Hey everyone! 📚 I’m excited to introduce Bookracy, an open-source shadow library dedicated to preserving and freely sharing knowledge. With a large and growing collection, Bookracy is (annoying) ad-free, non-profit, and lightning-fast ⚡—plus, it’s fully open-source and powered by a passionate community. Whether you’re a reader, researcher, or developer, there’s a place for you here. Check out our Reddit, website, GitHub, and hop into our Discord to join the conversation and help grow this movement for open access! 🤝❤️
Note: Author requested permission to post this.
From the responses in this thread, it seems like OP is either a fed, or, much more likely, extremely inexperienced and naive when it comes to Opsec. At the very least, they are putting themselves at risk. Is it still advisable to leave this post up?
ty i forgot to clarify❤
Since you’re maintaining a subreddit, you might want to create a comm in lemmy as well. Reddit has already taken down other piracy subs like GenP
yeah sure a little help on getting started would be great but ill get to it
why github and not codeberg?
putting aside the obvious glowie talk someone else raised, you should really, really reconsider your opsec. And I mean, really. Using discord to communicate? And spamming Reddit, from a non-dedicated account, no less? Posting PII to justify downtimes? If this gets any traction at all, you’re in deep shit. There’s a good reason Anna is as anonymous as she is. Cat is out of the bag at this point, I’d recommend shutting it down. You could always continue developing the code for it, the frontend looks pretty good. But please, reconsider if you have the dedication and knowledge it takes to run a shadow library and not be caught.
I’d be more than a little interested to be pointed towards a guide, or even just a bullet point list, of good opsec considerations or tools for a project like this. I’ve got time and technical ability but don’t spend a lot of time thinking about these concerns. The last thing I want is to cause myself trouble I’m not ready for, but I’d like to make a significant contribution to the community, so I want to prepare adequately.
Any guides or lists you can think of?
Becoming a provider (on any significant scale) should be treated like a second job, at least. If you want to go the silent route, you need to completely separate your daily life from the illegal stuff. Obvious stuff, like no shared email- or other accounts, but even down to no shared browser sessions. The old fashioned way is a second laptop. If you want to make an impact and contribute to the community, consider seeding torrents for some of the existing shadow libraries. Anna’s Archive has about a petabyte of torrents that have less than three seeders, for example.
I can appreciate your concern and point of view, but I asked “so if I want to do this, how can I prepare to do it safely?” And your response was “just don’t, do this instead.” I can certainly seed, but that’s not what I’m aiming for. I am far more interested in creating systems and providing content. My time is…flexible. Suffice to say, the time concern is not going to be the roadblock.
You’re right, and I’m sorry if I came over as condescending. The thing is, with projects like these, you need to front load a lot of the safety concerns if you are going to be the one actually hosting the content. It’d be an easier entry to contribute to existing structures, staying more low-key and learning along the way. Many established projects are open-source and need programmers and hackers to help improve and secure their codebases, for example.
That said, if you wanted to start something of your own, I think Anna’s blog is a nice starting point, before you delve into the technical nitty-gritty:
https://annas-archive.org/blog/blog-how-to-become-a-pirate-archivist.html
https://annas-archive.org/blog/how-to-run-a-shadow-library.html
Then, for the actual hosting process, much depends on the stack you use. Never pay for anything in a way that can be traced, which basically only leaves cash or anonymous crypto like Monero. Don’t use any account names, emails, passwords, etc that you’ve ever used before. Never, ever go boasting to strangers, or even worse, friends, about what you’re doing. Do all the standard things of hardening your servers, but always plan around some or all of them being shut down it seized. Even “bulletproof hosting” providers get raided every once in a while. That means decentralization, and don’t put convenience over safety.
Now, while shadow libraries and other forms of media piracies certainly are sought-after targets, you’re likely not going to be anyone’s number one priority, while there’s still rings of child abusers and terrorists on the web. But once you reach a certain size, state actors will come after you, like they did after z-lib a while ago. I don’t have any comprehensive guides on Opsec (and I’m no expert on it, by any measure), but most of it boils down to common sense and keeping your mouth shut, anyways. Most people that get busted don’t have missed some technical vulnerability, but because they’ve talked about their illegal projects on accounts linked to their real name, or something similarly trivial.
our model is just like the old movie-web, we are open source and if we are DMCA’d then we will take it down but our mirrors will still be up but i understand the opsec point and may move from discord to signal
that’s good and all, but as it stands now, it seems almost guaranteed your PII will leak. Are you okay to never set foot into a country that extradites to the US again?
Are you saying there is a way to escape my student loa*s forever?
since its open source and the backend will be open source in the future (after i rewrite) i can still step away from the project and everything can be taken and hosted by a different person
that’s not how it works. the code and website may live on, but you are committing a crime right now (nothing wrong with that). If law enforcement comes after you, it won’t matter if you’ve ‘stepped away’ in the mean time. You can either go the route of Anna, keep very tight Opsec and make sure nothing seeps through the cracks. Or you go the way of Alexandra Elbakyan, make your piracy public, to make a point. That means you willingly accept never being able to travel anywhere that has enforced copyright laws. If you half-ass it somewhere in between, you will get caught, and you will face prison time or hefty fines (potentially millions). Are you aware of that?
Bookracy doesn’t exploit the copyrighted material for financial gain, unlike typical piracy websites that might sell access to pirated content or host popup / redirect ads for profit And for the part of me commiting a crime its always innocent until proven guilty - if it can be proven im storing the books fair play but weve taken precautions against that paying through crypto bulletproof servers ect
The publishers don’t care. They’re suing LibGen, scihub, etc nonetheless. Non-commercialism will not protect you. Crypto can be very traceable, it’s by definition an open ledger, and “bulletproof servers” is a term applied very broadly, often by dubious actors. Besides that, any Opsec is only as strong as the weakest link. You’re running a second domain via Namecheap, for fucks sake! Don’t take this lightly, this is not a game. A state actor could probably identify you within days. Are you ready for that?
My opsec doesn’t allow for any Russian projects at all
having a .ru domain is just precaution against takedowns - none of the devs are russian its just the west and russia dont get along so takedown requests for a .ru domain would be ignored by russia
Fair, at least as long as they’re not open-source
Tried downloading a book and it’s just giving an error saying it failed to download. Book name
God i norsk 1 - Tekstbok A1/A2 : norsk for voksne innvandrere
you can download the textbook here https://dl.bookracy.ru/download/8d4745279f239f2b7c8fac8d41d714e2/God i norsk 1 .pdf
thanks for the heads up about the bug ill fix it asap content is still being torrented and another 1mill books will be added to the collection in a few days so for larger files like these it may be in that collection
This is giving me Fed vibes
i can assure you this isnt a fed op lmao. idk how i can convince you maybe check out the github and check out the devs? some devs are from other big projects like movie-web ect that got taken down.
plus downloads arent hidden behind registration, and we are addnig accounts in the future but its going to be mullvad style - a 12 digit unique identifier so privacy wise theres nothing tying you to the downloads except your ip, which we also dont save so you are fine
Probably because you use a lot of proprietary platforms like discord, reddit, github, twitter and you have apparently very bad opsec. If someone would do something illegal, they wouldnt be so careless about it. Thats the assumption probabyl
our whole model is to be easily self hostable and open source - just like movie-web (who had devs openly showing their names and faces ect in their github profiles) as for my bad opsec im just a hobbyist developer who is contributing to an open source project for fun - nothing else can be proven
This thread alone would likely prove enough already.
Looks cool. I will take a look when the backend is open sourced for sure. Prep for some tough times legally if you continue to use those centralized social platforms.
Fed as in?
I’m new to Lenny and wouldn’t mind learning the lingo.
Federal agent.
I think they means it’s a federal operation, a honey pot for a government to crack down on piracy.
In the piracy world, “fed” is short for Federal Bureau of Investigation police officer.
Thanks, this sounds like a great project! Also, glad dbzer0 was your choice of a community :)
Is there an rogue date where you’ll release it to be open source?
Also, seeing you mentioned ad-free, i’m curious about this.
i meant annoying ad free as in no redirect or popup ads - we still need a way to fund the project since donations are scarce
Understandable, apologies if it sounded like i found it annoying; i prefer it like this anyway :) was just curious about that point.
Thanks again for this great project!
nah no worries i just realised i might have come off as hostile lmao 😁 ty for the support
btw the frontend is all open source - the backend will be open source in a month or two after the reqwrite
Being “private” and having a discord is like an oxymoron.
I only see a front end on GitHub. Is this just a libgen mirror?
No its not a libgen mirror - we have our own collections and are torrenting from libgen + zlib aswell - and backend is going to be open sourced in the future once its finished and ready - right now the code is very janky and im too embarassed to release it lol. Theres still alot of additions to do to the backend and once that is done I will release.
We also have a telegram and signal group - the discord was just for my existing community who are primarily discord users aswell
The backend is so janky that you are embarrassed to release it? I’m all for free knowledge but that is concerning.
Revolt.chat is a really solid alternative to Discord
Revolt.chat
ill check it out ty for the suggestion
Bit gross that it’s a RU domain though
there is a .org domain and a few other mirrors go check out https://rentry.co/bookracy the .ru domain is just us taking precautions against a takedown request
Why?
You really have to ask?
I was an idiot and read it as .ro for Romania. Of course I know about Russia and the war.
Still I also wouldn’t comment on people posting .com-links, even though the US are fighting endless illegal wars for decades and the president is wrecking democracy for a police state..com is not the cctld for the us, that would be .us
I know right.
I do not, care to explain?
im so lost…
.ru was for precautions against DMCA and the russian federation thing on github was just jokes because we had a ru domain
And why is it a problem to have a ru domain? Or is it just a russia bad thing?
well idrk im guessing some people have political reasons to dislike russia
Looks like the GitHub also has its location set to Russian Federation too. 👀
lmaoo that was just for jokes - most of us are from western countries
I see you share Elon Musk’s sense of “humour”.
A lot of pirated content sites are Russian. This just feels ignorant or racist.
btw you say “ad free” but I can see an ad in the home
Regarding the download speeds etc, also Anna’s archive was faster time ago but then the more you grow the more you have to take care
So my question is, are there any plans for scaling?
i said annoying ad-free i should have clarified i meant no popup or redirect ads - and yes there are plans for scaling and we have a few different services like you saw sponsoring the project aswell
For your sake, I’d strongly recommend not monetizing the site at all. Publishers will come after you if you make any sort of profit from the site especially if you’re located in a western country.
That’s one of the main reasons Nintendo took action against Yuzu - they were making a lot of money from Patreon.
we arent monetizing the site - we still need a way to fund the project and snowcore have kindly agreed to give use a bulletproof server that we use for caching and proxying between our storage server
all money ever donated or gained is invested back into the project - we arent making anything
people are giving you way too much grief about other things, but you are most definitely monetizing the site.
ive made nothing from the advertisement on the home page - instead we were donated a server by snowcore to act as our proxy and caching server. No monetary gain has come from the advertisement and the storage server is paid out of pocket since we havent gotten much donations yet
my mistake. carry on.
Saw some good engineering textbooks on there too. Great job.
🖖 ty
Based. I’ll check it out and see if I can be of help on the development front. Been meaning to learn typescript
tysm we’ve got alot on the roadmap and are in need of devs
Is there any Upside over NexusSTC?
Is it decentralised?Is there any Upside over NexusSTC? Is it decentralised? bookracy has faster and unlimited downloads, lack of popup/redirect ads, and a more active community. also from my knowledge NexusSTC is more academic content whereas bookracy has more of a range of content
also no Bookracy is not decentralised - it operates on centralized servers much like LibGen ect. This means that while it’s open-source and community-driven, our infrastructure still relies on traditional hosting, which can be vulnerable to takedowns or disruptions. However we’ve taken precautions for this and have a bulletproof proxy server which also caches inbetween the storage server and client
If it’s not decentralized then it’s vulnerable to takedowns. Why not decentralize it?
only the frontend is vunerable to takedowns - our backend server is proxied thro a bulletproof hosting provider (our sponsor snowcore) masking the ip of the storage server thus making it not vunerable to takedowns
decentralisation isnt the only way to be immune to takedowns theres many more but i get your point
Will you also share your collections via Torrents like LibGen and ZLib or contribute back to them?
yep im planning on setting up an ipfs node and torrents for our own collections are planned for the future
Awesome!
No thanksi didnt kno this would cause so much backlash 😭 we only set it as russian federation as jokes i can change it to north korea if you want it doesnt mean the project is from there
also anyone can register .ru domains, i got mine from cheapprivacy.ru where i paid in crypto - an .ru domain along with .su and .to are one of the best domains for piracy since they are very lax and ignore most takedown requests
If you’re afraid of websites hosted in Russia, I have bad news for you regarding piracy.
They can ignore US copyright laws there.
Russia is one of the key destinations for piracy because of lenient laws and even more lenient police practice regarding it.
All states are the enemy, borders are spooks, seek allies worldwide. Borders are not real, the imaginary scars of the owner class, erase them all.
Talk to Ukraine about borders
What’s happening in Ukraine sucks
That doesn’t contradict the sentiment that borders are generally arbitrary lines designed to divide us.
Using a Russian sure to get free books doesn’t hurt Ukraine unless these are all like infected with Russian turbo malware or something
And why a Twitter account?
the twitter was made by someone else on my team and isnt even used anymore
Not familiar with this. Does it mean that it’s Russian operated?
no having a .ru domain is just precaution for takedown requests - ive been in the piracy game for quite a while and the tld’s that are normally immune to takedown requests are .su .ru .to and .li I didnt know having a .ru domain would be this controversial and the github is only set to russian federation because of the .ru domain we have - if you check all the devs the times they are awake would all me western times
