Forgot your password?
typodupeerror
The Internet Security IT

Anyone Can Play Big Brother With BitTorrent 436

Posted by timothy
from the shrinking-wilderness dept.
An anonymous reader writes "I was at the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats yesterday, and there were people from the French Institute for Computer Science who have continuously spied on most BitTorrent users on the Internet for 100 days, from a single machine. They've also identified 70% of all content providers; yes, those guys that insert the new contents into BitTorrent. As a BitTorrent user, I was shocked that anyone with a box connected to the Internet can spy on what everyone is downloading on BitTorrent."
This discussion has been archived. No new comments can be posted.

Anyone Can Play Big Brother With BitTorrent

Comments Filter:
  • by MarkvW (1037596) on Wednesday April 28, 2010 @04:44PM (#32021280)

    Looks like a good way to earn a paycheck from the RIAA.

    • Re:An Opportunity (Score:5, Insightful)

      by poetmatt (793785) on Wednesday April 28, 2010 @04:53PM (#32021480) Journal

      looks like something that won't work for those who understand that plenty of these IP addresses could be spoofed or not even uploading, or knows what I2P does, or uses VPN. This is just a list of IPs that they are assuming are 100% valid because they were listed in the tracker when the content went up. They're saying that if someone is listed on more than one tracker, it confirms who they are.

      That= a bad study.

      All they're saying is "We can tie an IP to a torrent", but that doesn't mean you can get anything more than that. Judges already don't accept an IP simply being tied to a torrent.

      • by feepness (543479) on Wednesday April 28, 2010 @05:05PM (#32021690) Homepage

        Judges already don't accept an IP simply being tied to a torrent.

        What do they accept? My, err, friend wants to know!

      • Re:An Opportunity (Score:5, Informative)

        by Bigjeff5 (1143585) on Wednesday April 28, 2010 @05:16PM (#32021878)

        If you can get an IP, you can narrow down the area quite a lot without the ISP's cooperation, possibly enough to force the ISP's cooperation. With ISP cooperation you can narrow an IP down to a physical address. At that point, you're screwed.

        What people who don't understand how networking works is, if there is a connection then there is an IP address trail to follow. You cannot spoof an IP address and maintain a connection. You can spoof a MAC address just fine, because that is only used on the last leg of the connection, but the IP address is used the rest of the way and a link must be maintained if data is ever to get back to the source. Pretty much all IP spoofing is good for are cases where you don't want to receive the response, like a DOS attack (there are elaborate network hacks using IP spoofing, but they require direct access to the destination network). That's obviously no good for a BitTorrent connection.

        What you can do is sort of "launder" the IP address to make it difficult to trace - that is, to route it through multiple NAT services. Each NAT maintains an IP trail to the previous address though, or the connection would fail, so this is only obscuring the source, not erasing the trail. Someone diligent enough (and with sufficient authority to force cooperation from various ISP's) could potentially track any sufficiently current IP address from destination back to source. Also, setting up such a route would go a long way to establishing intent to commit a crime, which will blow most of your defense out of the water in such a case.

        There might be some honeybuckets in the tracker's list, which would be clever, but all it is going to do is waste a little bit of time for whoever is tracking these IP's, it's certainly no protection for anybody but the tracker (who would be monitoring the honeybucket, one would assume).

        • Re:An Opportunity (Score:5, Insightful)

          by Shakrai (717556) on Wednesday April 28, 2010 @05:22PM (#32021976) Journal

          With ISP cooperation you can narrow an IP down to a physical address. At that point, you're screwed.

          Speak for yourself. I do all my bittorrenting from open wireless networks ;)

          • Re:An Opportunity (Score:4, Insightful)

            by wealthychef (584778) on Wednesday April 28, 2010 @05:43PM (#32022354)
            This is actually an argument for buying a wireless router and leaving it open without a password. Sure, you can be owned by your malicious neighbors, but they could also be the ones doing the torrent downloads... hmm. LOL
            • Re:An Opportunity (Score:5, Insightful)

              by Bigjeff5 (1143585) on Wednesday April 28, 2010 @06:25PM (#32022972)

              If they get enough to get a search warrant, you're screwed, because even if you're masking you're MAC they'll be able to figure that out once they have access to your machine and make a positive link to the IP address.

              If you use whole-drive encryption, recent court cases have shown you've opened up a whole new can of worms, and didn't really save yourself any trouble.

              If you try hard enough at hiding it, you could be in a situation where the circumstantial evidence is enough to push a jury past the "reasonable doubt" threshold, in which case you've saved yourself nothing.

              It really is not easy to shield yourself when you use a protocol that by its very nature must identify your machine uniquely. The best you can do is hide and make your discovery more difficult. You can't completely prevent it completely and still access the internet in any useful way.

              • Re: (Score:3, Informative)

                by Xest (935314)

                You seem to have a good grasp of the technical aspects, but a severe lack of the legal aspects.

                The issue is that once you've got an address, then what? In most countries you can't simply hold the subscriber responsible for an illegal act, at best the ISP can hold them responsible for breaching their ISPs subscriber agreement and cut them off after which they go to an ISP.

                Even if they get the police to issue a search warrant and search the house, then what next? They can find a computer with content on it, b

              • Re: (Score:3, Interesting)

                by Shotgun (30919)

                I had a situation where a kid was using Skype to make bomb threat phone calls to the middle school my son attended. The kid had a history of the same behavior and could make a reasonable guess that it was the kids voice on the phone. There was also a phone call that reported a gun fight at my house. I was working in the garage when the police showed up with handguns and rifles locked and loaded.

                There wasn't enough evidence to support the issuance of a warrant to get the call records from Skype. And that

        • Re: (Score:3, Informative)

          by poetmatt (793785)

          You can indeed spoof an IP and maintain a connection. ever heard of a: VPN or b: a proxy, c: I2P or d: tor?

          Good luck with that. None of those are new techniques by any means.

          It's also one thing to identify someone just being connected to a torrent. It's another to prove distribution. You will have to connect to identify someone. None of this stuff from this report says they connected to the individuals to verify the IP addresses.

          You can (if an ISP chooses to share the data) tie an IP down to a physical add

    • Re: (Score:3, Informative)

      by dimeglio (456244)

      This was the idea behind bitTorrent from its inception as quick and efficient method of deploying large content to many users simultaneously. The drawback is the public display of IP addresses and yes, a simple computer, connected to several torrents, can obtain many addresses. This doesn't really mean anything except they are participating in the bitTorrent network. It does not necessarily mean any data from the torrent file is on the computer. It is simply a node unknowingly exchange inappropriate content

  • Copyright laws. (Score:2, Insightful)

    by headkase (533448)
    If copyright law was more sane we wouldn't have to argue so much about privacy.
    • Re:Copyright laws. (Score:5, Insightful)

      by Red Flayer (890720) on Wednesday April 28, 2010 @05:01PM (#32021624) Journal
      I dunno about that.

      Privacy isn't just about keeping your illegal activities hidden from an authority that can punish you for those activities. I don't want anyone to be able to glean the details of my day-to-day habits, be they bittorent use, physical locations, or anything else. Even if we had NO copyright laws, I'd still have a problem with people being able to track my actions. And FWIW, I have nothing to hide, AFAIK[1], other than routinely exceeding the speed limit in my car. I refuse on principle to violate copyrights.

      [1] the AFAIK is a big problem. There's probably a good chance I violate some law or other occasionally, but I have no idea since there are so many laws on the books. But that just feeds into the privacy issue... I'm no Randian, but the massive amount of laws we have on the books that make innocuous behavior illegal means that I'm probably a criminal without knowing it. The best way to protect against this extant situation is to make sure I maintain the privacy of my activity. Better not to have that situation in the first place, but that's a topic for a different discussion.
  • Shocked. Shocked! (Score:4, Insightful)

    by guspasho (941623) on Wednesday April 28, 2010 @04:47PM (#32021346)

    As a BitTorrent user, I was shocked that anyone with a box connected to the Internet can spy on what everyone is downloading on BitTorrent."

    Really? All you have to do is be on the torrent and connect to them.

    • Re: (Score:2, Informative)

      by Peach Rings (1782482)

      You mean, all you have to do is send a simple request to the tracker, which will happily provide you with a fairly complete list of peers.

      And people make themselves available on the DHT network.

      And people offer their peers freely through PEX.

      • Re:Shocked. Shocked! (Score:5, Informative)

        by CondeZer0 (158969) on Wednesday April 28, 2010 @04:59PM (#32021592) Homepage

        > You mean, all you have to do is send a simple request to the tracker, which will happily provide you with a fairly complete list of peers.

        Most trackers (at least most public/open trackers [trackon.org]) insert random ips to give a degree of 'plausible deniability'.

        This of course is not perfect, but to be certain that a peer is serving a file the only way is to actually try to connect to it and fetch some blocks, which is quite a bit more work than just querying the tracker, specially if you have to do it for hundreds of thousands of torrents.

        • Re:Shocked. Shocked! (Score:5, Interesting)

          by peragrin (659227) on Wednesday April 28, 2010 @05:05PM (#32021688)

          you forgot the real part.

          You then have to download the entire thing to find out if those blocks are part of IronMan2.avi are actually part of ironman2 movie or some dumb students project on feeding excessive iron to a man.

          what percentage of the RIAA music takedowns where not actually infringing music but someone's project with a similar name? I know of at least 3 separate incidents where they made a school take down a professors own notes because of a file name.

          • by CondeZer0 (158969)

            This is a good point, but I assumed that if they can get a few random blocks that match the hash, that would probably be enough evidence form a legal point of view.

          • Re: (Score:3, Informative)

            by klapaucjusz (1167407)

            You then have to download the entire thing to find out if those blocks are part of IronMan2.avi are actually part of ironman2 movie or some dumb students project on feeding excessive iron to a man.

            Not in BitTorrent.

            A torrent is uniquely identified by its "info-hash", and the first thing you do when you connect to a peer is to agree on the info-hash. So with BitTorrent, you only need to download the file once, check that it is the right file, and then ask all of the peers you find whether they are distributing files with this particular info-hash.

    • Yeah I mean, that's really not a surprise. The torrent would be pretty useless if you couldn't connect to the other clients on it. And to connect to them you need to know the ip address.

      Some torrent clients have a handy browser that lets you view the IPs of all connected clients.

      Now, connecting to all torrents on the net would take some effort, but if you were able to do that then you would be able to see everyone using BitTorrent.
      • by Bigjeff5 (1143585)

        Now, connecting to all torrents on the net would take some effort, but if you were able to do that then you would be able to see everyone using BitTorrent.

        Not really, there are a relatively small number of tracker servers, once you have access to the tracker it should be pretty trivial scripting out a request for each torrent they have on the server.

        Private servers I'd expect they would not be able to connect to, but otherwise most of the trackers are public enough that they could crawl for most of them. It certainly not an easy undertaking, but it's far from shocking in my opinion. I think the OP just had no real concept of how BitTorrent works.

    • by natehoy (1608657) on Wednesday April 28, 2010 @05:12PM (#32021816) Journal

      Yeah, I'm shocked that anyone could be shocked.

      P2P means "Peer to Peer". That means your computer makes a direct connection to other users who seed or leech you. In order to do that, you need to give your IP address so they know who to talk back to. IP addresses resolve to a host, which can always identify your ISP and in rarer cases can identify your username on the ISP (this is thankfully very rare any more).

      I wonder how shocked the poster of this article would be if he realized that every web page he visits gets the same exact information?

    • by iamhassi (659463)
      "Really? All you have to do is be on the torrent and connect to them."

      What about protocol encryption [torrentfreak.com] or PeerGuardian [phoenixlabs.org]? Do either of these help or are they worthless? Article is very light on details, just says "use torrent, we c u IPs"
      • Encryption masks the content of what you are transferring. You still have to know who to connect to.
  • by Spazntwich (208070) on Wednesday April 28, 2010 @04:50PM (#32021402)

    It is an important reminder of just how ignorant most technology users are of the very tools they're using.

    • Re: (Score:3, Insightful)

      by vxice (1690200)
      Shocking, shocking I say that when I use p2p to upload and download files to other people that someone could possibly be sitting around listening to and recording my requests for data as well as requesting data that I have sourced that they 'want' who would have guessed?
    • The only thing even slightly interesting about this is how centralized the trackers actually are.

      But I guess they wouldn't see the private trackers at all.

    • by 0100010001010011 (652467) on Wednesday April 28, 2010 @05:15PM (#32021856)

      I download something from Napster
        And the same guy I downloaded it from starts downloading it from me when I'm done
        I message him and say "What are you doing? I just got that from you"
        "getting my song back fucker"

      - bash [bash.org]

  • Redacted (Score:5, Funny)

    by StikyPad (445176) on Wednesday April 28, 2010 @04:52PM (#32021444) Homepage

    [This post removed under the first rule of USENET.]

  • As a BitTorrent user, I was shocked that anyone with a box connected to the Internet can spy on what everyone is downloading on BitTorrent.

    This is good news. It means BitTorrent is no longer relegated to those who are even remotely user savvy. This means more sharing!

    Hint: BitTorrent is a protocol that relies on users talking to each other about what they're downloading. This, strangely enough, provides users with information on what everyone is downloading on BitTorrent.

    • Re:Good! (Score:5, Interesting)

      by Jer (18391) on Wednesday April 28, 2010 @05:03PM (#32021646) Homepage

      Actually, despite the credulousness of the summary poster, if you click through to the abstract you also get this bit:

      To circumvent this kind of monitoring, BitTorrent users are increasingly using anonymizing networks such as Tor to hide their IP address from the tracker and, possibly, from other peers. However, we showed that it is possible to retrieve the IP address for more than 70% of BitTorrent users on top of Tor [LMC_POST10]. Moreover, once the IP address of a peer is retrieved, it is possible to link to the IP address other applications used by this peer on top of Tor.

      Perhaps I'm exposing my own ignorance (because I've never felt the need to use Tor myself) but that strikes me as surprising if it's true. And something that even savvy internet users might not think about.

      • Re:Good! (Score:4, Interesting)

        by Knara (9377) on Wednesday April 28, 2010 @05:12PM (#32021820)

        Well, things like Javascript can expose the originating IP over Tor to the receiver, so it's probably not a large leap to assume that you can look at torrrent traffic and find the originating IP at the application level.

        That said, its a "problem" with the originating application, not Tor specifically. As said on the Tor website "Tor does not automatically make all your communications secure."

      • Re:Good! (Score:5, Informative)

        by blair1q (305137) on Wednesday April 28, 2010 @06:04PM (#32022666) Journal

        No, it's a pretty simple application of basic undercover investigative technique.

        They pretended to be part of the Tor web, joining it at a point where the user's IP address was visible.

        People willingly handed them the IP address.

        And since the web was fairly limited in size, and connection points were selected randomly, and most users did multiple connections over time, eventually 70% of users willingly handed them the IP address. Since Tor has no way of ensuring trust in its security servers, its security is void. You couldn't have designed it better to funnel users' IP addresses to a spy unless you had only one server in the whole web and faked the rest of the topology.

        it was wide-open to being exploited by sting operations.

        This is also the reason you should never trust anonymizing proxy servers or Arab sheiks [wikipedia.org].

        There's nothing so useless as a lock with a voice imprint - Lord President Borusa

      • Re: (Score:3, Insightful)

        Yeah, some assholes use Tor for BitTorrent, and it's awful for the network. Then people like me who live behind the Great Firewall of China, get slower-than-molasses browsing of censored web sites (terrible things like Google Pages, Blogger, anything from Taiwan, any page containing a string the PRC doesn't like, etc.). The main use for such work-arounds is usually just for my own research and education, and this is the basic reason that Tor exists. Users who run BitTorrent through Tor are really abusing wh
  • by EkriirkE (1075937) on Wednesday April 28, 2010 @04:52PM (#32021466) Homepage
    You mean to tell me when I connect to a large pool of people, there is a large pool of people there?
    • by Bigjeff5 (1143585)

      You'll also be surprised to know that when you tell everybody what you're downloading, everybody knows what you're downloading.

      Shocking, I know, and completely counter-intuitive, but there it is.

  • OMG (Score:4, Funny)

    by Anonymous Coward on Wednesday April 28, 2010 @04:53PM (#32021482)

    This must mean my IP address is being BROADCAST TO THE WORLD! And I thought I had punched the monkey to prevent this.

  • First day on the internet? Welcome.
  • As a BitTorrent user, I was shocked that anyone with a box connected to the Internet can spy on what everyone is downloading on BitTorrent."

    Why? Have you been downloading really compromising porn?

    WTF? It's peer to peer. All they need to do is have a copy and other people download stuff from you... so you know what they're downloading...

     

  • BitTorrent user, I was shocked that anyone with a box connected to the Internet can spy on what everyone is downloading on BitTorrent.

    How could they possibly spy on me if I'm using a private tracker with DHT disabled?

    • by CondeZer0 (158969)

      > How could they possibly spy on me if I'm using a private tracker with DHT disabled?

      They can't.

      While ignorance is widespread among bitorrent users (as the poster illustrates with his surprise at this story), this story also seems to include some amount of FUD.

      • by blueg3 (192743)

        By story, you mean the submitter's comment on the story. Both the "quote" from TFS and also TFA say "most", not "all".

    • by blueg3 (192743)

      You're assuming, among other things, that everyone else in the torrent has PEX disabled -- or at least that the "private" flag in the metainfo file is set and that everyone's torrent software honors that by disabling PEX.

  • by MarkTina (611072) on Wednesday April 28, 2010 @05:00PM (#32021616)

    It's P2P, you can't hide your IP from someone when they ask for a bit of movie file and your computer cheerfully sends it! It's the equivilant of the police walking down your street shouting "Are their any thieves here ?", and you sticking your head out the window to shout back "Yes Me me me! I'm a thief!!" ;-)

    The best you can do is not respond to requests from IPs on a block list ... or steal Wifi from a poorly secured neighbour.

    • or steal Wifi from a poorly secured neighbour.

      That's not theft, it is only theft if you take a physical object... ;)

      [sarcasm]

  • Or is that completely wrong and sooooo 2009?
    • by blueg3 (192743)

      Only if they have an IP address in a known-dangerous block. Being security researchers, they're probably well-aware that an excellent way to spy on P2P users is with a laptop on a local coffee shop's WiFi.

  • Nice (Score:5, Funny)

    by Hognoxious (631665) on Wednesday April 28, 2010 @05:07PM (#32021716) Homepage Journal

    I was at the 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats yesterday

    Awesome. Meet any chicks?

  • Well thank God TOR is transparent.

    - JackSpratts

    Founder, Society for the Elimination of Opacity. ;)

  • They cracked Tor? (Score:2, Interesting)

    by VTI9600 (1143169)

    That you can view peers on a BT network is not shocking. What deserves more attention is the fact that they were able to identify IP's of even those users who used Tor. Of course, BT and Tor should never be mixed (to protect the network of those who need privacy for something other than piracy). This just proves it.

  • fear-mongerish (Score:5, Informative)

    by drDugan (219551) * on Wednesday April 28, 2010 @05:14PM (#32021840) Homepage

    Saying you "can spy on what everyone is downloading on BitTorrent" and TFA stating "major privacy threat" are over-the-top and fear-mongering exaggerations.

    A more accurate way to state this is: Using BitTorrent will make our IP address public regarding what content is downloaded and shared online from that IP address. When someone monitors the same content, then they can log your IP address. This is obvious from how the protocol works to anyone who looks into privacy questions seriously. Yes, there is less privacy with what you download with BitTorrent compared to a direct download, as other people also sharing the same content can see your IP address.

    But remember, with every download method online someone else knows you have downloaded it, with direct downloads and with all the different peer-to-peer distribution options. If you go to Adobe and download the latest Photoshop demo, they know, they log your IP, and usually even ask for even more information about you.

    The only a real privacy problem (a "major threat") is for people using BitTorrent for illegal redistribution of content; it is not a major problem for distribution of open licensed or public domain content, businesses or organizations using BitTorrent for distribution to lower costs, or to distribute free content for viral or marketing purposes.

    (Disclaimer: our company, ClearBits, does exactly this, offers distribution as a service to others, and we use BitTorrent extensively)

  • As a BitTorrent user, I was shocked that anyone with a box connected to the Internet can spy on what everyone is downloading on BitTorrent.

    Your geek card, hand it in!

  • by Call Me Black Cloud (616282) on Wednesday April 28, 2010 @05:49PM (#32022434)
    1. Host TOR exit node
    2. Eavesdrop on traffic
    3. Post results [wired.com]
    ...
    4. Profit!

    I'm sure the traffic coming out of TOR is far more interesting than BitTorrent traffic (unless you're a media company).

"Let every man teach his son, teach his daughter, that labor is honorable." -- Robert G. Ingersoll

Working...