The article gives rather short shrift at the end to what seems like a pretty strong argument against this theory, which is that it isn't clear what it would get the FBI. Is there any info they can get from running the site that they can't from just logging torrent traffic?
Plus, while the FBI is allowed to facilitate minor illegal actions during under-cover operations (like having one of their agents work as a mod at Silk Road), this would involve them essentially paying for and running the infrastructure for hundreds of thousands of acts of piracy. I'm pretty sceptical the people in charge would sign off on that, especially if most of the information could be gathered using other methods.
> Is there any info they can get from running the site that they can't from just logging torrent traffic?
Yes!
They can glean the IP addresses of the people who upload torrent files to TPB by running a honeypot. There's a much stronger case going after the providers of stolen material than the consumers.
Does that mean they're doing that? I don't know.
EDIT - REPLY LIMIT HIT - REPLYING HERE SINCE I CAN'T RESPOND BELOW
> If that's what they wanted to do, couldn't they just set it up so they continuously downloaded all new torrents and looked at the ip of the initial seeder?
How do you know you got the new seeder and not the first consumer? That's less reliable than "hey look an HTTP/1.0 POST with the exact torrent file came from this IP address at this time".
If that's what they wanted to do, couldn't they just set it up so they continuously downloaded all new torrents and looked at the ip of the initial seeder?
Sure, but you can also exchange bittorrent packets before the .torrent file is uploaded to TPB. How do you know the seeder is the original distributor? :)
Yes, but BitTorrent users seed without realizing it. Whereas uploading a file to The Pirate Bay is an intentional act of copyright violation. Easier sell to a jury.
It's not unheard of for the fbi to operate (and pay for) the infrastructure to facilitate and even promote piracy. See "operation bandwidth" where they essentially did just that for 2+ years. Granted that effort was targeted somewhat higher up the food chain then your average home user trying to download a copy of the latest overhyped blockbuster.
There isn't really any valuable information FBI could get from the site, especially since TPB doesn't operate their own tracker anymore. Only possibility would be getting IPs the uploaders use to log into
the site, but that's pretty far fetched.
FBI honeypot? Why bother, just cross reference your advertising shadow profiles with a few trackers of what you're interested in. Combine that with the scrape Canada is doing with all the download services, and the pre host intercepts to AWS, Google, Microsoft, etc... that the NSA is doing and you capture all the file transfers for all but the savviest of people. Operating TPB would expose them to potential liability at home. I highly doubt the MPAA/RIAA/etc... are not going to sue if they found out the FBI is directly responsible for disseminating 300K copies of frozen and Taylor Swift's album for free to capture the fairly useless proxied VPN of the uploaders. America and Canada have proven that they don't need to operate the hosts, they can capture all the data just fine without exposing themselves to the risk.
Regardless, assume the FBI/NSA/CSIS/MI-X/etc... are capturing everything you do including the comments on here, reddit, twitter, Facebook, 4-chan, torrent, tor, and really everywhere else. The can unravel that onion, so unless it's carefully encrypted, and it on the internet, assume the governments either have it or have access to it.
None of these tools are "capturing everything I do on the Internet". They could be used to target an individual in some sense. But not capturing everything that everyone is doing.
The problem with discussions about the NSA on HN is that sense, reasoning and rationality seem to go out the window.
>None of these tools are "capturing everything I do on the Internet". They could be used to target an individual in some sense. But not capturing everything that everyone is doing.
That claim contradicts what Glenn Greenwald says. Why is he wrong?
The capture everything done online and store it. They can wait until you become a person of interest then plug your email address and name into the system to get your Amazon, eBay purchases, Google searches, FB comments and likes, GPS data from your phone to see where you went, who you were with by cross referencing FB friends and their phones GPS data.
They are not looking at you specifically but they are keeping your data in case one day they do want to look at you.
Storing text data isn't nearly that costly. Audio as well. I think they have the capacity to easily store the audio contents of every phone call made in America. Video is another question.
Much of what they capture can be stored temporarily for filtering, saving what looks interesting and discarding what isn't.
Sure, we can concede that they aren't storing absolutely everything. The point is: they're storing a lot, and they're trying to store as much as they possibly can.
But add to it that they will look at every upclick, upvote, downvote, and comment of yours on Hacker News, Reddit, Ars Technica and other popular social media sites.
Theyll know you better than your own mother.
FBI TPB is possibly here to gather more filth to throw around normal people.
The main concern people seem to have is the site's use of CloudFlare, a content delivery tool company that can protect sites from DDoS attacks and help manage a large influx of traffic.
To do this, it grabs IP addresses (a number assigned to each internet-connected device by its internet service provider that can often be used to identify a person), which conspiracy-minded folks say would be a nice thing for the FBI to have. Theoretically, if CloudFlare is saving these IP addresses, the FBI could subpoena CloudFlare for that data. And if the government is actually running the site, then it would have those IP addresses by default.
This is a very confusing argument. If the FBI controls The Pirate Bay then it wouldn't need CloudFlare to be able to get the IP addresses of people connecting to The Pirate Bay because... they'd be The Pirate Bay and so would see people connecting.
> Wouldn't a non-FBI owner of Pirate Bay also want to obscure the IP of the server just as much?
Yep.
> I don't really follow this argument.
It's not a piece of evidence in favor of the FBI being involved. It's an explanation for why they would use CloudFlare and/or what they would use CF for.
As I said elsewhere, I don't really buy the arguments. But I don't use TPB either. The only torrent I download are Linux/BSD ISOs. So I'm not going to risk my freedom on not buying arguments. :)
What is also a disconcertingly plausible conspiracy theory? The recording industry spreading the rumor on Twitter that filesharing sites are being monitored by the FBI.
Not that I believe that, but it's simple to point out that all evidence for this theory is a bunch of Twitter messages with second hand information.
> If the FBI were running PirateBay, why would they need CloudFlare to grab IP addresses?
More like: They're harvesting IP addresses, and they're using cloudflare to disguise the IP address of the server? That's what I would do if I were an FBI cybercrime team member assigned to this case.
Which would be less honeypot set up by the FBI and more FBI agents loafing around the park covertly checking which of the thousands of people singing copyright infringing songs also swap pictures of naked children.
Ironically, those of us who live in countries where access to TPB is censored, like the UK, have to use tor to access TPB - and therefore this method of tracking would be utterly ineffectual.
If it is a honeypot, it's pretty crappily made one, with honey dribbling out through a crack and "hunny" written on it.
Actually it's currently not blocked on the ISPs I've tested, and I know why. The existing order doesn't cover CloudFlare, and much of the blocking was IP-based false route injection, not DNS-based or HTTP-Host:/TLS SNI-based.
If there is no existing censorship infrastructure installed at the respondent ISPs which can fulfil the terms of the existing court order, the applicant may need to go back to court - and it may need a re-hearing, as the order was allowed only on the basis that existing infrastructure could do it. I don't think the Digital Economy Act site blocking provisions made it in, so there's no primary legislation, no case law that I know of (bearing in mind I'm just an interested layperson!), this specific thing was discussed and specifically dropped in Parliament, and the balance of harm has changed.
I don't know if it's a honeypot - the staff are reportedly locked out, and CloudFlare (US) might be as neutral as they can be when it comes to what they reverse-proxy, but The Pirate Bay (real or not) is possibly the most internationally-notorious website in the world; a ruthless test of CloudFlare's legal and technical resilience if it's not FBI. (I certainly wouldn't expect them to hold the line in these circumstances!)
But I can't see what the site itself would really get the FBI/etc. that they can't get by easier means: these are all public torrents and they run no tracker.
Yeah, this could get good. Will countries block Cloudflare entirely, potentially forcing cloudflare to refuse to have piratebay as a customer? Will they require cloudflare to provide special IP's used just for piratebay? Will they give up?
It would not have occured to me that something as simple and widespread as using cloudflare -- so widespread by 'legit' businesses that nobody can think it's just a tool for criminals -- would put such a wrench in current censorship attempts.
There's some precedent in that: for example, certain actions against the Chinese "Golden Shield" involving blocked content and well-known CDNs. They were willing to, um, "harmonise" it, almost no matter what the cost.
I'm calling the bluff of Western governments taking the same line. They ask about it, sure, and they'd do it to little sites that wouldn't fight back or that they rule illegal, but to do it to powerful, well-known, extremely popular sites is a huge, overt, draconian step: one they and the populace supporting them will hopefully find too distasteful to bear. One that reminds them about the cost, drawbacks and hopelessness of what they are doing, and forces them to ask the hard questions about whatever they think the benefit is, and whether it's really worth it.
It's an interesting anti-censorship tactic I've studied for a while. It is however essentially playing chicken with nation-states to see what collateral damage they're willing to accept to take control of what their citizens have access to before they give up, however. It thus may fail, but the stakes can always, potentially, be raised again. The ultimate failure mode for it is a nation-state deciding to disconnect from the internet completely - but that's what so-called "guerrilla networking" is for, because fuck that noise.
The tactic is also potentially applicable to even the most advanced DPI-based protocol blocking, if you have a indistinguishable link protocol and a set of techniques to masquerade such a protocol as more recognisable protocols. I don't have anything to release regarding that yet. <g>
I feel like if, say, the UK, actually blocked Cloudflare -- Cloudflare wouldn't just take it, it would be too hard for their business.
They'd try to work something out so the UK really just could block piratebay, or they'd fire piratebay as a customer.
Either one of which would be really bad PR for cloudflare among the digirati. They wouldn't want to do it. Perhaps they'd manage to work something else out with the (eg) UK government. But I don't think they'd just accept all their customers being blocked, they'd lose too much business.
No matter what happens, it'd keep the topic in the news, and demonstrate what a mess it is, so be a success on that front.
So, in another ludicrous conspiracy, one could assume that the UK government knows about the honeypots the FBI sets up, then adds them to the banned website list in order to protect its citizens?
Like who? The uploaders behind seven proxies? It's a better idea to trace the initial seeds, although even those are likely to be anonymous/hacked seedboxes.
I think they would monitor who is actually sharing the copyrighted files with bittorrent, not who log into tracker sites.
There is nothing illegal with visiting the pirate bay, right?
Correct. Even clicking a magnet link or getting a torrent file doesn't say you'll connect to the swarm and download it. You're only pirating once you do that, and you start getting pieces of the files in the torrent.
I read somewhere a few months ago many websites through TOR had suddenly started popping up CAPTCHAs on CloudFlare, which apparently requires enabling JS. Why would CloudFlare start doing that to known TOR users?
Yep. The protocol is one thing, but what's also needed is distributed curation. This is a trickier problem that no one has solved yet [for a universal system where no-one has to go to jail].
There's a user story in this: "I use this thing to get stuff that I want". If the system backing that action isn't distributed then it's vulnerable.
For the average user, a legit torrent site is indistinguishable from a spam site. TPB have actually done an enormous service to the Internet for years by reducing the amount of malware installed by "download assistants" and so on. Despite the issues with many of the torrents themselves.
I don't see anything by that links about how they plan to fight off spam, scam and unwanted content (drugs/terrorists/illegal porn/etc).
The problem is that the first moment such network gets traction, someone will set up a robot which will make submissions of random data named "Game of Thrones S0xE0y" every second, effectively rendering search useless. The real challenge is to solve problem of decentralised moderation, not to create a decentralised network.
You must be talking about indexing torrents then, which has nothing to do with bittorrent per se. It's "just" a website where people drop content and comments evaluating the quality of said content. Indexes are used for searching for and retrieving content.
Bittorrent is decentralized, but Bittorrent (the protocol) says nothing about how you retrieve a torrent. It starts the moment you have retrieved a torrent (or, possibly, a magnet link), and not before.
I don't necessarily subscribe to the theory but one possible angle is that they want members to log into the site. I suspect that it's easier to prove a user account (with a privately held secret password and activity history) belongs to an individual than just an IP address.
Plus, while the FBI is allowed to facilitate minor illegal actions during under-cover operations (like having one of their agents work as a mod at Silk Road), this would involve them essentially paying for and running the infrastructure for hundreds of thousands of acts of piracy. I'm pretty sceptical the people in charge would sign off on that, especially if most of the information could be gathered using other methods.