alt.hn

1/11/2025 at 8:49:55 AM

PrivTracker – Private BitTorrent tracker for everyone

 https://privtracker.com/

by prvt

1/11/2025 at 4:16:46 PM

Worth noting if someone uses this to share private data: Checking the "Private torrent" would tell your and compliant clients to not use DHT and other public methods that can leak the content. But it doesn't stop other non-compliant clients from sharing it on the DHT once they have it, nor does it stop someone from just ticking "Enable DHT" on their side once they have received it (or change "private" to "false" in the torrent file itself).

Obvious to many I'm sure, but maybe best to be explicit about it anyways.

Slightly off-topic but kind of fitting: How does infohash v2 support look like today? It's been available for years, but seemingly most private trackers + most other places seems to still be using v1. What clients are people using today, do those support v2? As far as I know, all modern clients do, so it would be possible to start using v2 exclusively.

Reason for the question is that I'm planning to distribute many large files to the public, and in my experience, BitTorrent works really well for that. Question is if it's enough to just publish v2 infohashes, or I need to publish both v1 and v2.

by diggan

1/11/2025 at 5:26:33 PM

If you flip the "private" flag it would change the infohash of the torrent. The "private" flag is part of the info block in the torrent file's data. With an infohash mismatch between the two peers no download would happen.

Obviously after a non-compliant party to the transfer has fully downloaded the file(s) it can do whatever it wants with it afterwards… flip any flags and share via DHT, etc.

I recently shared some —more or less— private data to someone else via BitTorrent. We just used DHT for convenience. It took like 15 minutes for other random peers to pop into the transfer. All of those random peers just fetched the meta data. And indeed, a check on btdig confirmed the whole metadata (file names, file sizes, etc.) leaked. So there's a lot of DHT network scanning going on for sure. It was rather fascinating. No actual data was downloaded/leaked at least.

by binaryturtle

1/11/2025 at 7:42:46 PM

> So there's a lot of DHT network scanning going on for sure.

There is an entire category of free software whose purpose is to create an index of the DHT network. :) The idea is to allow users to find and search for torrents in a completely decentralised manner (i.e. without relying on any centralised trackers or search engines).[1] A good example is bitmagnet[0].

[0] https://bitmagnet.io/

[1] With the added benefit of greater resilience, as centralised "chokepoints" are often the primary and only targets of takedowns.

by boramalper

1/11/2025 at 7:35:40 PM

> So there's a lot of DHT network scanning going on for sure.

How else would btdig (and others) fill their index?

The standard solution is to compress what you're sending with 7zip, with a password.

> No actual data was downloaded/leaked at least.

I've had randos download the data before the intended recipient figured out how to open a port.

by pessimizer

1/12/2025 at 2:10:33 AM

IIUC you are basically saying that when you start giving a file to someone they can do whatever to the file but does it mean they have to create another torrent or can they keep using the already existing sharing network of peers ?

by cassepipe

1/12/2025 at 2:25:44 AM

I'm the author of https://github.com/anacrolix/torrent and added v2 support a while back.

The short answer is: You just publish as v1 infohash as if nothing is different, but the info contains extra stuff for v2 supporting clients. v1 clients will still work, it's backwards compatible.

So generate your torrent files as hybrid v1/v2, then just do everything else like you always have. Pretend v2 isn't a thing.

v2 clients know how to tap into both swarms and will take advantage of improvements when applicable. It's very well designed.

by anacrolix

1/12/2025 at 3:09:59 AM

Thing is, I'm planning on just storing the infohash itself, as a reference (for a knowledge database essentially), not the torrent file, so wanted to use just one of them, and skip the other.

So if I do v1, why do v2? If I do v2, I'd like to skip v1. Ideally I'd do v2 (only) as it seems a heck more future-safe with sha256.

Edit: Actually, I think I see what you're saying. Create hybrid torrent that works with both, share the v1 infohash of that one, v2 clients will automatically take advantage of v2 from that if supported, sounds right?

by diggan

1/14/2025 at 4:08:37 AM

Yes. You only need the v1 info hash. The first thing a v2 client does with a v2 hash is derive the v1 hash from it anyway. In fact it can't connect to v1 clients until it's done this so prefer v1 unless you have good reason.

by anacrolix

1/11/2025 at 8:59:29 PM

If it’s intended to be private, you can always encrypt, then torrent. You can probably be more tight-fisted about who gets to decrypt.

by teeray

1/11/2025 at 10:04:35 PM

[dead]

by throawayonthe

1/11/2025 at 3:03:23 PM

Love this. I continue to believe Torrenting is the best way to share files, particularly big files, rather than uploading them to some cloud instance with questionable privacy policies…

by frizlab

1/11/2025 at 8:10:39 PM

I used the pipeline

   tar | gpg --symmetric | torrent
to transfer a 4GB collection of photos to a (technically skilled) friend on a slow mobile connection and it worked quite well. I could shut off my computer and it would resume the transfer the next day as if nothing happened.

by zaik

1/11/2025 at 6:52:42 PM

Except when there's no seeds. Usenet seems to have solved this many moons ago.

by ranger_danger

1/11/2025 at 8:04:34 PM

And now with the added bonus that apparently anything goes, as long as you just say you're downloading training data...

by dncosta

1/11/2025 at 3:20:33 PM

Is there a self-hostable BitTorrent tracker that can run with Docker? I know there's an option on qBittorrent but I don't want my server to run a full BitTorrent client; just the tracker.

by Pooge

1/11/2025 at 4:47:18 PM

What features are you looking for specifically? If you just want like a really basic index, hosting a JSON file with a object where the key is the infohash and the value is the metadata is a really simple approach :)

by diggan

1/11/2025 at 5:43:14 PM

No specific feature whatsoever. I basically want anybody that puts <my_bittorrent_tracker_uri> into their torrent tracker list to be able to connect.

That will help me to stop relying on known and popular public trackers[1] in order to share files.

[1]: https://github.com/ngosang/trackerslist

by Pooge

1/11/2025 at 4:03:43 PM

sqtracker https://github.com/tdjsnelling/sqtracker

by haunter

1/11/2025 at 4:07:27 PM

I've heard of this, but I don't mind anyone with the tracker URI to be able to connect to it. sqtracker is a full-blown system to run a private tracker with user and ratio management, which is overkill in my case.

Others might find the link useful, though!

by Pooge

1/14/2025 at 4:45:44 PM

Yes, this one :)

It's automatically pushed to docker hub.

  docker run -it --rm meehow/privtracker

by meehow

1/11/2025 at 5:31:04 PM

Do people still use Ocelot? I have no idea.

by loeg

1/11/2025 at 3:23:56 PM

P2P is such an underrated tech

by franczesko

1/11/2025 at 5:40:49 PM

It was never underrated, just too useful. Every time someone invents an actually effective method of person-to-person file transfer, it gets used for piracy and blocked and shunned.

by teddyh

1/12/2025 at 2:28:21 AM

This. I've been working in P2P for 13 years. It's mostly a solved problem. All the new tech and noise are unnecessary. People think improving the tech will cause adoption but it's not the case. P2P remains fringe because it is hard to control and monitor. The friction is social not technical.

by anacrolix

1/11/2025 at 8:47:41 PM

It exists on a knife's edge: incredibly useful and powerful to those who are in the know, but obscure enough to avoid heavy handed efforts to obliterate it.

I sometimes wonder how LLMs will impact this. They're much better at surfacing this kind of arcane knowledge than traditional search engines, and that risks increasing accessibility.

If accessibility gets too high, the ISPs could respond against it.

by JeremyNT

1/11/2025 at 7:24:50 PM

That and it's hard/impossible to monetize, so big corps and VCs are not interested

by axelthegerman

1/11/2025 at 9:44:43 PM

It's hard to monetize at VC scale, but that doesn't stop small-scale pirates and gray area business to use and make a living out of it.

E.g, in Brazil, Greece and (if you know where to look) even here in Berlin, it is not that difficult to find set top boxes that come with Kodi pre configured with a private tracker and some custom frontend to download movies and shows on demand. In Brazil you buy the box and you pay something like R$200 ($35) per year.

by rglullis

1/12/2025 at 8:38:33 PM

IPFS is very much VC funded

by zaik

1/11/2025 at 8:30:40 PM

Does a private tracker provide any meaningful security if I'm already encrypting the contents of the torrent?

by loganhood

1/11/2025 at 8:56:46 PM

The tracker is just there to help you connect to peers. I wonder if somebody connected to the tracker could know all the torrents that are being shared. But probably not.

by Pooge

1/12/2025 at 2:29:37 AM

Only if you avoid connecting to the DHT, and public users not on the private tracker. It's a niche usage and not really that well supported.

by anacrolix

1/11/2025 at 3:39:39 PM

Remember to disable the dht if you use this.

by beardog

1/11/2025 at 3:55:28 PM

Unneeded; checking "Private torrent" when creating a torrent means that it won't connect you to the DHT.

by Pooge

1/11/2025 at 3:22:59 PM

For the less technically inclined folks that don't trust this hosted service or can't host their own it's probably simpler to just use a seedbox if you need to access torrented files from multiple locations or you want to share them with others.

by cbg0

1/11/2025 at 3:49:40 PM

This is not what this project is about. You either need a tracker or register to DHT in order to connect to peers. Having a seedbox has nothing to do with that; you'd still either of those for your friends to connect to you and download your files.

by Pooge

1/12/2025 at 4:41:39 PM

You can add peers manually with IP addresses.

by ranger_danger