Last week uTorrent rolled out the first Beta version of their 3.0 release. Among other things, uTorrent 3.0 allows users to rate and comment on the torrents they’re downloading. It’s a feature that many people have requested, but for the more privacy conscious user, it also begs the question where these comments and ratings are stored.
With their roll-out of uTorrent 3.0 last week, BitTorrent Inc. introduced a bunch of new features. Users can now stream video files while they’re downloading, and they can also add comments and ratings to torrents.
Interestingly enough, these comments and ratings also work on torrent files that are shared on private trackers. Among some of the more privacy concious BitTorrent users this raised a few questions. Most importantly, where is this data stored and what information is attached to it?
To answer the above we got in touch with the uTorrent engineering team to find out how these comments and ratings are handled by the client.
Right away we were assured that none of the data is stored on a central server, and that the data can never be traced back to its source. Instead, the comments you see appearing in your client are sent as an extra piece of data, similar to how other files are shared with peers.
“µTorrent 3.0 adds an extension message for distributing comments within the swarm. All clients that support this extension message store all comments they have seen, per torrent,” the uTorrent engineering team informed TorrentFreak.
“When peer A joins a swarm, it will send a request for comments to peers that support this message, say peer B. If peer A already has some comments, it passes along a bloom-filter representing the set of all those comments. When peer B responds, it will not send comments that are already present in the bloom filter. This prevents duplicate comments.”
So basically, all comments and ratings associated with a particular file are shared among members of that swarm. If another peer has a comment that you don’t have already, it will send it to you, and vice versa. The messages are sent through the tracker and don’t rely on DHT, this means that they work on private torrent files as well.
The requests for comments are sent every 20 minutes by uTorrent, and this is how they are shared among peers. In the beginning when there is a relatively low percentage of users supporting the extension the comments and ratings will propagate slowly, but when uTorrent 3.0 becomes the stable release these issues will be gone.
The uTorrent engineer team further explained that comments are stored in the resume file for a torrent, which helps keeping comments alive across sessions. But other than on the computers of uTorrent users, the comments are never shared outside the swarm on a central server.
Although it’s good to know that uTorrent’s commenting and rating system is fully decentralized, it also introduces a new feature that may be less welcome. When comments and ratings become a new standard to check the quality of files in the future, there is no doubt that these features will be exploited by spammers to make fake torrents appear more legitimate.
Time will tell whether the ‘costs’ will outfit the benefits, and whether the unmoderated system will be able to handle the potential influx of trolls and spammers. In the meantime it’s a simple affair to paste a hash value into Google – or append it to the URL on sites like Torrentz – in order to double check.