Use BitTorrent? You're being watched

Posted by Emma Woollacott

Anyone foolhardy enough to download content from file-sharing service BitTorrent is likely to find their activity's being monitored within hours.

Research from Birmingham University computer scientists shows that it's not just serial downloaders that can expect to find themselves being tracked - it happens to first-time users too.

Over a three-year period, the team created software that acted like a BitTorrent file-sharing client and logged all the connections made to it. They found that in the case of particularly popular content, it was monitored within hours.

"Forty percent of the monitors that communicated with our clients made their initial connection within three hours of the client joining the swarm; the slowest monitor took 33 hours to make its first connection," says the team in its paper.

"The average time decreases for torrents appearing higher in the Top 100, implying that enforcement agencies allocate resources according to the popularity of the content they monitor."

Companies often outsource the task of policing BitTorrent to specialist copyright enforcement agencies. The team found around ten organizations carrying out monitoring, but said several were hard to identify, as they were using  third-party hosting firms.

"One key aspect of BitTorrent monitoring is the precise set of techniques employed by enforcement agencies, which have never been disclosed publicly," say the researchers.

Nor is it clear what the information's being used for. Because the monitors don't actually collect any of the content, the data probably couldn't be used as evidence of illegal file sharing in court.

"It's certainly not like we haven't seen businesses use copyright-infringement monitoring services to shake people down in what clearly looks like extortion," says Lisa Vaas of security for Sophos.

"Case in point is a recent Kentucky class action suit that accused porn studios of extorting BitTorrent users, looking for payouts of $1,000 to $5,000 from victims too embarrassed or shamed to defend themselves in court.

"As the Kentucky lawsuit claims, this isn't simply a war on piracy; rather, it's a 'new business model' that's not set up to deter illegal downloads but is instead set up simply to squeeze profit from its victims."