honeybuckets in the tracker's list, which would be clever, but all it is going to do is waste a little bit of time for whoever is tracking these IP's, it's certainly no protection for anybody but the tracker (who would be monitoring the honeybucket, one would assume).

Re:An Opportunity (5, Insightful)

Shakrai (717556) | more than 4 years ago | (#32021976)

With ISP cooperation you can narrow an IP down to a physical address. At that point, you're screwed.

Speak for yourself. I do all my bittorrenting from open wireless networks ;)

Re:An Opportunity (1)

Stregano (1285764) | more than 4 years ago | (#32022290)

I lover living next to a Borders that has free wifi. Buying a wifi antenna is seriously magic for that exact purpose.

Apparently, porn is downloaded and/or watched from Borders alot.

Re:An Opportunity (3, Insightful)

wealthychef (584778) | more than 4 years ago | (#32022354)

This is actually an argument for buying a wireless router and leaving it open without a password. Sure, you can be owned by your malicious neighbors, but they could also be the ones doing the torrent downloads... hmm. LOL

Or a warning (0)

Anonymous Coward | more than 4 years ago | (#32021634)

Re:Or a warning (0)

Anonymous Coward | more than 4 years ago | (#32021788)

Fake. Try typing in "man cat"

I know. Nevertheless, it's a warning. See... (0)

Anonymous Coward | more than 4 years ago | (#32022004)

(from tf comments:)

  81 Apr 27, 2010 at 18:37 by ANDY

IMPORTANT***

the people who say the site is showing stuff they never downloaded,

THAT IS THE POINT

the site is set up to show what would happen if ACTA is signed,

THEY MAKES MISTAKES

so practically you could be prosecuted for something u diddnt do, i think thats their point

Re:I know. Nevertheless, it's a warning. See... (1)

biryokumaru (822262) | more than 4 years ago | (#32022220)

The scary part is that it doesn't have any of the torrents I've actually downloaded in the past few days, like BT4 [backtrack-linux.org] which was a huge swarm and came in at like 3 MB/s.

UNISEX? (-1, Offtopic)

phoenix0783 (965193) | more than 4 years ago | (#32021314)

The third annual UNISEX workshop?

Re:UNISEX? (2, Interesting)

2obvious4u (871996) | more than 4 years ago | (#32021382)

Did you know when reading you really only look at the first and last letter? [ecenglish.com] Your mind fills in the rest. So that comment just shows where your mind is.

Re:UNISEX? (0, Offtopic)

CarpetShark (865376) | more than 4 years ago | (#32021968)

D...s

TL;DR.

Re:UNISEX? (0)

Anonymous Coward | more than 4 years ago | (#32022056)

If I always notice spelling and grammar mistakes, even involving the middle of words (like their/thier) does that mean I'm broken?

Re:UNISEX? (1)

biryokumaru (822262) | more than 4 years ago | (#32022326)

No, it means their conclusion is highly flawed. Or, at least, 2obvious4u's interpretation of their conclusion.

Re:UNISEX? (0, Troll)

0racle (667029) | more than 4 years ago | (#32021388)

Well ya. Chicks can't use computers.

Re:UNISEX? (0)

Anonymous Coward | more than 4 years ago | (#32021998)

Yeah, and they're so stupid that if you leave them outside in the rain they'll stare up at the sky with their mouths wide open and drown.

Oh, wait, that was chickens. :b

Re:UNISEX? (1)

spartacus_prime (861925) | more than 4 years ago | (#32022210)

Only on /. would this be modded as Insightful.

Re:UNISEX? (1, Funny)

Anonymous Coward | more than 4 years ago | (#32021958)

Joey: No, I had sex a couple of days ago.

Rachel: No no, U-N-I-Sex...

Joey: Well...I can't say no to that...

Big Brother? (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32021322)

I would only play special games with Uncle Howie.

Copyright laws. (2, Insightful)

headkase (533448) | more than 4 years ago | (#32021334)

If copyright law was more sane we wouldn't have to argue so much about privacy.

Re:Copyright laws. (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32021420)

interesting yet saddening to see someone actually admit that they only give a fuck about privacy because they don't want to get in trouble for all the shit they steal.

Re:Copyright laws. (5, Insightful)

DarkKnightRadick (268025) | more than 4 years ago | (#32021536)

I care about privacy and I only use bit torrent for legitimate purposes.

Re:Copyright laws. (2, Insightful)

Anonymous Coward | more than 4 years ago | (#32022006)

Same AC here. I didn't say that everyone only cares about privacy because they don't want to get caught doing anything illegal, I said it was interesting and saddening to see one person admit as such. I personally don't download anything illegally anymore, though i'll admit that at one time i did so often and freely. i do however care deeply about my right to privacy. and you have to admit that there are a large number of people jumping on the internet privacy bandwagon, yet they have absolutely no real belief or feelings about the cause. they simply like stealing shit, and are scared that they're going to get caught, so they scream privacy violation till they're blue in the face. and honestly, i feel this is one of the biggest threats to privacy we currently face, because the actions of these cheap childish assholes degrade the cause in its entirety. to the average person on the street privacy advocate is becoming synonymous with pirate and various agencies and corporations are more than happy to fuel that fire.

Re:Copyright laws. (1)

Mordok-DestroyerOfWo (1000167) | more than 4 years ago | (#32022150)

And most Playboy readers only buy them for the articles.

Re:Copyright laws. (1)

DarkKnightRadick (268025) | more than 4 years ago | (#32022370)

I wouldn't know, but I don't like what you are implying.

Re:Copyright laws. (5, Informative)

loufoque (1400831) | more than 4 years ago | (#32021540)

First off, Copyright infringement is not theft.

Secondly, transmitting copyrighted material over a computer network is not necessarily copyright infringement, even if copyright holders would like it to be.

Re:Copyright laws. (1)

JoeBuck (7947) | more than 4 years ago | (#32022162)

If the transmission is done with the permission of the copyright holder (either explicitly or because of a license), it's not infringement. And in some circumstances fair use (some countries call it "fair dealing") applies. But clearly most BT traffic is copyright infringement.

Re:Copyright laws. (3, Insightful)

commodore64_love (1445365) | more than 4 years ago | (#32022372)

I don't lie to myself.

I steal. Rather than go out and buy the DVDs, I steal the content. And no I don't care. Movie companies steal from their workers all the time ("Sorry Mr. Cameron, actors, and crew... Titanic made no profit, so your profit share check will be zero."). If the movie is any good (like Star Trek) then I will buy it.

Re:Copyright laws. (3, Insightful)

jeffmeden (135043) | more than 4 years ago | (#32021560)

Is privacy invaded because of people pursuing copyright violators, or is privacy pursued because people want to evade copyright enforcers? Seems that if you decide it's the latter you are prepared to give away the privacy of many (those who arent copyright thieves) for the protection of the few (those that own IP that is being copied)...

You know giving up the first little bit is always the easiest...

Re:Copyright laws. (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32021548)

I'll call BS on your comment.

You know as well as I do, even if copyright laws were relaxed, far too many people like you are too cheap to pay for anything anyways, especially when you can get it for free.

Re:Copyright laws. (4, Insightful)

Red Flayer (890720) | more than 4 years ago | (#32021624)

I dunno about that.

Privacy isn't just about keeping your illegal activities hidden from an authority that can punish you for those activities. I don't want anyone to be able to glean the details of my day-to-day habits, be they bittorent use, physical locations, or anything else. Even if we had NO copyright laws, I'd still have a problem with people being able to track my actions. And FWIW, I have nothing to hide, AFAIK[1], other than routinely exceeding the speed limit in my car. I refuse on principle to violate copyrights.

[1] the AFAIK is a big problem. There's probably a good chance I violate some law or other occasionally, but I have no idea since there are so many laws on the books. But that just feeds into the privacy issue... I'm no Randian, but the massive amount of laws we have on the books that make innocuous behavior illegal means that I'm probably a criminal without knowing it. The best way to protect against this extant situation is to make sure I maintain the privacy of my activity. Better not to have that situation in the first place, but that's a topic for a different discussion.

Re:Copyright laws. (1)

bonch (38532) | more than 4 years ago | (#32021956)

You do realize that the GPL is a copyright license, right? Copyright law is fine. Slashdot is mostly full of pirates who have invented justifications so they don't feel guilty. The moment it's mentioned that people are ripping others off, someone immediately bashes the RIAA, copyright law, "greedy" corporations, etc. Someone else is always portrayed as the bad guy so that the pirate no longer feels like one.

Re:Copyright laws. (0)

Anonymous Coward | more than 4 years ago | (#32022048)

Well, Slashdot is full of kids who have never actually created anything of value in their lives, so they see nothing wrong with taking what others have created without fair compensation.

Unfortunately, actual adults post here too, so that's where the conflict comes in. Adults understand that violating copyrights by downloading and consuming media against the rights-holders wishes is shitty behaviour.

So the adults and the kids argue, round and round it goes, and no one is ever convinced of the others' position. At least not until the kids grow up.

Shocked. Shocked! (3, Insightful)

guspasho (941623) | more than 4 years ago | (#32021346)

As a BitTorrent user, I was shocked that anyone with a box connected to the Internet can spy on what everyone is downloading on BitTorrent."

Really? All you have to do is be on the torrent and connect to them.

Re:Shocked. Shocked! (2, Informative)

Peach Rings (1782482) | more than 4 years ago | (#32021410)

You mean, all you have to do is send a simple request to the tracker, which will happily provide you with a fairly complete list of peers.

And people make themselves available on the DHT network.

And people offer their peers freely through PEX.

Re:Shocked. Shocked! (4, Informative)

CondeZer0 (158969) | more than 4 years ago | (#32021592)

> You mean, all you have to do is send a simple request to the tracker, which will happily provide you with a fairly complete list of peers.

Most trackers (at least most public/open trackers [trackon.org] ) insert random ips to give a degree of 'plausible deniability'.

This of course is not perfect, but to be certain that a peer is serving a file the only way is to actually try to connect to it and fetch some blocks, which is quite a bit more work than just querying the tracker, specially if you have to do it for hundreds of thousands of torrents.

Re:Shocked. Shocked! (5, Interesting)

peragrin (659227) | more than 4 years ago | (#32021688)

you forgot the real part.

You then have to download the entire thing to find out if those blocks are part of IronMan2.avi are actually part of ironman2 movie or some dumb students project on feeding excessive iron to a man.

what percentage of the RIAA music takedowns where not actually infringing music but someone's project with a similar name? I know of at least 3 separate incidents where they made a school take down a professors own notes because of a file name.

Re:Shocked. Shocked! (1)

CondeZer0 (158969) | more than 4 years ago | (#32021910)

This is a good point, but I assumed that if they can get a few random blocks that match the hash, that would probably be enough evidence form a legal point of view.

Re:Shocked. Shocked! (0)

Anonymous Coward | more than 4 years ago | (#32022138)

What if the file is reencoded?

Re:Shocked. Shocked! (1)

CondeZer0 (158969) | more than 4 years ago | (#32022236)

Still only needs to download the whole file once at most, not once from every peer.

Re:Shocked. Shocked! (1)

ravenspear (756059) | more than 4 years ago | (#32021422)

Yeah I mean, that's really not a surprise. The torrent would be pretty useless if you couldn't connect to the other clients on it. And to connect to them you need to know the ip address.

Some torrent clients have a handy browser that lets you view the IPs of all connected clients.

Now, connecting to all torrents on the net would take some effort, but if you were able to do that then you would be able to see everyone using BitTorrent.

Re:Shocked. Shocked! (1)

Bigjeff5 (1143585) | more than 4 years ago | (#32021964)

Now, connecting to all torrents on the net would take some effort, but if you were able to do that then you would be able to see everyone using BitTorrent.

Not really, there are a relatively small number of tracker servers, once you have access to the tracker it should be pretty trivial scripting out a request for each torrent they have on the server.

Private servers I'd expect they would not be able to connect to, but otherwise most of the trackers are public enough that they could crawl for most of them. It certainly not an easy undertaking, but it's far from shocking in my opinion. I think the OP just had no real concept of how BitTorrent works.

Re:Shocked. Shocked! (1, Funny)

Anonymous Coward | more than 4 years ago | (#32021526)

As a BitTorrent user, I was shocked that anyone with a box connected to the Internet can spy on what everyone is downloading on BitTorrent.

let me fix that for you...

As a BitTorrent user, I was shocked that anyone with a box connected to the Internet can spy on what my neighbour's unprotected wireless network is downloading on BitTorrent."

Re:Shocked. Shocked! (4, Insightful)

natehoy (1608657) | more than 4 years ago | (#32021816)

Yeah, I'm shocked that anyone could be shocked.

P2P means "Peer to Peer". That means your computer makes a direct connection to other users who seed or leech you. In order to do that, you need to give your IP address so they know who to talk back to. IP addresses resolve to a host, which can always identify your ISP and in rarer cases can identify your username on the ISP (this is thankfully very rare any more).

I wonder how shocked the poster of this article would be if he realized that every web page he visits gets the same exact information?

Re:Shocked. Shocked! (1)

iamhassi (659463) | more than 4 years ago | (#32021922)

"Really? All you have to do is be on the torrent and connect to them."

What about protocol encryption [torrentfreak.com] or PeerGuardian [phoenixlabs.org] ? Do either of these help or are they worthless? Article is very light on details, just says "use torrent, we c u IPs"

Re:Shocked. Shocked! (1)

ravenspear (756059) | more than 4 years ago | (#32022174)

Encryption masks the content of what you are transferring. You still have to know who to connect to.

Re:Shocked. Shocked! (1)

Athanasius (306480) | more than 4 years ago | (#32022180)

Neither of those stop your IP from being listed on the tracker(s).

Encryption only stops Man-In-The-Middle snooping, but practically speaking that would have to be by either your ISP or the ISP for the other end of the connection, which seems unlikely without court orders. A 'bad' IP can still connect to you (or place itself on the tracker so there's a chance you'll connect to it). What this *might* buy you, together with using ports other than the standard BitTorrent ones is obfuscation of what your traffic is for the purposes of avoiding ISP bandwidth shaping.

PeerGuardian, assuming the lists have all the relevant IPs, will stop people from being able to connect with you. But you're still in the tracker. However, I see a prior comment has said 'most' trackers include some random 'junk' IPs so as to confuse things. Obviously this makes the protocol slightly less efficient, but I doubt it makes any practical difference.

To sum up: Encryption is mostly to try and avoid ISP bandwidth shaping. PeerGuardian, together with trackers listing 'junk' IPs offers some protection against being fingered in this way.

Does anyone know if it's possible/practical to read from a tracker's list to get a list of IPs to connect to, but not place your IP in the list? You'd be limiting yourself to outbound connections only. Without checking I don't know if simply retrieving a tracker's data for a torrent places your IP in its list for subsequent retrieval. Either way this is an obnoxious thing to do (yes, for any torrent I join, whatever its content, I stay at least until ratio 1.00, and typically to 2.00 and beyond as local resources allow).

As I understand BT (0)

Anonymous Coward | more than 4 years ago | (#32021364)

People annouce the bits they have and don't have and others point to locations who have and don't have the data.

It is a large game of Go Fish.

TMK it wouldn't be hard to compile a list of who has what.

Say Hello to Homeland Security (0)

Anonymous Coward | more than 4 years ago | (#32021394)

Team Members; Arnaud Legout (INRIA, F) Stevens Le Blond (INRIA, F) Fabrice Le Fessant (INRIA, F) Walid Dabbous (INRIA, F) Mohamed Ali Kaafar (INRIA, F) Pere Manils (INRIA, F) Abdelberi Chaabane (INRIA, F) Claude Castellucia (INRIA, F)

This is not an important security article. (4, Insightful)

Spazntwich (208070) | more than 4 years ago | (#32021402)

It is an important reminder of just how ignorant most technology users are of the very tools they're using.

Re:This is not an important security article. (2, Insightful)

vxice (1690200) | more than 4 years ago | (#32021552)

Shocking, shocking I say that when I use p2p to upload and download files to other people that someone could possibly be sitting around listening to and recording my requests for data as well as requesting data that I have sourced that they 'want' who would have guessed?

Re:This is not an important security article. (1)

phantomcircuit (938963) | more than 4 years ago | (#32021668)

The only thing even slightly interesting about this is how centralized the trackers actually are.

But I guess they wouldn't see the private trackers at all.

Re:This is not an important security article. (5, Funny)

0100010001010011 (652467) | more than 4 years ago | (#32021856)

I download something from Napster
  And the same guy I downloaded it from starts downloading it from me when I'm done
  I message him and say "What are you doing? I just got that from you"
  "getting my song back fucker"

- bash [bash.org]

Huh? (1, Informative)

Anonymous Coward | more than 4 years ago | (#32021414)

As a BitTorrent user, I was shocked that anyone with a box connected to the Internet can spy on what everyone is downloading on BitTorrent."

Seriously? BitTorrent is a completely open, unsecured protocol. Yes. Anybody can be listening in. The only difficulty is finding the trackers, and it's not like that is THAT hard...

Whether or not the list created is ACCURATE, however, is another matter. It's also incredibly easy to 'poison' those lists with fake addresses, as in the case of the music-sharing printer...

Re:Huh? (1)

allo (1728082) | more than 4 years ago | (#32021966)

bittorrent client should download random parts from random files to some degree. So the log who has downloaded parts of a file does not correlate to "who has downloaded the complete file and saved it on his/her computer" anymore.

Redacted (5, Funny)

StikyPad (445176) | more than 4 years ago | (#32021444)

[This post removed under the first rule of USENET.]

Re:Redacted (2, Funny)

Anonymous Coward | more than 4 years ago | (#32021704)

But if I copy the redacted post and paste into my favorite editor, all is revealed!

Re:Redacted (1)

value_added (719364) | more than 4 years ago | (#32021718)

ME TOO!

--
anon@aol.com

Re:Redacted (1)

HTH NE1 (675604) | more than 4 years ago | (#32022132)

ME TOO!

tl;dr

Re:Redacted (1)

Bigjeff5 (1143585) | more than 4 years ago | (#32022032)

[This post removed under the first rule of USENET.]

Don't tell me, "Don't talk about USENET?"

Re:Redacted (1)

spartacus_prime (861925) | more than 4 years ago | (#32022248)

What's USENET?

Good! (1)

feepness (543479) | more than 4 years ago | (#32021458)

As a BitTorrent user, I was shocked that anyone with a box connected to the Internet can spy on what everyone is downloading on BitTorrent.

This is good news. It means BitTorrent is no longer relegated to those who are even remotely user savvy. This means more sharing!

Hint: BitTorrent is a protocol that relies on users talking to each other about what they're downloading. This, strangely enough, provides users with information on what everyone is downloading on BitTorrent.

Re:Good! (4, Interesting)

Jer (18391) | more than 4 years ago | (#32021646)

Actually, despite the credulousness of the summary poster, if you click through to the abstract you also get this bit:

To circumvent this kind of monitoring, BitTorrent users are increasingly using anonymizing networks such as Tor to hide their IP address from the tracker and, possibly, from other peers. However, we showed that it is possible to retrieve the IP address for more than 70% of BitTorrent users on top of Tor [LMC_POST10]. Moreover, once the IP address of a peer is retrieved, it is possible to link to the IP address other applications used by this peer on top of Tor.

Perhaps I'm exposing my own ignorance (because I've never felt the need to use Tor myself) but that strikes me as surprising if it's true. And something that even savvy internet users might not think about.

Re:Good! (3, Interesting)

Knara (9377) | more than 4 years ago | (#32021820)

Well, things like Javascript can expose the originating IP over Tor to the receiver, so it's probably not a large leap to assume that you can look at torrrent traffic and find the originating IP at the application level.

That said, its a "problem" with the originating application, not Tor specifically. As said on the Tor website "Tor does not automatically make all your communications secure."

Hi, I'm new here (4, Funny)

EkriirkE (1075937) | more than 4 years ago | (#32021466)

You mean to tell me when I connect to a large pool of people, there is a large pool of people there?

Re:Hi, I'm new here (1)

Bigjeff5 (1143585) | more than 4 years ago | (#32022052)

You'll also be surprised to know that when you tell everybody what you're downloading, everybody knows what you're downloading.

Shocking, I know, and completely counter-intuitive, but there it is.

Re:Hi, I'm new here (0)

Anonymous Coward | more than 4 years ago | (#32022212)

OMG (4, Funny)

Anonymous Coward | more than 4 years ago | (#32021482)

This must mean my IP address is being BROADCAST TO THE WORLD! And I thought I had punched the monkey to prevent this.

Shocked? (1)

Zedrick (764028) | more than 4 years ago | (#32021490)

First day on the internet? Welcome.

Re:Shocked? (1)

Bigjeff5 (1143585) | more than 4 years ago | (#32022068)

Come on now, it could reasonably be his second or third. Don't be so hard on the guy!

are you new here? (1)

Colin Smith (2679) | more than 4 years ago | (#32021500)

As a BitTorrent user, I was shocked that anyone with a box connected to the Internet can spy on what everyone is downloading on BitTorrent."

Why? Have you been downloading really compromising porn?

WTF? It's peer to peer. All they need to do is have a copy and other people download stuff from you... so you know what they're downloading...

 

Re:are you new here? (1)

Spad (470073) | more than 4 years ago | (#32021604)

Much worse, it was the Backstreet Boys discography.

Everyone? (1)

neoform (551705) | more than 4 years ago | (#32021566)

BitTorrent user, I was shocked that anyone with a box connected to the Internet can spy on what everyone is downloading on BitTorrent.

How could they possibly spy on me if I'm using a private tracker with DHT disabled?

Re:Everyone? (1)

CondeZer0 (158969) | more than 4 years ago | (#32021692)

> How could they possibly spy on me if I'm using a private tracker with DHT disabled?

They can't.

While ignorance is widespread among bitorrent users (as the poster illustrates with his surprise at this story), this story also seems to include some amount of FUD.

Re:Everyone? (1)

blueg3 (192743) | more than 4 years ago | (#32021770)

By story, you mean the submitter's comment on the story. Both the "quote" from TFS and also TFA say "most", not "all".

Re:Everyone? (1)

blueg3 (192743) | more than 4 years ago | (#32021694)

You're assuming, among other things, that everyone else in the torrent has PEX disabled -- or at least that the "private" flag in the metainfo file is set and that everyone's torrent software honors that by disabling PEX.

Re:Everyone? (0)

Anonymous Coward | more than 4 years ago | (#32021890)

You're assuming ... that everyone's torrent software honors that by disabling PEX

What? We even can't trust all these people we don't know that give us free software?

Really? (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32021610)

As a BitTorrent user, I was shocked that anyone with a box connected to the Internet can spy on what everyone is downloading on BitTorrent.

Really? I guess you never looked at the protocol. I can't find a reference, but I remember a news article from a few years ago in which Bram Cohen responding to a reporter who asked if he felt responsible for the piracy enabled by BitTorrent. Bram pointed out that BitTorent is a terrible protocol to use for piracy, because anyone can see who is doing the pirating.

Well duhh! Of course you can find thm out! (4, Funny)

MarkTina (611072) | more than 4 years ago | (#32021616)

It's P2P, you can't hide your IP from someone when they ask for a bit of movie file and your computer cheerfully sends it! It's the equivilant of the police walking down your street shouting "Are their any thieves here ?", and you sticking your head out the window to shout back "Yes Me me me! I'm a thief!!" ;-)

The best you can do is not respond to requests from IPs on a block list ... or steal Wifi from a poorly secured neighbour.

Re:Well duhh! Of course you can find thm out! (1)

CannonballHead (842625) | more than 4 years ago | (#32021672)

or steal Wifi from a poorly secured neighbour.

That's not theft, it is only theft if you take a physical object... ;)

[sarcasm]

Encryption helps? (1)

plaukas pyragely (1630517) | more than 4 years ago | (#32021618)

What about if I select my bittorrent client to connect only via encrypted connection? Is it possible to tell what torrent I am downloading without getting all torrent files that are tracked by the tracker (which is obviously easy to identify)?

Re:Encryption helps? (1)

EkriirkE (1075937) | more than 4 years ago | (#32021764)

Encryption only helps when sniffing someone's network for BT traffic as ISPs do. All you need to do is open your favorite torrent client, wait for the tracker for your *.torrent to give you peers and look at your peers window. Pure unadulterated IPs, for which the client either allows to connect directly to you, or you connect directly to them.

If for some reason your client doesn't have a peers tab/window, just do a netstat and see the flood of IPs and hosts you are connected with.

Re:Encryption helps? (1)

apqvist (784079) | more than 4 years ago | (#32022040)

But his question was whether it is possible to tell what "torrent [he is] downloading", not it if is possible to see which clients he is connected to. And I would like to know the answer to that question as well. :)

Re:Encryption helps? (0)

Anonymous Coward | more than 4 years ago | (#32021842)

Someone correct me if I'm wrong but I think encryption is used only to try and hide the stream from ISP throttling.

Re:Encryption helps? (1)

JWSmythe (446288) | more than 4 years ago | (#32022146)

    Correct. The ISP can't identify your traffic, but the endpoints obviously can. Otherwise, the encryption would be worthless.

    That's an argument I've had with people about https:/// [https] sites. Sure, the data is hidden in between your machine and the server, but both ends know exactly what it is. Otherwise, it just wouldn't work.

    From your machine, you can see who is requesting what from you, and likewise they can see what you request from them.

    It can work to blacklist known snoopy peers, but since anyone can set up their own machine to monitor, the only safe way to remain anonymous is to not do it in the first place. Well, you could do it off a stolen connection, but if the authorities are determined enough to figure out who you are, they will. It's not all that hard to identify the location of a rogue wireless client.

Wouldn't Peer Guardian prevent this? (1)

jbeach (852844) | more than 4 years ago | (#32021684)

Or is that completely wrong and sooooo 2009?

Re:Wouldn't Peer Guardian prevent this? (1)

blueg3 (192743) | more than 4 years ago | (#32021742)

Only if they have an IP address in a known-dangerous block. Being security researchers, they're probably well-aware that an excellent way to spy on P2P users is with a laptop on a local coffee shop's WiFi.

Re:Wouldn't Peer Guardian prevent this? (1)

Degro (989442) | more than 4 years ago | (#32022262)

I switched to the PeerBlock (http://www.peerblock.com/) fork when I switched to Vista/7 64-bit. Peer Guardian doesn't seem to get updates anymore and doesn't support those versions of windows anyway. How effective either are/were I couldn't attest to. I run it as a precaution. I do know that when I am torrent'ing the block history list moves right along at a fairly constant rate.

This guy's a joker. (1)

Zexarious (691024) | more than 4 years ago | (#32021710)

"I was shocked that anyone with a box connected to the Internet can spy on what everyone is downloading on BitTorrent."

Really, you were shocked? What were you doing at a tech conference then, you did not belong there. Back in 01 when the bittorrent protocol was released the #1 thing about it was that 'you could see everyone and everyone could see you'. That's pretty much the definition of bittorrent, that's what the tracker does, connects you to other people. How can someone be so ignorant and apathetic to not even have a basic understanding of how a technology that they use works.

Nice (4, Funny)

Hognoxious (631665) | more than 4 years ago | (#32021716)

I was at the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats yesterday

Awesome. Meet any chicks?

Sees thru TOR!? (1)

JackSpratts (660957) | more than 4 years ago | (#32021722)

Well thank God TOR is transparent.

- JackSpratts

Founder, Society for the Elimination of Opacity. ;)

They cracked Tor? (2, Interesting)

VTI9600 (1143169) | more than 4 years ago | (#32021784)

That you can view peers on a BT network is not shocking. What deserves more attention is the fact that they were able to identify IP's of even those users who used Tor. Of course, BT and Tor should never be mixed (to protect the network of those who need privacy for something other than piracy). This just proves it.

Re:They cracked Tor? (1)

FooHentai (624583) | more than 4 years ago | (#32022256)

Proves it? The two points you mentioned are valid but not related.

Gn44 (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#32021790)

Use the private flag bozos! (0)

Anonymous Coward | more than 4 years ago | (#32021802)

Here's a hint: private=1 in your torrent generation (mktorrent)

DHT and PEX both get disabled, which means this method of attack is impossible.

Almost every private tracker on the planet forces the private flag on and most ban clients which don't follow the spec for private flag, so this shouldn't affect private trackers. Hence why it only got 70%... Why do you think that it? Because 70% are noobs using TPB and MiniNova.

fear-mongerish (5, Informative)

drDugan (219551) | more than 4 years ago | (#32021840)

Saying you "can spy on what everyone is downloading on BitTorrent" and TFA stating "major privacy threat" are over-the-top and fear-mongering exaggerations.

A more accurate way to state this is: Using BitTorrent will make our IP address public regarding what content is downloaded and shared online from that IP address. When someone monitors the same content, then they can log your IP address. This is obvious from how the protocol works to anyone who looks into privacy questions seriously. Yes, there is less privacy with what you download with BitTorrent compared to a direct download, as other people also sharing the same content can see your IP address.

But remember, with every download method online someone else knows you have downloaded it, with direct downloads and with all the different peer-to-peer distribution options. If you go to Adobe and download the latest Photoshop demo, they know, they log your IP, and usually even ask for even more information about you.

The only a real privacy problem (a "major threat") is for people using BitTorrent for illegal redistribution of content; it is not a major problem for distribution of open licensed or public domain content, businesses or organizations using BitTorrent for distribution to lower costs, or to distribute free content for viral or marketing purposes.

(Disclaimer: our company, ClearBits, does exactly this, offers distribution as a service to others, and we use BitTorrent extensively)

bittorrent... (1)

GastronomicalEvent (1401141) | more than 4 years ago | (#32021872)

Free month of netflix + dvd decrypt > bit torrent. Sure netflix knows where you are, but the French never will!

card (1)

RichardJenkins (1362463) | more than 4 years ago | (#32022148)

As a BitTorrent user, I was shocked that anyone with a box connected to the Internet can spy on what everyone is downloading on BitTorrent.

Your geek card, hand it in!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>