BitThief, the BitTorrent client that downloads torrents without uploading is spying on its users. Apparently the client is not only cheating on the BitTorrent community, it could also be a potential risk for the leechers that use the client.
The Java based BitTorrent client continuously sends user data to their server. Currently it collects the torrent hash, total size of the download, the current version of the client, total number of pieces available, and the size of these pieces. Since the data is posted on their server, it is possible to link all this info to the users’ IP-address.
The current version of BitThief comes with a property file contained in the bitThief.jar. The actual data is posted to
http://dcg.ethz.ch/projects/bitthief/et.php every time a torrent starts or stops.
It is unknown why the developers decided to collect the data. It could be that they collect these statistics for academic use, but I guess the more paranoid people among us could easily come up with other, more evil, motives.
The curious thing is that this “feature” of BitThief in not documented. The client is spying on you without your consent. Whatever the real motives are, it is yet another reason not to use this client.
Update: The BitThief homepage was updated a couple of hours after we posted this article. It now lists the spy feature.