A research team based in the US has discovered networking behavior in peer-to-peer networks like BitTorrent and perhaps Skype as well that may pose a threat to both the privacy and freedom of users who avail of these services.
Fabián Bustamante, computer science professor at Northwestern University, says BitTorrent clients can form distinct “communities” over time without the user intending it to. These computers that make up the community are those who connect to each other much more often than to others.

This was an unexpected discovery, according to Bustamante, as the BitTorrent network was designed to make random connections with any machine on the network, without any presupposed preferences.

This discovery by Bustamante and his colleagues have led them to believe that interested parties such as the RIAA maybe able to take advantage of these spontaneously-created communities to track down users whose machines perform similar communication activity. This “guilty-by-association attack” may allow these groups to track the movement of copyrighted material much more quickly at the expense of users unknowingly part of a targeted community.

Users on the P2P network had little to worry about being tracked down and having their privacy breached due to the immense number of users at any given time on the network. However, according to the Northwest University researchers, trackers may be able to catch up to 85% of their desired users with just a sample of 0.01% of the total number of users on the network.

But aside from tracking user statistics on BitTorrent, Bustamante also hypothesized that this knowledge may be used in tracking users on other P2P services such as VOIP services like Skype. Police, espionage agents and other interested parties may start tapping into the user base of Skype in order to track down and possibly listen into conversations of a particular target. The creation of these communities may also occur on Skype and thus may endanger the privacy of users.

As a response to their discovery, the researchers have created a free downloadable plugin for Vuze and Azureus users called SwarmScreen which can protect users from guilt-by-association attacks. SwarmScreen works by downloading random packets of data from all over the BitTorrent network. This masks the actual files you are downloading, and prevents being associated with any “community”. On the downside, this plugin wastes bandwidth which can slow down downloads, so the plugin also provides an intuitive control to balance between more security at the expense of slower speeds and vice versa.