BitTorrent Monitoring Report

On Tuesday the web was overrun with reports that BitTorrent users are being monitored by a host of different (and in some cases unknown) organizations. I would like to take a quick look at the actual document that spawned these headlines.

BitTorrent logoThe news is takes from a paper presented this week at the SecureComm conference in Italy by Tom Chothia and colleagues at the University of Birmingham.

The paper is free to read here.

All alarmism aside the paper looks at both indirect and direct monitoring techniques, the indirect being the type that is typically used to “catch” people who are illegally downloading films, music and other copyrighted materials, and the more expensive but precise direct means that various companies are employing.

In the paper the authors state that their contribution to the argument can be summed up as follows:

We determine that indirect monitoring is still in use against BitTorrent users and devise more effective techniques to detect peers engaging in it;

We find indications that certain entities engage in direct monitoring of BitTorrent users and provide features to detect such peers;

We also notice that direct monitoring, in its current form, falls short of providing conclusive evidence of copyright infringement.

This is a complex and technical paper, but certain things are noteworthy. The direct monitoring consists in creating false peers that connect to your IP address and monitor its use, be that downloading updates for Linux or watching War Horse.

A user is much more likely to be directly monitored if they are partaking in one of the top 100 objects for download, and in 40% of cases monitoring began within 3 hours of connection. The less popular the object for download, the longer it takes to become monitored. This suggests that those doing the monitoring (be they copyright authorities or private data collecting companies) spend more resources on popular downloads.

One thing I can take from this paper is that somebody is collecting an awful lot of data about a lot of people and their downloading habits, and I wonder why? And also what do they intend to do with it? Particularly as many lawyers deem the data collected as not strong enough evidence to use in a court of law.

Problems with online anonymity

The internet probably knows what your favourite shoes look like. How you may ask? Your data is being monitored through your PC without you hearing as much as a peep about it. Private firms can spy on users from the comfort of their own computers.

The FTC has recently handed in a report advising private firms to be more open about their data collection practices. New laws regarding user privacy are also currently being worked on.

Users who want to preserve any semblance of privacy left are looking into do-not-track tools. Some suggest adding a do-not-track option directly into browsers, while others are in favor of different software that can curb data collection altogether.

With regular website cookies come other tracking cookies that help the sites we’re visiting identify our user pattern and collect our data. Current data collection practices aren’t transparent, so we have no idea what these sites are up to once they have what they need.

Failure to comply

The universal do-not-track button goes as far as requesting a website that a user’s information not be tracked as they browse a site. However there’s no guarantee that the site will comply with the request.

This option does close to nothing in terms of blocking the websites access, largely because it can’t. Google’s recent fine for lifting data from open Wi-Fi connections without user permission and Facebook’s accessing people’s texts on app user’s cell phones is proof that firms don’t always adhere to the norms of privacy – and those are two really big firms.

At best a do-no-track tool will lull you into a false sense of security where in reality you have more than one front to protect yourself on. Large private firms aren’t the only ones stealing data; there are numerous other threats which one needs to take into account.

Monsters beneath your bed

Fighting against tracking cookies alone is as much the same as looking for the monster in the closet without realizing what’s hiding under your bed.

Options such as AVG’s Do-Not-Track or DNT+ will only go as far as the do-not-track button is meant to. However, PC monitoring tools and other forms of spyware could already exist on your system – granted the data would be going to a person and not a company.

Most computer monitoring software is wired to record your browsing history. Whether or not you’re deleting your cookies becomes irrelevant here. The same is the case with spyware or malware that you mistakenly download by clicking on obscure links or opening spam emails.

No free lunches

Free Wi-Fi is a real treat till you realize that there’s a chance it’s been decked up with computer monitoring software which can record every move you make on your browser. Software such are Firesheep and Wireshark can easily make their way into your system if you’re on a network that has them preinstalled. The Wi-Fi owner has no need to break into your system manually or be anywhere near you to figure out what you’re using the Wi-Fi for.

The WiFi LogoThat’s if you’re using someone else’s Wi-Fi. However even if your own Wi-Fi is open you’re in danger of being attacked. During 2010 reports that Google was lifting private data through open Wi-Fi’s first surfaced, and regardless of how apologetic Google was, it never stopped the practice.

Even with new laws in place for the preservation of user data and more transparency as to what cookies are infiltrating user systems, there’s still a large potential for data collection against a user’s will.

The best idea would be to take a holistic approach to your browsing experience and stay safe from all sides – after all don’t-track-tools are only one a small aspect of online safety, not the key.