I want to read this topic and I have to go through your idiotic rants.

Just wanted to say I agree with #67.
You can’t get fakes if you DL torrents
from the trusted uploader’s account.
All you need is common sense

You saw an “invisible” forum?
You’re really stupid and you’re hallucinating now

get well soon LoL

let ssee where they at public…..

Good discussion. Something definitely needs to be done on the technology side to reduce the number of fake torrents. Your ideas of PGP/GPG signatures sounds like a good start.

@48: You mentioned that a PGP signature wouldn’t really help because fake uploaders could supply their fake aXXo key, for example, and so the fake torrent would falsely validate correctly.

This is a good point. So what else could we do? Part of the way PGP public keys appear to work is to have a trusted place where people can acquire the public key in the first place for any given individual/uploader. These already exist: they’re called PGP public key servers.

If these PGP public key servers require too much personal information for registration, we could create anonymous PGP public key servers if the existing PGP public servers don’t provide enough anonymity. Trackers/torrent sites can then check the public key registered with the user name/ID at these (anonymous) PGP public key servers with the public key used to sign the uploaded torrent.

The only new requirement for users wishing to upload torrents then is to register a public key with an (anonymous) public key server.

@48: The point you made about 3.7Gb file being used to generate a signature taking a very long time is another good point, but this can be alleviated by employing your followup statement of using the MD5/SHA1 hash of the content instead. It’s okay if there are collisions, the point being that the likelihood of collisions is extremely small, and almost non-existent if someone is trying to duplicate content (fake) to have exactly the same SHA1 hash.

You said that you could easily make a fake file and give it the same MD5/SHA1 hash as the aXXo release, then paste everything from aXXo’s post (public key, signature etc.) into your fake post. This wouldn’t work if you adopt the strategy I mentioned above coupled to your (good) suggestion of using the MD5/SHA1 hash. For example, you could generate the SHA1 hash for the content. Then generate the signature for the SHA1 hash using your *registered* public key on a PGP public key server. Trackers and torrent sites could simply verify that the SHA1 hash is correct for the content using the uploaders p2p client, and then the torrent could be “signed” by signing the SHA1 hash. So these are the steps in point form:

The uploader performs the following prior to making their torrent content available:

1. Generate a SHA1 hash for the content.
2. Sign the SHA1 hash using their public key available on an (anonymous) PGP public server. This will generated a Signed-SHA1 key.
3. Upload their torrent using their p2p client providing the SHA1, Signed-SHA1, user name/ID.

The tracker/torrent site would then perform the following steps at the beginning of the upload process:

1. Confirm the SHA1 hash for torrent content using the uploaders p2p client.
2. Obtain the public key of the uploader from the (anonymous) PGP public key server using their user name/ID.
3. Confirm that the Signed-SHA1 hash resolves to the original SHA1 hash using the public key to decrypt the Signed-SHA1 hash.

And voila! No more fake torrents from uploaders posing as others.

Now, a fake uploader not using any of the popular names aXXO, KlaXXoN could still upload a fake as a different/new user and have their public key registered on the (anonymous) PGP public key server. In this case, one additional piece of information that the trackers/torrent sites could obtain from the (anonymous) PGP public key servers is the time that the user has been registered with the PGP public key server. The tracker/torrent site could have new registrants tagged as “untrusted”. In fact a new column could appear in every tracker/torrent site listing showing the level of public trust associated with a given uploader. The longer they’ve been registered, coupled to the greater number of non-fake uploads, the greater their trust rating.

Users uploading fakes would have to change their registration and user names frequently and re-register as new users on the PGP public key servers because the trackers/torrent sites would tag them with a very low trust rating given their previous fake uploads.

Thoughts?

Yes, with their PROPERs, REAL PROPERs, REALLY REAL PROPERs, etc.

only have one account allowed to upload with the “axxo” tag, that account being the real axxo

Please stop your foolish comments because nobody can read your language and what you say. I think may be you need to visit primary school to learn to write and read because there is a big problem with your language.Other option is please make some software by which we will be able to translate your language ohhh sorry!!! i forgot you’re too lame for that so why don’t you just get the fu@k out of here.

Mininova is absolutely shit at removing fake files, especially applications with PPI bundled. At the moment I have 80 or so torrents active that have been up for 7 days and more.

My “best” torrent so far has been up for 68 days with 5945 downloads… it’s still undetectable at virusnothanks, so good luck in spotting that one, rofl. It’s perfectly innocent looking torrent page: just the nfo details so good luck spotting that one you noob idiots.

Thanks for the easy cash all you idiots! :D

nathanhillinbl@gmail.com

MAKE YOUR MINDS UP TORRENTFREAK PUSSIES.

At one point in time, the public key must be verified to have come from the source in question.

Ie, if i was a fake uploader and i wanted to pretend i was aXXo, all i would have to do is make my own private/public key, add a signiture to my torrent file and paste a link to the public key on the torrent.

Authentic aXXo’s would use his authentic key, and fake aXXo’s wouldn’t – and we’d be in the exact same position as we’re in now, with fake aXXo’s using random names, and the real aXXo using his real account name.

Another point to bear in mind is that a 3.7Gb file couldn’t be used to generate a signiture. It’s just way to large and would take a millenia.

Much more likely is that you would hash the file with MD5 or SHA1, then using the MD5 hash, make a signiture using PGP.

MD5/SHA1 (or in fact any protocol which has to quickly hash a very large file) is succeptable to collisions – ie, two very large files which are different but make the same hash.

You could easily make a fake file, give it the same MD5 hash as the aXXo release, then paste everything from aXXo’s post (public key, signiture, et) into your fake post.

aXXo’s signiture would match the torrent’s hash, and people would there after assume that it’s *definatly* an aXXo release.

..so when they open up the torrent and find it requires a password to unrar something.. and they need to go to some website.. and that website says aXXo needs money to continue… what are you going to do? :(

Fuck, thinking about is you don’t even need to do an MD5 collision. Just put in your MD5.txt file the same MD5 as aXXo uses, and your golden.

People won’t bother checking the MD5 (they never do.. :( ), and you’re good to go.

http://www.Urssiva.com

Bast@rd…..

I have found that in TPB movies, on any given day when they are active about 90% of the fakes are from 3 or 4 seeders who start them up, are removed, then start them up over again. Usually 4 or 5 at a time.

I suspect they upload the torrents to TPB from different hosts than they seed from, otherwise TPB would ban them.

@Owned: you’re totally right
and big LOL at #7
haahaha

god………….

U bad mouth mininova be coz you are banned from there, FACT!!!

OWNED!!!

mininova and tpb both do a great job and provide a fantastic FREE service.

irc://irc.easynews.com/mininova

copy and paste that host into txt file.

If the files you get are passworded or otherwise bogus put the site into your badseed list. When you see him again abort your download.

some of the worst are:
kitty.cirtexhosting.com
rbixxxx.giga-dns.com

But things change and you should build your own list.

Uploading fake files to file-sharing networks is nothing new. Older networks such as KaZaA’s FastTrack and LimeWire’s Gnutella have long been a haven for junk and malicious files but as more and more people migrated to BitTorrent, it naturally beca…

Ecaltel seems to be a hosting company where you can host the prirate bay or any other bittorent index! As long as you don’t host the content…….

I think it’s easy enough to extend torrent file format with additional field that contains hashes of all pieces, signed by a private key of an individual, who’s name is specified in a header (+ another field).

This is purely for trackers/indexers, because common users won’t have a database of public keys to check against (and even if they do, that means modifying their torrent client, which is not possible for proprietary clients such as uTorrent).

http://www.darksiderg.com

Pretty much the best torrent forum in the world and not just beacuse of aXXo!

As for fake uploading then I do encounter it from time to time but I think sites can just add something like “Report fake” thing that will be assigning weight for torrent in “possible fakes” list. Add some other criteria and who knows may be then even automatic marking as fakes will be possible pretty quick in same way Gmail filters spam.

I usually look at torrent description and comments. If it is in zip or stored in some other weird way or contains comments that it is fake then I don’t bother to download…

(www.slyck.com)

I don’t consider myself a criminal, and I have no reason to hide in private sites, I’m not enough of a coward.

All trusted uploaders in MN have their own accounts
for uploading their torrents.
Torrent from their account with uploader’s name in RED –> Real thing
Just get the torrent from their account and you can’t be fooled.

Fakes are everywhere, not just MN