BitTorrent and the Legitimate Use of P2P

Joe Stewart, GCIH <>

February 24, 2004

The following paper was presented at a panel discussion on P2P technologies held by the Forum on Technology & Innovation in Washington, D.C. on February 26, 2004.


The question before the panel is, ``How can P2P networks go legit?'' My answer is, ``they already are.'' The world-wide-web is used to download illegally copied software, copyrighted music and movies as well as child pornography, yet we're not asking how the web can go legit. No one here would dispute that filesharing networks are used by those who would violate copyright. But this is not solely the domain of P2P; copyrighted software has been traded on electronic bulletin board systems (BBSs) since their inception and has permeated every public communication protocol on the Internet. Filesharing is a social phenomenon, not a technological one - demonizing P2P based on one use of the technology is a mistake in my opinion. P2P already has positive mainstream benefits in certain communities and new uses are being found all the time.


I'd like to illustrate how one P2P technology, BitTorrent, is changing the shape of P2P as we know it. BitTorrent is a P2P system that allows large, popular files to be downloaded quickly. I'd like to explain a little bit about how BitTorrent works so that a distinction can be made between a technology (P2P) and implementations of that technology. There are some important differences between BitTorrent and other P2P technologies that should be understood.

Network Scope

BitTorrent has no network in the sense of KaZaA or Napster - it's a protocol. People or companies wanting to distribute a file essentially create their own private P2P network which only consists of whoever is downloading the file at the time. These miniature networks are formed around a ``tracker'', which is a server program operated by the entity wishing to share a file.

Downloaders find the tracker through the use of a .torrent file which can be posted to a website. The .torrent file contains information about the file and the tracker which is providing the network. Clicking on the torrent file in a web page opens the BitTorrent software and begins the download process by contacting the tracker. This centralization does not lend itself well to illegal software or music copying - if a tracker removes the file information or is shut down, the file is no longer available for download. There is no need to file thousands of subpoenas to remove an illegal download; you merely need to find the tracker specified by the .torrent file and have the information removed from the tracker. This renders the .torrent file dead, and the file is no longer able to be shared unless a new tracker and .torrent file is made available. Indeed, the system was not designed with illegal use in mind, but instead to faciliate transfer of large files in an economical way.

Finding Files

Since there is no single BitTorrent network, the protocol has no provision for searching for files. Generally, a company wishing to offer a file via BitTorrent would place the .torrent files on their website in the place of the usual HTTP download link. Searching for .torrent files can be accomplished through web search engines, but this is external to the protocol - again showing that trading of copyrighted files is not central to the technology.

Sharing Technology

Sharing of files between peers is accomplished by trading pieces of the file among all the other peers in the mini-network at any time. The tracker coordinates the information needed by the peers to find the pieces of the file that they are missing. Files cannot be redistributed without a tracker. In conventional P2P, once a file has been downloaded to your hard drive, it is usually shared out again to the rest of the network. With BitTorrent, it would take a unique and special effort to reshare that file.


BitTorrent cannot be used to spread viruses in the way other P2P networks are known for1. On most P2P networks, spreading a virus is as easy as copying it to the shared folder with an enticing name. Since BitTorrent users only share pieces of well-known files whose integrity is known to the tracker, it is not possible to infect a piece of the file being shared. While you could potentially upload a virus to a public tracker and provide a .torrent file for it, you'd still have to convince people to download and run the file just as if you posted it to a website. Another benefit to the BitTorrent model is that users can't unknowingly share out the contents of their hard drive in the way neophyte users have done on other P2P networks. Virtually all of the security and privacy concerns noted by opponents of P2P technology simply don't exist with BitTorrent.

Current Legitimate uses of BitTorrent

Open Source/Free Software Downloads - Mandrake Linux

What BitTorrent does do well is allow greater leverage of resources for those who provide legal downloads. For instance, when the Mandrake Linux operating system version 9.2 was released, the Mandrake Linux company knew they had a problem - they have a popular, free product and the download is quite large, around 2 gigabytes. With thousands of users clamoring to download the new version on release day, the bandwidth costs to the company would be prohibitive. They solved the problem by making the download available through BitTorrent - letting the users who were getting the product for free share in the task of distributing it to others. Several other Linux distributions also utilize BitTorrent to provide free copies of their operating system, allowing them to compete with larger, more established OS vendors who have nearly unlimited bandwidth.

Authorized Live-Taping Downloads -

Another legitimate use of BitTorrent is by the Etree community, music fans that freely trade and distribute the music of bands that allow the audio taping of their live performances for non-commercial use. The Etree site lists over 100 bands or musicians who have policies that allow and encourage fans to tape and trade their performances, including major artists such as the Dave Matthews Band, Pearl Jam, Tenacious D and others2. Sanctioned distribution of live show tapes has been a tradition starting with the Grateful Dead, and many bands are realizing that having a loyal following is very valuable and that they can both support their fans and still sell records. Because the live taping community usually opts for lossless compression over lossy mp3 compression, the files involved are much larger than with normal music sharing. Because of this, BitTorrent is now the preferred solution for almost all of these legitimate music-sharing communities.

High-Demand News Information - Slashdot

Another potential use of the swarm technology of BitTorrent is in disseminating web pages or other files relevant to current news that may be extremely popular for a short time. The demand for the content in question often exceeds the available resources of the site hosting it, causing the content to be unavailable to everyone. This is commonly referred to as the ``Slashdot Effect'', named for the techie news site, which provides news and community commentary on the technical issues of the day to hundreds of thousands of readers daily. I'm about to add to the Slashdot effect by encouraging everyone who affects government policy on technical issues to utilize Slashdot as a source every day. If you want to be in tune with what the technologists already know, this is the one place to go.

But back to the use of P2P: often, when a story is posted with a link to a particular site, the site will quickly go down and become unavailable for all. When the site content is provided as a BitTorrent link instead, everyone can access the story. Third-parties will often provide BitTorrent links for large downloads mentioned in Slashdot stories for the benefit of the community.

Online DIY Publishing - Glenn Fleishman

Online publishing is another situation where adoption of BitTorrent is proving to be a boon. When authors choose to share their book in digital form, providing a .torrent download of the file enables them to distribute their work at minimal cost. Consider the book ``Real World Adobe GoLive 6'' by Glenn Fleishman. When he made his book available as a free PDF download last year, the book had 10,000 downloads, representing nearly 250 gigabytes of data transferred in the first 36 hours. He was narrowly able to escape a $15,000 bandwidth overage charge from his ISP, prompting him to investigate BitTorrent as a solution for future distribution of his works3.


The examples I've presented are not theoretical; legitimate P2P use is here and has a definite role to play in the future of the Internet. I think that without a compromise between the copyright holders and the file sharers, there will be an ever-escalating arms race of technology versus legal maneuvers. Two days ago, the Electronic Frontier Foundation published a whitepaper that outlined a compromise called ``voluntary collective licensing'' which can permit both unrestricted filesharing and the payment of artists and rights-holders. I believe Congress needs to call for more innovative solutions like these rather than create harsher penalties for twelve-year-old filesharers. My belief is based on a simple principle - advancements in technology demand that business models change. I hope we can avoid any more damage to the rights of consumers while prolonging the inevitable.

Author Bio

Joe Stewart is Senior Security Researcher with LURHQ, a leading Managed Security Services Provider. In this role he researches unusual Internet activity to discover emerging threats, new attack techniques and the latest malicious code. Prior to this role, he was an Intrusion Analyst where he handled millions of security events for LURHQ clients while monitoring their corporate networks from the Secure Operations Center. He has been in the information security field his entire career. He is a frequent commentator on security issues for leading media organizations such as The New York Times, MSNBC, Washington Post, Bloomberg and others. Additionally, Joe has published numerous security research papers on Sobig, Migmaf, Sinit and other cyber-threats and attack techniques which can be found at


... for1
Bruce Hughes of security firm TruSecure noted that 45% of all files shared on KaZaA are malicious. See,1367,61852,00.html
... others2
... works3

Back to homepage