Jump to content

Encryption and security on uTorrent?


DeBo

Recommended Posts

  • Replies 76
  • Created
  • Last Reply

It's a bit like asking: "why did I get hit by lightning now?"

The monitoring companies were (finally?) checking the torrent/s you were running at that time.

Your ip popped up in the tracker's list...they got your ip from the tracker...they sent a nasty letter to your ISP threatening vague and harsh-sounding consequences...your ISP forwards the letter on to you.

Your ISP isn't to blame in this case, for what it's worth.

Link to comment
Share on other sites

Easy there boyo or you might hurt your wee little head. We are just exploring options and testing the waters. There is no harm in asking now is there???? So just chill there a wee bit lad... ok? ;)

It's all good.

Well ok not really it all sucks, but you get my drift.

Right enuogh rant.... Again I mention Relakks....anyone?? Or similar VPN solutions, how effective/secure/fast/etc...??

Cheers and for gods sake stop hurting your head...

Link to comment
Share on other sites

You're advertising your ip LOUDLY while running torrents.

The monitoring companies need only get your ip reported by a tracker, and they can bug your ISP about it.

It's even remotely possible that a BitTorrent client misreports your real ip even if you're using a proxy/VPN...I dunno if uTorrent ever would though.

So yes, you'll have to quit using BitTorrent...or only download stuff on BitTorrent that monitoring companies don't care about.

Link to comment
Share on other sites

  • 5 months later...

To summarise:

- Torrent trackers WILL always and MUST always have your IP address in order for you to download/upload.

- Any method of hiding your IP requires the data to be bounced through another location which WILL slow down your download without fail and is RARELY IF EVER secure.

- VPNs will do the EXACT SAME THING AS ABOVE, so it is not a good answer.

- Encryption done by your torrent client is (correct me if i'm wrong) header encryption only, which means the data you send isn't encyrypted for security, just encrypted so it will get through ISP's torrent filters.

- There is no way to secure your data while torrenting unless it is with a predetermined group running a fully encrypted VPN. In the same way it is not possible to mask your identity because people need to see you to send you stuff.

</summary>

<storm of criticism>...

Link to comment
Share on other sites

This assumes the monitoring companies bother to CHECK to see that your ip is online AND sharing the torrent after they get your ip from the tracker. There is strong reason to believe that some of them DON'T bother to do this:

http://dmca.cs.washington.edu/

Network printer "caught" uploading movies.

So blocking the monitoring companies ips mostly only serves to prevent them from sending you bad data...and only marginally/remotely helps against them sending cease-and-desist letters to your ISP.

Link to comment
Share on other sites

Bad hash eventually takes care of itself. An inconvenience but not a deal killer. Cease-and-desist letters is what Bittorrent users should be concerned with. "Marginal" and "remotely" are opinions like my opinion that IP filters are required practice. I can state myself as a case study that cease-and-desist letters have ceased after install a ip blocker list was installed. I believe the two are related.

Link to comment
Share on other sites

While it is true that uTorrent v1.7 and later are FAR better at dealing with hostile poisoners than earlier versions of uTorrent...when you're on a torrent that's under major attack, counting on uTorrent's auto-ban system to keep up with the poisoners is really asking too much. They can throw potentially 10000+ bad ips at you. And even if you've got auto-ban set to block ip ranges, it'll still take awhile to get all their ranges. And uTorrent forgets all of that if it restarts.

Each hostile poisoner tries to ruin at least 1 piece. Really sucks on the large torrents where the pieces are 4 MB in size, as 50 such ruined pieces represents 200 MB of lost data. People have reported >1 GB of hashfails on torrents less than 200 MB in size from such activity. I can only assume that numerous people give up in the face of such attacks.

The story about Media Defender's leaks does seem to suggest they have LOTS and LOTS of ips not covered by any blocklists. However as Aaron Walkhouse pointed out, those huge lists are predominately fakes that never existed. And he added:

"The genuine IP addresses operated or used by MD were already detected and blocked long before the leaks but not all of them were labelled MD because the identity of the attackers was not confirmed."

I only said the blocklists are of no value against possible cease-and-desist letters because SOME monitoring companies don't believe in due diligence on data collection. They "harvest" ips from a tracker and just treat the list as correct and reliable.

That doesn't mean there's not at least a few ip ranges that SHOULD be blocked by any sensible uTorrent user.

Link to comment
Share on other sites

> Each hostile poisoner tries to ruin at least 1 piece.

Thanks for the explanation. Since you put it that way, I can see how that could slow things down. Why ban the entire IP when there is still good pieces to be had? It'd be cool if the swarm could communicate with each other about specific pieces to reject for an IP. This way "poison" IPs could actually help seed :) pieces they have not altered.

Link to comment
Share on other sites

Any site which CLAIMS to be #1 or "authorized" or "bittorrent" specific... maybe. Remember those organizations which enforce the rule-of-$ have capital to make their own sites/services. You give your liability to a 3rd party if you choose to bounce your connection through any type of proxy... instead of leaving the ISP to decide whether or not to enforce, you get a (usually smaller) company more at the mercy of high-price litigation.

Theoretically SSL makes you indistinguishable from other traffic.. and that may still be the case with the service you use, but remember just because it's once-removed from your end-user IP/person/connection you're still not immune from the same tactics if your connection WAS the end of the chain. You can still suffer the same reliability problems on a bad/slow service or interruptions... and there's more hoops to run through to troubleshoot say if "my downloads stopped"... you have to additionally check your link between you and your service and your service and the REST of the internet :P

I'm not trying to discourage usage... rather a more informed usage.

Link to comment
Share on other sites

No one has commented yet on the legality of these 'cease and desist' letters. I am hoping it is because everyone knows that it really doesnt matter, these days they can claim anything they want and everyone (including judges and lawyers) believe it.

But in reality.. they have yet to prove anyone is technically breaking the law. Just because your IP is on a tracker means nothing. There excuse for not being competent enough to catch copyright infringers is to simply say that anyone using the incredible bittorrent technology is breaking the law.

Fact is, there is probably no absolute technical way to prove beyond a reasonable doubt that anyone broke the law.. and even if they somehow found a way we would just block it so they couldn't. So im guessing that's why they don't even try, because they know they will loose.. Welcome to Corruption!

Link to comment
Share on other sites

... being no lawyer, I can't say I know about any of this certinly.

However, there are some problems... even though big $$ uses "big crime" reasons to get the information of filesharers, the settlements are in civil court. It's not a criminal court and as such, there is no "reasonable doubt" at least here in the US. Secondly... big $$ is not responible for the actual data gathering which is used in those proceedings, should there even be proceedings in the first place. Many times indeed the threat of litigation scares people enough to responding directly, which opens up further avenues of inquiry.

For legal proceedings in the US a mailed court order is customary ... aka a "summons" to appear. I'd ignore all correspondence before then.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...