How Logistep catches file sharers

Martin Brinkmann
Apr 15, 2007
Updated • Jun 11, 2013
File Sharing, Security

It is no secret that companies like Logistep are monitoring p2p networks to sue file sharers who are spreading software from clients like Zuxxez, a German company who recently sued 500 British p2p users claiming that they illegally distributed the game Dream Pinball 3D.

The website Torrentfreak got their hands on a copy of one of those letters that alleged file sharers have received which details how Logstep determines if users are distributing a game, application or media illegally.

Logistep uses a software called File Sharing Monitor that targets E-Donkey and Gnutella users. Here is how it works:

  • The software connects to a p2p server and requests a file name recording all IP addresses that offer that name
  • They request to download the file and if the download is permitted record the following information into a database
  • File name, file size, IP of the distributor, P2P protocol, P2P application, the time and the username
  • When this is inserted the application does an automatic whois to find out the user's Internet Service Provider to create and send out the letter.

I think it is interesting to note that this is almost an automatic process which leads to some questions. How do they know which archive has the correct size and is actually their product and not a broken archive? Is not it only possible to know the exact file size if they downloaded it at least once to verify that is is indeed their product?

Let us assume that they are not stupid and that they filter out every file below a certain size to prevent that users who do share mods or patches get sued. Let us further assume that a file that is labeled a certain way (with group tags) and shared among many users is the right program. Does this mean that the user that they are suing is responsible? They will always sue the account holder which could or could not be the person who shared the files.

What possible solutions can I think of that make the Logistep file monitor useless? Please note that this is hypothetical, I'm not advising anyone to actually use the methods listed below.

  • don't share files
  • share only files with no plausible file name (3dpd)
  • use encryption to share the files
  • use vpns like Relakks to share them
  • switch to Usenet
  • buy the game ;)

Can you think of anything else?


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Taomyn said on September 4, 2013 at 9:46 am

    And for those looking for a decent alternative that’s free and free from ads plus other crap (though I would recommend donating), then try qBittorrent:

  2. zondron said on September 4, 2013 at 10:10 am

    Why not use the portable version of uTorrent?

    Just downlad the .exe from official website into a folder, create a text file in the same folder, rename the .txt file to settings.dat and start uTorrent. You can move the folder anywhere.

    1. Coyote said on September 4, 2013 at 3:03 pm

      ^Exactly…. in fact I would recommend avoiding all versions over 2.0, the torrent portion of the program hardly changed, it’s all the ads, ratings, and possible tracking features that require all the additional installs.

      And this is why I never updated in a nutshell;

      More Ads (hit decline offer)
      Even more ads (hit decline)”

      Nope. I donated $25 several years ago to the utorrent crew.. possibly a decade… so I refuse to accept their reasoning for selling out so much.

      1. zondonr said on September 4, 2013 at 4:16 pm

        You can turn off the ads.

  3. Paul said on September 4, 2013 at 3:18 pm

    qBittorrent FTW!

  4. anon said on September 4, 2013 at 3:42 pm

    Qbittorrent your way out of this piece of crap.

  5. Dukislav said on September 4, 2013 at 5:45 pm

    +1 for Qbittorrent

  6. Blue.bsod said on September 4, 2013 at 6:25 pm

    I’m a long long time user of Bitcomet now and forever. Never any ads, no offers, nothing to decline, no sell out… little used due to the complex nature they still scare people away with, but their new install is a simple one click solution that discovers all settings on its own except firewalls.

    They follow a simple idea…’share’… if you share you can possibly go faster than those who don’t share. You can even see connections* connected to you and of them who is sharing and who isn’t… then you can boot them / ban them or ignore them selectively ‘mwahahaha…’. We can set how much we share, with who, and how fast we share.

    *in my personal experience over 95% of Azures and uTorrent users do not share, I boot them.

    So those who believe Bitcomet is hard to understand, they haven’t been that since version 1.09a (current public release 1.35). Also Bitcomet installs a Firefox add-on to capture media from the temp directory. You can easily unload it using Firefox’s Add-on Options page.

    Bottomline, Bitcomet is faster and easier to install/use. Signing up as a registered user will allow you to join the ranks as a sharing user. The more you share, the faster you can possibly go.

  7. suc said on July 19, 2014 at 7:21 pm

    utorrent installs itself in appdata folder so it can inject malware without the UAC consent. Don’t use utorrent because it’s unsafe!

  8. uTP said on December 8, 2015 at 10:47 am

    The best last version of utorrent is 2.2.1 build 25534

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.