P2P blocklists fail to protect privacy from copyright cops' mass monitoring

Security researchers setup a honeytrap to study monitoring by anti-piracy groups for two years. If you downloaded any pirated movies, music or eBooks via a BitTorrent client, then copyright enforcement agencies likely logged your IP address within three hours of joining a swarm. P2P blocklists don't offer file-sharers much protection, or privacy, from the "massive monitoring" activities by copyright cops.

Have you downloaded any pirated movies, music or eBooks via a BitTorrent client lately? If yes, then you probably had your IP address logged by copyright cops within three hours of joining a swarm. Opting not to hide your IP behind a VPN or proxy in favor of P2P blocklists doesn't offer file-sharers much protection from the "massive monitoring" activities by anti-piracy groups.

"Almost everyone that shares popular films and music illegally will be connected to by a monitor and will have their IP address logged," according to the technical research paper "The Unbearable Lightness of Monitoring: Direct Monitoring in BitTorrent" [PDF].

Security researchers from the University of Birmingham, UK, presented their findings from a two-year study at the 8th International Conference on Security and Privacy in Communications Network (SecureComm). They had setup a fake pirate server, a honeytrap, and discovered the more popular the content downloaded, the faster copyright enforcers will log the IP.

Average time before monitors connect: 40% of the monitors that communicated with our clients made their initial connection within 3 hours of the client joining the swarm; the slowest monitor took 33 hours to make its first connection. The average time decreases for torrents appearing higher in the Top 100, implying that enforcement agencies allocate resources according to the popularity of the content they monitor.

The Pirate Bay has been under the heavy-duty monitoring gun for the last three years. The researchers' honeytrap "only detected monitors in Top 100 torrents; this implies that copyright enforcement agencies are monitoring only the most popular content music and movie on public trackers. Movie and music torrents were most heavily monitored," however there are "between 1 and 7 IP addresses suspected of monitoring" in each of the other less-popular categories.

In 2011, the numbers fell to only 7% of peers who accepted incoming connections; this might offer some protection against direct monitoring where copyright enforcers attempt to download files from IPs listed in torrent swarms. Regarding active direct monitoring only, the researchers said "peers may still be able to participate in a swarm undetected by enforcement agencies, who rely solely on a peer's ability to accept incoming connections in order to communicate with them."

Yet copyright cops most commonly use indirect monitoring and log IP addresses appearing in a tracker peer list. The mass monitoring of file-sharing swarms opens the question of what copyright enforcement agencies intend to do with the harvested data. If the indirect monitoring lists are headed for lawsuits against copyright infringers, then researcher Tom Chothia said it may not be proof enough. "All the monitors connected to file sharers believed to be sharing illegal content. However, they did not actually collect any of the files being shared. So it is questionable whether the observed evidence of file-sharing would stand up in court."

The research concluded, "We found that publicly-available blocklists, used by privacy-conscious BitTorrent users to prevent contact with monitors, contain large incidences of false positives and false negatives, and recommended that blocklists based on empirical research are used over speculative ones." TorrentFreak advised privacy-conscious BitTorrent users to take measures to conceal their IP, such as using a VPN or proxy to remain anonymous. Keep in mind that the six-strikes anti-piracy scheme is coming later this year to the U.S. ISPs: "AT&T, Cablevision, Comcast, Time Warner Cable and Verizon." Those five ISPs "cover roughly 75% of all U.S. broadband internet customers."

Another bit of copyright cop news happened during Ustream's live webcast coverage of the annual Hugo Awards ceremony for the best science fiction or fantasy works. Although it would seem that "fair use" comes into play when broadcasting clips of copyrighted material during an awards ceremony, the automatic copyright-enforcement bots cut off the video stream and then resisted Ustream's efforts to resume the broadcasting. According to io9:

In the middle of the annual Hugo Awards event at Worldcon, which thousands of people tuned into via video streaming service Ustream, the feed cut off - just as Neil Gaiman was giving an acceptance speech for his Doctor Who script, "The Doctor's Wife." Where Gaiman's face had been were the words, "Worldcon banned due to copyright infringement."

Ustream founder and CEO Brad Hunstable apologized later in a blog post. He suspended the use of the third-party system Vobile "until we are able to recalibrate the settings." He added that they also needed "to ensure fair use of copyright as permitted by the law."

On a side note, Vobile is Hollywood's best buddy and "is currently used by all of the major film studios and TV networks." The company claims it scans more than 2 million videos per day, which is about 8,000 hours of video per hour. Vobile was also used to prevent unauthorized distributed of London Olympics content. Additionally, Vobile "expanded" its VideoDNA fingerprinting copyright infringement tech last December by adding vCloud9 to scan cloud-based cyberlockers for unauthorized and copyrighted content.

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Copyright © 2012 IDG Communications, Inc.

What is security's role in digital transformation?