private flag in tracker announce insecure, why?

[boo]

Just came to think of this, but why is it unsecure to have the private flag in the tracker announce??

Plus if the private tracker has to rely on the users to create a torrent with a private flag,

their torrent will be leaked allot unless the tracker can like analyze the submitted torrent

and if there is no private flag in it, the tracker ask the user to remake the torrent.

[Firon]

The tracker can check for a private flag, and it can also automatically add the private flag to the torrent. Both are easily done.

On that note, the private flag is extremely useless and unreliable.

If the tracker is down or inaccessible, if the user is banned, if the user isn't registered, he'd never get a tracker announce that said "hey, turn on private mode". And you could easily bypass it by just removing the tracker URL, and voilá.

Nevermind the fact that it doesn't even work on any other client besides BitComet. (even if µTorrent didn't, Azureus doesn't and that's a LOT of users. They would never implement it into the client for these stated reasons)

There's so many ways to exploit it, it isn't even funny.

The private flag in the .torrent is the way to go.

[Klaus_1250]

It can also create a problem if there is a bad tracker in an multi-tracker torrent. If one tracker says Private=1, than that torrent becomes private. But the whole private flag doesn't work if there is nodes-key in the torrent. Private tracker should make the private flag mandatory, or add it themselves. See also http://forum.utorrent.com/viewtopic.php?pid=22484

[splintax]

the tracker can like analyze the submitted torrent and if there is no private flag in it, the tracker ask the user to remake the torrent.

yes, most trackers can do that, some can even automatically add the flag..