Azureus Creators on End-to-End Encryption - ISP cat and mouse
Links: home · search · speed test · login · more ·
Azureus Creators on End-to-End Encryption
ISP cat and mouse
(old news - 12:06PM Sunday Feb 19 2006)
tags: Fileswapping · bandwidth
The guys at Slyck talk to the developers of Azureus about the use of end to end encryption to defeat ISPs who use traffic shaping to throttle Bit Torrent bandwidth. "Over the months we have been getting more and more complaints from our users about their ISPs blocking BitTorrent downloads, often rendering Azureus (and BitTorrent in general) completely useless to them. Naturally, some sort of protocol encryption has been one of the top feature requests, which we have obliged, since people should be free to choose which programs to use, not their ISP." Slyck also recently chatted with the guys behind µTorrent, which is also now offering encryption.

Related:
  1. Cox Responds to DMCA 'Three Strikes' Report
  2. Internet Monitoring, Crowdsourcing Style
  3. Virgin Takes Aim At BitTorrent
  4. ISPs Won't Admit Participation In New RIAA Plan
  5. Canadian ISPs (Almost) Come Clean On Throttling
  6. Tuesday Evening Links
  7. ISP That Cut Off Pirate Bay Sabotaged
  8. BitTorrent Gets A Little Smarter
Links: New Topic
Forums »

vpoko @ 19th Feb 12:09PM:
Not a bad idea anyway

With ISP's apparantly lining up to suck up to law enforcement, it may not be a bad idea to use end-to-end encryption on your downloads anyway.
reply
peter_m @ 19th Feb 12:15PM:
Big Brother

Personally, I would like to encrypt everything... any solutions out there?

(I don't like the idea that someone has access to my internet activity. I don't need a Big Brother)

Peter
reply
TKJunkMail @ 19th Feb 12:32PM:
ISP goal: slow down uploads; they'll find another way

Since the real goal of the ISPs(mostly cable companies) is to make sure their upstream bandwidth isn't going to be saturated and force them into costly hardware upgrades, they will find another way to throttle those users. Whether it is thru upgraded traffic shaping software that can deal with encrypted traffic or thru a more gross effort like just slowing all uploads regardless of protocol that last for more that a specified time period.
--
--
Join Red Room Forum
BLOG tkjunkmail.blogspot.com
Conrail Photo Album
reply
Bill @ 19th Feb 12:33PM:
What's the point of getting around traffic shaping?

If people start downloading at full speed again, what's the point? The ISP will probably just put a monthly usage cap on the service.

Now you're back to the same place you started before encryption...
--
Bill
SocalServer.com: LA Game Servers
Check out our public servers
reply
nixen @ 19th Feb 12:34PM:
Re: Not a bad idea anyway

said by vpoko :

With ISP's apparantly lining up to suck up to law enforcement, it may not be a bad idea to use end-to-end encryption on your downloads anyway.
End to end encryption on everything. Even then, so long as data sits in an unencrypted state on servers you don't own, it's easy pickins for anyone with (or without) a warrant. And, really, all that encrypting ultimately buys you is a delay on how long from the time they intercept your data until they're reading it.

-tom
--
"Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased)
reply
Tekkanano @ 19th Feb 12:47PM:
Re: What's the point of getting around traffic shaping?

The whole point is to "test" what the ISPs are really gonna do about it. Then the fun starts from there on.
reply
John Galt @ 19th Feb 12:48PM:
Re: What's the point of getting around traffic shaping?

said by Bill :

If people start downloading at full speed again, what's the point? The ISP will probably just put a monthly usage cap on the service.

Now you're back to the same place you started before encryption...
Encryption makes no nevermind to me...

I apply a "fairness" algorithm to all my subs. It is set up so that if the bandwidth is available with few users, then you can go for it. As the number of users increases, the bandwidth to the heavy users is throttled back so everyone has "fair access". When the number of users gets low again, speeds for heavy users go back up.

Something like this:

»www.netequalizer.com/

Doesn't matter if it is unencrypted or not, P2P, FTP or anything else...it is done "bit by bit", so to speak.
--
A is A
reply
Bill @ 19th Feb 12:54PM:
Re: What's the point of getting around traffic shaping?

I understand that.

But if certain ISP's have no problem with throttling users' bandwidth, do you really think they won't setup caps?

If they have no problem with throttling, I don't think they'll even blink an eye when setting up monthly usage caps.
--
Bill
SocalServer.com: LA Game Servers
Check out our public servers
reply
drunkgoat @ 19th Feb 01:16PM:
Re: What's the point of getting around traffic shaping?

Encryption was hearlded as the solution to throttling, but unfortunatly for Rogers users, encrytpion does little to help.

Explaination here:

»Rogers: "Encryption will not matter in throttling BT"
reply
anon @ 19th Feb 01:50PM:
How Silly You can not beat the powers to be

How many of you seriously think that you can keep the Govt from getting into any of your business? I know it is a matter of every-ones personal rights, but guess what it is a new day and time; deal with it, you can not stop or change it.

Keep dreaming if you think you have the time, money or will to beat out the arm of the lawyers supporting these companies, Judges or the dubya administration. You loose.
reply
BeesTea @ 19th Feb 02:12PM:
ISPs can defeat encryption today, it's just a matter of time

The end to the arms-race will look something like this.

deny tcp any inbound match-all +syn

That'll be the end of that.
--
Sitting here like a loaded gun, Waiting to go off
reply
dvd536 @ 19th Feb 02:46PM:
Re: What's the point of getting around traffic shaping?

most already have caps
reply
verolom @ 19th Feb 02:59PM:
Re: Not a bad idea anyway

There is such a notion of security through obscurity. If it takes time to decrypt a bunch of files and only few of them are of interest, it will be hard to find them and the entity looking might lose interest or not be able to look at that many files. Now, without an encryption, it is very easy to find them.
reply
Jerkface @ 19th Feb 03:14PM:
After reading all of this...

I just think about all the fools that use P2P and really dont think they'll ever get caught...I mean its really inevitable before "big brother" takes all these sites down: or force them overseas.
Oh yeah, and for those who want to watch something really funny on the subject, my buddy did an awesome video depicting "big brother isps" and the "Internet Pirate". Its really worth the look...and its quite funny! :p

»beastbox.net/strangetom/ds.htm

and if you like the movie check out his site

»www.tomizzo.org
reply
nixen @ 19th Feb 03:16PM:
Re: Not a bad idea anyway

said by verolom :

There is such a notion of security through obscurity.
Technically, not really "security through obscurity".

said by verolom :

If it takes time to decrypt a bunch of files and only few of them are of interest, it will be hard to find them and the entity looking might lose interest or not be able to look at that many files. Now, without an encryption, it is very easy to find them.
The computers at the disposal of those who have access to your records can make relatively short work of your encryption. This is particularly so if you don't use a unique encryption per file. That is, once they break your encryption key(s), busting the rest of your data is relatively trivial.

-tom
--
"Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased)
reply
Combat Chuck @ 19th Feb 04:14PM:
Re: What's the point of getting around traffic shaping?

Actually the whole point is to keep ISP's from discriminating based on the protocol. In the article the Azureus people even say that an acceptable outcome would be tiered pricing or per bit pricing.
--
Asking those who disagree with you to find support of your arguements is like asking an assailant if you can borrow his gun.
reply
toddinpal @ 19th Feb 04:14PM:
Re: After reading all of this...

Sorry you think that all P2P users are thieves. I personally use it to download large distributions such as new releases of various flavors of Linux. At 1-3 GB per distribution, sucking them down with Azureus is far better than waiting until some download server has a free slot.

-tl

For those wanting some level of anonymity, check out The Onion Router (TOR) software.
reply
keyboard5684 @ 19th Feb 04:30PM:
Re: What's the point of getting around traffic shaping?

I am not sure it is about discrimination, it is more about prioritization. Many different ISPs have different solutions to increase overall download and upload bandwidth performance.

What is the problem with waiting a little longer for a non-important music file or linux image and allowing other usage like VOIP and http traffic to operate better? It is more to suit the masses, not the minority. The alternative is higher prices for the package you purchase so the ISP does not lose money on there overall backbones to the net. Plus, more customers happy a very very small portion a little more sad.
reply
Tekkanano @ 19th Feb 04:30PM:
Re: What's the point of getting around traffic shaping?

That'll be interesting to see that happen to most ISPs.
reply
keyboard5684 @ 19th Feb 04:34PM:
Re: After reading all of this...

I think it is fair that the majority of P2P users are thieves and the minority are using it for legit purposes.

You must not really have a need for a workaround if your Azureus is far better than downloading somewhere else? So where exactly is the problem?
reply
Combat Chuck @ 19th Feb 04:41PM:
Re: What's the point of getting around traffic shaping?

said by keyboard5684 :

What is the problem with waiting a little longer for a non-important music file or linux image and allowing other usage like VOIP and http traffic to operate better?
Depends on the providers network. If there is enough of the latter the former could be basically snubbed out.

The problem is that BT and other forms of P2P are exposing the inherent flaw in the all you can eat model when there are two vastly different sets of customers.
--
Asking those who disagree with you to find support of your arguements is like asking an assailant if you can borrow his gun.
reply
vpoko @ 19th Feb 04:51PM:
Re: Not a bad idea anyway

said by nixen :

said by verolom :

There is such a notion of security through obscurity.
Technically, not really "security through obscurity".

said by verolom :

If it takes time to decrypt a bunch of files and only few of them are of interest, it will be hard to find them and the entity looking might lose interest or not be able to look at that many files. Now, without an encryption, it is very easy to find them.
The computers at the disposal of those who have access to your records can make relatively short work of your encryption. This is particularly so if you don't use a unique encryption per file. That is, once they break your encryption key(s), busting the rest of your data is relatively trivial.

-tom
Are you saying that commercial, strong-key encryption is trivial to break? I'm not challenging you, I only have cursory knowledge of cryptology, but I thought we have algorithms that are (at least today) pretty secure.
reply
firefox @ 19th Feb 04:55PM:
Re: Not a bad idea anyway

said by verolom :

There is such a notion of security through obscurity....
I thought "security through obscurity" was one of the tenants of what not to follow. I'm sure I heard that from a seminar a few years back.
reply
vpoko @ 19th Feb 04:56PM:
Re: Not a bad idea anyway

said by firefox :

said by verolom :

There is such a notion of security through obscurity....
I thought "security through obscurity" was one of the tenants of what not to follow. I'm sure I heard that from a seminar a few years back.
I think it's the only security you can hope for against the government's ever-prying eyes.
reply
nixen @ 19th Feb 04:59PM:
Re: Not a bad idea anyway

said by vpoko :

Are you saying that commercial, strong-key encryption is trivial to break? I'm not challenging you, I only have cursory knowledge of cryptology, but I thought we have algorithms that are (at least today) pretty secure.
No, what I am saying is, if you use the same set of encryption keys/algorithms to protect all of your files, once that set of keys is broken, unlocking the rest of your files is relatively trivial (relative to breaking the original key).

As to the "pretty secure", you gotta realize just how much computing horsepower that the government lets the public know about (just look at the "top 500", some time, and see how many are .gov or .mil owned or sponsored sites). It's fairly safe to assume, given the huge black budgets there are, that more exists (and is kept secret for a reason).

-tom
--
"Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased)
reply
toddinpal @ 19th Feb 05:11PM:
Re: After reading all of this...

I see, so we should throw out the baby with the bath water? P2P is simply another step in the evolution of the Internet into a more ubiquitous environment where resources are more widely distributed. That ISPs are trying to fight this evolution is their problem. I sense that ISPs are trying to do this (traffic shaping) because P2P breaks certain assumptions ISPs have made about network usage. It's not really my problem that they provisioned their networks for the occasional web browser and that's not where their users are headed.

This kind of battle has been going on from before the inception of the Internet. Telco's faced this problem when modems came into wide spread usage and totally wrecked the telco's assumptions about average call times. The equivalent back then was to try and place call time limits or get regulations allowing them to charge more for data calls than voice calls. Fortunately that didn't happen and the Internet was spawned partly as a result of lots of dial-up users being able to get on and browse or e-mail to their heart's content. The telco's survived the shift and so will the smart ISPs.

As to a work around? Azureus for downloading a Fedora Core distribution yields me 400-600KB/sec download speed. Downloading from various mirrors usually yields about 1/2-1/3 of that speed. It cuts my download time from 3-5 hours to perhaps an hour or so. So at the moment I don't have a problem with bandwidth shaping, but if/when I do, I'll work on ways around it.

-tl
reply
Jerkface @ 19th Feb 05:52PM:
Re: After reading all of this...

and i agree...p2p can be used for good...i used to DL lots of stuff. But the ease of use and the rampant pirated material makes it hard to not look at.

I personally cant wait till i can pull a 4gb movie or a 10gb HD movie in an hour...damn comcast...
reply
WirelessMajr @ 19th Feb 05:52PM:
Re: What's the point of getting around traffic shaping?

The only problem that I have with that, is: what is to say that my wanting to download an mp3 file, linux image, game patch, or video feed is not as important or of less priority than someone else's http surfing?

VOIP is a priority service, however, and I do agree somewhat with making sure that it has supreme quality.
reply
russotto @ 19th Feb 06:06PM:
Re: Not a bad idea anyway

Encryption buys you one other thing besides a delay: It means that if they want _you_, they have to go after _you_ specifically. They can't just cast a wide net and bring in all the fishies they can find.
reply
cbiggers @ 19th Feb 06:15PM:
Re: Not a bad idea anyway

said by nixen :

As to the "pretty secure", you gotta realize just how much computing horsepower that the government lets the public know about (just look at the "top 500", some time, and see how many are .gov or .mil owned or sponsored sites). It's fairly safe to assume, given the huge black budgets there are, that more exists (and is kept secret for a reason).

-tom
However, as long as you use a security model that is not flawed to begin with, not even the government can brute force it at this time. It's just not plausible. Here is a quote about AES, which is what the US Government currently uses for the most part:

Some cryptographers worry about the security of AES. They feel that the margin between the number of rounds specified in the cipher and the best known attacks is too small for comfort. The risk is that some way to improve these attacks might be found and that, if so, the cipher could be broken. In this meaning, a cryptographic "break" is anything faster than an exhaustive search, so an attack against 128-bit key AES requiring 'only' 2120 operations would be considered a break even though it would be, now, quite infeasible. In practical application, any break of AES which is only this 'good' would be irrelevant. For the moment, such concerns can be ignored. The largest publicly-known brute-force attack has been against a 64 bit RC5 key by distributed.net (finishing in 2002; Moore's Law implies that this is roughly equivalent to an attack on a 66-bit key today).

So yeah, I wouldn't worry about encryption being broken yet.
reply
yabos @ 19th Feb 06:37PM:
Re: What's the point of getting around traffic shaping?

It's not even like they're putting a lower QOS on the bittorrent packets. They're downright throttling them down to nothing. If they put a lower QOS on them then it'd still work farily fast unless their network was overloaded with higher priority traffic.
reply
Descent @ 19th Feb 07:03PM:
Re: After reading all of this...

said by Jerkface :

and i agree...p2p can be used for good...i used to DL lots of stuff. But the ease of use and the rampant pirated material makes it hard to not look at.

I personally cant wait till i can pull a 4gb movie or a 10gb HD movie in an hour...damn comcast...
Whats wrong with comcast? I'm getting 8000 down for very little a month. i can download a 1gig movie in an hour and a half or less.
--
66.208.104.33:27015 - OutKast Clan CS Source http://insidewow.com »cstrike-planet.com
reply
peerimpact @ 19th Feb 07:44PM:
Re: After reading all of this...

said by Jerkface :

I just think about all the fools that use P2P and really dont think they'll ever get caught...I mean its really inevitable before "big brother" takes all these sites down: or force them overseas.
Oh yeah, and for those who want to watch something really funny on the subject, my buddy did an awesome video depicting "big brother isps" and the "Internet Pirate". Its really worth the look...and its quite funny! :p

»beastbox.net/strangetom/ds.htm

and if you like the movie check out his site

»www.tomizzo.org
Maybe you should go Look at Peer Impact before you label all p2p users as thieves .

»www.peerimpact.com
reply
superht1 @ 19th Feb 08:53PM:
Re: Not a bad idea anyway

It is not because they lack bandwidth but because they want to destroy p2p, the right to trade files with other users.
reply
superht1 @ 19th Feb 09:04PM:
Re: ISP goal: slow down uploads; they'll find another way

Upload is often not saturated, it's the download that are since it's heavily used. Heeeeee. Wakeup and smell a breathe of truth.
reply
toddinpal @ 19th Feb 09:05PM:
Re: After reading all of this...

Well if you consider getting 2 Mb/sec out of an 8 Mb/sec pipe a good deal, great for you! With SBC Yahoo 6000/600 service I regularly get 5-6 Mb/sec downloads.

-tl
reply
nixen @ 19th Feb 09:48PM:
Re: Not a bad idea anyway

said by russotto :

Encryption buys you one other thing besides a delay: It means that if they want _you_, they have to go after _you_ specifically. They can't just cast a wide net and bring in all the fishies they can find.
Or... They run their keyword searches on the clear text transmissions, and then toss all the encrypted things into the crypto shredders because "hey, if it's encoded, there's gotta be a reason".

Now, they might not do that for 100% of the data that passes over the internet, but, if an agency NSL'ed an ISP for a weeks worth of data, they could shred it fairly quickly to decide if they DID want to go after you specifically.

Basically, it's a crap shoot.

-tom
--
"Some people have morals, standards and ideals about quality, but I'm an American: I couldn't care less." --Tony Pierce (paraphrased)
reply
gatorkram @ 19th Feb 10:27PM:
encryption offers you no protection

The thing that everyone is missing, or not talking about, is the encryption in azureus, and uTorrent, offer you no protection what-so-ever, when the people who are looking for you, are connected in the stream with you, downloading the file to verify its what they are after.

Where do you think they get all the IPs to begin with?
--
Give me bandwidth or give me death!
reply
macrospect @ 20th Feb 12:17AM:
Itll slow ISP's not stop them.

As other users have mentioned this will only slow BT traffic not stop. Sooner or later ISP's will find a way around the encryption. Its just a matter of time (just like everything else dealing with P2P).

Not all P2P is bad though. I mean there is a good amount that is, but there is also a large portion that can be traded (legally).
reply
TKJunkMail @ 20th Feb 02:12AM:
Re: ISP goal: slow down uploads; they'll find another way

said by superht1 :

Upload is often not saturated, it's the download that are since it's heavily used. Heeeeee. Wakeup and smell a breathe of truth.
The cable companies don't care about downloads. They care about uploads being saturated. Wake up and smell the coffee.
--
--
Join Red Room Forum
BLOG tkjunkmail.blogspot.com
Conrail Photo Album
reply
lordkuri @ 20th Feb 02:14AM:
Re: encryption offers you no protection

said by gatorkram :

The thing that everyone is missing, or not talking about, is the encryption in azureus, and uTorrent, offer you no protection what-so-ever
And the thing you seem to be missing is that no one has stated that it's "to protect you". This is wholly intended to get around shaping proxies that filter based on packet headers and/or protocol.
reply
Combat Chuck @ 20th Feb 02:33AM:
Re: Itll slow ISP's not stop them.

said by macrospect :

As other users have mentioned this will only slow BT traffic not stop. Sooner or later ISP's will find a way around the encryption. Its just a matter of time (just like everything else dealing with P2P).
It's trivial to come up with a way to identify BT on a home connection without even looking at whats in the packet. Just look for an end user with a whole lot of incoming connections look at the port those connections are headed to, throttle that port.
--
Asking those who disagree with you to find support of your arguements is like asking an assailant if you can borrow his gun.
reply
GamerGeek @ 20th Feb 05:01AM:
Re: Not a bad idea anyway

said by superht1 :

It is not because they lack bandwidth but because they want to destroy p2p, the right to trade files with other users.
I'm gonna preface this by explaining that I use Azureus quite often. Now then...

You're going to have to explain to me where this "right" to trade files is described, 'cause I ain't never seen it. First off, packet shaping was implemented to deter users from trading copyrighted material. Users have found ways around that. Do you understand what that is? It's a violation of your ISP's terms of service, that's what. It's circumvention of safeguards put into place to limit the distribution of the aforementioned copyrighted material. It's grounds for termination of your account if they so desire, which you SHOULD be aware that they DO have the ability to find out what you're downloading at any given time.

You don't HAVE any "rights" when it comes to distributing those files, because YOU aren't the license holder. And don't even go into the whole "what about the non-copyrighted files?" schtick. It isn't even a factor and everyone knows it.

Example: take a look at one of the most popular bittorrent sites out there; mininova. Out of the top 20 downloaded files for today alone, 11 of those are TV episodes (copyrighted) and 5 are full feature movies (also copyrighted). The other 4 are Japanese anime.

I hate to be the bearer of bad tidings, but when 80% of the top downloaded files are copyrighted stuff, don't you think the ISPs of the world are going to take steps to protect themselves? The right to trade files with other users... pfft... I want a new TV, maybe I should hop on down to Circuit City and steal me one of them, too?
reply
gatorkram @ 20th Feb 05:19AM:
Re: encryption offers you no protection

said by lordkuri :

said by gatorkram :

The thing that everyone is missing, or not talking about, is the encryption in azureus, and uTorrent, offer you no protection what-so-ever
And the thing you seem to be missing is that no one has stated that it's "to protect you". This is wholly intended to get around shaping proxies that filter based on packet headers and/or protocol.
I guess maybe you aren't reading the same threads I am?
And yes, I know what the point of the encryption is.
If you would have read the all the threads, which I can only assume you didn't, you would have seen the place for my statement, and understand why it's here.

Thanks
--
Give me bandwidth or give me death!
reply
Cheeze It @ 20th Feb 02:09PM:
Re: Itll slow ISP's not stop them.

Is there software/hardware that can do that automatically ??

I'm just curious is all....the only exposure in the "hands on" networking parts is the Cisco IOS that I am aware of and on that all of the bit-capping was a manual ordeal...
reply
Combat Chuck @ 21st Feb 11:28AM:
Re: Itll slow ISP's not stop them.

said by Cheeze It :

Is there software/hardware that can do that automatically ??

I'm just curious is all....the only exposure in the "hands on" networking parts is the Cisco IOS that I am aware of and on that all of the bit-capping was a manual ordeal...
I don't know, but I doubt it would be hard to write.
--
Asking those who disagree with you to find support of your arguements is like asking an assailant if you can borrow his gun.
reply
anon @ 15th Mar 04:19AM:
Re: Encryption vs. Security

I have the problem where everytime I turn on azureus it contacts multiple isps on the same port number then they report me to dshield. After erasing every thing that could possibly be associated with azureus it still does the same thing at a random time maybe twice a day using multiple ips for each port used for attack. Couldn't be dynamic ips or p2p afterglow.
reply

Thank you for using lo-fi dslreports.com - report bugs
© 99-2009 silver matrix LLC