A BIRMINGHAM UNIVERSITY study has found that bittorrent users are very likely to be monitored as they use the protocol.
The university's research found a surprising amount of monitoring and a surprisingly fast reaction to any downloading activity (PDF).
It found, for example, that anyone downloading a torrent file could be identified by watchers, usually external agencies, within three hours. This monitoring is a reaction to the perceived threat of 'piracy', the authors explained, and is carried out on behalf of copyright holders.
"Copyright holders are known to routinely monitor file-sharers, collect evidence of infringement, issue cease-and-desist letters and, in some cases, demand financial compensation from the users they deem to have infringed their copyright. The task of policing BitTorrent is often outsourced to specialist copyright enforcement agencies," they reported.
There are two types of monitoring, the first being indirect, where clues are used to assess whether someone is uploading or downloading. This, says the paper could be the presence of a user's IP address in a swarm of peers. This indirect method can deliver a lot of false positives, it added.
The other method is direct monitoring, where the agency is present in the swarm and active in traffic. This is seen as being more likely to deliver accurate results, but only marginally so.
For their studies the team looked at torrent traffic for a period of two years, using 100 files on The Pirate Bay as a guide and analysing the events that surrounded them. It found evidence of both kinds of monitoring, adding that while direct monitoring was the more effective, it wasn't very good at actually proving anything.
The study found a hard core of around ten firms or organisations monitoring users, adding that some tried to mask what they were doing and that others purport to be security organisations.
Monitoring organisations typically would connect to a peer for an unusually long period of time, hundreds of hours for example. It is suggested that is necessary as it gives them more time to find out as much about the user as possible.
These users though were not found to be downloading any material, merely connecting, meaning that it would be hard for them to prove whether anything was being shared in the first place.
On average monitors would connect to a swarm within three hours of content being uploaded. The study found that they would favour only the most popular content and would ignore the rest.
"The average time decreases for torrents appearing higher in the Top 100, implying that enforcement agencies allocate resources according to the popularity of the content they monitor," the study said.
"Monitoring is prevalent for popular content (i.e., the most popular torrents on The Pirate Bay) but absent for less popular content, and that peers sharing popular content are likely to be monitored within three hours of joining a swarm."
The paper has some recommendations for anyone that wants to defend themselves against monitoring. It recommends that they use blocklists based on empirical research rather than speculative ones. µ
Is restoring from backup really the better than prevention?
Allowed anyone to pinpoint locations visited by customers of SVR Tracking
Hackers gained access to systems using unsecured administrator's account
But Canonical's Mark Shuttleworth doesn't agree