How users are being tracked on P2P networks

Martin Brinkmann
Feb 9, 2008
Updated • Dec 2, 2012
File Sharing, Security

Have you ever asked yourself how it is possible that users are tracked over months in P2P networks although their IP address may be changing regularly because of dynamic IP addresses? We only hear reports about session based user identification. Session based means that shared files of this session are analyzed and recorded opposed to tracking a user over months.

Common sense tells us that the IP address is the major information needed to identify a user, but there are other information available to other users of P2P networks that can be used to track users even if the IP address changes. Those are, among other data the software and version used as well as the MAC address of the computer.

These two values are used to generate a hash that identifies the user even if the IP changes because the IP is not relevant for tracking users over a period of time. It is still recorded though with additional information like shared files, date and time, servers and all other information available as it is needed to identify the customer who has subscribed to the Internet in the end.

It could be that even more information are used to calculate the hash value. Everything that is not changed regularly could be possible. The hash value of a new user is then compared to a database table that contains the hash values of users that have been using the P2P network and linked if a match is found.

The option you have to overcome that form of user tracking? Changing your MAC address is probably the best option in this regard as software and version used is not really enough to identify a specific computer system or track a user over time unless it is an obscure version that no one else uses anymore.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. quasimodo said on February 12, 2008 at 12:16 pm

    MAC numbers are not transmitted over the internet via TCPIP, thats a big misconception.

    A p2p application by ITSELF can put this information into its own data traffic, though.

    The only p2p application i know of doing this is KAZAA !

    (Hint: Skype was developed by the Kazaa people !)

    Many other p2p applications generate a USER HASH on first run for various valid purposes.
    Thats quite OLD news actually.

    It is a recommended practice to force a user hash recreation by either manually deleting the appropriate files or by uninstalling/reinstalling of the p2p app on a regular basis.

    I do it every couple of months, about 3-4 times a year.

  2. rruben said on February 10, 2008 at 9:41 am

    The last time I checked pearguardian, it wasn’t vista ready. I will look whether it is v.r. now.

  3. lord Luca said on February 9, 2008 at 11:10 pm

    Have a look at PeerGuardian.
    “PeerGuardian 2 is Phoenix Labs’ premier IP blocker for Windows. PeerGuardian 2 integrates support for multiple lists, list editing, automatic updates, and blocking all of IPv4 (TCP, UDP, ICMP, etc), making it the safest and easiest way to protect your privacy on P2P.”

  4. man friday said on February 9, 2008 at 6:59 pm

    I’m shocked, P2P users being tracked, what will they think of next?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.