A large Polish pay-torrent site by the name of Torrenty.org recklessly exposed the IP addresses of its users, most of whom are thought to be sharing copyrighted files.
A few days ago, the admins of an unnamed “open” BitTorrent tracker noticed their traffic spike from about 200 announces per second and 220,000 peers to an astonishing 570 announces per second and 480,000 peers. What happened? It turns out that Torrenty.org started to use the tracker for their torrents.
What Torrenty.org did is simply change the the IP address of their tracker (tracker.torrenty.org) to the open tracker’s IP address. They’re reasons for doing so remain unknown.
Apparently, in all their torrents they were still using the hostname “tracker.torrenty.org” in the HTTP header. That means that all torrents originating from the site could easily be tracked, something a torrent site hosting illegal torrents might not necessarily want happening. The author of the ‘Stories from an Opentracker‘ blog and admin of the open tracker in question writes:
The fun part is, a quick look at the torrenty.org website shows us that they in fact serve warez-torrents and take money for that. Now they provided us with a complete list of IP-addresses of their customers and an easy way to distinguish their customers from all other requests by checking the HTTP-header. If we would be some kind of copyright-prosecutor, which we are totally not, now would be the time to send some letters to customers of torrenty.org.
Whether the site was aiding in the illegal sharing of copyright files is besides the point. What’s really shocking is that a site can be so careless about protecting its users privacy and anonymity.
The open tracker guys e-mailed Torrenty.org, but their e-mail bounced. A day later traffic from Torrenty.org fell sharply. It looks like they’ve stopped using the open tracker. I’m not sure if the fact that Torrenty.org (Google Cache) is unavailable has anything to do with it, but all of this seems exceptionally peculiar.