BitTorrent and End to End Encryption 494
An anonymous reader writes "As ISPs like Shaw and Rogers throttle their bandwidth to counter the growth of BitTorrent, BitTorrent developers are fighting back with end to end encryption. Oddly enough, Bram Cohen, the original brains behind BitTorrent, doesn't support this direction. Is there really anything he can do about it?"
Encryption isn't the solution we need, or want.. (Score:5, Insightful)
To answer "anonymous reader"'s tag question... (Score:1, Insightful)
Wrong Solution (Score:5, Insightful)
The Goodness of Open Source (Score:5, Insightful)
Isn't this what Open Source is about? The ability to make changes to a software to suit one's need? And if there are enough users, followers, developers and contributors (see Ubuntu from Debian), the new branch because a thing of its own.
So the day Bram opened his code, BT is subject to the same kind of treatment and only users can decide which way it will go.
Aren't there cases where someone compiled a BT client to act like a seeder with high ratio but is an ultimate leecher?
Re:Encryption isn't the solution we need, or want. (Score:5, Insightful)
ISPs are happy to lose those customers.
Encryption won't work anyhow (Score:5, Insightful)
My connection is severly throttled by my pathetic aDSL upload speed, but that's another bitch entirely.
Here's my take on the whole Bram Cohen thingy... (Score:5, Insightful)
What are ISPs selling? (Score:5, Insightful)
Someone should sue [insert favorite ISP here] for bait and switch. If what they're providing is 4mb/256K burst speed, with lower rates for continuous, then that's what they should say in their advertising. This is hardly a far cry from the shady camera outfits online (i.e. PriceRitePhoto). You pay every month for a service, and the service you're actually provided differs greatly from what you thought you purchased.
Asymmetric connections (Score:2, Insightful)
Re:Wrong Solution (Score:5, Insightful)
Of course he can't do anything...directly. (Score:5, Insightful)
However, also like LT and most other major project figureheads, he holds a certain amount of political sway. His disapproval may be enough to keep some developers from pursuing certain paths. Of course, not everyone will care about what he thinks, but he does have SOME power.
Re:Encryption won't work anyhow (Score:5, Insightful)
And how is the ISP supposed to be able to detect the difference between encrypted and non-encrypted binary data? What detection routine do you use to detect between, say, encrypted BitTorrent data, unencrypted VOIP data, an FTP file transfer, and random data?
Traditionally, you can filter the ports -- but nothing prevents software from changing what ports it uses, and there are several applications which can handle a dynamic port exchange. How barring just blocking or filtering on specific ports, how do you detect that data is encrypted, when the purpose of encryption is to make the data appear to be random to an outside adversary?
Yaz.
statistics (Score:2, Insightful)
I wonder if he just pulled this out of his ass or something. Not only does my ISP traffic shape BT, they also block all the common ports that trackers use (you can change your client's ports easily, but the tracker owner has to change in this case).
There have been actual studies showing P2P traffic represents over 50% of consumer ISP traffic. An ISP would have to be stupid not to shape P2P.
Re:BitTorrent's image (Score:5, Insightful)
--LWM
Technology isn't the solution we need, or want. (Score:1, Insightful)
If BT has a "clear and growing legal use"? Then the flip side is that it also has a "clear and growing illegal use" as well.
"Perhaps a boycott of ISPs that do that would be in order... except for that whole monopoly thing."
I'm certain all you geeks with your big brains will come up with a solution. You do it all the time here.
Encryption or obfuscation? (Score:4, Insightful)
Encryption here is just a mean, they don't care if the ISP sees WHAT they're sharing, they only care that the ISP recognizes that they ARE sharing (and throttling their connection accordingly).
I find the argument agains the tracker taking care of it quite silly. The guy from uTorrent says that the ISP would simpy find or modify the packet saying that obfuscation is wanted.
I would guess the ISP would just throttle all encrypted traffic going to random ports before it starts identfiying specific packets. They're as justified to limit it to BT as they are to do it with all unrecognized traffic.
BT is costing them a large amount of money so they start to throttle it. That means that they're not going to sit idly and not respond if it becomes obfuscated/encrypted.
I don't think it's an arms race that BT can win at all. If the ISP wants to limit the amount of bandwidth you're using, they will limit it, one way or another. For example, the ISP might throttle everything after a threshold per month is exceeded.
That's the main point that Bram is making, and I find it difficult to disagree with him.
Re:I'm a Shaw BT user (Score:3, Insightful)
However, nothing personal, I REALLY REALLY wish that people who wanted to download TV shows, movies, apps, music, warez, etc. would use USENET.
USENET is a bit more difficult to use at first but it is fast as fast can be if you get the right server, and you are far less likely to run into trouble with anyone. I could (if I wanted) grab an entire season to a TV show in less than two hours. Probably more like 45 minutes even... (seriously... Rogers is fucking fast)
Using USENET would also really really really cut waaaaaay down on that traffic that is bothering the hell out of the ISPs... (epecially for the cable providers since it all but eliminates the upstream)
Sadly, Rogers no longer offers Usenet services because they are really cheap and greedy, so you have to pay for a premium news server, which is like $9 a month.
Re:Encryption won't work anyhow (Score:5, Insightful)
As TFA notes: encrypted or not, you're still pushing a massive amount of upload and download traffic. That in itself is enough to get noticed.
Second, the more data there is to analyze, the easier it becomes to distinguish noise from data.
Third, Again as TFA notes, if a lot of connections are being made, they can analyze the first chunk of data sent by both sides. If it's an unencrypted connection, you'll see a roughly consistent set of data being sent across at the beginning. If even the headers are encrypted, and you use BitTorrent a lot, eventually it will be pretty obvious.
One or two? Try none. (Score:3, Insightful)
I live in an area where the best I've got is dial-up (and 28.8k at that). Once an ISP gets out here, I'll be the first to switch to them. ON ONE CONDITION: They allow bittorrent traffic.
Seriously, everyone I know who has gotten broadband has done so for P2P. Warez kiddies ^W^WLinux distro hunters are the cable companies biggest subscribers.
They are shooting themselves in the foot by not supporting us.
Re:Encryption isn't the solution we need, or want. (Score:1, Insightful)
Monopoly...switched. The words don't quite mesh.
Re:Encryption won't work anyhow (Score:3, Insightful)
There's MUCH more to bandwidth management than just blocking ports. Modern bandwidth management solutions go past layer 3 and detect which applications are running across a network flow.
Even if a system can't understand the data being transmitted, there's a good chance that the system can understand either what type of encryption is being used, what application is sending the data, or even both.
In order for applications to communicate they need a well-documented set of rules for communications. Open Source applications and standardized applications use public and well-documented sets of rules.
Re:North Continent (Score:4, Insightful)
I work at an ISP. We pay $50 per meg per month measured at the 95th-percentile of our monthly usage. We can use our bandwidth in essentially any legal way, and we get a pretty rock-solid SLA for our money.On the flipside, our providers should not go bankrupt supporting the service we buy.
I buy cable broadband at home. I pay $40/month flat rate and I agreed to a pretty restrictive AUP that allows no servers or P2P applications on my end of the connection. I could violate the AUP, like I'm sure many do. But if I did, I would not whine and complain when my ISP addresses the issue. Oh yeah, if I paid at home what I pay at work, I would be paying about $120/month for internet access. But then I could use P2P...whoop-dee-do!
Networks are very, very expensive. If my broadband provider doesn't stay in business, I won't be able to use P2P--or any other 'net application.
Re:Encryption won't work anyhow (Score:3, Insightful)
Re:BitTorrent's image (Score:3, Insightful)
A simple encrypted HTTP protocol without all the certificate crap would be JUST FINE. Just negotiate some form of encryption, exchange some random keys and do your stuff (like SSH basically does everytime you make a connection) -- this can be done complete secure, the only thing you donot have is a 100% guarantee that the website your talking to is really who they say they are -- in other words, just like normal HTTP, except that your ISP can't see what you are doing, nor can anyone else except the destination site (whoever that may be).
Having the option to use encrypted HTTP should involve nothing more than a flip of switch, just like having your HTTP stream gzipped compressed
Re:Encryption isn't the solution we need, or want. (Score:5, Insightful)
Well, except that in this case, you're not paying the ISP for the water but for the capacity of the pipes. The water is coming from sources outside of the ISP and thus isn't a scarce resource. In fact, when you signed up for your pipe-service, you understood that you were paying for the maintenance and capacity of the pipes, which is often claimed to be "unlimited", but upon having them installed, you notice that the same pipe is feeding both your home and your neighbor's home, and their neighbor's home.
you were the first type of customer, wouldn't you be annoyed if you found out you were paying the same as the second type? Wouldn't you expect them to pay more, or perhpas face some restrictions?
If the first type of customer gets upset at the second type of customer, then they should also get upset at buffets that charge the same amount of money to every customer regardless of the amount that they intend to eat. But then, that is the whole concept of a buffet, isn't it? You enter into an agreement with the provider knowing that you are getting a service that you value appropriately enough to pay for. If you think you should be getting a better deal because some people consume more per unit price than you do, then nothing stops you from trying to make your own arrangements, but if the business is not willing to enter into such an agreement with you, then you are free to find another who will. This is the market place at work, and how other people choose to spend their money has no impact on how you should choose to spend yours.
Re:Encryption won't work anyhow (Score:3, Insightful)
Alice wants to send an encrypted message to Bob, so she encrypts her message with Bob's public key. Thereafter, the only way to decrypt the message is using Bob's private key. Since the private key never gets exchanged, the ISP never sees it, and therefore cannot decrypt the message. When Bob wants to send Alice a response, he encrypts it with her public key, which makes the message decryptable only with Alice's private key (which she never sent).
In PK, there is no "key exchange" in the usual sense of the term, because in standard crypto algorithms, the exchange needs to be made without the key falling into the hands of those who shouldn't be listening in. What actually happens is more akin to "key publishing," because the public key can be made available to anyone. All they can use it for is to create messages that only you can decrypt.
Your buffet example reminds me of a story... (Score:5, Insightful)
Needless to say, the poor restaurant owners were not real prepared for a dozen 250+lb college students to come in and eat many platefuls of food, and the owners were not very happy. They asked them to leave, and when they said "no, it's a buffet, we are just eating 'all-we-can-eat'", the owners called the cops on them.
Well, the cops showed up, and listened to the complaint, and talked to them. And decided against the owner! "If the sign says 'all-you-can-eat', you can't kick them out just because they can eat more than you want them to eat."
Not really applicable to the topic, but just seemed an appropriate anecdote. Not only internet companies want to cut off people who use over the average!
Re:I remember... (Score:4, Insightful)
They can't have it both ways. If they advertise it as a flat rate / unlimited, people are going to use it that way. If some people are using more bandwidth than others, then have your price reflect that. Then people will be a little more frugal in their downloading.
Just keeping the flat rate and prohibiting people from using their connection for what they want just makes people angry and is just stupid.
Re:Also because (Score:3, Insightful)