this post was submitted on 07 Dec 2023
82 points (98.8% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

53969 readers
835 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

💰 Please help cover server costs.

Ko-FiLiberapay

founded 1 year ago
MODERATORS
db0@lemmy.dbzer0.com
sunbrothersco@lemmy.dbzer0.com
dataprolet@lemmy.dbzer0.com
Flatworm7591@lemmy.dbzer0.com
RandomLegend@lemmy.dbzer0.com
82
Why don't nfo files contain a checksum for the release? (lemmy.dbzer0.com)
submitted 9 months ago by Yglorba@lemmy.dbzer0.com to c/piracy@lemmy.dbzer0.com
7 comments fedilink hide all child comments
 

I assume there's some historical reason for this, but currently, the way scene releases reach most people seems to consist of:

  1. Sites that track releases post the nfo file of the release; these sites generally don't provide the release itself.

  2. People then look for the release via various channels and download it.

Wouldn't it make sense for the nfo to contain the checksum of the actual release, letting pirates verify unmodified copies of it and making it easier to avoid versions that have been modified in various ways?

Obviously you'd still have to trust both the site where you got the NFO (and therefore the checksum) and the people who made the original release, but those are usually relatively trustworthy, being known people who have handled a lot of releases with no problems - a lot of the danger of viruses and the like in software piracy comes from the risk of middlemen adding something.

all 11 comments
sorted by: hot top controversial new old
[–] chewie@mammut.gogreenit.net 13 points 9 months ago (1 children)

@Yglorba

Good question. I guess people thought naively that .sfv files were enough, but of course that's not true.

Some .nfo files contain md5s for things, but that would be easily changeable.

It would have to be a cryptographic checksum, using something like GPG/PGP with a distributed fingerprint to be any good.

I've seen one or two over the years, but not as many as you'd expect for people that should be worried about security and image.

[–] liliumstar@lemmy.dbzer0.com 7 points 9 months ago

I've noticed some scene game/software releases have blake3 hashes now. That doesn't account for everything else, but I'd say it's a good step.

[–] WarmApplePieShrek@lemmy.dbzer0.com 2 points 9 months ago

The SFV file contains checksums.

[–] MonkderZweite@feddit.ch 1 points 9 months ago* (last edited 9 months ago) (1 children)

What is a .sfv file some mention here?