Hi, I would like to point you to a recent work we made that we believe might be of interest to the BitTorrent/P2P community. In this work that will be presented at IMC'11, we show what we believe to be a significant privacy issue for most P2P protocols. -We show that leveraging on Skype, we can map a social identity (name, age, location, email address, etc.) to an IP address fully inconspicuously. This attack works for all (500M) Skype users. This is severe as an attacker does not need the ISP support (that an individual cannot usually get) to retrieve the social identity linked to an IP address. -We show that we can then follow the mobility of a Skype user, and we found that we can indeed observe real mobility patterns for a large fraction of Skype users. -Finally, we were able to link a Skype identity to a list of BitTorrent downloads even if the user is behind a NAT or a proxy (we use the predictability of the IP-ID in IP headers to make sure that two different applications are running on the same host). That attack described uses Skype, but would also work with several other popular VoIP systems. All details are available here: http://hal.inria.fr/inria-00632780/en/ Regards, Arnaud. _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE