Private Torrent sites are collecting their own trove of secret data on users
It's easy to feel a sense of security when you're downloading a pirated file on a private tracker. Sure, various copyright enforcement agencies might be on the prowl, but your data is probably safe with the private torrenting services, right? Even public sites like The Pirate Bay are usually vociferous advocates of privacy rights.
Probably not, according to a new report from TorrentFreak. Private tracking sites are collecting data on problem users--essentially a "watch list" or, as TorrentFreak describes it, a "mini-PRISM," referring to the National Security Agency's program for accessing data on Internet users around the world.
Torrent sites occasionally ban users who've misbehaved or broken the rules in some way. When this happens, the sites collect that user's data; everything from their email addresses, usernames, and IP addresses, according to an inside source that spoke to TorrentFreak anonymously. What's worse, more than 30 of these sites share that information with another, so that one IP address can be cross checked across multiple, independent services online--suggesting that in-depth profiles can be built on theese banned users.
“Everything from being a dick, being/acting suspicious, cheating/trading, letting someone else use their account, to staff running off with donation money could get a user on this database,” said the source, who ran two private torrent sites and founded another.
Once a user is on the list, they may find it more difficult to get access to other member trackers or get kicked off those they are already using.
Private trackers, on which users share everything from copyrighted games and pornography to movies and elearning courses, are seen as more secure than public trackers such as The Pirate Bay.
Copyright holders can monitor the list of IP addresses (the unique number identifying Internet-connected devices) of those sharing files via public trackers and use them to take legal action against sharers. There are ways to deflect that attention, such as using a virtual private network (VPN) to modify your IP address, but many simply use private trackers, some of which ban VPNs to ensure members are maintaining a positive ratio of uploaded-to-downloaded content. Since members of these sites are typically the only ones with access to the files, they're inherently more secure than public trackers.
Yet many of the private trackers collect reams of user data without encrypting it, TorrentFreak reported last month. That, tied with its source's revelations, raises privacy concerns.
Trackers use the database and site logs to keep out those who don't play by the rules and enemies such as copyright holders and those who sell site invites. Anti-piracy companies who buy site invites can then gain access to private trackers, and could then obtain information about users to begin litigation against them.
Since many private trackers seemingly use a shared database, if just one were "raided or hacked, data about users who never even used the site would be in the hands of the invader,” according to TorrentFreak's source.
Following widely documented leaks about the National Security Agency's (NSA) surveillance online operations, the source claimed "the way the information is handled and the secrecy behind this are things that need to be exposed and reworked” despite how helpful the database was in protecting his sites.
Photo via redjar/Flickr