You’re a fool if you think your torrent downloading behavior can’t be tracked, but with so many people swapping movies and music through BitTorrent et al, it’s not likely that little old you, ye of occasional downloads, would be singled out, right? Wrong, says a new study from Birmingham University in the U.K., which found that people will likely be monitored within hours of downloading popular torrents by at least one of ten or more major monitoring firms.The team, led by security research Tom Chothia, ran software that acted like a BitTorrent client for three years and recorded all of the connections made to it. At SecureComm conference in Padua, Italy this week, the team announced that they found huge monitoring operations tracking downloaders that have been up and running for at least the entirety of their research. According to the team’s presentation, monitors were only regularly detected in Top 100 torrents, while monitoring of more obscure material was more spotty.“Almost everyone that shares popular films and music illegally will be connected to by a monitor and will have their IP address logged,” Chothia told Paul Marks at New Scientist.What’s really mysterious is who all of the firms are. Chothia’s crew found around 10 different monitoring entities, of which a few were identifiable as security companies, copyright firms, or other torrent researchers. But six entities could not be identified because they were masked through third party hosting. Now, despite firms focusing mostly on just the top few searches out there at any given time, that’s still a massive amount of user data to collect and store. Why?I’d imagine that security firms and copyright agencies are researching how BitTorrent networks work and how prevalent they are, which would both be useful from a legal standpoint to either take out hosts like the Pirate Bay or change the way copyright lawsuits can be brought, as prosecuting hundreds of thousands or millions of users individually is rather unrealistic. But even so, why would hidden entities be collecting such massive troves of data, just to sit on them?My initial reaction mirrors that of Marks: datamining copyright infringers could somehow prove lucrative one day. If copyright advocates were able to convince a judge or legislature that they had no problem and no doubts tracking infringing users, but couldn’t bring legal action against them because there were simply too many people, perhaps those authorities could approve of a system which mails you a fine if your IP address pops up in monitoring software. (It’s probably obvious that I have little legal background, so please chime in if you do.) If a reverse class-action lawsuit were indeed feasible, those treasure troves of stored data would be extremely valuable. So the question isn’t whether or not someone knows you downloaded that Beyonce album in 2010, it’s what they’re going to do with your information.Follow Derek Mead on Twitter: @derektmead.
Advertisement