Your Ad Here Your Ad Here
Results 1 to 8 of 8

Thread: BitComet leaks data

  1. #1
    rvt's Avatar Poster BT Rep: +1
    Join Date
    Aug 2007
    Posts
    441
    From the privacy policy when installing:
    The BitComet Software (the Software) automatically sends only standard, limited information to BitComet, which may be retained in BitComet's server logs. We do not associate this data with personally identifying information about you. The Software does not send any information about the files you are downloading, unless you enable the function of "Search for mirrors" while downloading in HTTP/FTP protocol.
    From the client:
    POST /xmlstats/ HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip
    Connection: close
    Content-Length: 281
    Content-Type: application/x-www-form-urlencoded
    Cookie: xxxxxxxxxxxxxxxxxxxxx
    Host: inside-stats.bitcomet.com
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

    Query=%3C%3Fxml%20version%3D%221.0%22%20encoding%3D%22UTF-8%22 %20standalone%3D%22yes%22%20%3F%3E%3CBitCometPost%3E%3CQuery %3E%3Ctask%20hash%3D%22a0743038e91828fc15db5eec0b2923b1c1518032 %22%20size%3D%2239967818%22%20type%3D%22bt%22%3E%3C%2Ftask %3E%3C%2FQuery%3E%3C%2FBitCometPost%3E
    This translates to:
    <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
    <BitCometPost>
    <Query>
    <task hash="a0743038e91828fc15db5eec0b2923b1c1518032" size="39967818" type="bt">
    </task>
    </Query>
    </BitCometPost>
    This was from a download of a 39MB file (the size part) with an info_hash of a0743038e91828fc15db5eec0b2923b1c1518032

    When stored in bitcomets server logs with an IP, this ties you to every file you have downloaded from public or private trackers.

    Tested with version 0.89 and 0.93, results are the same on both except Cookie is Client-Auth on 0.89

  2. BitTorrent   -   #2
    Skiz's Avatar (_8(I)
    Join Date
    May 2003
    Location
    CO
    Age
    40
    Posts
    29,631
    Just one more reason to ditch BitComet.

    I mean seriously....who still uses that shit?



    ΜΟΛΩΝ ΛΑΒΕ
    The FST Last.fm group

  3. BitTorrent   -   #3
    Poster BT Rep: +13BT Rep +13BT Rep +13
    Join Date
    May 2007
    Location
    Europe
    Posts
    683
    Well, it would be enough to tinker with the hosts file or block it in a firewall ... but like Skizo said, BitComet has never been a favorite client least of all on private trackers.

  4. BitTorrent   -   #4
    Quote Originally Posted by Skizo View Post
    Just one more reason to ditch BitComet.

    I mean seriously....who still uses that shit?
    Exactly. I havent really seen many people really care to use this client in over 2 yrs.
    I think its mostly noobs who try and use this nowadays.

  5. BitTorrent   -   #5
    Poster
    Join Date
    Aug 2007
    Location
    US
    Posts
    100
    I ditched Bitcomet a long time ago. But that sucks for anyone still using it.

  6. BitTorrent   -   #6
    rvt's Avatar Poster BT Rep: +1
    Join Date
    Aug 2007
    Posts
    441
    Done some further testing.
    All versions from 0.83 onwards send the hash and size.
    All versions 0.85-0.90 send hash, size and filenames.
    All versions 0.79-0.87 have serious problems even sending the stopped event, which leaves ghost torrents in your profile.

    I don't know how many use bitcomet on public trackers, but I know it still has its fans.

  7. BitTorrent   -   #7
    sear's Avatar Feeling Clamy BT Rep: +3
    Join Date
    Mar 2006
    Location
    Hmm...
    Posts
    3,018
    First thing I ever learned about torrents "don't use bitcomet". Seems like that was good advice.

  8. BitTorrent   -   #8
    Night0wl's Avatar GoaHead BT Rep: +6BT Rep +6
    Join Date
    Apr 2007
    Location
    On an island
    Age
    39
    Posts
    2,472
    I tried it once, can't remember whoch version. It was using 1-2KB for sending messages, and that was with about 5 torrents in the client.

    Let's just say I didn't use it long
    Quote Originally Posted by TheFoX View Post
    In the old days, if you misbehaved on a tracker, you got disabled, or worse, IP banned.

    Nowadays, there are more trackers than there are members, so if your tracker misbehaves, they get bookmark removed, or worse, URL deleted.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •