BTJunkie.org - Leaking Your Private Tracker Accounts?

February 13, 2009 by sharky

It’s never a good idea to use a public torrent site to login to your private trackers. While it may seem convenient to use one central site to manage all of your private accounts (for searching purposes / downloading external torrents), this means you’re trusting them with your account details - and also with your passkey from the torrrents. Very popular BTJunkie.org is one such torrent website that allows for registered users to create an account, setup your private trackers (by submitting your username and password for each), and proceed to search for & download torrents.

According to at least one private tracker owner, BTJunkie is "actually harvesting your private ID (passkey) from your .torrent files". Not only can your accounts be compromised, but it can have adverse effects on your ratio - since your torrent passkeys are being shared & used publicly.

A Warning From CartoonChaos…

Yesterday, CartoonChaos sent out PMs to all of its members, which pertained to a warning about using BTJunkie and private tracker accounts. It said,

Cartoonfans,

If you use BT Junkie and have noticed your ratio behaving weirdly, or someone leeching something under your name that you aren’t, please be aware that they actually harvest your private ID (PID) from your .torrent files if you sign up an account with them for remote torrent downloading.

What that translates to is that if you upload a torrent from here to BTJunkie..or use them to index or download torrents from private trackers you are a member of, your passkey or Private ID will become PUBLIC - anyone who goes and downloads that .torrent can then connect to our tracker via your account ID and abuse YOUR ratio!!

Now it is always up to you the user to protect your PID (if you know this applies to you go to your My Panel and change it now) - see our rules.

If you use BT Junkie we recommend you stop doing so and change your passkey now. You will then need to redownload the .torrents for every file you had active in your client to continue seeding/leeching them.

This has affected users on other private trackers - we’ve had one case so far so please make sure you aren’t affected if you use the service.

- CC Staff

There’s no word on what the motive could be for BTJunkie to use private passkeys in their public torrents, but one obvious reason would be to increase the download speed on those torrents (for public users). We were able to download at least a few private torrents (with passkeys) at BTJunkie, but all of them generated an error message in uTorrent: Failure….unregistered torrent pass.

Aside from the obvious reasons (insecure private tracker account; a butchered ratio), this also opens the door to DMCA / Cease & Desist - Takedown notices that the MPAA has recently been sending out to users of Mininova, IsoHunt and other public sites. Seemingly, this makes it too easy for anti-piracy groups such as BayTSP to join in the torrent swarms of private trackers to log IP addresses, without even needing an account at one.