If you trade BitTorrent files you will be identified in under three hours.

Users who participate in BitTorrent swarms for popular files are likely to have their IP addresses logged by monitoring companies within three hours. That's the conclusion of a paper being presented this week at the SecureComm conference in Italy by Tom Chothia and colleagues at the University of Birmingham.

To arrive at this conclusion, the researchers observed "1,033 swarms across 421 trackers for 36 days over 2 years." They reported that "monitoring is prevalent for popular content (i.e., the most popular torrents on The Pirate Bay) but absent for less popular content."

Users who think they can evade detection just by using common blocklists are probably fooling themselves. "Publicly available blocklists, used by privacy-conscious BitTorrent users to prevent contact with monitors, contain large incidences of false positives and false negatives," the Birmingham team concludes.

The BitTorrent protocol relies on servers called trackers to help clients find others interested in swapping pieces of the same file (the total collection of people exchanging the same file with each other is called the "swarm"). When a client joins a swarm, it announces itself to the tracker, which provides a list of other peers on the network. This system produces two basic ways to monitor a BitTorrent network. With indirect monitoring, peers simply join the network in order to get the tracker to provide a list of the IP address of other network users, but then take no further action. Direct monitoring, on the other hand, involves going a step further and communicating with other peers.

Indirect monitoring provides only weak evidence that peers have engaged in copyright infringement, since clients can join a network without actually swapping files. Direct monitoring can provide more conclusive evidence of infringement, since it allows the monitors to see how much of the file each client claims to have downloaded and—in principle, at least—actually exchange copies of an infringing file with others on the network.

Chothia and his colleagues used several criteria to distinguish between ordinary BitTorrent clients and those that appear to have joined the network only to observe the activities of other peers. First, subnets belonging to monitoring firms tend to have a large fraction of the IP addresses connected to BitTorrent networks, they tend to stay connected to the network for long periods of time, and each IP address tends to connect to many different swarms. Few ordinary users use the BitTorrent network so intensively. These characteristics can all be determined merely by requesting lists of active clients from BitTorrent trackers.

Researchers compiled a list of IP addresses they suspected of being used for monitoring, then compared them with known information about who is observing the BitTorrent network. In some cases, the IP addresses correspond to firms that have publicly acknowledged that they engage in BitTorrent monitoring. In other cases, the IP addresses belong to firms that are engaged in IP enforcement efforts but have not publicly acknowledged running monitoring software. (The researchers report that one firm publicly acknowledged that it operated monitoring software after the firm's IP addresses had come up in the team's research.) Still other subnets belonged to hosting companies; the researchers speculate these are being leased by copyright enforcement firms.

The researchers also compared the subnets identified in their research with blocklists used by BitTorrent users to prevent their clients from communicating with IP addresses suspected of belonging to monitoring companies. While there was significant overlap between the blocklists and the researchers' own findings, they found both false positives and false negatives. That means that using currently available blocklists cannot protect BitTorrent users from detection, and potential legal problems, for sharing infringing files on BitTorrent.
http://arstechnica.com/tech-policy/2012/09/trading-popular-files-on-bittorrent-youll-be-spotted-within-3-hours/