Tribler (decentralized TOR like torrent network)

[proxx]

http://www.tribler.org/

Quite interesting project, not sure why I didnt see this before.
I have not tried it but probably will soon , will post the results.

Personally wouldnt mind trading speed for ISP snooping(and others).
Can imagine it being 'slowish' due to the overhead.

[d4rkcat]

proxx, why are you in my computer/mind?
I was JUST looking at this on https://www.reddit.com/r/HackBloc
Its ok if your hacking me or a soviet psy-spy just admit it please.

Jokes aside, this does look really cool.
It does have alot of issues though, early days.
I'll be keeping my eye on it.

https://github.com/Tribler/tribler

[Axon]

The website states "We do NOT use the normal Tor network, but created a dedicated Tor-like onion routing network exclusively for torrent downloading". Interesting? Have a cookie, it's on the house 

[proxx]

proxx, why are you in my computer/mind?
I was JUST looking at this on https://www.reddit.com/r/HackBloc
Its ok if your hacking me or a soviet psy-spy just admit it please.

Jokes aside, this does look really cool.
It does have alot of issues though, early days.
I'll be keeping my eye on it.

https://github.com/Tribler/tribler

I am not in your computer, even if I could I wouldnt out of respect.
I will let you know if it is worth it, post it here when you tried this shit
Its cool bro.

[0E 800]

Im checking it out now.

Hefty 49mb installer and takes 161+mb after installed. Reminds me of iTunes.

Being that its open-source, seems like it will make it easier for people to develope exploits for it.

Being that its their own version of 'like' TOR, makes me feel like it will be easier for the authorities to monitor since there is likely less nodes.

I installed it on 2 different Win8.1 x64 computers. 1 laptop and 1 desktop.

I notice that the search results do not match.

When searching for '2014' :
Desktop computer shows 180 results
Laptop shows 90.

There is a slider bar for how anonymous you want to be. 1 - 5 , 1 being faster bandwidth, 5 being high anonymity.

Too much gui for my taste. I will stick with utorrent 2.2.1 for now.

Thanks for share.

[madf0x]

Being that its open-source, seems like it will make it easier for people to develope exploits for it.

I don't see that as a bad thing. Sure the many eyes theory doesn't hold up in practice since most people simply don't want to randomly review an open source product unless they plan to get involves or just looking for vulns. But I'd rather have a project where someone can go yeah this line right here is vulnerable, fix with this. Instead of spending all their time digging through just a binary and then having to deal with vendors to get shit fixed. Sure makes it easier for bad guys too, but I'd rather both guys have an advantage rather than not.

I think you're fairly spot on with your other points. Every time I see something come out that tries to mimic some other popular system like tor or bitcoin I get nervous. Tor has it's issues, but pretty much all of it's issues have been worked out and are at least manageable. Esp when snowden docs imply the NSA doesn't have any backdoor or outright crypto break, they rely on known correlation type attacks. Not only would something like this inherit such flaws that are a necessity of the design, but its hard to say that they don't also introduce their own design flaws. Same thing with digital currency bitcoin clones. It boils down to the whole 'dont roll your own crypto' situation. You can't consider any encryption algo remotely secure till YEARS after it's introduction and vetted by the crypto community. Itll be a long time before I remotely trust something like Tribler, and Im not gunna blink when attacks against it are released, because it WILL happen and the only questions will be how devastating and how easy will it be to fix.   

[proxx]

Being that its open-source, seems like it will make it easier for people to develope exploits for it.

Strongly disagree, you rather see it closed and scary binary blobbed?



Anyhow.
First impression is pretty good
I used this build: https://aur.archlinux.org/packages/tribler/
Didnt start under normal privs, does as root, maybe its a daemon , not sure didnt look that far yet.
Looks pretty slick ,first random download worked directly, that was cute.
Core dumped, random crashes lol ,oke not stable

[madf0x]

Core dumped, random crashes lol ,oke not stable

If it randomly crashes that much, imagine if you were trying to crash it, eh?

[proxx]

If it randomly crashes that much, imagine if you were trying to crash it, eh?

Yes true.
Would you rather trust current tech in place ?

[madf0x]

I believe trust is relational. I trust sha-256 more than I trust md5, I trust my grandma more than the NSA, but I also trust the NSA more than I trust ISIS.

So in that context, I trust TOR more than tribler(although they really dont do the same things obviously). As far as torrenting concerns, It may or may not be an unpopular opinion but I think people worry too much. The feds simply aren't going after downloaders. They go after the seeders originally distributing the content or they go after the places distributing the torrents i.e piratebay. While I know some ISP will give cease and desist stuff if they notice you use torrents, I've personally yet to be in that situation. Prominent seeders have long by now figured they need to seed using some anonymity elements and I feel that at least in its current state Tribler would only introduce uncertain amount of risk. If I was in the seeders shoes Id rather stick to whatever setup I have going on that I know works rather than worrying about the plethora of potential 0days that tend to show up in new projects.

Also I looked at their anonymity design and while I cant comment on any of the technical details they very clearly are at risk for bad entry/exit nodes, maybe even more so than with TOR. If im sitting on an entry node, and I see you uploading some new movie before release date, you betcha Im not gunna care what happens with the rest of the torrent or who knows, I've got your address and Agent Mcgee is on his phone with your ISP. I don't even need to be targeting you, cause lets face it: even though TOR gets a lot of bad rep for being for illegal usages, torrents have a much higher ration of 'illegal' content to legit content than even TOR and is more ubiquitous. I can just sit on an entry node and just go fishing for seeders. No more need to identify the original seeder,they come to you first, no more need to hop on some torrent to target a specific individual or content, I can just prosecute whoever comes my way. My intuition is also betting that its easier to become an entry node than it is to be an evil tracker server for the purposes of identifying prolific seeders.

TL:DR: if I was some fed tasked with shutting down torrents, Id be more happy about the prospects of abusing Tribler than the people using tribler are about its capabilities to protect them.

[proxx]

I believe trust is relational. I trust sha-256 more than I trust md5, I trust my grandma more than the NSA, but I also trust the NSA more than I trust ISIS.

So in that context, I trust TOR more than tribler(although they really dont do the same things obviously). As far as torrenting concerns, It may or may not be an unpopular opinion but I think people worry too much. The feds simply aren't going after downloaders. They go after the seeders originally distributing the content or they go after the places distributing the torrents i.e piratebay. While I know some ISP will give cease and desist stuff if they notice you use torrents, I've personally yet to be in that situation. Prominent seeders have long by now figured they need to seed using some anonymity elements and I feel that at least in its current state Tribler would only introduce uncertain amount of risk. If I was in the seeders shoes Id rather stick to whatever setup I have going on that I know works rather than worrying about the plethora of potential 0days that tend to show up in new projects.

Also I looked at their anonymity design and while I cant comment on any of the technical details they very clearly are at risk for bad entry/exit nodes, maybe even more so than with TOR. If im sitting on an entry node, and I see you uploading some new movie before release date, you betcha Im not gunna care what happens with the rest of the torrent or who knows, I've got your address and Agent Mcgee is on his phone with your ISP. I don't even need to be targeting you, cause lets face it: even though TOR gets a lot of bad rep for being for illegal usages, torrents have a much higher ration of 'illegal' content to legit content than even TOR and is more ubiquitous. I can just sit on an entry node and just go fishing for seeders. No more need to identify the original seeder,they come to you first, no more need to hop on some torrent to target a specific individual or content, I can just prosecute whoever comes my way. My intuition is also betting that its easier to become an entry node than it is to be an evil tracker server for the purposes of identifying prolific seeders.

TL:DR: if I was some fed tasked with shutting down torrents, Id be more happy about the prospects of abusing Tribler than the people using tribler are about its capabilities to protect them.

The design just introduces an extra layer of 'security' for a torrenting enduser.
I dont know where you are located but I know a bunch of people that got some serious tickets for downloading a single movie.
Making it just a little bit more annoying for those trying to shit on the heads of the regular torrenter seems like a good thing to do.

Ofc just getting some VPS in some random ass country with little to no supervision on the latter and just sftp it or whatever is much more sensible.
And I wasnt really clear with my question as in that things like utorrent etc are closed source blobs which is a bit scary imo.
Again this goes for the regular user, I agree with you that there are far more tried-and-true methods.

[madf0x]

Yeah I see what you mean, I've just never ran into anyone that actually got targeted by an ISP for simply downloading the occasional torrent. Heck the biggest torrenter I've ever met in the real world was this guy working at the Infirmary(read: quarantine if you had something contagious) when I was in basic. Civillian dude was downloading music and movies on a daily basis from the infirmary itself, using internet provided by an isp with gov contract to provide service on base lol guy had been doing it for years. I may just have biases coming from my experiences but whenever I hear stories online of people getting shut down for torrents, I can't help but assume or notice that they weren't simply torrenting last fridays cool film release. Always seems to be people who draw large attention to themselves, seeding everything all the time and/or maxing out their bandwidth constantly. Kind of stuff that makes a backend support dude ask himself 'wtf is that guy doing every day? Oh torrents? shut em down'.

Tribler will be neat if it becomes bigger and works out some kinks, especially those apparent crashes. Reminds me of some metric saying for every 1000 lines of code you get 1 bug and for every 100 bugs you get 1 security vuln. If you're seeing random crashes, you probably have more than a couple hundred bugs, beware the seg fault!