Creepy Site Claims To Reveal Torrenting Histories

Slashdot reader dryriver writes: The highly invasive and possibly Russian owned and operated website IKnowWhatYouDownload.com immediately shows [a] bittorent download history for your IP address when you land on it. What's more, it also [claims to] show the torrenting history of any specific IP address you enter, and also of IP addresses similar to yours, so you can see what others near you -- perhaps the nice neighbours in the house next door -- have downloaded when they thought nobody was looking...

There is also a nasty little "Track Downloads" feature that lets you send a "trick URL" to somebody else. When they click on the URL -- thinking its something cool on Facebook, Twitter or the general internet -- THEY see what they URL promised, but YOU get sent their entire torrenting history, including anything embarrassing or otherwise compromising content they may have downloaded in private... The website appears to offer an API, customized download reports and more to interested parties in the hopes of generating big cash from making other people's torrenting activities public.
It's not clear whether this site is really revealing the information it claims to -- or whether it can filter out the fake IP addresses provided by many downloaders. But putting that aside, it does raise an important question. Is it technologically possible to build a site that tracks and reveals torrenting histories based on IP addresses?

Nice little malware trick

[TWX]

There is also a nasty little "Track Downloads" feature that lets you send a "trick URL" to somebody else. When they click on the URL -- thinking its something cool on Facebook, Twitter or the general internet -- THEY see what they URL promised,

And of course, it delivers malware that because you're trusted to the recipient, they'll infect their PC with, thus introducing a new vector in addition to the compromised ad servers and malware delivered via email...

I very much doubt that the reason this site was created was for the reasons laid-out in the article summary.

Re:

[zifn4b]

And of course, it delivers malware that because you're trusted to the recipient, they'll infect their PC with, thus introducing a new vector in addition to the compromised ad servers and malware delivered via email...

The reason there is a malware/ransomware epidemic is because it runs on stupidity and there is an abundance of it on the internet. It's hard to cure because of the Dunning Kruger effect [youtube.com].

Re:

[Imrik]

It most likely isn't malware, I would guess that it just takes note of their IP. Not willing to test it out though.

Re:

[allo]

Maybe you should check your facts before posting.
You get a goo.gl url, which redirects with 301 to a iknowwhatyoudownload.com url, which redirects with 303 to the target url. No content loaded on the two redirects.

Re:

[TWX]

Right now you do. Who's to say that they won't change that functionality once they're sufficiently widely popular?

Those who profit off of malware do so on only a very small number of 'customers'. Like a half a percent or fewer. It's just that they push their wares on so many people that it still results in a large number of victims even if it's a small percentage.

If they need the novelty of this to be huge before the switch of behavior then that might mean letting it grow for a time without deliver

Re:

[allo]

> Right now you do. Who's to say that they won't change that functionality once they're sufficiently widely popular?
Can you tell for ANY url shortener?

btw. exploiting a browser isn't like a standard feature, but requires an unpatched vulnerability. There isn't the hacker, which can type "password override", computer security is a bit more complicated.

Sure

[Mr D from 63]

Just type in your IP address, why not narrow down their target list.

Re:Sure

[unrtst]

If you went to their site, they already know your IP address. They let you type in other IP addresses in addition to your own, which every server knows whenever a client connects (barring tor or proxy usage).

Re:Sure

[wonkey_monkey]

Hey! That's the combination to my tired old joke safe!

Re:

[dak664]

I just pwned your machine! It was easy because it seems a lot like one of mine.

Ha! No.

[AmiMoJo]

Here's "my" list: http://iknowwhatyoudownload.co... [iknowwhatyoudownload.com]

Of course, that IP address is just a shared VPN endpoint used by who knows how many people. And sure enough, if you read the site they admit that they can't separate people on shared IPs, behind NAT, on dynamic IPs... So basically 99% of internet users are indistinguishable from each other on their site.

Re:Ha! No.

[richy freeway]

I checked mine, from my own IP that I do all my torrenting from. It came up blank.

Re:

[Anonymous Coward]

Can confirm, I checked yours also. Blank

Re:

[monkeyzoo]

I checked this site out of curiosity, and all they're doing is scraping trackers and recording the information. Nothing different than the publicly available data the movie and music studios have been gathering for years to issue infringement warnings. The only novel thing is they are making the archival information publicly available.
They also don't seem to be scraping very extensively. Performing some checks of IP addresses that I know should have histories, and a tiny amount of the actual activity shows

Re:

[LordNightwalker]

I checked this site out of curiosity, and all they're doing is scraping trackers and recording the information. Nothing different than the publicly available data the movie and music studios have been gathering for years to issue infringement warnings. The only novel thing is they are making the archival information publicly available.

Exactly, amen. I was kinda bothered by the last part of the summary:

It's not clear whether this site is really revealing the information it claims to -- or whether it can filter out the fake IP addresses provided by many downloaders. But putting that aside, it does raise an important question. Is it technologically possible to build a site that tracks and reveals torrenting histories based on IP addresses?

Yeah, if you ignore the information that's clearly presented on the site, under the "About Us" section,

Re:

[AmiMoJo]

They only have access to public trackers (which throw in a few random addressed, just to fuck with people dumb enough to use them to subpoena ISPs and start suing people based on an IP address) so if you stick to private ones "your" record will come up blank.

Re: Ha! No.

[richy freeway]

The majority of my downloading has been public trackers in the past 2 years. Got bored of the ratio upkeep on private trackers so switched to newsgroups. Just use torrents when the nzbs fail.

Re:

[wbr1]

I use public trackers but my IP is blank. I only recently started using a VPN, so my public IP should have records. This is likely either new or some sort of honeypot.

Re:

[LordNightwalker]

I use public trackers but my IP is blank. I only recently started using a VPN, so my public IP should have records. This is likely either new or some sort of honeypot.

It's new; my history goes back to mid December.

Re:

[drinkypoo]

I've literally only ever used public trackers, and my list came up blank, too. My ISP may be dicking with my IP address more than they are supposed to, though. I don't really keep track since they're not actually reliable enough to run services from.

Re:Ha! No.

[Hognoxious]

It didn't even get the ip right. I know for a fact mine is 127.0.0.1.

Re:

[Hognoxious]

When my what does what at home?

Re:

[LordNightwalker]

That's only true when your at home.

Please, fix your grammar [youtube.com].

Re:

[war4peace]

Same. I do a lot of torrents, all from private trackers.

Re:

[Anonymous Coward]

Teenage.Anal.Creampies.XXX.720p.WEBRip.MP4-VSEX
Mick's ANAL PantyHOES 2 (2016) WEB-DL 540 SPLIT SCENES MP4-RARBG
Young Anal Adventures (2016) WEB-DL SPLIT SCENES MP4-RARBG
Anal Fiends 2 (2016) WEB-DL 540p SPLIT SCENES MP4-RARBG
Anal Threesomes - TUSHY 2016 WEB-DL SPLIT SCENES MP4-RARBG
Lex's Anal Champions 2 (2016) WEB-DL 540p SPLIT SCENES MP4-RARBG
Interracial Anal Glory Holes (2016) WEB-DL SPLIT SCENES MP4-RARBG
LeWood's Anal South Beach Weekend (2016) WEB-DL 540p SPLIT SCENES MP4-RARBG
...

Perhaps you could keep that to yourself in future...

Re:

[monkeyzoo]

Oh my goodness! You mean this person has downloaded porn on the internet?!?! That is so scandalous! :-P
If the business model of this website is to blackmail people who downloaded porn through the threat of public shaming, I don't think it will work out very well.
Maybe if 99% of the populace of the free world didn't download Internet porn it would be effective. But if you are threatening me to say, pay me money or we will tell people you have downloaded porn, I would laugh in your face and say go ahead. Yeah

Re:

[pauldl63]

So did mine.

Re:

[thegarbz]

I checked mine from my connection I currently use. Apparently I just downloaded 10GB worth of a TV show called Sweet Valley High.

I'm dreading my mobile phone bill given that I'm roaming at the moment and at $10 for 100MB it will be nasty.

Re:

[sg_oneill]

I just checked mine and got this;-

linuxmint-18-cinnamon-64bit.iso 1.58GB

Which I'm currently finding somewhat amusing.

Awesome site!

[Okian Warrior]

I struggle to find new and interesting things on the internet, but not any more!

The first of my "neighbors" IP addresses led me to Milftoon.com (NSFW, and not linked) which is totally what you think it is.

Knowing everyone else's download history will make it easy to discover new and interesting things to see.

Thanks, iknowwhatyouupload.com! You've saved me so much time.

Re:

[mrbester]

Which would you prefer admitting to downloading, Elf or Milfs Like It Big?

Re:

[ChoGGi]

My list is blank, but I've been seeding that shitty VHS rip of Einstein's Brain for years now :(

though one of my "neighbours" had an interesting torrent: Cops.The.XXX.Parody.Too.XXX.720p.WEBRip.MP4-VSEX

Re:

[allo]

Of course they are not. A dynamic ip + timestamp is enough to identify you. NAT is behind your plastic router, so they still see the ip you got from you isp.
VPN on the other hand helps.

Re:

[allo]

So, tell me how this site can distinguish my ip from the other 100 users behind the same ip.

The only chance anyone has is to catch someone in the act and press the vpn provider to start wireshark on his network. Everything else doesn't work. They may get 100 users, if the vpn provider stores log (despite promising not to do so), which will be a very broad court case.

Lol, indexing public trackers for profit?

[Anonymous Coward]

Next thing you know large companies will be tracking your browsing history by leaving 1 pixel images scattered around the Web!

Re:

[slashrio]

Too late! :)

Re:

[postbigbang]

You mean like the FIFTEEN trackers on this site?????

Just hack into google analytics if you want to have a rip-roaring blast at your next party.

Re:

[guruevi]

Hack? You can just pay Google to get that information you know.

Russia, Russia, Russia!

[fustakrakich]

Marsh, Marsha, Marsha!

Wow! This is incredible.

Re:

[fustakrakich]

Not from the 'left', it's from the democrats. Here's why [nytimes.com]. Just your regular turf war

Re:

[fustakrakich]

The DNC are not morons. They are very astute. They are still drowning in money. This Russian thing is only helping.

Partial

[amiga3D]

Seems they missed most of them. I imagine it depends on which tracker you use.

Re:

[Cramer]

And which torrent. Unless they're in league with a tracker, they have to ask for a list per torrent (info_hash) to know anything.

dynamic ip address

[Threni]

Most home users have dynamic ip addresses, so it'll just show whatever the person who had your ip address earlier was downloading.

Re:

[Anonymous Coward]

In my experience, sort of. I've had my cable-provided dynamic IP stay the same for as long as a year. It is stable enough that I don't bother with services like the old dyndns anymore. On the rare occasion that it changes, I just manually change the few things on my phone accessing devices in my house.

I feel safer now

[Doub]

It doesn't show any of the few torrents I downloaded from home. It doesn't show any of the *many* torrents I downloaded from the dedicated server I rent to do that. Thanks for letting me feel safe :D

i have pirated copies of Slackware

[FudRucker]

downloaded from the most evil torrent sites in the world and that russian website showed that i downloaded nothing

I tried it, it works.

[megahurts.gr]

I just tried this site, and it did in fact know of one download that I did like a month ago. But I have downloaded several more files since then, and it knew nothing of those.

Also, the other day I came across a similar site which appeared to have even more information about my downloads. But I did not think to bookmark it.

From a technical point of view, it is rather easy: you just set up a fake torrent peer which connects to various trackers and obtains peer lists, without actually receiving anything from them or sending anything to them. All it needs to do is record the IPs of the peers.

Technically correct

[Scoth]

It has where I downloaded raspian for a rasp pi, and an Android rom for my phone. I don't think anyone who knows anything about how torrents work would be too surprised to know anyone else downloading it can see all the peers. Might be an eye-opener for people who don't.

Absolute BS

[WhoBeDaPlaya]

It didn't get a single torrent correct even with about 3,000 being seeded from a test IP.

Good luck

[Patent Lover]

Good luck with a VPN.

Not a new concept

[ShaunC]

There was a site like this up several years ago called youhavedownloaded.com [slashdot.org]. There was a big to-do when people started plugging in IPs allocated to record labels and movie studios, and found that those people were pirating tons of shit.

no working

[old and new again]

it's not working, i download TB of torents a month, it shows nothing

Torrentfreak article

[Anonymous Coward]

For if you want to read a real report on this site. They actually do real journalism by contacting the company who made the site and actually communicating with them!

https://torrentfreak.com/i-know-what-you-downloaded-on-bittorrent-161223/

Re:

[LordNightwalker]

Thank you, but please learn to hyperlink. Makes it a lot more convenient for the others here.

Article on TorrentFreak [torrentfreak.com]

Totally bogus

[steak]

They didn't list any of the ascii "art" I downloaded in high school.

Poor index

[guruevi]

There is not much to see there. It didn't list any downloads for me even though I use public torrent trackers continuously (for legitimate purposes). I live in a large city and the most some of my 'neighbors' had was a music video and some asian tv show, I'm pretty sure there is a LOT of things this thing is missing.

Doest reveal anything.

[Lumpy]

I have torrented a metric buttloadover the years . and it shows that I dont have anything.
so either the bogeyman of "your ip address is giving you away" is bogus as it disappears rapidly after you stop seeding, or I am a frigging expert at hiding without doing anything at all.

I'm betting that IP addresses disappear rapidly and unless you were torrenting in the past 60 seconds you wont show up.

Tldr

[easyTree]

1. Put up site claiming to have knowledge of 'illegal' activity by IP
2. Attract those with something to be concerned about who visit to confirm or refute their fears
2a. Bingo, a self-triaged list of targets pops out ready for further investigation.
2b. Sell to MAFIAA
3. Profit!!!

Words hurt..

[Neuronwelder]

I did a "neutral" search - (Russia and IP addresses). The only thing I got was an offer to mask your IP address. Nothing negative. So.. Words are what you use when you want to start a fight with someone. Wars start that way too. Miscommunication, antagonizing, and vilifying are all the first step to start a war. Remember the "Axis of Evil" said by a famous person. Well.. Stuff like that does not make you new friends - it generates hate. This world is like a powder keg right now, and any type of bad words to

Malware click bait on slahsdot (?)

[rs1n]

Did not bother to click it; the summary and the many comments saying "it doesn't work" make it sound like the site itself is click bait.

Re:

[LordNightwalker]

Did not bother to click it; the summary and the many comments saying "it doesn't work" make it sound like the site itself is click bait.

Nope, just new. My data is accurate, but only goes back to mid December. The way the site works is it participates in torrents on public trackers to get a list of peers. How else did you think they were able to access that data? And it appears they haven't been in business for very long, and aren't participating in all torrents yet.

But if you think this is cause for alarm: it's what copyright holders were already doing for a long time. They don't know anything about you that the RIAA/MPAA/BSA/... don't alre

The "russians" are making a simple point.

[BlueCoder]

IP addresses are not people. Further hundreds of millions of home computers and equipment are vulnerable if not already compromised at any particular moment. Your history of web sites or torrents can be 99.999% true which will make the foolish and senators fearful. But computers can and do function as relays. So they and others can make it seem like you have a fetish for grandma bondage porn.

And this means Russians can be hacked too. Their statement:

AN IP IS NOT PROOF. YOU CAN'T PROVE ANYTHING.

I can only

Re:

[Doke]

IP addresses are not people.

IP addresses are not people. That does not prevent them from using IPs to sue you. Then you have to spend lots of money for defence lawyers.

Russians?

[Anonymous Coward]

When did the MPAA move their honeypot to Russia? Did I miss something?

/s

Not at all accurate

[Kili]

I have downloaded several linux ISO's in the last few days just to see where things are at with several distros (I don't read reviews until I've actually tried the new versions).

I saw not one link. And I have had a torrent of one kind or another downloading or seeding at least once a week.

false positives

[Doke]

I have a bittorrent server for legal Linux and BSD ISOs. It's never been used for anything else. It's had that static IP for 5 years. It reports 10 of my 30 legal ISOs. It also claims I downloaded some porn video and something called "ST_170_TOOL_SO_XML_1.0.0.4.cab".

My guess is the false positives are a scare tactic to get people to buy VPN services. But it's seeded with enough real data to look slightly legitimate.

Didn't work for me

[Megane]

I'm on a static IP and I torrent a lot of current season anime, and the list was EMPTY. I guess I'm just not one of the cool kids.

Worked*

[Anonymous Coward]

It correctly identified both Linux distros I seeded in the last year.

Nothing!

[Walter White]

It showed nothing for my IP and yet I regularly torrent various Linux distros. And a few other things.

Correct URL?

[Fieryphoenix]

I could have sworn it was Trolltrace.com

BS site

[Anonymous Coward]

Uses browser cookies or something.

I put in a static IP of amassive private tracker and it found nothing.

Seems to work! :-)

[BLKMGK]

As it happens I have a database that contains the IP addresses of many of my friends since they hit and authenticate with a server of mine. One of these folks is an older teen and has shared their account with their father who I know is not exactly someone I think much of.

Now, most of my friends are either very tech savvy or not tech savvy at all but this guy is just the sort I can see using Torrent software via word of mouth to download who knows what. I caught him cheating on his wife based on computer fo

Re:

[BLKMGK]

You my friend are an idiot. Snooping? Find me a web server that doesn't contain logs, particularly for services that require authentication and don't specifically state they don't keep logs. Were I not paying attention I might not have known that an account had been shared and I might not be aware of someone breaking in were that to occur.

My friend's are well aware that I can see what occurs on MY infrastructure, when I need downtime and they're on it I warn them so it's pretty obvious. My neighbors don't h

Re:

[LordNightwalker]

You my friend are an idiot. Snooping? Find me a web server that doesn't contain logs, particularly for services that require authentication and don't specifically state they don't keep logs.

I think he was referring to this:

I caught him cheating on his wife based on computer forensics I did for her and some network traffic tapped on their network at her behest.

Although without further explaining the situation surrounding these "computer forensics I did for her" and "some network traffic tapped at her behest", it's hard to tell. If she's the customer and pays the bills for the network services you provide her, it's probably OK. Not sure if the users need to be warned that their traffic can be an

Re:

[BLKMGK]

Her computer, shared bill for access, traffic tapped coming out of the computer in their home at her request. I had plenty evidence enough using browser history that was kept by IE despite his efforts to clear it. No snooping software was installed. We could prove he was cheating just based on that but the network traffic allowed her to find out times and catch him red-handed with a computer he had hidden. This after she confronted him with the browser evidence and he had sworn he'd stopped. My conscience i

Pretty accurate

[GameboyRMH]

More than 3/4 of the stuff listed for my IP are things that I've downloaded.

Also I'm certain there was a similar site to this that launched a couple years back, I remember the results from that one were hilariously inaccurate though.

Yawn

[rainer_d]

Didn't download much during December - consequently only shows a single torrent.

Because my employer is also my ISP and we don't give a shit about American lawyers, these tickets that urge the ISP to warn or punish the user (or forward his details) just get deleted ;-)
Nobody has every presented a court-order.

You get these mails usually only when you download complete seasons of "hot" TV series - or a very new cinema-blockbuster.

Re:

[Anonymous Coward]

No no, it's the Danes [google.com].

Re:

[ShanghaiBill]

For my IP address, the site says nothing has been downloaded. I know that is not true because I have two teenagers, and they torrent stuff all the time.

Re: those crazy Russians!

[Lenny369]

Same here

Re:

[stdarg]

Maybe they use private trackers or a vpn?

Re:those crazy Russians!

[ShanghaiBill]

Maybe they use private trackers or a vpn?

They are not that smart.

Re:

[dbreeze]

You haven't been a parent long enough. Did your parents know everything you were screwing with when you were your kid's age..? It's not an issue of "smart", all of us were dumb kids. It's more about sneaky/devious. We all had that in spades...
I told my daughter God would let me in on everything I needed to know. Anything God didn't tell me was because The Almighty preferred to deal with her directly.... ;)

Re:

[arglebargle_xiv]

I told my daughter God would let me in on everything I needed to know.

Why would Lemmy care what your daughter does?

Re:

[AutodidactLabrat]

Occamm's razor triumphs again.
Can't prove there is a god?
There isn't one.
Like it or not, absence of evidence is evidence of absence UNTIL such exists.
Or bring on Russell's Teapot!
Must be Texas, balancing it's books by cutting school funding again!

Re:

[Maritz]

Haha. Yeah, sure there might be a god. But if there is, it sure as fuck has nothing to do with that creepy book made by bronze age goat herders that you lot love so much.

Re:those crazy Russians!

[FatdogHaiku]

Maybe it's just an attempt to collect IP addresses of people worried about their torrent activities. Nice way to build a subpoena list for use with ISP threats, demand letters, etc.. I would think someone would write a script to enter tons for IP addresses at random to pollute the stream, so to speak. Personally I have not used a torrent client in a long time, two ISPs (and actual addresses) ago...

Re: those crazy Russians!

[orlanz]

Pollute the stream?? Didn't we just do that by posting it on /.

Re:

[mysidia]

Maybe it's just an attempt to collect IP addresses of people worried about their torrent activities.

Good luck sorting out the millions of people just curious about what they're doing or who accidentally clicked the link on Slashdot.

By the way, clicking a link won't be sufficient cause for a subpoena.

Re:

[FatdogHaiku]

Baseless threats and unjustified subpoenas along with outright lies are SOP for the people that try to "detect" or recoup damages for "IP abuse". Hell, they've even issued take downs for IP they never owned in the first place. Having a list of numbers is more useful than having nothing, especially if they're willing to make the facts fit their goals.

Re:

[mysidia]

I guess the first people they need to subpoena are the owners of...
127.0.0.1, 192.168.1.10, and 192.168.100.10.

Those crazy guys at "blackhole-2.iana.org / IANA"..... I tell you what..... They have just about EVERY movie ever made in their collection.

Re:

[AC5398]

Tracking YOUR downloading is not the site's point. The site is attempting to bait you into sending an email to a friend. Your friend trusts you and clicks the link, and bam, your friend is now infected with God knows what.

Re:

[cshark]

Yep. Useless.

Re:

[TWX]

Your neighbor must be better at information security than mine...

Re:

[Hylandr]

Just a little cookie exploit. You delete yours right?

Re: What is my neighbor's IP address?

[johnsnails]

Can't wait till we learn to carry.

Re:

[Doke]

Is it possible to block tracking using PeerGuardian?

No. PeerGuardian works by blacklisting IPs of known RIAA and MPAA contractors. However, they get new IPs every day.

Re:

[Imrik]

It's not about the ISP providing these guys with the data, it's about them providing it to someone actually investigating copyright infringement.

Re:

[Cramer]

But it's a lot harder to do if you aren't running the tracker (thus can get a data feed from it.) Basically, you can only track torrents that are known to you, on trackers where you have access (i.e. public trackers.)