>> Torrent downloads and distributions for IP 192.168.0.1:
Distributes child pornography, Static IP, Likes porn
I wonder if they share their data with law enforcement, because there appears to be al lot of valuable data to be mined in the DHT swarms. This service reminds me of the crux in the most recent south park season.
* SPOILER *
Wherein world-order is threatened by the 'troll-trace' program that will expose the on-line behaviour of everyone.
The collection method here do not actually verify if the information given by the DHT network is correct, which should be rather obvious when the data include invalid IP addresses. A node when receiving a GetPeer request can simply make up any claims they want.
Of course law enforcement don't operate on guaranties and even weak evidence can help if a already suspected person is involved in an investigation, but its important that we distinguish between weak evidence vs strong evidence. The GetPeer reply is about as good as an anonymous tip arriving by email.
I guess the intersection of peer IP addresses for all the infohashes listed above (better, for the whole 192.168.0.0/24), from the DHT network, will be tremendously interesting... for someone... :)
I find this extremely inaccurate - especially when ISPs rotate your IP address.
It mentioned that I downloaded the following on Dec 11th:
1. Office 2016 Pro
2. Assassin's Creed Unity
3. Watchdogs
Not only is it completely inaccurate, no one used my internet on Dec 11th (which meant my IP was probably shuffled by my ISP to someone else).
This is one of the reasons why you should probably take all those DMCA notices with a pinch of salt...it's almost impossible to argue that you pirated in the first place.
Yup. ISP gets DMCA notice, notice says date and time and IP -- ISP absolutely capable of knowing which customer was assigned that IP at that time.
You can't really take DMCA notices with a "grain of salt". Many ISPs will just cut you as a customer after you get enough of them, as DMCA notices require effort on their part and the amount of effort their IT and legal staff spend dealing with other IT and legal staff looking for you quickly exceeds how much you are paying a month. So unless your area has an overabundance of ways to get internet to your home (in which case you must not live in America), you probably can't afford to have your ISP ban you from using their service.
I've gotten plenty. The most that's happened is Comcast injected a warning that refused to disappear into my http traffic until I called the list phone number.
After you do that, they basically forget all the notices (although the copyright holder can still sue you).
While I agree that DMCA notices have serious results, in general, it's very possible that someone hacked your network, or you don't have a password-protected wifi (all of which means you didn't torrent the content that they said you did).
Most copyright protection services, generally just grab thousands of IP addresses and send notices (without knowing who you really are). If you do respond, they'll then sue you if you refuse their exorbitant fine (along with countless others who did the same - as it's generally too expensive to sue just one person).
An IP address is not grounds for proof anymore. It's like saying every citizen is assigned their own IPV4 address, which is likely wrong, as more often than not an IPV4 address is shared by a pool of users.
Carrier-grade NAT (CGN), also known as large-scale NAT (LSN),
is an approach to IPv4 network design in which end sites,
in particular residential networks,
are configured with private network addresses that are translated
to public IPv4 addresses by middlebox network address translator
devices embedded in the network operator's network,
permitting the sharing of small pools of public addresses among many end sites.
This shifts the NAT function and configuration thereof from the customer premises to the Internet service provider network.
It says that I didn't torrent anything and I did... and my IP address doesn't change unless I change the MAC Address on my router which I haven't done in a little while.
Same experience here, the download (yup, singular) listed was not mine. Takes the point of this service away.. apart from seeing what illegal immoral awful crap people apparently download (somewhere.. unless its all completely made up) :/
This is very strange, as I highly doubt they're crawling the entire DHT space, and even if they did they would be getting only infohashes. These are hashes of (a subset of) the torent metadata (including the chunk hashes), so it won't actually tell you what the content is, unless you also download the torrent metadata from peers using BEP-0009.
I'd bet they're pulling popular torrent files from big sites and then pulling peer lists from the DHT. This will work OK for 'hot' content, but they could probably get much better lists if they actually connected to swarms and did peer exchange (PEX) which clients effectively have no control over - it's up to their peers if they are going to reveal addresses through PEX.
Also note that of course none of this will work for private torrents (which almost all clients respect) as they disable all methods of peer/metadata acquisition other than from the trackers directly.
By putting the infohash in the URL your site is effectively equivalent to The Pirate Bay - you're distributing links to pirated content, the only important thing in a magnet link is the infohash, the rest can be obtained via DHT.
"In addition, the site offers a nifty spy tool where you can see what your friends are downloading, without knowing their IP-address. If someone clicks on a link you send them, their alleged download history shows up immediately, without the IP-address being exposed."[1]
Fails for me because I connect to their website via IPV6.
IPv6 is unsupported temporary
Odd though, if you don't support searching via IPV6, why have a website that accepts IPV6 connections?
Edit: Likely because they are using Cloudflare, which bridges IPV6 to IPV4. They should probably turn that off until they support IPV6 searches...it's under the network settings in cloudflare's control panel.
Our system collects torrent files in two ways: parsing torrent sites and listening DHT network. We have more than 500.000 torrents which where classified and which are using now for collecting peer sharing facts (up to 700.000.000 daily). We don't guarantee we can show ALL peer sharing facts:
Single IP address could be assigned to multiple users. It depends on user's ISP. For example mobile operators often used this schema.
- IP address could be dynamic. In such case it changes every
- time user connects to the Internet or periodically.
I think ISPs limit the usefulness of this since they rotate IPs so often. I tried it because I knew I didn't have any torrents downloaded in the last year at least, but last week it shows a Jurrasic World download
ISPs don't limit the usefulness of this as much as private trackers that do; my IP address is completely clean but if you look at my Transmission you'll be surprised ;)
All private trackers have that (otherwise the private tracker is irrelevant), the torrent file just flags DHT off as well as any other decentralized peer discovery.
VPN for the win! After receiving one of the threat letters from a cheesy law firm representing the RIAA and MPAA 3 years ago, all of my downloads via torrent go through a VPN. Keep yourself safe online.
One thing that's actually interesting is that for basically the month of December it looks like there are fewer than 2000 files being pulled through that VPN endpoint. Seems to me that that would indicate that either not that much is being torrented through that VPN provider or that their tracking is only covering a relatively small percentage of DHT torrents. I'd have expected to see significantly higher volume through any significant VPN endpoint.
Use this [0] to find your Torrent Clients IP address. It downloads a torrent where the tracker description echoes back your IP. I've found VPNs to be too unreliable and only use a seedbox now.
There are some extra precautions you need to take to anonymize your traffic on torrents, like forcing encryption with a socks proxy in addition to running the VPN.
Stupid question : If I am on a college campus and using a VPN, does it in anyway protect me from the college authorities snooping on my data ? Will they know that I am downloading a torrent ? What about normal HTTP(S) data ?
If you're actually using a VPN (as opposed to a SOCKS proxy) then what they can certainly identify is that you're moving VPN traffic, the volume of traffic each way, and probably that it's torrent traffic (gaming, streaming, surfing will have very different usage patterns and much lower uploads most likely). For torrent traffic, they can also tell whether you're seeding a lot, leeching/downloading without seeding, or a mixture.
This makes sense if you think about the kinds of traffic you'd expect from the most common uses. There's a pretty limited set of categories that most Internet traffic can be grouped into, and they all will have pretty distinct and identifiable patterns - commercial streaming will be slow and steady, downloads will be bursty, VoIP will be small streams, etc.
For sophisticated enough systems or determined investigators with enough raw material to examine, they may even be able to get a decent guess at what sites you're using (even via a VPN) if you're only doing one activity at a time. If they can identify that almost every video view on YouTube starts with a particular traffic pattern of sets of blocks of data of roughly identifiable sizes and that video views on Netflix, Vimeo, Hulu, YouPorn, or whereever all have different patterns, they can approximate which sites you're visiting - particularly given enough data over time.
They can see your encrypted packets are going to a known VPN IP; that's about all they can tell. They can't peer into the tunnel. If you are sending and receiving hundreds of megabits per second day in day out they can probably infer you are torrenting, but are unlikely to care unless your bandwidth usage ventures into their "user abusing our networks" territory.
Just a side-note: the attitude expressed in the Russian version of the website is nowhere that mild and neutral as in the English one. I personally do find it not only alarming, but disgusting to the very least (esp. the "torrent-tracker users deanonymization" part).
Screenshot: http://imgur.com/a/PTiDT (under the title "Сотрудничество", which means "Cooperation").
Here is my crude translation:
...
Cooperation
============
We are ready to share data on an automated basis, in a different cross-sections and formats.
Besides we do have the technical means for "catching" users, who do participate in the torrent-file seeding.
By means of connecting to the user's device and subsequent downloading of one tiny piece
from the torrent-file, it is possible to collect a TCP-dump of the data exchanged for that piece.
There is a unique fingerprint associated with both those data exchanged and the torrent-file itself [0].
That allows to prove the fact that torrent distribution had been taken place from the particular IP address [1].
Everything mentioned above will be potentially actual/useful in Russia [2].
If interested in cooperation, you could let us know: <cooperation-email-address>
P.S. We also have means/possibilities to build recommendation systems, to de-anonymize torrent-trackers users and much, much more.
"The company informed us that the site helps to showcase their abilities to the various outfits they work with, including copyright holders.
“We’ve set up the site for promotional purposes and as a demonstration of our capabilities,” Marketing director Andrey Rogov says.
“We are engaged in the distribution of information relating to torrent downloading activity to rightsholders, advertising platforms, law-enforcement and international organizations.”
The company offers API access to its data for interested parties and can also provide TCP dumps as extra proof that downloaded content is linked to a certain IP-address."
This is actually quite scary. They seem to be technically capable people willing to provide a service to law enforcement. They write on the Russian version of About Us page: [1]
We are ready to share our data, providing automated API to raw data or aggregated reports. We also have technical means to catch users who share torrent downloads. By connecting to user's computer and downloading a small piece of torrent, we can get a TCP-log of communication with the user. Data in this log have a unique "print" - crypto hash, which matches hash from the torrent. This allows to indisputably prove the fact of distribution of content from a given IP address. It will be important in Russia soon. [...] P.S.: We also can build recommendation systems, deanonymize users of torrent sites and many other things.
Based on their about page (and some assumptions), their method is to web scrape a bunch of popular torrent sites and then do a simple getpeer request to harvest a list of peers.
Unless this site only shows what you're downloading at that moment, it doesn't seem to work. It shows nothing at all for me, even though I downloaded a large public torrent (the new CentOS release ISO) a few days ago. It wasn't even from a private tracker or something like that.
When you think about it, it is a bit suspicious that 8.8.8.8 knows where all the websites are. Even really dodgy ones. What does 8.8.8.8 spend its time doing to find all that out, eh?
The results are garbage. Zero correct results and tons of false positives.
Checked the last dozen or so IP addresses I used. I don't see a single valid result. I torrent lots from the most popular torrents on the biggest site. You'd think it could get that right.
Most torrent clients do support encryption (opportunistically), although the bittorrent protocol's encryption is relatively weak and uses RC4. It should be considered more obfuscation to avoid DPI and whatnot.
Bittorrent peers are fundamentally public by design, unless the torrent is marked private, so this is just curating and presenting that information.
