
I Know What You Download on BitTorrent - legatus
https://iknowwhatyoudownload.com/en/peer/
======
guessmyname
[https://iknowwhatyoudownload.com/en/peer/?ip=127.0.0.1](https://iknowwhatyoudownload.com/en/peer/?ip=127.0.0.1)
¯\\_(ツ)_/¯

~~~
kbody
[https://iknowwhatyoudownload.com/en/peer/?ip=192.168.0.1](https://iknowwhatyoudownload.com/en/peer/?ip=192.168.0.1)

~~~
SCHiM
>> Torrent downloads and distributions for IP 192.168.0.1: Distributes child
pornography, Static IP, Likes porn

I wonder if they share their data with law enforcement, because there appears
to be al lot of valuable data to be mined in the DHT swarms. This service
reminds me of the crux in the most recent south park season.

 __* SPOILER __*

Wherein world-order is threatened by the 'troll-trace' program that will
expose the on-line behaviour of everyone.

 __* END __ _

~~~
belorn
The collection method here do not actually verify if the information given by
the DHT network is correct, which should be rather obvious when the data
include invalid IP addresses. A node when receiving a GetPeer request can
simply make up any claims they want.

Of course law enforcement don't operate on guaranties and even weak evidence
can help if a already suspected person is involved in an investigation, but
its important that we distinguish between weak evidence vs strong evidence.
The GetPeer reply is about as good as an anonymous tip arriving by email.

------
ohstopitu
I find this extremely inaccurate - especially when ISPs rotate your IP
address.

It mentioned that I downloaded the following on Dec 11th:

1\. Office 2016 Pro

2\. Assassin's Creed Unity

3\. Watchdogs

Not only is it completely inaccurate, no one used my internet on Dec 11th
(which meant my IP was probably shuffled by my ISP to someone else).

This is one of the reasons why you should probably take all those DMCA notices
with a pinch of salt...it's almost impossible to argue that you pirated in the
first place.

~~~
asymmetric
> it's almost impossible to argue that you pirated in the first place

Wouldn't the ISP be able to prove you were assigned that IP at that time of
day?

~~~
chakalakasp
Yup. ISP gets DMCA notice, notice says date and time and IP -- ISP absolutely
capable of knowing which customer was assigned that IP at that time.

You can't really take DMCA notices with a "grain of salt". Many ISPs will just
cut you as a customer after you get enough of them, as DMCA notices require
effort on their part and the amount of effort their IT and legal staff spend
dealing with other IT and legal staff looking for you quickly exceeds how much
you are paying a month. So unless your area has an overabundance of ways to
get internet to your home (in which case you must not live in America), you
probably can't afford to have your ISP ban you from using their service.

~~~
striking
I've gotten plenty. The most that's happened is Comcast injected a warning
that refused to disappear into my http traffic until I called the list phone
number.

After you do that, they basically forget all the notices (although the
copyright holder can still sue you).

------
awirth
This is very strange, as I highly doubt they're crawling the entire DHT space,
and even if they did they would be getting only infohashes. These are hashes
of (a subset of) the torent metadata (including the chunk hashes), so it won't
actually tell you what the content is, unless you also download the torrent
metadata from peers using BEP-0009.

I'd bet they're pulling popular torrent files from big sites and then pulling
peer lists from the DHT. This will work OK for 'hot' content, but they could
probably get much better lists if they actually connected to swarms and did
peer exchange (PEX) which clients effectively have no control over - it's up
to their peers if they are going to reveal addresses through PEX.

Also note that of course none of this will work for private torrents (which
almost all clients respect) as they disable all methods of peer/metadata
acquisition other than from the trackers directly.

~~~
topranks
You're spot on. I downloaded quite a bit from private trackers and none of it
showed up. Nada.

------
problems
By putting the infohash in the URL your site is effectively equivalent to The
Pirate Bay - you're distributing links to pirated content, the only important
thing in a magnet link is the infohash, the rest can be obtained via DHT.

For example:

[https://iknowwhatyoudownload.com/en/torrent/?infohash=81ac3d...](https://iknowwhatyoudownload.com/en/torrent/?infohash=81ac3df677afb84211d59443fbb65f5f584cfa1a)
-> magnet:?xt=urn:btih:81ac3df677afb84211d59443fbb65f5f584cfa1a

Paste into torrent client and download. You might want to doublehash that to
avoid a potential legal threat.

~~~
r721
They have Russian interface
([https://iknowwhatyoudownload.com/ru/peer/](https://iknowwhatyoudownload.com/ru/peer/)),
so I guess they are based in Russia? Also, Russian "about page" is more
informative than English:
[https://iknowwhatyoudownload.com/ru/contacts/](https://iknowwhatyoudownload.com/ru/contacts/)

------
legatus
"In addition, the site offers a nifty spy tool where you can see what your
friends are downloading, without knowing their IP-address. If someone clicks
on a link you send them, their alleged download history shows up immediately,
without the IP-address being exposed."[1]

[1] [https://torrentfreak.com/i-know-what-you-downloaded-on-
bitto...](https://torrentfreak.com/i-know-what-you-downloaded-on-
bittorrent-161223/)

~~~
adn
Wow, they're just straight up distributing spyware and getting people to
install it on their friends machines huh.

~~~
runn1ng
How is this spyware in any definition?

~~~
ColanR
It's a pun.

------
tyingq
Fails for me because I connect to their website via IPV6.

 _IPv6 is unsupported temporary_

Odd though, if you don't support searching via IPV6, why have a website that
accepts IPV6 connections?

Edit: Likely because they are using Cloudflare, which bridges IPV6 to IPV4.
They should probably turn that off until they support IPV6 searches...it's
under the network settings in cloudflare's control panel.

~~~
pmontra
Me too, but it says that I'm in the USA, AT&T Wireless. Very wrong guess by
thousands miles.

~~~
ColanR
Canadian, eh?

~~~
pmontra
Somewhere on the other side of the Atlantic Ocean.

------
ShinyCyril
_How we collect data_

 _Our system collects torrent files in two ways: parsing torrent sites and
listening DHT network. We have more than 500.000 torrents which where
classified and which are using now for collecting peer sharing facts (up to
700.000.000 daily). We don 't guarantee we can show ALL peer sharing facts:_

 _Single IP address could be assigned to multiple users. It depends on user 's
ISP. For example mobile operators often used this schema._

 _\- IP address could be dynamic. In such case it changes every_

 _\- time user connects to the Internet or periodically._

 _\- User could donwload torrent which we don 't have_

~~~
BoorishBears
I think ISPs limit the usefulness of this since they rotate IPs so often. I
tried it because I knew I didn't have any torrents downloaded in the last year
at least, but last week it shows a Jurrasic World download

~~~
dogma1138
ISPs don't limit the usefulness of this as much as private trackers that do;
my IP address is completely clean but if you look at my Transmission you'll be
surprised ;)

~~~
zbuttram
And disabling DHT in your client. I've seen trackers that have that as a rule.

~~~
dogma1138
All private trackers have that (otherwise the private tracker is irrelevant),
the torrent file just flags DHT off as well as any other decentralized peer
discovery.

------
sasper
VPN for the win! After receiving one of the threat letters from a cheesy law
firm representing the RIAA and MPAA 3 years ago, all of my downloads via
torrent go through a VPN. Keep yourself safe online.

~~~
AmVess
VPN isn't a guarantee of safety. I got a DMCA warning for downloading one file
once using a top VPN service.

~~~
mixedCase
5 dollars say your torrent client wasn't using the VPN.

~~~
disposablezero
And/Or DNS resolver leak (not using dnscrypt)

------
xpinguin
Just a side-note: the attitude expressed in the Russian version of the website
is nowhere that mild and neutral as in the English one. I personally do find
it not only alarming, but disgusting to the very least (esp. the "torrent-
tracker users deanonymization" part).

[https://iknowwhatyoudownload.com/ru/contacts/](https://iknowwhatyoudownload.com/ru/contacts/)

Screenshot: [http://imgur.com/a/PTiDT](http://imgur.com/a/PTiDT) (under the
title "Сотрудничество", which means "Cooperation").

Here is my crude translation:

...

Cooperation

============

We are ready to share data on an automated basis, in a different cross-
sections and formats. Besides we do have the technical means for "catching"
users, who do participate in the torrent-file seeding. By means of connecting
to the user's device and subsequent downloading of one tiny piece from the
torrent-file, it is possible to collect a TCP-dump of the data exchanged for
that piece. There is a unique fingerprint associated with both those data
exchanged and the torrent-file itself [0]. That allows to prove the fact that
torrent distribution had been taken place from the particular IP address [1].
Everything mentioned above will be potentially actual/useful in Russia [2]. If
interested in cooperation, you could let us know: <cooperation-email-address>

P.S. We also have means/possibilities to build recommendation systems, to de-
anonymize torrent-trackers users and much, much more.

...

[0] I guess, they speak about "piece" from the "info" array:
[https://en.wikipedia.org/wiki/Torrent_file#File_structure](https://en.wikipedia.org/wiki/Torrent_file#File_structure)

[1] They have downloaded it from you, so the fact of the distribution, am I
missing something?

[2]
[http://hitech.newsru.com/article/03oct2016/piratefine](http://hitech.newsru.com/article/03oct2016/piratefine)
||
[https://translate.google.com/translate?sl=ru&tl=en&js=y&prev...](https://translate.google.com/translate?sl=ru&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fhitech.newsru.com%2Farticle%2F03oct2016%2Fpiratefine&edit-
text=&act=url)

~~~
r721
A quote from TorrentFreak article:

"The company informed us that the site helps to showcase their abilities to
the various outfits they work with, including copyright holders.

“We’ve set up the site for promotional purposes and as a demonstration of our
capabilities,” Marketing director Andrey Rogov says.

“We are engaged in the distribution of information relating to torrent
downloading activity to rightsholders, advertising platforms, law-enforcement
and international organizations.”

The company offers API access to its data for interested parties and can also
provide TCP dumps as extra proof that downloaded content is linked to a
certain IP-address."

[https://torrentfreak.com/i-know-what-you-downloaded-on-
bitto...](https://torrentfreak.com/i-know-what-you-downloaded-on-
bittorrent-161223/)

------
leonix
This is actually quite scary. They seem to be technically capable people
willing to provide a service to law enforcement. They write on the Russian
version of About Us page: [1]

We are ready to share our data, providing automated API to raw data or
aggregated reports. We also have technical means to catch users who share
torrent downloads. By connecting to user's computer and downloading a small
piece of torrent, we can get a TCP-log of communication with the user. Data in
this log have a unique "print" \- crypto hash, which matches hash from the
torrent. This allows to indisputably prove the fact of distribution of content
from a given IP address. It will be important in Russia soon. [...] P.S.: We
also can build recommendation systems, deanonymize users of torrent sites and
many other things.

[1]
[https://iknowwhatyoudownload.com/ru/contacts/](https://iknowwhatyoudownload.com/ru/contacts/)

------
ergot
Interestingly despite the advice given by the Tor website 'Don't torrent over
Tor', people still do this:

[https://check.torproject.org/exit-
addresses](https://check.torproject.org/exit-addresses)

------
czechdeveloper
I downloaded none of those things.

~~~
indexerror
I trust you.

------
superflyguy
Was this site supposed to have showed me what I downloaded?

~~~
belorn
Based on their about page (and some assumptions), their method is to web
scrape a bunch of popular torrent sites and then do a simple getpeer request
to harvest a list of peers.

------
maxt
Something similar here:
[http://youhavedownloaded.com/](http://youhavedownloaded.com/)

------
cesarb
Unless this site only shows what you're downloading at that moment, it doesn't
seem to work. It shows nothing at all for me, even though I downloaded a large
public torrent (the new CentOS release ISO) a few days ago. It wasn't even
from a private tracker or something like that.

~~~
legatus
Well it only shows torrents they track... if you downloaded a torrent that
wasn't being tracked it won't show it.

------
aluhut
> 8.8.8.8 is your IP address.

I don't think so.

~~~
chakalakasp
DNS server by day, Anime torrenter by night

~~~
twic
When you think about it, it is a bit suspicious that 8.8.8.8 knows where _all_
the websites are. Even really dodgy ones. What does 8.8.8.8 spend its time
doing to find all that out, eh?

------
Canada
The results are garbage. Zero correct results and tons of false positives.

Checked the last dozen or so IP addresses I used. I don't see a single valid
result. I torrent lots from the most popular torrents on the biggest site.
You'd think it could get that right.

------
ninkendo
Apparently not if I'm using IPv6:

> IPv6 is unsupported temporary.

------
dbg31415
"Cool, now build a comparison tool into Tinder so I can find local friends who
like the same movies and porn I like."

This is creepy.

------
givinguflac
I've definitely torrented plenty but this site has nothing for me. I don't use
a VPN, not sure why but cool.

~~~
jmnicolas
Same for me. It could be because I use private trackers.

------
mtgx
Would torrent encryption help? I mean assuming all the major torrent clients
would decide to enable it all at once.

~~~
awirth
Most torrent clients do support encryption (opportunistically), although the
bittorrent protocol's encryption is relatively weak and uses RC4. It should be
considered more obfuscation to avoid DPI and whatnot.

Bittorrent peers are fundamentally public by design, unless the torrent is
marked private, so this is just curating and presenting that information.

------
TheHippo
Not from the States, not on AT&T Wireless. None of my torrents is shown. I
think you don't know anything.

------
cclements
I've torrented both the archiso and debian iso's this month, but nothing came
up for my IP

------
ungzd
It shows hashes so you can download listed torrents too.

------
digitalpacman
Didn't work for me.

