Introduction
BitTorrent is the most popular filesharing protocol on the Internet today. BitTorrent users typically obtain pieces of the data they want and share pieces of the same data with others. By cooperating in this fashion, almost everyone who wants a copy of the data gets what they want.
There are many programs one can use to share data using the BitTorrent protocol. Many are free software—one can inspect, share, and modify the program to suit one’s needs. uTorrent is a popular non-free (or proprietary) BitTorrent client. Like any proprietary program, exactly what the uTorrent program does when it runs is not clearly known to anyone except its developers. uTorrent became popular because it is a zero-cost, small, and quick program which requires little computing power. Many BitTorrent clients allow web-based control: one can set up Transmission (a free software BitTorrent client) to host a web-based control panel that lets users remotely control Transmission. With some savvy, one could set up one’s computer at home to run Transmission all the time and use this web-based remote control to keep track of and control Transmission from anywhere on the Internet.
The next version of uTorrent is due out soon; codenamed “Falcon”, an article on torrentfreak.com glowingly describes this version because this version of uTorrent offers a different kind of web-based control panel: users can control their copy of uTorrent by logging into the Falcon website and controlling their copy of uTorrent from this website.
Freedom and privacy
What’s the difference? The difference is who has access to your computer and who has access to data on what you’re sharing.
When you set up the remote control you can determine who connects to it. With “Falcon” uTorrent, you have to trust the people at falcon.utorrent.com as well or else the remote control service based on their website won’t work. The remote control service based on logging into falcon.utorrent.com’s website depends on uTorrent being accessible to uTorrent employees and their agents. In order for that remote control to work, you must leave a program running with your authority on your computer which is accessible by the people who run uTorrent.
Perhaps this was always the case; after all, uTorrent is proprietary and always has been. This is a natural consequence of not knowing (and being prohibited from learning) exactly what that program does. This could have always been the achilles heel of widespread BitTorrent use: all proprietary BitTorrent clients sharing information about its users and its users peers unbeknownst to the users.
“Falcon” uTorrent may track your sharing and that of your peers even if the uTorrent privacy policy or employees say otherwise. uTorrent is certainly in a position to do this; if you use this remote control service in the way its intended to work, you’re handing them control over the uTorrent program running on your computer. We don’t know what this program is capable of (only a free software program would give us that information). It would not be difficult for uTorrent employees and their agents to keep track of anything that program has access to read: what you’re sharing, with whom you’re sharing data, your other files/folders, perhaps even other network connections or information about your computer. “Agents” means exactly that: anyone uTorrent people decide should have access to data about your system or whomever you’re connected to. You have no control over what information is collected or whom that information is disseminated to.
How does software freedom help me here?
In theory any program could do the same thing but software freedom lets us understand what free software programs are capable of. Free software programs can be modified to enhance our privacy and these improved versions of programs can be distributed to enhance the privacy of our friends and neighbors. Even if we’re not programmers we all know how to copy computer programs and install improved versions of programs, so we can help one another share only the information we want to share. Not so with proprietary programs.
With proprietary programs the programmers determine what gets shared. Once that data has been uploaded to uTorrent’s programmers (or their agents), who’s to know how widely it is shared from there? I need not even get into the consequences of human error on the server side where uTorrent admins inadvertantly leak information they collected.
Assuming what’s described in the torrentfreak.com story is accurate, uTorrent’s implementation of remote access to your sharing means you’ll give uTorrent information which would be invaluable to copyright holders and their agents who are looking for a convenient list of users to target for copyright infringement lawsuits.
Since “Falcon” is proprietary, you’ll probably not know if turning off the remote access is good enough to ensure your privacy. Worse still, if any of your filesharing peers use this service they’re alerting the uTorrent admins about your filesharing. So your rejection of uTorrent isn’t good enough to keep your use of the filesharing out of uTorrent’s hands.
Conclusion
“Falcon” poses a considerable risk to filesharers who want to retain their privacy and this version continues a long line of denying users their software freedom. If the program were free software, groups could set up competing services based on trustworthiness; we could have other remote control services running in competition with the uTorrent.com-based remote control service. You wouldn’t have to reveal your filesharing to parties except those you trusted while retaining the convenience of a small program running quickly. You could use whatever metric of trust to determine who those trustworthy parties are, if anyone. Instead, proprietary software pushes you into a monopoly for this service. This remote control protocol could be a commodity, improved and built upon as BitTorrent protocol itself is.
Trading away your software freedom is never a good idea.
People need to be very careful with torrent programs in general, and with falcon spcifically. I use utorrent exclusively but I will not be using this one.
Very informative article. The points you’ve made regarding proprietary programs make sense. By not having access to the code, the public would not be able to know what’s really happening behind the software. This is very risky with using these types of software. I would be more comfortable using a torrent app which is open source so the community can see if there’s any malicious code embedded.
I’d invite you to check out Falcon’s page titled “Falcon Beta Privacy FAQ.” It seems to address most of your concerns.
http://falcon.utorrent.com/srp/privacy
Thanks for the pointer. Unfortunately this does not satisfactorily address any of the points I have raised. In that FAQ you see how a programmer describes how their program works. We have no way to verify most of how uTorrent works; that FAQ is not information from someone you have reason to trust telling you how the program actually works.
Checking the Javascript running in your browser isn’t enough because that only covers what your browser does and some of what the uTorrent program does working with your browser. As with all proprietary software, without complete source code we can’t know what the program does and what the program is capable of doing. Therefore proprietary programs are all untrustworthy by default.
This isn’t just a security and privacy problem. This problem is fundamentally a software freedom problem. You deserve the freedom to inspect, share, and modify published software. You should choose software that respects your software freedom. There is no substitute for letting someone you trust inspect a program’s source code, modify that program to suit your needs, and distribute improved versions of the program.