by sylwester on 10/23/22, 9:18 AM with 99 comments
Now, I am thinking about releasing it as open-source for others to study, but not sure if I should, because it might be used for "evil".
by boramalper on 10/23/22, 1:22 PM
by mutant on 10/23/22, 1:32 PM
Someone else did this a while back, universe continues to exist.
by brobinson on 10/23/22, 11:23 AM
by majestic5762 on 10/23/22, 1:37 PM
by tmtvl on 10/23/22, 11:10 AM
by retonato on 10/23/22, 8:07 PM
1. There is no absence of people opening the kind of torrent indexers, which you have in mind. In 2010s there were 5-10 such sites launched each year, even nowadays there are at least a few new indexers yearly. Almost all are closed within a year or two (at most). There are reasons for that, some are less obvious than others.
2. Most likely you will close your site after some time as well, here is why:
2.1. It will be difficult to find a hosting, which will tolerate it. Forget about Linode or Digital Ocean or any similar hosting providers - they will suspend your server (first) and account (later) after receiving a few automated DCMA emails. You can use some "second-tier" providers for some time, but eventually even they will get tired of you, you will be out the moment they receive the first paper letter from some law company, which represents some movie company or alike. You can use proxy servers or some other arrangement for some time, but eventually you will decide that it isn't worth the effort.
2.2. The same thing is true for domain provider. Yes, there are a few, which are more resilient, than others, but don't expect that they will protect you and your domain indefinitely for $15 per year. If your site is popular enough - the only option may remain to register a new domain every few months and hop between them. Eventually you will get tired of that. It may take half a year or a few years, but you will.
2.3. There are no money in torrenting nowadays. Forget about ads or donations - even thepiratebay cannot earn money that way, you will not be able to do that either.
2.4. Sadly, torrents are not that popular nowadays as they were 5-10-15 years ago. Some people still use them, but in most developed countries that's more like an exception, than the rule. The rule is netflix, spotify and alike. As a result, if you imagine large and happy community of users around your site - just don't, most likely there won't be any.
2.5. Don't expect just to launch a site and rest. You will spend at least 5-10-20 hours per week on its maintenance (fixing bugs, importing/cleaning data, adding new features, etc). It will feel fine at first, but more and more tiring as the months and years go by. Eventually you will get bored and stop any maintenance. Users don't like old/unmaintained sites, so they will be less and less interested in it. Eventually you will decide, that it isn't worth the effort to run it at all.
by sascha_sl on 10/23/22, 12:21 PM
by the8472 on 10/23/22, 1:07 PM
If you want to build an indexer you should write a normal implementation and then use http://bittorrent.org/beps/bep_0051.html
by r3trohack3r on 10/23/22, 4:59 PM
I adapted my local “torrent roulette” application to an electron app that can be shared. My local version downloads the files, but the one I share only fetches the torrents metadata (easy to adapt it back to my roulette approach). I call it Taboo: https://github.com/retrohacker/taboo
The amount of “evil” on the DHT is pretty low. I’ve run mine for a long time, and very rarely get anything evil. I suspect it’s because of how poorly BitTorrent plays with privacy tools like VPN and Tor, IIUC it’s easy to leak identifying information with BT and its high bandwidth.
Nearly every “evil” file I’ve found is either: a honeypot with not-evil content or password encrypted (maybe to remove the plausible deniability of a random download?). I don’t know if the encrypted files actually contain evil content, I don’t bother trying to crack them and promptly gshred them.
What you will find:
* a lot of content illegal under US copyright law
* a lot of porn (also illegal under US copyright law)
* a metric tonne of fascinating content from other cultures you’d otherwise not be exposed to (also probably illegal under US copyright law)
There is very little “legal” content on the DHT, but most of it is falling on the wrong side of intellectual property law. Sometimes password/credit card dumps. I once found some very sketchy schematics of Eastern European military equipment. But that stuff is also really rare in my experience.
If you do play with these systems, I’ll leave the same warning I left on the Taboo repo:
> Note: I AM NOT A LAWYER! To my knowledge, there aren't any other systems doing this that you can run on your laptop. I suspect the nuance of how Taboo works isn't going to be appreciated by your local law enforcement. If you don't want to test the legality of Taboo in court, I'd strongly recommend either: running a VPN (less safe) or not using Taboo (most safe). If you want to use Taboo with a VPN, may I suggest putting some money in an envelope and sending it to Mullvad?
Adding this on after reading your comments elsewhere in the threads:
If you're worried about Intellectual Property enforcers using this for evil, I wouldn't worry too much about it. BTDigg already exists. Not that what you're doing isn't novel or exciting (great work on this BTW) - but DHT indexing is an art thats already being practiced. Cat is out of the bag.
by 0dayz on 10/23/22, 11:08 AM
by jrm4 on 10/23/22, 2:44 PM
Nothing evil about being a modern archivist/librarian, despite what big companies would tell you.
by pdimitar on 10/23/22, 12:13 PM
Go for it and open-source it.
by hardwaresofton on 10/23/22, 3:31 PM
by BLKNSLVR on 10/23/22, 12:25 PM
If you're worried about blowback as a result of "evil" uses / users, is there a way to release it (somewhat) anonymously, so it's difficult to be traced back to you?
by qualudeheart on 10/23/22, 10:43 AM
by icpmoles on 10/23/22, 12:28 PM
by keroro on 10/23/22, 4:02 PM
[0] https://github.com/urbanguacamole/torrent-paradise
[1] https://cloudflare-ipfs.com/ipfs/QmQjsKamNFZRvCMXDvZXQmRYjsm...
by compressedgas on 10/23/22, 9:24 AM
by joeman1000 on 10/23/22, 11:00 PM
by navjack27 on 10/23/22, 9:28 AM
by arthurcolle on 10/23/22, 4:42 PM
by bArray on 10/23/22, 11:25 PM
by gwnywg on 10/23/22, 1:18 PM
by gloosx on 10/24/22, 8:24 AM
by 2Gkashmiri on 10/23/22, 9:59 AM
by hombre_fatal on 10/23/22, 4:28 PM
by thinkmcfly on 10/23/22, 12:41 PM
by acehw on 10/23/22, 10:41 PM
by yieldcrv on 10/23/22, 7:15 PM
by ehPReth on 10/23/22, 5:09 PM
by dontbenebby on 10/24/22, 12:59 PM
For evil? I wouldn't worry about that. Not now.
You should put prominent warnings it's not "consumer grade" or whatever, but I think there's more value in sharing your code than there is risk someone will perform an attack they otherwise couldn't. Conversely, the second amendment wasn't just meant to apply to guns -- in America, "arms" can absolutely mean "cyber".
Now, to be fair... the NRA is basically a way for boomers old enough to get "reoccurring income" to write off donations to the GRU on their taxes at this point, but there was a time in this country[0] when they used to give people who had a re-occurring subscription were sent a video called "Stop! Don't touch!!" (or something to that effect), which was meant to be their first lesson on guns -- and make no mistake, when you "cyber", you're reaching into the toolbox.
There was a period in the 2000s where it was EXTREMELY difficult to get some of these tools up and running, and then, in parallel, you could also experience hardware or driver issues, and people quite rightfully used to scare the everloving shit out of the type of person who would bring esoteric knowledge to light too quickly.
Even if you knew exactly which commands to run, in which order, you had to deal with stuff like the fact the drivers for Airport literally won't go into monitor mode, which is when you tell the radio in your laptop to store not just the packets addressed to it, but any packets that happen to... drift on by.
I really cannot emphasize enough how hilarious it was to me that it took until about twenty goddamn twenty[-1] for some folks to realize the main benefit to "cyber" is that it's remote -- since I was about twelve years old, I've run into people who do... very rude things with the computer, paired with wielding the fact that in the united states, possession of what is now being called "CSAM" was what's called a "strict liability" offense -- pair that with gatekeeping access to the title "security researcher" and it led to a very uneven playing field.
(They'd also do things like say oh, gee, you can't get a security clearance if you engage in software piracy, while also telling folks it's probably better to just torrent stuff than use some shady torrent site... and mentioning they have a security clearance in another thread or whatever.)
Now, if this program was, say, a script that spiders through a hard drive using the Luhn algorithm[1] to suss out if the drive contains PII or automates bringing down one's wireless interface, changing the MAC address, then bringing it back up... that might be something you might not want to give to your enemies by putting onto Github or whatever.
Myself, I usually still stick to the Pirate Bay -- I've still got a backlog of stuff I haven't watched... it feels like just a short time ago I was getting all emo I had no one to watch "Cats"[2] with, ha-HA!!
But this? I think you're good to go, and I thank you for taking the time to learn the version control system and share your code.
If anything, you'll be aiding public health. Streaming services are abusive... I own very few movies since I've moved around so much -- it became a running gag with my exes -- but it's like back when cable briefly wasn't going to have commercials, then within pretty much one generation they added them right back in addition to collecting the subscription money[3]... those sorts of people should be shown that video from the 80s of the one KGB defector explaining that America is unique, and there is nowhere else to defect to.
(He was right, and if you abuse your access folks might be unwelcoming.)
-- [-1] I purposefully waited about two years to make that joke... at least two times.
[0] (I'm posting from my home)
[1] I was told it's used to verify something is a CC # but apparently it can get some false positives -- that wasn't mentioned last time I looked it up, hehe: https://en.wikipedia.org/wiki/Luhn_algorithm
[2] Did you people forget that they called it Redphone because it was supposed to REDUCE tensions?
[3] https://web.archive.org/web/20150501092025/nytimes.com/1981/...