drew2a
commented
1 month ago @RealJosephKnapps thank you for your request. We have an issue dedicated to the migration to libtorrent 2. Please check it:
-
5556
Open RealJosephKnapp opened 1 month ago
drew2a
commented
1 month ago @RealJosephKnapps thank you for your request. We have an issue dedicated to the migration to libtorrent 2. Please check it:
Is your feature request related to a problem? Please describe. Yes, Bittorrent version 1 is slowly being phased out and Bittorrent v2 is more secure. As we know libtorrent provides an official python binding to this shouldn't be a problem. An upgrade to Boost 1.85, libevent 2.1.12, OpenSSL 1.1.1w, Zlib 1.3.1 and pyQT 6.7.0 should also be made. Describe the solution you'd like
All that needs to happen is to update the dependencies, torrent traffic is handled by libtorrent so this shouldn't be much of a problem. Upgrading to LibreSSL 3.9.2 or OpenSSL 3.3.0 should also be considered providing the libtorrent library is compatible with it.
Describe alternatives you've considered
Stay with Bittorrent v1, provided that the libtorrent library is upgraded to libtorrent 1.2.19 and the dependencies are upgraded to Boost 1.85, libevent 2.1.12, Zlib 1.3.1, OpenSSL 1.1.1w and pyQT 6.7.0.
Additional context
Libtorrent v2 uses SHA256 for its infohash algorithm, this is more secure than libtorrent v1. Also, switching the upload rate to bandwidth based and the upload choking algorithm to anti leech will help decentralization. Additionally, PeX, Local Peer Discovery, the Bittorrent DHT with Security extensions, Anonymous Mode, Disallowing privileged ports, Server Side Request Forgery Mitigation, the Embedded Tracker, Resolving Peer hostnames and contries, Piece Affinity, Upload Piece Suggestions, Internationalized Domain Names, Validating HTTPS tracker certificates, and reannouncing to all trackers when IP address changes should all be enabled. Rechecking the torrents upon completion will help with security. Likewise requiring encrypted connections will help protect exit nodes, ideally, an exit node should not exit traffic unless it is behind a VPN, I consider ProtonVPN, IVPN, Mullvad, RiseUP VPN, Psiphon Unlimited, Cloudflare Warp+, Calyx VPN, Surfshark, Gaurdian/Brave VPN and Opera VPN to be trustworthy, but the user should have the final say.