has proven to be an ideal tool for pirates. The protocol's decentralized
nature makes it impossible to interfere with transfers between users.
Torrent sites and indexes are the only weak link in the chain, but there
are novel solutions to that 'problem' as well, it appears.
BitTorrent is often praised for its
decentralized nature. The file-transfers take place between users and
there’s no central service required.
That’s also one of the
main reasons why pirates embraced it.
There is a weak spot
though. In order to download something, you need a torrent or magnet
link. These are available through torrent sites which, as history has
shown, can disappear overnight.
While it’s unlikely
that all torrent sites will be eradicated at once, we recently spotted a
rather novel approach to this ‘problem.’ A few weeks ago OpenPGP keys
with magnet links were added to SKS keyservers.
These keyservers are
computers which store and index OpenPGP keys over the Internet. This
helps users who rely on encrypted email, for example. The servers
generally share the keys amongst each other in a pool and uploaded keys
generally can’t be removed.
The permanent storage
of keys generally isn’t an issue. However, when the system is used as a
stealth resource to store magnet links to pirated content, this
resilience is put in a different light.
This is exactly what
A few weeks ago a
series of rather odd, but valid, PGP keys were uploaded to SKS
keyservers. These keys were not meant to encrypt email though, but as a
safe storage for torrent magnet links.
As a result, popular
keyservers, including the ones hosted by research university MITand Surfnet,
have transformed into pirate sites.
The magnet links, most
of which point to pirated content, were added in the UID field. In
examples we’ve seen, sometimes there were a hundred magnet links added
to a single key entry. And with the search functionality of the
keyservers, these are easy to find.
While there are over a
thousand magnet links on these keyservers now, there are a lot of
duplicate entries. That makes it more of a gimmick than a usable tool
for pirates, but still.
While keyservers are
not really an alternative to pirate sites yet, these magnet links have
not gone unnoticed. We received the first tip weeks ago and others spotted it
too. The irremovable nature of these links is particularly intriguing.
MIT, for example,
clearly states in its FAQ that
it is impossible to remove keys once they’re up.
about the issue with Kristian Fiskerstrand, who operates the sks-keyservers website.
He notes that removing keys is not possible due to the nature of these
“The keyserver network
is intended as an add-by-anyone key store, and structurally these are
valid OpenPGP keyblocks,” Fiskerstrand says.
Only the owner of a
private key can remove an entry. Keyservers are designed to
keep their data online and share it with other servers. Similar to the
blockchain, nothing is removed.
that if copyright holders want these keys removed, they’re out of luck.
“[E}ven if the
copyright holders were having issues with it they should focus on
removing the underlying data not any pointer that is far off the
original data,” Fiskerstrand notes.
That, however, brings
us back to the beginning of this article.
transfers are decentralized there is no single source to go after.
Copyright holders will have to go after each and every pirating torrent