7.3.0 seems to have a bug


#1

I updated to 7.3.0 last night. And in the morning, I checked https://iknowwhatyoudownload.com site to see if it’s working. And it shows many random files that I never downloaded.
This happened when I tried one of the beta versions before, so I had to go back to 7.2.
But even this stable version does the same thing.
This is critical because last time (when I used the beta version), there were many random xxx and even child pron videos were on the list, which I never download. So, it’s not really protecting me for now.
Please fix this issue ASAP. I can’t use tribler, until this is fixed.
I’m using the Windows version


#2

No need to get scared!

This is an interesting website, but not accurate in the Tribler case. Please see: https://iknowwhatyoudownload.com/en/api/ “We cooperate with Right Holders, Law Offices, Internet Service Providers, Advertising Agencies and National Police. We provide information about sharing/downloading content via Bittorrent Network all over the world”. So interesting people…

Plus:
How we collect data
Our system collects torrent files in two ways: parsing torrent sites and listening DHT network.

This story is really funny, from a technical perspective. Tribler really is a non-profit version of this service. Tribler includes a distributed popularity tracker mechanism that uses the DHT. We also have a privacy respecting part, which uses a Tor-like protocol. Because they are lazy and opportunistic, they use a completely bogus method of tracking people. It will get way more false positives then just Tribler.

I’ve called people “Borderline Incompetent” https://www.google.nl/search?q=“borderline+incompetent” for doing stuff like this in US court. Really! Not one of my smartest moments, I was still young then.


#3

Thank you for your answer.

What I was trying to say is that this didn’t happen with 7.2.2. The website didn’t detect any downloading files, unless I put it on zero hoop mode. But now with 7.3.0, it’s getting many things from my ip address.
I’m going back to 7.2.2 for now. I will try your next release.

Thank you very much!


#4

Wireshark BitTorrent packet analysis can confirm leak of real IP.


#5

I confirm a big breach in security, Tribler 7.3.0 is not anonymous.


#6

I can also confirm. The torrent I downloaded shows up when I check same site OP used, as well as 13 other torrents I know nothing about, which means the activity of stuff being tossed around in this onion setup is being traced to me, by this website in OP that says they work with IPs/lawyers/law enforcement/etc.

Not only am I floored that my traffic isn’t anonymous with this program that’s advertised as anonymous, but I potentially could have horridly illegal torrents showing up as being down/uploaded by me.

Really, really, really bad thing going on here.


#7

They have also tracked bootstrap.blocks as well. This seems accurate since netherlands is quite red.

https://iknowwhatyoudownload.com/en/torrent/?id=5c55a311a8236215ec463a25d52df9cb8e71d9dabdc4dd1a514673dee6ebc817f1bd4a33ad9ba6db2fb8d68c19b1bddf


Supposedly anonymous Tribler activity being shown on IP address spying websites (9/19/19)
#8

I am also checking results with 7.2.2.

ubuntu torrent with 2 hops
centos torrent with 1 hop

lets see.

7.3.0 was reported ubuntu torrent with 2 hops yesterday on the site. May be they have an exit node…


#9

Same thing happens also in 7.2 regardless of hop number. It leads to confirm that the repost is based on dht traffic.


#10

I tried the version 7.3.1, and confirm that this isn’t fixed yet. (I’m using the Windows version, if it makes any differences.) Still, some random files are shown in the list from the site above. So I went back to 7.2.2 again. I’m not trying the 7.3.2 version, because they announced that it’s with network fixes rather than security fixes. I’ll wait for the next release.


#11

Please, see DHT-based download scanners vs Torrent Checker for clarification.


#12

Thank you for your answer.

I installed 7.3.2, tried turning off the torrent checker, and ran it for two days. As you explained the website couldn’t scan anything (neither my actual downloads nor the random list of them).