Jump to content

Thousands of “Spies” Are Watching Trackerless Torrents


Batu69

Recommended Posts

BitTorrent is a very efficient way to share large files, but not a very private one. It's commonly known that anti-piracy outfits monitor users through public trackers. However, new research reveals that BitTorrent's DHT is also full of "spies" who actively harvest IP-addresses.

The beauty of BitTorrent is that thousands of people can share a single file simultaneously to speed up downloading. In order for this to work, trackers announce the IP-addresses of all file-sharers in public.

The downside of this approach is that anyone can see who’s sharing a particular file. It’s not even required for monitoring outfits to actively participate.

This ‘vulnerability’ is used by dozens of tracking companies around the world, some of which send file-sharers warning letters, or worse. However, the “spies” are not just getting info from trackers, they also use BitTorrent’s DHT.

Through DHT, BitTorrent users share IP-addresses with other peers. Thus far, little was known about the volume of monitoring through DHT, but research from Peersm’s Aymeric Vitte shows that it’s rampant.

Through various experiments Vitte consistently ran into hundreds of thousands of IP-addresses that show clear signs of spying behavior.

The spies are not hard to find and many monitor pretty much all torrents hashes they can find. Blocking them is not straightforward though, as they frequently rotate IP-addresses and pollute swarms.

“The spies are organized to monitor automatically whatever exists in the BitTorrent network, they are easy to find but difficult to follow since they might change their IP addresses and are polluting the DHT with existing peers not related to monitoring activities,” Vitte writes.

The research further found that not all spies are actively monitoring BitTorrent transfers. Vitte makes a distinction between level 1 and level 2 spies, for example.

The first group is the largest and spreads IP-addresses of random peers and the more dangerous level 2 spies, which are used to connect file-sharers to the latter group. They respond automatically, and even return peers for torrents that don’t exist.

The level 2 spies are the data collectors, some if which use quickly changing IP-addresses. They pretend to offer a certain file and wait for BitTorrent users to connect to them.

The image below shows how rapidly the spies were discovered in one of the experiments and how quickly they rotate IP-addresses.

spiedbt.png

Interestingly, only very few of the level 2 spies actually accept data from an alleged pirate, meaning that most can’t proof without a doubt that pirates really shared something (e.g. they could just be checking a torrent without downloading).

According to Vitte, this could be used by accused pirates as a defense.

“That’s why people who receive settlement demands while using only DHT should challenge this, and ask precisely what proves that they downloaded a file,” he says.

After months of research and several experiments Vitte found that there are roughly 3,000 dangerous spies. These include known anti-piracy outfits such as Trident Media Guard, but also unnamed spies that use rotating third party IPs so they are harder to track.

Since many monitoring outfits constantly change their IP-addresses, static blocklists are useless. At TF we are no fans of blocklists in general, but Vitte believes that the dynamic blocklist he has developed provides decent protection, with near instant updates.

This (paid) blocklist is part of the Open Source Torrent-Live client which has several built in optimizations to prevent people from monitoring downloads. People can also use it to built and maintain a custom blocklist.

In his research paper Vitte further proposes several changes to the BitTorrent protocol which aim to make it harder to spy on users. He hopes other developers will pick this up to protect users from excessive monitoring.

Another option to stop the monitoring is to use an anonymous VPN service or proxy, which hides ones actual IP-address.

Source

Link to comment
Share on other sites


  • Replies 21
  • Views 2k
  • Created
  • Last Reply
knowledge-Spammer

interesting

He hopes other developers will pick this up to protect users from excessive monitoring.

Another option to stop the monitoring is to use an anonymous VPN service or proxy, which hides ones actual IP-address.

if u use programs like hide all ip i think u are ok ?

Link to comment
Share on other sites


but this also means that they are using the pirated content too, same as the "pirate/s" they're searching for... who monitors them?

Link to comment
Share on other sites


Just use Peerblock and forget about being watched.

Link to comment
Share on other sites


I always delete trackers from torrents before I start any download, and use just DHT + local peer discovery + peer exchange for my uploads/downloads. Trackers can probably have their client IP list monitored quite easily.

Utorrent 2.0.4 with the DHT patch to allow downloads of torrents with the "private" flag set by long defunct private trackers.

Recently, I've noticed a lot of clients that just sit at 0.1%. Must be these spies you are talking about, all after my 100% legal ISOs of Slackware 3.0

;)

I'd be worried, though, if I was sharing copyrighted stuff. Well, sort of worried.

Link to comment
Share on other sites


Just use Peerblock and forget about being watched.

Peerblock/Peerguardian WILL NOT PROTECT YOU

Peerblock/Peerguardian WILL NOT PROTECT YOU. I don't care how many updated blocklists you have.

I speak from experience having got multiple calls/letters from my ISP about DMCA takedown complaints while using these IP blockers.

Get a VPN and make sure you have a killswitch program attached in case you lose connection.

https://www.reddit.com/r/Piracy/comments/2sxz9m/peerblockpeerguardian_will_not_protect_you/

Only perblock should be used with a vpn all by itself is useless it only should be used as a extra layer of protection.

Best thing to do is just use filehost with a vpn and only use torrents as a last resort . :P

Link to comment
Share on other sites


You can also use vuze and have it encrypt your traffic that way if you isp sees your traffic its encrypted obviously. The encryption can protect you from spies to.

Link to comment
Share on other sites


You can also use vuze and have it encrypt your traffic that way if you isp sees your traffic its encrypted obviously. The encryption can protect you from spies to.

With the first part I agree. What worries me is the lack of knowledge and second part.

The encryption CANNOT protect you from spies since it is end-2-end encryption and the spies can (and do) decrypt it.

It only protects the traffic from the "man in the middle" (your ISP as an example). Basically every client has this funtion (in uTorrent you can enforce encryption and not allow unencrypted traffic).

Additional layer of security is not to use DHT and use private (closed) trackers. Of course with added peerguardian and a vpn to the mix.

Nevertheless - I'm eagerly awaiting implementation of this function into the clients.

If someone knows this spies list compatible with Peerguardian/Peerblock - please do share.

Link to comment
Share on other sites


Yes it don't do much good when the anti p2p troll is in a swarm with you looking at you're real ip only a vpn or a proxy can change this. And I wonder how safe private trackers are because many warez site have auto leech on many private sites as well as public posting via bots on filehost 24/7 .

Link to comment
Share on other sites


You can also use vuze and have it encrypt your traffic that way if you isp sees your traffic its encrypted obviously. The encryption can protect you from spies to.

With the first part I agree. What worries me is the lack of knowledge and second part.

The encryption CANNOT protect you from spies since it is end-2-end encryption and the spies can (and do) decrypt it.

It only protects the traffic from the "man in the middle" (your ISP as an example). Basically every client has this funtion (in uTorrent you can enforce encryption and not allow unencrypted traffic).

Additional layer of security is not to use DHT and use private (closed) trackers. Of course with added peerguardian and a vpn to the mix.

Nevertheless - I'm eagerly awaiting implementation of this function into the clients.

If someone knows this spies list compatible with Peerguardian/Peerblock - please do share.

I believe I could be wrong here most of the spies go after uploaders and not downloaders. That could have changed its much better to go after the source (uploaders). Are there any reports where the spies have decrypted it. I hear alot of talk about the FBI complaining and law enforcement complaining from encryption being to good and they subpoena users to get the encryption password there are alot of reports of that. I havent read a report online where law enforcement got someone from decrypting encryption.

Link to comment
Share on other sites


If you're p2ping its according were you're from if they go after you are not P2P is uploading and downloading at the same time . If you use a filehost that's just downloading unless you're a uploader as well. . And also spies are watching filehost too to make sure you dont download something really bad.

Link to comment
Share on other sites


Years ago I read there going after uploaders not downlloaders well RIAA was using software developed by verizon that was years ago it could have changed by then. If I was law enforcement and I wanted to track users without double the work I would track uploaders take away the uploaders and the downloaders are going to have nothing to download from.

Link to comment
Share on other sites


Years ago I read there going after uploaders not downlloaders well RIAA was using software developed by verizon that was years ago it could have changed by then. If I was law enforcement and I wanted to track users without double the work I would track uploaders take away the uploaders and the downloaders are going to have nothing to download from.

The USA has 6 strikes if you use any of these AT&T, Cablevision, Comcast, Time Warner, and Verizon they send out warnings for downloading from p2p these spies send you're ip to you're isp . Even ISP like COX witch don't do this have been token to court to give up peoples names . They can still take you to court even if you're isp don't do 6 strikes. These ISP educate people to use VPNS :)

France has 3 strikes and its mandatory for all there ISP's and they invented the strikes system , Also other countries are adopting this policy.

Link to comment
Share on other sites


You can also use vuze and have it encrypt your traffic that way if you isp sees your traffic its encrypted obviously. The encryption can protect you from spies to.

With the first part I agree. What worries me is the lack of knowledge and second part.

The encryption CANNOT protect you from spies since it is end-2-end encryption and the spies can (and do) decrypt it.

It only protects the traffic from the "man in the middle" (your ISP as an example). Basically every client has this funtion (in uTorrent you can enforce encryption and not allow unencrypted traffic).

Additional layer of security is not to use DHT and use private (closed) trackers. Of course with added peerguardian and a vpn to the mix.

Nevertheless - I'm eagerly awaiting implementation of this function into the clients.

If someone knows this spies list compatible with Peerguardian/Peerblock - please do share.

I believe I could be wrong here most of the spies go after uploaders and not downloaders. That could have changed its much better to go after the source (uploaders). Are there any reports where the spies have decrypted it. I hear alot of talk about the FBI complaining and law enforcement complaining from encryption being to good and they subpoena users to get the encryption password there are alot of reports of that. I havent read a report online where law enforcement got someone from decrypting encryption.

I believe you are mixing two different things :

--- encryption within the Torrent-Client (it basically MUST BE decrypted on the other side in order for the communication to work - so for the spies it doesn't matter if you encrypt it or not IF they are connected to you. It only does matter for the man in the middle attacks and or hijacking the packets to "see" whats in them)

--- encryption of the hard drives/media storage - e.g. a hard driver encrypted with VeraCrypt, strong encryption password -- this is a really hard nut to knack, and indeed -- all those agencies have troubles decrypting it.

Link to comment
Share on other sites


Your under the assumption that decrypting encryption in vuze software is easier than decrypting encryption on storage media and its not and you said spies can I agree then you said do Im asking what reports have you read that indicate this that they have I want a source that is all.

Link to comment
Share on other sites


Your under the assumption that decrypting encryption in vuze software is easier than decrypting encryption on storage media and its not and you said spies can I agree then you said do Im asking what reports have you read that indicate this that they have I want a source that is all.

You just need to read (and understand) how connection/protocol encryption in Torrent-Clients work. That is all.

I don't feel the need to search for any articles for you --- Google and other search engines are for that and you can do it by yourself.

Link to comment
Share on other sites


WIthout evidence of them decrypting torrent client encryption you cant say they do then that is all. I know torrent clients work. I just wanted a source hear it from the horses mouth you cant give me that that makes it hear-say.

Link to comment
Share on other sites


Let me explain then how and end to end encryption works (even if you say that you already know it -- which is unfortunately not the case I believe).

End to End encryption works just like that --- it encrypts the traffic going from point A (let's say -- it's your torrent client) to point D (let's say this is the torrent client on the other side --- either leeching or seeding from/for you).

Points B and C being your ISP and a "man in the middle" are seeing "just" encrypted garbage, but not the points A and D!

So to sum it up :

enforced encryption in the torrent DOESN'T PROTECT you from snooping organisations that connect to a swarm and perform a handshake/transfer with the swarm members !!!

Is that now clear or shall I write it ten times more ?

Link to comment
Share on other sites


I love how you assume I dont know what end to end encryption is and I simply asked for a article there is no need to be a smartass and would you mind getting of your high horse thank you.

Link to comment
Share on other sites


  • Administrator

I must mention, I was under a belief that only those with I'm currently connecting to can see me if I'm encrypted, I guess it's not correct as like you mentioned, everyone in the swam probably can.

Another thing is, this encryption is only made to address ISPs, no one else. After searching I also found that this encryption method uses RC4, which should be thrown out already by everyone, as AES is not possible in torrenting as it uses too much of CPU. In addition, ISPs these days seem to manage to detect torrents anyway, even with encryption.

Another problem I have with encryption is that it seems hardly anyone seems to have it enabled in their clients. Forcing the client to use encryption means you hardly get any seeders or peers and such.

Link to comment
Share on other sites


Thats the only probblem I had I was going to post the encryption uses rcfour and apparently rcfour is broken thanks to the nsa. I hope vuze implements better encryption Im worried about using rcfour. I dont want to jjinx myself I have been encrypting my traffic in vuze with rcfour and mostly to address isp issues. Like I said before spies usually go after the uploaders not downloaders I coulld be wrong there. As for how many seeds and peers you can get I havent had any trouble downloading my torrents *knock on wood*.

Link to comment
Share on other sites


  • Administrator

From what I can understand, newer standard can only be implemented if all the torrent clients and users together use it. Which means not only upgrading to newer clients, but also upgrading hardware to make sure CPU usage is not a problem in AES.

As for whom they are going after, well, in court, they want to prove who is downloading it, not only uploaders, so the idea behind it is that yes, they might be looking after the downloaders as well. There is also a possibility that they might be seeding those torrents I think.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...