Privacy In BitTorrent By Hiding In the Crowd

pinguin-geek writes "Researchers at the McCormick School of Engineering and Applied Science at Northwestern University have identified a new 'guilt-by-association' threat to privacy in peer-to-peer (P2P) systems that would enable an eavesdropper to accurately classify groups of users with similar download behavior. While many have pointed out that the data exchanged over these connections can reveal personal information about users, the researchers shows that only the patterns of connections — not the data itself — is sufficient to create a powerful threat to user privacy. To thwart this threat, they have released SwarmScreen, a publicly available, open source software that restores privacy by masking a user's real download activity in such a manner as to disrupt classification."

only works with

[esocid]

Vuze (azureus), which I dropped because of how bloated it is. Why java? utorrent is the way to go.

Re:only works with

[Akido37]

Vuze (azureus), which I dropped because of how bloated it is. Why java? utorrent is the way to go.

Vuze's bloat problem isn't Java.

It's feature creep. Sometimes I just want to download a torrent.

I Know Where This Is Going

[Anonymous Coward]

RIAA Lawyer: We obtained a warrant to search the defendant's home when traffic was identified as being characteristic of SwarmScreen. When the defendant's machine was recovered, we discovered they indeed had SwarmScreen installed--a program only used to subvert our techniques of classifying thieves. That, ladies and gentlemen of the jury, should be enough for indication of guilt.

The endless cat & mouse game continues ...

Re:only works with

[talz13]

Since it runs on every platform that supports java? Since it has useful plugins? Since taking up 1% of my CPU and 300MB of ram to seed 10 torrents doesn't bother me much on a quad core with 4GB of RAM?

Re:So now not only am I guilty being a linux nerd

[Ontheotherhand]

The best defence must be to start objecting to the state behaving in such a facist fashion. Probably best to start objecting before they break down the door, though.

Legitimate uses

[olddotter]

Can companies that use bit-torrent to do legitimate work speak out in its defense? I fear the "guilty by association" is much more along the lines of "you use bit-torrent, therefore your guilty".

Frankly if this improves upon that, it might be a help to bit-torrent users that aren't pirates.

Re:Here's an idea...

[holychicken]

It does not necessarily have to do with stealing. It is a privacy concern. Do you want someone being able to watch you without you knowing and getting a ton of information about you by doing so? Whether or not I am stealing, I do not want that. I suspect you do not want that either.

Download random data from BitTorrent

[JeffSpudrinski]

Okay...

According to TFA, their software will download random data from BitTorrent to your system to hide what you really wanted to dowload within a cloud of random downloads.

Are you SURE you want to allow random data from BitTorrent to be downloaded onto your computer? There's a LOT of stuff out there that I wouldn't want even the remote chance (e.g. being selected randomly) of having it on my computer.

Just sayin'.

-JJS

Summary of Story

[manekineko2]

Here's a summary of their findings, because the one provided by Slashdot doesn't really do a good job in my opinion of describing it.

BitTorrent downloaders apparently fall into "communities" that have very similar downloading patterns. In light of this, they think that it would be possible for an argument to be made, that if one member of a community is downloading X, that the behavior can be imputed through guilt-by-association onto all other members of that community. Therefore, you wouldn't necessarily need evidence that a given member of a community actually engaged in the downloading, due to the high degree of correlation between community member downloads.

This strikes me as a bit of dubious reasoning from a legal standpoint, as just because you hang out with a bunch of mobsters all day, and there's a high correlation of that with committing theft, doesn't mean they can try you for robbery just through guilt-by-association without more evidence that you're a robber. Still, courts have made weird conclusions in the past simply because computers and the Internet are involved.

For now, their software and idea mostly seems like a neat proof-of-concept. Until someone actually tries to deploy this legal argument in a court somewhere, I don't think I'll be losing too much sleep over this. Might be worthwhile for someone in a totalitarian regime that for some reason needs to be downloading over BitTorrent, but I don't know how realistic a concern that really is.

Re:only works with

[Larry Clotter]

So you like things needlessly eating up more resources?

What's the point of buying RAM and CPU only to have it underutilized all the time? You might as well go back to only having 16 megs of RAM and a 386 if you are going to complain about 1% usage of CPU and 7.5% usage of total RAM.

Re:only works with

[Kjella]

Vuze's bloat problem isn't Java.

While I know some stunning things done in java, the four most bloated applications I know are also written in java. I guess it's like C/C++ and buffer overflows, those who like the langauge say good developers don't do that but in practise java seems to lend itself easily to bloat. In theory any developer can do anything in any language that's Turing-complete, it all comes down to how productive real developers are in practise...

Only protects from profiling ISPs

[bjamesv]

By firing up random connections, this only protects you from an ISP that is profiling your use. The MPAA can still go fire up a bitorrent client, join a swarm downloading content they claim copyright on and start writing down the IP of everyone who is participating. And then they call up your ISP. this 'masking' technique doesnt actually 'mask' anything very well.

This only solves part of the problem

[Crashspeeder]

While this seems like a great idea if you're being targeted at random to see what you're downloading (and by proxy getting the community at large) it won't help if Symantec, MS, EA, etc., catches you downloading their software from a honeypot seeder. It seems to be that the only true protection is the use of darknets and sharing with friends only.

The only problem there is it isolates the users from the community so much that it's hard to get the wares because there is no set distribution pipe, only the hopes that somebody in your darknet/friends list downloaded what you want. Otherwise you must begin the search for a network that has what you're looking for, and hope you can trust them to not be law enforcement.

Re:only works with

[Ilgaz]

Well, it seems to be open source and gives the developers all the stuff they need to code such a plugin. Except memory usage (which I got plenty to use), I don't see it uses more than 2-5% CPU too. As a person who wants to use P2P technology but in a way that I can pay for the content, their "Vuze Guide" gives me what I need too.

and uTorrent? The one acquired by DRM loving Bittorrent.com because it was way too popular compared to their junk client and nobody knows what is inside it anymore? Before attacking an application as "bloated", pick your other suggestion well.

Even if it supported plugins, releasing such a privacy enhancing plugin for uTorrent would be the irony of the month.

Re:Here's an idea...

[Anonymous Coward]

At what point did it become OK to steal shit because we think the price is too high?

At the same point at which some people thought "there, I did some work, now you will pay me for the rest of my life and I won't have to work anymore. You, however, will have to work for the rest of your life, so that you could pay me for the rest of my life".

And I also record stuff from TV. I have 40 VHS tapes from the last year to prove it.

Re:only works with

[Anonymous Coward]

You can turn off the annoying Vuze interface and revert it back to the "classic" non-cluttered mode.

Re:Here's an idea...

[memorycardfull]

I taped music off the radio and LP's when I was a kid. It seems to me that people really are saying that they don't like the price and they aren't going to buy it. I think that radio is an outdated legacy medium and a waste of bandwidth that should die and the frequencies should be used for wireless digital networks. I also think that current concepts of patent and copyright are just as outdated and backward. Perhaps this is the wrong forum to express this view, but if you are basing your business model entirely on trying to make a commodity out of something that can be reproduced at no cost by anyone using ubiquitous technology you might want to reconsider your business strategy. That isn't a justification for stealing, that is pragmatic realism. No matter how loud you yell in ALLCAPS, the kids are just not going to get off of your lawn. It's not going to be practical to round them all up and send them to jail for stealing either, because there are just too many of them and the jails are already stuffed full of harmless pot dealers. I suppose you could try to fine the hell out of them to recoup perceived loss but you can't get blood from a rock, especially these days. It seems to me that massive civil disobedience can be literally construed as criminal conduct but historically it is usually an indication from the citizenry that the law needs to change somehow because it does not reflect modern moires and sensibilities.

Re:Where no client has gone before...

[sbeckstead]

Actually you are quite wrong, we, the intelligent ones, have killed common sense ourselves by not having enough children WITH common sense to make a difference. Further we have disdained the voting process and let the morons run the school boards, the ogres run the police and the uninformed make the rest of our decisions for us. We need a smart people forced breeding program and a full eugenics program to make up for the idiocracy we have created.

Re:Here's a novel idea: Don't FUCKING STEAL !!

[mpeskett]

I'll be damned if I'm writing up a whole new response every time someone equates copyright infringement with stealing, so instead you can read what is mostly a comment I posted to a discussion of The Pirate Bay's trial (edited a little to be more universal)

Copyright infringement is a distinct thing from theft. They are two separately defined legal terms, plain and simple, not the same thing. They are both illegal. They are not the same crime.

The ethics of whether copyright law should be changed or abolished, whether infringement should be made legal (and hence would no longer be "infringing") and whether illegal copyright infringement can be right or moral are all entirely separate issues. The only thing I'm saying here is that "Theft" and "Copyright Infringement" are two clear and distinct terms with different meanings under the law. There is no reason whatsoever to conflate them, and pretend they mean exactly the same thing.

Well, not quite true - there is one reason, and as far as I can see it's the only reason, and that's because "Pirates are stealing our music" has more emotional impact then "Our copyright is being infringed". The whole "you wouldn't steal a..." campaign, for example, relies on erasing the difference in people's minds between theft and infringement, to make them feel bad about something they may otherwise have been doing without thinking about it. This doesn't change the legal side of things, only peoples' perceptions, but perceptions can be powerful. The industry are using that to their advantage and I for one don't like their way of doing it, so I'll insist on correct use of the terminology.

You could even draw parallels with Orwell (although doing so feels cliched) - the 'Newspeak' idea revolved around removing words with similar meanings so that varied and nuanced ideas would be collapsed into a single concept. All forms of political dissent, freedom fighting and the like would be lumped together with terrorism and criminality, under the label "thoughtcrime", making the not-so-bad sound as bad as the very worst. Putting theft and copyright infringement together under "stealing" is the same - suddenly infringement sounds just as bad as theft because you're calling both of them stealing.

Legally speaking, they're separate, and whether infringement is as morally bad as theft or not is a side issue to be determined separately (and personally) but if we let them convince us that they're just the same thing then the debate will be over without it ever having taken place.