Regardless of what you think about their morality, this is an awesome attempt at bulletproofing an Internet service.
Heaven help us if it achieves consciousness.
The Pirate Bay went down for about five minutes on Tuesday night as the group retired almost all of its servers and shifted onto the cloud. "So, first we ditched the trackers. Then we got rid of the torrents. Now? Now we've gotten rid of the servers. Slowly and steadily we are getting rid of our earthly form and ascending into …
"The feds won't be able to DDOS their site as it may affect something else."
And how will that even slow them down? They've done it before, it's their standard practice.
There was one case some months back where they put a "This site has been blocked because it's run by criminals" notice on *every* customer of a provider who had one single bad client.
Taking what they have done a little further, what if they added a viral capability so that it seeks out cloud services and replicates itself automatically?
If the system made itself money and could open its own bank accounts, what would stop it from buying cloud space for itself and continually moving itself around?
It really could be unstoppable.
This post has been deleted by its author
This post has been deleted by its author
I've never quite understood what's so hard about tracking them down. My computer knows "where" their server is as it quite easily gets data from their website. So why can't you just 'follow the packets' and end up at the server?
I assume they are located somewhere not-so-easy to walk in and bust, or they are located in so many places that it's impractical.
On the management side several people must be looking after the site, "unpaid", full time. What's in it for them .. except great risk?
You can't help but admire their tenacity. I don't think they'll ever be 'busted' out of existence, but I can see them claiming their mission is complete at some point and just gracefully turning everything off.
p.s. TPB, please can I have some of your servers you no longer need? :)
It's difficult to track them down because their physical equipment is nothing but a middle-man now. You are talking indirectly to the servers.
Now what makes this special is the fact that in addition to indirect communication, the physical machines running the service are running encrypted content on a virtual machine. So whoever does own the physical machines has no idea what they're serving. In addition, those virtual machines don't talk to the users, they talk to the middle-man routers - so they don't know what they're serving or who they're serving to.
Basically, the only way to shut down the pirate bay permanently is to have every country in the world on standby, and within hours (maybe less) lead succesive raids on the physical router and balancer to find the physical locations the cloud servers the balancer has been speaking with. Then, they would need to collect evidence from those machines before getting locked out in the time remaining.
If they fail to find any of the cloud servers, they would have 0 evidence, just standard equipment with some encrypted addresses. By the time they would decrypt that info - if they could - the cloud servers would have already changed and the network could easily be reinstated.
And just for a kick in the nuts, they only have 8 hours to find the cloud-servers if they wanted any evidence of what those servers were serving.
Cloud VM services may be encrypted... but are you going to store your pins, passwords, bank details, medical history on them? The encryption may, for all intents and purposes, be un-crackable but that will not stop the far more probable scenario of the keys being obtained through hackery, mislaid or stolen. Like it's never happened before...
Just marketing for Hosted Services on real servers somewhere. It's no different at all to having servers of their own at a number of different data centres.
Whether or not their site(s) run on a virtual server or not isn't relevant either.
Virtual Servers and so called Clouds use real servers in real buildings in real countries.
I'm 100% opposed to pursuing downloaders or blocking people's internet to ANY server (doomed to failure) or cutting of people from the Internet.
But these people are no latter day Robin Hoods. They are at best parasites and at worst criminals. Just because the Media Industry is nuts and charges too much and doesn't recompense the artists and production crew enough doesn't give them the right to distribute.
I admire people that create, I admire people that pay to support that. I despise parasites and criminals dressing up their actions as somehow beneficial.
I don't think you have any idea what yo are talking about. Of course its different. A real server can be seized by the police because it exists in a real, fixed location, is the property of the criminal, or of someone knowingly hosting the illegal content. With a cloud service the criminal does not know where the server is actually located, and its location can change. Further more the provider does not know what activity is going on on the server. Both parties have actual deniability. Plus, a virtual server can not be seized, even if it could somehow be tracked down (within 8 hours). If the authorities could track it down only the disk image can be seized but it is encrypted. And good luck getting a warrant (again, within 8 hours) if the disk image happens to be stored somewhere that isn't in the USA's pocket.
And more importantly - even if the police did get their act together and impound a router in Estonia talking to a load balancer in Korea and so find and shutdown the VM in the Netherlands.
Then 10 secs later another VM copy paid for by a Mr J Smith's disposable credit card spins up in Canada.
@Mage,
If you do not understand something, just don't talk about.
To put it simply:
- the data is stored somewhere in some country in encrypted form. -- getting those yields you nothing, unless you have the decryption keys
- there is another bunch or servers that just redirect to those machines and decrypt dynamically - getting those is a step but if the encrypted storage 'realizes' it has lost its "proxies" it wipes itself out, you have 8 hours to seize, understand what it does, how it does i (and where)t and issue warrant in another country (which might not be cooperative at all)
i.e. good luck.
I understand perfectly that TBP doesn't store the copies themselves and is using encryption and routers etc.
But at the end of the day they are the wrong peolple to cheer, they are not doing a single iota of good nor advancing any cause. They are egotistical parasitical scum that get far too much publicity. Their "information" to enable people to download do live on real servers somewhere. The "Cloud" is purely a marketing concept, Routing, load sharing, virtual machines etc practically pre-date the internet and certainly pre-date websites.
I'm baffled as to why the smart people here would cheer on these idiots.
I don't think the smart people are cheering on anything here, except some clever use of existing technology to solve a niggling distribution problem.
The fact that it is PB doing the clever use is secondary, in my book. It was only a matter of time before someone reasoned a bullet-proof way around the ham-fisted, freedom-robbing techniques devised by some fat-cat studio owners during a coke-fuelled sex orgy . Perhaps the moguls should learn a little more about how the tech works, or in their case, doesn't work.
Once again, the Net (and the ingenuity of the people using it) shows why it is not so easy for any one entity or pressure group to take control. DARPA was probably the best investment of the US taxpayer's dollar ever.
To the MPAA and your other freedom-loving appendages: looks like you will need to re-think your ridiculous strategy for world domination and oppression. Good luck
And go, go Neo....
I have to say, leaving aside any kind of morals about what they actually do, clearly they are a gifted bunch and I have to tip my hat from a technical standpoint. Just imagine what these guys could do if they ran a legitimate business.
However, I do have to say, I hope the home secretary is paying attention. With the snoopers charter this kind of thing is going to become more and more prevalent for the criminal element. By chasing this group down they have been forced to build a fortress. and made catching them costly/time consuming and probably 9 times out of 10 fruitless. While this group help people get a crappy copy of a film doesn't keep me awake at night I do worry what the more serious criminals will do using this kind of set-up. Maybe its an inevitable step in technological evolution that would have happened anyway, but then maybe we've bought it on ourselves. And I for one, blame the music and film industry!
"The move may also throw a bit of a wrench in plans by AT&T and other US network operators to implement a "six strikes and you're out" policy on piracy, which is due to take effect by the end of the year. Tracking IP addresses of Pirate Bay users is going to be key to the RIAA and MPAA's enforcement efforts, and that task looks to have become significantly harder with the latest Brahman bootstrapping."
It won't make the blindest bit of difference. The MPAA/RIAA don't rely on physical access to the server to track people on a torrent. All you have to do is start to download it yourself, and ta-da, you have a nice list of IP addresses of people giving you bits of the torrent.
Automating this process is already widely used in the anti-piracy circles.
And the real pirates/freetards/illegal redistributors use [enter your favourite method of IP obfuscation here] so the best they can get is the low-hanging fruit who either download to see whether or not something is worth buying, or using a torrent because you simply cannot order said item/program/file *even if you wanted to* due to geographic lockouts imposed against all forms of common reason other than blind greed by the industry sustaining these agencies, who strangely enough seem to claim global jurisdiction "because of the internet" while at the same time enforcing said geographical restrictions.
Curioser and curioser, as Alice said.
Actually it won't change a thing. 100% of all Internet traffic is documented and accessible to law enforcement. It is literally impossible to not be tracked or found, given enough time and resources. The pucker factor will increase significantly when the knock on the door comes.
This post has been deleted by its author
You over look something. It isn't required that pirates (Or any other criminal, or political dissident, or anyone wishing to hide) be impossible to track. All that they need to do is make tracking them sufficiently difficult and expensive that their capture is not worth the cost of tracking. To find TPB's servers with this setup would take a serious amount of detective work and the cooperation of multible cloud providers located around the world, all arranged in under eight hours. Other means - social engineering of the operators, flooding with fake torrents, tarpit clients to disrupt the swarm - would be much more cost-effective.
This is where the power of a name/brand becomes apparent.
The u.s. controls the dns system. Eventually they will block the pirate bay dns entry, and the majority of people won't be able to find it - despite spiffy server setup.
I do not, incidentally, look forward to this day. We are already teetering on the slippery slope.
Oh come on. When has blocking the DNS ever worked? They can publish an IP address (or several), or many different domains pointing to it. While the US plays whackamole, people will club together to list the new domain names in a thousand different places. As it is, in the UK they blocked the main server, and all we have to do is type a different one. Usage from here dipped very briefly and is now back to normal. Blocking DNS will have close to no effect.
All good and well and kudos to TPB guys but there are still a great weakness:
All the authorities have to do is:
1) Put a tab on the router
2) See where the traffic goes (to the loadbalancer)
3) Put a a tab on the loadbalancer
4) See where the traffic goes (to the website/main-servers)
5) Get a warrant, ask cloudhosting-center to make a real-time copy of the servers in question. This is doable since a cloud-server can be copied while running. No decryption necessary. They can make as many copies of this image as they want.
6) Putting an image into operation again, gives them 8 hours to study it and disable the 8 hour deadmans-switch. If they fail at this, they just start up another copy and have another 8 hours, etc.
7) With this hard evidence they can now probably get the domain seized (thepiratebay.se). They can also do this entire process each time thepiratebay moves to different cloud service hostingcenter.
I think by "put a tab on" our anonymous friend meant "passively monitor the IP traffic to and from" .
In theory, at least with only a concurrent few requests, this kind of traffic monitoring can help track where the data is going.
If there was world-wide co-operation, then after determining where all the servers are located, then all of tem could get raided at the same time,
1 - Some part of the cloud will eventually end up physically located in the US. That will be enough for the FBI/whoever to claim that some unspecified crime with a 30-year tariff has been committed in the US.
2 - No reputable cloud provider is going to be stupid enough to think that encryption allows plausible deniability.
3 - As night follows day, this will lead to cloud providers refusing to host encrypted content from any clients, including you and me.
4 - This won't make it any harder to track down PB. All roads will still lead to their load balancers. The fact that there's no content on site won't make a blind bit of difference.
5 - Any cloud provider with the infrastructure to provide a good service will (a) have servers in the US, and (b) will be desperate to keep on the right side of the law, so will (c) shop PB to the FBI without a moment's hesitation.
So, what's the point? They should have stuck with physical servers in a country with no laws. They must know this. My guess is that this press release is all just spin.
>>1 - Some part of the cloud will eventually end up physically located in the US.
This is so unfound and just your opinion, you can pick 'clouds' in tons of countries and I am pretty sure the servers are located in the datacenter listed.
>>3 This will lead to cloud providers refusing to host encrypted content from any clients,
Define encrypyed, you can't. Again a lot of assumptions. The bits may or may not have any value w/o some particular client for that data. Before jpeg was introduced data of the image contained would appear mostly like encrypted data. The data may or may not require external key but that's quite beyond the point.
>>5 Any cloud provider with the infrastructure to provide a good service will (a) have servers in the US
Yay, and the cloud providers magically do geographical spread even if your customers are in Germany
I grow seriously tired of the pure and utter greed of these corporate giants.
In order to maintain control of their empires, they use ever more draconian and invasive procedures to rape your privacy and limit choice while you are using LEGITIMATE methods of obtaining media.
I would like to acquire the media I want, pay and leave WITHOUT an ever expanding list of "partners" knowing who I am, where I live, what I have purchased, what else I have purchased before and how long my inside leg is.
I want to buy your product NOT become one.
They constantly whinge about losses created by freetards downloading and quote ridiculous figures to support their rant while:
a) Their quarterly returns expose the lie
b) In MOST cases the freetards would never have paid for their product anyway
Therefore losses approximately = 0
And they then wonder why more people turn to alternative methods.
For the record, I am not a freetard but I do not oppose sites like The Pirate Bay
I just want freedom of choice.
"I would like to acquire the media I want, pay and leave WITHOUT an ever expanding list of "partners" knowing who I am, where I live, what I have purchased, what else I have purchased before and how long my inside leg is. I want to buy your product NOT become one."
Wow. this stopped me in my tracks. Its such as understated point. You never hear a politician, legislator or industry official acknowledge never mind address this! Basically if you download legitimately you waive your rights to privacy. You agree to be tracked! Anyone know of a legitimate downloading service that is completely anonymous?
"3 - As night follows day, this will lead to cloud providers refusing to host encrypted content from any clients, including you and me."
Yes, that will be a brilliant idea. Maybe at the same time they'll give away free copies of the data to anyone who asks for it.. May as well..
Yes, deny all encryption. that'll stop em'!
This must be up for the single most one-sided "debate" on The Reg, ever.
Have a little think - basically everyone is agreeing with each other, anyone who even appears to suggest anything that doesn't tow the line is downvoted massively and called a moron. Does this mean that everyone who reads The Reg, or everyone on the Net is in agreement, or does it mean that the people who have different views don't feel that they can comment on these articles any more. There's no point in commenting if everyone agrees with each other and just posts re-hashings of the same three or four opinions.
Disagree completely! For example this poster makes a hell of a point:-
"I would like to acquire the media I want, pay and leave WITHOUT an ever expanding list of "partners" knowing who I am, where I live, what I have purchased, what else I have purchased before and how long my inside leg is. I want to buy your product NOT become one."
I know I'm a little late to the party here but:
"There's no point in commenting if everyone agrees with each other and just posts re-hashings of the same three or four opinions."
This is Coward's Special Theory of Pointlessness.
The General Theory of Pointlessness is
"There's no point in commenting."
Nice to see corporation's cloudy plans for control now used against them so wonderfully. Corporations creating cloud storage seem to act like they want a future with all your data and OS there instead of on your hardware. It's as if they plan for it to be a way to control you by controlling your Internet access to it. No access no data or OS. Now I wonder if those corporations haven't shot themselves in the foot with this cloud. I can't help but imagine the Pirate Bay guys thinking something like, "thanks for the amo." LOL.