I just realized that a Russian torrent client shows 100% availability for files and directories for which there has not been any publishing of magnet nor torrent file. There are only two Tixati installs on two PCs (one with 3.3.3, the other with 3.3.8) in my LAN that have those files (so I thought ...).
How can that happen ?
Perplexity indicated that there may be a leak in the DHT implementation that allows such?
Can you pls. advise?
TXs
Michael

Announcing to a DHT, in any client is PUBLIC.  There's nothing to leak.  This applies to all torrent clients.

How do you think BTDigg works exactly?

You can browse other people's torrents just by going into DHT, Peer DB tab.  Each line is a torrent hash.  You can just copy those and open as a magnet link and browse the files.  That's what all the scraper bots do.  There's nothing to be done about it, except don't use DHT and use a private tracker instead.

What exactly is a “Russian torrent client”? Did you mean some torrent search service?

Also, if you need to transfer torrent contents over local network, you can either enable local peer discovery, or manually add local addresses and ports of the other peer on both sides. See Transfers — Peers - Local peers. For single use, you can add local peer manually on Options tab for specific torrent. If you create a private torrent without trackers (or disable DHT and PEX for a regular torrent before starting it), no one from outside is going to learn about it.

Obviously, there are simpler methods for local file transfer. See, for example, copyparty for lots of functionality. Windows Network mounts also work fine, the trick is to create a dedicated user account with a password for network login on a serving system (via net user), grant it access rights, and everything will magically work without any braindead guides about unearthing guest access.

OP, I know exactly what you're talking about.  It's a problem with the DHT and BitTorrent protocol itself.  The DHT is full of scraper bots now.

I have almost completed a solution to this.  It might not be ready for the next 3.39 release, but the one after that for sure.  I am hurrying things along as quick as I can.

Magnet links will be fully private, and the SHA-1 hash algorithm will be gone.  The specification will be posted to the bottom of https://tixati.com/specs/bittorrent  very soon.  It will be referred to as protocol version 3.1.

Just hang in there, it's almost done....

TXs for all the education by your responses, and big TXs @KH for the hope you are triggering!

PS: "Russian torrent client" was bad English. torrent client FROM Russia (apparently ..., by whois) is what I meant. Their IP is always present, in Wikipedia and OAM World Maps alike.
But now I understand how, and what I could do for now - if I wanted.
As the maps will be published anyway, I am not concerned re. those files. But I stumbled across that alien IP, when I definitely did not expect one (back then - now I know) at all.

Bots from 31.200.249.0/24 are just the most noticeable, there are many others which could only connect once momentarily to get torrent metadata when you weren't looking. They don't have your files, it's just fake data. Public DHT is open to the whole world because its job is to let anyone in the world find any peer they might need.

This is very true, BUT, with a little foresight they could have made a few minor adjustments to the design to prevent the current problems.

Lookups and announcements could have been done under a hash of the info hash.  This way, anyone scraping their own DHT DB for magnet links would be left high and dry.

With protocol v3.1 (specs will be posted soon), the DHT lookup/announce is made to a derivative of main identifying torrent info hash.  Also there's a zero-knowledge proof added to the peer handshake to stop anyone that might try to inject themselves into the DB and wait for incoming connections to read the info hash from the peer handshake.  I've also considered a man in the middle attack on this and keyed it to the encrypted peer connection's Diffie Hellman shared secret to prevent such leaks.

It's a relatively simple set of changes, and I'm rushing to include this in the next Tixati release.

Well, it appeared 20 years ago, when connection encryption was not even considered generally useful, and RC4 and MD5 were “good enough for regular public”. In a couple of years, some people using a funny way of processing texture data on 3D accelerators would show how fast could brute force be on common consumer hardware, and accidentally start the mess we're in today.

The SHA-1 usage couldn't be helped 20 years ago, but I don't know why they didn't do the double-hash for the DHT, at least to discourage the bots from getting the file infos.

It will be so nice when that problem is over!  I'm so tired of seeing unwanted visitors when I make a torrent.