Help and Support
Ask a question, report a problem, request a feature...
<<  Back To Forum

[Feature Request] ctrl-shift dpf + PEX = Risk, public DHT

by notaLamer on 2021/03/20 02:36:41 PM    
Liberate the files!
Defy the Horrible Hoarders who try to privatize their purloined "property".
Lovely how much it was advertised on the Tixati User Group channel, but I think it's worthy of serious reconsideration.

My comment:
"Strip the ctrl-shift dpf flag from all the torrents you share."
... I think it's only fair to remove the flag if you also disable PEX (peer exchange)
Otherwise you make the peers of the private swarm public, possibly against their will, and make them targets for the public, global DHT surveillance
You probably know how much of a target the honest Bittorrent users make themselves. The DHT is globally public and is being actively (ab)used to hunt them.

While some trackers set the pr1vate flag out of selfishness/"exclusivity", however this does provide the users, within the walled-garden, swarm some sort of privacy (similar to what NAT does for networking, no more and no less). Some users may foolishly rely on it ("private" place), ignoring the basic precautions & opsec.

Clearing the flag on your end with PEX enabled exposes these users to the public DHT visibility.

My proposal: this hotkey to automatically disable PEX too. This way you do not expose the private side of the equation to the public. You act as a standalone seed in the public DHT - it was your choice after all to clear the prv flag.
If the user still demands so, they can reenable PEX manually.

For an explanation, consider this example:
- Private swarm only uses the tracker, making a localized community. No DHT communication.
- You join the swarm and communicate with the tracker, hence knowing about all other peers.
- You clear the "ctrl-shift dpf" flag, you start communicating with global & public DHT.
- A malicious surveillance peer finds you via DHT and connects to you, successfully retrieving metadata.
- If the metadata reveals contents of interest, the malicious surveillance peer is able to gather information about the "private swarm peers" by using you as a relay, via Peer Exchange.
- Now the "private swarm peers" are effectively globally public. You exposed them, and they're potentially endangered.

In addition, from a UX point of view it'd be nice to see if the prv flag was cleared in the past (for you to know that it never was a public xfer to begin with)

PS: I volunteer to write an article on the wiki on this topic and about this consideration between prv flag & PEX (with illustrations etc.)

Thank you for usi Tixati!
by Guest on 2021/03/22 09:37:46 AM    
Clearing the flag on your end with PEX enabled exposes these users to the public DHT visibility.

Enabling PEX or DHT does not work for private torrents.

Modifying the "private" flag in a torrent also modifies its hash --> it becomes a different torrent, so the private swarm is not exposed.
by notaLamer on 2021/03/23 02:45:30 PM    
Thanks for your response!
Modifying the "private" flag in a torrent also modifies its hash --> it becomes a different torrent, so the private swarm is not exposed.
I mistakingly thought that worked by ignoring the private flag, however it is actually well defined in the specification (albeit not too easy to find). The links for those interested:

https://wiki.vuze.com/w/Private_torrent
https://www.bittorrent.org/beps/bep_0027.html

Basically Tixati keeps a second infohash in the background for the transfer, one for the original private torrent and one for the unlocked torrent?
by Guest on 2021/03/24 08:58:55 AM    
For simplicity:
infohash = hash(<private flag> + <other torrent metadata>)
If the private flag is changed from 1 to 0, the infohash also changes. The private swarm will be different from the public swarm.

The difference is, that the good torrent clients in the private swarm won't exchange peer information through DHT or PEX.
Note that the private flag just tells the torrent clients how to behave, it can not enforce that behavior.
A malicious outsider peer can only find you via DHT if an insider peer (a peer which is already inside the private swarm) behaves badly.




This web site is powered by Super Simple Server