End of Freebies: I Know What You Download

Continued (part 2) .
I do not understand why no one shouts "polundra" (searched here and on Habré by the word "iknowwhatyoudownload", but nothing).

So, a certain site iknowwhatyoudownload.com by IP-address shows a list of torrents downloaded and distributed from this address.
Apparently, started recently. Domain is registered on September 14, 2016. Statistics are displayed for about a month. But how long she was going is unknown.

image

DISCLAIMER: I have no relation to this service. If you suspect that this is an advertisement, do not read further and do not click links.

Especially delivers:
Cooperation

We are ready to share data, providing them in various formats / sections on an automated basis. In addition, we have the technical capabilities to “catch” users who distribute torrent files. By connecting to the computer user and downloading a small piece of the torrent, we can remove the TCP-dump data exchange with the user. The data from the dump has a unique “footprint” - a hash that matches the hash from the torrent file. This allows you to unequivocally prove the fact of the spread of the torrent from a certain IP address. Soon it will be relevant in Russia. For cooperation you can write to us. PS And we can also build recommender systems, deanomicize users of torrent sites and much, much more.

Well, not bastards?

In principle, according to Criminal Code 146.2, it is already possible to attract many (Violation of copyright and related rights), and some 242 (Illegal production and trafficking of pornographic materials).

You can look at your neighbors (in terms of IP-addresses), see what people are pumping.

In general, launching a torrent client remember this. It's time to think about VPN / proxy.

PS uTorrent is easy to get to work only through VPN.

UPDATE


Comments indicate that torrents with rutracker are mainly displayed. We continue to observe.
One thing is clear, the statistics update is very slow, if it still works at all. After all, it was possible that this was a demonstration of opportunities for searching for “investors” and there was no money to support the project.
It is also reported that this is the fourth such project, in particular, see habrahabr.ru/post/134374

In any case, it’s worth thinking about anonymizing your torrent traffic IMHO.

Well, yesterday's news in the topic - In Russia they want to introduce fines for downloading pirated content .

UPDATE 2


The authors contacted (they are here now) and gave some comments. Published with consent.

> Tell us how everything works: how and what you collect, what you keep, whom you are selling)
Data on torrents is collected both directly from DHT and from popular torrent trackers. User data is collected directly from DHT, simulating the work of a standard torrent client.

So far in Russia, we mainly sell information about downloads to ip addresses of advertising platforms. Right holders basically buy data about distributor sites from us.

But, anyway, soon we expect that the attention of right holders and law enforcement officers will shift from site owners to end users.

Among other things, the system has the ability to connect to an IP address that distributes a torrent, for fixing proof of loading and distribution (bit-hrent handshake) in a TCP dump. In addition, in addition, we can download a piece of the file from the user's computer.
At the moment, we have not yet been approached by law enforcement agencies, but we are working in this direction, we are expecting the appearance of corresponding procedures and by-laws next year.


> This does not explain why many do not display their torrents, despite the fact that the external IP has not changed for a long time. Those. Do you download specific torrents (how do you select them?) from specific trackers (which ones?) and imitate distribution by recording peer addresses? How much should be on the distribution to get into your statistics?

Torrent files get into our database in several ways. Firstly, we take news from popular torrent sites (foreign and Russian). Secondly, we have components that are constantly listening to the DHT network. If someone is looking for / announcing infohash, we also add it to our database.

Data for one torrent file is collected once every few hours. In general, the longer you are in a distribution, the more likely you are to get into the database. The data on the site is updated with a delay of 24 hours.

Usually we solve other tasks - track a small number of torrent files, getting as much data as possible from them.

As you understand, the ideology on the site is different - get as much data as possible from a large number of torrent files, so the methods used may be inaccurate. Yes, in addition, the site does not display data older than 4 weeks.


UPDATE 3


Regarding what to do.
Apart from the fact that the "goal", "I have nothing to hide", "article - impingement and Advertising", etc., etc., still used on lshemu number of people (me for example), it became clear that BitTorrent is not very worried about privacy users, and we are vulnerable to being watched. Who and why will do this is another question. Even if the specified site, the hero of the occasion, will be bent, the problem will remain. Nobody bothers to raise such a thing for state funds. We will find out about it when it is too late. Therefore, to be honest, the comments “my torrents are not present, this is a surprise.”

DISCLAIMER: the part does not contain my personal experience, I am not an expert in peer-to-peer networks, based on comments to this article.

Tezisno, what are the options:
  • tweak something in a torrent client (encryption, etc.)
  • use VPN and proxy
  • use Thor and I2P
  • torrent client to the cloud


Twist something in the torrent client


Thanks to the ValdikSS user who shared the links to the BitTorrent protocol vulnerability research for spying:

Moreover, on the basis of this study, the author implemented the torrent-live client, which fights snooping. He works. How to install and use, see github.com/Ayms/torrent-live .

It remains to hope that not all will run the bt-client through NodeJS. Because if everyone uses this client, the exchange will stop.

Regarding encryption in standard clients. It is not clear whether it will help or not. Encryption is in many clients. User ksenobayt recommends qBittorrent. In uTorrent there is also (enable / disable / force).
But there is an opinion ( rogoz ) that encryption in a bt-client will only help against DPI and will not affect shadowing through DHT.

Use Tor and I2P


Do not recommend using BT over Thor, since there is no UDP in the Torah. Over I2P is possible. Thanks to the user gxcreator - for the Vuze client there is a plugin I2PHelper , with which you can work through I2P.
But, it did not work for me (nothing swings). Naturally, these are crooked hands. I would be grateful for the correct links.

Use VPN and proxy


Like should help.
But, with VPN, not everything is simple. There are ways to de-anonymization. In particular through WebRTC. There is also a DNS leak issue. Go to the site http://ipleak.net/ with VPN enabled, it will show IP address leaks (if any). This is true for browsers. How this is relevant for BitTorrrent, I do not know.

VPN can be used as a service, and raising your server (we buy VPS and install the software ourselves). There is a very big topic.

In addition to VPN, in principle, enough proxy, it is a bit cheaper.

Thanks to the user artyums , for the search engine for cheap VPS - lowendstock.com .

A couple of tips from him:
  • only OpenVZ VPS is suitable for VPS, no KVM
  • when choosing, be sure to specify in the description or in technical support the possibility of enabling the TUN / TAP interface. By default, it is often turned off, and the VPN will not work.

An alternative view from ValdikSS :
OpenVZ is a container like Docker. You can not change the kernel, you can not load the kernel modules. The server owner can enter the container as root with one command. KVM / XEN - virtualization, you can do anything. OpenVZ containers are cheap, suitable for unpretentious people who spin all sorts of websites and do not climb into the core.


Links from him (did not check, I have no relationship, there was no skid):
  • ruvds.com/ru-rub/linux
  • hostmaze.com
  • yoctobox.com/#/#openvz

Link from me (there was a drift - a promotional code for 6 months, but I don’t have a relationship, didn’t check it) - www.vpnunlimitedapp.com - $ 25 / year (no article was written not for this; just wrote in a personal, don’t click if outraged) .

Links from Google (eng, I have no relationship, there was no skid):


Take the torrent client to the cloud


A sub-variant of the previous one - instead of driving traffic through a VPN server, you can run the client in the cloud. Then there will be no trace on your car at all. Downloaded by the client in the cloud and then download yourself (http / ftp) (you can also via VPN for complete paranoia).
Surely there is software to go through the Web-muzzle in the torrent client (and not through RDP, etc.). But I did not explore. Write in the comments, add.

When choosing a VPS (both for the VPN server and for the removal of the client), it is important to pay attention to the amount of paid traffic (maybe 100GB, or maybe anlimit).

Additions?

Only registered users can participate in the survey. Sign in , please.

Will knowledge about this site affect your behavior?

Are your torrents displayed?

Should I talk about this site?


Also popular now: