Discover and share the best of the web!
Learn more about Digg by taking the tour.
IsoHunt Goes Secure, Adds SSL Encryption
torrentfreak.com — ISPs and authorities increasingly use Deep Packet Inspection hardware to block access to BitTorrent sites, or spy on users ’ browsing habits. To offer its users more privacy, isoHunt has now added SSL encryption, making it impossible for your ISP or the authorities to monitor your activities on the BitTorrent site.
MakiMaki- 1119 diggs
- digg it
- straylight51, on 06/26/2008, -1/+30Awesome, IsoHunt rocks big time for major movies. You should still stay safe though using peer guardian or something like it
- Dohko_Xar, on 06/27/2008, -25/+13peer guardian only offers a false sense of security, please don't use it.
- evilxhwnd, on 06/27/2008, -2/+24There is nothing wrong with peer guardian. It does not provide 100% protection against performing copyright infringement, however, it does lower the chances of getting in trouble. If you are going to download copyrighted stuff, do use peer guardian.
- dsmx, on 06/27/2008, -0/+29Peer guardian is only useful against know threats much like an anti virus programme, it's better than nothing however don't rely on it.
- Spanq, on 06/28/2008, -1/+3Peer Guardian can be useful since many complaints from copyright holders sent to ISP's make the arguement about piracy if your IP address is caught merely sending data.
- SnowCrashv5, on 06/28/2008, -0/+2To protect against throttling AND to stay safe:
1. Use bit torrent trackers in countries with weak copyright law.
2. Use a VPN (like Relakks provided by the pirate party)
3. Encrypt your bit torrent headers
4. If you use linux, modify your iptables to un-throttle comcast's sandvine
5. Use Peer Guardian.
If EVERYONE (or most everyone) followed some or most of these practices, the RIAA/MPAA would go ape *****.
Or even better, use free software and support independent musicians and movies and stop giving big media the attention it wants.- mrsteveman1, on 06/28/2008, -0/+2"If you use linux, modify your iptables to un-throttle comcast's sandvine"
If you mean set iptables to block RST packets, thats stupid. You aren't just blocking the false ones you are blocking all of them on whatever port you put into the rule, and your TCP connections will pile up and screw your router into a backflip. - SnowCrashv5, on 06/30/2008, -0/+1You're not blocking all of them, just the ones for the bit torrent ports. And I never said do it on your router. Do it on your PC.
- mrsteveman1, on 06/28/2008, -0/+2"If you use linux, modify your iptables to un-throttle comcast's sandvine"
- spilk, on 06/28/2008, -0/+1Peer guardian only prevents you from connecting to the fuzz (or them connecting to you), they can still scrape your IP address from the tracker quite easily.
- peterjmag, on 06/26/2008, -0/+19It's always great to see sites like these standing up for their community.
- daverave999, on 06/29/2008, -0/+1Surely your ISP will still see you visiting IsoHunt though?
"No no officer. I only went to the dealer's house but I didn't buy any drugs. Promise."
- daverave999, on 06/29/2008, -0/+1Surely your ISP will still see you visiting IsoHunt though?
- nekroskoma, on 06/26/2008, -1/+23i like this news
brb, encrypting connection- Densetsu, on 06/28/2008, -0/+4Did anyone else just try to go to https://www.digg.com because of this story?
- vfreak2, on 06/27/2008, -1/+8See? We're humans - we'll just adapt. How is the record industry going at adapting to new technology (which is what created their industry in the first place)? hmm...
- PopcornDave, on 06/28/2008, -1/+1About like taking your significant male other to see the Sex in the City movie -- kicking and screaming.
- i3x171um, on 06/27/2008, -14/+3"making it impossible for your ISP or the authorities to monitor your activities on the BitTorrent site."
It does no such thing. SSL is only effective at stopping packet forgery and partial eavesdropping; a third party with access to the entire session (like your ISP has) will have no trouble viewing its contents.
At most, this will force shaping software to adapt.- gazzerh, on 06/27/2008, -5/+1I totally agree. This isn't that helpful. Bittorrent is p2p. If you are a peer and connected to another user then you know exactly what data they are receiving or seeding, because you're the one sending or receiving it!!
It will encrypt the actual data but if authorities are one of the endpoints (ie, seeding) then I can't see how this helps the situation. Unless you are on very private and trusted networks.- Louis11, on 06/28/2008, -0/+6SSL is for the website you stupid *****, not the actual torrenting.
- gazzerh, on 06/27/2008, -5/+1I totally agree. This isn't that helpful. Bittorrent is p2p. If you are a peer and connected to another user then you know exactly what data they are receiving or seeding, because you're the one sending or receiving it!!
- MAGZine, on 06/27/2008, -3/+9May I be the first to say... shizam.
F.T.RIAA.- thedragon4453, on 06/28/2008, -2/+7Take the time to do it right...
***** THE RIAA!!!- HonoredMule, on 06/28/2008, -1/+1Hey, when we feel so compelled to say it so often, why not abbreviate? It's a typical English convenience to adopt shorthand for words and phrases a populace most frequently utters.
FTRIAA - thedragon4453, on 06/28/2008, -1/+1Oh, I know. But for this, I don't mind the extra work :)
- Suprfire, on 06/28/2008, -0/+1We can do it, baby
Do it tonight.
- HonoredMule, on 06/28/2008, -1/+1Hey, when we feel so compelled to say it so often, why not abbreviate? It's a typical English convenience to adopt shorthand for words and phrases a populace most frequently utters.
- thedragon4453, on 06/28/2008, -2/+7Take the time to do it right...
- clonek, on 06/27/2008, -2/+3these torrent sites will always be a step ahead the ISP's and governments. it takes too long from them to get counter-measures in place.
- geekchic, on 06/27/2008, -0/+70"making it impossible for your ISP or the authorities to monitor your activities on the BitTorrent site."
Never say "impossible" where technology is concerned.- SocialPoison, on 06/27/2008, -0/+14Came here for this. The only absolute when it comes to encryption is that every encryption can be broken.
- nybble41, on 06/27/2008, -0/+16One Time Pad (OTP) encryption can't be broken; all one can determine about an OTP cipher without the key is the maximum length of the message. Unfortunately it requires that you exchange keys in advance through some other secure channel (e.g. in person), which renders it impractical for general Internet use. (Quantum Encryption is actually OTP with a clever solution to the key-exchange issue.)
- Dohko_Xar, on 06/27/2008, -0/+7Yup, I learned the lesson with the Gibson
- thecheatah, on 06/28/2008, -0/+9OOh yea, lets spend thousands of cpu hours trying crack a key for the possibility of catching someone. Smart!
- SolidSnak, on 06/28/2008, -0/+3Well at least its not practical enough for them to attempt to crack the encryption.
- OpCzar, on 06/28/2008, -0/+2Reminds me of Deus Ex:
"JC DENTON
And all we have to do is crack the code.
BOB PAGE
Mathematically unlikely. As are your chances of leaving the Ocean Lab, by the
way."
- SocialPoison, on 06/27/2008, -0/+14Came here for this. The only absolute when it comes to encryption is that every encryption can be broken.
- Superperson, on 06/27/2008, -19/+2Yes, how dare the government...find out you are commiting a crime.
- bagelmaster, on 06/28/2008, -0/+6How dare the government (or ISPs, or other organizations) spy on me without a warrant or probable cause.
- BoonTobias, on 06/27/2008, -4/+46i for one welcome our new ssl encrypted isolords
- occasus, on 06/27/2008, -11/+3Excuse me for interrupting! I'm looking for something called "news".
- bhattsan, on 06/27/2008, -2/+16***** THE RIAA
- SolidSnak, on 06/28/2008, -1/+7***** the MPAA!
- SpyDerMann, on 06/28/2008, -2/+2***** the MAFIAA!
- SolidSnak, on 06/28/2008, -1/+7***** the MPAA!
- anononon, on 06/27/2008, -0/+15I just tried it out. It wor
- seandfeeney, on 06/27/2008, -1/+5At what cost to speed?
- Snokage, on 06/27/2008, -3/+7does it matter? if your DL'd it for free. who cares how long its takes.
- ortucis, on 06/28/2008, -1/+1Well, people like us who don't live in basement and actually have to pay for their connection should care. If a 7 gb file takes 4 days at 30 kbps, I sure as hell ain't waiting 11-14 days for the same ***** because of encryption (not that this encryption should have any effect).
Probably the reason why most avoid Peerguardian. Not enough bandwidth to take the hit in speed. Besides, the RIAA/MPAA problem is only for the west as far as I am concerned.
- ortucis, on 06/28/2008, -1/+1Well, people like us who don't live in basement and actually have to pay for their connection should care. If a 7 gb file takes 4 days at 30 kbps, I sure as hell ain't waiting 11-14 days for the same ***** because of encryption (not that this encryption should have any effect).
- tian2992, on 06/28/2008, -0/+1It is the Tracker, the speed varies only when encrypting the connections. Which by the way reduces speed only slightly, while letting you bypass package filtering.
- Snokage, on 06/27/2008, -3/+7does it matter? if your DL'd it for free. who cares how long its takes.
- JasonPJohnson, on 06/27/2008, -5/+6...any Network Security person knows that the ISP could simply a do man in the middle attack using a COTS product like clear tunnel and inspect the SSL traffic. We do it at work all the time, otherwise any foul could get out of our network over SSL. There is no such thing as privacy.
- johnkelly84, on 06/28/2008, -0/+5I'm not sure what you mean. If the secure web server is providing a third-party signed X.509 certificate, there isn't a way to pull a man-in-the-middle attack that inspects the connection's contents, assuming that the client machine does not trust the attacker's CA. That's the whole reason secure websites offer signed certificates to identify themselves.
As far as I know, products like ClearTunnel just generate new certs on the fly to re-encrypt the connection using its own CA (usually a subordinate of the enterprise CA) which must be trusted on all client machines connecting to the secure server.
- johnkelly84, on 06/28/2008, -0/+5I'm not sure what you mean. If the secure web server is providing a third-party signed X.509 certificate, there isn't a way to pull a man-in-the-middle attack that inspects the connection's contents, assuming that the client machine does not trust the attacker's CA. That's the whole reason secure websites offer signed certificates to identify themselves.
- Lixie, on 06/27/2008, -0/+12Now, if only there were some way to wager money that certain lawmakers will try to make it illegal to use SSL encryption.
- PopcornDave, on 06/28/2008, -0/+4Very few people give bets on a sure thing.
- ExRe, on 06/28/2008, -0/+10I'd like to see them try.
Online stores and banks would have to block all US traffic. The internet would basically have a stroke. - johnkelly84, on 06/28/2008, -0/+3The U.S. used to heavily restrict the export of cryptographic technology, so web browsers "exported" from the U.S. had to be limited to 40-bit encryption, compared to the normal 128-bit encryption in use domestically at the time. Various other countries also have restrictions on exports, imports, and use of encryption.
- estvir, on 06/28/2008, -1/+13On why SSL doesn't really matter for torrent sites by someone else:
"This is a terrible idea. It will not change the game at ALL. I highly doubt you can go to jail over "searching" for something, so what are they really trying to hide? The point is, the tracker is still open to the public and you're still going to get nailed for your downloads. All they need is your IP -- nothing has changed.
We're going to see a lot of torrent users who are not very computer literate thinking they are safe. They're far from it.
There's only one place you can download from at will with end to end encryption and zero records of your activity and it's NOT bittorrent nor will it ever be."
The person made that comment when TPB announced SSL. I guess though for accessing the site it may help.- noBananas, on 06/28/2008, -0/+4Excactly. Thx
- dralezero, on 06/28/2008, -0/+2There's only one place you can download from at will with end to end encryption and zero records of your activity and it's NOT bittorrent nor will it ever be."
??- estvir, on 06/28/2008, -0/+1It [can] start with the letter U.
- Bizarrkley, on 06/28/2008, -3/+1What about this dude: http://digg.com/tech_news/Another_Inventor_Of_The_ ...
- Ford_Prefect2nd, on 06/28/2008, -3/+6***** the CRAA
- SolidSnak, on 06/28/2008, -0/+11CRAA Cartridge Remanufacturers Association of Arizona (Mesa, AZ)
CRAA Casselton Regional Airport Authority (Casselton, ND, USA)
CRAA CECLANT Routine Activity Area
CRAA Cedar Rapids Aquatic Association (Iowa)
CRAA Center for Relationship Abuse Awareness (Palo Alto, CA)
CRAA Centre for Radiochemistry and Activation Analysis
CRAA Chattanooga Regional Anthropological Association
CRAA Chimney Rock Archaeological Area (Colorado)
CRAA China Refrigeration and Air-conditioning Industry Association
CRAA Chinese Restaurant Association of Arizona
CRAA Chipola Regional Arts Association (Florida)
CRAA Colorado Rock Art Association
CRAA Columbus Regional Airport Authority (Columbus, Ohio)
CRAA Committee for Rehabilitation Aid to Afghanistan
CRAA Commodore Racing Association of Australia Inc.
CRAA Computer Related Abbreviations and Acronyms (Andreas Hammarstedt)
CRAA Connecticut River Arabian Association, LLC
CRAA Coon Rapids Athletic Association (Minnesota)
CRAA Cotabato Regional Athletic Association
CRAA Credit Reference Association of Australia
CRAA Credit Reporting Agencies Act
CRAA Credit River Anglers Association (Ontario, Canada)
CRAA Critical Reflection Activation Analysis (surface analytical technique)
?- robdiggity, on 06/28/2008, -0/+1Yes. Please ***** them all. Thanks.
- Boktai1000, on 06/28/2008, -1/+1***** the CRIA*
- SolidSnak, on 06/28/2008, -0/+11CRAA Cartridge Remanufacturers Association of Arizona (Mesa, AZ)
- mrlayance2, on 06/28/2008, -1/+1Don't be fooled, all traffic from the other nodes still clear text..
- ogallivanslist, on 06/28/2008, -3/+1its nice to know that ther is intelligents in the world =]
- ReyX, on 06/28/2008, -1/+1...
- PHiZ187, on 06/28/2008, -0/+5Wow, this isn't just some checkbox that IsoHunt checked and boom now you have SSL encryption. SSL is VERY processor intensive, so they are taking a hit in that they are going to need to pay for more processing power to support this. Pretty cool.
- amaranth666, on 06/28/2008, -0/+1And that, ladies and gents, is why I surf isohunt.
- drpleau, on 06/28/2008, -1/+0Hip hip hooray!
- ChileanGoD, on 06/28/2008, -0/+1So.... How do I join the SSL party?... by just going to the site? Do I need to install anything? Not that i'm going... I like being well informed :).
- tama00, on 06/28/2008, -0/+2just change the url to https instead of http
- weddie, on 06/28/2008, -1/+0Sorry to say that Secure Computing and a few other companies(Finjin, IronPort) have software that decrypts SSL traffic. ISPs can and do look at encrypted traffic all the time. The government encourages ISPs to monitor a few special folks.
- runelind, on 06/28/2008, -0/+3Wow, I am not sure...but...yep...you posted an outright lie! No government or other entity can break SSL encryption, unless they have some whiz kid locked away in a basement somewhere that is really damn good at factoring giant numbers. The only way people "break" SSL encryption is by SSL proxies, that is, they intercept your traffic with their own certificate, and then pass on your traffic to the real host. With this in place your browser will throw a hissy fit about the certificate chain not being complete.
- weddie, on 06/28/2008, -0/+0You are right in the fact that SSL encryption can only be decrypted through a SSL proxy, but I guess you are unaware of a little protocol called ICAP, which can handle https offloading. ISPs use Blue Coat or Riverbed, to mirror a request from a sender. That mirrored request is then sent to Finjin or IronPort as a proxy request, all they do is add proxy-connect value into the header. The mirror traffic then can be decrypted without the user knowing. ISP's also use upstream proxies with browser valid certs as another method of decrypting your traffic.
- Rapter09, on 06/28/2008, -0/+1Wouldn't breaking SSL traffic on a whim require solving the Riemann hypothesis? A math question open for over 150 years?
- runelind, on 06/28/2008, -0/+3Wow, I am not sure...but...yep...you posted an outright lie! No government or other entity can break SSL encryption, unless they have some whiz kid locked away in a basement somewhere that is really damn good at factoring giant numbers. The only way people "break" SSL encryption is by SSL proxies, that is, they intercept your traffic with their own certificate, and then pass on your traffic to the real host. With this in place your browser will throw a hissy fit about the certificate chain not being complete.
- xombiefarts, on 06/28/2008, -0/+1Does anyone know how to hide torrent traffic in linux? I knew a detailed how to site a while back, but lost it.
- dralezero, on 06/28/2008, -0/+1moblock it supports PG format lists.
- TheObviousChild, on 06/28/2008, -1/+0IsoHunt + PeerGuardian2 makes Jack a happy boy.
- SpyDerMann, on 06/28/2008, -0/+1I'm not that sure about encryption. Firefox keeps telling me that some elements in the webpage aren't encrypted (I checked the source, and most are external scripts, but that still makes me nervous)
- insomniac8400, on 06/28/2008, -0/+1Why? It's most likely just the advertisements.
- Mysk, on 06/28/2008, -0/+2Their website explains this. Adservers and digg.com buttons are not transported over an SSL connection. Those are the things that are triggering the warning that some elements are not secure.
They don't matter. The point is not to hide the fact that you're on isohunt. The point is to make it more difficult for governments and ISPs to block access to the site, which is so far successful. :)
- insomniac8400, on 06/28/2008, -0/+1I am surprised more webpages aren't moving to https. It's a very good way to keep things private.
- Kornstalx, on 06/28/2008, -1/+2Just encrypted my connection.
So far things look like they're going greaD2aC921xc632kLijF4kDt! - DigitAl56K, on 06/28/2008, -0/+2They're already Doing The Wrong Thing(tm):
"Just a heads up: we did in fact buy certificates, but loading some pages may cause warnings due to ads and digg not being on SSL secured connections, so please don't complain if you see these warnings. Your communication to isohunt.com and torrentbox.com are fully secure when browsing under https://. "
I.e. "Ignore warnings your browser gives you about SSL". If you're going to ignore the warnings, someone can substitute another certificate and do MITM, since you're going to click "OK" anyway. - tian2992, on 06/28/2008, -0/+2It sucks that All of the posts on Isohunt have a Digg it!™ button, yet all of the Isohunt related news i've seen on digg, come from Torrentfreak
- Rotzooi, on 06/28/2008, -0/+3**cough**Relakks.com**cough**
- Voltagensis, on 06/28/2008, -0/+0Encryption is a huge thorn in the side of every snooping government agency, every spiteful and crooked corporation, etc. In short, it's our ace of spades. The community needs to get on the bandwagon and get serious about encryption and privacy. We no longer have laws that protect our privacy, so it's our job to secure the personal data of ourselves and our families.
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2008 —
Content posted by