back to article Researchers spy on BitTorrent users in real-time

Researchers have devised a way to monitor BitTorrent users over long stretches of time, a feat that allows them to map the internet addresses of individuals and track the content they are sending and receiving. In a paper presented earlier this week at the Usenix Workshop on Large-Scale Exploits and Emergent Threats, the …


This topic is closed for new posts.
  1. OrsonX
    IT Angle


    Can some techy person tell me if I should be worried yet?

    I haven't seen 24s8 yet!!!

    1. Random_Walk

      I doubt it...

      ...unless you're the type to look askance on the term "public proxy", that is.

      That said, I think I know now where that 30% miss rate of their came from.

  2. pardonme
    Paris Hilton

    Yeah, 1

    They discovered the the vast majority of the material on BitTorrent started with a relatively small number of individuals.

    1. Anonymous Coward
      Anonymous Coward


      I didn't realise you needed to do fancy research to work out that it all filters down via ripping groups and topsites.

    2. Anonymous Coward


      Stark raving geniuses.

  3. Anonymous Coward
    Black Helicopters

    Oh noes

    What will those p2p leechers ever do?

    Srsly tho, I hope the buggers at least patented the thing - wouldn't want MPAA and RIAA ripping off their hard-made work without a license....

  4. Anonymous Coward

    tracking IP addresses?

    My ISP uses floating IPs.

    Every time I connect to the net, my address changes, so I can only assume that those they were tracking were using fixed IP (which is pretty stupid, IMHO).

    1. Anonymous Coward


      Your ISP will still monitor who is using that IP at that time. When it gets a notice to release information from a court it will look up its DB and know who was assigned that IP at that time.

      Good thing about this though. The stupidity of anti-piracy organisations is that they usually get times/dates wrong.

    2. Alpha Tony

      You wish.

      'My ISP uses floating IPs.'

      That won't protect you in the slightest AC. They can tell that a file is being uploaded/downloaded by a given IP at a specific time and your ISP will have a log of which user that IP address was allocated to at that time.

      So - the only thing standing between you and prosecution/internet suspension is how unhelpful your ISP is feeling when Mr BPI/FACT comes calling and even if the answer is 'very' it's not going to last in the face of legal action.

    3. Anonymous Coward
      Anonymous Coward


      Not to burst your bubble but most ISPs keep a record of who was connected on which IPs and when. Dynamic IPs do not equate to anonymity (unless you work at the ISP and can verify their [lack of] logging ofc)

    4. Anonymous Coward
      Anonymous Coward

      Ahh, not so.

      Your ISP knows from what pool of addresses yours, at any particular time, came from.

      So, yesterday yours was, say, tommorrow it'll be different, but your ISP will know what address was assigned to you, as a user of their service and can then identify you.

      1. fatchap

        Digital Ecconomy Bull

        In fact due to the recent legislation they have to keep it and let a copyright holder know about it.

        1. Anonymous Coward


          "In fact due to the recent legislation they have to keep it and let a copyright holder know about it."

          No they don't.

          Typing one-handed again, are we?

    5. Anonymous Coward

      read what I wrote you thickos

      I'm not saying that my ISP can't identify me from my IP.

      I simply pointed out that the researchers would not have been able to track my IP over several days, because it keeps changing.

      Try reading what you're replying to.

      1. Alan Brown Silver badge

        IP address not the issue.

        "I simply pointed out that the researchers would not have been able to track my IP over several days, because it keeps changing."

        Areyou reinstalling your PtP program each time you reconnect? If you don't then your UID will stay the same no matter which IP you're on. One may ask if the researchers have stats about what IP ranges any given UID was bouncing around.

        1. Anonymous Coward
          Anonymous Coward

          @Alan Brown

          One may indeed ask, but I suspect it was IPs they were tracking, not P2P client UIDs.

  5. frank ly

    Launch Legal Missiles

    "The results are about 70 percent accurate."

    That should be good enough for the Mandy-Bill to be used against you. Don't argue, they have 'computer evidence'.

  6. ShaggyDoggy

    Paid for

    So, can they tell whether the download is paid for or not ?

    And if not it can still be legal e.g. Virb

    Does their research assume that all bit torrent traffic is illegal.

    Where is this heading ?

  7. Anonymous Coward


    Ive read 4 pages (about half) of that PDF and come to a conclusion. Its nothing new. All they do is download all the new torrents from a public tracker. For which hopefully there will only be one seeder and no peers and scrape the server for the IP information of the seeder. They also go on a bit for confirming the IP is the uploader etc

    They're language used in this PDF makes it confusing they use "Inject" and "Exploit" as terms that would not usually be associated at the same meaning.

  8. loopy lou
    Thumb Down

    Dodgy logic

    "Therefore, it is surprising that the anti-piracy groups try to stop millions of downloaders instead of a handful of content providers"

    And if you stop those handful? they seem to think that would be the end of it. More likely, someone else would start. My guess is there's only a handful because other people think "why bother, its already there. " What they would do if it wasn't there is unknown, but it seems unlikely they would all do nothing.

  9. Darkwolf


    The reason that the music industry goes after the downloaders, is because they are some of those who are uploading content.

    How else you think they get your IP addy or trace you?



    Music CEO: We need to make more money.

    Underling: We could start uploading music via torrents for others to download.

    CEO: Why would we do that?

    Underling: Well, when they download the music, we can obtain their IP address.

    CEO: And how does this make us money?

    Underling: Our lawyers can then sue the downloaders for "losses". We will make millions.

    CEO: Brilliant, thats the best idea I have heard in years. You will rise very far in this company with thinking like that.


    CEO: That was a great idea you had years ago, we have made a large amount of money over the years. By the way, we need to cut costs, your fired.

    Underling : Damn.

    ---- Early 2011 ---

    After many years of research, the original underling now releases his own software for P2P that prevents the music companies from being able to track users, without the need for the users to "hide" via proxies or other methods. Pure protection for users of the software.

    He releases this completely free.

    --- early 2012---

    The music companies finally realize that they have a failed business plan, however as they do not want to change, they instead get involved in politics, making every country mad at every other country.

    --- late 2012 --

    Due to the music industry medling, all countries launch nukes at the main offices of the different musc companies.

    This results in the countries that house such industries to launch back.

    The Earth become no longer able to support life.


    Hmmm seems the mayans were right.

    (created by darkwolf)

    1. Anonymous Coward


      Two things wrong with this.

      First, BitTorrent wasn't a protocol until 2001.

      Second, RIAA executives didn't even know what the Internet was before 2004.

      1. DrunkenMessiah

        Third thing...

        You don't need to upload content to get IP addresses. I could go into any swarm right now and get hundreds of IPs of people leeching content. At least some of those IPs won't be proxied and some of those ISPs will be willing to co-operate and there you have your victims.

        The only new thing with this report is that someone's actually come out and said they can track IPs over multiple downloads. To be honest I wouldn't be surprised if the RIAA, MPAA et al aren't already doing this.

    2. This post has been deleted by a moderator

    3. Anonymous Coward


      Thanks for showing us why there's a "tard" in Freetard: it's short for "retarded".

      Don't give up the day job son.

      Moderators: We need an icon for posters who think they're funny, but are desperately lonely losers...

  10. Anonymous Coward

    OK, so...

    What can we do about it?

    VPN? Encryption?

    1. Anonymous Coward

      Re:"What can we do about it?"

      Buy it, like everyone else?

      Then sell it on eBay or Amazon if you don't like it?

      Rent it from Blockbuster?

      Borrow it from the library?

      These are all things you can do cornz1, instead of leeching. Now pull your trousers up and wash your hands.

  11. Brian Miller

    Need different P2P protocol

    Since the BitTorrent protocol wasn't designed to absolutely protect anonymity, all the leeches will need to move to something different.

    A basic problem with any piracy distribution method is effectively keeping the source and peers secret. Here's the conundrum: you want to announce to the world+dog that you have something to share, but you don't want world+dog to know your identity. Sorry, but that's basically not how the IP protocol is structured. Packets have a source and destination address. Any protocol running on top of IP must share the IP addresses of those who are involved in the data transfer. No address means no connection. You cannot both announce to the world and keep your anonymity.

    Encryption doesn't mean that IP address are also encrypted, it just means that the content is obfuscated to a certain level. A VPN is also not the answer, because for a generally public protocol to work, the public has to access the VPN. That means that the record companies can also access the virtual not-quite-so-private network, and easily see who's doing what.

    There is no perfect anonymity on the Internet. It doesn't exist. The only question remains is how hard it is for someone to get away with something illegal.

    1. Charles 9 Silver badge

      Only one way I can think of...

      ...that would be some kind of proxy that obfuscates the endpoints of the connection. But that's basically a server, and we all know what happened to client-server-based distribution systems. The only way around that is to station the server in a country with little or no enforcement of copyright law and little or no ability, desire, or compulsion to enforce those of other nations. But it's hard to think of a country with such a status that isn't notably hostile to western ideas, either. Kind of a no-win situation.

    2. Stiggy


      "A VPN is also not the answer, because for a generally public protocol to work, the public has to access the VPN. That means that the record companies can also access the virtual not-quite-so-private network, and easily see who's doing what."

      Not unless Internet Protocol changed overnight any nobody told me.

      If I tunnel all of my traffic through a VPN, the only externally visible IP addess is the VPN's. Not mine.

      Can the MAFIAA cartel still snoop on the swarm? Sure, of course they can, and they'll discover all the poor smucks who aren't proxying. And then, in the current climate, probably demand that nastygrams be sent to those downloaders unfortunate to live in a cartel-friendly jurisdiction.

      But the original seeder is the top prize. If they are using a VPN, the only IP a snooper see will belong to the allocation pool of the VPN provider. Assuming said provider is genuinely logless, attempts to locate the orginal seeder are doomed to failure.

      All of this assumes that the VPN is configured to handle actual payload traffic, not just .torrent file dissemenation. Lack of following this practice, I can only assume, is how the study managed to conclude that TOR provides no defence.

  12. ShaggyDoggy


    Can we use that term yet ?

    The Mandybill is not law yet.

    Better keep to "unlawful" for now please.

  13. Anonymous Coward

    Underlying assumption

    is of course that IP address == person or living address. That is not necessarily the case...

  14. Anonymous Coward
    Anonymous Coward

    o rly?

    I'm probably missing the point of the research, but all this seems pretty obvious.

    BitTorrent wasn't designed to protect anonymity, as mentioned by some of the above. But I heard rumours that the Pirate Bay boys were working on a next generation P2P system that would. Not sure what happened to that...

    One 'solution' would be to use a foreign proxy; then you'd appear to be outside the remit of the Digital Economy Bill.

  15. OrsonX


    I think Jack will become the President.

    But will then have to sacrifice himself to save humanity (USA) from alien terrorists.

    1. fatchap


      Surely the terrorist in S8 will be illegal P2P downloaders. After all they are ruining civilisation.

    2. Anonymous Coward

      24 S8

      Seen up to the latest Ep (18 I think) and Season 8 shows that 24 has seriously jumped the shark.. Most disappointing for a 24 fan...

      1. Anonymous Coward

        Thanks for sharing

        But you have posted that in the wrong thread. On the wrong site.

  16. Anonymous Coward
    Black Helicopters

    DHCP from BT

    All the home-hub users out there on the BT Network log into the BT network with the same name : : so how are BT to know which one is which, especially if the user DOES NOT use the BT Broadband Talk service. Or is some AC from BT gonna tell me that BT have records of which home hub MAC Address is assigned to which subscriber number. And what is to then stop that user from throwing the POS Home Hub in the trash where it belongs and getting their own ADSL Modem from PC World (for cash) and again using that wonderfully generic username to log back onto the BT Network?

    1. Ammaross Danan


      Their switching system just before The Last Mile knows what MACs connect to it from which lines (one of which is your home btw and they know EXACTLY which line leads to your home). Simple matter to echo these MACs back to The Home Office for proper logging. That's how they associate your IP vs your MAC, charge end-users for services, track your usage over a given month, etc. If you're on the internet, your ISP knows who you are. True anonymity would be to only access the internet from WiFi hotspots (free ones, not the "pay us for use" ones) or wardrive/hack weak/unsecured wireless networks, and constantly rotate networking hardware (NICs, etc) or have one that spoofs its MAC addy and randomize it frequently. Of course, whether this would actually be effective in practice is an exercise for the trolls I guess. :)

    2. Martyn Breckenridge

      Re: BT

      BT authenticate you using the CLI (Phone Number) you are connecting from.

      1. Peter Gathercole Silver badge


        They use this information themselves to check that you are still authorized to use ADSL, so it is no hardship for them to log it.

    3. steogede

      Re: DHCP from BT

      >> Or is some AC from BT gonna tell me that BT have records of which home hub MAC Address is assigned to which subscriber number.

      Tell me, does your telephone have unique user id and password? Does it have a MAC address?

      No? So how do they manage to bill you for the calls you make?

      I don't know enough about the specifics of the ADSL protocol to tell you __how__ they know who is assigned a given IP address, but the idea that they __don't__ is absurd. This is BT we are talking about, the main backer of Phorm in the UK.

  17. Steve Graham

    copyrighted material?

    I can't think of any way to tell whether a media file contains copyrighted or licence-protected material other than by having a human being examine it.

    You could certainly guess that somebody downloading large amounts of audio or video is probably up to no good, but "guess" and "probably" doesn't have much legal standing.

    1. DrunkenMessiah

      re: copyrighted material?

      They can *probably guess* from the file name "Avatar.Bluray.RIP.EncodersNameGoesHere.avi" that it's unlikely to be the random Linux distro of the month.

      1. steogede


        >> They can *probably guess* from the file name "Avatar.Bluray.RIP.EncodersNameGoesHere.avi" that it's unlikely to be the random Linux distro of the month.

        Of course, if it were 'the random Linux distro of the month', that would count as several hundred/thousand copyrighted items as opposed to just one in he case of a rip of Avatar(TM).

        WRT Steve Graham's post, it is pretty safe to assume that someone owns the copyright for the vast majority of the files available via bit torrent - whether or not their copyright is being infringed is a different matter and requires not just a person, but a court case - which is presumably why the the Digital Economy Act uses the term 'apparent infringement'. I wonder how long it'll be before this is extended to other apparent offences - I bet the MPAA/RIAA/MPEG-LA/FACT/PRS/BSA can't wait until they can get all the people who are 'apparently slandering them' disconnected.

  18. Mectron


    The researchers wonder why the criminal organisations such as the maa/riaa don;t go after the one who 'inject" the content.. well for all we know the MPAA/RIAA are the one puting the content out there... there is much more money to be made by destroying the life of millions of families then to stop the problem at it;s source.

    1. Anonymous Coward
      Anonymous Coward

      If they were

      If the MPAA/RIAA were the ones putting the content out there, they would in effect be "Authorizing" the distribution, effectively indemnify all the pirates.

      I'm sure the MPAA/RIAA would be well aware of this fact (although this does not guarantee they wouldn't still do it).

      1. Andrew Penfold

        RE: If they were

        But as soon as MPAA/RIAA connect to a torrent aren't they themselves uploading too? And if, once the download is complete and they check it, they find out that the file "Hit me baby one more time" was actually a pron flick, they themselves are now guilty of infringement and distribution, ha ha!

        1. Anonymous Coward


          Yes, in exactly the same way as when an undercover Police officer buys drugs they then have to be arrested....

          Get real!

          1. Anonymous Coward


            No, in exactly the same way if that police officer then DISTRIBUTED the drugs he bought, he would have to be arrested.

    2. Anonymous Coward
      Anonymous Coward

      Another Mectron fail

      Can't even reach the keys today, Mectron?

      "there is much more money to be made by destroying the life of millions of families then to stop the problem at it;s source."

      The only families whose livelihoods are being destroyed are the original creators, and they're being destroyed by zitty-faced losers like you, and your luser Freetard pals.


      Every class has a Mectron - the guy in the corner who none of the cool kids ever want to talk to. Teacher will be attending to your Special Needs soon, Mecky, so please try not to wet the seat.

  19. This post has been deleted by its author

  20. Anonymous Coward

    Bears and Woods!

    FFS! All you have to do is join a torrent and you instantly see, even in software like uTorrent, click the peers tab and there is the list of IPs you are communicating with!

    FFS, this is hardly rocket science is it! A freaking 10 year old CS student could tell you what peers/IPs are bound into a torrent!

  21. Charlie Clark Silver badge

    Smoke and mirrors. Again

    This is actually an interesting study. By pointing out that a relatively small number of people are providing content to a far greater number of people, the study does highlight a weakness in the copyright owners' arguments - they are not interested in stopping material making its way onto the interwebs. Rather they are keen on maintaining their unfair pricing structure in the digital age. By highlighting the number of downloads and equating them with theft (which they are quite clearly not) they have reasonably successfully pressurised more or less complicit governments into more or less draconian legislation which, while it benefits the copyright owners little directly, allows them to continue to charge over the odds for their wares.

    "oh, look at the sheer volume of theft!" cry the copyright owners. "we'll block your courts forever if we follow take even 1% of them to courts." Governments comply not least because the idea of knowing what the public is actually up to is appealing. And because the industry is suffering so much there will be no investigation into the price-fixing that is going on.

    With the introduction of the compact disc the copyright industry never had it so good. Economically the cost of making a product is the cost of making *one more*. Clever marketing convinced the public to load up on compact discs that were vastly cheaper to produce than the vinyl they often already owned but which were sold at a premium. The same ploy worked with VHS and DVD but obviously we couldn't continue to buy new licences of what we *already* (okay so I'm thinking predominantly of baby-boomers who bought in the 60s, 80s and 90s) owned forever so the market started to flatten out.

    Instead of price competition, with high street prices reflecting to some degree the cost of production, the industry dusted off the idea of theft - which a digital copy most definitely is not - which it came up with when compact cassettes were introduced. Digital distribution added channel to the industry with more radio stations duly paying for playing their wares. Since then the industry has essentially been lobbying for some form of byte tax and blaming its own cost explosion and lack of innovation on the mysterious pirates that are everywhere rather than acknowledging that these are contributory factors in their own failure to gain new customers. As such they will continue to talk up and scandalise the numbers of "freebooters" to bolster their claims to a piece of the cake, whilst at the same time arranging to fix ridiculously high prices for digital downloads.

    Technologically they seem to have learnt their lesson and they're also coming round to realising that, as content is king, they are in a great position for the next wave of services with fanbois of all colours only too happy pay over the odds for the latest and greatest. Well, that's the publishers at least. The distributors, often owned by the same parent but who loathe the producers, that stand to lose out in the consumerist paradise which is excellent at pretending to cut out the middle man.

    But while the deals with Google, Apple, etc. are worked out the torrent argument provides a great smokescreen and you can bet that the industry will seize on yet another set of figures to project their revenue loss.

    The protocol debate itself has long since simply been about control.

  22. Anonymous Coward
    Anonymous Coward

    @Anonymous Coward DHCP from BT

    "All the home-hub users out there on the BT Network log into the BT network with the same name : : so how are BT to know which one is which, especially if the user DOES NOT use the BT Broadband Talk service."

    It is the IP address that is important, this needs to be unique (behind any NAT devices - the NAT device will be able to track the addresses it is NAtting) so can be traced fairly simply. The login there is simply to authenticate to the BT network - some ISPs don't require CPE authentication (SKY, Virgin IIRC)

    "Or is some AC from BT gonna tell me that BT have records of which home hub MAC Address is assigned to which subscriber number."

    Doesn't matter - the IP address is important not the subscriber number. BT will track which IP addresses are assigned to which devices at any time. MAC addresses will always be used to translate end station addresses at L2 anyway. Look up ARP in your chosen reference.

    "And what is to then stop that user from throwing the POS Home Hub in the trash where it belongs and getting their own ADSL Modem from PC World (for cash) and again using that wonderfully generic username to log back onto the BT Network?"

    Nothing, but it will still get an IP address that is unique, logged and traceable back to the PC world modem via the phone line.

    Like it or not, there is nothing you do on the internet that is truly anonymous - all that matters is how much a third party *wants* to identify you coupled with how much legal (or otherwise) authority they have.

  23. Doug Glass

    Spotlight on Theivery

    Dance boys dance. The fat lady will be joining you on stage very shortly.

    1. Anonymous Coward

      The party's over

      And the little freetard runts know it.

      No sympathy for the record industry from me, good riddance to it, but the little whining, leeching losers who spend hours blogging about how UNFAIR it is to pay do make me laugh. Cutting them off would make me laugh even more.

  24. Anonymous Coward


    Because the more we download without paying, the richer they get.


  25. Doshu
    Big Brother

    Time to go

    More proof it's time to switch to a technology that has stronger security/encryption. I don't care if all I'm sharing is my famous ferret-top muffin recipe, i don't want anyone snooping in (and for those wondering, you can REALLY taste the ferret).

  26. Alan Brown Silver badge

    Cost of production

    Having financed and been involved in the production and distribution of indie CDs I have a fair idea how much the cost of extra discs is. I also know how much of a percentage the distribution channels make over the cost of the finished product (around 80-90% of the cost of a massmarket CD on the shop shelf is middleman markup)

    It's very easy to characterise the current war on p2p networks as a way of eliminating competition for online sales so that the major labels can continue selling music at outragous markups. If tracks were fairly priced the p2p arena would die off quickly (indie pricing needs to remain at much the same price as recovering production costs is difficult on small numbers of sales, but majors would still be profitable selling on tracks for 2-3p a pop, let alone 99p - back catalogues would be profitable at 1-2p a shot)

    The current war on p2p is about "control" - which is hardly surprising when you look into the history of major labels and the people behind them.

  27. Pooka

    Was it just me....

    Or did anyone else read "Usenix Workshop on Large-Scale Exploits and Emergent Threats" as the Unisex Workshop?

    What can I say - it's been beer o'clock for a while now!

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022