🆕 Software Suggestion | Tribler, an anonymous Bittorrent client

[lrq3000]

Basic Information

Name: Tribler
Category: File sharing
URL: https://www.tribler.org/ (sourcecode)

Description

Tribler is a Bittorrent client with an integrated DHT and search engine. Tor-like onion routing and end-to-end encryption can be enabled to allow for anonymous downloads (including of non-anonymous torrents).

Why I am making the suggestion

It looks like a mature Bittorrent client, with serious thoughts on the architecture and particularly the tor-like onion routing to anonymize the downloads (specification here). It also has end-to-end encryption. It was made in 2007 by researchers at the Delft University of Technology. They are still working on it, particularly to make it even further anonymous as part of the "Perfect Darknet" roadmap (progress can be tracked here).

I have tested it and it works quite well, download speed is of course less than other clients, but given the anonymity layer it's suprisingly fast (speed connection is decreased by about 2 in my experience).

For the anecdote, Tribler was the basis of a 14 millions euros grant to a startup named P2P-Next to build a web standard for TV streaming in 2008, but it never came to fruition (they ran away with the money?). I am not stating that there was any link between P2P-Next and Tribler, other than P2P-Next using Tribler's technology as the basis of their project.

My connection with the software

No connection, I used it a few times, I find it very interesting.

•  I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.

[lrq3000]

Thanks for qB link, I thought only Vuze supported I2P, that's interesting.

About the "Discussion" and reports of Tribler automatically using the user's computer as a tor-like exit node, this seems to have been fixed since it's now an option and disabled by default.

About the cryptography criticisms, maybe the current maintainers @egbertbouman or @devos50 can tell us their opinions?

[lrq3000]

BTW the default setting is not really anonymous, it needs to be increased from 1 hop to 2 hops. Not a deal breaker to me as all other BT clients use non-anonymous settings by default, but if Tribler is ever added, this needs to be in a warning label I think.

[devos50]

Tribler developer here.

Thanks for qB link, I thought only Vuze supported I2P, that's interesting.

We are not using I2P but a custom Tor-like onion routing protocol, based on UDP. We can open multiple tunnels to distinct exit nodes at the same time and download through them. Tribler also supports anonymous seeding (similar to hidden services in Tor), although that part of our software is still being evaluated.

About the "Discussion" and reports of Tribler automatically using the user's computer as a tor-like exit node, this seems to have been fixed since it's now an option and disabled by default.

There was a version in the Tribler 6.x series where exit node functionality was enabled by default if you would click yes on a start-up prompt. This has been fixed a long time ago already. It should not be easy for a user to run an exit node accidentally.

BTW the default setting is not really anonymous, it needs to be increased from 1 hop to 2 hops. Not a deal breaker to me as all other BT clients use non-anonymous settings by default, but if Tribler is ever added, this needs to be in a warning label I think.

1-hop downloads provide basic anonymity but no strong protection against large-scale adversarial parties like governments. The issues raised in the linked security audit has been fixed shortly after it has been posted.

Quote from our website: "Tribler does not protect you against spooks and government agencies. We are a torrent client and aim to protect you against lawyer-based attacks and censorship. With help from many volunteers we are continuously evolving and improving."

I think @egbertbouman can provide more details on the cryptographic details, if necessary.

[Mikaela]

I am not entirely certain on listing Tribler, but my suggestion would be:

• worth mentioning in self-contained networks with the warning.
• tell file sharing worth mentioning to also check self-contained networks.

If I have understood correctly, Tribler only makes downloading easy and not the actual sharing and everything Tor/I2P like is currently in self-contained networks e.g. RetroShare.

[ian-tedesco]

I'm gonna try it today and see how it works, to me it deserves to be listed but it would be good to hear a bit about the cryptographic details.

[egbertbouman]

If I have understood correctly, Tribler only makes downloading easy and not the actual sharing and everything Tor/I2P like is currently in self-contained networks e.g. RetroShare.

By default, everything you download is going through our exit nodes. Once the download is completed, Tribler will create a hidden service used for seeding the download over end-2-end encrypted circuits. In both cases the anonymity is provided by our own (self-contained) network.

Regarding the cryptographic algorithms we're using. Currently, we are using Curve25519-based ECDH for key agreement, and AES-GCM-128 for encryption. The protocol itself can be found here.

Note that our Wiki needs updating, but most of the basic protocol remains the same. We plan on updating the docs in the upcoming weeks.

[Mikaela]

What is the procedure for sharing something through Tribler and will it be private/anonymous? Can other unauthorized people access the content?

[blacklight447]

Why was the choice made to only use your exit nodes btw?

[devos50]

What is the procedure for sharing something through Tribler and will it be private/anonymous?

The communication when sharing content in the Tribler network (by adding torrents to your channel) is not through our anonymous overlay. This is a deliberate decision since we want a basic level of accountability for this operation, given the kind of content we sometimes observe in the network.

Can other unauthorized people access the content?

With unauthorised, I assume you mean non-anonymous? Then the answer is yes.

Why was the choice made to only use your exit nodes btw?

I assume this question asks why we built our own custom protocol? The onion routing overlay originates from the thesis from work from two master students and has undergone several refactoring cycles since then. One can argue that we could also use Tor to route libtorrent traffic, but that is not very efficient. One of our design goals is to make our onion routing overlay performant enough to allow for VoD streaming. I'm not sure why I2P has not been considered as an option for onion routing.

[lrq3000]

The communication when sharing content in the Tribler network (by adding torrents to your channel) is not through our anonymous overlay. This is a deliberate decision since we want a basic level of accountability for this operation, given the kind of content we sometimes observe in the network.

So there is no way to anonymously seed from Tribler? If that's so I am a bit disappointed as I thought this was one of the main purposes...

If I understand well, Tribler allows for anonymous downloads, but not uploads, right?

[devos50]

So there is no way to anonymously seed from Tribler?

Anonymous seeding is one of the main functionalities of Tribler. To do so, it uses a protocol similar to hidden services in Tor, therefore protecting the identity of the seeder (and downloader). The documentation for this protocol can be found here.

In the question of @Mikaela I assumed that 'sharing content' means publishing content in a channel in Tribler. This is not anonymous.

[Mikaela]

What is the procedure for sharing something through Tribler and will it be private/anonymous?

The communication when sharing content in the Tribler network (by adding torrents to your channel) is not through our anonymous overlay. This is a deliberate decision since we want a basic level of accountability for this operation, given the kind of content we sometimes observe in the network.

I don't think Tribler would qualify in file sharing then, but maybe worth mentioning in self-contained networks as I said previously. Thoughts @privacytoolsIO/content ?

Can other unauthorized people access the content?

With unauthorised, I assume you mean non-anonymous? Then the answer is yes.

I mean like if I want to share family photos between family members, can anyone else than people whom I share the content to access it? But I take it that everything shared is shared publicly like with IPFS.

[lrq3000]

@CHEF-KOCH

I do not see how the software comply with the software criteria.

I checked the criteria and they all fit, could you please clarify more precisely what points you think are problematic?

• It's not easier to use (especially not for beginners) than the existent solutions.

Anonymous downloads and seeding is one checkbox to click. How is that not simpler than other solutions?

• The default settings are considerable "not good enough", instead that the developer addresses it, he now uses PTIO as marketing platform to promote and defend the product. Since "usability is most important", I see no other solution than addressing it directly in the software. Less talk more action, just change it, no discussions. Do not get me wrong, I also judge every other client to not use the maximum possible "privacy settings" by default.

Your accusations are not cool, I am the one who opened the PR, they kindly answered our questions on my invitation. I remind you that as I have stated above I have no link whatsoever to the software, and my github history (and my virtual/real identity linked to this login and name) can attest.

The only "bad" default setting is that it's not anonymous by default. PTIO has lots of softwares where anonymity is an option (or do not have such an option at all). Is that a point for rejection? If that is the case, this should be specified in the document you linked above. If you are talking about another setting, please clarify which one please (will also be useful for the devs to fix it!).

• The upper layer is Tor which you can combine with every torrent client if you tunnel the traffic trough the exit node, this requires even more configuration. This makes the program not more secure nor does it someone provided any "benchmark" how this influences speed/security. That "tor" is more secure is based up on speculations, there are a bunches of scenarios which I can link which shows that Tor network is more infiltrated as well as compromised. Assuming that a normal "privacy" user already uses or "need" an VPN there will be no extra security layer added.

Please read the replies above, and the linked specification if you want more details (that I have linked also in my opening post). It's NOT the Tor network. Tor does not allow P2P downloads (it may work but it's highly frowned upon). Also, Tribler could not achieve such speed optimizations with the Tor network. It's a Tor-like network, founded on Tor architecture, but it's not using Tor, and it has modifications (such as speed modifications, with more to come) if I understood correctly.

[lrq3000]

@Mikaela Tribler has two mechanisms to seed/share files:

• the normal Bittorrent way of making a seed that you can share then with a magnet link, so only people with the magnet can have access (if you don't announce your magnet link/torrent file on any tracker). This also has the advantage of optionally be anonymous through their Tor-like network, for both the seeder and downloader.

• the internal channels feature, which is kind of an integrated tracker inside Tribler, allows fast decentralized search. This is public and non anonymous, cannot use the Tor-like network (at least on the seeder side) by design.

That said, I see what you mean about the category, if File Sharing is meant for sharing private files between family members, Tribler can do that but is not the best fit, it's more to share files in a wider community IMO or for big files (as an alternative to OnionShare for example). I agree it can be a good fit in Self-Contained Networks, it's a bit similar to Retroshare and with some similar (but more limited) community features such as the channels.

[lrq3000]

Interesting, in the email notification from Github, your reply was truncated and only the last sentence was shown @CHEF-KOCH , luckily I prefer to reply on github directly when I'm not on the move.

Tor does not allow P2P downloads

I'm out of the discussion when I read that. It's incorrect and wrong on so many levels.

Thank you for sharing your sense of contempt. But constructive criticism would be more useful (or ask for clarifications).

It's not because something is possible that it is allowed. Specifically, this info came from Vuze bridge with Tor tutorial:

Even though this has been said elsewhere, PLEASE don?t run peer-to-peer download data through Tor as it can?t handle the network traffic. If people continue to do this then Tor will start banning such traffic which will badly impact legitimate use (as indicated below).

They say the source is "indicated below", but I could not find it. I tried to track it down, and I think the info comes from this document from Tor blog: Performance Improvements on Tor or, Why Tor is slow and what we’re going to do about it, Dingledine & Murdoch, 2009.

More specifically, I think it comes from subsection 2.2 Throttle certain protocols at exits, which shows they considered this approach, but did not deem it adequate.

In any case, Tor developers clearly stated they strongly discourage usage of Bittorrent on their network. I would consider this "disallowed", but you may have a different conception of consent and allowance.

It does not offer anything new to the listed programs nor does the security layer has any improvements over client + VPN (because a client could leak and fail or has some holes while the VPN is "harder" to bypass/exploit compared to the software itself).

Yes, that's exactly why Tribbler is a good option, because it was built from the ground up to use a self-contained network and hence avoid leakages as much as possible, which is a better design compared to other clients with a proxy feature as an afterthought, and hence this software suggestion.

Researchers found that data leakage from bittorrent clients was a real issue which circumvented Tor proxying (summary here by Tor developers). VPN is good too, but your argument is certainly not negative for Tribler, if anything, it's a positive case.

I have no link whatsoever to the software.

Defending software because you "like" it on PTIO is serisouly the wrong way. The best software should be listed and not the most popular one or the one which "everone uses".

I wrote the following statement in the first message of this software suggestion issue:

No connection, I used it a few times, I find it very interesting.

Does this sound like I "defend" the software because I "like" it? I'm not even using bittorrent on a day-to-day basis. I have read the specifications and think this software, made by established researchers in p2p technologies, is interesting and could benefit other users seeking more privacy.