A block of 86 lines of C# code is creating a buzz online following claims it may make BitTorrent downloads untraceable. The code, sweetly named SeedFucker, is actually an exploit discovered last November that would allow a BitTorent user to fake the IP address of a server from where a file could be downloaded. It could also be …
All this fuss and bother...
...so people can share Linux distributions.
lmao @ UK
How far the mighty has fallen. Doesn't the UK still have to follow EU laws? I thought Europe was supposed to be more mature and protective of things like individual civil liberties. Pretty sad when the UK is even worse than the US Inc. when it comes to these issues. At least our government is bought and sold by the corporations who are some what accountable to shareholders instead of self appointed incompetent window lickers who are accountable to no one. Hey UK wake up. If even we the sheeple in the states can get rid of Bush and buddies perhaps you all shouldn't be reelecting NuLab and Gordo Brownie.
america f*ck yeah
Your understanding of world politics is unrivalled. Well done for showing the rest of the world that America is a country to be taken seriously and not just full of ill informed fools.
Ultimately our government does have to answer to the European Court of Human Rights, but they're always less than eager to do so.
Anyway, it's general election time.
David Cameroon has to follow EU law, which overides UK law. Nothing he can do, short of leaving the EU, will change anything. the EU is just as restrictive as the UK !
And where did you get the idea that EU law does, or will, allow download of unpaid-for copyright material ?
But they have worked out how to rig it. If you look at the horrible EU laws, you find that they were lobbied for and created for the local politicos that we are hoping the EU will protect us from. (E.g. any copper in any country paid by any crook can look at any police record of anyone in Europe?)
Fail, dude. A US president can only run for two four-year terms. The Americans did not "get rid of Bush", he was out of the picture, leading to a competition between Obama and a guy named after an oven chip, neither of which were Bush.
Epic Fail as you appear to be American and don't know that. Wow.
Oh, and none of us elected Gordie. We elected the party and the party elects the leader. When the pseudo-elected leader (Blair) left (was pushed), Gordie assumed leadership. This state of change should have triggered an automatic general election, but our (so-called) democracy is too f**ked for that.
No, Blair resigning should have triggered a by-election in Sedgefield, which is did. If Phil Wilson had assumed PM-ship, you might might have a point. No voter other than Sedgefield voted for Blair in 97 - with the exception of idiots. So far it's a repeat of the story of John Major becoming PM in 1990, the only difference is people have spent too much time watching the West Wing and think they're American.
but of course
This is silly. As silly as patenting One click.
This is simply using the bittorrent protocole.
There are two ways to announce your IP to the tracker. Either you don't give any address, and the tracker assumes that the originating tcp/ip address is your address. Or you can give ANY address in the corresponding address field of the first request.
This has been possible since day one.
What this seedfucker does is that it's a script that connects to trackers and sends fake originating IPs.
It's VERY easy for trackers to protect from that. Simply look at the originating tcpip address, which CANNOT be faked. And ban anyone who sends you more than 2 or 3 different addresses...
And of course it can be exploited to give out government, majors, you name it, IP addresses :)
So to sum up my feeling, there is no exploit or any special thing here, only an idiot who wrote a huge script that fakes IPs. No hacking here.
Ban multiple IP submissions
"It's VERY easy for trackers to protect from that. Simply look at the originating tcpip address, which CANNOT be faked. And ban anyone who sends you more than 2 or 3 different addresses..."
So, you block everyone who is using an anonymizing proxy, TOR, private network gateway, VPNs and other happy internet contrivance to normally manage resources or cloak the transaction. Yep, both "legal" and "illicit" purposes there, blocked and banned.
And then you wonder why no one uses your tracker anymore...
why would a tracker want to ban anybody?
Or then, you have people subscribe to your tracker, so that you can discriminate them,
and you give out download keys that are linked to each user and embeded in the announce URL.
Many trackers do that already.
Then you can see who seems to be opening their torrents from all over the world every second...
What a lot of the plebs don't realise is that a lot of private trackers issue unique keys on the torrents downloaded to their users. Then when the key ends up on a public tracker, the private tracker mods know it's been ripped and ban the user from the private tracker based on the fact that the user's key went "wild".
A lot of private trackers issue warning after warning to never, ever put your torrent files anywhere public else you will be banned, not due to loss of the torrent content but for attempting to allow and sundry to bash on the door of the tracker.
The only downside to this is that as user is tied uniquely to a tracker operator, the fuzz bust in and they have an instant database of who has been doing what with whom!
"why would a tracker want to ban anybody?"
Because otherwise the long arm of law^Wcopyright enforcement will nick their servers?
It forces due diligence, which is no bad thing...
so now users can make a torrent seem to have fake peers as well as the tracker... if the companies are doing their jobs properly*, this shouldn't matter... a valid fragment of the file (i.e. not just random bytes) should be uploaded from the peer to the company before they record that IP as being infringeing
* pretty sure they _aren't_ this diligent... all this'll do is make them wise up quicker, though, rather it waiting until the comedy moment when someone's webcam gets sued
It's very possible to be visible in a swarm but still not download/upload to any particular host. The industries don't want to risk missing IP addresses they see in the swarm and usually count them all as infringers.
Funny thing is that even though inserting fake ip's has been a feature of opentracker for a few years (http://opentracker.blog.h3q.com/2007/02/12/perfect-deniability/), an ip address alone is still widely viewed as evidence enough of wrongdoing.
Forget the webcam moment
They already sent DMCA takedown requests for three laser printers
Swings both ways
Everyone seems to be in a stir about so called file sharing. But the recording industry is also part of the problem. The recording industry has lobbied Congress (US) many times to get copy right extensions. With the Sony Bono Copy Right Extension (1998), the copy right on movies has been extended to 120 years in some cases. Virtually every movie produced by a movie studio is now copy righted. In essence, there is no public domain for copy righted works. These extension laws were designed to preserve works of art, but they only serve to allow the recording industry to bury their movies and music forever. Until the recording industry is willing to compromise with the public (things like limiting the length of a copy right to 25 or 30 years maximum), they will have little success in fighting file sharing. All of the draconian laws to stop file sharing will fail. All that will be produced is a hot war between the public and the recording industry. Greed can only go so far
You reckon if the US copyright laws change from 120 years (in some cases) to being only 25 to 30 years, that will stop global file sharing? People all over the world will stop if americans only have to wait 25 years from release to share films?
Isn't half-term over? Shouldn't you be back at school?
"Greed can only go so far"
Wise up guys, you have to pay eventually.
Sitting in your Mom's house downloading every TV, movie and CD you want without paying, sheesh.
But extending copyright protection to cover every copyrighted piece to eternity, that destroys any incentive of people not to download works. The Wizard of OZ should not be under copyright protection period. IF this corporate greedy mentality were extended to patients, there would be no such thing as generic drugs. By locking so called works of art up forever, that will aid in creating a further class difference between the rich and the poor. Finally, why should tax payers pay so that these corporate stooges can keep a cheap movie under raps for ever? As for me, I could not care less about file suckers and what they do. Who knows, maybe someone will eventually wake up
Ban Drugs................. that worked...................... eh what was I saying... hey crisps!
Banning sale and consumption of drugs is analogous to banning the unlawful copying of other's copyright material, how?
You mean you can't see the link between:
Prohibition and Speakeasy
"War on Drugs" and your local dealer
it is *really* a stretch of the imagination to see
MPAA/RIAA/Etc and PirateBay et al. </sarcasm>
you fail at failing!
Not quite Kieren
Kieren, please, read the code. Then understand the bittorrent protocol, and you'll see why the conclusions in your article are false. Most of the big trackers already do this anyway, and have for years. After the University of Washington study in 08, antiP2P companies doing monitoring wouldn't be affected by this either, as they learnt their lesson.
However, about the only practical use for this code is to inflate scrape-value peer numbers for fake torrents, so that the values on some sites will be higher, leading to people downloading it. If anything, the Antip2p companies are the ones most likely to be using this, to 'entice' people onto their torrent so they can be tracked.
If you want more detailed reasons, Kieren, then get in touch.
Anybody seeing a file with a suspiciously high seed rate should automatically avoid it anyway, as it likely does not contain whatever legal file you were looking for.... Ahem.
Surely the easiest way around the new legislation is simply to treat your ISP as a pipe through which you create a SSL VPN? The ISP then can't see what you may or may not be downloading, which means they needn't consider cutting you off. Apart from rather a lot of traffic on port 443, the only thing my ISP knows about my surfing habits is that I occasionally use for PS3 to play games online.
Where does your tunnel terminate though?
I don't understand the significance
An ISP employing deep packet inspection will be able to spot BitTorrent connections regardless of what the client is reporting. For a spy outside the ISP's gateway it's a simple matter to connect to the supposed port and find out if it's really sharing said file.
In essence this exploit appears useless but we're not given a chance to confirm the story ourselves because Kieren McCarthy in San Francisco gives not one reference and has shown a poor grasp of the subject at hand. (e.g. "No sooner had Napster been taken down than a new method of file sharing, BitTorrent, was rapidly adopted.")
For the uninitiated Gnutella, WinMX, FastTrack and eDonkey all had their time in the spotlight before BitTorrent bloomed late.
(My reference: http://www.slyck.com/story1314.html)
think you'll find the references you need (including the C# code in question) here http://torrentfreak.com/seedfucker-is-not-going-to-make-bittorrent-anonymous-100414/
Does deep packet inspection work on encrypted connections? Didn't think so.
Of course, no amount of masking your traffic destinations can hide the sheer volume going through your connection.
For now ISP's simply slam the brakes on your speed, pray they don't cotton on and for ISP's to report your account for "suspiciously high volumes of traffic to locations outside of the pre-approved list (iplayer, youtube blah blah)".
A previously Ambilivant Paytard Comments
I was listening to Radio 4 on this whole new law and t hey summed it up by saying something like that it was rubber stamped by "Mandleson at a Meeting with Geffen on the Rothschild Estate ......... it doesn't get anymore sinister than that"
As a Paytard i wasn't even interested in this topic until they passed this dodgy bill into law without proper consideration during the washup but i am now. I think they best way to upset the Politicians and teach them a lesson would be for the interwebs collective uber brain to devise some new sneaky code that makes a mockery of it. Perhaps they will then be forced to rethink and consider if screwing the civil liberties of all to find a few is really a proportional response to copyright protected file sharing or as it otherwise known some kids downloading some rubbish they weren't going to buy anyway.
There is no denying that we need to protect copyright and intellectual property, as a devloped nation we depend on such things more than others. That said when technolgies and laws are passed not to protect intellectual proerty but instead illegal and immoral cartell based business models its time to draw a line.
Epic freetard fail
"There is no denying that we need to protect copyright and intellectual property"
Well, you are denying it for a start.
How are you going to protect it from freetards, then?
it's only a matter of time
before bittorrent peers become either untraceable or participation impossible to prove due to the deluge of false IP addresses being thrown into the swarm
anyhow, they can't even catch anybody now, so I don't think I'll bother panicking
If I'm reading this correctly
This is very old news. The tracker protocols (actually just a HTTP/URL protocol for announcing you want to join the peer network) have had the ability to specify the IP address you're connecting from for ages. Not all trackers will support the IP= field, but it seems that most do. It's very handy if you're sending all your tracker requests through a VPN, tor network or web proxy, which seems to be the main reason it's supported in the first place.
Once again, I'm pretty sure the code described in the article is based on old knowledge. There's a good paper describing how (I think) this technique was used to get DMCA takedown notices sent to a network printer:
The Reg article is also quite a bit off when it talks about using this for "anonymity". In fact, if you want to connect to the swarm, you have to have a valid IP from which you can connect. Once you're in the swarm, the tracker knows about it and will gladly tell anyone who makes a request to join later. All you achieve by feeding fake IP data to the tracker is to increase the amount of unnecessary traffic that will be generated by peers trying to connect to random machines and making it more difficult (but not impossible) for eavesdroppers to say with certainty whether a given IP is actually part of the swarm.
The next logical step for eavesdroppers is to actually attempt to connect to the sites themselves and see if they're actually accepting incoming bittorrent protocol messages. Of course, the other side can also make things more difficult by picking machines they know will be listening/conversing on a given port, so eavesdroppers might end up with a few more false positives than they'd like. Plus, if there are enough fake IP messages spread out to enough popular active torrents, the effect on the targetted IP address could be tantamount to a DDOS. I'm actually surprised nobody's gone and exploited that one so far.
Although it's not mentioned in the article I linked, there's also the possibility of using the Peer Exchange feature of bittorrent to achieve pretty much the same spoofing behaviour.
Finally, I think I'll go anon on this one cos I'd written my own scripts to do this spoofing since around, oh, Hadopi 1. Not that I've ever used them to bombard French government sites with masses of torrent traffic, but since it seems like such an obvious thing to do, I don't want to get blamed for the actions of any other (hypothetical) script kiddies who've had the same idea. Better safe than sorry.
Technically illiterate journalist gets pwn3d
Nothing to see here, move along.
The dark sith
"Obi-Wan once thought as you do. You don't know the power of the Dark Side, I must obey my master. The ability to destroy a planet is insignificant next to the power of the force. You cannot hide forever, Luke."
Privacy Pirate Party UK!
There's free stuff on the Internets?
Who'd a known it?
The point is ....
... that you only need the possibility of fake IP's in the swarm to get your case thrown out of court e.g. that wasn't me it must have been someone else faking an IP which happened to be mine. The prodecution can not prove beyond reasonable doubt that it was me. End of.
That only applies to criminal cases. But copyright last I checked was still under civil law so there you are the one needing to prove your innocence.
"That only applies to criminal cases. But copyright last I checked was still under civil law so there you are the one needing to prove your innocence."
There's still presumption of innocence in civil law, what changes is the standard of proof required, criminal cases must be established to a standard of "beyond reasonable doubt" whereas civil cases need only be established to the level of "balance of probabilities" (i.e. more likely than not).
My (probably horribly naive and misguided - IANAL etc) interpretation of this as it would apply to using spoofing of IP addresses as a defence in court would be that if you could demonstrate that IP addresses corresponding to real entities were being "spoofed" in a bit torrent swarm at *any* level that would make it extremely difficult for anyone relying on an IP to prove guilt to the standard required for a (hypothetical - as far as I know this stuff still remains within the realm of civil law) criminal prosecution but that to use it as a defence in a civil case you'd have to establish that it was happening often enough to result in a significant probability that a given IP address would appear in a swarm as a result of spoofing.
Geeks move faster than legislators
... and it will ever be so. If the music/flim industry want to stamp out royalty evasion, they should get geeks instead of lawyers and political lobbyists.
Face it, the Internet is founded on the principle that if there is information in one place, it can be replicated to another place. Hence, ALL forms of personal privacy, copyright, or any other reason to hold up the flow of information, are inevitably doomed to fail.
Here's an idea from another industry. Why don't they drop the royalties on the movies/songs themselves, or at least lower them dramatically, and make up the revenue from merchandise and stuff? More people watching the movie (because they can download it free) means more potential customers for a themed t-shirt.
Oh wait - then they'll have to put some quality into their movies or people won't buy the stuff. Back to the old drawing board...
yeah, that'll work.....
they'll make far more money by selling t-shirts than by selling the dvd.....
It's So Sad...
...that a great idea like Bittorrent has become syonymous with freetards. Cascade distribution is the greatest bandwidth saver ever. Oh well.
211, on the other hand, prevents me from letting my rant-quest from going up the tower.
A waste of time
This is not going to hide anyone from from the authorities any no one should be downloading this fix, its probably rigged to report you straight to Sony and the other media industries.
The fact is Media is quite expensive to the average person (believe me I have been poor) paying 79p for a song that your not going to listen to that much in 6months or a year is just a waste, movie rentals catalogues online are not extensive or big enough (in the UK at least) to be worth the £4-8n per a movie extra storage space, broadband connections and TV screens and media players to view the content is not that cheap either.
If young people can't be involved in the new media content and spread its popularity then it will never take off, the main culprit in this whole silly mess is the Media companies that failed to change their business plans in the decades they controlled the industry, why oh why am I still being offered pop corn at the cinema can't stand the stuff! I would like a hamburger and a milkshake, that would make me go to the cinema not a bloody 3d film with smurfs, which I have to wear glasses that don't fit well on top of my glasses.
When an artist/director creates some media content there is no reason it shouldn't be available worldwide instantly (without favor to the US) and at the same price (not just by replacing a $ with a £) and maybe YouTube wont stop people from watching content from other countries for no obvious reason other than a request from a controlling media industry, they'll stand up to China but not EMI lmao
I look forward...
...to the day when all this fighting is a footnote in history (like the fighting after the introduction of radio) and we can all get on with enjoying music, movies and books without the background noise of freetards obtuse whining or being made to feel guilty by pigopolists who refuse to get with the times.
if you look at radio, or VCRs or any other past example of new technologies impacting a pre-existing status-quo in the copyright area, you will find two things.
1) the position of the so-called 'freetards' has persevered, and
2) not only was the alleged damage not forthcoming, but usually the industries, when forced to, not only adapted but grew.
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- OnePlus One cut-price Android phone on sale to all... for 1 HOUR
- UNIX greybeards threaten Debian fork over systemd plan