I recently heard about a site called YouHaveDownloaded.com that supposedly keeps records of which IP addresses are associated with peer-to-peer file sharing networks, specifically whether copyrighted content has been downloaded to those IP addresses. What's your take on this site? Is it legit? Is it worth our time to check our corporate IPs as a method of validating that our users aren't involved in illegal file sharing?
Ask a question
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
Yes, the site is legitimate. (Editor's note: As of July 11, YouHaveDownloaded.com is not available. A message on the site's homepage reads, "This site is temporarily closed. Come back some time later.")
Sites like YouHaveDownloaded.com work by simply crawling peer-to-peer file sharing networks and gathering information about who is uploading and downloading files, similar to the way a search engine navigates the Web. These are the same techniques the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA) and other copyright enforcement agencies use to send out thousands of Digital Millennium Copyright Act (DMCA) infringement notices every day.
There’s no harm in running your corporate IP addresses through the site to see what information related to P2P activity it might uncover. However, if your IP addresses appear in the YouHaveDownloaded.com database, you probably already know about it through a DMCA notice you likely received from the copyright holder. Content publishers and copyright holders have become quite aggressive in pursuing copyright violations in recent years.
Understand there are some serious limitations to the technology behind this site, so don't think of it as more than a curiosity. First, the site does not attempt to track individual systems, so it can be fooled by the use of dynamic IP addresses, which most residential ISPs use routinely. Records that show allegedly infringing use from your computer may actually be reflecting the activity of another system that had the same IP address on an earlier date.
Similarly, YouHaveDownloaded.com is not capable of seeing through firewalls that use Network Address Translation (NAT) to group multiple systems behind a single IP address. This limits its use as a tool to track the activity of your own users, as you’ll only be able to tell that someone may have illegally downloaded content, not the internal IP address of the system involved. Unless you have other records to correlate with the site, you won’t be able to take direct action in response.
Finally, it's worth noting that most of today's firewalls and IDS/IPS devices are capable of detecting and, if necessary, blocking P2P traffic. So while sites like YouHaveDownloaded.com can offer a helpful secondary check to determine whether network users are somehow circumventing controls, most organizations should be able to keep P2P network traffic under control without breaking a sweat.
Dig Deeper on Security Awareness Training and Internal Threats-Information
Related Q&A from Mike Chapple
Explore the differences between wired and wireless network security, and read up on best practices to ensure security with or without wires. Continue Reading
Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ... Continue Reading
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading