Private BitTorrent Trackers Vulnerable To Anonymous Leechers

Home > Piracy >

Since the birth of restrictions, there's always been someone ready to set-free. BitTorrent set media free and then for a multitude of reasons, private torrent trackers restricted it. It appears that a group of people have published a method to allow non-members to leech private trackers for free. But at what cost?

A private tracker is a site which tracks/indexes torrents in the same way that a public one does but requires the user to become a registered member first. Depending on a site’s popularity and growth strategy, the work involved in becoming a member can range from ‘easy’, right up to ‘almost impossible’ – there are even tools available to automate the task and sites to trade invitations.

Why would anyone bother accessing a private site when you can get great stuff from PirateBay or Mininova? Most users cite better download speeds, great timing and availability of content while others believe they have better security. Most private trackers require that the user maintains a good ‘ratio’ – i.e he uploads back to the community the amount of data that he took. Because this behavior is monitored and enforced by a range of punishments, the user tends to seed more to avoid them. The ultimate punishment for not sharing is banning, which means the member can no longer access the content indexed within, well – that’s usually the case.

Information has been published showing a method for non-members to access and download stuff from private sites, using the (optional) Azureus Peer Injector plug-in and lists of peers (BitTorrent users IP addresses and ports they use) harvested from well known private trackers. Usually it’s the tracker on a site that decides if you can join the swarm or not (while recording your stats/ratio) but by using this method it’s theoretically possible to enter the swarm of a particular torrent without ever connecting to the tracker. The theory says that as long as you can access a .torrent file originating from the site (via a torrent dump site such as mininova, a friend or the site’s unprotected RSS feed for example) plus an accurate and up to date peerlist, you can download without being a member, ratio-free.

However useful this might sound to some, there is a cost. For the method to work, the group needs to harvest user’s IP addresses from each tracker they wish to exploit and make them available for people to download. They appear to have already compromised the privacy of users of TorrentLeech and SceneTorrents by publishing their IP addresses in a peerlist, at the same time claiming the method improves the individual’s privacy.

Its common on P2P forums for people to debate the benefits and drawbacks of public and private sites. Some feel private sites restrict, while others understand that a site’s growth sometimes needs to be artificially limited due to technical, staffing or budget issues. Some feel it’s wrong to ring-fence the available media and that it should really be ‘set-free’ while others feel that it’s neat being a member at a fast tracker with great image and they’re quite happy at being part of an ‘exclusive’ club.

In any event, I guess both parties are on roughly the same side in the end and they would likely agree – although of limited use on their own, the user’s IPs on sites like TorrentLeech, SceneTorrents and any other tracker should definitely be kept as private as possible, even if others believe the torrents shouldn’t be.


Popular Posts
From 2 Years ago…