[binaryturtle]

If you flip the "private" flag it would change the infohash of the torrent. The "private" flag is part of the info block in the torrent file's data. With an infohash mismatch between the two peers no download would happen.

Obviously after a non-compliant party to the transfer has fully downloaded the file(s) it can do whatever it wants with it afterwards… flip any flags and share via DHT, etc.

I recently shared some —more or less— private data to someone else via BitTorrent. We just used DHT for convenience. It took like 15 minutes for other random peers to pop into the transfer. All of those random peers just fetched the meta data. And indeed, a check on btdig confirmed the whole metadata (file names, file sizes, etc.) leaked. So there's a lot of DHT network scanning going on for sure. It was rather fascinating. No actual data was downloaded/leaked at least.

[boramalper]

> So there's a lot of DHT network scanning going on for sure.

There is an entire category of free software whose purpose is to create an index of the DHT network. :) The idea is to allow users to find and search for torrents in a completely decentralised manner (i.e. without relying on any centralised trackers or search engines).[1] A good example is bitmagnet[0].

[0] https://bitmagnet.io/

[1] With the added benefit of greater resilience, as centralised "chokepoints" are often the primary and only targets of takedowns.

[pessimizer]

> So there's a lot of DHT network scanning going on for sure.

How else would btdig (and others) fill their index?

The standard solution is to compress what you're sending with 7zip, with a password.

> No actual data was downloaded/leaked at least.

I've had randos download the data before the intended recipient figured out how to open a port.

[cassepipe]

IIUC you are basically saying that when you start giving a file to someone they can do whatever to the file but does it mean they have to create another torrent or can they keep using the already existing sharing network of peers ?