'We offered Cloudflare's network to receive and study the garbage traffic in exchange for being able to offer a DNS resolver on the memorable IPs'
I suppose real life is more interesting though, the guy who picked up the domain to stop the global ransomware crisis was picked up after Defcon if memory serves.
Ironically your probably at more risk from the GDPR for leaking those IP addresses that connected to the box via your blog post.
I'm not a lawyer/solicitor though, don't take my advise.
you buy the house and people are still coming knocking on your door asking you if you have any drugs to sell
you're not doing anything wrong, but if the police notice people constantly coming to your house to buy drugs they may do something about it
I mean, it's a bit absurd to compare copyright infringement to murder, but that's where your analogy started. He didn't just by the domain and do something innocent, he actually started running the software that helps people pirate things strongly suspecting that pirates would use it to help them pirate things... and then when he observed that was reality he (smartly IMO) shut it down.
That dude developed and sold banking malware, that's why he got arrested.
In other jurisdictions it most certainly is not, and the VPS maybe in a different jurisdiction and the .si TLD definitely is.
I think there have probably been more. There are definitely more that had civil suits with MPAA etc suing for damages.
It may be somewhat harder to make the case in the US, but a tracker where a great majority of what's listed is copyrighted, I'm pretty sure it can be shut down in the US.
God I miss rarbg. And KAT.
A lot of these websites were "come here and pirate lots of shit," often had tools to make it easier to specifically search for infringing content, and would remove torrents that were not tagged correctly. In many cases some of the people running the sites were also seeding.
That makes it hard to argue "we're just passing packets"
I miss shit being worth torrenting. Maybe things have changed, maybe I grew up, but:
1. Most utility software you need is free, save for a few programs you can easily find on Russian torrents.
2. Most games and other media are slop.
Torrents didn't die because US law enforcement made them die. Torrents died because most companies realized that providing slop with ads and lootboxes for free is a much better business model than trying to get people to pay for something of quality.
Imagine trying to tell someone in year 2000 that Windows will natively display ads, EA will lose lawsuits related to FIFA being actual old-fashioned gambling, and music industry will push for AI-generated content. Yet somehow we accept this as completely normal in 2025. No wonder nobody ain't torrenting shit.
There is still plenty of quality stuff in 2025, and a lot of slop, just how it was 40 years ago.
Interesting, but I suppose it’s not surprising to see clients still holding references to old/defunct trackers. Those peers this person discovered once the tracker was resurrected are more than likely to be seed boxes. Maybe a few real clients if they found an old .torrent link and have left it open.
Thanks to DHT (trackerless peering), trackers have become mostly defunct.
That's my understanding of why private trackers ban folks who upload private .torrent files to public trackers because the infohash is a rendezvous point of private and public consumers via DHT
Public trackers are the only trackers most of us can reasonably use. He should get a VPN.
public trackers and torrent sites are also just 90% malware and RATs.
Or you could just use a VPN, which you probably should for private trackers too anyway.
Sure. It combines all the fun of pledge week with a fraternity with the wrong-headed attitudes that became part of the culture when ftp servers were the height of technology. And you just have to schedule an interview and learn the secret knock/handshake. Don't ever invite anyone, because if they're the wrong type, you get banned for their behavior too.
>public trackers and torrent sites are also just 90% malware and RATs.
It's an mkv file. Don't double click exes.
Edit: Nope I'm wrong, different type of hash it seems...
Thousands of DMCA requests. Full filenames. Over the course of a year they had apparently notified Comcast of thousands of alleged violations, and nothing more than an email ever came of it.
Impossible to know which roommate was allegedly torrenting files of course. Or perhaps people visiting using our wifi. Who knows!
Of course hosting a tracker is legal, but what about "hijacking" inactive resource?
The legality of hosting a tracker isn't obvious, and as pointed out elsewhere the nuance is less about concrete legality and more about having the resources to deal with lawyers harassing you with lawsuits.
Does the tracker know what it's tracking? Is there any attempt to make the tracker unaware of what peer rendezvous it's doing?
My gut is that it seems some kind of hash/magnet that folks are asking to peers on. And that the magnet itself is sufficient, and doesn't have to include anything identifying (although I believe many magnet links included some human readable description). The tracker could likely try to download this hash from the peer itself, to get the torrent info, but wouldn't really know what the torrent is or what's in it without doing the download itself.
Does that check out? How much of the magnet link is key to rendezvous? Could a tracker ignore human friendly fields, block them at ingress, to shield it's eyes?
On a public tracker the only way to identify a user is the IP address and that's not reliable.
[1]https://www.justice.gov/archives/opa/press-release/file/1507...
2. libtorrent-rakshasa (rTorrent) — https://packages.debian.org/sid/libtorrent-dev
What’s the third one?
The announcement related APIs are fairly easy to implement, but I wouldn't bet on it being implemented in a fuzzed testing environment. Transmission, for example, had multiple vulnerabilities over the years. Not sure about the other client implementations.
I had different experiences with different clients, so I guess it's work in progress on what a client does when the cache was poisoned.
Hashing algos are mostly SHA based ones that are used. No idea if someone managed to inject stuff and found collisions for SHA1 yet though. I know that there has been PoCs in the past for hash collisions of PDF files.
Context: [1] https://shattered.io/
The peer protocol (and variants, like uTP) are much more interesting to attack, and you don't need to host a tracker for that, you can just get peer IPs from trackers or DHT, connect, and do your magic.
https://torrentfreak.com/demonii-torrent-tracker-shuts-down-...
https://torrentfreak.com/mpaa-we-shut-down-ytsyify-and-popco...
We've seen various methods of botnet and malware control like rotating domain names that were successfully reverse engineered and used to trigger a kill switch for WannaCry, famously [1].
BitTorrent is known to be resilient, particularly if you use multiple trackers, proxies, etc that are all built into the infrastructure.
[1]: https://www.wired.com/2017/05/accidental-kill-switch-slowed-...
The BitTorrent clients I’ve used all seemed pretty polite, backing off for like 60s at least for each tracker they can’t connect to.
If you buy one of the dead tracker domains and point it at an IP of someone else, but their services aren’t even listening on the port client wants to connect to (and don’t speak BitTorrent even if the port happened to coincide), I can’t imagine that even with a million BitTorrent clients wanting to connect it would really be all that much of a problem.
Not really? OP seems to want to sell it for $10000: https://www.dynadot.com/market/user-listings/demonii.si
Let them attempt to send legal toilet paper to Russia or China. I'm sure that will end well.
You should tell the TOR folks about your findings, they can finally shutdown the darknet and just move their stuff to China.
https://thenib.com/mister-gotcha/
Dont feel too special. Gotcha!
However, most torrents created for private trackers have the "private" flag enabled, which excludes them from DHT and PEX and a few other things. You can remove this flag yourself, but you're depending on a seeder doing the same for DHT to work.
Lawsuits are civil and wont have all the power to find you in all way, compared to a criminal suit or intelligence agency
So the privacy vectors necessary are more limited
> it peaked at about 1.7 million distinct torrents across 3.1 million peers
Most people don't regularly prune their torrent library.
This was a typical fake entry in captive portals, or a temporary gateway.
They described (cannot find the blog post right now) the various traffic they were getting, across many services (default ports)
diggan•7mo ago
Why wouldn't it be? You're not actually hosting a tracker in this case, only looking at incoming connections. And even if you do run a tracker, hard to make the case that the tracker itself is illega. Hosting something like opentrackr is like hosting a search engine, how they respond to legal takedown requests is where the crux is at, and whatever infra sits around the tracker, so police and courts can see/assume the intent. But trackers are pretty stupid coordination server software, would be crazy if they became illegal.
jekwoooooe•7mo ago
legohead•7mo ago
daneel_w•7mo ago
account42•7mo ago
Suzuran•7mo ago
account42•7mo ago
GTP•7mo ago
driverdan•7mo ago
autoexec•7mo ago
bilekas•7mo ago
IE he can see the peer pool but they don’t announce the peer list.
dymk•7mo ago
Retric•7mo ago
dymk•7mo ago
Retric•7mo ago
You made a hypothetical assuming they would do something they wouldn’t because it puts them at risk.
account42•7mo ago
Retric•7mo ago
However the important bit isn’t winning in a harassment case but having documentation to get them to stop in the future.
jekwoooooe•7mo ago
account42•7mo ago
ranger_danger•7mo ago
Why do you say that?
I think even seemingly "useless" questions can lead to valuable discussions and insights... and it might also be possible that your perspective is not the only valid one.
What's useful (or not) to one person is not always the same for others.
diffeomorphism•7mo ago
ranger_danger•7mo ago
chaboud•7mo ago
FirmwareBurner•7mo ago
In my country we have a phrase for this exact scenario: "the punishment is the process".
When the government or a powerful person wants to fuck with you, all they have to do is drag you endlessly through the court system, even knowing they'll loose. Because the experience will be 100x more painful for you to win than it is for them to loose.
It's what the UK government did to the postal workers in the Fujitsu scandal.
koakuma-chan•7mo ago
tristor•7mo ago
busterarm•7mo ago
My family members sued each other over a small inheritance. 5 kids fighting over a couple million dollars. Case has dragged out across almost 4 decades. Lawyer fees dwarfed the size of what was being fought over several times over. Some family spent time in jail for contempt of court... Family members then put up all their personal assets to keep fighting. Then they lost and were faced with a judgment that left them destitute well into their retirement years with no way to earn new money. Some family members are still appealing and fighting adjacent court battles (property seizure, etc). This process has consumed the last decades of their lives and everything they worked their whole lives for.
Not only would I say never end up in court, I'll extend you one further. Never get the government involved in your personal relationships.
andai•7mo ago
>Never get the government involved in your personal relationships.
Amen! You can't tax friendship.
thmsths•7mo ago
gruez•7mo ago
jedberg•7mo ago
They'll just see tracker and assume it's illegal.
hungryhobbit•7mo ago
Even if you didn't mean your local police, and meant a national body like the FBI, the truth is they focus on other crimes (eg. child abuse), and even then they are woefully unable to handle even most of those crimes.
The vast, vast majority of copyright enforcement comes from copyright holders ... not the internet copyright police.
jedberg•7mo ago
The police rarely find crimes on their own -- they are almost always acting on a request from someone else.
swat535•7mo ago
SXX•7mo ago
Copyright infinging materials dont go "though" trackers. Trackers only keep torrent hashes and lists of peers.
jeroenhd•7mo ago
dahrkael•7mo ago
geon•7mo ago
jedberg•7mo ago
Also the government and private companies have argued in the past that the hashes and lists of peers is inducement and enablement for copyright infringement.
Qwertious•7mo ago
bmacho•7mo ago
vintermann•7mo ago
jedberg•7mo ago
So yes, data "goes through it". Do you think law enforcement understands the nuance of metadata vs actual data?
gpm•7mo ago
There are a few internet/copyright safe harbor provisions (in the US) that might maybe (probably not) make it not a crime, I don't know, I'm not a lawyer. But your general thought when you hear "helping someone else commit a crime" ought to be "that's probably a crime itself".
rockskon•7mo ago
rvnx•7mo ago
justinclift•7mo ago
gpm•7mo ago
Running a service primarily for legal purposes that some criminals can take advantage of is pretty different with regards to intent than reviving an old domain name that you know is primarily used by old illegal torrents as a tracker.
I spent a few minutes googling, and it seems like that at least as of a decade ago the exact bounds here weren't well defined: https://www.scotusblog.com/2014/03/opinion-analysis-justice-...
> Finally, the possible liability for an “incidental facilitator” – such as a firearms dealer who knows that some customers will use their purchases for crime – is noted but not resolved. Thus, thankfully, there is still some fertile ground for hypotheticals with which we practicing law professors can bedevil our students.
drob518•7mo ago
gpm•7mo ago
Here it's not the "mere fact that somebody could use your tracker for piracy". It's that you're literally observing that a bunch of old mostly-piracy torrents are pointing at this domain, and then deciding to turn this domain back into a service which assists in that piracy.
KomoD•7mo ago
He doesn't know if they're mostly piracy or not, all he sees is a hash and the peers.
drob518•7mo ago
gpm•7mo ago
The police/courts/jury is not obliged to put blinders on just because you would prefer if they did.
The mere fact that the domain name was previously used for this is almost certainly probable cause to get search warrants that will almost certainly provide the requisite proof beyond a reasonable doubt that he has in fact intentionally both committed himself, and aided others in committing (because he knew what the domain name was, or at least recognized it as similar to demonoid and could guess), copyright infringement. And that's without the blog post... (which I assume in the hypothetical where he chose to keep running this he would not have posted).
necovek•7mo ago
Eg. Canonical distributes Ubuntu via BitTorrent too: https://ubuntu.com/download/alternative-downloads
Edit: I missed the "uh," in the OP: I stand corrected.
notpushkin•7mo ago
But yeah, I don’t think Canonical would use open.demonii.si as a tracker for their torrents.
immibis•7mo ago
ranger_danger•7mo ago
immibis•7mo ago
"Beyond a reasonable doubt" doesn't mean you can just say "no that's not true" about anything and have it not count. It's beyond a reasonable doubt, not beyond any doubt. It's not reasonable that this tracker address was gotten from a Linux ISO. Perhaps the defendant could claim they got it from a list of trackers, but they already admitted they didn't, so that's not reasonable either.
ranger_danger•7mo ago
Even if that were proven as true, so what? There's nothing illegal about using the domain itself.
> It's not reasonable that this tracker address was gotten from a Linux ISO
Sorry but you don't get to be the judge of that, the judge does.
awesome_dude•7mo ago
It's kind of like Kim Dotcom's defence of his systems where he was saying that he was making attempts to remove content from his systems in compliance with DCMA requests. That is, the claim is his systems were legal because even though people were using them for illegitimate purposes, he was actively working to prevent that from happening.
immibis•7mo ago
diggan•7mo ago
Right, that makes sense. Is running a tracker "knowingly helping people commit crimes"? I feel like that's a huge jump, there is a wide range of content coordinated by trackers and the DHT.
gpm•7mo ago
Dylan16807•7mo ago
ranger_danger•7mo ago
For one, a judge/jury does not infer things they are "supposed to know", such as whether torrents are mostly used for piracy or not... they only operate based on the evidence presented.
There is a very large burden of proof in criminal cases, requiring that their intent to facilitate a crime be proven "beyond a reasonable doubt".
Trying to say "everyone knows linux ISOs is code for piracy" or claim that "a judge would see right through that" is simply not how things work... decisions cannot be made based on any type of prior knowledge like that.
The entire point of a criminal court case (as a prosecutor) is to convince a judge/jury that the defendant is guilty using evidence and testimony, which means they must prove that there was clear intent to commit/facilitate a crime, i.e. they knew it was illegal and did it anyway.
Simply running a torrent tracker in and of itself doesn't prove any of that.
senko•7mo ago
> So I was, uh, downloading some linux isos, like usual.
Nothing to see here, move along.
Seriously though, the OP makes the same argument and concludes that:
> I was spooked. [...] I shut down the VPS and deleted the domain quickly after confirming it works.
IANAL but this clearly shows the OP didn't intend to facilitate crime and shut it down after seeing that was what may have been happening.
gpm•7mo ago
> But the OP states he was using the tracker for lawful purposes:
That quote is a confession that he was committing copyright infringement. Courts and juries and not obliged to ignore the ", uh," part.
Probably (in the very unlikely event where he is charged) the best defence would be "this was a joke" not "I didn't literally confess to committing copyright infringement". Even then I'm pretty sure this quote would weigh against him substantially in just about any jury's mind.
senko•7mo ago
I know, "linux ISOs" has always been a joke "rationale" :)
I do think we're in agreement.
FabHK•7mo ago
Oh boy, are the crypto bros in trouble.
hoseja•7mo ago
leijurv•7mo ago
"I then started the tracker. After about an hour, it peaked at about 1.7 million distinct torrents across 3.1 million peers!"
numpad0•7mo ago
Maybe it's about time to revisit it? It's just the matter of how to enforce DRM. They shouldn't care in this day and age with plenty ways to get licensing sorted out.
geon•7mo ago
KomoD•7mo ago
If you don't respond to takedowns, that's probably leaning towards being illegal*
If you respond to takedowns and blacklist the hashes, you're most likely fine*
*obviously depends on the jurisdiction and on whether matching hashes to IP:PORT is considered distribution/facilitation/whatever (take TPB's case as an example)
I know someone who ran a pretty large tracker for years, when he received a takedown he just blacklisted the hashes and he's been fine so far.
anilakar•7mo ago
eli•7mo ago
myrmidon•7mo ago
I also don't know of any precedent where bittorrent software/client itself was ruled illegal (but am not a lawyer).
lacoolj•7mo ago
Good question though, would love to know what specific tech is in use (or if it's just "finding it on search engines organically")
eli•7mo ago