BEP:27
Title:Private Torrents
Version:11143
Last-Modified:2008-09-04 16:21:37 -0700 (Thu, 04 Sep 2008)
Author:David Harrison <dave at bittorrent.com>
Status:Draft
Type:Standards Track
Content-Type:text/x-rst
Created:3-Aug-2008
Post-History:

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in IETF RFC 2119 [6].

A private tracker restricts access to the torrents it tracks. A torrent with restricted access is called a private torrent. All other torrents are public torrents. To promote sharing, private trackers often maintain statistics about registered users and restrict access to certain or all torrents for users that do not adequately upload.

When generating a metainfo file, users denote a torrent as private by including the key-value pair "private=1" in the "info" dict of the torrent's metainfo file [1].

When a BitTorrent client obtains a metainfo file containing the "private=1" key-value pair, it MUST ONLY announce itself to the private tracker, and MUST ONLY initiate connections to peers returned from the private tracker.

When multiple trackers appear in the announce-list in the metainfo file of a private torrent (see multitracker extension in [4]), each peer MUST use only one tracker at a time and only switch between trackers when the current tracker fails. When switching between trackers, the peer MUST disconnect from all current peers and connect only to those provided from the new tracker.

Rationale

Private trackers deny admission to private torrents by refusing to return peer lists. Once an intruder peer has obtained the IP address and port of a peer, regardless of the source, the intruder can initiate a connection to that peer and trade pieces with the peer. Once in the swarm, the intruder is granted equal treatment as all other peers.

BitTorrent has currently four ways that a peer can learn of other peers in a swarm:

  • Trackers [1],
  • Distribute Hash Table (DHT) [2],
  • Peer EXchange (PEX) [3],
  • Local Service Discovery (LSD) [5].

Announcing or exchanging peer information via any of these mechanisms other than the private tracker subverts the tracker's access control.

Even though PEX only provides peer information to other peers already in the swarm, if an intruder obtained or guessed the IP and port of a peer already in a private torrent then exchanging peer information with the intruder would provide the intruder with a full complement of peers.

When a peer switches between trackers, the peer drops connections so that it cannot become an ongoing bridge between peers granted access from a private tracker and peers announcing to a public tracker. This partially mitigates the effect of an attacker modifying a metainfo file's announce-list and redistributing the metainfo file, e.g., via a public tracker web site.

History

Private torrents were first introduced in Azureus.

References

[1](1, 2) BEP_0003. The BitTorrent Protocol Specification. Cohen. http://www.bittorrent.org/beps/bep_0003.html
[2]BEP_0005. The DHT Protocol. Loewenstern. http://www.bittorrent.org/beps/bep_0005.html
[3]BEP_0011. Peer EXchange (pending)
[4]BEP_0012. Multitracker Metadata Extension. Hoffman. http://www.bittorrent.org/beps/bep_0012.html
[5]BEP_0014. Local Service Discovery. Harrison, Hazel. http://www.bittorrent.org/beps/bep_0014.html
[6]RFC-2119. http://www.ietf.org/rfc/rfc2119.txt