Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Lets Talk About BT v2

  1. #1
    Intr4ns1t's Avatar Pro-antinegativist BT Rep: +4
    Join Date
    Dec 2007
    Location
    pressing ur thnx button
    Posts
    689
    So, I am bored, and seem to have a case of insomnia, so I thought I'd start another less than exciting, wordy, and mostly friendly thread for people to have opportunity to talk about this hobby in more depth than usual. The last thread I started like this actually turned out pretty well in my opinion, so lets see if we can't manage that again. I thought it was pretty informative and would encourage anyone who to post their thoughts on the subject at hand, or anything relevant to the current state of BT affairs.

    What I primarily wanted to talk about was the pros and cons of the different approaches to security in private tracker land, and their relevance to the current state of the internet, with an eye to the near and not so near future. It seems, to me, that many of the current policies that are embraced as necessary, are/will become outdated, and do not parallel the rapidly advancing state of technology and the way we connect to the internet.

    In particular, I would like to talk about the social focus of that security, versus the code side of security. What exactly is the point of personalizing the security process, and what are the advantages/failings of that approach? What are the real benefits versus the perceived benefits? Is it an effective use of manpower, in light of the hugely increasing accessibility to what is fast becoming, literally, the world wide web?

    I understand there's a psychological advantage in that approach to securing a tracker, and that it pays dividends with the userbase, regarding willingness to slough off the paranoia that we are told we should exhibit at all times, and actually download with reckless abandon. But, how much is this advantage really advantageous now? This approach has led to a thinning of the bandwidth for many, many files, as very many of the people that use small trackers belong to many of them, no matter how many they'll admit to signing up to. It's almost become a prerequisite to belong to many trackers should you want to join one of the better run trackers, and that makes sites need to garner public interest to get bandwidth, to not be one of hundreds of sites with 5 thousand members and 10 snatches a day.

    Yes, I understand that the advantage of the hydra is that you can cut off one head, and still have many heads left, but if all of those heads are filled with nothing(in this instance implying no traffic, if stuff isn't shared, the whole protocol is pointless), you just end up with a really stupid dragon.

    I have one request in this thread. Please, try to leave semantic debates out of this discussion. The english language is very elastic, so try to stretch your brain with it
    With that said, I especially would like the input of people who have a more technical knowledge of the security side of the internet, so without further delay, let's have at it.
    Quote Originally Posted by KFlint
    Think 9 is the new 10.

  2. BitTorrent   -   #2
    stoi's Avatar BCG Owner BT Rep: +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45
    Join Date
    Oct 2002
    Posts
    4,288
    About the files, at least they are there for you to download. But it is a catch 22 situation.

    members complain about slow downloads, but they want retention, well if there is a torrent from 2-3 years ago with 1 seeder, the chances of getting a fast download are slim to say the least, and if there was a seedbox member on it, then members would complain it isnt fair that the seedbox member is bullying them out of bandwith (if another leech does come on) and then you get others that say thanks but i will ait for more seeders, and then turn around and say they cant upload because there are to many seeders and not enough leechers, well its their own fault because they didnt jump on it whilst it had 1-2 seeders and 200+ leechers, so in that respect we just cant win.

    I have seen ppl say on other forums/blogs etc that they are seeding anywhere from 400-5000 torrents at a time, well yes they are keeping them alive but if they have crap upload (which most will) then i pitty the downloaders, especially if some are big files.

    I try to keep my active torrents down to about 20, but keep an eye on others just incase a leech comes along (I dont do it as often as i should though, multi torrent clients have made things easier, but lazier imho)

    and lets be honest 90% of members on trackers dont usually look any further than the 1st page of browse, i have lost count the amount of times i have bumped an old torrent to the top of browse and comments like "great game i have been looking for this for ages, thanks for the upload" when its been on the tracker for 2-3 years is silly, a simple search would have brought it up.

  3. BitTorrent   -   #3
    ca_aok's Avatar Poster BT Rep: +1
    Join Date
    Feb 2008
    Posts
    1,942
    The problem is more tangible increases in security than we currently have would require inconvenience on the part of the users, or a huge increase in site load.

    I think there's something to be said for security through obscurity. Let's face it, are the anti-p2p people going to go after a site like Demonoid, with hundreds of thousands of members, or some little "rare" tracker with a few thousand that few people have ever heard of? I completely agree that the smaller trackers have nothing in the way of content or speed and retention compared to a large tracker, and I've slowly been gravitating away from them, but it makes sense to me that if it's harder for people in general to get invited, it's harder for the IP phishers to get invited.

    I think we'll see a much more serious push against bittorrent in the coming years. I'm not sure what it'll be, but I doubt the sites we've come to know and love will outlast this decade. What rises from the ashes will be more interesting to see. No matter what we do, the weakest link is the direct connection between peers displaying the other users IP addresses. Unless we see a rise in cheap proxies that are somehow legally immune, this will always be a serious issue.

    As for the sites themselves, there's not a lot more they can really do to hide. The few sites I've seen that have taken it to a crazier extreme (running on a Tor hidden service, etc) are super slow and frequently down.
    Quote Originally Posted by whatcdfan View Post
    u are somewhat fairer then the last occasions but still pal i give a damn to what u said and expect i really dont need anything from u or optimuscrime i get what i want coz u 2 guyes dont own bittorrent and i dont think i portrayed any image i wrote simple english and u are seems to be very good at making assumptions if someone is not a cheater and u assume he's a cheater and write what u wrote and when u are proven wrong who u think will owe an apology then barack obama????

  4. BitTorrent   -   #4
    The simple truth is that few people in p2p care about real security or even know what real security means.

    Most users want something for free, and want to put minimal effort, time, and money in order to get it. This means the number of ratioless trackers opening is on the rise as users no longer see the point in saving up ratio credits to download older content. Users are buying cheap servers for a month or two, buffering a TB of credit, then hit&running on everything in perpetuity, adding no benefit to the site and hurting retention.

    Staff meanwhile are concerned chiefly with what they can get for themselves, and the prestige of their site. New sites opening monthly, with staff immediately requesting (and funnily enough receiving) invites and VIP status places previously out of reach. Older sites plagued by inactive user bases are content with letting their sites slowly die as handing out invites (or *gasp* open signups) would hurt their own site's prestige (kudos to HDBits for actually purging some deadweight and allowing at least a few new members). Not to mention site owners taking money from the site's account for their own, personal use. Sites with bugs in the

    To be honest, there is no such thing as security in p2p. Absolute security means that you can trust beyond a shadow of a doubt every single member of a site. I don't know the nicks of 99% of the people on a site and neither do you. I don't know any of them IRL. I have no way of knowing if a given person on a site is a legitimate p2per like me or an informant until it is too late and I am already in trouble for my actions. And with the current design of bittorrent, anyone can join a swarm I am a member of and pull my IP address.

    There is some truth in the saying, security through obscurity. Being a member of a smaller tracker and fewer trackers does make it harder to bust you. But all it does is increase obsurity... not security. MPAA/RIAA like to go after the big targets for the big headlines, but there is no reason they could not go after you as well.

    p2p protocols are inherently insecure, and if you are looking for security and peace of mind, you are in the wrong place. Security means you place inherent trust in everyone you can and do connect to (this means every member of every tracker you are actively using for leeching or seeding. Despite anyone's best wishes, it is not possible to know or trust every single person in a tracker, and to trust that every single person will be responsible with his invites, and his invitees will be responsible, and so forth.

    The only thing that could remotely come close to security is to force everyone to use anonymous proxies and/or VPN's in countries with lax anti-piracy enforcement. But this even itself has inherent disadvantages (added cost, decreased speeds, increased difficulty in staff finding and removing bad users).

    If you want true security, look into F2F (friend-to-friend) protocols. They work by allowing you to specify the exact set of users you wish to connect to. Through this, groups of friends can spider out to connect everyone indirectly. If you and I aren't friends, but share a mutual friend, you can still download files I am sharing, but connections will be routed through mutual friends (or whatever chain of friends connect us together).

    This likely decreases speeds, available content, and bandwidth usage efficiency. But it is definitely the most secure. You can't have your cake and eat it too.

  5. BitTorrent   -   #5
    Tokeman's Avatar Ron Paul 2012 BT Rep: +30BT Rep +30BT Rep +30BT Rep +30BT Rep +30BT Rep +30
    Join Date
    Oct 2006
    Posts
    2,278
    F2F sucks, unless everyone indirectly knows some one with (FTP) access to dumps. Its great for securely sharing what's already out there, but not new releases...
    Ron Paul: Hope for America

  6. BitTorrent   -   #6
    Intr4ns1t's Avatar Pro-antinegativist BT Rep: +4
    Join Date
    Dec 2007
    Location
    pressing ur thnx button
    Posts
    689
    Apologies for my delay in responding, forst off, I managed to get some sleep after all, and was quite busy yesterday evening, but I am here. Some good posts sop far folks, so thanks for the serious responses

    Quote Originally Posted by stoi View Post
    About the files, at least they are there for you to download. But it is a catch 22 situation.

    members complain about slow downloads, but they want retention, well if there is a torrent from 2-3 years ago with 1 seeder, the chances of getting a fast download are slim to say the least, and if there was a seedbox member on it, then members would complain it isnt fair that the seedbox member is bullying them out of bandwith (if another leech does come on) and then you get others that say thanks but i will ait for more seeders, and then turn around and say they cant upload because there are to many seeders and not enough leechers, well its their own fault because they didnt jump on it whilst it had 1-2 seeders and 200+ leechers, so in that respect we just cant win.

    I have seen ppl say on other forums/blogs etc that they are seeding anywhere from 400-5000 torrents at a time, well yes they are keeping them alive but if they have crap upload (which most will) then i pitty the downloaders, especially if some are big files.

    I try to keep my active torrents down to about 20, but keep an eye on others just incase a leech comes along (I dont do it as often as i should though, multi torrent clients have made things easier, but lazier imho)

    and lets be honest 90% of members on trackers dont usually look any further than the 1st page of browse, i have lost count the amount of times i have bumped an old torrent to the top of browse and comments like "great game i have been looking for this for ages, thanks for the upload" when its been on the tracker for 2-3 years is silly, a simple search would have brought it up.
    As far as seedboxes are concerned. I consider them to be a bain to swarms everywhere, for that whole cyclical idea you described. They are a good part of the reason that it has become a "job" to get a proper ratio on many sites for non-seeboxers. I think, though, that they are a sign of the future and the rapidly increasing speeds that are becoming available around the world for what is becoming cheap rates. No, it's not a universal, poor Aussies, but that is one of the things I think need to get addressed in the not too distant future. The way torrent sites sort users kind of makes it inevitable though, as everyone loves competing. Very few sites take an egalitarian approach to user levels. Bandwidth whores are rewarded, and I've only known of one site that punishes/d people for overseeding.

    Quote Originally Posted by ca_aok View Post
    The problem is more tangible increases in security than we currently have would require inconvenience on the part of the users, or a huge increase in site load.

    I think there's something to be said for security through obscurity. Let's face it, are the anti-p2p people going to go after a site like Demonoid, with hundreds of thousands of members, or some little "rare" tracker with a few thousand that few people have ever heard of? I completely agree that the smaller trackers have nothing in the way of content or speed and retention compared to a large tracker, and I've slowly been gravitating away from them, but it makes sense to me that if it's harder for people in general to get invited, it's harder for the IP phishers to get invited.

    I think we'll see a much more serious push against bittorrent in the coming years. I'm not sure what it'll be, but I doubt the sites we've come to know and love will outlast this decade. What rises from the ashes will be more interesting to see. No matter what we do, the weakest link is the direct connection between peers displaying the other users IP addresses. Unless we see a rise in cheap proxies that are somehow legally immune, this will always be a serious issue.

    As for the sites themselves, there's not a lot more they can really do to hide. The few sites I've seen that have taken it to a crazier extreme (running on a Tor hidden service, etc) are super slow and frequently down.
    The bold part of your post is greatly troubling to me, as I agree wholeheartedly. That belief is part of why I posted this thread actually I do think that net neutrality and internet privacy in general are on the brink of disappearing, and I really believe it will be a quiet whisper behind us rather than a thunderhead in front of us when it does occur. As far as the obscurity issue, that'd be entirely feasible and effective, if not for sites like FST/ZP/TI/FNB/FSF/TF/BTRACS that make it a point to ruin that obscurity by laying bare every torrent site that anyone gives a shit about.

    It pretty much makes it impossible to have a secure site as some self-serving individual, that didn't get treated with exactly the amount of respect they think they deserve, decides, "well fuck these guys, I'll Show THEM!" then proceeds to start a new account at FST so that they won't be held accountable via their real nick. That is one of my only real issues with FST, that utter lack of accountability, even when faced with an obvious breach of the one account rule. Yes, they ban dupes, but they do no service to filesharing by hiding those individuals. It's a blank check to post whatever you want about whoever you want, with no recourse, and that attitude is part of the growing trend in BT to just burn through accounts and start a new one when you burn too many bridges with the existing name. I am all for freedom of speech, in fact, I have fought, and would die, for your right to speak your mind, but only if you have the nuts to actually stand by your words as yourself. With that freedom comes the responsibility to be held accountable. Unfortunately, that concept is nigh on impossible, considering the inherent, and necessary anonymity of filesharing.

    Quote Originally Posted by chrisbeebops View Post
    The simple truth is that few people in p2p care about real security or even know what real security means.

    Most users want something for free, and want to put minimal effort, time, and money in order to get it. This means the number of ratioless trackers opening is on the rise as users no longer see the point in saving up ratio credits to download older content. Users are buying cheap servers for a month or two, buffering a TB of credit, then hit&running on everything in perpetuity, adding no benefit to the site and hurting retention.

    Staff meanwhile are concerned chiefly with what they can get for themselves, and the prestige of their site. New sites opening monthly, with staff immediately requesting (and funnily enough receiving) invites and VIP status places previously out of reach. Older sites plagued by inactive user bases are content with letting their sites slowly die as handing out invites (or *gasp* open signups) would hurt their own site's prestige (kudos to HDBits for actually purging some deadweight and allowing at least a few new members). Not to mention site owners taking money from the site's account for their own, personal use. Sites with bugs in the

    To be honest, there is no such thing as security in p2p. Absolute security means that you can trust beyond a shadow of a doubt every single member of a site. I don't know the nicks of 99% of the people on a site and neither do you. I don't know any of them IRL. I have no way of knowing if a given person on a site is a legitimate p2per like me or an informant until it is too late and I am already in trouble for my actions. And with the current design of bittorrent, anyone can join a swarm I am a member of and pull my IP address.

    There is some truth in the saying, security through obscurity. Being a member of a smaller tracker and fewer trackers does make it harder to bust you. But all it does is increase obsurity... not security. MPAA/RIAA like to go after the big targets for the big headlines, but there is no reason they could not go after you as well.

    p2p protocols are inherently insecure, and if you are looking for security and peace of mind, you are in the wrong place. Security means you place inherent trust in everyone you can and do connect to (this means every member of every tracker you are actively using for leeching or seeding. Despite anyone's best wishes, it is not possible to know or trust every single person in a tracker, and to trust that every single person will be responsible with his invites, and his invitees will be responsible, and so forth.

    The only thing that could remotely come close to security is to force everyone to use anonymous proxies and/or VPN's in countries with lax anti-piracy enforcement. But this even itself has inherent disadvantages (added cost, decreased speeds, increased difficulty in staff finding and removing bad users).

    If you want true security, look into F2F (friend-to-friend) protocols. They work by allowing you to specify the exact set of users you wish to connect to. Through this, groups of friends can spider out to connect everyone indirectly. If you and I aren't friends, but share a mutual friend, you can still download files I am sharing, but connections will be routed through mutual friends (or whatever chain of friends connect us together).

    This likely decreases speeds, available content, and bandwidth usage efficiency. But it is definitely the most secure. You can't have your cake and eat it too.
    So, how do we address that inherent insecurity of the protocol? Create a module for torrent clients that automatically encrypts the ip address you are connecting to, as well as your own? That doesn't sound that difficult to me, but I am not technically knowledgeable about writing code. Would it be terribly difficult to create a piece of code that would encrypt that visible, loggable ip address, or even just not show peers as resolvable ip's? I'm serious too, though that question would probably be better asked at utor's forum. You are touching on the stuff that I was hoping to get to with this thread really, though I am still undecided whether it's just a flaw in the protocol or the users and sites both. I would love to see improvements in those inherent flaws, but until there is "public" and outspoken interest in a resolution of that shortfall, I'm sure bt client makers will concern themselves with the initial desire of most file sharers, namely faster consumption, at a low cost(ie, download and that's it).

    I do not deny that we are a naturally selfish species, that's life, but, I do like to think we are capable of transcending those base animal tendencies.
    Quote Originally Posted by KFlint
    Think 9 is the new 10.

  7. BitTorrent   -   #7
    ca_aok's Avatar Poster BT Rep: +1
    Join Date
    Feb 2008
    Posts
    1,942
    The problem with the above "encrypting IP" thing is that while you could do so for the peer list, anyone with a network traffic monitor could still grab all of the real IPs. That's the thing, the weakness is the direct connection between clients, which is also one of the strengths, since it maximizes speed. You'd have to build some sort of mandatory proxy into the client which would need to run on some ridiculously beefy connection or downloads and uploads everywhere would slow to a standstill.
    Quote Originally Posted by whatcdfan View Post
    u are somewhat fairer then the last occasions but still pal i give a damn to what u said and expect i really dont need anything from u or optimuscrime i get what i want coz u 2 guyes dont own bittorrent and i dont think i portrayed any image i wrote simple english and u are seems to be very good at making assumptions if someone is not a cheater and u assume he's a cheater and write what u wrote and when u are proven wrong who u think will owe an apology then barack obama????

  8. BitTorrent   -   #8
    Quote Originally Posted by Intr4s1t
    So, how do we address that inherent insecurity of the protocol? Create a module for torrent clients that automatically encrypts the ip address you are connecting to, as well as your own? That doesn't sound that difficult to me, but I am not technically knowledgeable about writing code. Would it be terribly difficult to create a piece of code that would encrypt that visible, loggable ip address, or even just not show peers as resolvable ip's? I'm serious too, though that question would probably be better asked at utor's forum. You are touching on the stuff that I was hoping to get to with this thread really, though I am still undecided whether it's just a flaw in the protocol or the users and sites both. I would love to see improvements in those inherent flaws, but until there is "public" and outspoken interest in a resolution of that shortfall, I'm sure bt client makers will concern themselves with the initial desire of most file sharers, namely faster consumption, at a low cost(ie, download and that's it).
    Bittorrent was not designed with security in mind. Any member with access to the tracker can easily scan through all torrents and recover the IP addresses of each other member leeching or seeding the torrent.

    Security and trust go hand in hand. On any given tracker, you probably know and trust a handful of users. But you do not know everyone very well. You cannot trust everyone completely. All you need is a single leak to compromise the security of a tracker. The only way to mitigate this risk is to have a smaller and smaller member base. This is to limit the odds of one user being a bad egg, and to limit the potential fallout of a bust (limit the number of users exposed to the breach). But that too has its disadvantages (lower content, speeds, and retention).

    Encryption will not work because a client still needs to receive a decryption key in order to get IP addresses. Even if IP addresses are obscured for every client, it is still possible to sniff network traffic to detect P2P traffic.

    The only way to increase security is to shift to a protocol whose foundation is trust. This means F2F (friend to friend) darknets. Speeds may decrease, but security will increase greatly, and users can easily set their own security level by saying on their own who they will allow connections to. Perhaps the current autouploaders and seedboxes of today will be the high speed F2F sources and routing links of tomorrow. Current P2P communities will serve as ways to find additional trustworthy F2F links.

    Quote Originally Posted by Intr4s1t
    I do not deny that we are a naturally selfish species, that's life, but, I do like to think we are capable of transcending those base animal tendencies.
    You would hope so, but look at the current state of the bittorrent scene today vs a year, 2 years, 3 years or more ago. Things are getting worse, and money is becoming a bigger player in P2P as scene and P2P grow closer together with it, with quite a few people on both sides getting nice payouts for the ignorance of the masses.

    Sadly, there are not many sites where I can say that I even trust all staff. There are some sites where staff don't even trust each other. How can I be expected to trust every person of a 1,000.. 5,000... 100,000... member site when I can't even trust all of the 5 or 10 or so staff?
    Last edited by chrisbeebops; 01-12-2011 at 02:18 PM.

  9. BitTorrent   -   #9
    Intr4ns1t's Avatar Pro-antinegativist BT Rep: +4
    Join Date
    Dec 2007
    Location
    pressing ur thnx button
    Posts
    689
    You both point out the boldest shortcoming of torrents. How depressing. So the risk is absolutely necessary for the reward. I have to believe there has to be a better way to mitigate the risks than having to interview everyone that joins, though. While it seems like a great idea at it's face, it's a terrible way to replenish userbases. It requires a. a moderate personality who doesn't need your blood type to believe you, as well as having the time it takes to individually review everyone. b. a large staff to deal with that increased need for manual perusal. c. everyone being assumed totally honest from the get go()

    I guess barring only ever sharing the hash with people via private messages, and never using a central tracker, there's no way to get around the risks?
    Quote Originally Posted by KFlint
    Think 9 is the new 10.

  10. BitTorrent   -   #10
    ca_aok's Avatar Poster BT Rep: +1
    Join Date
    Feb 2008
    Posts
    1,942
    You could build a network sort of like Tor where trackers would be linked together (would require serious recoding) to manage chains of peers rather than a swarm of peers. Each connection would take place through several hops in a chain of machine making it impossible to determine the IP of the downloader or uploader from any perspective. I2P was built with the load generated by filesharing in mind, however the overall download speed will be slowed to the slowest upload speed in the chain, which realistically will be 10-30kB/s, if that. You could specify a minimum and maximum number of hops within your client to attempt to speed things up, though lowering the number of hops would increase the chance of you being identifiable.

    With fairly widespread demand and cooperation (which in the current climate doesn't exist and the general public is anti-P2P) you could in theory create a series of adhoc networks that would place entire cities into a virtual LAN, bypassing ISPs entirely. This would be nearly impossible to manage and control if an appropriate protocol was crafted. However, there'd be gaps wherever there wasn't network coverage, so you'd essentially be turning each city into its own darknet.
    Quote Originally Posted by whatcdfan View Post
    u are somewhat fairer then the last occasions but still pal i give a damn to what u said and expect i really dont need anything from u or optimuscrime i get what i want coz u 2 guyes dont own bittorrent and i dont think i portrayed any image i wrote simple english and u are seems to be very good at making assumptions if someone is not a cheater and u assume he's a cheater and write what u wrote and when u are proven wrong who u think will owe an apology then barack obama????

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •