Private Torrents

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL

NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and

"OPTIONAL" in this document are to be interpreted as described in

IETF RFC 2119 [#RFC-2119]_.

A private tracker restricts access to the torrents it tracks. A

torrent with restricted access is called a private torrent. All

other torrents are public torrents. To promote sharing, private

trackers often maintain statistics about registered users and restrict

access to certain or all torrents for users that do not adequately

upload.

When generating a metainfo file, users denote a torrent as private by

including the key-value pair "private=1" in the "info" dict of the

torrent's metainfo file [#BEP-3]_.

When a BitTorrent client obtains a metainfo file containing the

"private=1" key-value pair, it MUST ONLY announce itself to the

private tracker, and MUST ONLY initiate connections to peers returned

from the private tracker.

When multiple trackers appear in the announce-list in the metainfo

file of a private torrent (see multitracker extension in [#BEP-12]_),

each peer MUST use only one tracker at a time and only switch between

trackers when the current tracker fails. When switching between

trackers, the peer MUST disconnect from all current peers and

connect only to those provided from the new tracker.

Rationale

Private trackers deny admission to private torrents by refusing to

return peer lists. Once an intruder peer has obtained the IP address

and port of a peer, regardless of the source, the intruder can

initiate a connection to that peer and trade pieces with the peer.

Once in the swarm, the intruder is granted equal treatment as all

other peers.

BitTorrent has currently four ways that a peer can learn of other

peers in a swarm:

Trackers [#BEP-3]_,

Distribute Hash Table (DHT) [#BEP-5]_,

Peer EXchange (PEX) [#BEP-11]_,

Local Service Discovery (LSD) [#BEP-14]_.

Announcing or exchanging peer information via any of these mechanisms

other than the private tracker subverts the tracker's access control.

Even though PEX only provides peer information to other peers already

in the swarm, if an intruder obtained or guessed the IP and port of a

peer already in a private torrent then exchanging peer information

with the intruder would provide the intruder with a full complement of

peers.

When a peer switches between trackers, the peer drops connections so

that it cannot become an ongoing bridge between peers granted access

from a private tracker and peers announcing to a public tracker. This

partially mitigates the effect of an attacker modifying a metainfo

file's announce-list and redistributing the metainfo file, e.g., via

a public tracker web site.

History

Private torrents were first introduced in Azureus.

References

.. [#BEP-3] BEP_0003. The BitTorrent Protocol Specification. Cohen.

http://www.bittorrent.org/beps/bep_0003.html

.. [#BEP-5] BEP_0005. The DHT Protocol. Loewenstern.

http://www.bittorrent.org/beps/bep_0005.html

.. [#BEP-11] BEP_0011. Peer EXchange (pending)

.. [#BEP-12] BEP_0012. Multitracker Metadata Extension. Hoffman.

http://www.bittorrent.org/beps/bep_0012.html

.. [#BEP-14] BEP_0014. Local Service Discovery. Harrison, Hazel.

http://www.bittorrent.org/beps/bep_0014.html

.. [#RFC-2119] RFC-2119. http://www.ietf.org/rfc/rfc2119.txt

Copyright

This document has been placed in the public domain.

..

Local Variables:

mode: indented-text

indent-tabs-mode: nil

sentence-end-double-space: t

fill-column: 70

coding: utf-8

End: