How Anti-P2P lawsuit evidence is collected.

There are many people around the world that have received a letter, demanding money because of a bittorrent download. The question that is going through their heads is ‘how did they track me’, with perhaps “how can I prevent them?” To address this, I made a video that should explain these things.

If you’ve been following P2P news in the last few years, you’ll have heard of the UK cases, where people are getting letters from lawyers (First Davenport Lyons, then ACS:law) accusing them of downloading games, music or hardcore pornography. More recently, this has spread to the US, with the US Copyright Group (USCG) targeting thousands.

People who get these letters (whether they did what they are accused of or not) are often left wondering ‘how could they tell it was me?” The short answer is there are many ways to tell, but the simplest one is ‘swarm participation.

As this video shows, it’s very easy to detect people using this method, and to save the data for later use.


This method does have some advantages over other methods.

  • It tends not to fall for tracker-added spoofs
  • it can handle multiple torrents at once
  • It is undetectable in use
  • It’s extremely cheap to set up and run.
  • It can be used on any kind of connection, from a low-end home DSL connection, through a commercial leased line, to a colocated box (such as a seed box)

There are some downsides though:

  • The system clock must be accurate, as must the clock on the ISP’s IP address assigner/logger.
  • It can still generate the odd false positive
  • It requires torrents to be added, either manually, or via RSS feeds set up for the job. It’s not fully automated.

Never the less, the fact that it is undetectable in use means that the first time people are aware that the torrents have been monitored, are when the letters drop through the door, or their ISP forwards on an email. It’s undetectable because it’s acting just like a regular client. It behaves no differently than any other peer in the swarm, except it is logging all it’s activities instead of forgetting them.

Those who have been targetted by an allegation (accurately) may also ask the question “How do I stop them from doing it?”. Unfortunately for those people, there is no easy way. Since the IP addresses are not readily identifiable, they won’t be on blocklists (despite the claims of the scam-artists that run them), so there’s no point in bothering with them. Likewise, this method works just as well on private trackers, as public ones, if not better, because of the smaller pool of peers (plus the extra evidence of a registration-required tracker make it a more tempting target). That only really leaves seedboxes, and VPNs. That will protect you at first, but as most require a form of payment, that can be additional evidence (as well as proving intent, and negating the wifi defence, amongst others)

If you’re really paranoid, just don’t torrent at all, as that’s the best way to be sure, although that doesn’t mean you won’t get a letter, as studies have shown. The best advice is probably just to be smart, and to think before you act.

And remember, under ‘3-strikes’, this is all the evidence needed for a strike.

If the video doesn’t work for you, or you’d like to watch the full resolution (1200×640) version (135 MB), you can download it via bitorrent with this torrent file, or this (mainline) magnet link (curious about magnet links? click here)