Welcome! Log In Create A New Profile

Advanced

BayTSP

Posted by Anonymous User 
Anonymous User
BayTSP
January 12, 2010 01:14AM
I came across this article after I got a few hits from BAYTSP in Peerblocker: [www.pbs.org] .

It's pretty interesting. It basically says it doesn't matter what you do, they will get you no matter what, because all they have to say is that you "appear" to be sharing to the ISP and the ISP is than legally obligated to hand over http logs which would than "prove" you were sharing? Idk, its all very confusing if you ask me...

An excerpt:


"One thing BayTSP's spider programs don't do is sit at the Internet peering points sniffing all packets as they go by. "That would be wiretapping, which isillegal," he says. "All we do is go to the same places any user could go, lookat the same files anyone else could look at, and we only probe the ports on yourcomputer that you have made public."

Now we get to the part I find especially interesting, and where I think there is a lot of confusion among users. This has to do with how BayTSP finds out who isdistributing kiddy porn or pirated music files. If you think your activities onthe Internet are anonymous, you are wrong. When BayTSP finds an IP address thatappears to be the source of child pornography or pirated music or video files,under the DMCA, it can subpoena ISP logs. These logs can directly connect even dynamic IP addresses to user accounts, making it clear very quickly who owns theoffending account. Every ISP keeps these http logs, and even products forso-called anonymous surfing aren't effective in circumventing the technique."


1) I don't need a lecture on copyrighted material and how not to share, that's not the reason for this post. What I don't understand is how they "get away" with this. Because if they can only probe your public ports and you're blocking them access to those ports, there should be no way for them to see you - yes I know no program is 100% ....

2) BayTSP is acting on behalf of the copyright holder, not the government, so by "probing" my ports to see if I'm sharing "something" isn't this considered hacking ? They have no "law" that says they can go sniffing around peoples computers, someone's just paid them a lot of money to it .. If I started doing it to their ports, that'd be a criminal matter ... is the amount of money involved just really overlooking this ? Now once they subpoena the logs, than the courts are involved, I'm just amazed at the amount of "space" that's jumped ....

3) With the http logs .. so that just proves I went to an "address" how are they proving anything past that ?

Just some points to ponder - don't be rude and try to lecture me - I'm bull-headed and stubborn, you won't win - this is purely for discussion.
Re: BayTSP
January 12, 2010 03:50AM
Heya morsabalto! Interesting news article you found there. Here are some of my thoughts to some of your questions:

Depending on what country does this probing take place, it may be considered hacking. Although it is very common for there is to be a law that overrides a law. Like say the privacy of the child pornography sharers. Most goverment may overlook their rights for privacy.

It all comes down how they manage to interpret laws. I haven't studied the wordings used in US law, but I can imagine it is not written in easy to understand text. How money may be involved in this? Tax is a form of income for the goverment. It is not suprising for the goverment to give in to the demand of those that annually pay high sum of tax (big corporations). This usually may cause the making of law, which favors these tax payers, to quicken the process. The goverment wouldn't want to lose their tax payers to a foreign goverment now or would they?

About the http logs. Those that have monitored a web server's access log may know what I'm now talking about. If you access certain websites, your computer gives out a certain request and the server would respond appropriately. Request would go in a line:
You: "Give me information of the website X so that I can view it"
Server: "Website X consists of files Y and Z"
You: "Give me files Y and Z"
Server: "I give you files Y and Z"
I think this is what they meant by http logs. More information regarding HTTP application protocol here (link: [en.wikipedia.org] )
Anonymous User
Re: BayTSP
January 12, 2010 09:59AM
Tippy -

Thanks for the response ... It's just one of those things .. it's weird .. its like you walk into store, you're "shopping" around .. and all of a sudden a cop cuffs you for "looking like you wanted to buy or share something illicit." If you apply their [BayTSPs] principle operating strategy to anything else it doesn't make sense ....

Now sharing copyrighted material, it is wrong. Period. However .....

- Does anyone else find it strange that you can BUY a movie and it does not become you're property? It's still technically, according to the law, owned by the movie studio, even though you've bought it? It's one of the only products that we buy that you never actually OWN. Now sure the FBI puts the nifty nag screen up but really .... you bought it ... you own it .... you should be able to do what you please with it.

- Lets say I own a movie X ... I look at a popular site and see that someone has made available movie X in a compressed format, I don't have the time or capability to do this and I think its really cool .... Remember, I "own" movie X, so I download this new compressed file - I'll be sure not to "upload" anything back because than I'd be sharing (but they can also bust ya for downloading). I than receive a C&D letter for downloading movie X - have I crossed any copyright lines ? I don't think so, I already own the movie .. .That'd be an interesting one to be played out in a court ....
Re: BayTSP
January 12, 2010 10:14AM
avatar
This article's problem is that it attempts to "dumb down" what it is that they're actually doing to find you, and so isn't entirely accurate because of that.

At issue is how P2P filesharing works.  You want to download my super-awesome home-video footage of Area 51, so you find a .torrent for it and tell your bittorrent client to start downloading it for you.  Your bittorrent client then connects to the "tracker" for that file, and tells it you want to download "MarkSide.Area.51.mpg".  That tracker then looks through its list of who else is currently torrenting that file, and tells you what their IP addresses are so that you can connect to them.  Once your bittorrent client is connected to theirs, you download from them, and you upload to them.

(This glosses over a few things for sake of clarity, but more-or-less is how things work.)

So to find out who's sharing a file, all someone needs to do is attempt to download the same file you're attempting to download.  The tracker will hand out your IP address to them, and they can start downloading that file from you.  For all intents and purposes, they are "just another P2P downloader" from your machine's perspective - you've basically put up signs all over the place that you're having an open party at your house, and anyone who wants to show up is invited.  So they're not doing anything illegal.

Now, let's assume that MarkSide.Area.51.mpg was actually this winter's blockbuster movie release, and that the people who own the copyright to that file want to stop people from sharing it.  Armed with the knowledge that a machine at IP address 12.34.56.78 was sharing the file MarkSide.Area.51.mpg at 1:23 AM on Jan 2, 2010, they can go to the ISP who "owns" that IP address and tell they "Hey, look here, whichever of your users was using IP address 12.34.56.78 on such-and-such date and time was illegally violating our copyright.  In accordance with the DMCA, please send them this letter advising them that they are breaking the law, and that we reserve the right to sick our army of lawyers on them."

Generally speaking, that's all that happens nowadays.  Your ISP may or may not bother to send you that warning letter - I'm not sure it's legally required, to be honest.  Your ISP may have their own policy in place that says "If we receive 3 or more of these notices for your account, you will be disconnected".  Or they could decide to sue you, and in court demand that the ISP hand over identifying information as to who was using IP address 12.34.56.78 at such-and-such a date and time, so that they can haul the account-owner into court.

What PeerBlock does in this instance, is step into the middle of this process.  If the IP address of the "bad guy's" machine is on one of the lists you're telling PeerBlock to block, then they won't be able to connect to your machine to download the copyright-infringing file from you.  They can still connect to the tracker (so long as that tracker isn't also running PeerBlock and so blocking their IP), so can still see that someone out there says that you're sharing a file, but they won't be able to collect any proof about that since your machine refuses to talk to them.

My understanding is that without proof that you were in fact sharing files via P2P, they would be unable to win a court case against you.  However I am not a lawyer, and this is not legal advice in any way shape or form - much to the contrary, we explicitly do not condone copyright infringement (as per our Does this mean my P2P downloading is completely safe now? FAQ) - this is just my layperson's attempt to explain my understanding of how this all works.  And "proof" that you were in fact sharing a file may not be necessary to ask ISPs to send warning-notices out - I know that's one issue (among many) that people have with various contries' "three strikes rules", because it's easy to make it seem like someone is sharing something when they're really not.  Anecdotally speaking many people have told us that they have received no (or at least far fewer) of these "warning letters" from their ISP after having installed PeerBlock . . . but that's still just hearsay. 

Anyways, sorry for the wall of text, I just wanted to explain how all this works since there appear to be many people who are confused by all this.

Hope this helps a bit,

        ---  Mark  ---




Lead developer of PeerBlock
Anonymous User
Re: BayTSP
January 12, 2010 12:29PM
Mark,

That all makes perfect sense! Here's another article I came across, [bmaurer.blogspot.com] , again the validity of such an article could be debated. This individual built a bittorrent client that would "ping" torrents, but not download or upload them. Just request information ... He claims just by doing that he was able to get some letters from BayTSP (and other DMCA Cops). If it were true, that surely is interesting and begs the question how [assuming you didn't download or upload said copyrighted material] they'd be able to pursue that much further than a nag letter...

Thanks again for the explanation, love PeerBlock!

- MorsAbAlto
Anonymous User
Re: BayTSP
January 12, 2010 12:34PM
Mark,

If they were watching an IP address, would that need the port too or just the IP address? For instance, I've seen torrent clients that can randomize the port used on each boot of the client - while when I got hits from BayTSP just on port 80. So are they both need to complete the "puzzle" or is one good enough and randomizing the port really does nothing ...

I know this discussion always ends with "don't share copyrighted material" - I'm just curious as to the process ....
Re: BayTSP
January 12, 2010 03:06PM
avatar
While IP addresses are used to specifically identify one computer (not counting NAT for clarity's sake), for a connection to be made it has to be sent from one port on one machine, to one port on one other machine).  So if a program on computer 11.22.33.44 sends a torrent-download request out port 1111 to IP address 22.33.44.55 at port 2222, some program needs to be "listening" on 22.33.44.55 port 2222.  That same program on computer 11.22.33.44 might be listening on port 1212 for incoming torrent connections.  Which port data is sent from doesn't generally matter too much, the part that counts the most is where data needs to be sent TO.

So when the bittorrent client program on machine 11.22.33.44 goes to talk to a tracker, he says "I'm at IP address 11.22.33.44, and anyone can reach me at Port 1212".  When the bittorrent app on 22.33.44.55 connects to that same tracker, he says "I'm at IP address, and people can reach me at IP 22.33.44.55, Port 2222".  So when 11.22.33.44 asks the tracker for a list of who he can download from, he's told "Go talk to 22.33.44.55 at Port 2222".

Now for the situation you're talking about, it sounds like a BayTSP computer is listening on port 80.  Many firewalls (especially in the corporate world) disallow traffic on any ports but those used for Website traffic, which is defined to be Port 80 by default . . . so having your bittorrent client listening on port 80 probably means that you'll get more people connecting to you.  I'm assuming that their IP address was in the destination column, meaning it was an outgoing connection.  It doesn't matter too much however, since by merely talking to whatever tracker you're talking with, they can find out exactly how to reach you.

My understanding is that the whole Randomized Ports thing is primarily used to help people work around ISPs who are doing simple port-based filtering/throttling.  They see a gigabytes of traffic flowing down to Port 2222 on your machine, so they either block it or else throttle port-2222-bound traffic down to a slow crawl.  When e.g. uTorrent next randomizes its port to, say, 3333, it will take a little while for the ISP's bandwidth-monitoring servers to realize that they now need to throttle down port-3333-bound traffic instead . . . or so the theory goes. 

Similar thing with Encrypted Connections - since all network traffic your machine sends/receives is encrypted, there's no easy way for the ISP's servers to tell whether you're sending IM out that port, or connecting via FTP, or to a non-standard website port. . . or torrenting.  They can of course make certain assumptions based on the sort of traffic they're seeing your machine connect to, but they'll only be assumptions.

Make sense?

Other than that, yes there are ways that researchers have been able to "spoof" IP addresses so that DMCA takedown notices and/or ISP warning letters were sent to machines that have not downloaded anything whatsoever.  For example, networked printers.  This is one of the big dangers with "three strikes" rules like they're starting to implement in various countries - without requiring any proof of wrongdoing, people can be summarily kicked off the internet.  (Don't like your neighbor?  Or that girl who refused to go out with you?  Trick the "bad guys" into three-striking them!)

        ---  Mark  ---




Lead developer of PeerBlock
Re: BayTSP
January 12, 2010 04:39PM
avatar
MarkSide Wrote:
-------------------------------------------------------
Or that girl who refused to
> go out with you?  Trick the "bad guys" into
> three-striking them!)
>
>         ---  Mark 
> ---


mark your bad tongue sticking out smiley, lol




Life is like a box of chocolates................................umm chocolate, yummy grinning smiley
Sorry, only registered users may post in this forum.

Click here to login