As Congress moves forward on two bills aimed at curbing online piracy, a Web site has given opponents a way to attack those lobbying for the measures by exposing their illegal downloads.
The site, youhavedownloaded.com, allows users to search through publicly available data that links roughly 50 million file-sharing users to specific content downloaded on torrent sites, which allow movies, television shows and other large files to be rapidly shared.
Users of the site have said they found connections between purloined content and major Hollywood studios as well as to President Nicolas Sarkozy of France, who has supported similar legislation in his country.
The site works by collecting Internet Protocol addresses, which identify an individual computer at a given time, from torrent sites and connecting them to material downloaded to those same addresses, then displaying a list of content, which often contains copyrighted material.
Brian Krebs, a former Washington Post reporter who blogs about computer security, interviewed one of the founders of the site, Suren Ter-Saakov, a Russian living in Philadelphia:
Ter-Saakov said he believes youhavedownloaded.com indexes about 20 percent of the file-sharing activity on the Internet. He maintains that the site was created merely as a proof-of-concept, and that it doesn’t have any commercial application.
But the site has shown it can be used for political purposes by those seeking to highlight contradictory behavior at major media companies now pushing hard in Congress for new antipiracy legislation.
TorrentFreak, a technology blog focused on file sharing, reported this week that it had taken a range of I.P. addresses associated with computers at three major Hollywood companies — Sony Pictures, NBC Universal and Fox Entertainment — and used the site to find that each could be connected to downloads of copyrighted material.
“Yes, these are the same companies who want to disconnect people from the Internet after they’ve been caught sharing copyrighted material,” the blog observed in a post under the name of its pseudonymous editor, Ernesto. The I.P. addresses said to be connected with the companies had downloaded numerous films, including some belonging to their competitors.
“Of course our search wasn’t limited only to these big Hollywood studios,” TorrentFreak writes. “We also checked the downloads at the BitTorrent Inc. headquarters in San Francisco. Interestingly there were no downloads recorded there. But there’s plenty of piracy at other tech companies and other institutions.” According to the site, those included Google, which along with other tech giants has lobbied hard against the two bills now before Congress.
The site is also being used in other countries by advocates of greater openness on the Internet.
In France, the government passed an antipiracy law in 2009, a three-strikes measure that cuts off the Internet connection of any user caught downloading protected content three times. The law, known as Creation and Internet Law — administered by an agency known by the French acronym Hadopi — was strongly supported by Mr. Sarkozy.
That’s what prompted Cyril Clavier, a Frenchman living in South Carolina, to target Mr. Sarkozy to see if he — or at least someone using computers at his official Paris residence — was among those downloading copyrighted material.
Mr. Clavier, a research intern at the computer science department of Charleston University, said in an e-mail that he discovered the range of I.P. addresses at Mr. Sarkozy’s residence, Elysée Palace, and then ran each one through the youhavedownloaded.com site.
Mr. Clavier said that his findings proved that either “someone using the Elysée’s network downloaded something, which make them appear a little hypocrite,” or “someone spoofed their I.P. addresses” to look like they belonged to the French president, “which would demonstrate how weak is the identification by I.P.”
The Elysée denied that any illegal downloads came from its computers, French radio reported.
In the Netherlands, the music royalty agency Buma/Serma, whose computers were said to be connected to illegally downloaded material, issued a press release claiming that their I.P. addresses had been spoofed, according to TorrentFreak.
“We aren’t the only ones to come up with the idea of revealing the BitTorrent habits of copyright advocates,” the blog said, adding that “if it’s so easy to spoof an I.P.-address, then accused file sharers can use this same defense against copyright holders.”
Indeed, the spoofing of addresses is out of the range of the average Internet user, making it an unlikely source of misidentification in most cases. But there is another problem with trying to connect a unique I.P. address to single person in the real world: addresses that periodically change. (Google has argued that the widespread use by Internet companies of these so-called dynamic I.P. addresses means that I.P. addresses in general should not be considered personal information.)
Youhavedownloaded.com does not take dynamic I.P.’s into consideration in its searches, meaning that several different people could have downloaded content in a single list provided by the service. “Are you taking dynamic I.P.’s into account?” one commenter on the site’s main page asked. “Because if you’re not, this system is absolutely useless.”
Mr. Ter-Saakov responded in a comment, saying he knew of this shortcoming but that the site is just meant to be a demonstration. The site announces itself as a way to “scare your friends.”
Many who commented are indeed scared, or even irate, and saw the site not as a tool for fighting new laws against piracy but as a way for media companies themselves to more easily look up individual users and go after them. One even suspected collusion between the site’s creators and the recording and movie industries, which have aggressively pursued digital pirates: “Your site does not explain it’s purpose, are you working for the RIAA/MPAA?”
Meanwhile, in Congress, a House judiciary committee debate on the Stop Online Privacy Act was sidetracked on Thursday by a snarky post to Twitter.
On Friday, the committee adjourned for the holidays without voting on the measure, the Washington Post’s technology blog reported. Debate will continue when Congress is back in session.
