Azureus Creators on End-to-End Encryption ISP cat and mouse The guys at Slyck talk to the developers of Azureus about the use of end to end encryption to defeat ISPs who use traffic shaping to throttle Bit Torrent bandwidth. "Over the months we have been getting more and more complaints from our users about their ISPs blocking BitTorrent downloads, often rendering Azureus (and BitTorrent in general) completely useless to them. Naturally, some sort of protocol encryption has been one of the top feature requests, which we have obliged, since people should be free to choose which programs to use, not their ISP." Slyck also recently chatted with the guys behind µTorrent, which is also now offering encryption.
|
  vpokoPremium
join:2003-07-03
Boston, MA | Not a bad idea anyway With ISP's apparantly lining up to suck up to law enforcement, it may not be a bad idea to use end-to-end encryption on your downloads anyway. | |
|  |  nixenRockin' the BoxenPremium
join:2002-10-04
Alexandria, VA | Re: Not a bad idea anyway said by vpoko:With ISP's apparantly lining up to suck up to law enforcement, it may not be a bad idea to use end-to-end encryption on your downloads anyway. End to end encryption on everything. Even then, so long as data sits in an unencrypted state on servers you don't own, it's easy pickins for anyone with (or without) a warrant. And, really, all that encrypting ultimately buys you is a delay on how long from the time they intercept your data until they're reading it.
-tom
--
"Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased) | |
| | | | | Re: Not a bad idea anyway There is such a notion of security through obscurity. If it takes time to decrypt a bunch of files and only few of them are of interest, it will be hard to find them and the entity looking might lose interest or not be able to look at that many files. Now, without an encryption, it is very easy to find them. | |
| | | | nixenRockin' the BoxenPremium
join:2002-10-04
Alexandria, VA | Re: Not a bad idea anyway said by verolom:There is such a notion of security through obscurity. Technically, not really "security through obscurity".
said by verolom:If it takes time to decrypt a bunch of files and only few of them are of interest, it will be hard to find them and the entity looking might lose interest or not be able to look at that many files. Now, without an encryption, it is very easy to find them. The computers at the disposal of those who have access to your records can make relatively short work of your encryption. This is particularly so if you don't use a unique encryption per file. That is, once they break your encryption key(s), busting the rest of your data is relatively trivial.
-tom
--
"Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased) | |
| | | | | vpokoPremium
join:2003-07-03
Boston, MA | Re: Not a bad idea anyway said by nixen:said by verolom:There is such a notion of security through obscurity. Technically, not really "security through obscurity". said by verolom:If it takes time to decrypt a bunch of files and only few of them are of interest, it will be hard to find them and the entity looking might lose interest or not be able to look at that many files. Now, without an encryption, it is very easy to find them. The computers at the disposal of those who have access to your records can make relatively short work of your encryption. This is particularly so if you don't use a unique encryption per file. That is, once they break your encryption key(s), busting the rest of your data is relatively trivial. -tom Are you saying that commercial, strong-key encryption is trivial to break? I'm not challenging you, I only have cursory knowledge of cryptology, but I thought we have algorithms that are (at least today) pretty secure. | |
| | | | | | nixenRockin' the BoxenPremium
join:2002-10-04
Alexandria, VA | Re: Not a bad idea anyway said by vpoko:Are you saying that commercial, strong-key encryption is trivial to break? I'm not challenging you, I only have cursory knowledge of cryptology, but I thought we have algorithms that are (at least today) pretty secure. No, what I am saying is, if you use the same set of encryption keys/algorithms to protect all of your files, once that set of keys is broken, unlocking the rest of your files is relatively trivial (relative to breaking the original key).
As to the "pretty secure", you gotta realize just how much computing horsepower that the government lets the public know about (just look at the "top 500", some time, and see how many are .gov or .mil owned or sponsored sites). It's fairly safe to assume, given the huge black budgets there are, that more exists (and is kept secret for a reason).
-tom
--
"Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased) | |
| | | | | | | cbiggers
join:2000-08-10
San Luis Obispo, CA | Re: Not a bad idea anyway said by nixen:As to the "pretty secure", you gotta realize just how much computing horsepower that the government lets the public know about (just look at the "top 500", some time, and see how many are .gov or .mil owned or sponsored sites). It's fairly safe to assume, given the huge black budgets there are, that more exists (and is kept secret for a reason).
-tom
However, as long as you use a security model that is not flawed to begin with, not even the government can brute force it at this time. It's just not plausible. Here is a quote about AES, which is what the US Government currently uses for the most part: Some cryptographers worry about the security of AES. They feel that the margin between the number of rounds specified in the cipher and the best known attacks is too small for comfort. The risk is that some way to improve these attacks might be found and that, if so, the cipher could be broken. In this meaning, a cryptographic "break" is anything faster than an exhaustive search, so an attack against 128-bit key AES requiring 'only' 2120 operations would be considered a break even though it would be, now, quite infeasible. In practical application, any break of AES which is only this 'good' would be irrelevant. For the moment, such concerns can be ignored. The largest publicly-known brute-force attack has been against a 64 bit RC5 key by distributed.net (finishing in 2002; Moore's Law implies that this is roughly equivalent to an attack on a 66-bit key today). So yeah, I wouldn't worry about encryption being broken yet. | |
|
| | |  firefoxPremium
join:2000-12-03
San Jose, CA | said by verolom:There is such a notion of security through obscurity.... I thought "security through obscurity" was one of the tenants of what not to follow. I'm sure I heard that from a seminar a few years back. | |
| | | | | vpokoPremium
join:2003-07-03
Boston, MA | Re: Not a bad idea anyway said by firefox:said by verolom:There is such a notion of security through obscurity.... I thought "security through obscurity" was one of the tenants of what not to follow. I'm sure I heard that from a seminar a few years back. I think it's the only security you can hope for against the government's ever-prying eyes. | |
|
| | | | Encryption buys you one other thing besides a delay: It means that if they want _you_, they have to go after _you_ specifically. They can't just cast a wide net and bring in all the fishies they can find. | |
| | | | nixenRockin' the BoxenPremium
join:2002-10-04
Alexandria, VA | Re: Not a bad idea anyway said by russotto:Encryption buys you one other thing besides a delay: It means that if they want _you_, they have to go after _you_ specifically. They can't just cast a wide net and bring in all the fishies they can find. Or... They run their keyword searches on the clear text transmissions, and then toss all the encrypted things into the crypto shredders because "hey, if it's encoded, there's gotta be a reason".
Now, they might not do that for 100% of the data that passes over the internet, but, if an agency NSL'ed an ISP for a weeks worth of data, they could shred it fairly quickly to decide if they DID want to go after you specifically.
Basically, it's a crap shoot.
-tom
--
"Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased) | |
|
| | | It is not because they lack bandwidth but because they want to destroy p2p, the right to trade files with other users. | |
| | | | | Re: Not a bad idea anyway said by superht1:It is not because they lack bandwidth but because they want to destroy p2p, the right to trade files with other users. I'm gonna preface this by explaining that I use Azureus quite often. Now then...
You're going to have to explain to me where this "right" to trade files is described, 'cause I ain't never seen it. First off, packet shaping was implemented to deter users from trading copyrighted material. Users have found ways around that. Do you understand what that is? It's a violation of your ISP's terms of service, that's what. It's circumvention of safeguards put into place to limit the distribution of the aforementioned copyrighted material. It's grounds for termination of your account if they so desire, which you SHOULD be aware that they DO have the ability to find out what you're downloading at any given time.
You don't HAVE any "rights" when it comes to distributing those files, because YOU aren't the license holder. And don't even go into the whole "what about the non-copyrighted files?" schtick. It isn't even a factor and everyone knows it.
Example: take a look at one of the most popular bittorrent sites out there; mininova. Out of the top 20 downloaded files for today alone, 11 of those are TV episodes (copyrighted) and 5 are full feature movies (also copyrighted). The other 4 are Japanese anime.
I hate to be the bearer of bad tidings, but when 80% of the top downloaded files are copyrighted stuff, don't you think the ISPs of the world are going to take steps to protect themselves? The right to trade files with other users... pfft... I want a new TV, maybe I should hop on down to Circuit City and steal me one of them, too? | |
|
 peter_mPremium
join:2005-07-13
Canada, QC | Big Brother Personally, I would like to encrypt everything... any solutions out there?
(I don't like the idea that someone has access to my internet activity. I don't need a Big Brother)
Peter | |
|  ThrowDemsOutIf you can't convince 'em, confuse 'emPremium
join:2002-03-03
Mullica Hill, NJ
kudos:4 |  ISP goal: slow down uploads; they'll find another way
--
--
Join Red Room Forum
BLOG tkjunkmail.blogspot.com
Conrail Photo Album | |
| | | | Re: ISP goal: slow down uploads; they'll find another way Upload is often not saturated, it's the download that are since it's heavily used. Heeeeee. Wakeup and smell a breathe of truth. | |
| | | ThrowDemsOutIf you can't convince 'em, confuse 'emPremium
join:2002-03-03
Mullica Hill, NJ
kudos:4 | Re: ISP goal: slow down uploads; they'll find another way said by superht1:Upload is often not saturated, it's the download that are since it's heavily used. Heeeeee. Wakeup and smell a breathe of truth. The cable companies don't care about downloads. They care about uploads being saturated. Wake up and smell the coffee.
--
--
Join Red Room Forum
BLOG tkjunkmail.blogspot.com
Conrail Photo Album | |
|
 BillPremium,VIP
join:2001-12-09 | What's the point of getting around traffic shaping? If people start downloading at full speed again, what's the point? The ISP will probably just put a monthly usage cap on the service.
Now you're back to the same place you started before encryption...
--
Bill
SocalServer.com: LA Game Servers
Check out our public servers | |
| |  TekkananoPremium
join:2002-03-02
Alexandria, VA | Re: What's the point of getting around traffic shaping? The whole point is to "test" what the ISPs are really gonna do about it. Then the fun starts from there on. | |
| | | BillPremium,VIP
join:2001-12-09 | Re: What's the point of getting around traffic shaping? I understand that.
But if certain ISP's have no problem with throttling users' bandwidth, do you really think they won't setup caps?
If they have no problem with throttling, I don't think they'll even blink an eye when setting up monthly usage caps.
--
Bill
SocalServer.com: LA Game Servers
Check out our public servers | |
| | | |  dvd536as Mr. Pink as they comePremium
join:2001-04-27
Phoenix, AZ
kudos:4 | Re: What's the point of getting around traffic shaping? most already have caps | |
|
| |  Combat ChuckToo Many CannibalsPremium
join:2001-11-29
Erie, PA | Actually the whole point is to keep ISP's from discriminating based on the protocol. In the article the Azureus people even say that an acceptable outcome would be tiered pricing or per bit pricing.
--
Asking those who disagree with you to find support of your arguements is like asking an assailant if you can borrow his gun. | |
| | | | Reviews:
 ·Armstrong Zoom ..
| Re: What's the point of getting around traffic shaping? I am not sure it is about discrimination, it is more about prioritization. Many different ISPs have different solutions to increase overall download and upload bandwidth performance.
What is the problem with waiting a little longer for a non-important music file or linux image and allowing other usage like VOIP and http traffic to operate better? It is more to suit the masses, not the minority. The alternative is higher prices for the package you purchase so the ISP does not lose money on there overall backbones to the net. Plus, more customers happy a very very small portion a little more sad. | |
| | | | | Combat ChuckToo Many CannibalsPremium
join:2001-11-29
Erie, PA | Re: What's the point of getting around traffic shaping? said by keyboard5684:What is the problem with waiting a little longer for a non-important music file or linux image and allowing other usage like VOIP and http traffic to operate better? Depends on the providers network. If there is enough of the latter the former could be basically snubbed out.
The problem is that BT and other forms of P2P are exposing the inherent flaw in the all you can eat model when there are two vastly different sets of customers.
--
Asking those who disagree with you to find support of your arguements is like asking an assailant if you can borrow his gun. | |
| | | | | | | The only problem that I have with that, is: what is to say that my wanting to download an mp3 file, linux image, game patch, or video feed is not as important or of less priority than someone else's http surfing?
VOIP is a priority service, however, and I do agree somewhat with making sure that it has supreme quality. | |
| | | | | yabos
join:2003-02-16
London, ON | It's not even like they're putting a lower QOS on the bittorrent packets. They're downright throttling them down to nothing. If they put a lower QOS on them then it'd still work farily fast unless their network was overloaded with higher priority traffic. | |
|
| | | TekkananoPremium
join:2002-03-02
Alexandria, VA | That'll be interesting to see that happen to most ISPs. | |
|
|  John GaltForward, MarchPremium
join:2004-09-30
Happy Camp
kudos:2 | said by Bill:If people start downloading at full speed again, what's the point? The ISP will probably just put a monthly usage cap on the service. Now you're back to the same place you started before encryption... Encryption makes no nevermind to me...
I apply a "fairness" algorithm to all my subs. It is set up so that if the bandwidth is available with few users, then you can go for it. As the number of users increases, the bandwidth to the heavy users is throttled back so everyone has "fair access". When the number of users gets low again, speeds for heavy users go back up.
Something like this:
»www.netequalizer.com/
Doesn't matter if it is unencrypted or not, P2P, FTP or anything else...it is done "bit by bit", so to speak.
--
A is A | |
| | | |
| | How Silly You can not beat the powers to be How many of you seriously think that you can keep the Govt from getting into any of your business? I know it is a matter of every-ones personal rights, but guess what it is a new day and time; deal with it, you can not stop or change it.
Keep dreaming if you think you have the time, money or will to beat out the arm of the lawyers supporting these companies, Judges or the dubya administration. You loose. | |
|  BeesTeaNetwork JanitorPremium,VIP
join:2003-03-08
00000 | ISPs can defeat encryption today, it's just a matter of time The end to the arms-race will look something like this.
deny tcp any inbound match-all +syn
That'll be the end of that.
--
Sitting here like a loaded gun, Waiting to go off | |
| Reviews:
·Optimum Online
1 edit | After reading all of this... I just think about all the fools that use P2P and really dont think they'll ever get caught...I mean its really inevitable before "big brother" takes all these sites down: or force them overseas.
Oh yeah, and for those who want to watch something really funny on the subject, my buddy did an awesome video depicting "big brother isps" and the "Internet Pirate". Its really worth the look...and its quite funny! 
»beastbox.net/strangetom/ds.htm
and if you like the movie check out his site
»www.tomizzo.org | |
| |
See 7 replies to this post | |
 gatorkramKaBOOM BabyPremium
join:2002-07-22
Winterville, NC
kudos:2
·Suddenlink
| encryption offers you no protection The thing that everyone is missing, or not talking about, is the encryption in azureus, and uTorrent, offer you no protection what-so-ever, when the people who are looking for you, are connected in the stream with you, downloading the file to verify its what they are after.
Where do you think they get all the IPs to begin with?
--
Give me bandwidth or give me death! | |
| | | | Re: encryption offers you no protection said by gatorkram:The thing that everyone is missing, or not talking about, is the encryption in azureus, and uTorrent, offer you no protection what-so-ever And the thing you seem to be missing is that no one has stated that it's "to protect you". This is wholly intended to get around shaping proxies that filter based on packet headers and/or protocol. | |
| | | gatorkramKaBOOM BabyPremium
join:2002-07-22
Winterville, NC
kudos:2 Reviews:
·Suddenlink
| Re: encryption offers you no protection said by lordkuri:said by gatorkram:The thing that everyone is missing, or not talking about, is the encryption in azureus, and uTorrent, offer you no protection what-so-ever And the thing you seem to be missing is that no one has stated that it's "to protect you". This is wholly intended to get around shaping proxies that filter based on packet headers and/or protocol. I guess maybe you aren't reading the same threads I am?
And yes, I know what the point of the encryption is.
If you would have read the all the threads, which I can only assume you didn't, you would have seen the place for my statement, and understand why it's here.
Thanks
--
Give me bandwidth or give me death! | |
|
 macrospectAll The Little StuffPremium
join:2005-08-25
Doylestown, PA | Itll slow ISP's not stop them. As other users have mentioned this will only slow BT traffic not stop. Sooner or later ISP's will find a way around the encryption. Its just a matter of time (just like everything else dealing with P2P).
Not all P2P is bad though. I mean there is a good amount that is, but there is also a large portion that can be traded (legally). | |
| | Combat ChuckToo Many CannibalsPremium
join:2001-11-29
Erie, PA | Re: Itll slow ISP's not stop them. said by macrospect:As other users have mentioned this will only slow BT traffic not stop. Sooner or later ISP's will find a way around the encryption. Its just a matter of time (just like everything else dealing with P2P). It's trivial to come up with a way to identify BT on a home connection without even looking at whats in the packet. Just look for an end user with a whole lot of incoming connections look at the port those connections are headed to, throttle that port.
--
Asking those who disagree with you to find support of your arguements is like asking an assailant if you can borrow his gun. | |
| | | | | Re: Itll slow ISP's not stop them. Is there software/hardware that can do that automatically ??
I'm just curious is all....the only exposure in the "hands on" networking parts is the Cisco IOS that I am aware of and on that all of the bit-capping was a manual ordeal... | |
| | | | Combat ChuckToo Many CannibalsPremium
join:2001-11-29
Erie, PA | Re: Itll slow ISP's not stop them. said by Cheeze It9:Is there software/hardware that can do that automatically ?? I'm just curious is all....the only exposure in the "hands on" networking parts is the Cisco IOS that I am aware of and on that all of the bit-capping was a manual ordeal... I don't know, but I doubt it would be hard to write.
--
Asking those who disagree with you to find support of your arguements is like asking an assailant if you can borrow his gun. | |
|
| | Re: Encryption vs. Security I have the problem where everytime I turn on azureus it contacts multiple isps on the same port number then they report me to dshield. After erasing every thing that could possibly be associated with azureus it still does the same thing at a random time maybe twice a day using multiple ips for each port used for attack. Couldn't be dynamic ips or p2p afterglow. | |
|
| |
|
|
