🆕 Software Suggestion | Tribler, an anonymous Bittorrent client #1687
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1687
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Basic Information
Name: Tribler
Category: File sharing
URL: https://www.tribler.org/ (sourcecode)
Description
Tribler is a Bittorrent client with an integrated DHT and search engine. Tor-like onion routing and end-to-end encryption can be enabled to allow for anonymous downloads (including of non-anonymous torrents).
Why I am making the suggestion
It looks like a mature Bittorrent client, with serious thoughts on the architecture and particularly the tor-like onion routing to anonymize the downloads (specification here). It also has end-to-end encryption. It was made in 2007 by researchers at the Delft University of Technology. They are still working on it, particularly to make it even further anonymous as part of the "Perfect Darknet" roadmap (progress can be tracked here).
I have tested it and it works quite well, download speed is of course less than other clients, but given the anonymity layer it's suprisingly fast (speed connection is decreased by about 2 in my experience).
For the anecdote, Tribler was the basis of a 14 millions euros grant to a startup named P2P-Next to build a web standard for TV streaming in 2008, but it never came to fruition (they ran away with the money?). I am not stating that there was any link between P2P-Next and Tribler, other than P2P-Next using Tribler's technology as the basis of their project.
My connection with the software
No connection, I used it a few times, I find it very interesting.
Thanks for qB link, I thought only Vuze supported I2P, that's interesting.
About the "Discussion" and reports of Tribler automatically using the user's computer as a tor-like exit node, this seems to have been fixed since it's now an option and disabled by default.
About the cryptography criticisms, maybe the current maintainers @egbertbouman or @devos50 can tell us their opinions?
BTW the default setting is not really anonymous, it needs to be increased from 1 hop to 2 hops. Not a deal breaker to me as all other BT clients use non-anonymous settings by default, but if Tribler is ever added, this needs to be in a warning label I think.
Tribler developer here.
We are not using I2P but a custom Tor-like onion routing protocol, based on UDP. We can open multiple tunnels to distinct exit nodes at the same time and download through them. Tribler also supports anonymous seeding (similar to hidden services in Tor), although that part of our software is still being evaluated.
There was a version in the Tribler 6.x series where exit node functionality was enabled by default if you would click yes on a start-up prompt. This has been fixed a long time ago already. It should not be easy for a user to run an exit node accidentally.
1-hop downloads provide basic anonymity but no strong protection against large-scale adversarial parties like governments. The issues raised in the linked security audit has been fixed shortly after it has been posted.
Quote from our website: "Tribler does not protect you against spooks and government agencies. We are a torrent client and aim to protect you against lawyer-based attacks and censorship. With help from many volunteers we are continuously evolving and improving."
I think @egbertbouman can provide more details on the cryptographic details, if necessary.
I am not entirely certain on listing Tribler, but my suggestion would be:
If I have understood correctly, Tribler only makes downloading easy and not the actual sharing and everything Tor/I2P like is currently in self-contained networks e.g. RetroShare.
I'm gonna try it today and see how it works, to me it deserves to be listed but it would be good to hear a bit about the cryptographic details.
By default, everything you download is going through our exit nodes. Once the download is completed, Tribler will create a hidden service used for seeding the download over end-2-end encrypted circuits. In both cases the anonymity is provided by our own (self-contained) network.
Regarding the cryptographic algorithms we're using. Currently, we are using Curve25519-based ECDH for key agreement, and AES-GCM-128 for encryption. The protocol itself can be found here.
Note that our Wiki needs updating, but most of the basic protocol remains the same. We plan on updating the docs in the upcoming weeks.
What is the procedure for sharing something through Tribler and will it be private/anonymous? Can other unauthorized people access the content?
Why was the choice made to only use your exit nodes btw?
The communication when sharing content in the Tribler network (by adding torrents to your channel) is not through our anonymous overlay. This is a deliberate decision since we want a basic level of accountability for this operation, given the kind of content we sometimes observe in the network.
With unauthorised, I assume you mean non-anonymous? Then the answer is yes.
I assume this question asks why we built our own custom protocol? The onion routing overlay originates from the thesis from work from two master students and has undergone several refactoring cycles since then. One can argue that we could also use Tor to route libtorrent traffic, but that is not very efficient. One of our design goals is to make our onion routing overlay performant enough to allow for VoD streaming. I'm not sure why I2P has not been considered as an option for onion routing.
So there is no way to anonymously seed from Tribler? If that's so I am a bit disappointed as I thought this was one of the main purposes...
If I understand well, Tribler allows for anonymous downloads, but not uploads, right?
Anonymous seeding is one of the main functionalities of Tribler. To do so, it uses a protocol similar to hidden services in Tor, therefore protecting the identity of the seeder (and downloader). The documentation for this protocol can be found here.
In the question of @Mikaela I assumed that 'sharing content' means publishing content in a channel in Tribler. This is not anonymous.
I don't think Tribler would qualify in file sharing then, but maybe worth mentioning in self-contained networks as I said previously. Thoughts @privacytoolsIO/content ?
I mean like if I want to share family photos between family members, can anyone else than people whom I share the content to access it? But I take it that everything shared is shared publicly like with IPFS.
@CHEF-KOCH
I checked the criteria and they all fit, could you please clarify more precisely what points you think are problematic?
Anonymous downloads and seeding is one checkbox to click. How is that not simpler than other solutions?
Your accusations are not cool, I am the one who opened the PR, they kindly answered our questions on my invitation. I remind you that as I have stated above I have no link whatsoever to the software, and my github history (and my virtual/real identity linked to this login and name) can attest.
The only "bad" default setting is that it's not anonymous by default. PTIO has lots of softwares where anonymity is an option (or do not have such an option at all). Is that a point for rejection? If that is the case, this should be specified in the document you linked above. If you are talking about another setting, please clarify which one please (will also be useful for the devs to fix it!).
Please read the replies above, and the linked specification if you want more details (that I have linked also in my opening post). It's NOT the Tor network. Tor does not allow P2P downloads (it may work but it's highly frowned upon). Also, Tribler could not achieve such speed optimizations with the Tor network. It's a Tor-like network, founded on Tor architecture, but it's not using Tor, and it has modifications (such as speed modifications, with more to come) if I understood correctly.
@Mikaela Tribler has two mechanisms to seed/share files:
the normal Bittorrent way of making a seed that you can share then with a magnet link, so only people with the magnet can have access (if you don't announce your magnet link/torrent file on any tracker). This also has the advantage of optionally be anonymous through their Tor-like network, for both the seeder and downloader.
the internal channels feature, which is kind of an integrated tracker inside Tribler, allows fast decentralized search. This is public and non anonymous, cannot use the Tor-like network (at least on the seeder side) by design.
That said, I see what you mean about the category, if File Sharing is meant for sharing private files between family members, Tribler can do that but is not the best fit, it's more to share files in a wider community IMO or for big files (as an alternative to OnionShare for example). I agree it can be a good fit in Self-Contained Networks, it's a bit similar to Retroshare and with some similar (but more limited) community features such as the channels.
Interesting, in the email notification from Github, your reply was truncated and only the last sentence was shown @CHEF-KOCH , luckily I prefer to reply on github directly when I'm not on the move.
Thank you for sharing your sense of contempt. But constructive criticism would be more useful (or ask for clarifications).
It's not because something is possible that it is allowed. Specifically, this info came from Vuze bridge with Tor tutorial:
They say the source is "indicated below", but I could not find it. I tried to track it down, and I think the info comes from this document from Tor blog: Performance Improvements on Tor or, Why Tor is slow and what we’re going to do about it, Dingledine & Murdoch, 2009.
More specifically, I think it comes from subsection 2.2 Throttle certain protocols at exits, which shows they considered this approach, but did not deem it adequate.
In any case, Tor developers clearly stated they strongly discourage usage of Bittorrent on their network. I would consider this "disallowed", but you may have a different conception of consent and allowance.
Yes, that's exactly why Tribbler is a good option, because it was built from the ground up to use a self-contained network and hence avoid leakages as much as possible, which is a better design compared to other clients with a proxy feature as an afterthought, and hence this software suggestion.
Researchers found that data leakage from bittorrent clients was a real issue which circumvented Tor proxying (summary here by Tor developers). VPN is good too, but your argument is certainly not negative for Tribler, if anything, it's a positive case.
I wrote the following statement in the first message of this software suggestion issue:
Does this sound like I "defend" the software because I "like" it? I'm not even using bittorrent on a day-to-day basis. I have read the specifications and think this software, made by established researchers in p2p technologies, is interesting and could benefit other users seeking more privacy.