A team of five INRIA researchers presented an interesting paper at 3rd Usenix workshop on large Scale Exploits and Emergent Threats: Spying the World from your Laptop – Identifying and Profiling Content Providers and Big Downloaders in BitTorrent. The title says everything.
Using a single machine and some “flaws” in BitTorrent protocol, they collected and analyzed 148 million IP addresses involved in more than 2 billion instances of downloads. Then, they tried to identify the content providers and the big downloaders.
For instance, for the content providers (i.e. the person who generated the first torrent of a content), they spied the tracker sites to identify new torrents. If a torrent appeared with only one source address, then it was the address of initial content provider!
With no surprise, they discovered that most of the illegal contents are provided by a limited number of content providers. The distribution shape is very long tail oriented. The top 100 contributors provide about 30% of the contents on BitTorrent! The hosting centers of the initial seeds are mostly in France and Germany but the content providers themselves were from other countries.
Interestingly, they discovered that big downloaders where often hidden behind proxies, Tor or VPN. They also identified some monitoring “sites”.
A nice view of the P2P activity.