Suggestion: get rid of the torrent files and just serve magnet urls in plain text without a clickable button. This way you get rid of the knowledge of who-downloaded-what, and also save some bandwidth.
> just serve magnet urls in plain text without a clickable button
That would make it impossible to copy the magnet link from the search results page, which I believe is a really nice usability perk. For users that are less technically inclined, clickable links could be crucial (even if it gives you the theoretical possibility to track the click).
I guess it depends on if you are prepared to be a search engine only for the 1337 crowd, or if you want casual users to have access to a decent search engine too. The Hacker News crowd could still just right click and copy the magnet link, so essentially you're just removing features for those who don't understand how technology works but are still dependant on it.
Perhaps the best idea would be to keep the link and have a text area for selecting and copying like requested above.
If we're allowing javascript, then you might as well use links. It would be just as easy to check for selected text to find out what the user copied from the page.
Yes, if they stand by their word of not using JavaScript. That is easy enough to verify by someone knowledgeable, but I suppose ditching any magnet links would be more of a marketing move ("we can't track your clicks, because there's nothing to click!"). I guess selecting text (at least by selecting it in a textarea) could easily be tracked with js too though...
> This way you get rid of the knowledge of who-downloaded-what, and also save some bandwidth.
I don't get this. It's a magnet link with magnet protocol. It will be handled by your torrent client, no additional request to the server whatsoever if you click on them. It's the same as plain text copying, but more convenient.
Nearly everything that you do on a page is trackable if you have JS enabled including how you moved your mouse on the page (https://api.jquery.com/mousemove/).
To keep the technical details short: the events are logged with JS and sent over either ajax or a websocket in the background as you navigate the site.
Yes, it is. I've tried it on Facebook several times (since I try to avoid clicking on external links on the platform) and it shows related links the moment I finish the right click and copy link location action. There is some variation depending on where one clicks (on the image that has a link or the actual hyperlink), but Facebook definitely knows in most cases what URLs someone is copying to the clipboard. The first time I saw it I was very annoyed.
I get annoyed by it too, because sometimes I want to read an article but don't necessarily want fb to continue serving those articles to me. I don't really know what happens inside the Facebook machine, but I imagine clicking a link indicates you are interested in a topic. Sometimes I just want to read trash.
Yes, I tend to do something along those lines when I don't want to be tracked. To the original point, it's an annoying extra step to have to do but not unreasonable enough to stop using the site, I'm simply answering your question on why someone might find it annoying.
Over a browser Window? So If my 1Password window overlaps with my browser window, the page I'm on could sniff the entire 1Password window? Seems like a bunch of FUD..
It's not really polite to call it FUD right off the bat, especially when you're probably just misunderstanding. A browser obviously can't get events from a different app.
Moving your mouse over the window, despite not interacting with it, will allow the page to track your cursor, and could provide a surprising amount of information. That's why I wrote "over".
The parent was asking whether the "Copy Link Address" (Chrome) or similar is other browsers is trackable though, not the more general copy to clipboard.
not if the link itself is unique for each user trivial to implement,
this is how email campaigns track what you clicked in a email ( email after all do not server js)
doesn't that only work for sites the link creator has control of? i don't see how the technique can be used with links a search engine finds and then gives out to anon users.
1. The search engine adds itself to the tracker list in the magnet URI (&tr= query parameters), but with a unique subdomain and using HTTP (i.e. it adds http://asdfkja.skytorrent.in/announce to the tracker list)
2. The client announces itself to the tracker, sending the unique "Host" in the GET request (asdfkja.skytorrent.in in the example).
This doesn't prevent their users from being tracked.
Email addresses can be used for tracking by having each request for an address (e.g. each GET of a "contact us" page) return a different email address (e.g. contact43327@example.org). Checking which address gets used allows the GET request (and all associated information) to be associated with the email message (and all associated information).
Likewise, magnet links can be tracked by looking for torrent clients trying to access them. A sibling has pointed out that unique tracker URLs can be used for this. Another way would be to make up a unique content hash for each request, then lurk on the DHT looking for queries for those hashes.
If the operator has no qualms with transferring data (e.g. being directly exposed to copyright infringement) they could even service such requests, with the user being unaware of the fact they're being tracked: the operator alters the hash by making some innocuous "watermark" change to the content, e.g. altering a filename inside an archive; each time a chunk is requested, the operator fetches it from the "original" and passes it on.
Magnet links are perfectly fine for popular content, but because of the dependency on BEP 009 (Metadata exchange) for very long tail content it's often better to get the torrent file directly.
For example, to get information about torrents that are on life support (e.g. have a couple seeds that show up for a few minutes a day), having the torrent file downloadable is invaluable, as it includes info like the size and the file names, etc. In many cases it's even possible to bring a torrent /back to life/ if you have the torrent file and got the content that was in it out of band.
If you just have the magnet link you cannot do any of this.
That's not entirely true. DHT is generally the most effective, but PEX and trackers help a lot when there aren't many seeds, or there's a lot of noise on the DHT.
Please don't remove downloads of .torrent files. If you don't have this it's impossible to know what files are in the torrent (or even how big they are!) without connecting to the swarm and relying on BEP 009 (Metadata exchange).
I use this all the time for downloading very long tail content, and the move to have indexing sites be magnet-only is very frustrating.
There is no intent, it's just there as many people still prefer torrent file. Though we have magnet links, so security focused users can download without us knowing nothing.
Alternatively: Just don't log downloads of the torrent file? Those who care can use the magnet link, those who have a use case for the torrent file can get the unlogged torrent file.
I prefer using torrent files, because I can just wget/curl them down into a directory being watched by my server which downloads torrents.
Yes, but the site owner does not know if the Person who views the page actually clicks the magnet link or not, so noone will be able to tell "due to your site, X people illegally downloaded file Y"
A magnet as a link would be more useful. I'm sure the people worried about letting others know what they download can copy the link without clicking anyway.
I don't do web development or design, but is tracking the selection of text that will be copied more difficult that tracking clicks in actual practice?
Yes, clicking a button or link will send a request to the server with some information in the header, such as which browser clicked from which IP.
Selecting the text will trigger no such request, the developer will still know who opened the site and searched for what, but he cannot know the exact torrent that was copied.
clicking a magnet link wont fire a request to the server.
yes you can track who clicked a magnet link with javascript but you can track who selected the text with javascript also.
The magnet links can be in the page, and downloads and copy/paste UX can be achieved via JS just the same as server-backed as far as the end-user is concerned. This way the entire execution of the page can be audited.
