I spotted a couple of interesting stories around the legal and technical aspects of privacy for file sharers.
TechLaw has a worthy clarification of the ruling on appeal for the Arista v. Doe 3 case. A lower court had equated publicly sharing a folder of files to a peer to peer network as an abdication of any 1st Amendment rights to anonymity. The 2nd Circuity clarified that there is a difference between publicly sharing files and one’s online identity. The difference is slim, though, as such privacy doesn’t insulate one from claims of copyright infringement, which still lie at the core of the case.
On the technical side of privacy and file sharing, Ernesto at TorrentFreak points to some research demonstrating how Bit Torrent is leaving its users wide open to discovery. Because the protocol needs to distribute quite a bit of data about members of a swarm, it not surprisingly makes it easy to observe and collect data about downloads and users. The recovered data included the content providers, or original seeders, not just the files and downloading users. Worse, the researchers were able to recover about 70% of the data when BitTorrent is run in conjunction with Tor.
The folks at the Tor project concede this is a valid finding and go on to explain why. They have actually been very clear from early on that Tor is not proof against close scrutiny. It can help preserve your anonymity but never made claims to bullet proof security. There is also the matter of trying to shoe horn the immense data usually flowing through a swarm onto the limited set of Tor relays.
Thankfully, the Tor maintainers welcome this kind of research, suggesting it is a good opportunity to keep re-evaluating privacy risks and developing better solutions, whether they are based on Tor or something else.