rpdl.net discussion & questions (torrents)

[Meaning Less]

Their bandwidth too is being exploited by these sites.
In a perfect world everyone would be in it for the content and this wouldn't be an issue. Fact is, that's just not how things are - a line has to be drawn somewhere and this is where I've decided to draw it.

I agree but in the end most of the people using those websites are just lost souls that don't know something better exists. So it isn't the website itself that is profiting out of those speeds but just random users.

In fact maybe you guys could just add a promotional file inside your torrents just to signal where it was originally from and where users should go to get more? (FFF does that) I bet many websites would avoid reposting them this way.

Then in the end those lost souls that are fighting ads would figure out that there are better platform to download stuff faster (be it your own website, f95, or whatever).

 

[fyl3toys]

Yeah, you'd probably see an uptick in 'stolen' bandwidth for a bit, but I think it would taper down after a while. Especially if rpdl is linked in the torrent.

 

[RPDL]

I agree but in the end most of the people using those websites are just lost souls that don't know something better exists. So it isn't the website itself that is profiting out of those speeds but just random users.

In fact maybe you guys could just add a promotional file inside your torrents just to signal where it was originally from and where users should go to get more? (FFF does that) I bet many websites would avoid reposting them this way.

Then in the end those lost souls that are fighting ads would figure out that there are better platform to download stuff faster (be it your own website, f95, or whatever).

I used to do that actually, well close to it. I renamed the zip and the folder to like, rpdl.net-game.zip. It didn't change anything except just annoy people here. I stopped doing it when we went private because it wasn't necessary anymore.

So it isn't the website itself that is profiting out of those speeds but just random users.

Their users benefit sure, but the site benefits too as they're claiming it as their own. One was so bad they literally copied our FAQ onto their site because they were having so many questions about our torrents.

I'm not really surprised that the torrents were stolen but I was definitely surprised at the lengths some of these sites will go to to take advantage of people at every single turn. In my ticket to staff, I even included an email chain with one of them where they tried to bribe me. It's insanity. It's pure and utter scum, I honestly wouldn't blame you if you didn't believe me but I also have the proof to back it up. I want nothing to do with these sites and by extension, I'm going to do what I can to protect our users from these sites too.

 

[RPDL]

Sorry, you reminded me of something really funny actually. Some of these sites that were linking to our torrents didn't really have a clue what they were doing so I was able to redirect them to this page ->

You must be registered to see the links

It's been so long that I'd actually forgotten it existed haha.

 

[Meaning Less]

I honestly wouldn't blame you if you didn't believe me but I also have the proof to back it up. I want nothing to do with these sites and by extension, I'm going to do what I can to protect our users from these sites too.

I believe and agree with you that it is bad/scummy.

But trying to lock everyone out just because there are some websites profiting out of it sounds like a limited solution, I still feel like just adding some extra files inside to make it clear where the file came from is a more peaceful and effective solution in my opinion.

Afterall most torrent users already expect some text/image files inside about the uploader, I don't see why it would be an issue.

 

[RPDL]

I believe and agree with you that it is bad/scummy.

But trying to lock everyone out just because there are some websites profiting out of it sounds like a limited solution, I still feel like just adding some extra files inside to make it clear where the file came from is a more peaceful and effective solution in my opinion.

Afterall most torrent users already expect some text/image files inside about the uploader, I don't see why it would be an issue.

Worth noting that I've been trying for months for staff here to allow me to link torrents for F95zone users. At the end of the day though, I don't really care for other sites or the users of other sites. I do care for our users though and the users here.

Like I said, in a perfect world it wouldn't be an issue - but it is, so here we are. It's not a perfect example, but F95Zone itself provides a DDL service for donors. Not regular members, or members of other sites - but only donors. It's their prerogative and for what it's worth, I think it's great. I chatted with Sam briefly at the time because I was curious about the hardware needs of a project this big - it's pretty awesome stuff. On topic though, do you think F95Zone will open the free DDL service to users of other sites?

Everyone knows they won't, and even asking for such a thing is foolish because it would never make sense for them. I'm very aware that torrents don't equal direct file downloads but we have servers too and monthly bills to pay - but we're asked to be 100% public...?

Context is important and every case is different. A lot of this gets lost and hidden in the details because of dumb stuff like "omg accounts" or "omg you used to modify files". The sad reality is that we (me included) were completely spoiled by nopy.

 

[Meaning Less]

Everyone knows they won't, and even asking for such a thing is foolish because it would never make sense for them. I'm very aware that torrents don't equal direct file downloads but we have servers too and monthly bills to pay - but we're asked to be 100% public...?

Well maybe you could do both?
Something like logged users get access to "private trackers" meanwhile everyone else is limited to "free trackers" and peer2peer connections?

Afterall I feel like selling other people's upload speeds could also be a bit controversial unless they were rewarded for it.

 

[RPDL]

Well maybe you could do both?
Something like logged users get access to "private trackers" meanwhile everyone else is limited to "free trackers" and peer2peer connections?

We debated this too for a while, ultimately though it was just adding complexity & confusion while splitting the userbase/community.

Believe me, this is something we've thought about doing for a loooooong time. And we did it 1st of March and ever since then with this "deadlock" with the f95 staff we've been trying to think of other ways to do things that'll allow us to protect ourselves and....well, there isn't.

It is what it is. If f95 admins say no, we're still going to make torrents - we just won't post them here. The running joke we have is that I'm locked into 24 month contracts with some of our server providers so I'm not going anywhere.

It's not the end of the world but it will be sad, I'll be sad. If they say yes, then awesome. All users will have to do is enter two simple lines of text that can be literally, whatever they want so an account gets made and they have access too. That's it.

That one tiny hoop is what's blocking everything. As much as I'd like to be angry or hostile, I can't because redknight (and likely some of the other staff) are a bit like me. They're stubborn, and like you've probably realised by now - I'm stubborn too. We both have our own principles and we're sticking to them.

On the brightside, a bunch of our PRs and feature requests were added to the next milestone (

You must be registered to see the links

) so in the not too distant future our platform might look more user-friendly to the F95 staff?

Either way we'll wait and see

 

[c3p0]

All users will have to do is enter two simple lines of text that can be literally, whatever they want so an account gets made and they have access too. That's it.

I can verified this. Tried to create a new user with a none valid email (simple text, eg. blabla) and it works.

Also the whole rpdl does this now that could be perhaps acceptable if all things are true, but perhaps in the future they might change thing and then it would become not acceptable is, in my eyes, bullshit.
All other filehoster are also judge on their current and past behaviour and not on their future behaviour.

But as I see this here, it is a deadlock. F95 won't allow rpdl's torrents here as long as it needs a login on their site and as long as rpdl's site seen login as their way to go we have the deadlock.
As only Sam and F95 are above the rest of the staff and could overrule them or make decisions like to cover the bills of rpdl's services and both of them are quite busy, we need to wait until they react.

In the meantime we all site here and have what we have.
FYI: Sometimes the games are arrive faster on rpdl then here.

 

[vdka]

All users will have to do is enter two simple lines of text that can be literally, whatever they want so an account gets made and they have access too. That's it.

While I do think F95 should bend some rules (or do oauth2 magic) to allow the rpdl service, I definitely see the point of not wanting signups, users are dumb, and will just type in the exact same email and password combination as they use on F95.

Should that be on F95s shoulders if someone is dumb enough to do that and gets hacked? No.

Will that cause really annoying tickets and make people angry at F95 if someone is dumb enough to do that and gets hacked? Yes.

 

[RPDL]

I just want to clarify something quickly. The possibility of merging our torrent thing was brought up in conversation, it wasn't ever seriously followed up on. It coincided with the period of Cloudflare issues with this site and just a busy period for Sam IRL so it went on the backburner. Further, F95zone followed it up with their own DDL thing so I just figured they were doing their own thing, which is fine.

Lastly, when we did discuss it I specifically mentioned that it'd go to a vote with our users too, just like how the staff here would have to discuss and decide if it's something they'd want to do. My comment regarding "would f95zone cover our server costs" was in jest, I think we both know what the answer would be and I didn't expect it to be taken seriously.

If I'm being honest too, I don't ever see it happening. There's far too much friction, there's zero trust or communication and when there is communication, well you can just read the past 4 pages of this thread. There's basically only two people I enjoy chatting with - I don't think it would be a good fit.

Just wanted to toss that out before people get the wrong idea.

While I do think F95 should bend some rules (or do oauth2 magic) to allow the rpdl service, I definitely see the point of not wanting signups, users are dumb, and will just type in the exact same email and password combination as they use on F95.

Should that be on F95s shoulders if someone is dumb enough to do that and gets hacked? No.

Will that cause really annoying tickets and make people angry at F95 if someone is dumb enough to do that and gets hacked? Yes.

Same problem exists for all services. The same people could create an account for mega and use the same credentials, at the end of the day it's not F95zones problem. We're also working on the assumption that our platform is compromised and the database leaked right?

Passwords are hashed using

You must be registered to see the links

and salted. You can see how it's handled

You must be registered to see the links

. There's nothing I (or anyone) can do to stop people from signing up using the same password everywhere, if anyone ever does create an actual foolproof solution for this they'll be a billionaire overnight.

But yeah, SSO is the ideal solution but it's also not going to happen anytime soon. Even if F95Zone did offer SSO, we'd also have to set it up on our end and we don't have the funding to hire somebody, or offer a bounty big enough to get it done quickly.

RE: Email, the torrust team seem to be moving from the tracker to the indexer and have setup their

You must be registered to see the links

, it's got a bunch of features that'll help us immensely and one of those is a switch to just remove emails entirely. We already replace it with random data but it'll be nice to just have it removed entirely too.

 

[c3p0]

and one of those is a switch to just remove emails entirely

I, c3p0, being of sound mind and body, have entered my correct and normal email there, fully aware of the consequences.
Boot to the head!

 

[RPDL]

I, c3p0, being of sound mind and body, have entered my correct and normal email there, fully aware of the consequences.
Boot to the head!

Same

Yeah, that happens lol. We dump that entire column hourly with this query:
update torrust_users SET email = abs(random());

It does mean we can't offer password resets but it's irrelevant anyway when people can just spin up another account in 2 seconds.

I just wanna be rid of it so it's one less thing to worry about, hopefully it arrives on the dev branch soon so we can look at implementing it.

 

[c3p0]

Thought why not, use a new password for each registration anyway

Same here.

 

[bigguy_foryou]

Not 7, but if one captcha solves, then ir might be allowed back.

rpdl perhaps a captcha that upon completion supplies the .torrent download with a one-time generated passkey (which could then be revoked if the .torrent was obviously leaked and 10,000 users are using it) would be an acceptable compromise?
Like other, permitted, hosts that allow users to use accounts to bypass restrictions (ie. MEGA limit), users could log in to bypass the captcha requirement (and you could even add a note saying captcha not required if you use an account, MEGA also tells users they can use accounts to bypass restrictions).
This seems theoretically sound in my head, unless tracking a very large amount of passkeys proved problematic.

 

[RPDL]

rpdl perhaps a captcha that upon completion supplies the .torrent download with a one-time generated passkey (which could then be revoked if the .torrent was obviously leaked and 10,000 users are using it) would be an acceptable compromise?
Like other, permitted, hosts that allow users to use accounts to bypass restrictions (ie. MEGA limit), users could log in to bypass the captcha requirement (and you could even add a note saying captcha not required if you use an account, MEGA also tells users they can use accounts to bypass restrictions).
This seems theoretically sound in my head, unless tracking a very large amount of passkeys proved problematic.

This is a great example of a solution that sounds perfect in theory, but wouldn't really work in practice. I'll explain why:

1. Currently we have no third party dependencies. If we had to have a captcha we'd have to hook up with either google or hcaptcha or [insert other captcha provider]. By design, that's sending userdata off our platform straight away.
2. Captchas suck. They're frustrating to the end user and by and large, just suck - nobody likes them. Annoying people into creating an account isn't a good solution - it'll just breed resentment and that's not healthy for them or us.
3. It's almost certainly faster to literally create a brand new account every single time, than solve a captcha.
4. Captchas don't get easier, they get harder - there's a bunch of articles about it (

You must be registered to see the links

) but the TL;DR is it's a perpetual game of cat and mouse and the people who get stuck with the sack of shit that are captchas is the end user.

I'd also be wary of inflating the database with hundreds of thousands, if not millions of rows of 99.999% unused passkeys. On that note, we'll likely have to cull dead accounts at some point but we carry so little data on our users that we can't actually tell when the last time they logged in was. Or even the last time their passkeys were used.

I'm sure there's a bunch more stuff I haven't thought of, that's just off the top of my head. At a certain point though it's worth going back to the initial problem and asking, why do we have this complicated and annoying solution to a problem we already have solved?

Very clever proposal btw.

 

[redknight00]

Like I said, in a perfect world it wouldn't be an issue - but it is, so here we are. It's not a perfect example, but F95Zone itself provides a DDL service for donors. Not regular members, or members of other sites - but only donors. It's their prerogative and for what it's worth, I think it's great.

The DDL is closed for beta while we test the traffic and sturdiness, we have higher ambitions for it in the future. Heck, one of the strongest contenders is to use part of the funding from donations to serve our own torrents without the need to rely on outside sites like rpdl and nya.

 

[RPDL]

In the last 24 hours we've

sold userdata to the chinese
been super suspicious and shady
gotten banned from posting our torrents for the 32nd time
partook in Epic World 3 starring Trump
probably had more comments mysteriously deleted

passed 1,000 users on discord, but now we're back at 988 because i purged inactives (suck it dax!)
passed 4,200 total torrents made
passed 4tb in torrents actively seeded
passed 2,400 active torrents seeded
broke our record with over 200 torrents uploaded in one day (at the time of writing we have 50 torrents queued up so technically we're gonna break our record in the next 30-60 minutes)
rented another 40tb server

 

[bigguy_foryou]

1. Currently we have no third party dependencies. If we had to have a captcha we'd have to hook up with either google or hcaptcha or [insert other captcha provider]. By design, that's sending userdata off our platform straight away.
2. Captchas suck. They're frustrating to the end user and by and large, just suck - nobody likes them. Annoying people into creating an account isn't a good solution - it'll just breed resentment and that's not healthy for them or us.
3. It's almost certainly faster to literally create a brand new account every single time, than solve a captcha.
4. Captchas don't get easier, they get harder - there's a bunch of articles about it (

You must be registered to see the links

) but the TL;DR is it's a perpetual game of cat and mouse and the people who get stuck with the sack of shit that are captchas is the end user.

I don't disagree with any of this, I'm just suggesting something that could potentially get you around the rules if nothing else is an option. With regards to 1., no data other than that the user has visited rpdl.net should be sent right? It's not the worst thing. Again this is not ideal, just an attempt at a middle-ground.

I'd also be wary of inflating the database with hundreds of thousands, if not millions of rows of 99.999% unused passkeys. On that note, we'll likely have to cull dead accounts at some point but we carry so little data on our users that we can't actually tell when the last time they logged in was. Or even the last time their passkeys were used.

Perhaps passkeys generated with this method could be scrubbed after 48 hours of not being used? Passkeys tied to accounts could also be scrubbed, after a longer period probably, and regenerated if the user logs back into their account at a later date. This would help keep the db a bit more clean.
Not sure if even with this it would be feasible to generate this many passkeys though.

 

[c3p0]

sold userdata to the chinese
been super suspicious and shady
gotten banned from posting our torrents for the 32nd time
partook in Epic World 3 starring Trump
probably had more comments mysteriously deleted

Like this more.
But why only sold the user data to the Chinese? I would sold the same user data to the Chinese, Russian and Americans.