A team of researchers from University of Birmingham has discovered that it takes just three hours from the start of a download for an average BitTorrent user to be monitored by a copyright enforcement agency.

The three-year project entitled The Unbearable Lightness of Monitoring: Direct Monitoring in BitTorrentmostly focused on direct monitoring – the simple and reliable method to identify Internet pirates.

The study provides the first ever measurements of direct monitoring, suggesting ways to detect monitoring techniques and even identifying organisations which are most likely to spy on file-sharers.

Sharing is caring?

BitTorrent is a decentralised peer-to-peer (P2P) protocol designed for the efficient transfer of large files. Since it was created by US programmer Bram Cohen in 2001, BitTorrent has become the de facto standard for exchanging copyrighted content online and accounts for at least a third of overall Internet traffic.

The study notes that BitTorrent users also exchange a range of legal content, such as Linux distributions and various patches and updates. According to Cohen’s company BitTorrent Inc, as of January 2012, BitTorrent has 150 million active users.

While it’s no secret that copyright holders monitor file-sharers, the exact techniques they use haven’t been explored in detail. A team from the School of Computer Science at University of Birmingham, led by Tom Chothia, spent three years attempting to change that.

According to the researchers, there are two ways to monitor P2P exchange: indirect, where indirect clues of the sharing activity of a peer are considered, and direct, which involves connecting to the peers as another file-sharer. Once the connection has been established, monitors can see what files are being downloaded and even how close the download is to completion.

After the evidence of illegal activity is collected, copyright enforcement agencies are able to send threatening cease-and-desist letters to the most hardcore file-sharers, some of whom are taken to court.

Indirect monitoring has been extensively used for copyright protection. However, according to the study, this approach often creates false positives, with printers and other innocent devices blamed for infringing copyright and their owners being sent the aforementioned letters. With indirect monitoring, peers are mostly identified by their IP address.

Direct monitoring is less widespread, more intrusive and costlier, but it can provide enforcement agencies with more proof required to take action. Identifying direct monitoring is simple: users just have to look for peers that seem to have a steady stream of inbound data, but never finish the download.

According to the study, the more popular a torrent is, the more chance there is that it will be monitored. So while downloading the latest Twilight film would be risky, watching some Hitchcock wouldn’t. On one of the largest file-sharing sites currently online, The Pirate Bay, monitors were detected exclusively in Top 100 torrents. On average, movie and music torrents were monitored more heavily than other types of content.

The research also identified about 10 different monitoring companies logging P2P exchanges. Some of these were going to great lengths to cover their tracks, while others were transparently collecting data for analysis.

Defending against monitoring is possible, but requires “blocklists based on empirical research”. A blocklist is a list of suspected file-sharing monitors that automatically cuts the suspicious connection. Even then, users are only able to escape direct monitoring.

As far as indirect monitoring is concerned, the researchers suggest that evidence such as IP addresses is difficult to use in court, so the majority of enforcement agencies will rely on angry letters, never actually suing the overwhelming majority of file-sharers.

Even though they were dealing with an illegal subject, the team from the University of Birmingham was confident that it managed to avoid breaking the law. “In all of our data collection processes, we were careful not to upload or download any shared files; therefore, we have not participated in any copyright-infringing activity as a result of this study,” concludes the research paper.

Meanwhile, the crackdown on torrent tracking websites around the world continues, with The Pirate Bay blocked in the UK, its founders imprisoned in Sweden, and one of the world’s oldest torrent-tracking websites, Demonoid.com, closed by Ukrainian authorities.

Arrgh! How much do you know about online piracy? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

View Comments

    • I think three hours is an approximate time. Could happen sooner, could not happen at all. Unfortunately it doesn't mean that downloads that take less than three hours will be undetectable.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

8 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

11 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

12 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

13 hours ago