uTorrent 3.3 alpha randomizes Peer-ID during sessions
It is almost certain that public – and likely private – Bittorrent traffic is monitored to a great extent by companies that specialize in these kind of operations. Information such as IP addresses, downloaded files, date and time, program name and version, and other information are likely recorded by these companies. Most users know that it is the IP address that makes them identifiable, and some take great care to anonymize their online presence because of this. There are several options to do just that, from using virtual private networks or proxy servers to seedboxes or open wireless networks.
Fingerprinting techniques may however reveal connections even if an IP address is changed regularly. Bittorrent clients are for instance sending out a peer-ID on connects which may or may not get randomized automatically by the application. The popular uTorrent application for instance up until now randomized the peer-ID on every start of the program, but not during sessions.
The peer-ID in this case may reveal links between seemingly unrelated user sessions. This is for instance the case if you have changed your IP during a session but not restarted the uTorrent client.
To avoid this from happening, Bittorrent INC. has added a new feature to the uTorrent 3.3 client that is randomizing the peer-ID for public torrent downloads during sessions. The feature has been enabled in one of the latest alpha builds of the client to mitigate tracking using the ID.
Feature: don’t use a consistent peer-id (to mitigate tracking)
Other Bittorrent clients have had implemented similar measures for some time now. The popularuTorrent alternative qbittorrent for instance supports an anonymous mode feature that is taking anonymity a step further:
- peer-ID without client fingerprint
- user-agent will be empty
- trackers will only be used if they are using proxy servers
- listen sockets are closed
- incoming connections only accepted though Socks5 or I2P proxy
It is not really clear when the current stable version of uTorrent will be moved to version 3.3. Considering that it is currently in alpha it may take a while before stable users benefit from the protection.
You find a download link of the latest uTorrent alpha build on the official forum where updates are regularly posted. Keep in mind that it is an alpha and may be less stable because of it. (via Reddit)
No comments:
Post a Comment