The Hydra Project: An Anti-Piracy Proof BitTorrent Tracker
Written by Ernesto on December 03, 2007The Hydra Project is a new script for private BitTorrent trackers designed to resist any attack or raid, and to guarantee the privacy and anonymity of its users. It’s truly hydra compatible, which is much needed quality in these turbulent times.
The Hydra Project, THP for short, is developed with privacy, anonymity and survivability in mind. One of innovative features of the project is to make an OpenID for users of private BitTorrent sites so their login information and upload/download ratios can be shared across different websites. The torrents can also be shared among different trackers. This ensures that user ratios and uploaded torrents will not be lost if for some reason one of the BitTorrent trackers ceases to exist.
Shanti Braford, the developer of the project explained to TorrentFreak: “The idea is that a group of admins can get together and form a sort of distributed set of private BitTorrent trackers. bacon.org, eggs.com, ham.net and sausage.fm can all get together, share user databases, torrents, upload/download ratios, etcetera. If eggs.com gets raided, the rest of the sites are still alive and the torrents people have downloaded will still work because they’ll be associated with multiple tracker URLs.”
THP will be one of the most private and anonymous BitTorrent trackers, something that most users will absolutely appreciate. For example, no email addresses will be collected, the IPs will not be stored (only memcached) and .torrent files will not be connected to users. There is even an option for the administrator to delete all data via a memcached shutdown in case the server loses its connection to the network, which will happen if there’s a raid.
The tracker script is developed in Ruby on Rails. “The code is about 90% there,” Shanti told us “I’ve kept it very simple and rudimentary, but functional. If any PHP coders are interested perhaps it could be ported over.” I would encourage all developers who are interested in the project to take at the project page and THP’s Sync API wiki.
If THP lives up to its expectations the Hydra will be more flexible and stronger than ever.
Previously: The Pirate Bay Dashboard Widget for the Mac
Next: MPA to Christmas Movie Pirates:”You’d Better Watch Out, You’d Better Not Try!”
74 Responses
balls in a hat!
So much happier to use this one then use one that records your IP – copyright breacher? Me? *Cough*
Sounds exactly like what’s needed for the bittorrent community. Hopefully this isn’t just a flash in the pan and it turns out to be The Next Big Thing.
This is what we’ve needed for a while. Let’s hope these guys follow through and deliver.
If it’s true, this would be nice. Unfortunately, the MAFIAA knows about this too now.
…what? you’d think they diddn’t check this site? o.O
Cheers to THP! I like the idea if one place gets shutdown all Torrents will continue to survive at another location. It’s like a never ending domino effect.
They may finish before Christmas, giving all p2p users a nice and safe present. That one deserves two jellybabies! Three when it’s 100%.
The Hydra Project is hella cool. Making our lives alot safer. This will make the anti pirates hella jealous. Lol!
Three cheers for the hydra project,
hip hip
Long live THP! Can’t wait for this to finish. That 90% completion rate reminds me of having an old 56K modem. I wonder if it’s at 92% or even 93% complete now.
[quote comment="229886"]Three cheers for the hydra project,
hip hip[/quote]
Horray!!
Nice.
[quote comment="229888"]Long live THP! Can’t wait for this to finish. That 90% completion rate reminds me of having an old 56K modem. I wonder if it’s at 92% or even 93% complete now.[/quote]
It’s still at 90% complete. A snail may actually get across a road before this thing gets done. I’m just too anxious! Please hurry and save our community Hydra. Your our only hope.
[quote comment="229891"][quote comment="229886"]Three cheers for the hydra project,
hip hip[/quote]
Horray!![/quote]
Hip Hip!!
This is really sweet! But even when its 100% complete they will need to do the standard alpha, beta, delta tests for final approval. Afterwards then we can all rejoice. No more worries from those pesky anti pirates…at least for the time being. THP will be our version of stealth technology. Hehe
Horray!!
but how come it took so long for such an idea?
but how come it took so short time to come up with sutch a stOoOoOopid question?
Hip hip!!
Horray!!
Wouldn’t this just make it easier for the anti-piracy organisations to find and persecute all the trackers in this hive?
Aweshome! with a lishp :P
I prefer “Hip hip Jorge”, but since I’m not playing baseball now “Hip hip horray” will do just fine.
After reading all of the ‘hip hip horray’s’ I forgot what I was going to write. Damn. Oh well hip hip horray!
Number one join us in our celebration.
willriker:Ai ai captain. Hip hip horray!
Its amazing how Hollywood lobbies for the MPAA to put pressure on the government of the States to crack down on such stuff that is in the “Grey Zone”. And they in turn put pressure on Interpol to do the same. Just amazing.
If Hollywood would get off their high horse (and how many of their movies are stolen from writers that try to make a break in their screenplay and a studio steals it when they say “not our kind of movies, sorry”. Now not only were their previous movies stolen crap, now they won’t even pay the writers that steal the idea to say its their own. Pretty funny. So what now? Will Hollywood begin to sue studios, heaven forbid, if a new opens up and decides they don’t care if their movies are copied after a period of time?
What will Hollywood do if people stop downloading their movies and half the hype of movies vanishes?
Nice idea :) Hope it gets airborn soon!
Some Q’s:
If you have 1 torrent in that Hydra, you have the IP off ALL other trackers? Doesn’t this increase server load for all the trackers?
Interesting. However, memcached IP’s and other important info that might need to be destroyed on a raid is a good idea, I will def be putting that in on our site.
Yeah just one problem here still. They are going to be using memcached to store the IP’s. Not that I have a issue with this, but It was ruled in the states that anything stored in memory can be used as evidence in a case. Obviously US law does not apply to them. It still makes it so things are not as anonymous as they want you to believe.
http://www.zdnet.com.au/news/software/soa/US-ruling-makes-server-RAM-a-document-/0,130061733,339278641,00.htm
@Wade damn you for beating me to it!
Not a big fan of these private projects.
Open torrent sites like TPB and mininova ftw!
So.. There just needs to be an admin-mole for the RIAA & Co who implements this and they can grab the whole database of alle the conected sites?
Just the idea I got from this..
Would be nice if I’m wrong:)
No one’s mentioned Gazelle here:
http://torrentfreak.com/whatcd-tracker-script-071130/
They would seem to have some serious competition now. Not just the sites, even the codebases are going hydra!
Sounds good, liked especially the idea if one tracker is down the other can continue..possible a true global bit torrent network with millions of peers? :)
Missing the flawed detail this project. With so many sites sharing the same thing and linked together in such a way, it will leave them all to be raided and shutdown at the same time. Seeing as if they get enough “evidence” on one site it would me the same thing is on X X and X site as well. Leaving all sites vonrable to being shutdown for the same reasons. THP would be a great way to speed up torrents and share them but the problem with them having the same incriminating metadata would leave them all targets of the same unjust’ attacks.
Great idea, to bad it won’t work.
For starters there is no safety in using private sites. Organisations like media defender have never had any problem infiltrating these in the past.
Keeping ip numbers in memory may sound nice, but it only takes one http request to obtain the list of ip numbers on a torrent from a tracker. And joining the swarm will have all the other clients that aren’t listed trying to connect to a fake client.
Furthermore what is going to stop organisations like media-defender from joining the hydra with their own trojan tracker? Sure your tracker will keep all the important data in memory, but it won’t be very hard for a hacked version that is a part of this hydra to dump all the information into a neat logfile.
I just wish people would get a clue, hiding in the shadows is simply not going to cut it.
fucking awful idea
and when the server gets nipped by the feds … they get the whole basket of eggs … how sweet! NOT!
FISHY! VERY FISHY….Call me paranoid but….oh well Y NOT!!!
As I understand this project, it’s up to the admins of the different projects to get together and “join in” the hydra movement – ie. there is no way (as for known quantities of “no”) there could be an infiltrator of this system – as long as of course one of the admins of the joining sites isn’t already a mole, which would sort of already be a problem.
This would be most useful if the trigger for the “jump” only gets triggered if the original tracker isn’t available for a given amount of time – say 24 or 48 hours – then the client “jumps” to the next tracker in the hive, only then getting this tracker – this could maybe be achieved by encrypting the url’s, and only decrypting them if the original tracker isn’t responding, or if the user especially requests a “jump” – and, of course, given that the user is an actual user of the private site.
No, I have not looked at any code, I have no real idea how torrent-site/tracker-code work, I’m just thinking aloud here…
Also… I’d like to know, as some other commenters have questioned – just how is one avoiding a total takedown of a hive, if one is taken down?
this is the enemy invited to your dinner table
this is evil DHT at the tracker level
open to abuse, sponsored by Paedos, unsafe!
WARNING: the MPAA already owns bittorrent.com and uTorrent BEWARE: the New World Order
Brilliant!!!!!
Once it’s finished all needs to happen is the admins to get together…Very good News..Keep us posted..
Neo
[quote comment="230073"]Great idea, to bad it won’t work.
For starters there is no safety in using private sites. Organisations like media defender have never had any problem infiltrating these in the past.
Keeping ip numbers in memory may sound nice, but it only takes one http request to obtain the list of ip numbers on a torrent from a tracker. And joining the swarm will have all the other clients that aren’t listed trying to connect to a fake client.
Furthermore what is going to stop organisations like media-defender from joining the hydra with their own trojan tracker? Sure your tracker will keep all the important data in memory, but it won’t be very hard for a hacked version that is a part of this hydra to dump all the information into a neat logfile.
I just wish people would get a clue, hiding in the shadows is simply not going to cut it.[/quote]
Lol theres always mr know it all in these comments, and yet you have no idea what the fuck your talking about, YOU get a clue, from what it sounds like you have no idea how this stuff works.
Do a little research when the product comes out, instead of just coming to the first conclusion you can muster, otherwise, shut the fuck up. Apparently you think that hiding is not a good solution, so what IS your solution? Hmm thats right you don’t have one, so go fuck yourself.
Rycon, “seriously now”’s comments & questions raised seem to make good sense. Your commentary however, is filled with swear words and derrogatory remarks only highlights your own ignorance. Stepping on somebody to raise yourself higher, only leaves down lower (on the scale of human social maturity) in everyone else’s eyes.
I’d like to see some well thought out retorts to “Dec 03, 2007 at 18:06 by seriously now” comments… without all the ego.
Thanks,
someguy
Centralizing is not good, adding extra compelxity isnt either, the old chaotic pirate cell approach is much better.
Trackers can use encrypted disks.
Tracking tables already are memtables.
p2p is screwed any way it’s published, tracked or used. long live the scene
Seriously here, this tracker could be the most adopted if they simply add one feature. Instead of posting in mods to the code, make it extensible like firefox (perhaps this is less possible than I figured if it is really based on old tracker code as implied in the ‘thanks’ portion of the website at the bottom. All the other trackers out there require pasting in code to do mods (afaik).
Extensions are the most important part of firefox in my book, and pretty much everyone running popular trackers uses modded code these days. The tracker that makes modding more possible to the masses will change the world, because more people will be able to setup trackers with useful featuresets.
Nice idea, but neither RoR or PHP will meet the performance needs of many of the largest trackers used today. Hopefully, an effort will made to port this idea to C/C++.
My knowledge on this things is limited – but wouldn’t the whole MPAA-Problem be solved if the BT-Clients wouldn’t only leech & share the files they are actually wanting but would also share parts from other Torrents – meaning one User who downloads/shares some legal content (let’s say a Linux-distribution) and has nothing to do with piracy ;-) would also share parts of other Torrents (maybe even illegal copies)!
I know there are P2P-nets out there who do exactly the same – but they are all awfully slow!
If the tracker would assign these Extra-Parts to the clients (maybe based on the swarm-speed for the individual torrents) this method could even speed-up the overall swarm-speed (especially for slow Torrents) – by giving the unused Upload-Speed from torrents/seeders to the Torrents in need! – This wouldn’t counteract the Benefits of BitTorrent, since this would just be an additional way of getting the parts where most of the speed still comes and goes through direct connections between the peers (which all want the same torrents)!
So if the MPAA & Co connects to the swarm/tracker and tries to download from other clients in order to LOG them they can’t tell wether the peer actually is downloading/sharing these torrents or just assigned as a mirror for these parts!
The Extra-Parts are no Copyright-Ifringement since the Client only knows the Hash (and the Hash-for checking the Parts of course) and not neccessarily needs to know the content (and the same goes for the tracker) and also are partial-downloads no Copyright-Infringement!
Correct me if I missed the point – but imho this really would solve some problems and also increase the availability of “slow” (or torrents with only a few seeders) and maybe even prevent some torrents from dying!
Nice idea in theory. But how will this be applicable to privatr sites.
I think what all privacy-protectent server admins need to do is Use eraser every 3 or 4 days each week on the free space of the entire hard drive, and clear pagefile memory, then use encrypted databases and clear IP Addresses every week if onone is commiting abuse or fruad, clear the logs so if the Police come and get the server admin, they won’t get older logs, in fact, u might Not wanna Log at all.
The databases don’t need to be open to moderators because a Agent could become a moderator and harass pirates and the admin thinks the mods are doing a good job when they are really harassing file-sharers.
Next I think the Server admins need a ram eraser, a program that fills the unused ram with random zeros and ones in case the cops try to recover the ram data.
Now as for the agents logging peers and seeds, thats where you need to use my BitTor idea, or use a secure proxy that you know you trust and that you know won’t log your activities, you know no hacker honeypots because you will be arrested for $1,000,000 in piracy fines.
Then we need Bittorrent to use anywhere from 256Bit AES encryption to 512Bit Encryption, or Military grade encryption through any Bittorrent download and upload.
We also need something where for security against hackers you might need to log the 3 sections of the IP Address such as 123.432.123.x to prevent lawsuits.
Just some random ideas on how to protect the file-sharers and file-downloaders.
Another idea is have a network where you prove trustworthy to be a moderator of a torrent website, like a secret rule where you have to share about 200 pirated releases without breaking any rules to become a moderator because a RIAA/MPAA/Fed Agents would never share lots of pirated content, so that solves our problem.
No rebel Moderator Spies.
Great but how much PHP do you have to know to use it on your own site
Again, why not co-operate with David & Co from randpeer.com, and make it the best thing ever. Shanti, this is for you:
http://www.pjort.com/randpeer/backgr.html
Try not to flood the world with attempts at things, be VERY certain it WILL actually be safer than anything else.
And those nagging about it being prone to kiddy porn and such, get a clue: THEN DON’T DOWNLOAD IT. You’re barking up the wrong tree and scared of the wrong groups of people. The ones that want to hide their identity in order to exchange forbidden data will NEVER be discouraged or encouraged by any new peering technology like this.
“Another idea is have a network where you prove trustworthy to be a moderator of a torrent website, like a secret rule where you have to share about 200 pirated releases without breaking any rules to become a moderator because a RIAA/MPAA/Fed Agents would never share lots of pirated content, so that solves our problem.”
Nice idea but unfortunately they can probably do wtf they want with the law falling over themselves to help the corps
What did the MPAA say to the Hydra?
[quote comment="230112"][quote comment="230073"]Great idea, to bad it won’t work.
For starters there is no safety in using private sites. Organisations like media defender have never had any problem infiltrating these in the past.
Keeping ip numbers in memory may sound nice, but it only takes one http request to obtain the list of ip numbers on a torrent from a tracker. And joining the swarm will have all the other clients that aren’t listed trying to connect to a fake client.
Furthermore what is going to stop organisations like media-defender from joining the hydra with their own trojan tracker? Sure your tracker will keep all the important data in memory, but it won’t be very hard for a hacked version that is a part of this hydra to dump all the information into a neat logfile.
I just wish people would get a clue, hiding in the shadows is simply not going to cut it.[/quote]
Lol theres always mr know it all in these comments, and yet you have no idea what the fuck your talking about, YOU get a clue, from what it sounds like you have no idea how this stuff works.
Do a little research when the product comes out, instead of just coming to the first conclusion you can muster, otherwise, shut the fuck up. Apparently you think that hiding is not a good solution, so what IS your solution? Hmm thats right you don’t have one, so go fuck yourself.[/quote]
Hehehe, I must have put my finger on the sore spot there…
.;LJKCVJM;DS;/. CV;L’ CV AV/;’VA [’DRSJ /.’X
this shit sounds like a bust
I think Im gonna Cry. Im so happy come on 100% its like waiting for the ball to drop and its 1999 all over again the anticipation and suspense is …….. driving me crazy. go team Hydra you are gods to us
[quote comment="230256"].;LJKCVJM;DS;/. CV;L’ CV AV/;’VA ['DRSJ /.'X[/quote]
Get it in PHP, and it will see success. Offshore Rails hosts are much harder to find, unfortunately.
Seeing as 99.999999999% of sites are hosted in sweden it wont make a difference if one of the sites gets taken down, because the whole operation will be for naught!
pffff…..LETS ALL HYDRA TO SWEDEN!!
lol? I think n.o.t
well great, “hydra” went from a word i haven’t read since high school to the most annoying overused word on my computer screen.
[quote comment="230356"]Seeing as 99.999999999% of sites are hosted in sweden it wont make a difference if one of the sites gets taken down, because the whole operation will be for naught!
pffff…..LETS ALL HYDRA TO SWEDEN!!
lol? I think n.o.t[/quote]
hmm didnt TPB start looking for a safe spot in North Korea because sweden wasnt safe anymore?
hmm perhaps it was just a shit report…
First off, Ernesto – thanks for shedding more light on the project. I’ll definitely get my act in gear and finish up the proof of concept in RoR.
To answer a few of the questions from the comments:
* All sites in each “federation” or whatever you want to call it, have to trust each other. This is left up to the torrent admins who want to try running a script like this. If they believe that they can trust one another, then they add each other (including the passkeys, domain names, etc) to the list of trusted sites in the network. If you trust someone who happens to work for the MPAA, well, you must not know your friend / fello admin that well, and I don’t know of a way to get around this threat, really.
* There can be multiple (any X number) of federations. i.e. as from the example, you can have “bacon.org, eggs.com, ham.net, etc” in one federation, sharing torrent / user data. Then another group of admins, with completely separate torrents and data, can get together, and perhaps have a different focus on their content (music, instead of video, for example). This separate network would operate on their own domain names, e.g. fido.net, shaggy.com, lassie.org, whatever.
* It *is* indeed true that if every single one of the sites gets raided at the same time, the entire network will crumble. It’s easy to make backups, but if the network has lost control of all domain names, then the .torrent files people have downloaded will simply no longer work. Having servers in Sweden, China, South America, etc (one “head” of the Hydra in each) may well be a good idea for the truly paranoid.
If you want to hack on code (RoR, PHP or python), drop me a line at: shantibraford (at) gmail.com
To quote jamiroquai: o/` We’re going deeper under ground o/`
Wouldn’t this just raise more questions, if the thing is meant to be global? Who controls the OpenID server, who controls the ratio?
First off, Ernesto – thanks for shedding more light on the project. I’ll definitely get my act in gear and finish up the proof of concept in RoR.
To answer a few of the questions from the comments:
* All sites in each “federation” or whatever you want to call it, have to trust each other. This is left up to the torrent admins who want to try running a script like this. If they believe that they can trust one another, then they add each other (including the passkeys, domain names, etc) to the list of trusted sites in the network. If you trust someone who happens to work for the MPAA, well, you must not know your friend / fello admin that well, and I don’t know of a way to get around this threat, really.
* There can be multiple (any X number) of federations. i.e. as from the example, you can have “bacon.org, eggs.com, ham.net, etc” in one federation, sharing torrent / user data. Then another group of admins, with completely separate torrents and data, can get together, and perhaps have a different focus on their content (music, instead of video, for example). This separate network would operate on their own domain names, e.g. fido.net, shaggy.com, lassie.org, whatever.
* It *is* indeed true that if every single one of the sites gets raided at the same time, the entire network will crumble. It’s easy to make backups, but if the network has lost control of all domain names, then the .torrent files people have downloaded will simply no longer work. Having servers in Sweden, China, South America, etc (one “head” of the Hydra in each) may well be a good idea for the truly paranoid.
If you want to hack on code (RoR, PHP or python), drop me a line at: shantibraford (at) gmail.com
As for the future of p2p I’m not entirely convinced it will be online. Once 2TB HD’s are commercial & portable HD’s reach 200GB I would imagine piracy would revert back to the classic ‘tape sharing’, with 2 results – less network congestion & more security. It’s certainly how I would envisage my own use going.
The majority of the problems seen in America is due to the rampant business nature of the economy. Music exec’s have to be seen to do something about the p2p problem or else they’ll be fired for incompetency, up steps the lawyers “hey guys! we’ll take the problem away for you! no win, no fee!” and here we arive.
69: Oh thats right, You failed to mention, I don’t know, It has no hope of providing anonymity in any sort of degree, I downloaded the source and it wasn’t even complete. Secondly, You erroneously make the statement that Trackers provide some sort of intrinsic performance enhancement, Trackers are used in order to get around the problems of decentralized systems of Searching and Distributed Hash tables, Which is why if you are using Azureus (or uTorrent, Though it provides a slightly inferior implementation of DHT {{Distributed Hash Table}}) You will never get as many sources as you would with just a tracker.
Of course, I haven’t even BEGAN to touch on the problems of sending the public/private key along with encryption data, Which, Might I add, Doesn’t even make sense.
[quote comment="229872"]Sounds exactly like what’s needed for the bittorrent community. Hopefully this isn’t just a flash in the pan and it turns out to be The Next Big Thing.[/quote]
Are you kidding? If this actually comes out, it’ll be the biggest thing since header/protocol obfuscation debuted 2-3 years ago!
[quote comment="230140"]Centralizing is not good, adding extra compelxity isnt either, the old chaotic pirate cell approach is much better.
Trackers can use encrypted disks.
Tracking tables already are memtables.[/quote]
Correct; centralizing power is always a bad idea; but the only way to efficiently have decentralized power is to have global communications and inter-personal/entity/community relations. This only happens with communications, with communications that are “centralized” in the sense that they are global, and all individuals and communities can access the communications network.
So yes, centralizing power is bad (ie, cenralizing all tracking lists onto one site); but globalizing tracker communications (ie, giving each shared file a list of failsafe trackers)? That’s just smart.
[quote comment="230217"]Again, why not co-operate with David & Co from randpeer.com, and make it the best thing ever. Shanti, this is for you:
http://www.pjort.com/randpeer/backgr.html
Try not to flood the world with attempts at things, be VERY certain it WILL actually be safer than anything else.
And those nagging about it being prone to kiddy porn and such, get a clue: THEN DON’T DOWNLOAD IT. You’re barking up the wrong tree and scared of the wrong groups of people. The ones that want to hide their identity in order to exchange forbidden data will NEVER be discouraged or encouraged by any new peering technology like this.[/quote]
Hell, judging by the ease with which the mafIAA has penetrated the bitTorrent network [we may as well be transparent:], and yet the continued presence of pedo rings online [with their heavy funding from organized crime], I would think they use a radically different p2p approach than bitTorrent, or they would be caught by now!
almost makes ya wish there were big funding behind greyhat issues too….
im a programmer over at seedmonster.com, i will definitly discuss this with the staff. Sounds like a cool project.
you dont know how to write rubbish !
2 references to this post
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.