On staying hidden

QUESTION: How do you stay out of the spotlight when you're using a p2p app?
ANSWER: Easy. Don't use a p2p app.

More on ISPs for the uninitiated.

On staying hidden

By negatyve

Lans, Wans and Loopholes

Basically, and IP Address is assigned by a service provider to a computer or network. Not necessarily a single computer, because entire networks of computers can access the internet through one IP address.

There are private network ip address allocations. Now to the average user, there's a Wide Area Network (WAN), and a Local Area Network (LAN). WAN is basically the internet, and a LAN would be multiple home or office computers linked together.

The LAN is usually restricted to users within a home or office. If you have more than one computer accessing the internet at home, if you're accessing the internet at work, or if you're accessing it from school, there are two types of configurations that are popular:

2) The computers plug into a firewall (software and/or hardware to hide it from the outside world), router or gateway. A router links at least two networks, usually two LANs or WANs, or a LAN and the ISP’s network; and, gateways are where two or more networks connect. The information is then routed in and out to the internet. In this kind of set-up, the only IP Address that's recognized on the internet is the address to the network and each individual computer only has one IP Address, on the LAN.

Now, usually on an office or school network where the computers go through a firewall, who's accessing what is logged, and the logs are kept for a specific length of time (retention rate). However, home routers aren't set up to log access by default (although many home routers allow the ability).

This means if you've managed to use a p2p app at work or school (I say 'managed' because a lot of school and office networks block ports that aren't used for the specific protocols they believe the users should only be using), don't think you're in the clear, because depending on how long the log retention rate is, it can be traced back to you by contrasting the time of the infringement and the LAN IP addresses to the specific computers accessing such ports at such time.

There's a way around this: you can use an HTTP TUNNEL program which lets you to run your p2p connection to a proxy like server over port 80 (the firewall thinks you're surfing the web) and then the server passes your info along to the p2p network. From the p2p network, it can be traced to the http tunnel server, and if they log their connections, it can be traced back to your school or office network. However, chances are there are many more people accessing the web at that time and it'll be very hard to prove that the infringement came from your computer.

There's also a loophole for home users with a firewall.

There are two basic types of firewall/routers - wired and wireless.

Basically, if you have a wireless firewall, and you aren't very computer literate, your network is then open for any person with a wireless network card in your general area. By default, these wireless routers have no encryption, and if you set up encryption on your wireless network, the encryption key can be easily cracked by someone with the knowledge. What I'm getting at is: if you own a wireless router, and you're subpoenaed, if you don't have traces of the infringing files on your computers, there's absolutely no way for the RIAA to prove you're responsible for the infringement, or if a cracker using your wireless network was responsible.

If you're subpeonnaed for an offense you know you've commited, and you have a wireless router, it's probably best that you use third party software to "securely" format, or wipe, your hard drives. This software will write over everything on your hard drive and then format. That's because files aren't trulyy deleted until they've been over-written, even when you format.

This could provide a pretty solid defense that would be backed up by computer professionals.

Static, Dynamic...and everything in between
Like Seraphielx stated, there are static IP's and dynamic IP's.

Static IP's always remain the same, Dynamic are changed whenever a user logs on (typically dial up), or after a specific time (typically broadband dynamic IP's). Now, if you have a dynamic IP Address, you can most likely bet your life on the fact your ISP logs which customers use which IP addresses at which time. So if you have a dynamic IP, or you read this and want one, let it be known that you're just as recognizable with or without one. Like a static IP is bound specifically to an ISP's account, so is a dynamic IP, only it's temporary. However, the logs will remain for however long your isp's log retention rate is (which is most likely a few months at least).

Spoofing, anonymity, and other myths
A lot of people are under the impression that you may be able to hide your IP address over the internet. This is not necessarily correct.

If you're accessing the internet from your internet account, there's no way to hide your identity from your ISP.

Now, there's a popular term that's thrown around a lot: spoofing. This is when you trick another computer into believing the information it's recieving is coming from computer other than the sending computer.

There are two types of connections: UDP and TCP. TCP offers a dependable connection and calls for both computers to acknowledge each other through a sequence of commands sent and returned. This type of connection is possible (however difficult) to spoof - at first. However, you won't recieve any information from the connection - you'll only be able to send.

The UDP protocol doesn't require computers to awknowledge each other and is, therefore, easily spoofed. But once again, you can't recieve data if you're spoofing, so it can only be a one way thing.

To put it simply, there's no way to spoof a connection to a p2p network, and use the network to download music.

What would be possible, however, would be to build a p2p application using UDP protocol to spoof out-going file transfers so the reciever can't get your IP address.

I believe Blubster and Piolot use UDP.

A way you could possibly hide your identity is to use a proxy or http tunnel. This would route the connection a program makes through a third party computer before hitting its destination.

However, this sort of solution is pretty much a coin flip. If a proxy server logs who's accessing what and when (and there's a good chance that it does), it can potentially be traced back to you. You might also want to take into account that using such services will most likely result in very slow speeds.

If you believe this type of solution is for you, you're probably best off using an http tunnel because it'll mask your connection through your isp and all hops to the recieving server as nothing more than web surfing.

To put it bluntly - you are not anonymous, no matter how much much you'd like to be.

Depending on certain situations, you can almost certainly be tracable. You can always hide your identity by cracking another average home user's computer or network and using it to route your internet connections. However that's very nasty and very immoral.

No solution is fool-proof, but your best defense would probably be the Wireless network loophole, which has yet to be tested in court. So don't go placing all your cards on that.

The Softer Side of the Ware
Like I've said, there's really no way to disguise your identity online. To win the war against the tyranny of evil corporate recording labels, you will have to play defense. A popular solution that's being picked up upon is using software level protection. Specialty software firewalls and host files are showing up all over the place. A program called Peer Guardian is among the most recognized of these firewalls. These programs are specifically designed to block access to your computer from IP Addresses belonging to RIAA, MPAA, Law Enforcement, and other affiliated agencies that
might be trying to investigate you through p2p networks.

These software firewalls can be quite effective at thwarting the RIAA goon's, however, like everything else, there's a down side. Peer Guardian (and other such software solutions) is developed by a few rag tag programmers, without the ability to investigate and cultivate an accurate list of ip addresses to block. Peer Guardian has a large list of IP Addresses to block, however, it's very hard for them to keep up with all the emerging companies that are trying to cash in by gathering information for the RIAA. Simply put, there's no way for the developers of these programs to be absolutely sure they have an up to date and accurate list of those who are seeking to gather evidence against you.

Another downside is that Peer Guardian isn't professionally programmed, and suffers from memory mismanagement. In otherwords, it eats your resources. If you run your p2p applications 24 hours a day, Peer Guardian will eventually bring signifigant slowdown to your pc.

Although the software to protect yourself from the RIAA isn't very polished as of now, I believe that in the future, this will end up being the most effective way to protect yourself from prosecution.

The bottom line?

If you want full anonymity on p2p networks, don't use p2p networks.