Proof-of-concept website displays your P2P (torrent) download history

Do you torrent? My guess is many people do, legally or illegally. A new proof-of-concept website, YouHaveDownloaded, aims to prove your downloading is not anonymous and is being tracked.

You Are Being Tracked

You may or may not know this but peer-to-peer downloads are increasingly being tracked as to who is downloading (and uploading) what. (How do you think lawsuits from the entertainment industry reach your doorstep?) Once download and upload activity is recorded, the data is inserted into publicly available archives/databases that can be viewed by anyone.

Who Is Tracking Me?

In most (all?) cases the tracking is done by the torrent network you are using. Private file sharing networks are more secretive about their members’ activities but most public file sharing networks make this data publicly available.

How YouHaveDownloaded Works

YouHaveDownloaded indexes publicly available data (they are not the ones doing the torrent tracking themselves) and displays it on their website for everyone to see. The data on YouHaveDownloaded is indexed by file name, torrent hash, and IP address. Type in a file name or torrent hash and YouHaveDownloaded will display who has downloaded said file/torrent:

Type in an IP address and YouHaveDownloaded will display the downloads conducted by that IP address:

Can Anyone Access Data On Me?

YouHaveDownloaded indexes publicly available data. As such, their database is searchable by anyone. Anyone can input any IP address and get data back on it. So, yes, anyone – who knows your IP address – can view your download activity. That includes your parents. And your wife (or husband). And your children. And your boss.

Does YouHaveDownloaded Know It All?

No. The authors of YouHaveDownloaded estimate their website indexes around 20% of total file sharing activity on the Internet. At the time of this writing, YouHaveDownloaded has information on 53 million IP addresses, 116,000 torrents, and 1,992,000 files (108.23 TB). I don’t know about you but I am sure there are more than 53 million people around the world that torrent (assuming one IP address equals one person, which isn’t a very accurate assumption); so it is safe to say YouHaveDownloaded doesn’t know it all.

It Isn’t Perfect

YouHaveDownloaded isn’t perfect; there are flaws with how it goes about indexing data.

Firstly, YouHaveDownloaded doesn’t distinguish between dynamic and static IP addresses. This is important because dynamic IP addresses change every so often: Multiple people may, at different times, be using the same dynamic IP address. This essentially means the data shown for an IP address may not mean one specific person downloaded all that content.

Secondly, YouHaveDownloaded doesn’t identify shared IP addresses, i.e. LANs that share one WAN (public) IP address. This means that the data on an IP address shows the activity of everyone within that LAN, not necessarily of one person or computer.

Now the makers of YouHaveDownloaded recognize these flaws and accept that they could, if they wanted to, index other data such as timestamps and machine codes to mitigate the issues mentioned above. However, they state, YouHaveDownloaded is a proof-of-concept website on a budget. Indexing more data would require a larger budget.

Conclusion

Want to avoid potentially embarrassing situations and costly lawsuits? Don’t illegally torrent. Yes, yes I know everyone that torrents has their own justifications for it; and I am not knocking anyone. I am sure there are semi-legitimate reasons why some people torrent. I am not here to judge. All I am saying is if you torrent then be ready to accept the consequences.

You can visit YouHaveDownloaded from the link below; note that when you visit the website it automatically does a search on your IP address, listing your download activity (if you have one):

YouHaveDownloaded.com

[via KrebsOnSecurity]

Related Posts