Friday, March 30, 2012

Investigative journalism: the pirate wars

Even though SOPA, PIPA, ACTA are almost defeated or in serious trouble, the war with the pirates are far from over.  The massive p2p lawsuits in UK are back, even though the last lawyer involved was utterly destroyed.  In US, ISP's are preparing to deploy in summer what they agreed to do, patrolling their users and deal with repeat offenders.

To deal with piracy, the internet is in danger of unconstitutional censorship and even loss of the guaranteed right of anonymity.  You can blame the pirates for coming to this.  My guess is, with or without the pirates, the internet is heading that way anyway.  Pirates is just the right excuse.  I may not be right.  But one thing is certain, the pirates will always become defenders of the constitution by the things they fight for.  One is unknown.  One is certain.  Which side do you take?

We shouldn't have to care.  If we are not one percent of the one percent, who cares if someone is losing money?  Punishment should fit the crime, not using severe punishment as scare tactics just because those losing money are rich and powerful.

You know from my other blog I like to investigate myself. I want to see who's going to win the next round.

Megadownload and such are money making schemes.  They have no efficiency and can't handle 3D movies 10 to 20 Gb each.  So I look at bittorrent as an indicator.
If you do a simple search using Google, all the great movies and great games are there, in all the formats.  BT isn't going to go away soon.

The Ship

The bittorrent protocol is an open book where everybody knows everybody else.  There are ways to cut down your exposure - private trackers, seedbox, VPN.

Private trackers are like private clubs.  Because of the small numbers of users swamping a torrent, it's much more inefficient to track down all the users.  Users are sort of screened but there's no guarantee that management are not compromised.  They have your IP just like public torrents.

Since you only need the most basic virtual server and website to run these clubs, they are almost untraceable.   There are pretty good open source software for exactly this purpose.  I'm sure they don't keep any logs.  But the hosting company of these servers still may have connection logs, depending on the jurisdiction.  There are in theory free if you want, but finding the right ones and begging to join is a hassle, on top of the hassle of juvenile management.

Seedboxes are typically servers in the cloud that performs the bittorrent download for you.  All you have to do is to download or stream the completed files into your computer.  Amazon servers in the cloud are pretty good seedboxes, but since they charge by bandwidth, HD and 3D movies are out of the question.  Because you have to seed, upload while downloading, you end up with twice the bandwidth usage.  For a ten Gb movie, you are charged twice.  It end up costing some $5 dollars for a 3D movie, which is a great deal but you can have it for free.

In Europe the cloud servers are not charged by bandwidth.  They become heavens for seedboxes.  Unlike Amazon, owning a server still cost too much for individuals.  But typically seedbox operators hire a server and split it into seedboxes to resell to end users.  But be careful that the server providers do not allow bittorrents.  So these resellers may come and go, along with your money.

The weak link in seedboxes is the final download into your hard drive.  Your IP has to be exposed.  You can use proxies but fast and reliable and untraceable ones cost money.

Typically if you are a movie junkie, you need a seedbox.  If you are a causal user, like at most a movie every two days, you don't need a seedbox.  A basic boardband connection at home, the simplest netbook can do all the work in the background.  It's even better if you have an old spare computer, or a cheap media computer attached to your TV.

If you do your bittorrent pirating at home, my source's advice is to hire some VPN provider.  A http or socks proxy for the browser won't work as bittorrent clients now use udp as well.  VPN has been called transparent proxy.  When the VPN is turned on, every net traffic goes through it so you don't have to set the proxy of individual applications.   There's no DNS leak unless you keep using your ISP's DNS server.

VPN typically cost the least of the above because it doesn't provide anything other than "anonymous" connection.  Operators have no fear of being targeted.  You can always use VPN on your last leg whatever you decide to use, which decreases your traceability.  Also, the consideration of choosing a VPN is the same as choosing other services.  Our further investigation is on VPN.

Other anonymous services such as TOR and Jondo are two slow or two expensive for huge movies.

The Base

Ironically, having real pirate problems, the Republic of Seychelles is heaven for pirates and legitimates business to setup off shore companies.  Company officials are anonymous (with records kept securely in the Republic).  That adds confidence if these people can hardly be identified, how can you?

The worse VPN or other services you can have is based in Europe, where they have the data retention laws.  When they receive a court order, they just have to give up your IP when you connected to them some 6 months or two years ago.  However, many countries haven't implemented the laws yet, and some like Germany are still fighting it.

On the other hand, Europe has the best data protection acts to protection your privacy.  It's harder to bribe or make threats in order to get data.  Everything has to be done properly, such as proper court orders, or the company will be liable.

Some countries are harder to get court orders such as Sweden.  When the Pirate Bay got busted the last time round, anonymous persons carried on as a non-profit incorporated in Seychelles.

The Sword

Kryptotel is a VPN provider (amongst others) incorporated in Seychelles.  The VPN service specifically allows bittorrent, while some don't.  VPN by definition always allow anything unless you block it, or don't open the ports for it.  It's also the cheapest, less than $5 a month if you pay in bulk.

I have no affiliation with Kryptotel. (There are few others and then some.) I'm just interested to go into real pirate infested waters to try out their service.

They sell service for just one month, monthly recurring, a couple of months and more.  I brought one month for my investigation.  The order form seems primitive and I am expecting to wait till tomorrow or next week to hear from them.  But they must have monkeys sitting on the other end 24/7, or the system is actually fully automated in disguise.

Soon after I paid via paypal, I got in my email  a configuration file for openvpn for linux. Of course they support Windows and Macs.  Basically it contains the encryption key and also for your credentials to use the service.  So you can connect any time in any machine as long as you have the file.  Actually it's one configuration file for each country they have servers in, and one for random servers in the world if you want that.  Type in the openvpn command with the configuration file and I'm in.  Actually there are minor problems but since I'm a rarer case so I don't blame them.  It's trivial problems.

For all the servers I tried, connection is instant.  The connection speed maxed the broadband connection under trial.  I don't lose anything in speed by going through the VPN.  Typically torrents aren't that fast as typical broadband connections at home.  So it's good enough.  But I miss my Amazon EC2 seedbox.  It ran as fast as several MB/s, making it almost movie on demand for popular torrents.

So I tried some public torrents with public domain contents (of course).  The speed is good so I don't think they limit the speed or the servers are over used.

I paid using my personal paypal account because everybody who visits coffee houses using wifi should have one VPN account.  It cost less than a coffee per month.  It cost you more if you have your own Amazon VPN, or you have to turn your EC2 on whenever you need it.  There is no hassle for Kryptotel.

If you are under aged you can get the cheapest VISA gift card for $25 plus $4 fee.  Some are not as good as the others.  The most VISA looking card allows you to enter any name and billing address online, while some don't.  I believe you can setup a paypal account with that, or just pay online as a credit/debit card.

They even advice you to email them with a disposal account.

The Verdict

Will the pirates win?  Avatar 3D Blu-ray cost $100, while the cheapest active 3D TV is just over $600.  Go figure.  It's like paying $150 for a Wii while each new game cost $30 or more.

They scare people away from bittorrents and move into direct download.  It's inefficient and expensive.  And you can easily close it down.

You cannot really close down public torrent trackers, and you will find them easily replaceable.  You just can't track down all the private trackers and close them in all countries.  There are new version of the protocols that are purely distributed p2p without the need for central trackers and hence nothing to close down.

Does a VPN service like Kryptotel provide sufficient anonymity?  There's no money in it to cooperate with law enforcement.  I think they just hire virtual servers from some providers when there are demands, or find some mom and pop at home servers as affiliates.  To have accessible logs they have to ask all these operators to log huge amount of data, and send it to a central database to store.  They won't do it if they don't have to.

From a torrent, you can only prove that a certain IP downloaded certain content at some point in time.  If that IP is from your ISP, it links to you directly.  Even without data retention laws, typically ISP log IP's for 6 month or more.   With a VPN, that particular IP is shared, probably simultaneously, likely different people at work shares the same external IP.  Even if you can trace everything, you have to log a lot more than connection time as at your ISP.

I'm no expert but think of it this way.  They have to monitor the server you are using, and monitor you at your ISP, just to catch you in the act.  That's just too stupid to catch one bittorrent user.

If you are one strike from your ISP, and you get a VPN service, there's no difference from downloading a torrent or surfing in a coffee shop.  Though the coffee time is much longer. And if you encrypt your movies at home, they can't hold you anything even if they knock down your doors.

If you have a rich enemy that's another matter.  But you just can't find these anonymous guys to bribe. 

3D is a reason you stay at home.  More controllable viewing angle, better 3D glasses.  There are more decent 3D titles now than a year or two ago.  3D TVs are approaching the $500 mark, and they are the better ones than the older generation.  A few times brighter and arguable finer characters can be read off the screen.

I doubt if the ISP's are doing anything but lip service.  For few dollars a month worth of protection, they cannot do anything but actively target you one at a time without probable cause.  In that case you can switch to DSL, get a VPN as the final leg, rent a seed box, and you will be very welcomed to join a private tracker club.  That cost about a Blu-ray 3D per year or every quarter.

If all else fails, there's always the Pirate Parties all over the world.  In a few year's time, a lot of people will turn 18 and vote.  If I were your, don't mess up their internet connection starting this summer.

1 comment:

Walter said...

You have posted a very good and great blog i am too much impressed with your blog. You have cleared my all doubt's and questions about the Unblock Website.