Why wouldn't it be? You're not actually hosting a tracker in this case, only looking at incoming connections. And even if you do run a tracker, hard to make the case that the tracker itself is illega. Hosting something like opentrackr is like hosting a search engine, how they respond to legal takedown requests is where the crux is at, and whatever infra sits around the tracker, so police and courts can see/assume the intent. But trackers are pretty stupid coordination server software, would be crazy if they became illegal.
jekwoooooe · 4h ago
Is this legal isn’t a useful question. The better question is how likely are you to get sued? With civil lawsuits it doesn’t matter if it’s legal you can be sued and harassed by lawyers if you get on their radar.
legohead · 4h ago
No need to sue. Send a cease and desist and your average hacker like OP will take it down in a hurry...
daneel_w · 4m ago
In this case not even a cease-and-desist was needed. Just seeing 1.7M peers crying out in the void for company was enough. Living in a country overly friendly with Hollywood and its money, I do understand him.
bilekas · 2h ago
I’m not sure if that’s true actually, you might get a takedown notice, but to sue, and maybe I’m wrong but you have to claim damages, all op has to do is not announce out?
IE he can see the peer pool but they don’t announce the peer list.
dymk · 1h ago
The RIAA doesn't have to sue to make OP's life miserable. They have enough lawyers on the payroll to drown him in perfectly legal demand letters. Go one step further and assume the demand letters are harassment - what's OP going to do, sue the RIAA?
gpm · 3h ago
Because knowingly helping people commit crimes generally counts the same as committing the crime yourself. I.e. federally in the U.S. under 18 USC 2a https://www.law.cornell.edu/uscode/text/18/2 The software you're running being "simple" isn't a defence for doing illegal things with it - like aiding others commit crimes.
There are a few internet/copyright safe harbor provisions (in the US) that might maybe (probably not) make it not a crime, I don't know, I'm not a lawyer. But your general thought when you hear "helping someone else commit a crime" ought to be "that's probably a crime itself".
rockskon · 3h ago
Wouldn't particular knowledge be required? I'm sure Google devs know in the abstract that Google search is used by criminals to help them in committing crimes, but that clearly is not illegal in and of itself.
gpm · 3h ago
There's definitely a mens rea requirement here, that you know that a crime is being committed and that you intend to facilitate it. I doubt it requires particularized knowledge that "this specific request" is for a crime... I'm still not a lawyer.
Running a service primarily for legal purposes that some criminals can take advantage of is pretty different with regards to intent than reviving an old domain name that you know is primarily used by old illegal torrents as a tracker.
> Finally, the possible liability for an “incidental facilitator” – such as a firearms dealer who knows that some customers will use their purchases for crime – is noted but not resolved. Thus, thankfully, there is still some fertile ground for hypotheticals with which we practicing law professors can bedevil our students.
drob518 · 2h ago
IANAL, but I would think you’d also have to have specific mens rea. That is, it’s not illegal to use a torrent or facilitate a torrent, because it’s just a protocol that can be used for good or bad. If you were hosting movies and songs, whatever the protocol, that’s when you’re specifically engaging in piracy. It’s sort of like driving a car isn’t illegal, but being the getaway driver for a bank robbery is, even if you never enter the bank. The car isn’t the problem, it’s what you are using it for. It’s also not illegal to sell a car to a bank robber, even if that’s a possibility, unless you reasonably believe that the particular person you were selling it to is a bank robber and will be using it to commit a crime. The mere fact that somebody could use your tracker for piracy doesn’t loop you into the conspiracy unless you specifically know that they are committing piracy. This is why the telecom companies all have carve outs for this sort of thing. Carrying packets or voice traffic of someone planning a crime doesn’t loop the telecom company into the conspiracy.
gpm · 2h ago
I'm not saying it's illegal to "run a torrent tracker". When Blizzard use to (pre 2015) update Starcraft via torrent I assume they ran their own tracker for that, and that was totally legal. Even if there was some way for a pirate to take advantage of the Blizzard tracker.
Here it's not the "mere fact that somebody could use your tracker for piracy". It's that you're literally observing that a bunch of old mostly-piracy torrents are pointing at this domain, and then deciding to turn this domain back into a service which assists in that piracy.
KomoD · 2h ago
> It's that you're literally observing that a bunch of old mostly-piracy torrents are pointing at this domain, and then deciding to turn this domain back into a service which assists in that piracy.
He doesn't know if they're mostly piracy or not, all he sees is a hash and the peers.
gpm · 35m ago
He did not choose the domain name by chance. He chose it because he observed it was previously in use as a tracker for copyright infringing torrents.
The police/courts/jury is not obliged to put blinders on just because you would prefer if they did.
The mere fact that the domain name was previously used for this is almost certainly probable cause to get search warrants that will almost certainly provide the requisite proof beyond a reasonable doubt that he has in fact intentionally both committed himself, and aided others in committing (because he knew what the domain name was, or at least recognized it as similar to demonoid and could guess), copyright infringement. And that's without the blog post... (which I assume in the hypothetical where he chose to keep running this he would not have posted).
drob518 · 1h ago
Exactly.
rvnx · 3h ago
Well Google has knowledge about it, but once you reach a certain scale you become safe (e.g. OpenAI with copyright infringment)
awesome_dude · 2h ago
IANAL, but I would think that Google's customers are overwhelmingly using the service for "legitimate" activities, and Google makes attempts to limit use of their tools in the commission of a crime.
It's kind of like Kim Dotcom's defence of his systems where he was saying that he was making attempts to remove content from his systems in compliance with DCMA requests. That is, the claim is his systems were legal because even though people were using them for illegitimate purposes, he was actively working to prevent that from happening.
diggan · 3h ago
> knowingly helping people commit crimes generally
Right, that makes sense. Is running a tracker "knowingly helping people commit crimes"? I feel like that's a huge jump, there is a wide range of content coordinated by trackers and the DHT.
gpm · 3h ago
It's not like he just started a random new torrent tracker... he took over an old domain that was previously in use by people pirating stuff after observing that torrents were still pointing to the tracker and ran a tracker on that domain. That's a pretty direct line to "he knew this would be used for copyright infringement".
senko · 3h ago
But the OP states he was using the tracker for lawful purposes:
> So I was, uh, downloading some linux isos, like usual.
Nothing to see here, move along.
Seriously though, the OP makes the same argument and concludes that:
> I was spooked. [...] I shut down the VPS and deleted the domain quickly after confirming it works.
IANAL but this clearly shows the OP didn't intend to facilitate crime and shut it down after seeing that was what may have been happening.
gpm · 2h ago
I, and I think OP, were both addressing the hypothetical in which he continued to run the service, not the reality where he quickly shut it down.
> But the OP states he was using the tracker for lawful purposes:
That quote is a confession that he was committing copyright infringement. Courts and juries and not obliged to ignore the ", uh," part.
Probably (in the very unlikely event where he is charged) the best defence would be "this was a joke" not "I didn't literally confess to committing copyright infringement". Even then I'm pretty sure this quote would weigh against him substantially in just about any jury's mind.
senko · 2h ago
> That quote is a confession that he was committing copyright infringement.
I know, "linux ISOs" has always been a joke "rationale" :)
I do think we're in agreement.
KomoD · 2h ago
(IANAL) It can be both legal and illegal
If you don't respond to takedowns, that's probably leaning towards being illegal*
If you respond to takedowns and blacklist the hashes, you're most likely fine*
*obviously depends on the jurisdiction and on whether matching hashes to IP:PORT is considered distribution/facilitation/whatever (take TPB's case as an example)
I know someone who ran a pretty large tracker for years, when he received a takedown he just blacklisted the hashes and he's been fine so far.
leijurv · 3h ago
OP did actually host a tracker.
"I then started the tracker. After about an hour, it peaked at about 1.7 million distinct torrents across 3.1 million peers!"
numpad0 · 2h ago
Because music & movie industries hate P2P in general? That basically killed P2P dead in 2000s as it was becoming the next generation of decentralized Web.
Maybe it's about time to revisit it? It's just the matter of how to enforce DRM. They shouldn't care in this day and age with plenty ways to get licensing sorted out.
jedberg · 4h ago
Do you think the police understand this nuance? Especially since most of the traffic that will go through there is probably copyright infringement?
They'll just see tracker and assume it's illegal.
SXX · 3h ago
> Especially since most of the traffic that will go through there is probably copyright infringement?
Copyright infinging materials dont go "though" trackers. Trackers only keep torrent hashes and lists of peers.
jeroenhd · 1h ago
So do torrent websites like the pirate bay. That doesn't protect pirates from getting sued to hell and back or even receiving prison sentences from the court.
jedberg · 47m ago
I'm well aware of how trackers and torrents work. But again, do you think law enforcement understands the nuance of that?
Also the government and private companies have argued in the past that the hashes and lists of peers is inducement and enablement for copyright infringement.
hungryhobbit · 4h ago
Do you think the police are actually policing the internet?
Even if you didn't mean your local police, and meant a national body like the FBI, the truth is they focus on other crimes (eg. child abuse), and even then they are woefully unable to handle even most of those crimes.
The vast, vast majority of copyright enforcement comes from copyright holders ... not the internet copyright police.
jedberg · 4h ago
Of course not. But first a copyright holder tells the police, and then the police enforce it.
The police rarely find crimes on their own -- they are almost always acting on a request from someone else.
nneonneo · 3h ago
Now I'm wondering: with the wide range of bittorrent clients out there, and the fact that many are written in unsafe languages, could it be possible for some of them to be exploited through a malicious tracker? It would not surprise me if some of these clients misbehave if fed malformed data from a tracker.
treyd · 46m ago
Most torrent clients that people use (though not all) are actually wrappers around libtorrent, which is very well tested and has even been audited.
asa400 · 1h ago
I've written hobby-quality clients and I think the answer is yes. First, you're dealing with input from a server you don't control, and second, you're doing quite a bit of interaction with the filesystem. It's hard enough to write a functional client in a memory safe language, getting it correct in C or C++ is bound to be pretty tough.
fshafique · 1h ago
That's what I was hoping the author would explore.
jldugger · 2h ago
In other words, you can DDoS any ip for the cost of registering a domain and publishing a specific DNS record.
daneel_w · 1m ago
Common clients' announce interval is pretty long (usually 30 minutes). Then again, 3M peers makes for some volume...
57473m3n7Fur7h3 · 1h ago
Is it really going to be all that bad?
The BitTorrent clients I’ve used all seemed pretty polite, backing off for like 60s at least for each tracker they can’t connect to.
If you buy one of the dead tracker domains and point it at an IP of someone else, but their services aren’t even listening on the port client wants to connect to (and don’t speak BitTorrent even if the port happened to coincide), I can’t imagine that even with a million BitTorrent clients wanting to connect it would really be all that much of a problem.
Scoundreller · 48m ago
Could one just register one of these domains and point it at another active torrent tracker?
Did OP cause millions of unfinished torrents to finally connect to a peer and complete or is it likely they were already talking to “live” tracker anyway unless they were really unlucky?
My first thought is, how many BitTorrent clients have vulnerable parsing code?
Could a malicious actor register the domain and infect clients?
EvanAnderson · 1h ago
I'm thinking of the Jon Evans novel "Invisible Armies" and the "bug" / backdoor in the P2P software that it's author users to pwm machines.
SSLy · 2h ago
utorrent v2.1 is still widely used by too many people, and it certainly is exploitable.
jauntywundrkind · 3h ago
I actually ran a very-short-lived private use tracker briefly, for some exploration doing p2p watch partying. But it was a toy, never got serious enough to look deeper at how the tracker worked (was using the rust Aquatic tracker, which kindly added webtorrent support on request! https://github.com/greatest-ape/aquatic )
Does the tracker know what it's tracking? Is there any attempt to make the tracker unaware of what peer rendezvous it's doing?
My gut is that it seems some kind of hash/magnet that folks are asking to peers on. And that the magnet itself is sufficient, and doesn't have to include anything identifying (although I believe many magnet links included some human readable description). The tracker could likely try to download this hash from the peer itself, to get the torrent info, but wouldn't really know what the torrent is or what's in it without doing the download itself.
Does that check out? How much of the magnet link is key to rendezvous? Could a tracker ignore human friendly fields, block them at ingress, to shield it's eyes?
qingcharles · 18m ago
The tracker knows what it is tracking. I used to run a TV show tracker. It would keep track of all the users upload/download ratios.
Scoundreller · 38m ago
Is there a chance if someone bought suprnova’s domain (if available), which closed in 2004, someone could finish their download if a seed were still active? Does it matter if this was pre-DHT, or does DHT go historical to cover old stuff?
parliament32 · 31m ago
Yes DHT is "historical", in the sense that it doesn't care about when your torrent was created, just the infohash.
However, most torrents created for private trackers have the "private" flag enabled, which excludes them from DHT and PEX and a few other things. You can remove this flag yourself, but you're depending on a seeder doing the same for DHT to work.
nneonneo · 29m ago
DHT works as long as the client is configured to use it, so if that old seed upgraded their client they might end up automatically sharing the metadata over DHT.
qingcharles · 19m ago
Yes, this should work, in theory.
jedberg · 4h ago
This is like when cloudflare picked up the IP address 1.1.1.1. They saw a ton of traffic to it as soon as it went hot, because a bunch of people had scripts pointing at it.
waymon · 11m ago
How did they get that address?
jedberg · 5m ago
“ APNIC's research group held the IP addresses 1.1.1.1 and 1.0.0.1. While the addresses were valid, so many people had entered them into various random systems that they were continuously overwhelmed by a flood of garbage traffic. APNIC wanted to study this garbage traffic but any time they'd tried to announce the IPs, the flood would overwhelm any conventional network.”
That's easy. Register the domain in Russia, China, Iran, or similar country. Run the website in Alibaba.
Let them attempt to send legal toilet paper to Russia or China. I'm sure that will end well.
aidenn0 · 3h ago
IANAL, but my understanding is that running a content-neutral tracker is legal in the US.
In other jurisdictions it most certainly is not, and the VPS maybe in a different jurisdiction and the .si TLD definitely is.
trinix912 · 31m ago
There used to be a large public tracker running on .si, used widely in Slovenia where .si is from. Almost everyone who's been online in the last 20 years in Slovenia knows of or has used it. It also didn't disappear because of legal notices.
I think there have probably been more. There are definitely more that had civil suits with MPAA etc suing for damages.
It may be somewhat harder to make the case in the US, but a tracker where a great majority of what's listed is copyrighted, I'm pretty sure it can be shut down in the US.
NoMoreNicksLeft · 1h ago
Was that the actual tracker and tracker only, or was there a web front end that hosted all the torrent files and forums and so forth? Because the latter will make you a big target.
God I miss rarbg. And KAT.
lossolo · 1h ago
I remember the day they shut down ET. It was because they released some major blockbuster movie before its premiere.
ZYbCRq22HbJ2y7 · 3h ago
VPS is from https://cockbox.org/ (as referenced in the article), which says it is based in Moldova?
iaaan · 2h ago
I wonder if there are any known vulnerabilities in various torrent clients' handling of tracker responses, e.g. buffer overflows. One could potentially amass a pretty large botnet.
rickcarlino · 1h ago
Why didn’t they use a protocol like Gnutella to serve as a non-centralized tracker? Or did they?
zaik · 3h ago
I wonder how many anti-torrent groups are doing this covertly.
sweeter · 3h ago
Definitely a few. Media companies often send out infringement notices to ISPs to be forwarded to the user and I would guess this is how they get those IPs
mdaniel · 3h ago
My understanding is that mere swarm membership is sufficient, no need to host anything
That's my understanding of why private trackers ban folks who upload private .torrent files to public trackers because the infohash is a rendezvous point of private and public consumers via DHT
accrual · 2h ago
It's kind of like walking into a room of people with full or partial copies of a copyrighted pie, but there's one person in the corner (the copyright holder or someone on their behalf) taking notes of everyone who comes and asks for a slice.
huh, weirdly it has stuff I did download and stuff I didn't download within minutes of each other ... should I be worried?
lossolo · 1h ago
Stop using DHT and/or public trackers and you will be safe. They scan public trackers and the DHT network.
NoMoreNicksLeft · 1h ago
>Stop using DHT and/or public trackers a
Public trackers are the only trackers most of us can reasonably use. He should get a VPN.
edm0nd · 21m ago
private trackers and warez groups are the plentiful (IPTorrents, Speed, etc) if you are a good seeder and can maintain good ratios. anyone using a public tracker in 2025 deserves anything their ISP catches them doing imo.
public trackers and torrent sites are also just 90% malware and RATs.
heraldgeezer · 1h ago
Use a VPN? Like a public one. Mullvad recommended.
lucascacho · 4h ago
Seems like the perfect opportunity for a FBI honeypot
jasonjayr · 4h ago
Isn't that one of the first things they do when they identify + take down a site hosting CSAM?
Can you do this to create a database of torrents for a torrent search engine?
sweeter · 3h ago
You don't even have to go that far, you can just use torsniff. But be aware there is a lot of nsfw material and potentially illegal material for all I know.
prettyblocks · 3h ago
Not a lawyer, but I think intent is a big part of legality and I hope that doing something like this for research purposes should be relatively safe.
yeah turns out Dynadot enforces a 7 day wait on deleting the domain and it's only been 6 days. should be free for registration on June 18 (i assume in 3 hrs if they mean UTC)
almosthere · 1h ago
Dead Internet theory
sergiotapia · 1h ago
Bittorrent is such a beautiful technology, solves a real problem easily, and helps many many people. It's a shame it's been stifled so much by lawyers.
nektro · 1h ago
why did you shut it down?
fine_tune · 4h ago
You bought a house that had a murder X years ago and are wondering if your guilty for the murder, probably not - aslong as you don't do more murder in it.
I suppose real life is more interesting though, the guy who picked up the domain to stop the global ransomware crisis was picked up after Defcon if memory serves.
Ironically your probably at more risk from the GDPR for leaking those IP addresses that connected to the box via your blog post.
I'm not a lawyer/solicitor though, don't take my advise.
markasoftware · 3h ago
the guy (marcus hutchins) wasn't arrested for registering that domain, he was arrested for allegedly creating an unrelated piece of malware.
KomoD · 3h ago
> I suppose real life is more interesting though, the guy who picked up the domain to stop the global ransomware crisis was picked up after Defcon if memory serves
That dude developed and sold banking malware, that's why he got arrested.
zht · 4h ago
I think it's more like you buy an abandoned house where people used to go buy drugs
you buy the house and people are still coming knocking on your door asking you if you have any drugs to sell
you're not doing anything wrong, but if the police notice people constantly coming to your house to buy drugs they may do something about it
rvnx · 3h ago
Other perspective: It's more like you reopen a public place where people were known to publicly harm copyright owners and you provide technical help so they can do it again.
gpm · 3h ago
This guy didn't just buy the haunted house that previously had signs directing serial killers to where the victims are, he also reinstalled the signs and opened it back up to the public knowing that the serial killers were still around and reading the signs.
I mean, it's a bit absurd to compare copyright infringement to murder, but that's where your analogy started. He didn't just by the domain and do something innocent, he actually started running the software that helps people pirate things strongly suspecting that pirates would use it to help them pirate things... and then when he observed that was reality he (smartly IMO) shut it down.
ivanjermakov · 3h ago
I think some commenters here missed the point.
Of course hosting a tracker is legal, but what about "hijacking" inactive resource?
ascendantlogic · 3h ago
The word "hijacking" in this scenario would only be applicable if the domain was still registered and active and he forcefully took the domain away. That is not the case. The fact OP was able to register it quickly and easily indicates it was unused and to call this "hijhacking" would imply permanent ownership of domains even after previous owners knowingly let the registration lapse.
The legality of hosting a tracker isn't obvious, and as pointed out elsewhere the nuance is less about concrete legality and more about having the resources to deal with lawyers harassing you with lawsuits.
xyst · 3h ago
Not illegal. But most people without resources to fight off the thinly veiled, strongly worded legal letters would probably fold under this light pressure.
Interesting, but I suppose it’s not surprising to see clients still holding references to old/defunct trackers. Those peers this person discovered once the tracker was resurrected are more than likely to be seed boxes. Maybe a few real clients if they found an old .torrent link and have left it open.
Thanks to DHT (trackerless peering), trackers have become mostly defunct.
waynesonfire · 2h ago
wow, brilliant.
jmyeet · 2h ago
I have a theory that BitTorrent is used as a command and control mechanism for botnets.
We've seen various methods of botnet and malware control like rotating domain names that were successfully reverse engineered and used to trigger a kill switch for WannaCry, famously [1].
BitTorrent is known to be resilient, particularly if you use multiple trackers, proxies, etc that are all built into the infrastructure.
Why wouldn't it be? You're not actually hosting a tracker in this case, only looking at incoming connections. And even if you do run a tracker, hard to make the case that the tracker itself is illega. Hosting something like opentrackr is like hosting a search engine, how they respond to legal takedown requests is where the crux is at, and whatever infra sits around the tracker, so police and courts can see/assume the intent. But trackers are pretty stupid coordination server software, would be crazy if they became illegal.
IE he can see the peer pool but they don’t announce the peer list.
There are a few internet/copyright safe harbor provisions (in the US) that might maybe (probably not) make it not a crime, I don't know, I'm not a lawyer. But your general thought when you hear "helping someone else commit a crime" ought to be "that's probably a crime itself".
Running a service primarily for legal purposes that some criminals can take advantage of is pretty different with regards to intent than reviving an old domain name that you know is primarily used by old illegal torrents as a tracker.
I spent a few minutes googling, and it seems like that at least as of a decade ago the exact bounds here weren't well defined: https://www.scotusblog.com/2014/03/opinion-analysis-justice-...
> Finally, the possible liability for an “incidental facilitator” – such as a firearms dealer who knows that some customers will use their purchases for crime – is noted but not resolved. Thus, thankfully, there is still some fertile ground for hypotheticals with which we practicing law professors can bedevil our students.
Here it's not the "mere fact that somebody could use your tracker for piracy". It's that you're literally observing that a bunch of old mostly-piracy torrents are pointing at this domain, and then deciding to turn this domain back into a service which assists in that piracy.
He doesn't know if they're mostly piracy or not, all he sees is a hash and the peers.
The police/courts/jury is not obliged to put blinders on just because you would prefer if they did.
The mere fact that the domain name was previously used for this is almost certainly probable cause to get search warrants that will almost certainly provide the requisite proof beyond a reasonable doubt that he has in fact intentionally both committed himself, and aided others in committing (because he knew what the domain name was, or at least recognized it as similar to demonoid and could guess), copyright infringement. And that's without the blog post... (which I assume in the hypothetical where he chose to keep running this he would not have posted).
It's kind of like Kim Dotcom's defence of his systems where he was saying that he was making attempts to remove content from his systems in compliance with DCMA requests. That is, the claim is his systems were legal because even though people were using them for illegitimate purposes, he was actively working to prevent that from happening.
Right, that makes sense. Is running a tracker "knowingly helping people commit crimes"? I feel like that's a huge jump, there is a wide range of content coordinated by trackers and the DHT.
> So I was, uh, downloading some linux isos, like usual.
Nothing to see here, move along.
Seriously though, the OP makes the same argument and concludes that:
> I was spooked. [...] I shut down the VPS and deleted the domain quickly after confirming it works.
IANAL but this clearly shows the OP didn't intend to facilitate crime and shut it down after seeing that was what may have been happening.
> But the OP states he was using the tracker for lawful purposes:
That quote is a confession that he was committing copyright infringement. Courts and juries and not obliged to ignore the ", uh," part.
Probably (in the very unlikely event where he is charged) the best defence would be "this was a joke" not "I didn't literally confess to committing copyright infringement". Even then I'm pretty sure this quote would weigh against him substantially in just about any jury's mind.
I know, "linux ISOs" has always been a joke "rationale" :)
I do think we're in agreement.
If you don't respond to takedowns, that's probably leaning towards being illegal*
If you respond to takedowns and blacklist the hashes, you're most likely fine*
*obviously depends on the jurisdiction and on whether matching hashes to IP:PORT is considered distribution/facilitation/whatever (take TPB's case as an example)
I know someone who ran a pretty large tracker for years, when he received a takedown he just blacklisted the hashes and he's been fine so far.
"I then started the tracker. After about an hour, it peaked at about 1.7 million distinct torrents across 3.1 million peers!"
Maybe it's about time to revisit it? It's just the matter of how to enforce DRM. They shouldn't care in this day and age with plenty ways to get licensing sorted out.
They'll just see tracker and assume it's illegal.
Copyright infinging materials dont go "though" trackers. Trackers only keep torrent hashes and lists of peers.
Also the government and private companies have argued in the past that the hashes and lists of peers is inducement and enablement for copyright infringement.
Even if you didn't mean your local police, and meant a national body like the FBI, the truth is they focus on other crimes (eg. child abuse), and even then they are woefully unable to handle even most of those crimes.
The vast, vast majority of copyright enforcement comes from copyright holders ... not the internet copyright police.
The police rarely find crimes on their own -- they are almost always acting on a request from someone else.
The BitTorrent clients I’ve used all seemed pretty polite, backing off for like 60s at least for each tracker they can’t connect to.
If you buy one of the dead tracker domains and point it at an IP of someone else, but their services aren’t even listening on the port client wants to connect to (and don’t speak BitTorrent even if the port happened to coincide), I can’t imagine that even with a million BitTorrent clients wanting to connect it would really be all that much of a problem.
Did OP cause millions of unfinished torrents to finally connect to a peer and complete or is it likely they were already talking to “live” tracker anyway unless they were really unlucky?
Does the tracker know what it's tracking? Is there any attempt to make the tracker unaware of what peer rendezvous it's doing?
My gut is that it seems some kind of hash/magnet that folks are asking to peers on. And that the magnet itself is sufficient, and doesn't have to include anything identifying (although I believe many magnet links included some human readable description). The tracker could likely try to download this hash from the peer itself, to get the torrent info, but wouldn't really know what the torrent is or what's in it without doing the download itself.
Does that check out? How much of the magnet link is key to rendezvous? Could a tracker ignore human friendly fields, block them at ingress, to shield it's eyes?
However, most torrents created for private trackers have the "private" flag enabled, which excludes them from DHT and PEX and a few other things. You can remove this flag yourself, but you're depending on a seeder doing the same for DHT to work.
https://blog.cloudflare.com/announcing-1111/
Let them attempt to send legal toilet paper to Russia or China. I'm sure that will end well.
In other jurisdictions it most certainly is not, and the VPS maybe in a different jurisdiction and the .si TLD definitely is.
I think there have probably been more. There are definitely more that had civil suits with MPAA etc suing for damages.
It may be somewhat harder to make the case in the US, but a tracker where a great majority of what's listed is copyrighted, I'm pretty sure it can be shut down in the US.
God I miss rarbg. And KAT.
That's my understanding of why private trackers ban folks who upload private .torrent files to public trackers because the infohash is a rendezvous point of private and public consumers via DHT
Public trackers are the only trackers most of us can reasonably use. He should get a VPN.
public trackers and torrent sites are also just 90% malware and RATs.
https://torrentfreak.com/demonii-torrent-tracker-shuts-down-...
https://torrentfreak.com/mpaa-we-shut-down-ytsyify-and-popco...
[1]https://www.justice.gov/archives/opa/press-release/file/1507...
Not really? OP seems to want to sell it for $10000: https://www.dynadot.com/market/user-listings/demonii.si
I suppose real life is more interesting though, the guy who picked up the domain to stop the global ransomware crisis was picked up after Defcon if memory serves.
Ironically your probably at more risk from the GDPR for leaking those IP addresses that connected to the box via your blog post.
I'm not a lawyer/solicitor though, don't take my advise.
That dude developed and sold banking malware, that's why he got arrested.
you buy the house and people are still coming knocking on your door asking you if you have any drugs to sell
you're not doing anything wrong, but if the police notice people constantly coming to your house to buy drugs they may do something about it
I mean, it's a bit absurd to compare copyright infringement to murder, but that's where your analogy started. He didn't just by the domain and do something innocent, he actually started running the software that helps people pirate things strongly suspecting that pirates would use it to help them pirate things... and then when he observed that was reality he (smartly IMO) shut it down.
Of course hosting a tracker is legal, but what about "hijacking" inactive resource?
The legality of hosting a tracker isn't obvious, and as pointed out elsewhere the nuance is less about concrete legality and more about having the resources to deal with lawyers harassing you with lawsuits.
Interesting, but I suppose it’s not surprising to see clients still holding references to old/defunct trackers. Those peers this person discovered once the tracker was resurrected are more than likely to be seed boxes. Maybe a few real clients if they found an old .torrent link and have left it open.
Thanks to DHT (trackerless peering), trackers have become mostly defunct.
We've seen various methods of botnet and malware control like rotating domain names that were successfully reverse engineered and used to trigger a kill switch for WannaCry, famously [1].
BitTorrent is known to be resilient, particularly if you use multiple trackers, proxies, etc that are all built into the infrastructure.
[1]: https://www.wired.com/2017/05/accidental-kill-switch-slowed-...