Ask HN: I've Built a DHT Torrent Sniffer and Search Engine. Should I Release?
Recently I was researching about DHTs and developed a DHT Sniffer in Go which connects to some known DHT Routers and sniffs all the annoucements.
I've quickly added ZincSearch and it is now basically a search engine which can search for hashes, name or files contained in the torrents. It is able to index around 5-10k annoucements per second, so the index grows quite fast.
Now, I am thinking about releasing it as open-source for others to study, but not sure if I should, because it might be used for "evil".
104 comments
[ 3.7 ms ] story [ 210 ms ] threadIf you think your software would be of more use to "evil" than not, then don't release it widely.
There's the next part, law companies specializing in "Here's the letter you have to send to say you agree to pay them without admitting guilt, that'll be € please!".
AGPL fixes this - it recognizes SaaS web applications too as a "distribution" of GPL software. So if a source code is licensed under AGPL, anyone who uses it to create web applications and makes it available to the public is now also legally obliged to provide the complete source code if any user requests for it. (And ofcourse, as with GPL the user is free to use the source code as they want, freedom to improve it, and even start competing SaaS services).
That is why the AGPL is currently the best GNU license to ensure that your open source code always remains open source.
Ofcourse, if somebody wants to be dishonest and unethical, they can violate these terms to hide the fact that they are using AGPL code in their SaaS application. There's not much you can do about it in such cases. But if anyone (like current or former employee) leaks this info to the public, they can face legal trouble and bad PR in the future as it would be akin to using pirated software.
You are still free to make private changes to AGPL code and run it for yourself (or your company).
Would be kinda dumb for them to violate a license agreement (AGPL) while hunting for license violations.
They would therefore have to disclose any modifications they made to an AGPL software, therefore giving insights how they hunt, therefore allow for better countermeasures.
Don't be naive about lawyers, they are aware what AGPL means.
That's just not what the license says.
I totally agree, unroll it!
While the file sharing is distributed, the centralised web-based indexing is still a game of whack-a-mole.
And sibling comments show there is a community of folks doing this.
People also do it to Tor’s DHT too for discovering hidden services: https://donncha.is/2013/05/trawling-tor-hidden-services/
You can’t really stop open source tech like this from existing by choosing to not open source your implementation. You just end up staying out of the conversation yourself. The community will still build it if there is a desire for it.
The other is a publicly accessible website that got a kit of public attention because it could easily be used by anyone including novices to pirate content.
TPB (and other trackers) are essentially forums.
Go for it and open-source it.
[1]: https://iknowwhatyoudownload.com/
I just read some interesting proposals in the GH issues and recognized your username. This is some nice piece of work - will definitely return to read more about the underlying concepts.
We are working in a similar area with similar problems: Building a new Tor/VPN-like privacy network. See https://safing.io/spn/
> Tribler is a research project of Delft University of Technology
> Work on Tribler has been supported by multiple Internet research European grants. In total we received 3,538,609 Euro in funding for our open source self-organising systems research. Roughly 10 to 15 scientists and engineers work on it full-time. Our ambition is to make darknet technology, security and privacy the default for all Internet users.
> Vision & Mission ... "Push the boundaries of self-organising systems, robust reputation systems and craft collaborative systems with millions of active participants under continuous attack from spammers and other adversarial entities."
On what basis do you assume he/she has not succeeded without even having seen their work?
But with government funding?
If you're worried about blowback as a result of "evil" uses / users, is there a way to release it (somewhat) anonymously, so it's difficult to be traced back to you?
If you want to build an indexer you should write a normal implementation and then use http://bittorrent.org/beps/bep_0051.html
https://news.ycombinator.com/item?id=14022107
https://github.com/boramalper/magnetico
If someone can manage to make a decentralized forum-like moderation list, then we wouldn't have any use for centralized trackers anymore.
I think it could probably be done by using public GPG keys as identities, then keeping changes in a torrent-distributed git repo where user-generated data is saved in GPG signed git commits.
Then the only centralization left would be what branch/torrent people introduce to new users.
Congratulations, you won some HN bingo squares by introducing both PKI and blockchain to the discussion :-D
But, in all seriousness: moderation against what?
For curation. For categorization and deduplication. And for trust.
You can only express so much with titles and seed/leech counts. Trackers that were known to be the best - like What.CD and waffles.fm - were private and heavily moderated. You had to be invited, usually by passing a quick interview to prove you knew how to avoid common data management pitfalls like transcoding from a lossy codec. That made those trackers into carefully curated collections of high quality content.
Even public trackers benefit from some moderation. Most people only want to be browsing porn intentionally, so having a category for it let's you browse for movies or whatever. It's all about sorting the noise into signal.
It's also helpful to have some commentary on a torrent. Maybe the subtitles are forced. Maybe the software has a virus or includes adware, but ended up getting a critical mass of seeds/leeches anyway. Maybe there is some similar content worth talking about.
Have you ever used a public decentralized platform that wasn't full of trolls? I haven't.
So we finally invented emule?
Centralized servers that provide selection, moderation, quality control, information, imdb score etc, is exactly why bittorrent protocol won against all the decentralised protocols.
That can be useful, but it isn't the moderation I was thinking of. See my reply to the sibling comment.
Someone else did this a while back, universe continues to exist.
Nothing evil about being a modern archivist/librarian, despite what big companies would tell you.
[0] https://github.com/urbanguacamole/torrent-paradise
[1] https://cloudflare-ipfs.com/ipfs/QmQjsKamNFZRvCMXDvZXQmRYjsm...
But only the "about" page remains up, right? Because both https://cloudflare-ipfs.com/ipns/torrent-paradise.ml and https://cloudflare-ipfs.com/ipns/12D3KooWB3GY1u6zMLqnf3MJ8zh... show a command-line(!) error
If my mental model of IPFS is correct, it means no one is seeding the underlying IPFS ... CIDs? ... that those links point to