Privacy In BitTorrent By Hiding In the Crowd 240
pinguin-geek writes "Researchers at the McCormick School of Engineering and Applied Science at Northwestern University have identified a new 'guilt-by-association' threat to privacy in peer-to-peer (P2P) systems that would enable an eavesdropper to accurately classify groups of users with similar download behavior. While many have pointed out that the data exchanged over these connections can reveal personal information about users, the researchers shows that only the patterns of connections — not the data itself — is sufficient to create a powerful threat to user privacy. To thwart this threat, they have released SwarmScreen, a publicly available, open source software that restores privacy by masking a user's real download activity in such a manner as to disrupt classification."
only works with (Score:3, Insightful)
Re:only works with (Score:5, Insightful)
Vuze (azureus), which I dropped because of how bloated it is. Why java? utorrent is the way to go.
Vuze's bloat problem isn't Java.
It's feature creep. Sometimes I just want to download a torrent.
I Know Where This Is Going (Score:5, Insightful)
The endless cat & mouse game continues
Re:only works with (Score:3, Insightful)
Re:So now not only am I guilty being a linux nerd (Score:3, Insightful)
Legitimate uses (Score:5, Insightful)
Can companies that use bit-torrent to do legitimate work speak out in its defense? I fear the "guilty by association" is much more along the lines of "you use bit-torrent, therefore your guilty".
Frankly if this improves upon that, it might be a help to bit-torrent users that aren't pirates.
Re:Here's an idea... (Score:5, Insightful)
Download random data from BitTorrent (Score:5, Insightful)
Okay...
According to TFA, their software will download random data from BitTorrent to your system to hide what you really wanted to dowload within a cloud of random downloads.
Are you SURE you want to allow random data from BitTorrent to be downloaded onto your computer? There's a LOT of stuff out there that I wouldn't want even the remote chance (e.g. being selected randomly) of having it on my computer.
Just sayin'.
-JJS
Summary of Story (Score:5, Insightful)
Here's a summary of their findings, because the one provided by Slashdot doesn't really do a good job in my opinion of describing it.
BitTorrent downloaders apparently fall into "communities" that have very similar downloading patterns. In light of this, they think that it would be possible for an argument to be made, that if one member of a community is downloading X, that the behavior can be imputed through guilt-by-association onto all other members of that community. Therefore, you wouldn't necessarily need evidence that a given member of a community actually engaged in the downloading, due to the high degree of correlation between community member downloads.
This strikes me as a bit of dubious reasoning from a legal standpoint, as just because you hang out with a bunch of mobsters all day, and there's a high correlation of that with committing theft, doesn't mean they can try you for robbery just through guilt-by-association without more evidence that you're a robber. Still, courts have made weird conclusions in the past simply because computers and the Internet are involved.
For now, their software and idea mostly seems like a neat proof-of-concept. Until someone actually tries to deploy this legal argument in a court somewhere, I don't think I'll be losing too much sleep over this. Might be worthwhile for someone in a totalitarian regime that for some reason needs to be downloading over BitTorrent, but I don't know how realistic a concern that really is.
Re:only works with (Score:2, Insightful)
So you like things needlessly eating up more resources?
What's the point of buying RAM and CPU only to have it underutilized all the time? You might as well go back to only having 16 megs of RAM and a 386 if you are going to complain about 1% usage of CPU and 7.5% usage of total RAM.
Re:only works with (Score:4, Insightful)
Vuze's bloat problem isn't Java.
While I know some stunning things done in java, the four most bloated applications I know are also written in java. I guess it's like C/C++ and buffer overflows, those who like the langauge say good developers don't do that but in practise java seems to lend itself easily to bloat. In theory any developer can do anything in any language that's Turing-complete, it all comes down to how productive real developers are in practise...
Only protects from profiling ISPs (Score:5, Insightful)
This only solves part of the problem (Score:2, Insightful)
While this seems like a great idea if you're being targeted at random to see what you're downloading (and by proxy getting the community at large) it won't help if Symantec, MS, EA, etc., catches you downloading their software from a honeypot seeder. It seems to be that the only true protection is the use of darknets and sharing with friends only.
The only problem there is it isolates the users from the community so much that it's hard to get the wares because there is no set distribution pipe, only the hopes that somebody in your darknet/friends list downloaded what you want. Otherwise you must begin the search for a network that has what you're looking for, and hope you can trust them to not be law enforcement.
Re:only works with (Score:4, Insightful)
Well, it seems to be open source and gives the developers all the stuff they need to code such a plugin. Except memory usage (which I got plenty to use), I don't see it uses more than 2-5% CPU too. As a person who wants to use P2P technology but in a way that I can pay for the content, their "Vuze Guide" gives me what I need too.
and uTorrent? The one acquired by DRM loving Bittorrent.com because it was way too popular compared to their junk client and nobody knows what is inside it anymore? Before attacking an application as "bloated", pick your other suggestion well.
Even if it supported plugins, releasing such a privacy enhancing plugin for uTorrent would be the irony of the month.
Re:Here's an idea... (Score:1, Insightful)
At what point did it become OK to steal shit because we think the price is too high?
At the same point at which some people thought "there, I did some work, now you will pay me for the rest of my life and I won't have to work anymore. You, however, will have to work for the rest of your life, so that you could pay me for the rest of my life".
And I also record stuff from TV. I have 40 VHS tapes from the last year to prove it.
Re:only works with (Score:1, Insightful)
You can turn off the annoying Vuze interface and revert it back to the "classic" non-cluttered mode.
Re:Here's an idea... (Score:3, Insightful)
Re:Where no client has gone before... (Score:2, Insightful)
Re:Here's a novel idea: Don't FUCKING STEAL !! (Score:4, Insightful)
I'll be damned if I'm writing up a whole new response every time someone equates copyright infringement with stealing, so instead you can read what is mostly a comment I posted to a discussion of The Pirate Bay's trial (edited a little to be more universal)
Copyright infringement is a distinct thing from theft. They are two separately defined legal terms, plain and simple, not the same thing. They are both illegal. They are not the same crime.
The ethics of whether copyright law should be changed or abolished, whether infringement should be made legal (and hence would no longer be "infringing") and whether illegal copyright infringement can be right or moral are all entirely separate issues. The only thing I'm saying here is that "Theft" and "Copyright Infringement" are two clear and distinct terms with different meanings under the law. There is no reason whatsoever to conflate them, and pretend they mean exactly the same thing.
Well, not quite true - there is one reason, and as far as I can see it's the only reason, and that's because "Pirates are stealing our music" has more emotional impact then "Our copyright is being infringed". The whole "you wouldn't steal a..." campaign, for example, relies on erasing the difference in people's minds between theft and infringement, to make them feel bad about something they may otherwise have been doing without thinking about it. This doesn't change the legal side of things, only peoples' perceptions, but perceptions can be powerful. The industry are using that to their advantage and I for one don't like their way of doing it, so I'll insist on correct use of the terminology.
You could even draw parallels with Orwell (although doing so feels cliched) - the 'Newspeak' idea revolved around removing words with similar meanings so that varied and nuanced ideas would be collapsed into a single concept. All forms of political dissent, freedom fighting and the like would be lumped together with terrorism and criminality, under the label "thoughtcrime", making the not-so-bad sound as bad as the very worst. Putting theft and copyright infringement together under "stealing" is the same - suddenly infringement sounds just as bad as theft because you're calling both of them stealing.
Legally speaking, they're separate, and whether infringement is as morally bad as theft or not is a side issue to be determined separately (and personally) but if we let them convince us that they're just the same thing then the debate will be over without it ever having taken place.