Jump to content

Hypothetical Question (Safety)


twipley

Recommended Posts

This is a thought experiment. Suppose I am sending confidential data to peer B through tracker Z. But, the ones running the tracker are not the good people I think them to be, but rather maleficent people wishing to gain illegitimate access to the data by adding themselves as extra peers.

Do you, developers, think that, in the current context of the software code, such people somehow could, without possessing the .torrent file itself, infiltrate themselves in the swarm, thus gaining access to such confidential data? Or have you long ago implemented measures to protect users against such malevolent actions? Thanks for taking part in this thought experiment.

Link to comment
Share on other sites

The .torrent contains information needed to download the data, having just the info_hash (which is what the tracker gets) isn't enough to reconstruct the data, so as long as the .torrent remains secret you wont have random people joining the swarm.

Link to comment
Share on other sites

Strictly speaking, I don't think that's completely true. The only thing the .torrent file is needed for is to verify that the received data is correct, and to map the received data out into files. Peers without the .torrent file should still be able to request arbitrary pieces. They can request the first piece to get the piece size, and combine that with the bitfield message to get an idea of the approximate size of the torrent contents (and how many pieces they should be requesting). In that way, they can still get all the data -- whether the data is split up nicely is inconsequential if we're talking only about privacy.

Link to comment
Share on other sites

Encryption is indeed best fit for this exact situation: transmitting confidential data over open communication. It would be stupid and irresponsible to do otherwise with confidential information, honestly. Sending of confidential data over open communication can potentially be listened in on whether or not you're using BitTorrent.

Getting the last piece wouldn't be too much of a problem. Sure, they won't know exactly where the last piece is, but they can probably detect it some way or another. For example, they can assume (to a fair degree of accuracy) that they have the last piece if peers aren't sending pieces beyond a certain index that falls in the last byte of the bitfield. This becomes especially accurate if that index seems to correlate with the number of apparent spare bits at the end of the bitfield (they won't know for sure whether the spare bits are really spare bits, or if they're simply missing pieces, but whatever), and the piece size of the highest-indexed piece they have doesn't match the previously-received pieces' sizes. Either way, though, getting the last piece should be the least of anyone's concerns -- not getting it would only be as bad as the peer receiving corrupted data for a few pieces. As long as they have good copies of pieces for a decent portion of the data, it should be considered a safety/security breach (at least if the data is unencrypted).

And just to be clear, none of what I've written is authoritative -- it's only based on my understanding of the protocol, which certainly isn't complete. I simply don't see anything in the protocol that would technically limit random peers from joining swarms and requesting data.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...