SwarmScreen Increases Privacy for Vuze

Plugin for the BitTorrent client hides real download traffic by connecting to randomly selected torrent trackers, protecting users from newly discovered technique to map out BitTorrent swarms with 86% accuracy.

Vuze, formerly Azureus, has always distinguished itself by enabling users to install a wide variety of plugins to customize the BitTorrent client and the downloading experience. From SafePeer (highly recommended by the way) to 3D View the list of available Vuze plugins goes on and on.

Now Vuze has another plugin to join their ranks – SwarmScreen.

SwarmScreen makes it harder for others to figure out your downloading habits in BitTorrent by hiding your real BitTorrent traffic in a sea of connections to randomly selected torrents.

Why is this necessary?

Apparently researchers at the McCormick School of Engineering and Applied Science at Northwestern University have identified a new “guilt-by-association attack” whereby BitTorrent communities can be identified simply by monitoring the downloading behavior of one user in that community

Simply put, the exploit allows copyright holders who determine what content a single BitTorrent user is sharing to then convincingly argue that all users in the communities are doing the same without monitoring them directly.

“This was particularly surprising because BitTorrent is designed to establish connections at random, so there is no a priori reason for such strong communities to exist,” says Fabián Bustamante, one of the study’s authors.

From the SwarmScreen project page:

We show that strong communities naturally form in BitTorrent, with users inside a typical community being 5 to 25 times more likely to connect to each other than with users outside. Historically, this ability to classify users has been abused by third parties in ways that violate individual privacy. We show how these strong communities enable a guilt-by- association attack, where an entire community of users can be classified by monitoring one of its members. Our study demonstrates that, through a single observation point, an attacker trying to identify such communities can reveal 50% of the network using only knowledge about a peer’s neighbors and their neighbors (i.e., up to two hops away). Further, an attacker monitoring only 1% of the network can correctly assign users to their communities of interest more than 86% of the time. (.pdf)

Enter SwarmScreen. SwarmScreen is designed to obfuscate your downloading habits by using multiple swarms to hide your traffic.

And so that your traffic doesn’t look suspicious, SwarmScreen carefully adjusts random connections so that they appear the same as your real ones.

The downside is, as would seem obvious, that it does indeed slow your download speeds. However, it does allow users to control the level of privacy/performance tradeoff via an “intuitive tuning knob.”

“We call our tuning knob SPF (SwarmScreen Protection Factor) — analogous to sunscreen, the higher the setting, the more privacy you get,” says the plugins FAQ page. “Lower SPF values reduce privacy but give you better download performance, so you can pick the trade-off between privacy and performance.”

In short, SwarmScreen gives Vuze users another layer of downloading security in an increasingly monitored P2P world.