BitTorrent is a popular peer-to-peer (P2P) file sharing protocol designed to efficiently transfer large files across the internet. However, many of these users participate in the illegal exchange of copyrighted material such as music, video games, movies, etc. This is a huge problem for copyright holders who perceive this as illegal exchange of content and a threat to their businesses. Therefore they employ enforcement agencies which engage in indirect and direct monitoring of P2P networks in an attempt to stop this.
Indirect Monitoring – Enforcement agencies collect information that a peer’s IP address is part of a group sharing copyrighted material. Using this method, the enforcement agency does not necessarily know if they are uploading/downloading copy righted material. Only that they are part of the group or “swarm”.
Direct Monitoring – Enforcement agencies collect first-information of file sharing. A connection will be established with the peer to confirm that they are indeed sharing copyrighted material. Using this method, the enforcement agency knows that the peer is indeed uploading/downloading copyrighted material; however this requires significantly more bandwidth and computing power.
In a recent study by the University of Birmingham, researchers attempted to characterize the current state of the bittorrent monitoring. They conducted the study “measuring activity of 1,033 swarms across 421 trackers for 36 days over 2 years, collecting over 150 GB of BitTorrent traffic”.
In order to detect indirect monitoring, the researchers simply collected all the IP addresses of peers returned by BitTorrent trackers. Monitors may be discerned by the following characteristics: spending a larger portion of their time in a swarm than regular file-sharers, number of different combinations per IP address, whether the peer accepts incoming connections (monitors may block incoming traffic), etc.
In order to detect direct monitors, the researchers had to insert their own monitors into the swarms. Direct monitors would show download completions of between 45% and 55%, meaning that the peer is lying about the parts of the shared file it is holding. Another method would be the connection time associated with the peers. The behavior of direct monitors is to connect to the peers for much longer than regular file-sharers.
The researchers found a high number of monitors in the Top 100 Torrents of The Pirate Bay. This means that enforcement agencies are actively monitoring the most popular content. However this is not to say that other categories are not monitored as well. 40% of the monitors that communicated with the clients made their initial connections within 3 hours of the client joining the swarm. This average time decreases as the popularity of the file increases. For less popular torrents monitoring is unlikely.
Based on the publishing of this research both torrenters and copyright agencies may become more aware of monitor tactics. Torrenters will attempt to make more efficient blocklists, which prevent direct monitoring. However, copyright agencies may attempt to make more effective monitors which will more effectively emulate more “real” peers. The drawback to this method is the amount of computing power and bandwidth required for this. Ultimately, it seems as though torrenters will not stop downloading anytime soon and copyright agencies will continue pursuing them.
Source: Ars Technica