AT&T Patents Elaborate BitTorrent Snooping System

Solution 1

1) Get yourself some Socks 5 Proxies and chain three of them.

Solution 2

Install TOR you can get an average of 3.5MB/sec on downloads.

The sad thing is, TOR would be an upgrade for me if it weren't using my existing connection... Thank's USA and regulatory capture.

Something like this will work for all of a week, until someone layers encryption onto BT traffic, just like Web sites do it for transmitting sensitive info.

And, if you think about it, all Internet traffic should be encrypted. E-mail is a perfect example. And it needs to be end-to-end. Right now, how do you really know that that e-mail is really from who you think it's from? In truth, you don't. You guess by the content, but that can be faked by someone who wants to take the trouble to fool you badly enough. And how many sensitive e-mails have been sent to the wrong person because of a single erroneous keystroke? Allowing the user to go through a second step of selecting the user's public key would cut down on that possibility.

At any rate, encryption can't happen fast enough. The idea that ISP's are sitting in the middle of a data stream sniffing traffic is just plain scary, no matter why they're doing it.

That's an absolutely horrible abuse of a necessary privacy network. Exit nodes will rightly block all P2P traffic on the TOR network (many already do). A better, non-destructive, and sustainable solution is to get an offshore seed box; do P2P from there; then download content via sftp to your media drive. An offshore seed box on a DS3 connection (45 mbps) costs as little as $15.00/Mo. Compared with Cable, music, and movie purchases, it's a drop in the bucket, a no-brainer, and you don't have to step all over folks who desperately need TOR for basic safe communications. Kill TOR and you kill oppressed people. If you had a conscience you wouldn't even suggest this!

Don't you mean check the box in their client that enables it? My client has supported it for almost 6 years now.

/M

Doesn't that apply only to tracker communications?

No matter how you change that bittorrent encryption, with properly implemented snooping mechanism, they will be able to see what's inside of your stream.
You can't compare web SSL encryption with random bittorrent encryption.
The biggest and most critical difference is authentication.
With HTTPS SSL there's a chain of trust which allows you to verify authenticity of a certificate. If somebody tries to fake a certificate for dslreports.com your browser will instantly know that because it will not pass the chain of trust.

You can not do the same with random p2p connections. If you were to do that, that means you'll have to have the whole public-key infrastructure setup which will destroy anonymity. You'd be able to easily look up whose encryption key was used.
As such, if you can't have proper authentication infrastructure that means you can't protect against man-in-the-middle attack that will on the fly replace other person's encryption key with AT&T's own and you won't know about it. In the mean time they'll be able to see everything that is inside of your "encrypted" stream.

No, there are peer to peer encryption protocols as well.

Good point.

There would need to be a way to authenticate that the encryption being used is actually being provided by the peer at the other end of the connection and not inserted somewhere along the way, yet you don't want to identify the peers on either end.

This wouldn't just be something that's useful to BT traffic. Let's say that you have human rights activists in an oppressive country who need to talk to each other, perhaps by phone, on a network that is being monitored. You need to do it in such a way that the encryption is secure, but you don't want a central repository with everyone's identity on it, since it'd be a quick way for all of them to end up...well, you know.

Fight back.

1. Get a bunch of friends together
2. All purchase some copyrighted movie/software you all want to own anyway
3. Create own tracker
4. Aimlessly seed the files you all own to each other over and over
5. Get service shut down by automatic "infringement" detection software
6. Sue AT&T for interfering with your legal file transfers
7. Profit!

But the question is really this: AT&T and other ISPs enjoy a "safe harbor" doctrine where they are not responsible for what their customers do online.

I think this depends on their not paying too much attention, and definitely not looking too closely or taking action if they know something.

It might be much better for them to *not know* and to ignore such goings on, lest they lose their "safe harbor".

If someone could prove that they knew or even that they should have known something, and didn't take whatever action that person thinks appropriate, well, they could have liability, much more liability than if they didn't know and were not supposed to know. If they have a patent on it, well, it's hard to argue they didn't know, and shouldn't know.

I am always careful to mind what I know and should know. If I am not supposed to know something, well, I have no liability.

"You didn't tell us about that".
"I didn't know and I don't have the expertise to know".
"It's not my job to know about that".

Sometimes that is by far the best approach.

I have no idea why an ISP would want any involvement in copy right issues??? What's in it for them????

For that there are various apps from »guardianproject.info/
It is related to »en.wikipedia.org/wiki/So ··· lionaire

Companies patent a lot of things. That doesn't mean they will ever actually make use of it.

The entertainment industry strongly believes they can take ISPs to court and invalidate the safe harbor for ISPs. ISPs are supposed to have some way of dealing with copyright infringement according to DMCA. But practically no ISP has a system in place. That's a major part of why the big ISPs agreed to go along with the copyright alert system and no doubt part of the reason At&t is doing this.

Or a 3rd solution, don't use bittorrent.

You can get a VPN for as cheap as $5 per month. There is absolutely no reason to use TOR for P2P.

hell share the seed box with your friends and its even cheaper

No. That option has nothing at all to do with tracker communication (which is an HTTP GET.) If you want the tracker traffic encrypted, use https instead of http -- assuming the site supports it. (very few sites run ssl trackers, as ssl is a very computationally expensive protocol.)

The DMCA is very clear here. The ISP merely passes along the claim. The problem is knowing "who" was using an IP address at any specific time in the past -- often months ago.

AT&T is doing this... because they want to PROFIT from it. "We hold the patents on X, pay up suckers!"

According to DMCA, ISPs are supposed to have some method of handling repeat offenders.

AT&T has the right to terminate service for any reason whatsoever.

Just because they say this, doesn't mean they'll implement. That could be costly. It could just be a case of AT&T putting up a sign that says your connection is being monitored for piracy, just like people put up signs saying the house has an alarm system. Doesn't mean it's true.