I usually just count the seeders and leechers. 1000+ seeders are usually seeding something legit. Failing that, I grab several versions and just see what they look like.
I think here, the common-sense solution that works most of the time is more useful than an interesting, complex solution.
It would be pretty cheap and easy for copyright holders to publish a bunch of fake torrents — just copy the torrent+file names of the most popular torrents and fill the files with random data — rent a couple thousand VMs on AWS, and seed them all using these VMs.
Even more insidious: They can distribute something that is similar enough to the original file, but is still a fake. Movies with the climax cut out, books where the plot is changed, games where you cannot win.
Enough downloaders get the file, skim it to make sure they have a viable one, and then keep it in a folder for later consumption.
If it passes the scan test they would be likely to get a bunch more seeders. This is one of the reasons torrent sites have comments.
Stuff like what you describe would have lots of artificial seeders, sure - and "they" could even rotate the IP addresses so blacklists don't work.
But it's a big well to poison with such weak tactics, and I think such things have been tried before; and it's not that hard to just...download a different copy.
I usually download a couple different versions of my 'Linux isos' anyway, just in case the audio or the encoding is messed up on one of them. I get that it's fun, and intellectually stimulating, to think about complex solutions to interesting problems, but you still have to look and see if the simple solution is already there. BitTorrent is a robust protocol that's already got built-in mechanisms for these things. The swarm itself attests to the valid files, because those are the files that remain seeded. No need for extra complexity.
From experience with Gnutella, spammers can just fake the seeder number.
Gnutella, unlike BT can propogate standalone chunk hashes alone, as I understood, so you can weed out fakes early. BT doesn't have that before you start the download.
Gnutella 2 has even more armaments to weed out fakes
It seems like just about every major problem with the internet right now would be a lot easier if Step 1 were solved. If it could be solved in a way that also preserved privacy, then the net result could even be positive.
As you mention the "b" word, let me mention one proposed solution to Step 1 which does rely on that technology, and claims it "requires no personal information. It lets you prove your humanness without risking your privacy."
I think "PGP WoT but hopefully actually usable" is a good way to describe it, but the system is at least blockchain-adjacent. As the user guide[0] says:
"BrightID and IDChain itself use DAOs on IDChain for governance."
and:
"IDChain (IDChain.one) is a proof-of-authority blockchain where validators are democratically elected by BrightID-verified unique humans."
Blockchain was the first thing I thought about, because that sounds like an poster-child case of actually useful blockchain. But thinking again, I'm not sure, wouldn't it be rather expensive to run on a blockchain? Either you use some pre-existing blockchain with smart contracts & such: so basically, make an Ethereum DApp and burn gas. Or you would need to implement all the same PoW as other cryptocurrencies, with is an unwelcome overhead, considring people don't even like to seed torrents for too long. On the other hand, I'm not sure that incentive to fake torrents is THAT high, so maybe some very weak version of it would suffice, because very few will be ready to spend money to create fake votes for their torrents. I seriously have no idea.
The second idea, which comes to mind is that there are "reputable" release groups for most of the content anyway, many with a web-page of their own, and it would suffice to make signing with a private key a common practice, or maybe even implement some sort of standard protocol to fetch these keys and verify torrents (with curated source lists). But then again, it seems practical, but not really decentralized anymore, as it often happens.
Which gives me a third idea: to know that an item is trusted, you don't really have to make a decentralized reputation system. I mean, you don't need a score and many votes to mark item as "trusted": you only need 1 trusted vote. So it seems like we could have something like a decentralized certificate authority. So, something exactly like a regular certificate authority: there is a trusted CA, and it can manually sign other CAs that become trusted as well, anyone can revoke certificates and so on, but instead of 1 root CA there are possibly many, different for different nodes/people. Of course, we still have "the hard problem" unsolved, we only transformed it into a different hard problem, but the difference is I think we don't actually have to solve this one! We could be piggybacking on some pre-existing social graph, possibly decentralized and quasi-anonymous. Imagine this being built-into some federated social network, like Matrix or Mastodon! You decide to trust someone for some absolutely non-technical reasons, that have nothing to do with cryptography, and everything else is relatively easy and simple.
Surely, malicious signatures would still find their way, but they would be rare enough and it would help no one if you can make tons of fake CAs, because they are not trusted by default, and if you can find a compromised CA that is trusted by somebody: well, everybody can just blacklist that CA (and all of its children) after you sign some malware with it.
There is one thing I'm not sure about: if we can somehow (usefully) implement signing and revoking without revealing who of your "friends" signed it. It would seem desirable to make all activity graphs non-transparent and anonymous in a practical sense. It somehow feels possible to me, but I'm sleepy and a bit foggy right now, so maybe there's a problem with it. Of course, it still would be useful without that feature, but a bit less nice. I would surely be more inclined to mark torrents as "verified" for all my "subscribers" if all they will know is that "somebody trusted" verified it, and not that it was me. Maybe it's less of a problem if only "bad" torrents are explicitly marked as such.
I think you might be right that a system doesn't need to be fully Sybil-resistant if you're bootstrapping your web of trust from people you actually know. The main developers of Matrix are working on decentralised reputation systems[0] which might show how this can scale, and I think the underlying protocols of both Matrix and the Fediverse are general enough that they could support granting reputations to content/hashes as well as people/groups/CAs.
Also it sounds like you're almost suggesting some sort of zero-knowledge proof system, whereby a user could calculate the average trust rating for a given entity across all their (friends of) friends, without that result disclosing the rating given by any specific friend. There are probably already algorithms for doing that, if necessary using the techniques of privacy-preserving cryptocurrencies.
It's a "well, yes, but actually no" situation, seeing as some torrent-related programs implement a few draft BEPs. I haven't seen any that support the torrent signing BEP, though. https://www.bittorrent.org/beps/bep_0035.html
Which leads to possibly an interesting legal question: If a third-party is vouching for the quality of a given copyright-infringing torrent, are they liable for the copyright-infringement of the people who download that torrent based on its positive rating?
Some jurisdictions have decided that running a search engine for torrents (especially if it doesn't remove results which rights holders claim are leading to copyright infringement) does make the site operator liable.
I suppose if we are being strict, what we are talking about is vouching for the quality of a .torrent metadata file, which can be downloaded by a torrent client without legal problems from the author of that metadata, and it's only when the metadata is used to download the torrent contents that copyright infringement occurs.
The thought experiment I've considered is what would happen if there were a site where people could vote on short hex sequences of a certain length, to decide which sequences are the best. It could be called the "I Rate Bay", because users give each (hash) sequence a rating from 1 to 10.
Of course all of this ignores the fact that by participating in these ratings, someone is probably incriminating themselves by saying they have not only downloaded the torrent contents but read/installed/watched/listened to it. Using that as the basis of a case against someone seems almost reasonable, but pursuing a "contributory infringement" angle strays a little too far into freedom-of-speech violating territory, in my opinion.
I think there’s an argument to be made that if “quality” is limited in scope to “not malware,” then you’re operating a service to promote the public health of the Internet. If you start talking about whether the torrents are good rips, complete, etc., then it would promote more piracy. Not sure that this argument would pass muster given the history in this space, but I do think it would help stifle a malware propagation channel.
It's an interesting thought experiment. But even if you figure out a way to remain on the right side of the law today, the copyright cartels will just buy some new laws to make whatever they don't like illegal. The only way to stop this corruption is to thoroughly defund them.
in the piracy business, having a cryptographically-verifiable way of proving that you were the one infringing the copyright sounds like an anti-feature to me...
Okay. Thank you. I just am in constant search of a TUI framework I would consider good from my subjective point of view and specifically interested in TUI projects screenshots because of this.
Thank you. Looks cool but way different from what I'm loohking for. I want something more like the DOS version of Visual Basic (not necessarily featuring a visual designer). And not necessarily for Go.
(disclaimer: academic working on this problem for 15+ years, Tribler lab)