You are making a wild jump here, you can trust without blindly trusting. How dismissive you are being in multiple comments about people having legitimate security concerns is extremely concerning.

This is such a fundamental security concept that we even have a commonly used phrase “trust but verify”.

You don’t have to just go based on your favorite books, but instead yourself find the list of torrents that need extra seeders and commit to those. Do a sanity check of the torrent and move on.

The risks of this blind trust is just way too high.

▲

yoavm 4 hours ago | parent [-]

Please, go to https://annas-archive.li/torrents and check their torrent list generator. It will recommend you torrent files that need help seeding. Pick one, and see for yourself that it's practically impossible to audit its content. I just checked and the average torrent size is around 125GB. With a typical file in it being around 0.5mb, you're looking at auditing 250,000 files. And the filenames are all hashes.

I would honestly love to know what you see as an alternative to trust here; an alternative that can still be helpful.

▲

nerdjon 4 hours ago | parent [-]

Again nowhere am I saying an alternative to trust, I can trust AA without blindingly trusting. Human error and malicious actors don’t immediately remove trust in a larger group, but it is also up to you to take some responsibility to protect yourself.

Even the simple act of manually choosing the torrent you are going to seed is already more of a sanity check than what your tool is doing. You could decide that your personal safety guidelines are that you will seed older torrents but not new ones just to make sure that some time passes and nothing was snuck in.

Is that perfect, no. But you know a lot more about what is happening on your device than a piece of software that just chooses what it is going to download and seed automatically. And you know before anything happens, not after.

Personally my biggest problem there is not choosing to use a tool like this or even how you wrote it. My problem is that you don’t make any mention of this on GitHub and that you’re incredibly dismissive of any concerns about running this way. If this is how you want it to work fine, but simply acknowledge that there are risks involved that go beyond just simply trusting AA and you are asking for blind trust.

	▲	yoavm 3 hours ago \| parent \| next [-]
		I'm sorry if it sounded like I was being dismissive. FWIW, people suggested that I'll add some information to the README and even implement some kind of a "country-check" to warn the user, and I think these are all great ideas. I still don't think that auditing AA torrent files make much sense however. As my first comment mentioned, the project is WIP. I posted it here because it seemed relevant, but if you're looking for bugs, I'm sure you'll find them both in the code and in the README. I assumed that people realise that a combination of torrenting + AA requires some precautions, but if your point is that I can make it clearer - I don't disagree.
	▲	s3p an hour ago \| parent \| prev [-]
		If you are seriously this upset about such a tool, why don't you just avoid using it? Instead of commending the author for their work you're trying to tear them down and prove them wrong in every reply. Why not just move on with your day and avoid using it?