BitTorrent traffic closely watched by shady firms
The higher a torrent file is on most popular list, the faster the monitors are responding, Researchers from Birmingham University reported at the SecureComm conference in Padua, Italy, this week.
They also found that independent blocklists, which torrent users manually create to ward off suspected monitor organizations, failed to include many of the peers the researchers identified as suspicious.
BitTorrent protocol allows users, called peers, to share files by chunking them into small bits and bringing peers together for direct exchange. A torrent server lists internet protocol (IP) addresses of peers wishing to upload or download the files. Users join a swarm of peers sharing the file by announcing their presence to the torrent server.
The protocol is often used for distribution of free software, game updates and other legal content, but is better known for its part in illegal sharing of copyrighted material. Copyright holders are known to keep an eye on the largest torrent sites, such as The Pirate Bay, researchers say.
"Copyright holders are known to routinely monitor file-sharers, collect evidence of infringement, issue cease-and-desist letters and, in some cases, demand financial compensation from the users they deem to have infringed their copyright. The task of policing BitTorrent is often outsourced to specialist copyright enforcement agencies," they reported.
The computer scientists used custom software to collect torrent traffic data for a total of 36 days over two years. They were looking for telltale signs of peers on 1,033 swarms, indicating that they were interested in monitoring the file sharing other users’ activities rather than engaging in them. They were hunting both for peers monitoring indirectly, by asking a torrent server for list of peers on a swarm, and directly, by joining a swarm and communicating with other peers.
Suspicious behavior like failing to report download progress or hanging in a swarm for an abnormally long time marked peers as possible monitors. Researchers then tracked them to about 10 companies and organizations. Some of them were known copyright enforcement agencies or provided computer consultant services, but did not specifically acknowledge monitoring BitTorrents. One was a research institute which has since published work describing the detection of initial seeders of files. Others were difficult to identify.
It is not clear how the data collected by monitors could be used by copyright holders other than to measure the popularity of content among pirates and issue cease-and-desist letters. The monitors don’t even download offending material from other peers, so the data they get shows only that users have a torrent client running.
Researchers state that they take a neutral stance in the conflict between copyright holders and file-sharing activists.
“The results we present could benefit both users (e.g. by improving the detection and blocking of monitors) and copyright enforcement agencies (e.g. by improving monitoring techniques),” the paper says.