Comcast Letters, Torrents, NewsGroups and Other Stuff

[uieluck]

A little history:
So I've been downloading on a mac for about 10+ years. I remember the years of Napster, Limewire and all the other Kazaa crazyness. I have never had ANY problems with hacks or legal issues. I use Little Snitch and another firewall and have used Newsgroups and Torrents for the last 4-5 years.
Now a little fun from my lame ass cable company (Comcast) started last month. I received a (stage 2) letter from them last month. I feel like the biggest dork, dumbass, douche, idiot in the computer world. Serves me right for using TORRENTS,,, I'm pretty sure it was "baited" file etc.
So my question,, has anybody had any issues with being tracked or found using NewsGroups?? I use NZBMatrix etc. and pay for a NewsHosting service etc. From what I've read online, since it's a SSL connection they would need to first find the code then and since it's encrypted they would need a "magic decoder ring" Is this true. Basically, it seems impossible unless they wanted to FBI your ass to figure out what the hell you were doing.. Correct? Thanks for the input. BTW letter attached good fun if you haven't seen one before!

Comcast.jpg

[anon]

You're extremely unlikely to get a DMCA letter with Usenet, even without SSL. This is because while in BitTorrent you download from and upload to other peers (one of which must have been a bot from a copyright agency), while in newsgroups all you do is leech from the server.

Next time you feel like using torrents, avoid public trackers, and have an up-to-date IP filter list.

To answer your other question, your ISP sees everything you send and receive from the Internet, so in theory they could see through the encrypted traffic if they wanted to. But in practice they won't do that, as it's very impractical.

[iLOVENZB]

Solution: Move to a ISP that cares about their customers privacy.

Here: iiNet and Internode do an excellent job in that regard.

[Cabalo]

Using private trackers may help to minimize such risks, though those dealing with accesses to your IP are way less mature than you would expect, so in the end all you are doing is transferring those risks. Trackers have this idiotic habit of keeping user's IPs in an extensive database, so that's like candy if one day authorities seize their site.
Trackers care absolutely nothing about your privacy, and there are even cases that some of those spread your IP to other trackers when they decide to ban you for some reason. This poses a major risk, no matter how much they want to sugarcoat it.

Avoid registering at places as TBH (formerly known as CN), bitmetv, tophos, GFT, acidlounge and a few others, as those pose a severe threat to your privacy. All they do is keep long lists of your IPs and pretend to play God, spreading your info whenever necessary.

As said before, usenet with SSL is indeed as safe as it gets. And for a few bucks per month, you can't go wrong.

[cherio]

thx for sharing the letter. Which site did you use? It will be valuable help for us to know what to avoid.

Infringement complaints are only to scare noob pirates. DMCA is a law designed to protect ISPs. If anyone claims they were acting as an ISP they are totally immune from any activity that comes from their connection.

Torrents are safe and fast as long as you stay away from public and semi-private (open signup) trackers. example: TL

Using a seedbox will give you extra security.

[anon]

Torrents are safe and fast as long as you stay away from public and semi-private (open signup) trackers. example: TL

TL isn't exactly a good example. They have a couple hundred thousand users. Many people have received those letters for downloading from TL.

Using a seedbox will give you extra security.

I'd say that if you want to spend money, you go for a Usenet or OCH account... unless you're a torrent freak or are using Cabalo's guide on how to get in any tracker.

[zot]

I'd say that probably 99.999% of those warning letters are just empty
threats - the companies churning them out have absolutely no intention of ever suing anyone -- or even keeping track of them. Using a hacked no-upload client won't help, either, since these warnings are sent for every IP harvested from the tracker. The only problem is that some ISPs have a "3 strikes and you're out" or similar policy.

I think that SSL's usefulness on usenet is a bit over-rated. SSL can be very helpful for maintaining login/password privacy on public wi-fi connections, defeating ISP traffic-shaping (protocol throttling) and not setting off the alarm on those rare ISPs that sniff traffic looking for government-spec. banned images. But for most people, lack of SSL probably won't be missed.

But back to the main issue: Yes, Usenet is the best solution to maintain downloading security and privacy.

Trackers have this idiotic habit of keeping user's IPs in an extensive database, so that's like candy if one day authorities seize their site.

I've never understood why there might be any possible need for private trackers to ever log IPs at all. Emule clients use public/private encryption keys to identify,track, and log individual users, and I don't see why Bittorrent can't use a similar system to establish identity that does not rely on IP addresses.

But then I was asking that same question 7 or 8 years ago, so I won't hold my breath waiting for an answer.

[anon]

I've never understood why there might be any possible need for private trackers to ever log IPs at all.

Finding dupes and traded accounts. Two accounts on the same IP? That's a dupe. An account who went from US IPs to another country? Most likely a trader. IP histories are very useful to detect that sort of activities.

The issue comes when they're abused or kept in the database forever, which causes the problems Cabalo mentioned.

And nowadays it's not just IPs. Trackers like to log which BT client, browser and e-mail addresses you've used, the ratio stats you've had every day ever since you joined, and even snoop your browser history to check for "interesting" links.

[zot]

@anon-sbi - I assume these 'safeguards' are put in place to catch ratio cheaters and prevent them from ever EVER coming back - otherwise, why would dupes and traders even matter (as long as they maintain proper ratio)?

I think the key problem here is that Bittorrent's upload/download stats are self-reported by each client (and thus easily faked) rather than being reported by other clients in the swarm that are uploaded to. In eMule, for instance (and mods especially) each client does its own research and makes its own decisions to ban or reduce upload to suspected cheaters -- while in Bittorrent this is the tracker's responsibility. I tend to prefer the eMule method, as it's less centralized. Sharing these client stats (of other peers) with the tracker would make for a nearly bullet-proof cheater-defeater, but I suspect it could be many years away by the time Bittorrent implements a similar system to what Emule has been doing almost since the beginning.

That's one of my complaints of using uTorrent. I can often see obvious leeches (very common in public trackers) but uTorrent doesn't care, and there's not a damn thing I can do about it (short of going into my firewall and banning the IP). So that leaves it strictly up to a centralized (privacy-busting, log-everything) tracker to police these bandits. In contrast, most Emule (mod) clients take care of these leeches automatically.

That's the reason I question why - at least in theory - a torrent tracker necessarily needs to keep detailed logs of IP addresses.

[anon]

@anon-sbi - I assume these 'safeguards' are put in place to catch ratio cheaters and prevent them from ever EVER coming back - otherwise, why would dupes and traders even matter (as long as they maintain proper ratio)?

Cheaters, or any other kind of rule breakers. The reason double accounts are forbidden is because that allows people to ruin the ratio economy by leeching several accounts to death, and optionally seeding all that content on another one (where the download won't have been counted), killing many disposable accounts to get one with a fantastic ratio, where the leeching rampage could then be resumed, too.

Trading isn't allowed due to security reasons. As a tracker staffer I know once said, it basically brings bad people into the site - at least on their perspective. I don't trade, but don't see the problem with doing so if both parties know each other well and will really be (otherwise) good members of the site they're getting on, instead of simply using it as a gateway for rarer invites or that sort of crap.

I think the key problem here is that Bittorrent's upload/download stats are self-reported by each client (and thus easily faked) rather than being reported by other clients in the swarm that are uploaded to. In eMule, for instance (and mods especially) each client does its own research and makes its own decisions to ban or reduce upload to suspected cheaters -- while in Bittorrent this is the tracker's responsibility. I tend to prefer the eMule method, as it's less centralized. Sharing these client stats (of other peers) with the tracker would make for a nearly bullet-proof cheater-defeater, but I suspect it could be many years away by the time Bittorrent implements a similar system to what Emule has been doing almost since the beginning.

Back when the BitTorrent was created, upload/download stats weren't used for absolutely anything. So their accuracy (or lack thereof) represented no problem whatsoever, as they were sent just because. It's not a problem with the protocol per se. Of course, I don't see them changing that part of it almost a decade later.

That's one of my complaints of using uTorrent. I can often see obvious leeches (very common in public trackers) but uTorrent doesn't care, and there's not a damn thing I can do about it (short of going into my firewall and banning the IP). So that leaves it strictly up to a centralized (privacy-busting, log-everything) tracker to police these bandits. In contrast, most Emule (mod) clients take care of these leeches automatically.

And when you're on a public tracker, they aren't going to deal with that kind of people, since the fuckers aren't breaking any rule.

Sadly, there are many leeching/selfish clients out there (Xunlei, Vagaa, BitTyrant), but uTorrent doesn't block connections from or those, nor does it allow easy manual banning of IPs. Azureus is a bit better in that regard.

That's the reason I question why - at least in theory - a torrent tracker necessarily needs to keep detailed logs of IP addresses.

I guess they see it as a necessary evil.