Proof-of-concept website displays your P2P (torrent) download history

Do you torrent? My guess is many people do, legally or illegally. A new proof-of-concept website, YouHaveDownloaded, aims to prove your downloading is not anonymous and is being tracked.

You Are Being Tracked

You may or may not know this but peer-to-peer downloads are increasingly being tracked as to who is downloading (and uploading) what. (How do you think lawsuits from the entertainment industry reach your doorstep?) Once download and upload activity is recorded, the data is inserted into publicly available archives/databases that can be viewed by anyone.

Who Is Tracking Me?

In most (all?) cases the tracking is done by the torrent network you are using. Private file sharing networks are more secretive about their members’ activities but most public file sharing networks make this data publicly available.

How YouHaveDownloaded Works

YouHaveDownloaded indexes publicly available data (they are not the ones doing the torrent tracking themselves) and displays it on their website for everyone to see. The data on YouHaveDownloaded is indexed by file name, torrent hash, and IP address. Type in a file name or torrent hash and YouHaveDownloaded will display who has downloaded said file/torrent:

Type in an IP address and YouHaveDownloaded will display the downloads conducted by that IP address:

Can Anyone Access Data On Me?

YouHaveDownloaded indexes publicly available data. As such, their database is searchable by anyone. Anyone can input any IP address and get data back on it. So, yes, anyone – who knows your IP address – can view your download activity. That includes your parents. And your wife (or husband). And your children. And your boss.

Does YouHaveDownloaded Know It All?

No. The authors of YouHaveDownloaded estimate their website indexes around 20% of total file sharing activity on the Internet. At the time of this writing, YouHaveDownloaded has information on 53 million IP addresses, 116,000 torrents, and 1,992,000 files (108.23 TB). I don’t know about you but I am sure there are more than 53 million people around the world that torrent (assuming one IP address equals one person, which isn’t a very accurate assumption); so it is safe to say YouHaveDownloaded doesn’t know it all.

It Isn’t Perfect

YouHaveDownloaded isn’t perfect; there are flaws with how it goes about indexing data.

Firstly, YouHaveDownloaded doesn’t distinguish between dynamic and static IP addresses. This is important because dynamic IP addresses change every so often: Multiple people may, at different times, be using the same dynamic IP address. This essentially means the data shown for an IP address may not mean one specific person downloaded all that content.

Secondly, YouHaveDownloaded doesn’t identify shared IP addresses, i.e. LANs that share one WAN (public) IP address. This means that the data on an IP address shows the activity of everyone within that LAN, not necessarily of one person or computer.

Now the makers of YouHaveDownloaded recognize these flaws and accept that they could, if they wanted to, index other data such as timestamps and machine codes to mitigate the issues mentioned above. However, they state, YouHaveDownloaded is a proof-of-concept website on a budget. Indexing more data would require a larger budget.

Conclusion

Want to avoid potentially embarrassing situations and costly lawsuits? Don’t illegally torrent. Yes, yes I know everyone that torrents has their own justifications for it; and I am not knocking anyone. I am sure there are semi-legitimate reasons why some people torrent. I am not here to judge. All I am saying is if you torrent then be ready to accept the consequences.

You can visit YouHaveDownloaded from the link below; note that when you visit the website it automatically does a search on your IP address, listing your download activity (if you have one):

YouHaveDownloaded.com

[via KrebsOnSecurity]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

15 comments

  1. ttfitz

    @Ashraf:

    You said, “I highly doubt any TV channel broadcasters are going to take people to court for downloading a TV show that is freely available on ABC (as an example).”

    Perhaps not, but, let’s say a friend of mine, received a “Notice of Claim of Copyright Infringement” from his ISP by the rights holder on a television show he had downloaded with bittorrent. It said the copyright holder hadn’t asked for his name, and the ISP wouldn’t give it without a subpoena.

    He usually uses a private tracker, but this time hadn’t. The website you cite here reports, “We have no records on you”, so I’m feeling better. I mean, he’s feeling better.

  2. jumbi

    With common “house” dynamic IPs, it is useless and misleading.
    I tested it on a new computer and I am certain I have not downloaded the results it show during November (actually happened that no torrents at all, so I am certain 100%).
    On the island that I was in November, there are often power failures, so it is naturally wrong, since my IP changes often. I suppose it can be used in business internet connection which are mainly static ips.

  3. Switch-kun

    I torrent because sometimes, buying the real thing is a complete rip-off. In the anime industry, companies rip peoples’ money off by selling a blueray disc containing only 1 or 2 episodes and sells it for $60. Only a true otaku maniac would seriously buy such stuff. Most people (including me) would either get the fansubbed ones online or just watch the streamed ones on many anime streaming sites.

    Then there are games. Some game companies are so stupid, that they don’t even have a demo of their game. For example, A-10 Warthog simulation game doesn’t have a demo version. Therefore, I had to get a pirated copy to try it out if I like it or not. Also, some are “extinct and unpopular games” and are quite hard to get in local stores, and sometimes nearly next to impossible to buy online. Last, things that cost $10 in North America, may cost 10x the price in other countries such as South America. I remember when I visited Japan, Portal 2 cost aprox $80! $20 more than the prices in North America! Some people like me aren’t really rich, we need to spend our money carefully. That’s why many have to resort to cracked software or games until we have the money to buy the stuff we pirated.

    Companies and all those other corporations are just wasting their time putting pirates to jail. Pirates grow each day and they will never lose.

  4. Ashraf
    Author/Mr. Boss

    @patchouli: You are welcome!

    @Mags: Yeah, YouHaveDownloaded has a bad reputation on WOT most likely because people don’t like their download history shown. :-P

    @Janet: I am not a lawyer by any means, so my advice may not be legally sound and obviously it will vary from country to country.

    Movies, unless they are in the public domain, are typically always ‘illegal’ to download. TV shows are a bit of a more gray area. Is it okay to download TV shows you could watch for free on your TV (this isn’t talking about premium TV shows such as ones on Starz and what not if you don’t pay for those premium channels)? I don’t know. The answer to that question will only be decided when a case on downloading TV shows goes to court. I say this because of a court ruling (in the USA) that products like TiVo – that record TV shows – were okay. This may be a stretch of the ruling, but if you are allowed to record TV shows (which bypass ads) then is it wrong to download those same TV shows? I don’t know. But it is a gray area.

    The reality of it is that it may remain a gray area for a long time to come. I highly doubt any TV channel broadcasters are going to take people to court for downloading a TV show that is freely available on ABC (as an example).

    Rule of thumb, in my opinion: If you have to normally pay for it to get it, then it is wrong to download. If you don’t normally have to pay for it, then it may be okay.

    @Seamus McSeamus: This.

    @Hideinplainsite: Good point about the unsecured WiFi. However, I must warn you, I have heard of court cases where people have been held responsible (i.e. they had to pay up) for illegal downloading on their unsecure WiFi even when it wasn’t them doing it.

  5. Hideinplainsite

    Before you visit, look at their WOT scores here

    http://www.mywot.com/en/scorecard/youhavedownloaded.com

    Basically, since your ISP has a record of wherever you travel, this is not as big a deal as it might seem EXCEPT that searchers need a court order to uncover that information from your ISP; here it is publicly available. Of course, any searchers who might care already KNEW how to do this before this website was created so, in the end, this is nothing more than a scare tactic and such is probably why it was created.

    In addition, aside from the whole dynamic address thing, there’s also the unguarded WIFI thing as well. The fact is that if you have an unguarded WIFI, nobody can prove that is was YOU who actually did anything; short of finding the information on your hard drive. PLUS, of course, if you have a legitimate copy (and haven’t shared it with anyone) there’s no harm in acquiring a copy from the net (and that’s regardless of *when* the legit copy was acquired).

    Or so I hear.

  6. Seamus McSeamus

    @Janet:

    Generally, yes, it is illegal to download television shows and movies, even old ones. I am in the US, but I think that holds true in most countries.

    If something is in the public domain, it is legal to download. Archive.org has tons of public domain stuff that you can browse and download with no worries, although most of it is ancient.

  7. Janet

    I’m a real newbie regarding torrents…..Is downloading TV shows for later viewing illegal? It honestly never occured to me that it might be…! Old movies? How do you know which torrents are legal and which are not??

  8. Mags

    Secondly, YouHaveDownloaded doesn’t identify shared IP addresses, i.e. LANs that share one WAN (public) IP address. This means that the data on an IP address shows the activity of everyone within that LAN, not necessarily of one person or computer.

    This is the paragraph that concerns me the most, as I have a shared IP address. I don’t Torrent. However, upon visiting my message was the same as Seamus.

    What I did find interesting is that even though my WOT icon on FF showed green, there was a popup from WOT with a warning, which is what you see when the WOT icon is red.