

Skype lets hackers track your BitTorrent downloads - fvbock
http://www.theregister.co.uk/2011/10/21/skype_bittorrent_stalking/

======
kylec
Interesting research, but I doubt it would hold up in a court. You just can't
prove ownership of a Skype profile by an individual unless you subpoena Skype,
and if you're going to subpoena someone, you should just subpoena the ISP of
the IP directly.

Still, this kind of service could be used by background check agencies,
private detectives, etc where the burden of proof is whatever the client
decides to accept (though I can think of much easier ways of getting someone's
IP address than this).

~~~
pasbesoin
It holds up "in court" (figuratively) when: It's cheaper to pay a couple of
grand than to pay a lawyer; A three -- or six -- strikes commercially-
initiated and/or arbitrated policy kicks you off the Net; Private, commercial
database records haunt you indefinitely.

I think that, for a majority of people, this will end up being about "clout"
rather than the rule of law. And they will feel/find themselves on the short
end of that stick. And the more they fear, the more that entrenched interests
win by default.

I would guess that we're in agreement. I just become a bit... I don't know
what word to use, when I read "in court" these days. Because industry is doing
everything it can to ensure that "in court" (literally) is precisely _not_
where the battle is fought.

------
folz
This was posted about a couple of days ago
([https://torrentfreak.com/security-flaw-links-bittorrent-
user...](https://torrentfreak.com/security-flaw-links-bittorrent-users-to-
skype-accounts-111020/)), and the Register makes the same (incorrect)
assumption as TorrentFreak that IPs can be traced to a single person.

This attack vector links Skype accounts to IP addresses, and then tries to
find those IP addresses in BitTorrent swarms. But IP addresses are not people:
an IP assigned to an account I owned is not necessarily being used by me, and
the person who has a Skype account using a given IP is not necessarily the
same person who is using BitTorrent to join a swarm from that IP.

The _major_ issue here is that anyone can find out the IP address of any Skype
user just by knowing their username, which can be found in the Skype global
directory. Even worse, the user isn't able to block this (or even be notified
about this) and the attack can be done by someone not in your contact list.

~~~
pyre
While I agree with you, I'll add that the ability to use Skype to 'track'
someone across IPs (and then through the BitTorrent swarms) allows more
evidence than a simple 'it came from this IP.'

------
sathyaphoenix
I am always against bittorrent being associated with everything illegal. If
anyone ever gets to the legal phase, wont ISP's disclose the IP number details
rather than relying on skype ?

------
Jach
The actual arxiv pdf was submitted about a month ago.
<http://arxiv.org/abs/1109.4039> The main thing here is that the attack is one
of several ways to distinguish that a machine running Skype is the same
machine running the bittorrent client; they're not separate machines hidden
behind the same IP.

------
keeran
Shouldn't this just be: 'Researchers exploit Skype to gain IP address
information'.

------
huhtenberg
Wouldn't these be _researchers_ rather than _scientists_?

