Interesting research, but I doubt it would hold up in a court. You just can't prove ownership of a Skype profile by an individual unless you subpoena Skype, and if you're going to subpoena someone, you should just subpoena the ISP of the IP directly.
Still, this kind of service could be used by background check agencies, private detectives, etc where the burden of proof is whatever the client decides to accept (though I can think of much easier ways of getting someone's IP address than this).
It holds up "in court" (figuratively) when: It's cheaper to pay a couple of grand than to pay a lawyer; A three -- or six -- strikes commercially-initiated and/or arbitrated policy kicks you off the Net; Private, commercial database records haunt you indefinitely.
I think that, for a majority of people, this will end up being about "clout" rather than the rule of law. And they will feel/find themselves on the short end of that stick. And the more they fear, the more that entrenched interests win by default.
I would guess that we're in agreement. I just become a bit... I don't know what word to use, when I read "in court" these days. Because industry is doing everything it can to ensure that "in court" (literally) is precisely not where the battle is fought.
This attack vector links Skype accounts to IP addresses, and then tries to find those IP addresses in BitTorrent swarms. But IP addresses are not people: an IP assigned to an account I owned is not necessarily being used by me, and the person who has a Skype account using a given IP is not necessarily the same person who is using BitTorrent to join a swarm from that IP.
The major issue here is that anyone can find out the IP address of any Skype user just by knowing their username, which can be found in the Skype global directory. Even worse, the user isn't able to block this (or even be notified about this) and the attack can be done by someone not in your contact list.
While I agree with you, I'll add that the ability to use Skype to 'track' someone across IPs (and then through the BitTorrent swarms) allows more evidence than a simple 'it came from this IP.'
I am always against bittorrent being associated with everything illegal. If anyone ever gets to the legal phase, wont ISP's disclose the IP number details rather than relying on skype ?
The actual arxiv pdf was submitted about a month ago. http://arxiv.org/abs/1109.4039 The main thing here is that the attack is one of several ways to distinguish that a machine running Skype is the same machine running the bittorrent client; they're not separate machines hidden behind the same IP.
Still, this kind of service could be used by background check agencies, private detectives, etc where the burden of proof is whatever the client decides to accept (though I can think of much easier ways of getting someone's IP address than this).