MiniNova Not Jumping on the Encryption Bandwagon

As the file-sharing battlefield begins to simmer, BitTorrent indexing sites are armoring up with SSL encryption, hoping to ward off the oncoming battle with ISPs and the litany of copyright enforcement agents. isoHunt and The Pirate Bay, two of the largest and most popular BitTorrent sites, have recently incorporated encryption in hopes of offering their populaces an added layer of security.

What exactly is this layer of security being placed on BitTorrent sites? It's really no different than the encryption used to secure your online bank transactions, eBay purchases, or email. Like paying a bill or reading your bank statement, SSL encryption secures the transmission between your computer and a remote machine and deters eavesdropping. In other words, when an end user conducts a search on The Pirate Bay, their query will be invisible to everyone except The Pirate Bay - providing the determination of a third party is minimal.

The motivation for encrypted data transfers is contentious. While the feature does secure transmissions, historically, end users have faced far too few legal threats to realize encryption’s effectiveness. When The Pirate Bay, LokiTorrents and EliteTorrents were raided, none of the information gathered was used against their populations for copyright enforcement. Only the BitTorrent administrators and the heaviest of uploaders have faced the onslaught copyright enforcement. Those who blend in well with the rest of the file-sharing community tend to avoid conflict with the entertainment industry.

Considering the rather benign threat to a majority of file-sharers, large scale BitTorrent websites such as MiniNova are not ready to jump on board. Slyck caught up with MiniNova administrator Niek, who talked to us about the prospect of SSL encryption.

"We internally discussed this months (if not years) ago, but the main problem is that [it] increases the load on the servers significantly. In addition, it doesn't solve the problem of providers blocking (IP-block) and inspecting (HTTPS sniffing) the traffic, like Gary (isoHunt) suggests."

"I'm not saying we will not implement this, but we need to look into this matter again. If the community wants this feature, we will consider supporting HTTPS."

Niek brings up the additional point that encryption doesn’t eliminate the ability to block websites – contrary to isoHunt’s recent announcement. Gary Fung, the administrator of isoHunt, defended his position and told Slyck.com that he was already seeing success.
"...countries/ISPs can block by DNS, but that's not how Dubai has done it," Gary explained. "As people have responded on our SSL announcement, those in Dubai can bypass the block by SSL. Sniffing also is meaningless with SSL sessions, the ISP or any middleman router can pick up destination IP or DNS queries, but that only tells you where are web requests going to. It'll say nothing about what activities someone does on a SSL encrypted web visit, including the destination URL (GET requests are encrypted inside SSL sessions). ISPs can't sniff activity inside SSL sessions without breaking 1024 bit encryption (no one has, yet)."

What works for isoHunt may not necessarily work for MiniNova, and what works for The Pirate Bay may not be feasible for isoHunt. Each tracker/indexer has their own set of priorities and challenges. For example, The Pirate Bay's encryption is designed to ease the worries of Swedish users concerned about government . MiniNova may not see a need just yet, however with their impending legal situation with Brein escalating, the user base may see otherwise.


www.slyck.com/