What Happened on September 23/24, 2021?

alpha60 logo

During a 24 hour period in late September, peer to peer activity in the USA for certain serial and film streaming media objects got cut by 90%, and continues this way into the future. Take a look at week-by-week data for the media object The Tomorrow War, where the phenomena was first observed.

The same phenomena shows up for other time quanta in a more dramatic fasion: days.

What’s going on?

Is this a kerfuffle, a temporary wrinkle in torrent hosting, or related to a technical change like an expired security certificate? Could this a problem with an upstream certificates expiring? Perhaps something related to Let’s Encrypt root CA X3 expiration? (Some background at the HTTPS Everywhere expiry. The Let’s Encrypt expiration on September 30th, so a week *after* the data started showing this issue.) Is this evidence of a configuration change at some specific service provider like Cloudflare’s CDN or Google’s DNS? Evidence of takedowns for certain release groups, evidence of some country or countries or agents of corporate media owners doing a new kind of piracy prevention? Is this a new or existing-but-newly-applied type of network block?

Could it be multiple factors?

Who is impacted? What’s the severity, and does it change by region?

If one looks at the bittorrent traffic across all torrents for the media property The Tomorrow War, in the 24 hour period between September 23 and September 24th (CEST) the problem is immediately obvious. On the first day, the USA was the top pirating nation for this media property, with 135k peers over the previous 24 hours. On the next day (September 24th), the USA was the #3 pirating nation, with 22k peers: a 84% reduction of peer traffic in a 24 hour time period. Peer traffic volume outside of the USA does not show a similar drop: notably Russia (98%) and India (65%) are less-impacted.

By country detail, for select top-sharing nations:


One theory is that there is some kind of VPN blocking or thwarting that prohibits CHN users from using USA VPN endpoints for the bittorrent protocol. If that was the case, the difference between the days in the USA (113k) might show up (at least in part) in other localities on the second day. But this is not seen in the data above, instead the only reasonable conclusion is that of a general traffic drop with regional differences as to impact.

This is just one example of this phenomena, there are several other media objects under study that have similar sample results curing this exact time period. Notable: USA based peer traffic after this specific point seems to be supressed as well. (Although samples of media objects that came out after this date appear to be fine.) Whatever this is, it is continuing to impact older torrent traffic in the USA through October and into December, 2021. Strangely, seed counts do not drop as “leeching” peer traffic across both days.

What’s going on? Other network monitoring tools show data that is harder to correlate for bittorent. See iknowwhatyoudownload: Day 84, Day 85.

Of the potential causes, issues related to the SSL certificate expiry seem the most likely. For bittorrent files, SSL certificates may be used by trackers (https URLs are HTTPS torrents.) So, for torrents that show up in the logs as encrypted, look to see if they are disproportionately impacted.

Looking at specific torrent files… the detailed results for the first day –day 84– shows the #1 torrent with the largest number of peers (24k) across all regions to be a synthetic torrent that combines multiple torrent files with the same bittorrent info hash into one unified synthetic torrent by the name of:


The next day –day 85– that same synthetic torrent to be #5 with (9.5k) peers. Guessing that the logs from this torrent or inputs to this synthetic torrent may show explicit errors that shed light on these results.

As an aside, here are the details for the sample of the media objects: The Tomorrow War. There are 275 unique torrent files, and 253 unique BTIH values amongst those 275 files. Of the individual torrent files:

  1. (The Tomorrow War (2021) [1080p] [WEBRip] [5.1] [YTS.MX]), had 22k then 23.7k peers on these days. No impact.
  2. (The Tomorrow War (2021) [720p] [WEBRip] [YTS.MX), had 18k then 17.5k peers on these days. No discernable impact, again.
  3. (The.Tomorrow.War.2021.1080p.AMZN.WEB-DL.DDP5.1.X.264-EVO), 14k peers then 2k peers, bingo. This.
  4. (www.1TamilMV.pw – THE TOMORROW WAR (2021) TRUE WEB-DL – 4K HDR – (DD+5.1 – 640Kbps) [Tam + Tel + Hin + Eng] – ESub.mkv), 10k peers then 926. bingo, This.