BitTorrent downloaders' IP addresses logged within 3 hours

Users who have downloaded copyrighted music, video and other content through a BitTorrent client within the last three years have likely had their IP address logged by monitoring companies, according to research by Tom Chothia and colleagues at the University of Birmingham, United Kingdom. They will present their conclusions this week at the SecureComm conference in Italy.

Monitoring of popular BitTorrent files is so prevalent, in fact, that the researchers concluded that most users will have their IP addresses logged by copyright-enforcement authorities within three hours of download.

Chothia and team set up a fake pirate server online to perform their research for more than the past two years. They were able to measure "the activity of 1,033 swarms across 421 trackers for 36 days over 2 years," and over 150 GB of BitTorrent traffic data, according to the full paper (PDF file).

The researchers were able to identify monitoring companies by comparing the download progression of users on the BitTorrent files. While a "regular" peer user's client will download the BitTorrent data in a steady progression toward completion, a monitoring peer downloaded data randomly over time, to give the illusion of activity to cover the companies' true intent.

Additionally, they found that using blocklists was not an effective practice for preventing being watched and logged by the monitoring companies. While the researchers were able to match some IP addresses of suspected monitoring companies with those on some blocklists, they found both false positives and false negatives on the lists.

Source: New Scientist

Report a problem with article
Previous Story

FBI: "No evidence" of AntiSec hacker group claim

Next Story

Steam Greenlight adds $100 fee to reduce bad entries

49 Comments

Commenting is disabled on this article.

3rd impact said,
does having a dynamic ip an advantage? if so i should stop cursing it.
I would think a static IP would have the advantage. Only because it's attached to an account/residence. If you move it changes, otherwise it's the same for all devices using your network.

You can then argue that someone was leeching your wifi and because the IP is static, they had the same address as you. My wifi router knows the identity (MAC address and LAN IP) of the person downloading things. My ISP only sees the cable modem they provided.

I simply can't understand who and why anyone uses bittorrent stuff. Most of it is slower than dog crap.

I've tried it a couple times and it does nothing for me. I can find what ever I want without using it and get it much faster than any torrent stuff has ever been.

What if I own the content but it's faster to download than to convert and download from a CD drive or what if I don't have a CD drive on my computer? Downloading something I already own is not illegal surely.

offroadaaron said,
What if I own the content but it's faster to download than to convert and download from a CD drive or what if I don't have a CD drive on my computer? Downloading something I already own is not illegal surely.

Think you might want to check your facts here. You would be breaking the law. You are purchasing a license to use said media, you are not purchasing the actual media.

jamieakers said,

Think you might want to check your facts here. You would be breaking the law. You are purchasing a license to use said media, you are not purchasing the actual media.


Not sure about US juristiction on this item, but in The Netherlands and most of Europe, you buy a usage license. If you have said usage license, you're allowed to obtain said product any way you can. email, normal mail, physical store, torrent, usenet... doesn't matter.
And the 'companies' are not allowed to stop you from doing so. If they do, they unlawfully broken a contract. No matter if the contract states 'thou shalt not torrent' since you have a usage license bought legally and are not breaking national laws to use said license, they can't really stop you from doing so.

Then again, our copyright laws are 10times better then any other European country already, so meh. Quite sure you're not allowed to download said material no matter if you have a license or not.

jamieakers said,

Think you might want to check your facts here. You would be breaking the law. You are purchasing a license to use said media, you are not purchasing the actual media.

Yeah but a downloaded copy does not equate to the actual media...

I'm curious of how they gathered this data? Or how these so-called monitoring companies are gathering data? They're using public trackers to check the peers of every torrent listed then log the IP of any peer that sends a bit of data? What about private trackers? If they're not a member then the best they can hope for is to see that John Doe at 1.2.3.4 is downloading BT traffic but unless they're able to sniff some of the data (enough to generate a fingerprint of the file contents) then all they can see is that John Doe is transmitting/receiving BT traffic but they have no idea what it is. I doubt they'd be able to capture any data via sniffers without help from the ISP so isn't this whole thing really about logging users on crappy public trackers?

It' easier than that. They just download the files themselves and look at who is seeding. Remember that they always sue you for uploading and not downloading.

MsftGaurav said,
If it's a dynamic IP, it could be anyone in your WLAN/LAN.

Surely they'd log who had that IP at that time so when it comes to asking who this IP belongs to they'd include the date and time?

Azusa said,

Surely they'd log who had that IP at that time so when it comes to asking who this IP belongs to they'd include the date and time?

Exactly. The cable companies and FIOS typically use your MAC address to authenticate you (and log who had what ip at what date/time) while DSL still use the antiquated and HUGE pain in the a** protocol PPPoE which does the same accounting and authentication functionality. The question is how long do the ISP's keep this data? They all vary but I've generally heard somewhere in the 1-5yr range. Wouldn't that be a nice surprise? A letter in the mail demanding some astronomical payment for a torrent you downloaded 4 years ago?

Azusa said,

Surely they'd log who had that IP at that time so when it comes to asking who this IP belongs to they'd include the date and time?

Then maybe you could argue someone stole your MAC address and spoofed it. It's always technically possible. Or run with someone's spoofed address and if they come, reset it to default.

Isn't it time we say goodbye to bittorrent and move onto decentralized and encrypted protocols the sort that PerfectDark uses?

"Huh. My neighbor must have hacked into my WiFis." That's what I would say. But I don't use bittorrent. There are better older technologies...

Shadrack said,
"Huh. My neighbor must have hacked into my WiFis." That's what I would say. But I don't use bittorrent. There are better older technologies...

or maybe your pc was hijacked by an exploit in java and you didn't even know your PC was seeding torrents!

Wait... I have a fake torrent program that monitors torrents too... how do they know what is legitimate downloading and not just other monitoring programs?

I was wondering the same thing. Just out of curiosity, why do you monitor torrents? Would be a real shame to get busted for copyright infringement if all you were doing was monitoring.

Shadrack said,
I was wondering the same thing. Just out of curiosity, why do you monitor torrents? Would be a real shame to get busted for copyright infringement if all you were doing was monitoring.

I just like to collect data. Mostly about speeds from different ISPs and their geo location and how many torrents some IPs seed. When a new torrent explodes onto the network, its interesting to see where it comes from, what trackers are being used and seeing it anything in the news has prompted it to become well known torrent... and of course, its fun to play with torrent clients on the network

sagum said,

I just like to collect data. Mostly about speeds from different ISPs and their geo location and how many torrents some IPs seed. When a new torrent explodes onto the network, its interesting to see where it comes from, what trackers are being used and seeing it anything in the news has prompted it to become well known torrent... and of course, its fun to play with torrent clients on the network


Nice!

SharpGreen said,
Does this include clients that implement any form encryption on top of the existing protocol?

Wouldn't that just stop your ISP from snooping your traffic?

SharpGreen said,
Does this include clients that implement any form encryption on top of the existing protocol?

Its always going to show your IP unless you use a proxy/VPN.

SharpGreen said,
Does this include clients that implement any form encryption on top of the existing protocol?

It really wouldn't matter I don't think. Only the data would be encrypted, not your IP address. So the connection they need to connect the dots to your true identity would not be encrypted with bittorrent.

We really should create our own internet instead of worrying about the US Government cracking down on the existing internet. We can have it based out of some place else that the US Government can't touch. Or one giant VPN.

SnaveZ said,
We really should create our own internet instead of worrying about the US Government cracking down on the existing internet. We can have it based out of some place else that the US Government can't touch. Or one giant VPN.

Those already exist.......

SnaveZ said,
We really should create our own internet instead of worrying about the US Government cracking down on the existing internet. We can have it based out of some place else that the US Government can't touch. Or one giant VPN.

there are already a fair amount of darknets (thinking .onion, .i2p, etc.)

but arent when your downloading/uploading (connected) your IP is displayed to everyone... that's the peers list. is this a big deal?, sure isent this what they have been doing from the start anyway...

jasonon said,
can they do anything even if they have your ip?

They could try to sue you for trying to steal content even if the content is not real.

jasonon said,
can they do anything even if they have your ip?

they could contact law enforcement/your ISP and request that your name be released (and then they could get a search warrant to confiscate your laptop's hard drive as proof that you downloaded the pirated material, and then they could sue you)

jasonon said,
can they do anything even if they have your ip?

No, the truth is that nothing will happen. In order for governments to search your media, they need a search warrant. A search warrant can only be obtained with sufficient sources and different ones also. A record from your ISP saying this was your IP address at this time and a record from some torrent snoop does not constitute a search warrant, not even close. To get a search warrant they need to have physical evidence that you posses the material- which is the paradox because the only way they can do this is if they have a search warrant to prove you have it.

If your scared about them knowing you posses illegal content because site owners like megaupload's have been "incriminated" then you are mislead. I'm not going to go into it but even the breaking into of dotcom's house was illegal because their wasn't sufficient evidence to sustain a search warrant on the man's house, even though there was copyright infringing material on it.

So in short, no, they cannot do anything with your IP address unless they have a lot of evidence and you are a serial offender such as owning a copyright infringing website hosting thousands of illegal files. You downloading the odd pirated piece of software is nothing in the scheme of things, they won't even bother

Matthew_Thepc said,

they could contact law enforcement/your ISP and request that your name be released (and then they could get a search warrant to confiscate your laptop's hard drive as proof that you downloaded the pirated material, and then they could sue you)
You could, if an IP is is one person .... which it isn't.

x-byte said,
You could, if an IP is is one person .... which it isn't.

If you think your IP is anonymous then your an idiot. That's like saying no one knows how to find me even if they have my address because many people could live at my house.

ingramator said,
<snip>

Well, as an end user, the worst that can happen is that your ISP will get a notice about you, and say "Hey, cut it out." The reality of it all is that the ISP doesn't give a damn what you do, so long as you pay them their money. However, if you become a nuisance, then I suppose that's when you could see your service being cut off.

I haven't experienced any of this, cease and desist letters or anything, but looking at it all, I'd imagine that'd be the worst thing you'd have to fear.

Well, that and extortion from the RIAA/MPAA. I don't promote or condone piracy, but what they do isn't better by any means at all. Besides, many of the artists I listen to blatantly speak out saying they don't care if you buy it, copy it, download it, or steal their music, so long as you have it.

Martin5000 said,

If you think your IP is anonymous then your an idiot. That's like saying no one knows how to find me even if they have my address because many people could live at my house.

In fact yes, the IP gives you some anonymity. The IP identify a house or business but a specific individual, the owner of the line does not specifically is the guilty.

Martin5000 said,

If you think your IP is anonymous then your an idiot. That's like saying no one knows how to find me even if they have my address because many people could live at my house.

No one is saying that your IP address makes you anonymous. Far from that. I think you need a bit more coffee or something.

Your IP address is linked to a specific location and a certain owner. It's just the external IP of you network. Others can jump on you network and download stuff all day. Having 1 IP tied to multiple devices is what gives you 'anonymity'. They can't really say who or what on your network downloaded illegal content. All they can say is that it passed through your network and that alone isn't enough to do anything to you.

jasonon said,
can they do anything even if they have your ip?

First it's important to make the distinction, for individual, it's a civil matter and not criminal one. So there is no warrant, no search of your computer and no police involved.

They don't need them. All they do is blackmailed people in paying a settlement using the treat of a suit. Many people do pay because they get scared and know the cost of a lawyer would be greater than the settlement. Only 3 or 4 peoples have actually been sued, I guess as an example.

KCRic said,
No one is saying that your IP address makes you anonymous...

Except the guy I replied to was heavily implying that.

Also, an ip may be only be tied to one office/house etc. (normally), but many systems record who on the local network was doing what and at what time. ISPs certainly record who was using a given dynamic ip at any given time.

still1 said,

peer block for the win

Did you just decide to skip the last paragraph, or did you even read anything other then the title?

"Additionally, they found that using blocklists was not an effective practice for preventing being watched and logged by the monitoring companies. While the researchers were able to match some IP addresses of suspected monitoring companies with those on some blocklists, they found both false positives and false negatives on the lists."

Martin5000 said,

Except the guy I replied to was heavily implying that.

Also, an ip may be only be tied to one office/house etc. (normally), but many systems record who on the local network was doing what and at what time. ISPs certainly record who was using a given dynamic ip at any given time.

Don't most ISPs use static IPs for customers? Mine never changed unless I moved or called and requested it to be changed (they usually got a bit curious on that one).

So every item in my house running through my network had the exact same external IP address. Only the internal network knew what was using it. Even my phone, when connected to my wifi, had the same external IP as my desktop. Their LAN address was different but that was only a concern to my router, not the ISP. Anyone else logging on (or leeching if yours is unsecured) would have the exact same IP as you do from the outside.

KCRic said,
Don't most ISPs use static IPs for customers? Mine never changed unless I moved or called and requested it to be changed (they usually got a bit curious on that one).

So every item in my house running through my network had the exact same external IP address. Only the internal network knew what was using it. Even my phone, when connected to my wifi, had the same external IP as my desktop. Their LAN address was different but that was only a concern to my router, not the ISP. Anyone else logging on (or leeching if yours is unsecured) would have the exact same IP as you do from the outside.


AFAIK, almost all ISPs provide dynamic IPs unless you specifically ask (or pay) for one. If you're getting a static IP, then count yourself lucky

KCRic said,
Don't most ISPs use static IPs for customers? Mine never changed unless I moved or called and requested it to be changed (they usually got a bit curious on that one).

Sometimes you keep the same IP for a while. That doesn't mean you get to keep it though or that it's in any way static. They can change at any time really.