It is easy for people to underestimate just how much information about them can be accessed on the internet. But the reality has now been laid bare by a new website which has been sending ripples through the information security community.
The site, which is rather ominously called ‘I Know What You Download’ scours the internet using IP Addresses to identify what people have been downloading. This approach can be unerringly accurate, as everything you do online is marked with your unique IP Address code.
This means that, unless you use a VPN, to mask your IP Address, it is no great challenge to use an IP Address to identify what a user is downloading. And nothing is safe from this approach, not even torrenting.
Torrenting is perhaps the world’s most popular method of downloading and is something that always feels like it is anonymous and secure. But even these are tagged by your IP Address and therefore identifiable.
If you are going to access the site, beware for a shock. On opening, it will, by default, identify your IP Address and show you a list of what you have recently downloaded.
With friends like these…
If that doesn’t sound frightening enough, the site has another, and even more chilling, feature. It also enables people to look up what their friends are downloading too.
If you are so inclined, you are able to send a link to a friend, which appears to be something innocent such as a Facebook page or a news link. Once that link is clicked on, the site will record your friends IP Address and provide you with a link to everything they have downloaded.
Quite why someone who is supposed to be a ‘friend’ might want to spam you and steal your private and personal information like that is not clear. It seems more likely that the feature might be used for more nefarious purposes.
Torrenters appear to be especially vulnerable to this new tool. When torrenting, they have established a direct connection with the device of another user. This makes it possible for that user to identify the IP Address of the other person in the connection and therefore their download records too.
There is no link to this site provided in this article, and that is for a very good reason. It is unclear who has set up and operates the site, or what they might be doing with the information collected.
It may be that the site is intended to be a marketing tool to sell the service to legitimate users, such as law enforcement agencies. The tool could well be useful in finding people downloading illegal content, such as child pornography and terrorism content. Similar tools are already used by numerous media companies to try and identify those who are infringing their copyright.
But it could just as easily be exploited by cyber-criminals for a whole host of different purposes. It is impossible to tell, and until such time as it is, we at www.vpncompare.co.uk do not recommend you use it. However, the author has visited the site, using a VPN, and can confirm that it does indeed record the data it claims to.
There are limitations to the service. Regular IP Addresses can change from time to time and of course, some IP Addresses are shared by multiple users making it harder to tie downloads to any one individual.
And of course, the biggest loophole is the use of VPNs and other such privacy tools. To ensure your downloading record is secure and private, using a VPN is by far the best thing to do. It means you are downloading through an encrypted channel and leaving an anonymous IP Address that cannot be linked back to you.
This new site should serve as a wake-up call to downloaders around the world. Without a VPN, nothing you do online can be truly private.