BiglySoftware / BiglyBT

Feature-filled Bittorrent client based on the Azureus open source project
https://www.biglybt.com
GNU General Public License v2.0
1.59k stars 153 forks source link

Some new good features for better privacy, security and decentralization #3205

Closed NiKola-UE closed 5 months ago

NiKola-UE commented 8 months ago

Hello for all,

I'm not a programmer / developer, so what I'm going to suggest here is technically demanding, complex and complicated, but still not impossible.

Combining the Tor, I2P, Lokinet and IPFS into one program is a really fantastic. Therefore, I think that list should be expanded in order to gain decentralization, speed and some other improvements.

In addition to I2P, there is also I2PD (I2P Deemon) which is good for decentralization. Also, there is GMUnet which adds additional anonymity but has stronger encryption. Yggdrasil is not good for anonymity, but it has three times stronger encryption than I2P. I don't know if Phantom and ZeroNet can fit into this, but they are good for decentralization of content because sites hosted on them don't need any central servers. Although it is an operating system, perhaps Whonix could be used for exit nodes, of course if it is at all possible to implement it. I mention this not entirely by chance, because Tor's architecture is centralized, which causes slow speeds, and also has problems with exit nodes and is not so resistant to censorship, although there are various plugins for this. Lokinet is based on a blockchain and its exit nodes are not easy to set up and may experience downtime as a result. The other networks I mentioned are not even intended for surfing the surface / visible Internet and therefore do not have exit nodes.

Shadowsocks and Outline VPN, in addition to being excellent anti-censorship protocols, can be used to have all traffic pass through their tunnels, which can increase torrent download speeds.

In addition to IPFS, the SeaweedFS protocol and Hyphanet (formerly Freenet)'s architecture should be used, which together can help with the processing of all data, but also better storage of torrents because when torrents are stored on decentralized nodes, they will be much easier and faster to download since they will be less dependent on the number of active seeders and especially sites to which they were originally uploaded. XtreemFS also showed a lot of promise, but I don't know if it's worth integrating because it hasn't been developed for a long time.

DPI (deep-packet inspection) tools such as GreenTunnel, PowerTunnel, DPITunnel, GoodbyeDPI... can also be very helpful for bypassing firewalls and other blockages.

Such a program that has access to different networks and protocols can certainly allow users to download torrents that are unavailable or blocked in their country or region, without having to use expensive and unreliable applications like the VPNs just for the sake of torrents. Of course, not all of these options need to be included as mandatory for everyone. Let everyone adjust as they like in the program menu and settings. Also, whoever knowingly and intentionally uses BiglyBT to download, upload and share illegal content or for anything else, does so solely at his own risk, which should be clearly and unequivocally stated in the privacy policy and disclaimer.

I don't know exactly which search engines are integrated in Bigly, but I think it's best to incorporate the open source and their codes (incomplete list is here), because the more engines, the more chances to find different torrents in different languages and places - so something like torrentz.eu site, but everything would be searched and downloaded from multiple sources and directly from the program, without launching a browser.

Some Windows users may remember the Torch Browser which, among other things, could download and specifically search for torrents without adding any extensions, and if the downloaded content was accidentally or intentionally deleted, Torch would automatically re-download that torrent every time it was restarted and would do so as long as the torrent file or magnet link is in the browser. This browser is later discontinued, and in the meantime it turned out that it was not as secure as the authors claimed. However, this feature is very interesting and useful.

I repeat: I know that all this is very difficult and requires a lot of time, but it is also possible; you just need to work patiently, diligently and with dedication - as much as we can and want. Just move forward bravely and there will be good results.

Thank you in advanced.

ferdnyc commented 7 months ago

@NiKola-UE

Combining the Tor, I2P, Lokinet and IPFS into one program is a really fantastic. Therefore, I think that list should be expanded in order to gain decentralization, speed and some other improvements.

They aren't combined into one program. All of those networks are implemented as separate plugins to BiglyBT.

(Well, Tor and I2P anyway. I'm not aware of any particular Lokinet or IPFS support in BiglyBT. Both were suggested at various points (#2601, #2822), but unless I've missed a memo nothing much came of either.)

But the I2P plugin and the Tor plugin are what provide integration with those networks. Granted, those plugins happen to be bundled with the default install, but they're still plugins.

There are also helper plugins for various VPN providers, to ensure that BiglyBT traffic is correctly sequestered onto the secure network. (A VPN generally can't be implemented in a certain piece of software; it's an operating system level service. The best BiglyBT can do regarding VPNs is to verify that the VPN is correctly configured and active.)

(One small note:)

DPI (deep-packet inspection) tools such as GreenTunnel, PowerTunnel, DPITunnel, GoodbyeDPI... can also be very helpful for bypassing firewalls and other blockages.

Deep Packet Inspection is the technique providers use to detect certain types of traffic, which they may then block or otherwise interfere with. Systems like GreenTunnel and DPITunnel that prevent such blocking are DPI bypass / anti-DPI tools.

BiglyBT + DPI-be-gone?

AIUI, DPI is primarily/entirely about blocking HTTP(S) traffic, and the DPI bypass tools operate by employing techniques specific to HTTP(S) in order to make it harder for providers to detect browser traffic to those sites. Since BitTorrent itself makes limited use of HTTPS except when interacting with http:// trackers and for a few secondary functions, it's not clear to me what benefit there would be in integrating those tools with BiglyBT.

If anyone's looking to prevent DPI-based detection of the web traffic BiglyBT does generate, they can always use a GreenTunnel-like tool alongside BiglyBT. That way, all of their web traffic will be protected, not just what's coming from BiglyBT.

Integration not required

But as far as any of the technologies you mentioned: BiglyBT, and all of its plugins, are open-source software. To whatever extent it might be useful for BiglyBT to support some new technology, anyone can develop the necessary functionality as a BiglyBT plugin. (The various plugin links I included earlier each go to that plugin's source code repository, which can serve as examples for anyone looking to develop a new plugin along similar lines.)

If the plugin is of interest to other users, and enhances the functionality of the application without excessive resource consumption or major bugs (and if it's released under a compatible open-source license), it's hard to imagine that plugin wouldn't be added to the bundled set, at least as an optional extra.

NiKola-UE commented 7 months ago

Thank you very much for such useful and very comprehensive answer.

I forgot to mention OnionCat which encrypts all traffic through Tor, but oh well... Like I said, Outline VPN is not a VPN even though it's called that, so I just thought that with Shadowsocks and possibly N2N, maybe it could be used to get all traffic through their tunnels , which could help against blockages and increase speed, but it's clear to me that it can't do that.

I also said that I don't like VPNs and there are several reasons for that, but that's not important here. All the tools and protocols I mentioned can be good even when Tor is blocked (and it has often been the target of attacks). Of course, each of these plugins is separate, but I don't know why they couldn't work together if it was set up that way. The BiglyBT should be equally good for those who want simplicity, security and privacy, as well as for technically demanding users who want additional advanced options, levels and parameters...

Yes, I understand that it's all quite complicated and he can't do it all at once. Again, in any case, some of these and other tools are incorporated as and when possible, so different levels of it can be configured in the settings. But I think incorporating different open source search engines would be a good thing.

It is also commendable that BiglyBT has a nice user interface that can work with with a keyboard, so that it can be used by blind and visualli inpaired users with screen readers, which is not the case with many similar programs; which is a personally wery important for me.

NiKola-UE commented 7 months ago

Yes, implementing the DPI tools probably won't make BiglyBT much better, but it can help if they haven't been added / installed on the system or if they don't work for some reason. Also, BiglyBT is a cross-platform program, while DPIs are not. GreenTunnel is available for Windows, Mac and Debian, PowerTunnel and GoodbyeDPI for Windows, DPITunnel for Android, and Netdeep Secure Firewall for Linux. VPNHood! and recently new N3N are also good networks, but well...

In addition, add-ons for antivirus, antimalware and firewalls (lists are also available on AlternativeTo) can be good for scann torrent before download if there are harmful files in the torrent. Of course, it cannot be used as the replacement for mentioned programs, but warning about detected infected and potentially dangerous files can help to continue downloading torrents if the rest is clean.

It's clear that are only optional add-ons / plugins. Various users have different needs, while different networks, protocols and tools bring different levels of privacy, security, etc.

linkerlin commented 6 months ago

@NiKola-UE

Combining the Tor, I2P, Lokinet and IPFS into one program is a really fantastic. Therefore, I think that list should be expanded in order to gain decentralization, speed and some other improvements.

They aren't combined into one program. All of those networks are implemented as separate plugins to BiglyBT.

(Well, Tor and I2P anyway. I'm not aware of any particular Lokinet or IPFS support in BiglyBT. Both were suggested at various points (#2601, #2822), but unless I've missed a memo nothing much came of either.)

But the I2P plugin and the Tor plugin are what provide integration with those networks. Granted, those plugins happen to be bundled with the default install, but they're still plugins.

There are also helper plugins for various VPN providers, to ensure that BiglyBT traffic is correctly sequestered onto the secure network. (A VPN generally can't be implemented in a certain piece of software; it's an operating system level service. The best BiglyBT can do regarding VPNs is to verify that the VPN is correctly configured and active.)

(One small note:)

DPI (deep-packet inspection) tools such as GreenTunnel, PowerTunnel, DPITunnel, GoodbyeDPI... can also be very helpful for bypassing firewalls and other blockages.

Deep Packet Inspection is the technique providers use to detect certain types of traffic, which they may then block or otherwise interfere with. Systems like GreenTunnel and DPITunnel that prevent such blocking are DPI bypass / anti-DPI tools.

BiglyBT + DPI-be-gone?

AIUI, DPI is primarily/entirely about blocking HTTP(S) traffic, and the DPI bypass tools operate by employing techniques specific to HTTP(S) in order to make it harder for providers to detect browser traffic to those sites. Since BitTorrent itself makes limited use of HTTPS except when interacting with http:// trackers and for a few secondary functions, it's not clear to me what benefit there would be in integrating those tools with BiglyBT.

If anyone's looking to prevent DPI-based detection of the web traffic BiglyBT does generate, they can always use a GreenTunnel-like tool alongside BiglyBT. That way, all of their web traffic will be protected, not just what's coming from BiglyBT.

Integration not required

But as far as any of the technologies you mentioned: BiglyBT, and all of its plugins, are open-source software. To whatever extent it might be useful for BiglyBT to support some new technology, anyone can develop the necessary functionality as a BiglyBT plugin. (The various plugin links I included earlier each go to that plugin's source code repository, which can serve as examples for anyone looking to develop a new plugin along similar lines.)

If the plugin is of interest to other users, and enhances the functionality of the application without excessive resource consumption or major bugs (and if it's released under a compatible open-source license), it's hard to imagine that plugin wouldn't be added to the bundled set, at least as an optional extra.

nabu is a IPFS impl. in Java https://github.com/Peergos/nabu

NiKola-UE commented 6 months ago

Yes, Tor and I2P are not difficult to combine since both networks are well known and have been around for a long time. On the other hand, Lokinet is relatively new, still actively developing, based on block chain and not so well known, and it still has some limitations, as the authors themselves admit on the official website, so it is not so easy to use for implementation.

I don't think everything should be lumped into one plugin. It is good if there are several different plugins for one such program, so that different types of users can choose what they like. But I think SeaweedFS can be used, although I don't know how compatible it is with IPFS in the same program.

NiKola-UE commented 5 months ago

Well, since there are no more comments or reactions, I think I can close this issue with ease.

Finally, I would just ask the authors and developers to create and update existed add-ons for SeaweedFS, Lokinet, ZeroNet, Phantom, Yggdrasil and Freenet and tools for direct search and download torrents directly from the program, and also to adapt the buttons and all other commands better to the keyboard cursor, so that screen readers can navigate them more easily and precissely, because unfortunately I don't know that...

I thank everyone for all help.