This is probably something you all have discussed already, but I couldn't find the thread on it. So, I wanted to pose it to those of you that are more experienced than I.

Ok, so along comes some Tracker spy. The post a post with a link in it like this:

http://www.HonestGuy.com/yourPrettyPicture.jpg

Now, that link is not what it seems. It doesn't go to where it says it does, but that isn't the issue. Even if it did go to where it says it goes. What happens when you click on it. Well, a POST message is sent to that server to load the JPG (either for download or into your browser). In this case, they link is fake so it gives you an error.

Still, in every one of those cases (including the apparent error) your IP is made known to the URL you connect to.

For instance, there is a popular site for getting your IP at:

http://www.whatsmyip.org/

Here is the same link, but hidden by some fake text:

http://www.HonestGuy.com/PrettyPicture.jpg

When you click on that, they will tell you your IP. That is, they know your IP to tell you that. Now, imagine that instead of it going to www.whatsmyip.org the link took you to some tracker spy site. Well, that means that you just told the tracker spy your IP. Moreover, you might not even know it since he actually does show you some pretty picture like you expected to see.

They don't even have to host the image on their own servers. You can host images on servers like PhotoBucket and either that server will tell them all the IP's that viewed their image or they could use a PhotoBucket tracker to track the IP's that view their image.

Now, for those of us with VPN's there isn't much problem so long as we don't browse this site with the VPN on (but use the VPN only for the torrenting). But for anyone without a VPN then clicking on one of these links would give away your IP even if you used a different computer to do it.

Ok, so that is easy enough. People just have to be careful about clicking on any external links from this site. Well, maybe that will work, and maybe not.

Embedded images, avatars, banners, etc....these are all often images that are kept on external servers. The question is, when your client browser runs into such an image, does the IP that is used to get these image come from the TorrentInvites server or does it come from the clients computer. I suspect that it would come from the clients computer, but I don't know for sure. In any case, if it does come from the clients computer then even if you just view a thread that contains any such image that a Tracker spy posted then they will know your IP.

Like for instance, there is a thread in the Lounge called "100 Numbers". The person who started that thread has since been banned. If any of those images that are posted are hosted by a tracker spy (even if they are hosted on some other server) then just by going to that thread you will have given your IP away. Unless, of course, if those images are instead linked to the TorrentInvites server IP, but it seems to me that they wouldn't be. I would think that they would be linked to the client's IP address.

Anyone want to clue me in on this one? I'm probably just being paranoid, but where have I gone wrong in my thinking?

yeh PoeJay ur quite right
i can assure that..

Originally Posted by Inviter

yeh PoeJay ur quite right
i can assure that..

Spam at its finest.


On-topic: Yes, as far as I know, the image gets downloaded straight to the user, so the user's IP is captured. This needs a confirmation from an admin though. The easiest solution is to reset the IP as often as possible, but you still have the risk of a match on your location, OS and browser, which are even easier to obtain.
More info on this: http://en.wikipedia.org/wiki/Web_bug

I think you are on the ball with this one

They can get your IP from any links off this site that they post, just like they can if you log into a tracker directly from this site

They will always try to be one step ahead of us, it is up to us to not let them get that far: )

How can we know you're not a spy posting that link? ._.

I know that the use of an Avatar can be limited to some user level. Maybe you could also limit the ability to embed images and use image banners. This might have another benificial effect of encouraging people to contribute to the forum discussions, since these extras would come after some reasonable amount of time in the forums/donating/etc. I remember seeing someone arguing the same for just the Avatars. But in this case it is not specifically to get people to contribute, but also to protect people from giving out the IP's. Of course, this won't completely prevent it, but it would make it much more difficult (no more sniper users jumping in and posting such cheap...would we call it a Trojan...kinda things).

Also, I suspect that there is some way (vBulletin setting) to warn people whenever they attempt to leave this site (through a link) to some external site. It might be a plugin, but it might also just be a simple setting. This way, even the unsuspecting noob (like myself) would get a reasonable warning that they might just be giving away their IP and risking a possible Tracker ban. This would at least help out with the embedded links.

My thinking is that some sales are getting tripped up by this type of stuff, and the more we can prevent it the better the sale will go (and we can avoid disputes that way). I mean, if the price for me to pay is to not be able to embed images then that seems pretty reasonable, I mean, it just protects me more for that limit to exist for all us newbs. Why wouldn't I want that?

Originally Posted by mafioso

How can we know you're not a spy posting that link? ._.

That's why you don't click on it. LOL

News users couldn't embed images and post links last time I checked. The best admin-side solution, in my opinion, is to only allow image hosting from 2 or 3 sites which don't capture the viewer IP's. This would probably solve all the embedding problems. A rule like this would probably be hard to enforce though.

Originally Posted by mafioso

How can we know you're not a spy posting that link? ._.

Absolutely...if anyone clicked on my links then you shouldn't have done that. In the other thread I said NOT to click on the link, but when I re-posted here I forgot to mention it. By the way, I notice that when you actually post the message it changes the URL to match the text. The preview doesn't do that. That definitely helps things. My example was supposed to show the HonestGuy URL text, but the actual link behind the text was supposed to go to somewhere else. The example worked in the preview, but not in the actual post. Which is good.

In any case, I am a newb with 45 posts and 2 reviews, you should NOT trust my links. So, why not prevent all people like me from embedding images, using Avatars, or using image banners? I'd be cool with that, and if it is explained why in the FAQ then I think most newbs would also be fine with that.

Originally Posted by seed

News users couldn't embed images and post links last time I checked...

I think that a person should probably have to have some reasonable number of positive feedback (5 maybe, 10?), have some reasonable number of posts (like 100, 200? more...I like 200, but who am I to say), have had an active account for some reasonable amount of time (logs in once a week maybe), and maybe even donated once (whats $5), before they should move out of the "New User" category. In any case, whatever you might call such a user with posts, feedback, etc., I think that up to that point (whatever it is) it might be best if they could not embed images, use image banners, or use avatars. Like me. I shouldn't be able to do those things, for my own sake. Once I get to some level where you all could possible trust me then maybe that is where I should be allowed to post images and such.

If you look in that "100 Numbers" thread. You will find all sorts of people that seem like you could only be describe as "New Users". I would describe myself as "New User", and there are people that have 11 posts, 0 feedback, and no donation that are posting images in that thread. Heck the creator of the thread (who was apparently banned) had a mere 27 posts, with a negative feedback. Maybe my terminology is wrong by saying "New User", but they are definitely "new something". Just like me, they are not really trusted forum users. That's all I meant by "New Users".

Keep in mind, this is not a limit because you are trying to show preference to one group of users over another. Not that such incentives are a bad thing, but in this case you are simply setting a limit to protect everyone. Its more of a beneficial limitation then a regular limitation. That is, its not like you are saying..."Oh you newbs, you are not privileged enough to post images". No, what you are saying is..."Hey newbs, we are going to help prevent spies from stealing your IP and using it to ban you from your torrents". As a newb all I can say to that is, "OK, thanks."