July 13th, 2020 at 10:11 PM
https://iknowwhatyoudownload.com/
This is pretty big. I'd imagine a whole lot of people are going to be getting some love letters from their ISP in the next couple of months...
Essentially, this site is the data collected from a couple of bots running various torrents to see which IPs connect to it and are downloading certain torrents which include copyrighted material (or in some cases, non-copyrighted material.) for instance, back in the day, I would use TPB or KAT to download games and movies, but nowadays I just use private trackers to download anime or fully-legal torrents to download Linux distros because HTTP transfer of large files is usually unreliable.
Luckily, in my case, I never got caught back in the day (Canada is very lenient on torrent-use and piracy, often times not caring unless you turn a profit selling unlicensed content), and nowadays I use a (premium) VPN to torrent anything, so these guys don't have any data whatsoever on my IP.
So, I'm gonna turn this into a somewhat informative thread.
Torrents and P2P
Torrents are more reliable than a normal download in your web browser for one reason primarily.
A torrent splits the entire downloaded data into various parts, then downloads those small separate parts instead of the entire thing which results in the entire downloaded data when put together.
So if you're downloading a 4GB file and your internet cuts out once you've downloaded 3GB, you usually need to restart the whole thing. That means you end up downloading 7GB total instead of the 4GB you bargained for.
But if your internet cuts out after 3GB when downloading a torrent of the same data, then when you start it again, it'll verify all the data you do currently have, then can restart from all the data you do have and only download the remaining part you don't have. By extension, this means torrents also supports pausing and stopping torrent downloads manually, or downloading half of it, waiting a day, then coming back later when you have time to download the rest.
But torrents are also P2P. In other words, you're downloading all the data from other users on the network who are both hosting the complete data, or users who have downloaded and are still downloading certain parts, but have parts available that you don't have.
And if your connections are being done straight to another user without any sort of middleman, then you can see the IP of the user you're connecting to, and the other user can see your IP when they connect to you as well.
So how does a torrent client know which users are on the network?
Two ways. One is trackers, and the other is DHT.
Trackers are a way of acting like a 'middleman' server in the sense that you can connect to the tracker and give it some data like:
1. what you're downloading
2. What parts you have
3. Your IP
And it'll take that data, have it accessible to other users, and then you can use its other data to find other users who have parts you don't have, then connect to them to download what you don't have (and allow other users to connect to you to download parts they don't have but parts you do.)
Although it sounds kind of unsafe, it's actually a pretty good way to stop law enforcement from seeing you online. Most tracker servers are private, meaning you need to register on a site to have your IP whitelisted, and those registrations are very exclusive, only allowing a few users to join through invitations of existing users, or by going through rigid interview processes and only allowing those interviews to open every few months to stop the community from getting too big.
DHT is a little different. More on this in the next section.
Kademlia/DHT
Kademlia is a protocol that's most commonly used by default in most major torrent software like uTorrent or Bittorrent. It essentially allows the downloader to find other users who are also downloading a torrent, just like a tracker, but without actually having a centralized server that stores the data.
In fact, it's often abbreviated to DHT, or Distributed Hash Table meaning that the hash table is spread among other users online just like the way Bitcoin (and other crypto blockchains) are propagated. Yes, there are certain 'centralized' servers which contains complete synchronized data sets around the world which you can connect to in order to get some data to start yourself off, but each user who uses DHT has their own copy of the data as well.
It's often turned on by default on most torrent clients because it's a way for users to simply download whatever they want from public sites like TPB.
The problem with DHT is that, well, it's open and every user has their own copy of the data.
And that's how IKnowWhatYouDownload works.
All the site above does is scan and read data from the DHT to harvest information on all the users who have DHT enabled. It can see which IPs are downloading which torrents, how far into it they are, which ones are also uploading (i.e. sharing) data, and data they can upload based on what they already downloaded.
So, the moral of this story is:
1. Don't pirate stuff.
But more importantly,
2. If you're going to pirate stuff, stay safe when doing it.
2.a) Disable DHT
2.b) Use private trackers
2.c) Use a VPN or a seedbox if you want the added security of hiding your IP entirely.
This is pretty big. I'd imagine a whole lot of people are going to be getting some love letters from their ISP in the next couple of months...
Essentially, this site is the data collected from a couple of bots running various torrents to see which IPs connect to it and are downloading certain torrents which include copyrighted material (or in some cases, non-copyrighted material.) for instance, back in the day, I would use TPB or KAT to download games and movies, but nowadays I just use private trackers to download anime or fully-legal torrents to download Linux distros because HTTP transfer of large files is usually unreliable.
Luckily, in my case, I never got caught back in the day (Canada is very lenient on torrent-use and piracy, often times not caring unless you turn a profit selling unlicensed content), and nowadays I use a (premium) VPN to torrent anything, so these guys don't have any data whatsoever on my IP.
So, I'm gonna turn this into a somewhat informative thread.
Torrents and P2P
Torrents are more reliable than a normal download in your web browser for one reason primarily.
A torrent splits the entire downloaded data into various parts, then downloads those small separate parts instead of the entire thing which results in the entire downloaded data when put together.
So if you're downloading a 4GB file and your internet cuts out once you've downloaded 3GB, you usually need to restart the whole thing. That means you end up downloading 7GB total instead of the 4GB you bargained for.
But if your internet cuts out after 3GB when downloading a torrent of the same data, then when you start it again, it'll verify all the data you do currently have, then can restart from all the data you do have and only download the remaining part you don't have. By extension, this means torrents also supports pausing and stopping torrent downloads manually, or downloading half of it, waiting a day, then coming back later when you have time to download the rest.
But torrents are also P2P. In other words, you're downloading all the data from other users on the network who are both hosting the complete data, or users who have downloaded and are still downloading certain parts, but have parts available that you don't have.
And if your connections are being done straight to another user without any sort of middleman, then you can see the IP of the user you're connecting to, and the other user can see your IP when they connect to you as well.
So how does a torrent client know which users are on the network?
Two ways. One is trackers, and the other is DHT.
Trackers are a way of acting like a 'middleman' server in the sense that you can connect to the tracker and give it some data like:
1. what you're downloading
2. What parts you have
3. Your IP
And it'll take that data, have it accessible to other users, and then you can use its other data to find other users who have parts you don't have, then connect to them to download what you don't have (and allow other users to connect to you to download parts they don't have but parts you do.)
Although it sounds kind of unsafe, it's actually a pretty good way to stop law enforcement from seeing you online. Most tracker servers are private, meaning you need to register on a site to have your IP whitelisted, and those registrations are very exclusive, only allowing a few users to join through invitations of existing users, or by going through rigid interview processes and only allowing those interviews to open every few months to stop the community from getting too big.
DHT is a little different. More on this in the next section.
Kademlia/DHT
Kademlia is a protocol that's most commonly used by default in most major torrent software like uTorrent or Bittorrent. It essentially allows the downloader to find other users who are also downloading a torrent, just like a tracker, but without actually having a centralized server that stores the data.
In fact, it's often abbreviated to DHT, or Distributed Hash Table meaning that the hash table is spread among other users online just like the way Bitcoin (and other crypto blockchains) are propagated. Yes, there are certain 'centralized' servers which contains complete synchronized data sets around the world which you can connect to in order to get some data to start yourself off, but each user who uses DHT has their own copy of the data as well.
It's often turned on by default on most torrent clients because it's a way for users to simply download whatever they want from public sites like TPB.
The problem with DHT is that, well, it's open and every user has their own copy of the data.
And that's how IKnowWhatYouDownload works.
All the site above does is scan and read data from the DHT to harvest information on all the users who have DHT enabled. It can see which IPs are downloading which torrents, how far into it they are, which ones are also uploading (i.e. sharing) data, and data they can upload based on what they already downloaded.
So, the moral of this story is:
1. Don't pirate stuff.
But more importantly,
2. If you're going to pirate stuff, stay safe when doing it.
2.a) Disable DHT
2.b) Use private trackers
2.c) Use a VPN or a seedbox if you want the added security of hiding your IP entirely.