Two of the most successful methods are bots and honey pots. The former is designed to crawl websites and networks looking for keywords, MD5 hashes, filenames, and tags which identify possibly illegal file sharing. After compiling a list the human counterpart can download it and determine if it is indeed a pirated copy, and if so jot down who the uploader(s) was/were by IP address. The latter is more controversial as files will be uploaded, purporting themselves to be pirated content, but in fact are tracking decoys with a log kept of everyone who downloads it. Of course publishers rarely get their own hands dirty, passing this job off to third-parties which occasionally have their own dedicated servers for catching pirates, but it's a nice sting operation just the same. The hard part is tracking down the individuals, as they initially have to launch the lawsuits against Jane and John Doe in order to force the ISPs to release the information in most cases due to consumer privacy laws.
P.S. For some nice reading on this process look into the RIAA's enforcement partner MediaDefender.
Recently, I received this email from CNET user Nando P.:
I wanted to ask you a question regarding P2P programs and its legalities. I know that downloading certain files is an illegal activity but can?t a company or artist that has their product illegally somehow track you down? A couple of months ago I had downloaded software and the company who owns the software contacted my ISP, stating that they saw that I was sharing the file by looking up my IP address. Since then I haven?t really downloaded anything but it begs the question: can anyone track your IP or identity when using bit torrent, Azureus or programs of the like?
Thanks in advance for helping me out with this concern.
The short answer is: sort of. As far as I know, you can not be tracked for using a particular program by a 3rd party without the program publisher's consent.
However, most torrent apps today do let you see the IPs of who's helping to share the file being downloaded. So in theory, a publisher could track that, but it would require finding and opening the torrent in question. That seems like a lot of effort to me, given the volume of torrents on the Web and that most torrent communities require registration.
It seems more likely that you could be tracked by using a cracked program that regularly "talks" to the publisher's server or site. There is the issue, however, of ISPs relinquishing user privacy protections to avoid being litigated against, which means that users with lots of download traffic will stand out as red flags to investigators.
Still, I'm not an expert on the myriad ways that users can be hunted down. Anybody else want to chime in?