Jump to content
To block spammers, this forum has suspended new user registration ×
Comet Forums
To block spammers, this forum has suspended new user registration

Profile/Settings encryption - enhanced privacy and security


Waseihou

Recommended Posts

First of all, please forgive me my not so perfect English. Now the feature request and it's motivation will follow:

We live in time where privacy is becoming more important than ever, and software must react to this situation. One of key features I am missing in any torrent client is an enhanced privacy where all the settings (filelist) would be encrypted, and the fact that it is encrypted would be somehow made known to public.

There are adversaries who can target the user depending on the content he shared, and when they pick their target they prefer to pick easy one. For the adversary the most important information is filelist, as he needs some kind of an evidence that certain files were shared from user's particular computer. If he knows that from certain user it would be more diffucult to obtain this private data than from another, he will avoid such user and opt for lower hanging fruit, as there are still many to pick.

Therefore, the user who want to be safer should not only encrypt his folder with torrent client profile, but he must also announce this information in public. Right now he can encrypt the profile with third party utility thus preventing the adversary from obtaining his private information, but he can't diminish adversary's motivation to make an attempt to access his system. The fact that certain file is found on user's computer does not pose a problem to the user, only the fact it was obtained via torrent technology where it was being shared while it was being downloaded. Therefore some kind of encryption of profile/setttings folder must be build into the torrent client and this fact must be announced via the client's name.

Therefore, I propose this enhancenment to BitComet:

  • When BitComet is being started, it will ask for a password that will be used to decrypt all data that could indicate that some certain files were obtained via it. It means that filelist and any files (logs etc.) containing names and/or hashes of files that were download/shared/touched will be stored on the disk only in an encrypted state. It will not be possible by any mean to prove correlation between profile/settings and any file user might have on his disk. Also it must not be possible to figure out how much data were downloaded and uploaded via the client.
  • Encryption of the profile will be optional and will be disabled by default. When user enables it, he will have to enter the password for the profile, which he will have from then on to enter whenever he starts BitComet. When the feature is enabled, then client's name will change from BitComet to [sec]BitComet so that others can see that user's profile settings are secured/encrypted. In this way the fact that user's filelist is encrypted is announced to the public, thus diminishing possible adversaries's motivation to target that particular user.
  • Additional option - after some time of inactivity, the application will be locked and minimized to tray and it will be possible to show it again only after entering the password. Thus any adversary with physical access to the computer will not be able to simply access user's private data. While it would be of course possible with some advanced forensic tools, it would make it harder to unprepared adversary. As in most cases known to me the adversary only grabs the computer for further investigation, this feature will be in practice quite useful.

I believe that those security enhancenments might not only make BitComet better and privacy-enabled, but it could also start a new trend in the bittorrent security. To change client's name in certain way so that other's knew about this security enhancenments could be a new de facto standard (prefix client name with [sec]) that would benefit whole community.

Maybe I could create a new client with rasterbar's libtorrent if I was not so lazy, but even if those features were included in some minor client, they would not hit the major population of users. For profile/settings/logs encryption to work as described above, the practice must be spread enough to be well known to those evil adversaries...

  • Like 1
Link to comment
Share on other sites

The list of files on any torrent are included in the torrent itself so there is no way the client could control that info. If the torrent's author didn't want anyone knowing the contents they could archive the files in a .zip or .rar file, however it would be difficult to get people interested in downloading if you don't disclose what is being shared.

BitComet does offer anonymous downloading, it's part of the vip service that has been in beta testing. It's had a rocky beginning but seems to be working fairly well now. It's not a free service because it requires use of remote servers to download on your behalf. Otherwise there is no way to use p2p without disclosing your IP address to peers you trade with.

Link to comment
Share on other sites

Just a hypothetical tale that did not happened (really...):

There was a guy in one country in some post-communist Eastern Europe country who was still using DC++ (yeah, lol, in 2012...) and he shared a lot of copyrighted music and video files and therefore one day police came into his flat and seized his computer (it had some chilling effect on local community...). He was not only using DC++, but also bittorrent. The forensic specialist searched for all filelists in all filesharing applications to make a list of files and to calculate "damage" he caused. As his DC++ and torrent client settings were not encrypted, they got everything he had downloaded (and thus also shared) and added it to the "damages" list. Yes, they came after him because of DC++, but they added BitTorrent shares too when they caught him. They also added all pirated software he had to the damages, because once it was prooved that he illegaly shared at least one file, then it means that house search warrant was justified and evidence obtained this way was legal. Not only did he have to pay big damages to local MAFIAA, he also got two years probation. If he had encrypted all file sharing programs directories (eg. in TrueCrypt), then forensic specialist would not have obtained file list. Even if the files were on the computer, in that particular country posession of video and music is not illegal, only sharing. Because there would not be an evidence of wrongdoing, he could lie to the court that there was a family member (he can legally refuse to say who was that) on the visit who downloaded the data and then shared it with him on local network. Then it would mean that he himself was innocent and thus the search warrant was not appropriate and any further obtained evidence could be dissmissed as a fruit of the poissonous tree and the fact that his computer contained pirated software (possession is illegal) could not be used against him. Maybe they would seized the computer (as it was a tool of criminial act - possesion of pirated software, person cannot be sentenced but evidence remains seized), but they could not at least sentence him.

While I do not promote illegal activity, any person (dissident etc.) might benefit from such security feature too. Would you prefer if your kids in their notebook had their torrent settings encrypted or not when police knocks on your door? Many persons would have not been sentenced if their filesharig clients settings were encrypted. I studied say about 15 court cases and always the most important evidence is filelist obtained from the settings. For example if there is a folder with video AND that folder is being shared in DC++, then the defendant is guilty of announcing all copyrighted data from that folder to the public, but if there is only the folder with copyrighted data but not the settings, then nothing happens to him. If the client also track share ratio, then it can be used to exact calculation of damage. Damage = price in shop x upload ratio for that particular torrent. Having .torrent file itself is not much a problem, it only indirect evidence that defendant might have been torrenting, but then he can say to the court that he did not uploaded anything, only downloaded as there were many peers. Of course it's better to delete and wipe .torrent files too...

The proposal aims at making forensic analysis (obtaining evidence) harder, not to prevent being caught. By announcing it in the client name it should be obvious to parties who are fishing IP addresses that if they send police there, they will not get anything. You could also use such feature to hide your downloads from girlfriend/boyfriend/boss/teacher/parents/any authority so it does not aim only at making criminal investigation more difficult, but any investigation by any person. For example if you misuse your work computer to download music and video to external storage while night then there might somewhere reside information on what you downloaded. Better if it is not here so that remote admin cannot easily see it (and we have another case justifying such a feature, while immoral it is not illegal...).

Edited by Waseihou (see edit history)
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...