Recently there was a discussion on whether BitTorrent should get some encryption (or obfuscation, more likely) added.

Right now, you can filter out BitTorrent traffic with the following iptables command (note: this needs iptables 1.3.4 and a recent kernel):

iptables -I OUTPUT -j DROP -m string --string "BitTorrent protocol" --algo bm --from 0 --to 100

(Note: match is not optimized, the range of 0 to 100 and algo bm is arbitrary)

The nice thing is, that this match is very unlikely to match non-Bittorrent traffic. Linux users can use it to filter out all BitTorrent traffic or mark it for speed restrictions.

Network operators are very interested in filtering this traffic: it slows down more important traffic (and if you are e.g. using stochastic fair queing, the large number of connections for P2P filesharing will make it get a larger share than other apps!) and can cause costs.

If you have mobile users, who e.g. connect their laptop to your network, they will occasionally use BitTorrent at home, and forget to disable it when they connect to your network. That’s really bad, it happens and it’s not like this is intentional “malbehaviour” or “sabotage”!

So back to the original topic - obfuscating BitTorrent traffic. Let me explain what network operators might do when BitTorrent can’t be slowed or filtered any more (Note that this already applies to some services such as Skype or Kazaa as far as I know):

First of all, they might decide to filter all connections to non-standard ports. This effectively eliminates (most of) filesharing - but also e.g. Skype and some IM and chat services. Basically any non-standard service. (Note that “professional” VoIP services using SIP may still be whitelisted).

Secondly, they could decide to slow down all connections to non-standard ports. This would make filesharing, Skype, IM etc. still possible, but for example file transfers via IM will be really slow. No video via Skype, probably, depending on the limits set in traffic shaping.

Thirdly, they could disable all outgoing connections and require you to use proxies for that. Then you need to enable/disable your proxy all the time when switching networks, and you’ll only be able to use a limited set of services. Again, Telephony via SIP is still technically possible, using a SIP proxy or by whitelisteing major SIP providers. Skype is no longer possible. IM needs whitelisting, and will likely be blocked, too.

None of these options are very favourable for the users. So please do not support “obfuscated” Protocols such as Kazaa or Skype, or an obfuscated variant of BitTorrent. Stick with stuff administrators can set up policies for - and be nice to your admins. Tunneling via non-standard ports, hiding services will only get you into trouble, and probably even make innocent other users suffer.

After all, filesharing - especially illegal downloading movies and music - is not THAT important, is it? So please make the important services not suffer from it. Thank you.

Oh, and please use SIP, not Skype. Because your admin can whitelist your SIP provider if you tell him you need it for work or setup a proxy for that - and with Skype, he might be afraid that you become a supernode and cause high traffic costs. And then there is a much larger software choice for SIP, including many OpenSource solutions, including PBX software such as Asterisk.