There is No Anonymity with that Torrent

Thursday, November 26th, 2009 at 1:00 am | 9,104 views | trackback url

I’ve been running a public BitTorrent tracker for about 7 years for several of the Open Source projects I host (Plucker, J-Pilot, pilot-link).

People ask me all the time in private email, how they can be “completely anonymous” when torrenting. I can only assume they want to share some copyrighted material with their torrent client, and don’t want the MPAA or RIAA chasing them down.

The quick and dirty answer is: you can’t!

Azureus Peers List

There are plenty of tools out there that let you lock down your torrent client, block domains, even block an entire country, but your IP and connection state are still shared across all peers you’re sharing with, or downloading data from.

Even tools like Tor can’t be used for this, because you never know who runs the exit nodes, and that is where your actual IP address is exposed. You can’t trust those endpoints.

What this means is, you can block all of the peers emanating from within US network and netblocks, and only allow connections from non-US peers, but those non-US peers are probably allowing connections from the same US peers you’re blocking.

Let me explain:

  1. You block all US peers using SafePeer, PeerGuardian, MoBlock or other tools.
  2. You connect to a peer in Romania using your “trusted” BitTorrent client (such as Vuze [formerly Azureus])
  3. Romania peer connects to some US peers (possibly those running on RIAA or MPAA harvesting hosts)
  4. Your IP and connection state have just been exposed to those US hosts you’re trying to block

There are ways to attempt to anonymize your traffic and connection state from the tracker (the main point of leakage, and the primary target of the MPAA/RIAA), but it requires that you understand and implement technologies like I2P, and configure them appropriately, end-to-end.

“I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.”

I’ve been toying with i2p lately as a means of securing some internal IRC chat servers that I run. It’s a bit slower, but it does do the job, and does it very well.

I don’t personally need to ride BitTorrent behind the i2p network, but plenty of others are doing exactly that with i2p.

i2p is a bit earlier in the game of creating free, anonymous network traffic, and others have come before it that provide more flexibility and a more-distributed network (like Freenet), but it is maturing fast, and is very capable.

The main thing Freenet provides that i2p does not (at this point), is distributed data storage. However, the i2p developers are working on that [i2p] [http] (warning: the i2p URL won’t work unless you have your i2p proxy and tunnels configured correctly).

Just keep in mind, if you want to “hide” yourself, you need to use an entirely new network, one that relies on de-centralized peers, who do NOT trust each other, and the entire network has to use encryption at every possible turn, to ensure nothing is peeked, sniffed or re-transmitted.

p.s.: If you must, use iMule or these instructions for i2p-enabling Azureus

Last Modified: Sunday, March 6th, 2016 @ 02:08

One Response to “There is No Anonymity with that Torrent”

  1. […] been using i2p for a few things, including browsing and keeping my online research for new business ventures out of the prying eyes […]

Leave a Reply

You must be logged in to post a comment.

Bad Behavior has blocked 3673 access attempts in the last 7 days.