An interesting site popped up near the end of last year called YouHaveDownloaded.com. You might not have visited it, or even heard of it, but if you’ve been using torrents, it might have heard of you.
The site is quite simple, it tracks torrents and the people (IP addresses) downloading them, much like copyright holders do (or hire companies to do for them). They claim to be tracking roughly 4%-6% of all torrent downloads and 20% of torrents from public trackers, like The Pirate Bay.
The difference to the copyright holders is that this site makes the information is collects public. You can see what it thinks the IP address you’re using has been used to torrent, or any other IP address you can think of. It might not be right, or it might be spot on.
This site just highlights what is going on all the time. Torrenting is a very public activity unless you’re making an effort to protect your privacy (like using a proxy or VPN from a reputable provider). Privacy is not the default on the interwebs.
IP addresses are more like PO Boxes than physical addresses — most people have dynamic IP addresses that regularly change, and add in the fact that some people have insecure Wi-Fi, the results on the site aren’t that accurate.
The site brings up an interesting statistic, especially if it’s true: “About 10% of all online shoppers, in the US, are torrent users as well.” In the future will advertisers link an IPs torrenting history to an advertising profile. Is this already happening?
The removal form
The site provides a form that supposedly enables people to request removal from the site. Don’t use it.
Previously it asked people to sign in using their Facebook accounts, and the CAPTCHA to get to the non-Facebook removal form didn’t work (ie. they wanted to link your data with a real name, cue warning bells). Now it seems like Facebook has revoked their access to use Facebook logins (they say Facebook logins are “Temporarily disabled due problems with Facebook”), so it brings up the removal form, which asks for a name and an email address.
I’m not saying this is what the people behind the site are doing, but this would be all the information they would need, in addition to the information they have on torrents associated with your IP address, to send an extortionate email your way. Or sell your data (probably not to copyright holders, because they hire people to do this for them already).
Here’s what their removal terms are (and yeah, the rest of the site is worded like this too):
“Removal Terms The Details: By submitting a request to have your download activity removed from our database, you are acknowledging that the activity was, in fact, carried out by yourself. This means that you are only submitting a request to have the details of your own personal activity deleted. Any unrecognized activity, such as files you did not download or do not remember downloading, are not — I repeat, are not to be included in your removal request. Why is this imperative? Well, we actually don’t have to explain ourselves…sorry.
The important part is that you understand these terms and conditions before hitting that beautiful button that will erase your criminal back ground, at least for now. Wait, you did remember to read these terms before making the decision to submit a removal request, right? Of course you did, everyone reads the fine print.
Other Important Things to Consider: We make no guarantees that your information will not appear on any other databases. We may have erased your bad behavior but, keep in mind that your data on this site is aggregated public domain. So, if by chance, another sadistic group of people decides to open a similar web site, we have no control over what they do with your information. Furthermore, if you continue to involve yourself in activity like this, your future download history will, without a doubt, appear in our database again and we may not be as nice about it next time.
If any part of these terms is still unclear, please visit your local elementary school and ask to repeat grades 3 through 5.”
Giving the people or company behind the site any more information about yourself is not a good idea, even if they claim that the site is a joke and you shouldn’t take it seriously.
And anyway, if your IP address is listed on the site, it must be because of the person that used it previously. Right?
Perhaps they should have also asked how many people would just change how they download files illegally?
The WAND Network Research Group at The University of Waikato has been measuring how traffic flows through a New Zealand ISP. They can split traffic into types with a pretty high degree of accuracy without having to “look inside” too much. Donald Clark compares it to looking at the postmark of a package and giving it a squeeze and being able to tell, in general terms, what’s inside, without having to open it.
The resulting data is a valuable insight into how residential DSL customers at this particular ISP reacted to the new law.
More graphical goodness can be found in the slides from a NZNOG presentation here.
There was about a 75% decrease in BitTorrent traffic straight after the law was introduced, largely sustained into 2012, with huge increases in remote and tunneling traffic. The law isn’t stopping file sharing, just moving it underground, using VPNs, seedboxes and sites like now closed Megaupload.
There was also a big decrease in newgroup traffic, even though it doesn’t appear to be targeted by the new law.
“P2P, P2P structure, Unknown, Newsgroups and Encrypted [not all shown in the graph above] have all decreased massively from their January 2011 levels. Interestingly, each of these categories can be tied to the illegal downloading activities targeted by the CAA [Copyright Amendment Act]. P2P and P2P structure are obviously related, Newsgroups are a common source of torrent files and the Unknown and Encrypted categories were strongly suspected of containing a significant quantity of encrypted P2P traffic.
Even more interestingly, Remote, Tunneling and Files experienced similarly large growths in the amount of traffic downloaded by DSL users. This is probably indicative of people changing their approach to downloading copyrighted material. Instead of participating in file sharing on their home machines, it has become more common for people to use machines based in other countries and ship the file back home via another protocol. This might be via SSH, VPN or FTP, for example, which are all covered by the growing categories.
Similar trends are observed when looking at traffic transmitted by the DSL users. Categories associated with P2P file sharing have seen much less traffic compared with January 2011, whereas Tunneling, Remote and Files have soared.
It should be noted that although Tunneling has grown significantly, the overall amount of Tunneling traffic is still much less than the total amount of P2P traffic. But the sudden changes in application protocol usage are still very noteworthy and suggest that the CAA has had a major impact on people’s Internet usage.”
We’re six months into the Copyright (Infringing File Sharing) Amendment Act, the law that pleased no one (the copyright lobby thought copyright holders should only pay the price of sending a letter, everyone that uses the internet thought the law was stupid), but was passed anyway.
Tech Liberty asks if some infringement notices being sent to customers are invalid because they don’t contain the required information under the law.
An Orcon customer posted on the 3StrikesNZ forum about two notices (s)he received and posted the screenshots of the emails (click for larger versions). Note that both notices are for the same song. Anonnz says that the offending file, torrent, and software was removed after the first notice and so a second warning notice should never have been sent.
4(2)c(iii) states notices must describe the type of work in terms of section 14(1) of the Copyright Act.
4(2)c(iv) states notices must describe the restricted act or acts in terms of section 16(1) of the Copyright Act by which copyright in the work is alleged to have been infringed.
4(2)c(v) states notices must give the New Zealand date and time when the alleged infringement occurred or commenced, which must specify the hour, minute, and second. The first notice doesn’t specify the time to the second.
4(2)c(vi) states notices must identify the file sharing application or network used in the alleged infringement.
5(2)b states notice numbers must identify whether the notice is a detection notice, a warning notice, or an enforcement notice; and (c) that they must identify the IPAP that sent the notice.
Additionally, the second to last paragraph of the notice misinforms customers about internet account suspension, stating: “the Copyright Tribunal has the authority to … apply to the District Court to suspend your account for any period up to six months”. Account suspension is not currently an available punishment.
The requirements for notices and punishments are spelled out quite clearly, so I wonder what else copyright holders and IPAPs are doing incorrectly.
Delivery of infringement notices
There’s some really interesting discussions over on the 3StrikesNZ forum.
The nature of delivery of infringement notices has been brought up. FlyingPete suggests that email is unreliable for the delivery of such important notices (as in missing them could cost the account holder $15k), because of spam filters and because some people don’t check email accounts very often.
StuFlemingWIC, from an IPAP, points out that even snail mail is unreliable, especially when sent to student flats. He suggests that registered mail would have been a good requirement for sending notices.