First off I would like to state that I am kind of paranoid about this issue and that the hole I am describing is probably not as deep as it might seem from my point of view.
Since this is a small private tracker, none of the below might ever be relevant for you as long as you don't use 'dangerous' sources to download from, like open trackers (piratebay and the like).
Since there has been some development in legislature in some European countries and the US, I thought I'd share some of my thoughts on what to do about it.
Mainly I am referring to the European data retention directive, that obliges ISPs to store information about all connections made via their infrastructure, store it for a minimum of 6 months and make this information available to law enforcement (anti-piracy organizations are trying to change legislature to get access too) and the decision of American ISPs to start actively monitoring traffic for copyright infringement (ie torrent traffic,
http://torguard.net/blog/?p=15 ).
Apart from the abuse issue (
https://www.eff.org/deeplinks/2012/04/european-data-retention-directive-work-polish-authorities-abuse-access-data ), this should actually be interesting for every active member of this site.
Most likely your ISP stores all your connections to the tracker and the website. While they probably (if you encrypt your torrent traffic) cannot see what you are transferring, they can see how much you are transferring and where that traffic goes.
This may or may not be enough to convince a judge that you are guilty of sharing copyrighted material. It may be enough for a judge to give police permission to search your home, I don't know, I am not a lawyer. Anyways, the argument could go something like "this person heavily connects to a bad site (has torrent in its name) and transfers lots of data - so we are reasonably sure that illegal things are going on".
Suppose this tracker is infiltrated by infringement hunters. They now just have to scrape IP addresses off the tracker and go to their favourite judge to ask for connection data - maybe even go to the ISP directly. Might be paranoid but not unthinkable. Then you are in deep shit as they have hard evidence against you.
Suppose you download from public trackers and you arouse suspicion. After taking a look at your connections they would know about your activities on this site, too.
While this might all be not very likely, it is possible, and I guess what I am trying to bring across is, that it is very easy to build a case against you based on your connection data.
So, what to do about it?
option: stop downloading - safest thing I can think of - but at this moment not for me
I guess that a first stop should be at google or duckduckgo for that matter and find out how to secure your torrent transfers.
I give a no-way exhaustive list of what I implemented or thought about implementing on my system.
.) disable dht
.) enable/require encryption - I encrypt any traffic I can encrypt
.) block corporate ips
http://forum.emule-project.net/index.php?showtopic=19247
.) use public dns-servers, for instance see
http://www.opendns.com/ or google public dns, ie 8.8.8.8, 8.8.4.4
.) get a seedbox - might be the best option apart from abstinence
.) use the services of a vpn provider,
http://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/ , there are other that are not on this list, but to get you started
.) give usenet a go
EDIT: The above article is a word for word copy of the original article. None of the above was written by me. Credits to the original writer m*****x
SOURCE: From a private tracker forum (I am not posting the link to protect both me and the site. If any mod wants to verify my source he/she can ask n I will PM him/her the link)
LinkBack URL
About LinkBacks
Torrenting and Security
Reply With Quote
