dslreports logo
site
spacer

spacer
 
   
spc
story category
AT&T Patents Elaborate BitTorrent Snooping System
Which Could Help Automate Disciplinary Action
by Karl Bode 06:30PM Monday Jul 15 2013
AT&T has recently been busy filing numerous patents that will help the nation's largest telco more closely monitor BitTorrent networks and file transfers. According to Torrent Freak, none of the ideas have been implemented yet, but all involve more closely snooping on user file transfers, then potentially reporting the user to copyright holders or suspending accounts entirely. In one of AT&T's patent filings, they explain how an automated system could identify piracy and then automate action against a user:
quote:
"The responsive action, for example, might be to terminate the data transmission, to suspend the customer’s account, or to report the existence of the match to an interested party, such as a copyright owner or a law enforcement or security official, or to store the positive match to compare to later matches that are detected in subsequent transmissions to the same user or from the same sender."
AT&T is of course one of many ISPs currently involved in the entertainment industry's six strikes graduated response program, which tries to "educate" users about the errors of their ways. However, most tech-savvy pirates use VPN or proxy services to hide their activity from their carrier. Again, there's nothing suggesting that AT&T has deployed this technology yet, though it remains interesting they're even considering it.

view:
topics flat nest 
brianiscool

join:2000-08-16
Tampa, FL
kudos:1

Easy Solution

Solution 1

1) Get yourself some Socks 5 Proxies and chain three of them.

Solution 2

Install TOR you can get an average of 3.5MB/sec on downloads.

Anonymous555

@nor-consult.com

Re: Easy Solution

The sad thing is, TOR would be an upgrade for me if it weren't using my existing connection... Thank's USA and regulatory capture.

TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx
Reviews:
·Optimum Online
·Clearwire Wireless
said by brianiscool:

Solution 2

Install TOR you can get an average of 3.5MB/sec on downloads.

That's an absolutely horrible abuse of a necessary privacy network. Exit nodes will rightly block all P2P traffic on the TOR network (many already do). A better, non-destructive, and sustainable solution is to get an offshore seed box; do P2P from there; then download content via sftp to your media drive. An offshore seed box on a DS3 connection (45 mbps) costs as little as $15.00/Mo. Compared with Cable, music, and movie purchases, it's a drop in the bucket, a no-brainer, and you don't have to step all over folks who desperately need TOR for basic safe communications. Kill TOR and you kill oppressed people. If you had a conscience you wouldn't even suggest this!

--
"Remember, remember the fifth of November.
Gunpowder, Treason and Plot.
I see no reason why Gunpowder Treason
Should ever be forgot."

"People should not be afraid of their governments. Governments should be afraid of their people"

silbaco
Premium
join:2009-08-03
USA

Re: Easy Solution

You can get a VPN for as cheap as $5 per month. There is absolutely no reason to use TOR for P2P.
Expand your moderator at work

elios

join:2005-11-15
Springfield, MO

Re: Easy Solution

hell share the seed box with your friends and its even cheaper
silbaco
Premium
join:2009-08-03
USA
Or a 3rd solution, don't use bittorrent.
Expand your moderator at work
ISurfTooMuch

join:2007-04-23
Tuscaloosa, AL

Encryption

Something like this will work for all of a week, until someone layers encryption onto BT traffic, just like Web sites do it for transmitting sensitive info.

And, if you think about it, all Internet traffic should be encrypted. E-mail is a perfect example. And it needs to be end-to-end. Right now, how do you really know that that e-mail is really from who you think it's from? In truth, you don't. You guess by the content, but that can be faked by someone who wants to take the trouble to fool you badly enough. And how many sensitive e-mails have been sent to the wrong person because of a single erroneous keystroke? Allowing the user to go through a second step of selecting the user's public key would cut down on that possibility.

At any rate, encryption can't happen fast enough. The idea that ISP's are sitting in the middle of a data stream sniffing traffic is just plain scary, no matter why they're doing it.

mackey
Premium
join:2007-08-20
kudos:12

Re: Encryption

said by ISurfTooMuch:

Something like this will work for all of a week, until someone layers encryption onto BT traffic

Don't you mean check the box in their client that enables it? My client has supported it for almost 6 years now.

/M

TamaraB
Question The Current Paradigm
Premium
join:2000-11-08
Da Bronx
Reviews:
·Optimum Online
·Clearwire Wireless

Re: Encryption

said by mackey:

Don't you mean check the box in their client that enables it? My client has supported it for almost 6 years now.

/M

Doesn't that apply only to tracker communications?


MxxCon

join:1999-11-19
Brooklyn, NY

Re: Encryption

No, there are peer to peer encryption protocols as well.
cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9
said by TamaraB:

Doesn't that apply only to tracker communications?

No. That option has nothing at all to do with tracker communication (which is an HTTP GET.) If you want the tracker traffic encrypted, use https instead of http -- assuming the site supports it. (very few sites run ssl trackers, as ssl is a very computationally expensive protocol.)

MxxCon

join:1999-11-19
Brooklyn, NY
No matter how you change that bittorrent encryption, with properly implemented snooping mechanism, they will be able to see what's inside of your stream.
You can't compare web SSL encryption with random bittorrent encryption.
The biggest and most critical difference is authentication.
With HTTPS SSL there's a chain of trust which allows you to verify authenticity of a certificate. If somebody tries to fake a certificate for dslreports.com your browser will instantly know that because it will not pass the chain of trust.

You can not do the same with random p2p connections. If you were to do that, that means you'll have to have the whole public-key infrastructure setup which will destroy anonymity. You'd be able to easily look up whose encryption key was used.
As such, if you can't have proper authentication infrastructure that means you can't protect against man-in-the-middle attack that will on the fly replace other person's encryption key with AT&T's own and you won't know about it. In the mean time they'll be able to see everything that is inside of your "encrypted" stream.
--
[Sig removed by Administrator: signature can not exceed 20GB]
ISurfTooMuch

join:2007-04-23
Tuscaloosa, AL

Re: Encryption

Good point.

There would need to be a way to authenticate that the encryption being used is actually being provided by the peer at the other end of the connection and not inserted somewhere along the way, yet you don't want to identify the peers on either end.

This wouldn't just be something that's useful to BT traffic. Let's say that you have human rights activists in an oppressive country who need to talk to each other, perhaps by phone, on a network that is being monitored. You need to do it in such a way that the encryption is secure, but you don't want a central repository with everyone's identity on it, since it'd be a quick way for all of them to end up...well, you know.

MxxCon

join:1999-11-19
Brooklyn, NY

Re: Encryption

said by ISurfTooMuch:

Let's say that you have human rights activists in an oppressive country who need to talk to each other, perhaps by phone, on a network that is being monitored. You need to do it in such a way that the encryption is secure, but you don't want a central repository with everyone's identity on it, since it'd be a quick way for all of them to end up...well, you know.

For that there are various apps from »guardianproject.info/
It is related to »en.wikipedia.org/wiki/Socialist_millionaire
--
[Sig removed by Administrator: signature can not exceed 20GB]

syclone

@sbcglobal.net

Why not...

Fight back.

1. Get a bunch of friends together
2. All purchase some copyrighted movie/software you all want to own anyway
3. Create own tracker
4. Aimlessly seed the files you all own to each other over and over
5. Get service shut down by automatic "infringement" detection software
6. Sue AT&T for interfering with your legal file transfers
7. Profit!

ArrayList
netbus developer
Premium
join:2005-03-19
Brighton, MA

Re: Why not...

AT&T has the right to terminate service for any reason whatsoever.
--
A sane approach to our federal budget: Ignore the tea party
steevo22

join:2002-10-17
Fullerton, CA
Reviews:
·Time Warner Cable
·AT&T DSL Service

Safe Harbor and you wouldn't want to screw it up.

But the question is really this: AT&T and other ISPs enjoy a "safe harbor" doctrine where they are not responsible for what their customers do online.

I think this depends on their not paying too much attention, and definitely not looking too closely or taking action if they know something.

It might be much better for them to *not know* and to ignore such goings on, lest they lose their "safe harbor".

If someone could prove that they knew or even that they should have known something, and didn't take whatever action that person thinks appropriate, well, they could have liability, much more liability than if they didn't know and were not supposed to know. If they have a patent on it, well, it's hard to argue they didn't know, and shouldn't know.

I am always careful to mind what I know and should know. If I am not supposed to know something, well, I have no liability.

"You didn't tell us about that".
"I didn't know and I don't have the expertise to know".
"It's not my job to know about that".

Sometimes that is by far the best approach.
silbaco
Premium
join:2009-08-03
USA

Re: Safe Harbor and you wouldn't want to screw it up.

The entertainment industry strongly believes they can take ISPs to court and invalidate the safe harbor for ISPs. ISPs are supposed to have some way of dealing with copyright infringement according to DMCA. But practically no ISP has a system in place. That's a major part of why the big ISPs agreed to go along with the copyright alert system and no doubt part of the reason At&t is doing this.
cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9

Re: Safe Harbor and you wouldn't want to screw it up.

The DMCA is very clear here. The ISP merely passes along the claim. The problem is knowing "who" was using an IP address at any specific time in the past -- often months ago.

AT&T is doing this... because they want to PROFIT from it. "We hold the patents on X, pay up suckers!"
silbaco
Premium
join:2009-08-03
USA

Re: Safe Harbor and you wouldn't want to screw it up.

According to DMCA, ISPs are supposed to have some method of handling repeat offenders.

Corehhi

join:2002-01-28
Bluffton, SC

No idea

I have no idea why an ISP would want any involvement in copy right issues??? What's in it for them????
silbaco
Premium
join:2009-08-03
USA

Re: No idea

Companies patent a lot of things. That doesn't mean they will ever actually make use of it.

Probitas

@teksavvy.com

this could be the sign in the window

Just because they say this, doesn't mean they'll implement. That could be costly. It could just be a case of AT&T putting up a sign that says your connection is being monitored for piracy, just like people put up signs saying the house has an alarm system. Doesn't mean it's true.
mrwiggles

join:2013-06-10
Sherman, TX

New Technologies

If these patents are implemented; Does that mean that AT&T is no longer a dumb pipe and therefore no longer protected by Safe Harbor?

Has anyone ACTUALLY READ the DMCA Act? This act very clearly states that ISPs who do not monitor traffic and only act as a provider, unaware of user activities, DOES NOT HAVE TO DO ANYTHING. Nada, zilch, nothing. These ISPs must have a process in place to receive these notices but they are not obligated by any law to act on them or investigate them further. An ISP simply has to receive the complaint and nothing else what-so-ever. Period, end of discussion. All of these articles are basically pointing out how certain ISPs feel the need to interject themselves into something that they shouldn't and they are trying to play cop.

anon1

@optonline.net

this is illegal!

doing deep packet inspection without a court order is illegal. it's like wiretapping a phone. in some cases it IS, because many people use VOIP.