I Know What You Downloaded On BitTorrent This Summer

[Adrean]

Late 2011 a site appeared claiming to have tracked the sharing habits of more than 51 million BitTorrent users. The site, YouHaveDownloaded, went down a storm in the months that followed but is sadly no longer functional. However, what that Russian site did in the winter is now being matched by a Polish site this summer. So what did “you” download during the past few months? ScanEye believes it knows.

Unless BitTorrent users are taking steps to hide their identities through the use of a VPN, proxy, or seedbox, their sharing activities are available for almost anyone to snoop on.

By their very nature BitTorrent networks are very happy to spill the locations of any user in the swarm. After all, there’s data to be shared, and without knowing where to send it that can’t happen.

Despite this fairly common knowledge, even some experienced BitTorrent users can be a little surprised to learn that someone has been monitoring their activities. This was highlighted perfectly when a site called YouHaveDownloaded appeared in 2011 claiming to have gathered data on more than 51 million BitTorrent users sharing more than 103,000 torrents.

Although it generated considerable interest, YouHaveDownloaded stopped collecting data last year and is currently offline. However, we’ve now been made aware of another site offering a service that is just as scary.

ScanEye is a product of Polish company called Kalasoft Sp. z o.o. The company told TorrentFreak that it pulls torrents from two indexes – TorrentReactor and adult site NuTorrent – but where the .torrent files come from is largely irrelevant since they are available from many other sites too.

The main ScanEye system has been operating out of a Polish datacenter since November 2011. To date its operators say they have collected 430,000 torrents, that’s 400% more than the haul at YouHaveDownloaded. This figure is reportedly increasing by 1000 torrents every day.

In an attempt to blend in, the peers ScanEye uses masquerade as various torrent clients and are operated behind dynamic IP addresses in the three separate countries – Poland, Sweden and Romania. Despite these measures at least one peer was easy to spot – we were alerted to ScanEye by a reader who noticed some unusual activity in a BitTorrent swarm.

But while YouHaveDownloaded said their aim was to draw attention to the lack of anonymity on BitTorrent networks, the operators of ScanEye have a very different agenda. They are a piracy intelligence company gathering information on behalf of their customers.

For privacy reasons regular visitors can only see information on their own IP-address. Full addresses are only shared with parties who either own the content that was allegedly downloaded, or the IP-addresses that were “caught”.

“Copyright holders can view IP addresses of specific countries for very specific copyrighted content. For example, BMW AG can check who has downloaded ‘BMW DVD Navigation 2012′, but they can not see what else the IP has downloaded,” the company told TorrentFreak. “Network owners, for example Al Jouf University, Saudi Arabia, can view all shared content for its own network.”

But it is the public-facing service, the IP check, that is the same kind of product previously offered by YouHaveDownloaded. By visiting this page your current IP address will be matched against the databases held by ScanEye and a list of your downloads from the past few months should appear.

TorrentFreak carried out a few tests and as can be seen from the screenshot below, we got busted for downloading a VODO torrent.

Of course, users with dynamic IP addresses might find they get ‘busted’ for someone else’s downloads, or find that ScanEye reports they’ve never downloaded anything at all. Users who share an Internet connection with other file-sharers may very well get ‘busted’ for their behavior. Nothing much can be done about that, such is the nature of IP address evidence.

:view:Original Article: TorrentFreak

[jimbojet2011]

Read this:

Can an IP-address be a criminal?

Not according to District Court Judge Harold Baker, who ruled against a copyright holder in one of the many mass-BitTorrent lawsuits earlier this year.

“The infringer might be the subscriber, someone in the subscriber’s household, a visitor with her laptop, a neighbor, or someone parked on the street at any given moment,” Judge Baker wrote at the time.

Unfortunately, Baker is one of the few judges who came to this decision, which deserves more attention from the courts.

A few hours ago the Electronic Frontier Foundation published an article on the subject, arguing that the authorities shouldn’t act as if IP-addresses are persons.

Below’s Marcia Hofmann‘s take in full, as posted on the EFF website.

—

This spring, agents from Immigration and Customs Enforcement (ICE) executed a search warrant at the home of Nolan King and seized six computer hard drives in connection with a criminal investigation. The warrant was issued on the basis of an Internet Protocol (IP) address that traced back to an account connected to Mr. King’s home, where he was operating a Tor exit relay.

An exit relay is the last computer that Tor traffic goes through before it reaches its destination. Because Tor traffic exits through these computers, their IP addresses may be misinterpreted as the source of the traffic, even though the exit node operator is neither the true origin of that traffic nor able to identify the user who is. While law enforcement officers have seized exit relays in othercountries, we weren’t aware of any seizures in the United States until ICE showed up at Mr. King’s home.

After the computers were seized, EFF spoke with ICE and explained that Mr. King was running a Tor exit relay in his home. We pointed out that ICE could confirm on the Tor Project’s web site that a computer associated with the IP address listed in the warrant was highly likely to have been running an exit relay at the date and time listed in the warrant. ICE later returned the hard drives, warning Mr. King that “this could happen again.” After EFF sent a letter, however, ICE confirmed that it hadn’t retained any data from the computer and that Mr. King is no longer a person of interest in the investigation.

While we think it’s important to let the public know about this unfortunate event, it doesn’t change our belief that running a Tor exit relay is legal. And it’s worth highlighting the fact that these unnecessary incidents are avoidable, and law enforcement agents and relay operators alike can take measures to avoid them in the future.

First, an IP address doesn’t automatically identify a criminal suspect. It’s just a unique address for a device connected to the Internet, much like a street address identifies a building. In most cases, an IP address will identify a router that one or more computers use to connect to the Internet. Sometimes a router’s IP address might correspond fairly well to a specific user—for example, a person who lives alone and has a password-protected wireless network. And tracking the IP addresses associated with a person over time can create a detailed portrait of her movements and activities in private spaces, as we’ve pointed out in a case in which the government is seeking IP addresses of several Twitter users in connection with the criminal investigation of Wikileaks.

But in many situations, an IP address isn’t personally identifying at all. When it traces back to a router that connects to many computers at a library, cafe, university, or to an open wireless network, VPN or Tor exit relay used by any number of people, an IP address alone doesn’t identify the sender of a specific message. And because of pervasive problems like botnets and malware, suspect IP addresses increasingly turn out to be mere stepping stones for the person actually “using” the computer—a person who is nowhere nearby.

This means an IP address is nothing more than a piece of information, a clue. An IP address alone is not probable cause that a person has committed a crime. Furthermore, search warrants executed solely on the basis of IP addresses have a significant likelihood of wasting officers’ time and resources rather than producing helpful leads.

In the case of Tor, the police can avoid mistakenly pursuing exit relay operators by checking the IP addresses that emerge in their investigations against publicly available lists of exit relays published on the Tor Project’s web site. The ExoneraTor is another tool that allows anyone to quickly and easily see whether a Tor exit relay was likely to have been running at a particular IP address during a given date and time. The Tor Project can also help law enforcement agencies set up their own systems to query IP addresses easily. These simple checks will help officers concentrate their investigative resources on tracking down those actually committing crimes and ensure that they don’t execute search warrants at innocent people’s homes.

If you run an exit relay, consider operating it in a Tor-friendly commercial facility instead of your home to make it less likely that law enforcement agents will show up at your door. Also follow the Tor Project’s advice for running an exit relay, which includes setting up a reverse DNS name for your IP address that makes it clear your computer is running an exit relay.

So that's it about trying to sue somebody

Greetzzz

JJ