US engineering researchers claim they have discovered a new privacy threat to people using peer-to-peer (P2P) networks such as BitTorrent and even Skype. They’ve done more than that, however, and developed a protective plugin compatible with the popular torrent client Vuze (formerly known as Azureus)
Fabián Bustamante, computer science professor at Northwestern University reveals the origin of this "powerful threat to user privacy" – he says that BitTorrent users inadvertently build in time a sort of "communities" that can be easily identified since they connect to each other’s computers frequently.
"This was particularly surprising because BitTorrent is designed to establish connections at random, so there is no a priori reason for such strong communities to exist," Bustamante comments.
Bustamante and the other members of the team called the threat this identifiable communities can lead to as "guilt-by-association attack" and it would greatly facilitate the identification of users with similar behaviour (over the network) by groups specialized in monitoring P2P traffic.
Realizing the consequences of such a threat, the researchers came with a solution to prevent a correct classification through the aforementioned method by using a cloud of random downloading to smartly conceal user-intended downloading activity. The technique will make eavesdropping classification predominantly inaccurate helping users fight potential accusations of sharing files online illegally.
The researchers have created a client called SwarmScreen (plugin for Vuze/Azureus) which will make you undetectable in a "guilt by association" torrent investigation (and we know the entertainment industry has plenty of those).
"With P2P networks increasingly under surveillance from private and government organizations," says the team of researchers. "SwarmScreen provides a practical and effective solution to disrupt [guilt-by-association] attacks".
How it works: SwarmScreen downloads random content from across the wider P2P network and also the files users have set their client to save on their machines. In other words, a traffic monitor will not be able to classify that client as belonging to a certain "community".
So, if you care about your endangered privacy you can download SwarmScreen from here or through the Vuze plugin installation menu. If you want to learn more about this work, go to
Source: Northwestern University | http://www.p2pon.com/2009/04/09/new-...r-p2p-privacy/