Cover your ass from anti-P2Ps

When record labels are being taken down for sharing their own music you know it’s time to hide. Like it or not, the RIAA and MPAA are going to have to face up to the fact that they simply cannot contain piracy. So long as the media exists in an electronic form, it is easily possible to replicate and distribute it, and with internet speeds commonly measured in Mbits/s, levels of music and film piracy are completely out of the control of the law. So this means that the few unfortunate souls who do get caught sharing files illegally are in for one heck of a punishment and end up used as examples to the rest of the torrenting community.

I’d like to think that most of those who stumble upon my blog can be considered friends, and so in this friendly spirit I offer some advice for those who simply can’t help but fire up uTorrent whenever they miss that one must-see episode of Dr Who. Of course, in no way do I encourage breaking the law, but I reckon if you do, as a friend, you deserve some protection from the huge-capital goliaths of the music and film industries.

Torrenting

Lifehacker had a wonderful feature on BitTorrent privacy which I’m going to replicate partially here rather shamelessly.

Basically the way you get caught on BitTorrent is when an anti-P2P organisation pretends to seed a file and grabs your IP as you download from them (or vice versa), and once they have your IP, you’re pretty screwed.

Solution 1: use IP blacklist blocking programs (PeerGuardian)

Begin Lifehacker copy-paste-summarise:

IP-blocking application PeerGuardian2 (PG2) uses a constantly updated blacklist of IP addresses known to track your activity. By default, PG2 already blocks Anti-P2P organizations but it’s capable of blocking more IPs if you have other privacy concerns beyond P2P that you want to address. PG2 is not and cannot be 100% effective, but it will provide a good deal more protection than downloading without. With PG2 running, you’ll never connect to the IP addresses on the Anti-P2P blacklist, meaning that those organization can’t log your IP and your participation in a copyrighted download.

Solution 2: use a proxy

[Lifehacker]If we’re talking about file sharing, a proxy protects you by routing all of your traffic through another server when it leaves your computer and before it comes back to you. That means that when you’re downloading data using a peer-to-peer protocol like BitTorrent, your peers can only see the proxy IP address, not your home IP address—so even if they are tracking your activity, they’re not actually tracking your address at all.[/Lifehacker]

Apparently a good proxy service is BTGuard ($7/mo), but if you don’t like paying, you might consider using Tor, the Onion Router.

Taken from the Tor website:

Tor is a software project that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.

Your (encrypted) traffic is routed through other peoples’ computers, giving you fantastic privacy for free. The downside is that the network is under enormous strain as many people have exactly the same idea, so download speeds tend to be fairly limited and the damage done to the network’s capability to re-route data is detrimental to the Tor community. Which is why, as a Tor user and relay host myself, I’d encourage you, if you do decide to download through Tor, to run a relay and give something back to the Tor network, traffic-wise.

Solution 3: Encrypt torrented traffic

I suppose if you can’t be bothered to install PG or Tor, the least you can do is make some attempt to hide the data through the encryption service provided by most Torrent clients. There’s a fantastic set of instructions here. Many ISPs understandably hate BitTorrent as it’s apparently responsible for 80% of total internet traffic (Ouch) so throttle BitTorrent speeds. This encryption is designed to get round that, but at the same time affords a limited level of privacy. Without PeerGuardian though, there’s absolutely no guarantee you aren’t downloading from a sting-operation server owned by the RIAA itself.

HTTP Downloading

There are numerous other ways of obtaining pirated material though, including Rapidshare, which are generally less susceptible to spying. There’s an entire forum dedicated to Rapidshare download links of pirated music, films and software, and since your ISP is probably too busy spying on Torrent traffic it’s unlikely to be watching HTTP traffic streams for un-paid-for material, especially since many HTTP downloads are actually legitimate, e.g. from online stores, and regulating it all would be too much of a nightmare. Many Rapidshare download links are also password-protected rar files (forum posts contain the passwords) so even if your traffic gets spied on, ISPs won’t be bothered enough to attempt to brute-force your archive. Even better, if it’s software, the forum format provides some protection as users submitting feedback for download links normally complain loudly if their AV detects malware. HTTP downloads are also easily routed through proxies and require only a browser to initiate so are almost ideal for most people.

Steganography

And of course, rather than making it blatant that you’re downloading pirated stuff but frustrating authorities by encrypting it, you can always try hiding the fact that you’re downloading a song, including concealing an mp3 file inside a suitably large image file:

copy /b image.png + piratedsong.mp3 innocentlookingfile.png

To extract, rename the innocent looking file to have an mp3 extension.

I hope this has been useful to someone, as all these methods have been tried and tested extensively vicariously by myself at some point and been found to work very well indeed.

Advertisements

2 Responses to Cover your ass from anti-P2Ps

  1. William says:

    Tor is not designed for P2P and should not be used as such as this is against the usage policy. Please do not encourage people to do so. It is a far too high-bandwidth use on a service that is pushed to provide essential services to those at threat from oppressive governments rather than people trying to get some music for free.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: