Sunday, September 23, 2012

uTorrent 3.3 Adds Counter Measures Against Monitoring of Downloads

utorrent-logoBitTorrent networks are favorite fishing spots for anti-piracy outfits such as RIAA and other research organizations specialized in collecting intelligence on downloaders. BitTorrent is inherently insecure and anyone who engages in file sharing leave a trail of information behind that can uniquely identify a peer and the files they have downloaded. There have been hundreds of cases in the past where file downloaders were sued for copyright infringement on the basis of IP address alone.

Many people are probably aware that they leave their IP address open when they download files from BitTorrent, but believe they are reasonably safe because they know that their IP address is dynamic and that casual monitoring of IP-traffic is not enough to identify them. However, there is a second variable that can be used to monitor a user’s downloads and that is the peer-ID. Your Torrent client generates a unique peer-ID for you and then send that out every time you connect to the BitTorrent network. Tracking companies can monitor the peer-ID and use the information to build a rather accurate database of downloads that come from the same client, regardless of the IP-address. While this information might be of use to private BitTorrent trackers, on public ones it poses a clear privacy threat.

The peer-id has always been constant on uTorrent for connections with trackers and peers, until version 3.3. The new version, which is still in alpha, randomizes peer ids after a specific time period to mitigate tracking of users when they use non-private torrents. The new feature leaves tracking companies with random chucks of data from different IP addresses with no unique peer-IDs to associate each chuck to a particular user.

BitTorrent Inc. told TorrentFreak that the new feature only applies to public torrents, and is a change to the core code, so users don’t have to enable it.

However, users should be aware that IP-addresses are still public and trackable and can still point to you, but only if your ISP is coerced into revealing the information.

Interested users can download uTorrent 3.3 Alpha from this page.

0 comments:

Post a Comment

Popular Posts