James Delahunty
10 Apr 2009 9:29
Researchers have warned that regular users of BitTorrent and maybe Skype are risking their privacy due to what they describe as a 'guilt by association' vulnerability. Fabián Bustamante, professor of computer science at Northwestern University, revealed that they have discovered how BitTorrent users form identifiable "communities" over time. The same problem could apply to other technology based on P2P.
"This was particularly surprising because BitTorrent is designed to establish connections at random, so there is no a priori reason for such strong communities to exist," Bustamante says. In a nutshell, it means that users computers tend to connect more often to certain other users machines on P2P networks that was previously thought.
Bustamante says that the research shows that identifying the spontaneous torrent communities would be a "powerful threat to user privacy". For example, users who regularly download and share copyright infringing material could be at risk if investigators started to identify these communities. Most Internet pirates are aware of lawsuits and other deterrents to their activity, but continue to pirate anyway because the odds of actually being the one caught are so slim.
The researchers warn that those odds rise sharply with the naturally forming networks, leaving them open to a guilt by association attack. They found that clued-up eavesdroppers could pick out groups of interest 85% of the time by analyzing just 0.01% of the overall network traffic. There was also a suggestion that Skype users' privacy could be in jeopardy as well, but it is speculative. It suggests that rather than tapping anyone's home line, an agency could setup drones of thousands of active Skype accounts, which presumably would also settle into these commonly occurring groups.
"With P2P networks increasingly under surveillance from private and government organizations," say the researchers. "SwarmScreen provides a practical and effective solution to disrupt [guilt-by-association] attacks". That solution is only available for the Vuze BitTorrent client, and is shown below.
SwarmScreen works by downloading random stuff across the wider P2P network as well as what the client requests. The obviously problem with this is bandwidth wasting, which is why it includes an, "intuitive tuning knob to control the privacy/performance tradeoff - higher privacy may result in some performance loss as some of your bandwidth is allocated to hide your real traffic".
Download Vuze / Azureus from Here.
Download SwarmScreen Plugin from Here.