That is a hell of a lot of trust that people are putting in to download and upload unknown files.

The risks that you download and start spreading malware or worse CSAM. You really don’t want that sitting on your disk.

Admittedly the risks is lower if the list is coming from Annas Archive, but this is still putting a lot of trust in an external list.

Much better off doing this manually, finding the list of what you want to seed and vetting that list yourself.

▲

yoavm 6 hours ago | parent [-]

The torrents are coming directly from Anna's Archive torrents list generator, which suggests their torrents based on how rare their content is. There's currently 177TB of data that is only seeded by 4 computers around the world, which I personally find worrisome.

People seem to be very concerned, but putting aside the legal risks (which I accept - don't use this if you're in one of the ~10 countries it could get you in troubles for), I don't really get it. The idea is to support Anna's Archive. If you do not trust the project, why support it? Levin is meant for people that want to support Anna's Archive, and my assumption was that this implies some kind of trust in their torrents.

Edit: just adding that "finding the list of what you want to seed and vetting that list yourself" is extremely not practical and not won't really help anyone. Torrents work because we're all seeding the same torrents. If I'd seed a torrent of my 5 favorite books and you seed a torrent of your 5 books, our torrents will forever have 1 seeder each. And good luck manually vetting all the files in one AA torrent. I am planning to let people manually add/remove torrents from Levin, but I highly suspect it will be used by very, very few.

▲

nerdjon 5 hours ago | parent [-]

You are making a wild jump here, you can trust without blindly trusting. How dismissive you are being in multiple comments about people having legitimate security concerns is extremely concerning.

This is such a fundamental security concept that we even have a commonly used phrase “trust but verify”.

You don’t have to just go based on your favorite books, but instead yourself find the list of torrents that need extra seeders and commit to those. Do a sanity check of the torrent and move on.

The risks of this blind trust is just way too high.

▲

yoavm 4 hours ago | parent [-]

Please, go to https://annas-archive.li/torrents and check their torrent list generator. It will recommend you torrent files that need help seeding. Pick one, and see for yourself that it's practically impossible to audit its content. I just checked and the average torrent size is around 125GB. With a typical file in it being around 0.5mb, you're looking at auditing 250,000 files. And the filenames are all hashes.

I would honestly love to know what you see as an alternative to trust here; an alternative that can still be helpful.

▲

nerdjon 4 hours ago | parent [-]

Again nowhere am I saying an alternative to trust, I can trust AA without blindingly trusting. Human error and malicious actors don’t immediately remove trust in a larger group, but it is also up to you to take some responsibility to protect yourself.

Even the simple act of manually choosing the torrent you are going to seed is already more of a sanity check than what your tool is doing. You could decide that your personal safety guidelines are that you will seed older torrents but not new ones just to make sure that some time passes and nothing was snuck in.

Is that perfect, no. But you know a lot more about what is happening on your device than a piece of software that just chooses what it is going to download and seed automatically. And you know before anything happens, not after.

Personally my biggest problem there is not choosing to use a tool like this or even how you wrote it. My problem is that you don’t make any mention of this on GitHub and that you’re incredibly dismissive of any concerns about running this way. If this is how you want it to work fine, but simply acknowledge that there are risks involved that go beyond just simply trusting AA and you are asking for blind trust.

	▲	yoavm 3 hours ago \| parent \| next [-]
		I'm sorry if it sounded like I was being dismissive. FWIW, people suggested that I'll add some information to the README and even implement some kind of a "country-check" to warn the user, and I think these are all great ideas. I still don't think that auditing AA torrent files make much sense however. As my first comment mentioned, the project is WIP. I posted it here because it seemed relevant, but if you're looking for bugs, I'm sure you'll find them both in the code and in the README. I assumed that people realise that a combination of torrenting + AA requires some precautions, but if your point is that I can make it clearer - I don't disagree.
	▲	s3p an hour ago \| parent \| prev [-]
		If you are seriously this upset about such a tool, why don't you just avoid using it? Instead of commending the author for their work you're trying to tear them down and prove them wrong in every reply. Why not just move on with your day and avoid using it?