Privacy In BitTorrent By Hiding In the Crowd

pinguin-geek writes "Researchers at the McCormick School of Engineering and Applied Science at Northwestern University have identified a new 'guilt-by-association' threat to privacy in peer-to-peer (P2P) systems that would enable an eavesdropper to accurately classify groups of users with similar download behavior. While many have pointed out that the data exchanged over these connections can reveal personal information about users, the researchers shows that only the patterns of connections — not the data itself — is sufficient to create a powerful threat to user privacy. To thwart this threat, they have released SwarmScreen, a publicly available, open source software that restores privacy by masking a user's real download activity in such a manner as to disrupt classification."

only works with

[esocid (946821)]

Vuze (azureus), which I dropped because of how bloated it is. Why java? utorrent is the way to go.

Re:only works with

[Akido37 (1473009)]

Vuze (azureus), which I dropped because of how bloated it is. Why java? utorrent is the way to go.

Vuze's bloat problem isn't Java.

It's feature creep. Sometimes I just want to download a torrent.

Re:only works with

[courseofhumanevents (1168415)]

I wish there was a +1 Correct mod. This isn't exactly insightful or interesting.

Re:only works with

[KenMcM (1293074)]

That'd be +1 Informative.

Re:

[by Anonymous Coward]

Correct! :)

I mean.. informative!

Re:only works with

[Kjella (173770)]

Vuze's bloat problem isn't Java.

While I know some stunning things done in java, the four most bloated applications I know are also written in java. I guess it's like C/C++ and buffer overflows, those who like the langauge say good developers don't do that but in practise java seems to lend itself easily to bloat. In theory any developer can do anything in any language that's Turing-complete, it all comes down to how productive real developers are in practise...

Re:

[Maxo-Texas (864189)]

Openoffice is written in c++.

http://download.cnet.com/OpenOffice-org-Windows/3000-2064_4-10263109.html [cnet.com] ...OpenOffice.org runs on Solaris, Linux (including PPC Linux), and Windows. Written in C++ and with documented APIs licensed under the LGPL and SISSL open-source protocols, OpenOffice.org allows any knowledgeable developer to benefit from the source...

Re:only works with

[AliasMarlowe (1042386)]

Vuze's bloat problem isn't Java.
It's feature creep. Sometimes I just want to download a torrent.

I'd call it malfeature creep with a commercial bent, in an unnatural union with a hideously malformed GUI.
I installed Vuze innocently and optimistically enough, but as soon as I started it and saw the abomination appear, its days - nay, minutes - on my system were numbered. It was utterly expunged after a quick kill.

Re:only works with

[Ilgaz (86384)]

Set it to Run in "Advanced Mode" on startup. And for "just downloading a torrent", I don't think anything will beat rtorrent from console.

Re:Here's a novel idea: Don't FUCKING STEAL !!

[mpeskett (1221084)]

I'll be damned if I'm writing up a whole new response every time someone equates copyright infringement with stealing, so instead you can read what is mostly a comment I posted to a discussion of The Pirate Bay's trial (edited a little to be more universal)

Copyright infringement is a distinct thing from theft. They are two separately defined legal terms, plain and simple, not the same thing. They are both illegal. They are not the same crime.

The ethics of whether copyright law should be changed or abolished, whether infringement should be made legal (and hence would no longer be "infringing") and whether illegal copyright infringement can be right or moral are all entirely separate issues. The only thing I'm saying here is that "Theft" and "Copyright Infringement" are two clear and distinct terms with different meanings under the law. There is no reason whatsoever to conflate them, and pretend they mean exactly the same thing.

Well, not quite true - there is one reason, and as far as I can see it's the only reason, and that's because "Pirates are stealing our music" has more emotional impact then "Our copyright is being infringed". The whole "you wouldn't steal a..." campaign, for example, relies on erasing the difference in people's minds between theft and infringement, to make them feel bad about something they may otherwise have been doing without thinking about it. This doesn't change the legal side of things, only peoples' perceptions, but perceptions can be powerful. The industry are using that to their advantage and I for one don't like their way of doing it, so I'll insist on correct use of the terminology.

You could even draw parallels with Orwell (although doing so feels cliched) - the 'Newspeak' idea revolved around removing words with similar meanings so that varied and nuanced ideas would be collapsed into a single concept. All forms of political dissent, freedom fighting and the like would be lumped together with terrorism and criminality, under the label "thoughtcrime", making the not-so-bad sound as bad as the very worst. Putting theft and copyright infringement together under "stealing" is the same - suddenly infringement sounds just as bad as theft because you're calling both of them stealing.

Legally speaking, they're separate, and whether infringement is as morally bad as theft or not is a side issue to be determined separately (and personally) but if we let them convince us that they're just the same thing then the debate will be over without it ever having taken place.

Re:only works with

[0100010001010011 (652467)]

Utorrent, which I dropped because of how bloated it is. Why GUI? rtorrent is the way to go.

Re:only works with

[Rip Dick (1207150)]

Yeah, it's 4,500K memory footprint is ridiculous.

.... alright... Why terminal? Raw socket is the wa

[SmallFurryCreature (593017)]

...alright...why terminal? Raw socket is the way to go!

Re:.... alright... Why terminal? Raw socket is the

[c0p0n (770852)]

Unless you can interface directly with the network media using a battery and a metal pin, STFU.

Re:.... alright... Why terminal? Raw socket is the

[Mister Whirly (964219)]

I can get WiFi on the fillings in my teeth.
Oh, hang on a sec, downloading an attachment!

Re:.... alright... Why terminal? Raw socket is the

[pbhj (607776)]

What do you need the battery for? Stick the pin in your brain at one end and use nerve impulses to generate the charge to send the signals with ...

Re:

[talz13 (884474)]

Since it runs on every platform that supports java? Since it has useful plugins? Since taking up 1% of my CPU and 300MB of ram to seed 10 torrents doesn't bother me much on a quad core with 4GB of RAM?

Re:

[FinchWorld (845331)]

"Since taking up 1% of my CPU and 300MB of ram to seed 10 torrents doesn't bother me much on a quad core with 4GB of RAM?"

So you like things needlessly eating up more resources? Man, you should run a vista vm, inside a vista vm, on vista!

Re:

[Larry Clotter (1527741)]

So you like things needlessly eating up more resources?

What's the point of buying RAM and CPU only to have it underutilized all the time? You might as well go back to only having 16 megs of RAM and a 386 if you are going to complain about 1% usage of CPU and 7.5% usage of total RAM.

Re:

[by Anonymous Coward]

What's the point of buying RAM and CPU only to have it underutilized all the time?

You over bought then. If global warming is a real concern, then it should matter to you that software is inefficient. True it may not matter a lot that one person is running some bloatware, but when you've got three hundred million people running bloatware, then being a few percent more efficient makes sense.

Re:only works with

[Mister Whirly (964219)]

Exactly. What is the point of having your CPU idle? Wouldn't the ideal be to use as much resources as you can all the time? I have never understood why people build these massive computing machines and then never do any serious computing.

Re:

[totally bogus dude (1040246)]

Your bizarre "I've got so much memory I'd better use 300 megs to do tasks that could be done in 3 so as not to waste it!" made me laugh, so thank you.

But if you have more than enough RAM to cover all the other tasks along with the torrents you are running why should you care? You seem to be complaining about usage of the system resources that is a pittance in the total pool of available memory and CPU.

You're making the assumption that there is enough RAM to cover all the other tasks, but that's an assumption you're making based on your own usage patterns. Wasting a few hundred megs will reduce the amount of memory you can comfortably allocate to virtual machines, for example. Some software will happily suck up as much memory as it can to improve performance

Re:

[Ilgaz (86384)]

Funny is, these are the same people demanding 64bit Flash plugin because they run 64bit browser on an 64bit OS.

If Apple was decent enough (or developers could code anything actually multi arch) to release Snow Leopard for 64bit G5 Macs, I would upgrade to 8 GB (from 4.5 GB) on my Quad G5 in no time. Its max is 16GB btw.

Re:

[Ilgaz (86384)]

It took uTorrent guys 1 or more years to ship a OS X version even while their code is still i386 only. The idea of "run on every platform which has a sane Java and support everything" will keep sending developers/researchers to Vuze no matter how much it is attacked by Java and even paid commercial content hating hating people.

Let me remind again that uTorrent is NOT an open source software which is also owned by MPAA/RIAA members partners Bittorrent.com.

They do a great job hiding that fact lately it seems.

Re:only works with Vuze

[denis-The-menace (471988)]

Bloat is not the word.

Vuze is a F-ing multimedia billboard.
It even plays commercials while you try to figure out what the F--k you just launched!

All the tools to tweak it as to not piss off my ISP are gone. I went uTorrent and kicked myself I didn't do it sooner.

Re:only works with Vuze

[memorycardfull (1187485)]

Agreed. The word is adware.

Re:only works with Vuze

[YouWantFriesWithThat (1123591)]

what in the devil are you talking about? is that a new version? are you running it in simple mode?

seriously, i used Vuze last night. there were no ads, no commercials, nothing. i always run in advanced mode. there is a menu bar and 2 windows: uploads, and downloads. i don't use it to play media or manage the files. dump files to the desktop and i move them where i want.

shit, if there are commercials in the new version i am not going to update.

Re:

[wud (709053)]

i use torrent flux, and it destroys everything else. LAMP based, so I can access it from any computer in my house. I strongly recommend it. http://www.torrentflux.com/ [torrentflux.com]

Re:only works with

[drchoffnes (1256396)]

(From the one of the software authors) UTorrent doesn't support plugins and is closed source. If that were to change, we'd happily develop for it.

Re:only works with

[Ilgaz (86384)]

Well, it seems to be open source and gives the developers all the stuff they need to code such a plugin. Except memory usage (which I got plenty to use), I don't see it uses more than 2-5% CPU too. As a person who wants to use P2P technology but in a way that I can pay for the content, their "Vuze Guide" gives me what I need too.

and uTorrent? The one acquired by DRM loving Bittorrent.com because it was way too popular compared to their junk client and nobody knows what is inside it anymore? Before attacking an application as "bloated", pick your other suggestion well.

Even if it supported plugins, releasing such a privacy enhancing plugin for uTorrent would be the irony of the month.

Ahh, great, just what we needed

[galorin (837773)]

Now my downloading of Linux ISO's and pre-release movies is going to be mingled with horse porn. Just what I always wanted.

Re:

[ndavis (1499237)]

Now my downloading of Linux ISO's and pre-release movies is going to be mingled with horse porn. Just what I always wanted.

Nope instead it will always show you downloading a CD from the RIAA so they can send you a bill. This is the new idea to raise money you write a program that makes everyone look like a criminal.

Maybe if we did do this we could invalidate their methods?

So now not only am I guilty being a linux nerd

[Captian Spazzz (1506193)]

But now this thing will start running kiddie porn and illegal software, viruses and Malware though my connection as well so that I don't get classified as any.

I'd love to see what defence you use when your door gets bashed in in the middle of the night.

Re:

[Ontheotherhand (796949)]

The best defence must be to start objecting to the state behaving in such a facist fashion. Probably best to start objecting before they break down the door, though.

Re:So now not only am I guilty being a linux nerd

[castironpigeon (1056188)]

Help! Help! I'm being repressed!

I Know Where This Is Going

[by Anonymous Coward]

RIAA Lawyer: We obtained a warrant to search the defendant's home when traffic was identified as being characteristic of SwarmScreen. When the defendant's machine was recovered, we discovered they indeed had SwarmScreen installed--a program only used to subvert our techniques of classifying thieves. That, ladies and gentlemen of the jury, should be enough for indication of guilt.

The endless cat & mouse game continues ...

Where no client has gone before...

[geekmux (1040042)]

Ah, if the concern is to perhaps be falsely accused of masking your download content with SwarmScreen, then why not just write in that feature to every torrent client out there?

Yes, we know where this COULD go in the legal system, but oddly enough, Common F. Sense has reported absent from our legal system for the last decade or two...

Legitimate uses

[olddotter (638430)]

Can companies that use bit-torrent to do legitimate work speak out in its defense? I fear the "guilty by association" is much more along the lines of "you use bit-torrent, therefore your guilty".

Frankly if this improves upon that, it might be a help to bit-torrent users that aren't pirates.

Re:

[Richard_at_work (517087)]

I think it goes deeper than that - what are the legitimate:nonlegitimate traffic ratios on trackers? Its not as simple as saying 'BitTorrent has legal uses' if a particular popular tracker has no legitimate torrents.

Download random data from BitTorrent

[JeffSpudrinski (1310127)]

Okay...

According to TFA, their software will download random data from BitTorrent to your system to hide what you really wanted to dowload within a cloud of random downloads.

Are you SURE you want to allow random data from BitTorrent to be downloaded onto your computer? There's a LOT of stuff out there that I wouldn't want even the remote chance (e.g. being selected randomly) of having it on my computer.

Just sayin'.

-JJS

Re:Download random data from BitTorrent

[Kjella (173770)]

If you actually read the details you will find that it's not really random, but random from a set you give it. So, if you give swarmscreen a site w/, legal software, then it would only download from there.

Unless there's a significant overlap between both sources causing confusion on whether you're downloading legal or illegal content, I don't see how it can work. If it's as distinct as they say it should be easy to create a signature of legal sites and subtract any connections to them from your total bittorrent presence, effectively dissolving the smoke screen.

Summary of Story

[manekineko2 (1052430)]

Here's a summary of their findings, because the one provided by Slashdot doesn't really do a good job in my opinion of describing it.

BitTorrent downloaders apparently fall into "communities" that have very similar downloading patterns. In light of this, they think that it would be possible for an argument to be made, that if one member of a community is downloading X, that the behavior can be imputed through guilt-by-association onto all other members of that community. Therefore, you wouldn't necessarily need evidence that a given member of a community actually engaged in the downloading, due to the high degree of correlation between community member downloads.

This strikes me as a bit of dubious reasoning from a legal standpoint, as just because you hang out with a bunch of mobsters all day, and there's a high correlation of that with committing theft, doesn't mean they can try you for robbery just through guilt-by-association without more evidence that you're a robber. Still, courts have made weird conclusions in the past simply because computers and the Internet are involved.

For now, their software and idea mostly seems like a neat proof-of-concept. Until someone actually tries to deploy this legal argument in a court somewhere, I don't think I'll be losing too much sleep over this. Might be worthwhile for someone in a totalitarian regime that for some reason needs to be downloading over BitTorrent, but I don't know how realistic a concern that really is.

Re:

[burris (122191)]

Perhaps this creates enough "reasonable doubt" to evade a criminal conviction in the absence of other evidence. However, for a civil infringement suit the standard of proof is the much lower "preponderance of evidence."

In the USA at least...

Re:

[hemp (36945)]

What world do you live in?

Associating with known terrorist groups will automatically get you labeled as a terrorist and win you either execution or jail time.
 

"Little Brother" come to life

[yourexhalekiss (833943)]

It seems like more and more of Cory Doctorow's book "Little Brother" is coming to life. In relation to this article, see chaff [paranoidlinux.org].

Only protects from profiling ISPs

[bjamesv (1528503)]

By firing up random connections, this only protects you from an ISP that is profiling your use. The MPAA can still go fire up a bitorrent client, join a swarm downloading content they claim copyright on and start writing down the IP of everyone who is participating. And then they call up your ISP. this 'masking' technique doesnt actually 'mask' anything very well.

This only solves part of the problem

[Crashspeeder (1468723)]

While this seems like a great idea if you're being targeted at random to see what you're downloading (and by proxy getting the community at large) it won't help if Symantec, MS, EA, etc., catches you downloading their software from a honeypot seeder. It seems to be that the only true protection is the use of darknets and sharing with friends only.

The only problem there is it isolates the users from the community so much that it's hard to get the wares because there is no set distribution pipe, only the hop

What's wrong with PeerGuardian?

[macraig (621737)]

If one doesn't like eavesdropping, what's wrong with simply dropping connection attempts from the IPs of known or suspected eavesdroppers? If I'm using PeerGuardian, why do I need SwarmScreen?

Re:Here's an idea...

[holychicken (1307483)]

It does not necessarily have to do with stealing. It is a privacy concern. Do you want someone being able to watch you without you knowing and getting a ton of information about you by doing so? Whether or not I am stealing, I do not want that. I suspect you do not want that either.

Re:

[memorycardfull (1187485)]

I taped music off the radio and LP's when I was a kid. It seems to me that people really are saying that they don't like the price and they aren't going to buy it. I think that radio is an outdated legacy medium and a waste of bandwidth that should die and the frequencies should be used for wireless digital networks. I also think that current concepts of patent and copyright are just as outdated and backward. Perhaps this is the wrong forum to express this view, but if you are basing your business model