Primus
@rr.com
| reply to swhx7
Re: RIP utorrent
Here's your proof: »torrenthelp.depthstrike.com/2007···out.html
Wireshark packet dump of uTorrent traffic.
Everyone is freaking out about a new feature in the 1.7 tree, Local Peer Discovery. It uses multicast traffic to try to find geographically-close peers in order to speed up your transfers. The multicast block of addresses (224.0.0.0 - 239.255.255.255) is normally blocked by routers/firewalls/etc, leading to alert popups, leading to OMGWTFMPAABACKDOOR! calls. |
|
swhx7
Premium
join:2006-07-23
Elbonia
 ·RoadRunner Cable
| reply to cypherstream
said by cypherstream  :Wouldn't peer guardian be able to detect and stop this report back nonsense?
Yes, unless uTorrent was super-sneaky and installed something at a very low level of the networking stack. But that would be detectable too.
The uTorrent documentation acknowledges that it connects at startup to check for new versions, only if the user has enabled that feature; and that it connects to a uTorrent server at startup if DHT is turned on. You have to allow those connectios, for those features to work. It could be delivering more information than claimed, but this would be detectable with packet inspection.
Apart from these exceptions, yes, any other connections would appear on logs like the Peer Guardian display. You would have to know what IPs to look for (to distinguish the "spy" connections, if any, from the legitimate ones belonging to torrent swarms). |
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| reply to raydog1
Right, that's true. But there is incentive for building in "back door" or spyware code. Any for-profit software company can benefit from collecting statistics on its customers or even data-mining them as individuals. And with the **AA collaboration, it's also in the company's interest to build in something that can be used in future to regulate what users can do with the software (i.e. DRM). They would have to get rid of the open source competition to take advantage of this, but there are ways that could happen.
As I posted elsewhere, there's no proof for or against spyware or other tricks in uTorrent. But there are good reasons to be suspicious of any closed-source software from a profit-oriented company, especially when it's given away free, and even more so when it's commonly used for something that competes with the sponsors of the purveyor. |
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| reply to Karl Bode
said by Karl Bode :I'm still looking but I haven't seen any solid proof that the newer client reports anything to anyone. Perhaps people can offer up some evidence of this?
Thanks for saying this. I replied to someone making the opposite claim, and said that there's no proof of that either.
It is reasonable to be suspicious of any closed-source software from a profit-oriented vendor. But we can't have definite statements without evidence. |
|
raydog1
Feel Secure
Premium
join:2003-07-10
La Vergne, TN
| reply to Karl Bode
There would be no point in creating an app that reports to the **AA. They can use the regular means to find lawsuit victims just as easily. Just fire up any bittorent app, connect to any Harry Potter movie torrent, collect IPs, send letters, rinse, repeat. |
|
Karl Bode
News Guy
join:2000-03-02 | reply to cypherstream
I'm still looking but I haven't seen any solid proof that the newer client reports anything to anyone. Perhaps people can offer up some evidence of this? |
|
cypherstream
Looking forward to the future of things.
Premium,MVM
join:2004-12-02
Reading, PA
clubs: | reply to mypoint is
Wouldn't peer guardian be able to detect and stop this report back nonsense? |
|
