How (and why) your Torrents are being Monitored

IP addresses in a torrent swarm
Your IP addresses is completely exposed while torrenting

You may not realize it, but nearly every download from popular torrent websites is being watched and recorded. There are multiple organizations compiling huge databases of IP addresses linked to p2p file-sharing. Frequent file-sharers need a strategy to defeat torrent monitoring.

Worse yet, some of these companies use other data sources (like buying gray-market personal data) to tie these IP addresses to actual physical addresses and identities.

Some of this is just for research purposes, but much of it isn’t. Many of these companies are malicious, including the infamous (now-defunct) Prenda Law partnership that illegally extorted settlements from thousands of alleged torrenters.

In this guide you’ll learn:

  1. Who’s watching your torrent activity
  2. How torrents are tracked and monitored
  3. How to protect yourself

Who’s watching your torrent activity?

There are several categories of organizations that closely monitor BitTorrent activity:

  • Internet Service Providers (ISP’s)
  • Rights-holders
  • Copyright Trolls
  • Data Brokers
  • Researchers

Internet Service Providers (ISP)

Whatever way you access the internet, you’re going through an Internet Service Provider. They are the gateway to the web, and whether you have broadband cable internet, Gigabit fiber-optic , or 4G wireless you’ve got an ISP. Examples in the USA include: Spectrum, Fios, Charter, Xfinity, AT&T and Verizon.

But this access isn’t completely open and unchecked. On the contrary, most ISP’s directly monitor your internet traffic and some even block, or throttle (slow) certain traffic types.

And it doesn’t stop there. In many countries, ISP’s are required to keep IP address logs, and even to spy on DNS queries and log your web-browsing history.

So it should be no surprise that many ISP’s monitor torrent traffic as well. They do this for a couple reasons:

  1. Network Optimization: Frequent downloaders use a ton of data. ISP’s often throttle high-bandwidth activities like torrenting.
  2. Reduce legal headaches: Some file-sharing includes copyrighted files, and ISPs may face legal pressure from the rightsholders. Your ISP may send you warnings or try to block p2p traffic altogether if you do this.

How they track you: Since all your traffic flows through their servers, your internet provider can easily perform packet analysis and sophisticated Deep Packet Inspection to precisely identify what you’re doing online. Unless you encrypt your traffic that is.

Rightsholders

For copyrighted works (movies, music, software etc…) the owner of the copyright is known as the ‘rightsholder’. This may be a large corporation e.g. Sony, or an obscure holding company set up to own just a few copyrights.

Why rightsholders monitor torrents:

  • Calculate Impact: Companies need to know how frequently their copyrighted files are being shared online. This allows them to calculate potential lost revenue and determine whether to take additional action (see below).
  • Enforce rights: Most rightsholders enforce their copyrights though some do it more aggressively than others. Actions may range from DMCA notices to threatening letters to your ISP and occasionally even lawsuits.

How they track you: Without direct access to your internet activity, rightsholders rely on swarm-based monitoring methods such as IP-address tracking and DHT monitoring. They also contract with researchers and data-brokers who do the work for them.

Copyright Trolls

Copyright Trolls are the most litigious copyright holders (or companies that rightsholders contract to do the dirty work). They tend to use predatory tactics to procure quick settlements from alleged violators rather than actually going to court.

How they track you: IP-based monitoring or buying filesharing databases from data brokers.

Data Brokers

I know what you download (IP address)
Torrent files linked to an IP address from IKnowWhatYouDownload

Data Brokers are 3rd-party companies who don’t directly hold copyrights. Instead, they data-mine torrent swarms and then sell the data to rights holders and patent trolls.

Some data brokers even provide access to their filesharing database for free. As an example, I Know What You Download has over 1.5 million torrents in their database and 200 million peers (IP addresses).

How torrents are Tracked, Monitored & Logged

1. Direct Monitoring / Deep Packet Inspection

Direct monitoring of torrents can only be perform by someone with direct access to your data stream. Usually this means your ISP or your network administrator.

Shallow packet inspection looks only at the metadata of network packets. It looks at headers that identify the traffic type and destination. In some cases, this may be enough to identify torrent traffic.

Deep Packet Inspection is more invasive. It looks the payload (content) of your data packets, and also uses sophisticated analysis of patterns over multiple packets to identify undesirable network traffic. This traffic can then be rerouted, blocked, throttled (or just logged in a database).

2. IP-based monitoring of torrent swarms

IP-address monitoring is by far the most common method for monitoring torrent activity because:

  • It can be done by anyone (IP addresses are public)
  • It’s very easy (no proprietary software necessary).

How it works

BitTorrent is a public protocol by design. It is a decentralized network, meaning you connect to other participants directly rather than downloading from a central server.

Each torrent swarm (a single file) may contain hundreds or thousands of other users who connect to each other. In order to connect to other peers, you need to know their IP address. In fact, these IP addresses are completely exposed for anyone to see:

Torrent IP addresses exposed in Vuze
IP addresses in Vuze for one public domain torrent

How to prevent it?

Peers (and torrent spies) can only see your public-facing IP address. Normally, this is assigned by your Internet Provider, but you can actually change your IP address by routing torrent traffic through a Proxy or VPN server. And no, Peerblock isn’t a good option.

Learn More: How to torrent safely & privately

DHT, PEX & Tracker-based monitoring

Torrent spies don’t even need to connect to a swarm to harvest IP addresses. It’s actually possible to simply snoop on peer-discovery methods like DHT & PEX.

In fact, large-scale monitoring of DHT is not just possible, but quite efficient.

And standard torrent trackers aren’t immune either. Malicious peers can snoop on non-https tracker connections, or even create a honeypot tracker of their own. This may well be what is happening with some of the unblocker/proxy mirrors for popular torrent sites like the Pirate Bay.

How to prevent it: Disable DHT & PEX, or use an ip-masking and encryption technology like a VPN.

How to protect your privacy

We believe in the right to privacy, including torrents. If you don’t want your identity and IP-address being tracked from torrent swarms, you should take steps to protect yourself.

And it’s really easy to do. The best tool is a high-quality VPN service that will encrypt your torrent traffic and hide your real IP address from public view.

Using a VPN will accomplish two things:

  1. Encrypt your traffic so your ISP can’t spy on you directly or throttle your torrents
  2. Provide an anonymous virtual IP address that can’t easily be linked to your identity.

Pro Tip: Make sure to use a non-logging VPN service like NordVPN so that there’s no metadata to link your virtual IP address to your real identity.

Learn more about protecting your torrent privacy: The Safe Torrent Guide.

Ryan McCarthy

Ryan is the editor and head reviewer. He's been a tech geek and digital privacy enthusiast since the Y2k freakout in '99. When not writing BitTorrent tutorials, he can usually be found sipping a lager or playing pickup football (the real kind).

Leave a Comment