Internet BitTorrent Spies

People have privacy delusions about the Internet. They seem to think that just because they don't sign their real name to a site that no one can see what they've been doing on it. Oh dear. So dumb, so wrong.

The latest example of what you do on the Internet is no where near as “private” as you think it is comes from a new Russian site, YouHaveDownloaded. This site claims to track 20 percent of all public BitTorrent downloads... and tell the world who they've found downloading what. So, that final episode of Dexter? The DVD rip of Cowboys & Aliens? That copy of Call of Duty Modern Warfare? And, that illicit video of Smoking Hot Grannies that you really, really don't want to talk about? Yeah, your permanent record of what you've been downloading off BitTorrent sites may all be available for the amusement of your friends, neighbors, and, oh yes, the copyright owners.

Happy downloading!

To be exact, YouHaveDownloaded collects your Internet address and the titles of what you've been downloading. Some of you might immediately now think that that's not enough to track someone down since many ISPs now use dynamic Internet Protocol (IP) addresses. Think again.

According to a Facebook posting by Suren Ter, one of the site's founders, "We don't bother ourselves to separate dynamic IPs. The site is just for show. However we have time-stamps. 3.3.3.3 might be a dynamic IP - however it belonged to a certain person at 12:12am 12/12/2011. Besides DHT (distributed hash table) allows us to get a user's machine fingerprint."

DHTs, for those of you don't work on peer-to-peer (P2) networking for a living, is a distributed, look-up system that's to constantly update who's doing what on a P2P at any given moment. It is, as you may have guessed by now, an essential part of BitTorrent. So, yes, armed with the data the site provides to the public a savvy network administrator could figure out that it was you—or someone with access to your PC—who downloaded a copy of Debbie Does Dallas last night at the office. Good luck explaining to the boss about how your “study” of historical porn was essential for the business.

Why are they as, one commenter put it being “Pretty f**king irresponsible, no consideration for what harm you may cause to people checking their familys torrents?” Ter explained to TorrentFreak, a publication that tracks the on-going collision of file sharing news and copyright, that “We just want to remind people that the Internet is not a place to expect privacy). Nowadays many people use it without understanding what information they leave behind. Also, even those who understand choose to ignore it quite often.”

Ter is right. While YouHaveDownloaded it has “only” 52-million users in its database, so your records may not be on their site, they're certainly are showing how trivial it is for someone to see what you've been doing on the Internet with only a bit of effort.

Of course, it's not just YouHaveDownloaded it that's trying to track users. I recently received a note from NBC, via my ISP, that I'd been illegally downloading a copy of the TV show Community. As it happens, I hadn't been—I use BitTorrent for Linux distros and old BBC shows--but there's nothing like the threat of a lawsuit for downloading copyrighted material to get your attention.

After all, while one U.S. court has ruled that IP addresses, alone, can't be used to identify people in download copyright violation lawsuits, that doesn't mean that another court will see it the same way. Or, as YouHaveDownloaded has just shown, that a company can't put together IP addresses, date/time stamps, and DHT data to really narrow down who's really downloading a movie, video game, or song.

For better or for worse, if you're downloading videos, games, whatever, from BitTorrent sites keep in mind that you're doing it in public.

Related Stories:

Skype monitoring, Gmail hacks, and fake iTunes updates: How governments can track you

New Wikileaks files expose widespread mobile phone, email hacking capability

Facebook tells India it won’t help censor the Web

Court rules Internet IP addresses are not people