🆕 Software Suggestion | Tribler, an anonymous Bittorrent client

[lrq3000]

Basic Information

Name: Tribler
Category: File sharing
URL: https://www.tribler.org/ (sourcecode)

Description

Tribler is a Bittorrent client with an integrated DHT and search engine. Tor-like onion routing and end-to-end encryption can be enabled to allow for anonymous downloads (including of non-anonymous torrents).

Why I am making the suggestion

It looks like a mature Bittorrent client, with serious thoughts on the architecture and particularly the tor-like onion routing to anonymize the downloads (specification here). It also has end-to-end encryption. It was made in 2007 by researchers at the Delft University of Technology. They are still working on it, particularly to make it even further anonymous as part of the "Perfect Darknet" roadmap (progress can be tracked here).

I have tested it and it works quite well, download speed is of course less than other clients, but given the anonymity layer it's suprisingly fast (speed connection is decreased by about 2 in my experience).

For the anecdote, Tribler was the basis of a 14 millions euros grant to a startup named P2P-Next to build a web standard for TV streaming in 2008, but it never came to fruition (they ran away with the money?). I am not stating that there was any link between P2P-Next and Tribler, other than P2P-Next using Tribler's technology as the basis of their project.

My connection with the software

No connection, I used it a few times, I find it very interesting.

•  I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

[lrq3000]

Thanks for qB link, I thought only Vuze supported I2P, that's interesting.

About the "Discussion" and reports of Tribler automatically using the user's computer as a tor-like exit node, this seems to have been fixed since it's now an option and disabled by default.

About the cryptography criticisms, maybe the current maintainers @egbertbouman or @devos50 can tell us their opinions?

[lrq3000]

BTW the default setting is not really anonymous, it needs to be increased from 1 hop to 2 hops. Not a deal breaker to me as all other BT clients use non-anonymous settings by default, but if Tribler is ever added, this needs to be in a warning label I think.

[devos50]

Tribler developer here.

Thanks for qB link, I thought only Vuze supported I2P, that's interesting.

We are not using I2P but a custom Tor-like onion routing protocol, based on UDP. We can open multiple tunnels to distinct exit nodes at the same time and download through them. Tribler also supports anonymous seeding (similar to hidden services in Tor), although that part of our software is still being evaluated.

About the "Discussion" and reports of Tribler automatically using the user's computer as a tor-like exit node, this seems to have been fixed since it's now an option and disabled by default.

There was a version in the Tribler 6.x series where exit node functionality was enabled by default if you would click yes on a start-up prompt. This has been fixed a long time ago already. It should not be easy for a user to run an exit node accidentally.

BTW the default setting is not really anonymous, it needs to be increased from 1 hop to 2 hops. Not a deal breaker to me as all other BT clients use non-anonymous settings by default, but if Tribler is ever added, this needs to be in a warning label I think.

1-hop downloads provide basic anonymity but no strong protection against large-scale adversarial parties like governments. The issues raised in the linked security audit has been fixed shortly after it has been posted.

Quote from our website: "Tribler does not protect you against spooks and government agencies. We are a torrent client and aim to protect you against lawyer-based attacks and censorship. With help from many volunteers we are continuously evolving and improving."

I think @egbertbouman can provide more details on the cryptographic details, if necessary.

[Mikaela]

I am not entirely certain on listing Tribler, but my suggestion would be:

• worth mentioning in self-contained networks with the warning.
• tell file sharing worth mentioning to also check self-contained networks.

If I have understood correctly, Tribler only makes downloading easy and not the actual sharing and everything Tor/I2P like is currently in self-contained networks e.g. RetroShare.

[ian-tedesco]

I'm gonna try it today and see how it works, to me it deserves to be listed but it would be good to hear a bit about the cryptographic details.

[egbertbouman]

If I have understood correctly, Tribler only makes downloading easy and not the actual sharing and everything Tor/I2P like is currently in self-contained networks e.g. RetroShare.

By default, everything you download is going through our exit nodes. Once the download is completed, Tribler will create a hidden service used for seeding the download over end-2-end encrypted circuits. In both cases the anonymity is provided by our own (self-contained) network.

Regarding the cryptographic algorithms we're using. Currently, we are using Curve25519-based ECDH for key agreement, and AES-GCM-128 for encryption. The protocol itself can be found here.

Note that our Wiki needs updating, but most of the basic protocol remains the same. We plan on updating the docs in the upcoming weeks.

[Mikaela]

What is the procedure for sharing something through Tribler and will it be private/anonymous? Can other unauthorized people access the content?

[blacklight447]

Why was the choice made to only use your exit nodes btw?

[devos50]

What is the procedure for sharing something through Tribler and will it be private/anonymous?

The communication when sharing content in the Tribler network (by adding torrents to your channel) is not through our anonymous overlay. This is a deliberate decision since we want a basic level of accountability for this operation, given the kind of content we sometimes observe in the network.

Can other unauthorized people access the content?

With unauthorised, I assume you mean non-anonymous? Then the answer is yes.

Why was the choice made to only use your exit nodes btw?

I assume this question asks why we built our own custom protocol? The onion routing overlay originates from the thesis from work from two master students and has undergone several refactoring cycles since then. One can argue that we could also use Tor to route libtorrent traffic, but that is not very efficient. One of our design goals is to make our onion routing overlay performant enough to allow for VoD streaming. I'm not sure why I2P has not been considered as an option for onion routing.

[lrq3000]

The communication when sharing content in the Tribler network (by adding torrents to your channel) is not through our anonymous overlay. This is a deliberate decision since we want a basic level of accountability for this operation, given the kind of content we sometimes observe in the network.

So there is no way to anonymously seed from Tribler? If that's so I am a bit disappointed as I thought this was one of the main purposes...

If I understand well, Tribler allows for anonymous downloads, but not uploads, right?

[devos50]

So there is no way to anonymously seed from Tribler?

Anonymous seeding is one of the main functionalities of Tribler. To do so, it uses a protocol similar to hidden services in Tor, therefore protecting the identity of the seeder (and downloader). The documentation for this protocol can be found here.

In the question of @Mikaela I assumed that 'sharing content' means publishing content in a channel in Tribler. This is not anonymous.

[Mikaela]

What is the procedure for sharing something through Tribler and will it be private/anonymous?

The communication when sharing content in the Tribler network (by adding torrents to your channel) is not through our anonymous overlay. This is a deliberate decision since we want a basic level of accountability for this operation, given the kind of content we sometimes observe in the network.

I don't think Tribler would qualify in file sharing then, but maybe worth mentioning in self-contained networks as I said previously. Thoughts @privacytoolsIO/content ?

Can other unauthorized people access the content?

With unauthorised, I assume you mean non-anonymous? Then the answer is yes.

I mean like if I want to share family photos between family members, can anyone else than people whom I share the content to access it? But I take it that everything shared is shared publicly like with IPFS.