Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Security The Internet Your Rights Online

Researchers ID Skype, BitTorrent Users 180

itwbennett writes "Researchers have figured out a way to link online Skype users to their activity on peer-to-peer networks like BitTorrent. The team was able to sift out the nodes through which Skype calls are routed and determine the user's real IP address by sniffing the packets. To correlate the identified Skype users with files shared on BitTorrent, the researchers built tools to collect BitTorrent file identifiers, a BitTorrent crawler to collect IP addresses on the network and a verifier to match an online Skype user with an online BitTorrent user (PDF). 'As soon as the BitTorrent crawler detects a matching IP address, it signals the verifier, which immediately calls the corresponding Skype user and, at the same time, initiates a handshake with the BitTorrent client,' they wrote."
This discussion has been archived. No new comments can be posted.

Researchers ID Skype, BitTorrent Users

Comments Filter:
  • Privacy is but an illusion.
    • by ackthpt ( 218170 )

      Privacy is but an illusion.

      Yep. RIAA & MPAA dollars at work? If not, I bet they are keenly interested. Very keenly.

      Still bugs me, 15+ years on that a lot of spam and other mischief on the internet hasn't been shut down. All the information is there.

    • Maybe the so called "researchers" (MAFIAA research department) need to leave that sh!t alone and respect my privacy. I looked into using Skype for Video conferencing but their application was incredibly intrusive.
  • by Anonymous Coward

    Unplug the internet!

  • C'mon!

      Where do they get off calling these guys researchers, when they are clearly criminals attempting to invade the reasonably expected privacy of Skype users and BT users? These guys are peeping toms at best and identity thieves at worse.

    Hold the organizations that employ these guys accountable.

    • I guess it will depend on who they are working for. If it is for the CIA, FBI or RIAA, then they are crime fighters. If they work for Anonymous, Wikileaks, or the Chinese government, then they are criminals.
    • Re:Researchers? (Score:5, Insightful)

      by joebok ( 457904 ) on Friday October 21, 2011 @12:59PM (#37795706) Homepage Journal

      If they were criminals, wouldn't they keep their methods secret in order to blackmail or otherwise monetize it in some way? Research like this is the only way that security gets better.

    • by Chirs ( 87576 ) on Friday October 21, 2011 @01:00PM (#37795720)

      If the researchers can do it, the bad guys may already be doing it.

      • by ackthpt ( 218170 )

        If the researchers can do it, the bad guys may already be doing it.

        If you mean RIAA or MPAA, they usually don't bother with this level of stuff, they just kick down your door, grab your stuff and up-end their Bucket o' Lawyers on your.

      • I don't think the sale of Skype is finalized yet but you can be sure as soon as it is this will be an invaluable tool of the Empire to combat piracy.
    • Are you some kind of dumbshit? You'd rather the government did this to you and you had no idea it was possible? Now we know this form of tracking is possible and we can develop a defense against it.
    • Re:Researchers? (Score:4, Informative)

      by Stalks ( 802193 ) * on Friday October 21, 2011 @01:04PM (#37795782)
      If you use bittorrent, then you should expect no privacy at all as the protocol openly allows others to get the list of users.
    • C'mon!

      Where do they get off calling these guys researchers, when they are clearly criminals attempting to invade the reasonably expected privacy of Skype users and BT users? These guys are peeping toms at best and identity thieves at worse.

      Hold the organizations that employ these guys accountable.

      I can only hope that my taxpayer money hasn't gone to fund this "research".

    • invade the reasonably expected privacy of Skype users and BT users?

      For Skype users you might have a point but bittorrent works by publicly broadcasting your IP to the swarm. That's like standing outside shouting your name and social security number and claiming you had an expectation of privacy.

    • by jdavidb ( 449077 )

      reasonably expected privacy

      In other words, you'd like everyone to see this issue the way you do, so you call your expectations reasonable and anyone who disagrees with you is unreasonable.

      Privacy costs. Not necessarily money, but it costs. Sure I avert my eyes if I run into someone's private moment, but if I really want to be private, I consider it my own responsibility to take precautions to achieve that.

  • So what's this old thing we used to call privacy? Is this even legal for them to be doing? Or will it, like everything else, fall into that gray area and be used against everyone?
    • What's illegal about it? What federal or state statute have they violated?

      • What's illegal about it? What federal or state statute have they violated?

        They have wiretapped your Skype calls for identifying information. Is that enough for you?

        • No they haven't. They've.only figured out the ip address. They aren't tapping the call.

          • On top of that, it's not even like they're sniffing out packets on a public network. As I understand it, Skype uses YOUR computer to route / connect calls you may not be involved in. It seems to me that if someone sends an IP packet to your PC, you should be able to do anything with it you please. Sending malicious packets to another PC may be another story...
      • Re:Privacy (Score:5, Interesting)

        by znerk ( 1162519 ) on Friday October 21, 2011 @01:16PM (#37796004)

        What's illegal about it? What federal or state statute have they violated?

        Wiretapping. Conspiracy to collect information assumed to be private, via technological means.
        Robocalling (the Skype phone, duh). Wardialing (same thing).

        They've violated a boatload of communications regulations... and the fact that they did it as part of a multi-researcher study means it was premeditated, and they conspired to do it. Conspiracy to commit a misdemeanor is a felony.

        The problem here would be that anyone who tries to have them arrested and/or takes them to civil court will be presumed guilty of something, because why else would we care if someone can tie our online activities to our real-world identities?

        • Since when is your ip address assumed to private when you are publicly broadcasting it all the time?

          • by znerk ( 1162519 )

            How many people do you know, other than us slashdotters, that realize they have an IP address when their equipment has a connection to the internet?

            How many even know what an IP address is?

    • So what's this old thing we used to call privacy? Is this even legal for them to be doing? Or will it, like everything else, fall into that gray area and be used against everyone?

      You don't put private information on computers that are connected to other computers that you don't control, because the information will not stay private. There is no expectation of privacy on the internet, any more than there is an expectation of privacy in a theater, or at a sporting event, or in a restaurant, or rolling down the street as a passenger on a public bus.

      Tell me -- would you conduct confidential business at a restaurant, or store your private records under your seat at the theater, or go ov

  • Packet sniffing (Score:2, Interesting)

    by Anonymous Coward

    Seeing as how this relies on packet sniffing of an unaware party's network traffic, I'm pretty sure any application of this without a warrant would constitute wiretapping. Correct me if I'm wrong, but that's my understanding of it.

    • People are actually unaware that they are broadcasting their ip address when on the internet? Really? Especially those using bittorrent that works through broadcasting yourself to the swarm.

    • by mcavic ( 2007672 )
      Skype uses your computer to carry other people's traffic, and I assume BT is very similar. The question is whether you're entitled to sniff the data that's flowing through your own computer.

      In other words, if you stand outside my window, talk on your cell phone, and I hear you, it's not eavesdropping.

      That being said, Skype traffic is supposed to be encrypted.
      • The Skype protocol should be easy enough to detect, and all they need to know is that Skype is in use, not the communication data.
    • Nope doesn't seem that it requires any kind of interception, just specialized local traffic analysis. It does require that you have accurate personal information in your Skype profile. Good luck finding me from that.

  • by Andrewkov ( 140579 ) on Friday October 21, 2011 @12:59PM (#37795700)

    Ring ring... incoming Skype call, it's the RIAA.

  • by Jumperalex ( 185007 ) on Friday October 21, 2011 @12:59PM (#37795704)

    ring ring ring
    "Hello." ... ... ...
    "Hello? Is there anyone there?" ... ... ...
    "We know what you downloaded last summer!!!"

    • by ackthpt ( 218170 )

      ring ring ring
      "Hello." ... ... ...
      "Hello? Is there anyone there?" ... ... ...
      "We know what you downloaded last summer!!!"

      "Um. My house was burgled who curiously didn't break a window, lock or leave fingerprints anywhere. Prove me wrong!"

      • "We have a recording of your voice eminating from your Skype call at the IP assigned to your modem ... muwahahahahaha"

  • by spicyed ( 954272 ) on Friday October 21, 2011 @01:01PM (#37795736)
    All it is is data mining packets from skype nodes and comparing them to open torrent peer lists. This is not really surprising or scary to me. There are other 'researchers' who can link alot more data to you then this.
    • by ackthpt ( 218170 )

      All it is is data mining packets from skype nodes and comparing them to open torrent peer lists. This is not really surprising or scary to me. There are other 'researchers' who can link alot more data to you then this.

      All the better reason to lock down your wireless network.

      • by znerk ( 1162519 )

        All it is is data mining packets from skype nodes and comparing them to open torrent peer lists. This is not really surprising or scary to me. There are other 'researchers' who can link alot more data to you then this.

        All the better reason to lock down your wireless network.

        ... to make absolutely certain that the traffic they're sniffing couldn't possibly come from an outside agent?

        Way to paint a target on your forehead.

      • All it is is data mining packets from skype nodes and comparing them to open torrent peer lists. This is not really surprising or scary to me. There are other 'researchers' who can link alot more data to you then this.

        All the better reason to lock down your wireless network.

        I have mine unlocked thank you. I have a Netopia Wireless router which advertises two SSIDs. One is wide open for visitors and only has access to the internet. The other SSID can access both my internal network and the internet. This avoids my daughters friends having to ask what the password is every time they visit, and gives me some plausible deniability if I ever get questioned.

  • Are there any BT clients out there that don't encrypt their packets these days?

    • You are still broadcasting your ip even when using encryption. How else do you think you create connections to others in the swarm?

      • by Hadlock ( 143607 )

        Well if all they're doing is matching up IP addresses between two databases, what does it matter what protocol they're using? For that matter, why is this even newsworthy? The encrypted payload, and how they're tracking encrypted BT (or perhaps, more imporantly how they know the encrypted packet is a BT packet) packets without violating the DMCA is what I'm curious about.

        • How is crawling a bittorrent swarm violating the dmca? You do realize that your IP address is publicly broadcasted, right?

      • True, encryption defeats wiretapping, but not swarm monitoring.

    • Most are set not to force encryption by default. That said I've forced outgoing encryption on my seedbox and the uplink stays pegged all day. I've been thinking of forcing incoming encryption to see how it goes, pretty much all BT clients do support encryption.

  • by Anonymous Coward on Friday October 21, 2011 @01:03PM (#37795764)
    Because NAT and UPNP wouldn't make a random Skype user and a different BitTorrent user appear to be coming from the same IP address..
    • by vux984 ( 928602 )

      If the IP traces back to a verizon dsl modem, then its authoritative enough to know its either you or your mom. Just because there is some edge case out there doesn't change the fact that this CAN be used to sniff users out with high reliability a large percentage of the time.

    • For us poor linux users with poor Skype performance and and such, I've used SIP instead. Just recently the SIP provider IPPI.fr has added a skype gateway that appears to work great.

      I rarely use Bit Torrent as FTP is much faster for legal files, even if I was talking to someone on Skype while using BT, It would not show a connection. The Skype connection would be an IP in France.

      I use SIP instead of Skype. i can connect it to a telephone with an old Vontage adapter or a Linksys PAP2T. With IPKall, I have

    • by znerk ( 1162519 )

      Because NAT and UPNP wouldn't make a random Skype user and a different BitTorrent user appear to be coming from the same IP address..

      No, it wouldn't. "Random" implies that they wouldn't necessarily know each other, whereas "same ip" implies they have knowledge of one another, since they are operating from the same physical network address.

  • And why are we happy that researchers seem to think that the more that they can do to strip away privacy as actually a Good Thing? Why not instead work out systems to make our computers more resistant to virus/trojan/rootkit infections. THAT would actually benefit the majority of us overall.
    • by znerk ( 1162519 )

      The problem, despite my other posts in this thread, is not privacy. It's a lack of sane legislation.

      Copyright has become a joke, completely unenforceable for nearly any digital content. It has become more and more illegal to do things that would have been considered "fair use" just a few years ago. Adding to this is the fact that digital media can't be "loaned to a friend", which increases the feeling of being treated like a criminal, which causes the users to be less and less inclined to actually follow th

  • Dont use Skype.

    • by i_b_don ( 1049110 ) on Friday October 21, 2011 @05:31PM (#37799610)

      I think this is the real issue here. It all has to be coming from problems with skype's security and nothing else. Skype should take this as a huge warning and encrypt their packet information NOW. I don't care what this is used for, people sniffing packets and being able to tell who someone is on a program like skype that is often left on 24/7 is a huge security risk for the person involved! This should NOT be happening and it's all skype's fault.

      You guys are getting to hung up on the bit torrent aspect of this and should realize that it's really a major skype fuck up.

      d

  • to determine the current IP address of identified and targeted Skype user (if the user is currently active)

    Moral of the story - make sure you are logged off from Skype before file sharing.

    • by znerk ( 1162519 )

      to determine the current IP address of identified and targeted Skype user (if the user is currently active)

      Moral of the story - make sure you are logged off from Skype before file sharing.

      ... because there's no way they can acquire the Skype identification at "random time A", and then correlate that with the BitTorrent traffic at "random time B"...

      • """Moral of the story - make sure you are logged off from Skype before file sharing."""

        ... because there's no way they can acquire the Skype identification at "random time A", and then correlate that with the BitTorrent traffic at "random time B"...

        Right, at least for those users whose ISP gives them a dynamically reassigned IP address. Log off Skype, disconnect from the Internet and then reconnect, hopefully getting a new IP address (I remember one Slashdot user who kept getting reassigned the same "rand

        • by Dunbal ( 464142 ) *

          I pity the guy who ends up with your recycled IP address, though.

          Better yet, live in a country that recognizes that IP addresses do not correlate to specific people.

  • But let's not confuse an IP address as being a person. Just because a Skype user is behind an IP doesn't mean the torrent user is the same person. Fortunately (and unfortunately for the media industry) the law, in America at least, is gradually beginning to make that distinction.

  • So collecting IP addresses now qualifies as research? Will I become a security researcher if I post the IPs of my peers?

No skis take rocks like rental skis!

Working...