The risks that you download and start spreading malware or worse CSAM. You really don’t want that sitting on your disk.
Admittedly the risks is lower if the list is coming from Annas Archive, but this is still putting a lot of trust in an external list.
Much better off doing this manually, finding the list of what you want to seed and vetting that list yourself.
People seem to be very concerned, but putting aside the legal risks (which I accept - don't use this if you're in one of the ~10 countries it could get you in troubles for), I don't really get it. The idea is to support Anna's Archive. If you do not trust the project, why support it? Levin is meant for people that want to support Anna's Archive, and my assumption was that this implies some kind of trust in their torrents.
Edit: just adding that "finding the list of what you want to seed and vetting that list yourself" is extremely not practical and not won't really help anyone. Torrents work because we're all seeding the same torrents. If I'd seed a torrent of my 5 favorite books and you seed a torrent of your 5 books, our torrents will forever have 1 seeder each. And good luck manually vetting all the files in one AA torrent. I am planning to let people manually add/remove torrents from Levin, but I highly suspect it will be used by very, very few.
This is such a fundamental security concept that we even have a commonly used phrase “trust but verify”.
You don’t have to just go based on your favorite books, but instead yourself find the list of torrents that need extra seeders and commit to those. Do a sanity check of the torrent and move on.
The risks of this blind trust is just way too high.
I would honestly love to know what you see as an alternative to trust here; an alternative that can still be helpful.
Even the simple act of manually choosing the torrent you are going to seed is already more of a sanity check than what your tool is doing. You could decide that your personal safety guidelines are that you will seed older torrents but not new ones just to make sure that some time passes and nothing was snuck in.
Is that perfect, no. But you know a lot more about what is happening on your device than a piece of software that just chooses what it is going to download and seed automatically. And you know before anything happens, not after.
Personally my biggest problem there is not choosing to use a tool like this or even how you wrote it. My problem is that you don’t make any mention of this on GitHub and that you’re incredibly dismissive of any concerns about running this way. If this is how you want it to work fine, but simply acknowledge that there are risks involved that go beyond just simply trusting AA and you are asking for blind trust.
As my first comment mentioned, the project is WIP. I posted it here because it seemed relevant, but if you're looking for bugs, I'm sure you'll find them both in the code and in the README. I assumed that people realise that a combination of torrenting + AA requires some precautions, but if your point is that I can make it clearer - I don't disagree.
I'm seeding the Epstein files right now.
Any iOS or Android app could in fact, download arbitrary content without you noticing, but corporations conditioned people to only raise alarms on torrents and other community efforts.
Sure, but what if the scenario was slightly modified, with explicit 100% guarantees regarding rhe package you would receive in the maile:
1. It could only contain either an SSD/hard drive or a usb drive. The storage device has not been tampered with. It was only ever used as a regular storage device out of the box.
2. There is no malware or any malicious executables on the storage device. The only types of data that it could contain would be text/html, structured data/document files (json, csv, office suite files, pdf, etc.), and media files (audio, video, images, etc.). None of those files will exploit any vulnerabilities in the software that opens them (neither through the parser nor anything else)
This makes it nearly a perfect 1:1 analogy to the torrenting scenario, both involving the exact same set of imo the most important dangers.
Which, for me personally, is the fear of ending up with illegal content (CSAM, stolen credit card dumps, etc.) on a storage device in my possession through no fault of my own.
Even if it could be a winnable battle in the end, it would be pretty much over reputationally way before it gets to the legal resolution. Just being accused of having any illegal content of that nature is not something I would want to ever deal with at all.
You gotta realize how it would sound and how you would appear to most uninvolved average people in real life, when your legal defense isn’t even something like statement #1 below, and is way closer to the statement #2:
> “I am not guilty, the accusarions are false, those files were never present on any of my storage devices.”
> “I am not guilty, despite those files being actually present on a storage device in my possession. That’s all due to how torrents inherently work, so, let’s start from the basics…” [and now we gotta explain simplified basics of torrent technology and how it works to the DA, the judge, as well as anyone else observing the trial, and pray they will try to actually understand]
As I said in other comments - yes, this requires some kind of trust in the AA project. Personally, I tend to have more trust in this kind of projects than in big corporations, of which people are happily running their binaries without blinking. However, I'm not trying to convince people to trust AA - this project is simply meant for those who want support them.
Honestly, in these HN discussions, I am disappointed that people seem very casual about mass piracy of copyrighted works.
As far as being casual about mass piracy, I think the preservation outweighs the damage, and on top of that copyright is too restrictive in the first place. If we could massively boost the internet archive and have dozens of similar institutions, and didn't paywall science articles, and brought copyright down to a reasonable duration, then after that I would be much easier to convince that instances of piracy are bad.
You could say that cameras want to be free. A camera left unattended is likely to walk away.
Some rules are about adjusting incentives and disincentives to maximize value for everyone.
There is a lot of room to argue where that balance is. But the "its easy to copy stuff" argument isn't even grappling the kinds of context that result in more creations.
Most copyrighted material doesn't hurt you in any way if you can't have a copy. So someone creating something and not sharing with you should not be something to complain about.
Nor should it be a problem if they are willing to share with you, if you do something for them.
You are also completely unfettered to create anything for yourself that you feel you are missing.
People don't owe other people their work.
Because you are on the site where people who have no understanding of the domain or the problem still feel it necessary to share their opinion on things they don't understand.
"Anna's archives official torrents only" - doesn't put me at ease and it is far far from SETI@Home that was ran by highly regarded university and it wasn't storing any torrents on people hard drive.
Random people should not "just try it out because it is as easy as SETI@Home" - it should be, people who already know the project and would like to contribute but it was a hassle for them to set it up.