OSINFO - Open Sources Information

In most countries around the world, the legality of running a tracker is still uncertain, in that definitive court decisions have not been made. Even in the US, the last two big trackers to be shut down – LokiTorrent and EliteTorrents – weren’t shut down by a court, but thanks to the mainstream media, public perception is that these sites are operating illegally. The lawyers of the MPAA, RIAA and IFPI maintain they’re illegal so that’s often enough to cost an admin – if his identity is compromised – lots and lots of worry, and probably money too, regardless of his status under the law. It seems that being an admin these days is more about keeping an identity secret rather than acting within the law, as more often than not, old fashioned threats take down torrent sites, not legal action.

TorrentFreak spoke to the admin of a BitTorrent tracker to find out how he stays safe, not sorry.

Introduction

“I’m fairly paranoid and I find that’s a good start point” he told us. “I’m probably overly cautious, but if that’s what it takes for me to sleep right, that’s cool. I’m nothing special and not a huge target but I don’t leave much to chance, even though I don’t have much to worry about compared to the really big boys. I don’t claim to be an expert on security, I’m self taught only, but I’m happy to share my precautions with you (and happy to hear from others on where I need to improve!). I know of admins who run their trackers from their parents residential ISP account with little extra care at all, so any protection is better than nothing!”

Below, our admin gives a breakdown of some of the measures he takes to stay safe. Although an experienced security aware user might spot some holes in this series of measures, it’s interesting to see the lengths to which people will go to protect themselves when seemingly, others take few precautions. This article is entirely consistent with the admin’s message, but at his insistence, it has been re-written by TorrentFreak:

Identity is Everything – If you never tell anyone, no-one will ever know

If the authorities/MPAA/RIAA don’t know who I am or where I live, they can’t threaten me. When I’m working on the site I use either an encrypted connection via an Internet connection available in these premises (my name isn’t on the bill, adding another layer of confusion), or a secure VPN over a local open wireless network. For me, hiding my activities from any ISP accounts even remotely linked to me is important, as I don’t want any ISP to be able corroborate anything specific about what I do. If approached by a 3rd party for information (with a request like “can you confirm that such-and-such connected here at XX:XX time”, for example), they know little or nothing about what I’m doing, throwing any gathered evidence into doubt.

I think the recent OiNK bust was quite a wake up call. I for one was laboring under the misconception that copyright issues are mainly civil and I really only thought through evading civil actions. Once the police get involved, they can find out pretty much anything about you from anyone. Thanks to what we learned about the OiNK bust, my improved security measures should save me from the police too, in the small chance they are interested in a relatively small fish like me.

Registering a Domain

The WHOIS for the site’s main domain is protected, for that added layer of annoyance, although even this isn’t foolproof. Our main domain name isn’t owned by anyone who has anything to do with the site, so it’s pointless threatening that person, even if they find out who it is. It might not stop them making threats so just in case the domain owner complies, other domain names point to our server too and every user is aware of these. None of the domains are owned by me.

• READ FULL POST HERE…