3 questions about µTorrent's encryption feature...

Can anyone tell me the purpose of encryption, because I understood that if you turned encryption on then your ISP would have no idea what you were downloading/uploading?

Or does it just help to bypass restrictions?

I've got no ISP restrictions, so if this IS the case, shall I turn encryption & just use Peer Guardian to be protected?

Sorry for all the questions, but the reason I ask is because I received the following email from my service provider this morning:-

Entanet (our wholesale provider) have received notification from a third-party monitoring service that copyrighted material may be being distributed from this account via a file sharing programme.

Please see the details below:

INFRINGEMENT DETAIL

--------------------

Infringing Work: Harry Potter and The Deathly Hallows (Document)

First Found: 10 May 2008 11:31:26 EDT (GMT -0400)

Last Found: 10 May 2008 11:31:26 EDT (GMT -0400)

IP Address: ----------

IP Port: 51083

Protocol: BitTorrent

Torrent InfoHash: A3F8C10089A6B7515172FA30A9DC8A8CF8F52618

Containing file(s):

J. K. Rowling\\Harry Potter and the Deathly Hallows.pdf (1,494,470 bytes)

Please check your system and if you find any such material please remove it.

Please advise us when this has been done by replying to this e-mail.

Regards

As it happens, I didn't actually download any H. Potter (to say I'm not a JK Rowling fan is an understatement...) I just downloaded a 'megapack' of ebooks & selected the files I wanted - all public domain as far I know.

The primary purpose of the encryption feature is to prevent lower-quality throttling techniques from working.

It is not to hide what you're downloading.

PeerGuardian won't protect you.

OK thanks DreadWingKnight.

This email has got me a bit paranoid, but if PG won't protect me either, what can I do? Just hope for the best?

By the way @admins - I did read:

"Posting about any illegal sharing of copyrighted content is strictly FORBIDDEN" but I only downloaded public domain ebooks. (Shakespeare/Dickens/Twain/Hemingway & suchlike)

Should I edit my original post?

There's not that much you can do.

However IP-Address based identification of an individual isn't physically possible (there just aren't that many IPs to go around. At one point MIT had more IP addresses assigned to it than the largest country by population on the planet). Hoping for the best and not admitting to anything leaves this argument open to you.

OK thanks again DWK

I don't download/upload anything 'mainstream' anyway, so I'll just continue hoping for the best.

"Can anyone tell me the purpose of encryption, because I understood that if you turned encryption on then your ISP would have no idea what you were downloading/uploading?"

...

"Entanet (our wholesale provider) have received notification from a third-party monitoring service that copyrighted material may be being distributed from this account via a file sharing programme."

Your ISP probably had no idea what you were downloading/uploading. It was a "third-party monitoring service" that reported to your ISP that supposedly your WAN internet ip was infringing.

"However IP-Address based identification of an individual isn't physically possible (there just aren't that many IPs to go around."

An ISP can trace down which household is using which internet ip at basically any given moment. It's remotely possible they could be wrong, but it would be rare.

The monitoring service being unnamed is troubling. Knowing who your possible accusers are is rather important with identity theft possible on BOTH ends -- yours and whoever is accusing you!

Hi Switeck

Hmm. Yes, that does seem a bit more concerning.

I don't know how these things work, but thankfully my ISP (ADSL24 - UK) are completely realistic with regards to their users & P2P. I guessed that this is just a stock email that they are forced to send out to cover their arses.

This was friendly advice to delete the file, just in case I do get in trouble. Perhaps I'm being naive, but I don't think it's any more serious than that.

As I said previously, I never download popular new files because I just don't like 'em. But I will be more careful to check the contents of any large torrents for potentially monitored material that could potentially get me 'noticed'.

I've since read up on Peer Guardian & I can see how I was naive to think it would protect me.

There are a number of fringe RIAA groups that track torrent peers and email the ISP's that own the IP addresses with vague and ignorant threats like that. Rest assured, they sent the same email to every other peer on the torrent. Ironically, they seem to go after Harry Potter 90% of the time! They don't actually know you from a hole in the ground and I seriously doubt that they have the resources to back up their threats. The RIAA is simply resorting to schoolyard bully tactics hoping that they can scare you into never downloading again.

Some steps you might consider:

1) Bluetack's Blocklist Manager is very maligned here by many people, but can actually be very effective at limiting your contact with these "third-party services." I personally don't think using an updated ipfilter.dat file hurts you in any way and would encourage its use.

2) Use Truecrypt to encrypt a partition or create an encrypted drive and place utorrent, your torrents, and all your downloaded things onto that drive. They can make all the allegations that they want, but if they can't show that you possess the material then they're kinda legally hooped. I don't believe it would ever come to that, but a little paranoia can help one sleep at night... ;-)

I would only recommend using "level1" blocklist from Bluetack, and then only with a few caveats.

Bluetack's Blocklists also include huge swaths of "spammers" on dynamic ips, where Bluetack just block large ip ranges just to be sure they got them. Those are only vaguely useful at the time said spammers were active and are now likely far more likely blocking legit file sharers. Said spammers may be legit file sharers who for a while had malware on their computer...and are quite likely clean now.

Ironically, even for the BAD ranges, Bluetack has odd hits-and-misses, often not including the x.x.x.0 or x.x.x.255 of a range for some odd reason.

Check for updates on the lists, as the latest ones presumably are a little better than the ones in the past. ...Though either way you may need to do some cleanup if you actually care about not blocking legit file sharers.

Ceefax,

If I were you, I'd ask my ISP who/what sent the letter...and add you think it might be a "phishing scam" or identity theft attempt using bogus data.

Thank you both for the advice

I've been using Truecript & it's excellent. Am trying BLM now also.

@Switeck

I'm in the process of composing that email to my ISP, but would you please elaborate first on what you said?:

"The monitoring service being unnamed is troubling. Knowing who your possible accusers are is rather important with identity theft possible on BOTH ends -- yours and whoever is accusing you!"

"...and add you think it might be a "phishing scam" or identity theft attempt using bogus data."

I understand your words & terms perfectly, but I remain a little unclear as to HOW this could be seen as possible ID theft/scam - I must know what I'm talking about when (if?) my ISP reply!

Thanks.

Completely illegal and hostile hacker scenario:

The sender of the Cease & Desist notice could be fishing for information about YOU to do a more detailed attack, possibly concerning hacking to make it look like something you did...once they know more about you. The claim of copyright infringement they know is bogus, but they hope they can strongarm your ISP into giving away lots of free info with which they can use either to commit identity theft or to blackmail you. They may already have wormed their way into your computer/s, and without knowing more about your accusers...you cannot protect yourself from what could likely be con artists out to use your identity to commit unknown criminal acts.

Unfounded but possibly legal copyright monitoring company scenario:

The sender of the C&D notice may not have any real evidence but is counting on your admission of guilt once it gets more information on the "owner" of the ip address. This is so they can threaten you with far worse than a C&D notice...warrented or otherwise. You claiming to not know about the "crimes in question" will likely be treated hostilely by whoever is seeking to pursue legal means to enforce copyrights...but currently they do not have your identity to do so!

In either case, there seems no way to establish a legal dialog with a party that refuses to reveal its identity...except through your ISP's email on the subject. If you are to take the C&D notice seriously, then you would expect some means of replying back to whoever sent it...but doing so with them knowing who you are but you not knowing THEM puts you in legal jeopardy...

And the irony that you may be completely innocent or at worst unintentional downloader will not protect you from the legal torts the copyright cartels are throwing around.

Even the real copyright monitoring companies that RIAA and MPAA are using have been shown to use less-than-scientific means of investigation that HAVE been thrown out of court in more than 1 case. If their methods are not revealed and challenged, then they can even threaten innocent people to extort money...just because it is too expensive to fight them. How can one prove their innocence when the evidence could easily be tampered with? The companies gathering evidence are paid per household/person sued and cannot be seen as having a compelling interest for clean hands or due diligence.

Do some research on the subject, especially with those who have been "through the process" of getting sued by the media industries...and you'll be able to make a more coherent letter than I can.

Hey Guys

I recently got this message downloading NCIS ep 1 as i love the show! But was edging to get ahead of UK for viewing this.

I've deleted the file, but should i email them back saying i have? It sounds dodgy from the moderators comment that they could pass my details onto RIAA etc. Makes me paranoid!

I'd never respond to the email by REPLYING to the email.

I'd call up my ISP or make a separate email to their complaints department...or whatever seems appropriate.

Switeck, i found a thread on adsl24 and the owner replied saying its an automated response.

http://adsl24.co.uk/forum/showthread.php?t=4691&page=2

Any advice on what to do? Cheers

I'd call up my ISP or make a separate email to their complaints department...or whatever seems appropriate.

I JUST WANT TO THANK SWITECK FOR HAVING PATIENCE WITH ME .THANKS FOR GIVING ME THE CONFIDENCE BACK WITH READING YOUR LINKS BOUT THIRD PARTY AND ISP PROVIDERS.AFTER REAING YOUR LINKS AND READING OTHER FOLKS STORIIES I SEE THE LIGHT,AND HAVE STARTED CRAWLING FIRST BY JUST DOWNLOADING 1 TORRENT AT A TIME ON FORCED AT THE TIMES YOUR LINKS SUGGESTED.SO FAR SO GOOG.IM GLAD I FINALLY SIGNED INTO THE FORUMS AND FOUND OUT IM NOT ONLY PERSON EXPERIENCING SAME PROBLEMS OF WHAT I BELIEVE TO BE BULLYING AND ALSO THIRD PARTY TRYING TO GET INTO YOUR PC.WHAT BETTER PEOPLE TO PICK ON THAN SHARING PEER TO PEER PC,s WE GOT TO STICK TOGETHER AND WHEN THINGS LIKE THIS HAPPEN WE HAVE TO GET ON THIS FORUM AND TELL OTHERS WHATS GOING ON,SO WE KNOW WERE NOT ALONE THANKS AGAIN Switeck.I GOT BIG SMILE ON MY FACE AGAIN WATCHING AND ENJOYING MY DOWNLOADS,1 AT A TIME.

Next time you post, turn off CAPSLOCK!

It seems silly that the only non-caps word in your whole post is my name.