Closed C0nw0nk closed 5 years ago
ZaphodBeebblebrox
commented
5 years ago Blocking webtorrent generically does not make sense to me, as it appears to have legitimate uses. If you can give examples of sites that abuse it, it might be fixed on a per site basis, but without any examples of abuse, there is nothing to do.
C0nw0nk
commented
5 years ago Blocking webtorrent generically does not make sense to me, as it appears to have legitimate uses. If you can give examples of sites that abuse it, it might be fixed on a per site basis, but without any examples of abuse, there is nothing to do.
If you want to allow these scripts to consume your monthly bandwidth bill so be it but uploading and outgoing bandwidth at maximum slows down connections elsewhere and there is no throttling or ask first scenario or way to stop it other than blocking the scripts.
Instead of thinking about yourself consider those in the situation where they have limited internet. There are good reasons why these users would need scripts like this blocked i would opt for throttling to like 1kbps instead of what ever your maximum outgoing capabilities are but the scripts don't allow you to set that so the only solution is to block these scripts.
Bitcoin mining was hard on our CPU's this is hard/sneaky and stealing our upload bandwidth instead. If you like the fact they can blow up and consume all 100% of your outgoing bandwidth slowing down all other connections then you keep those scripts unblocked but i have them blocked and more people should be aware of abusive sneaky scripts like this.
smed79
commented
5 years ago @C0nw0nk Do you have an example site or you want just break this tool?
mapx-
commented
5 years ago webtorrent is the web version of p2p clients, right ? You can download various stuff but - to keep alive all this system - you should also seeding what you downloaded.
okiehsch
commented
5 years ago A site that uses it is bitchute.com.
C0nw0nk
commented
5 years ago webtorrent is the web version of p2p clients, right ? You can download but - to keep alive all this system - you should also seeding what you downloaded.
It is not like you are given a choice with seeding you are forced to do it and you don't get a choice with speed either it will just go at the maximum that your browser can upload at slowing down other pages / connections. At least with torrent applications you can choose to disable seeding and throttle / lower the upload speeds with this there is no choice or warning.
@C0nw0nk Do you have an example site or you want just break this tool?
okiehsch posted an example site but in my first post i posted https://webtorrent.io/ what is running these scripts and the videos on the homepage there are being uploaded and seeded consuming outgoing bandwidth without permission.
feross
commented
5 years ago There are many, legitimate uses of WebTorrent. To list just a few:
All of these sites disclose prominently that they're powered by WebTorrent and show download/upload speeds in the UI. I don't think that sneaky WebTorrent usage is a real problem. But if you find a site doing that, then by all means block that one specific site's JavaScript.
I don't think blocking all uses of WebTorrent makes any sense. We should be encouraging more sites to adopt decentralized web technology, not breaking the sites that do.
C0nw0nk
commented
5 years ago @feross Not a single one of those allows me or anyone else to opt out of seeding nor throttle / change or remove uploading files. You neglect users who are limited on bandwidth and you will cost them a fortune in uploading and outgoing bandwidth. When they innocently read a page or are AFK on a page.
There needs to be a setting you can't just maximise their outgoing bandwidth having them seeding automatically and uploading as much as possible.
This was what is wrong with bitcoin mining they forced it upon us the users and maximized our CPU and did not give us the ability to opt out.
That was also decentralized.
If it was capable of allowing us to stop or lower the upload/seeding limits etc it would be deemed acceptable because it is in the clients control to stop the script and opt out right now it is just maximized and forced upon all who visit regardless of what browser they use they all unwillingly get made zombies to upload and serve their files using up our own outgoing bandwidth.
You gotta consider those who are limited monthly on bandwidth MOBILE users especially.
Remember bandwidth is very expensive it is why it is limited and these sites intentionally know that that is why they don't want to serve the files and foot the bill themselves but instead want innocent unknowing and unwilling users get the shock of a big bandwidth bill.
okiehsch
commented
5 years ago To be clear I don't intend to blanket block webtorrent.js, like ZaphodBeebblebrox has said, if you can find a site that abuses it a fix could be added, but keep in mind blocking the script has a high likelihood of breaking the sites video/audio playback functionality.
For example add ||cdnjs.cloudflare.com/ajax/*/webtorrent.min.js$script,domain=bitchute.com to your filter list and try to play any video at bitchute.com.
C0nw0nk
commented
5 years ago @okiehsch did that and videos still play fine there for me ?
||cdnjs.cloudflare.com/ajax/*/webtorrent.min.js$script
||cdn.jsdelivr.net/webtorrent/*/webtorrent.min.js$scriptSame with other sites I now receive the files from their hosted web servers not via torrented unwilling users and checking the download URL their web-server is the one sending me the file now and I am no longer uploading the file to anyone wasting my own bandwidth.
By default without the script maybe due to incompatible browsers who don't have Media Source API capabilities it plays and streams media from their web servers. So blocking the script does not break anything.... There is no harm in blocking it...
If you use a older or different browser or a browser without Media Source API built in you will see torrent script does not work. Go back a few versions in Firefox, Chrome etc. The script is useless and their web servers by default serve the files the way the internet works anyway.
okiehsch
commented
5 years ago did that and videos still play fine there for me ?
Works with Firefox, breaks the site with Chrome, I did not try Firefox my bad.
C0nw0nk
commented
5 years ago did that and videos still play fine there for me ?
Works with Firefox, breaks the site with Chrome, I did not try Firefox my bad.
It is all about Media Source API if a browser supports Media Source API that allows their script to work older versions of Chrome did not support it Firefox only supported it recently i think.
Shows that by default they will fall back to serving the file themselves as they should do. They have to seed the original file themselves as well hence the torrent original seed link is their servers download URL.
okiehsch
commented
5 years ago unwilling users
If you are using a site like https://bitlove.org
how can you claim that you are an unwilling user?
If you find a site that does not tell the user that it uses p2p to stream audio/video via javascript we can talk about adding a filter.
C0nw0nk
commented
5 years ago webtorrent.io/ Does it automatically. No opt in or choice made when you visit their home page. The same goes for https://www.bitchute.com/ I see no warnings or messages or settings or asking me to allow it anywhere.
The bitlove.org site you shared I see does have the home page announcement but still no opt out... Still no choice just forced to close the window and never return.
okiehsch
commented
5 years ago 
If you are using a site with p2p streaming what do you expect, that you don't upload anything?
I agree that the bitchute site is not exactly upfront about it, they do disclose it in their guidelines. @gorhill what do you think about this whole issue?
ZaphodBeebblebrox
commented
5 years ago webtorrent.io says "Downloading sintel.torrent from 11 peers." with an infographic showing how it works.
bitchute.com does not make any webrtc connections until you navigate to a video, where they show all uploads and downloads clearly.
bitlove.org does not make any webrtc connections until you click the play button on a podcast.
I fail to see how any of this is misleading a user. You can investigate these yourself by going to chrome://webrtc-internals/ on chrome or about:webrtc on firefox.
C0nw0nk
commented
5 years ago Regardless of opinions when it comes to bandwidth limits and restrictions and expenses, Especially for MOBILE users like on my own mobile devices.
I will be implementing these filters.
||cdnjs.cloudflare.com/ajax/*/webtorrent.min.js$script
||cdn.jsdelivr.net/webtorrent/*/webtorrent.min.js$scriptMobile users are the ones most likely to be abused by bandwidth limits because of this I know my own roaming charges when I am out this will get expensive very fast unless i block it.
Make what you will of this issue and argue you don't think it is an issue because your usage scenario and maybe you do not have bandwidth restrictions with your internet service provider but not everyone in the world has the same luxuries.
gorhill
commented
5 years ago @gorhill what do you think about this whole issue?
As you said, we are not going to block WebTorrent libraries -- it makes no sense to assume that all uses of the library are unwanted, and this is going to break sites in obscure ways causing people to disable uBO completely, a worse outcome.
A case of abuse I would be ready to consider is that of a site caching resources locally and torrenting these cached resources when they are unrelated to the current page. I don't see this happening with bitchute.com, the WebRTC connections cease when navigating away from a video, and anyway the user interface makes it obvious torrenting is occurring.
Edgemesh was blocked because they cached all sort of resources from a site and it was unreasonable to expect users to be aware of the torrenting silently occurring in the background -- which only benefited the site itself. In the current case this happens only for videos currently viewed by the user.
What is needed is specific cases, and arguments on a case-by-case basis why something should be blocked, keeping in mind it is expected that watching a video is going to consume bandwidth.
GeoffRiley
commented
5 years ago Regardless of opinions when it comes to bandwidth limits and restrictions and expenses, Especially for MOBILE users like on my own mobile devices.
As I see it, there are two very important points here:
All p2p protocols rely upon the co-operation of people sharing: the reason that programs like the original Napster were so popular was that no one person had to stay on line all the time to have their music collection available—so long as enough people had downloaded sections of it, the whole collection was available… and at that time it was frequently done over dialup connections which had far less bandwidth than your mobile telephone!
If people fail to co-operate and want only to download then all files have to come from a single server—or big expensive co-located server farm in order to provide enough bandwidth to everyone that wants to stream the file—and who pays for that big expensive co-located server farm? Well, you do of course along with everyone else that uses the serving, with more expensive videos… or loads more intrusive adverts that you in turn will attempt to avoid no doubt. ;)
Avoiding the cost of server farms and the demand of users to reduce costs is precisely why companies start to look to technologies such as p2p… with WebTorrent being one of the most widely used and most mature of all the web based protocols available, it is bound to turn up. On the bright side, by default, it automatically limits to 4 peer connections… it checks the ping time of any new peers and switches if they're faster, so you should always end up with 4 responsive connections: that usually mean that they're close to you (network wise) so when you're getting read to watch the next chunk of whatever movie you are watching one of those 4 should hopefully already have it—because they're watching it too—similarly if one of those four want the bit that you've just watched, you can pass it on to them. The Torrent protocol doesn't operate linearly though: it doesn't start at the beginning and work through, it works in blocks, and although you'll get the start at a priority for a streaming play, you'll most likely have the end before the middle!
The solutions is simple: either stop using your mobile and start using a desktop for that sort or thing, or shop around for a better bandwidth deal. Just don't try to make everyone pay for what you perceive as a problem.
Rudy65
commented
5 years ago I think that like coin mining, the issue discussed here is more fundamental than it seems and shouldn't be dismissed too fast, especially in the case P2P is to become important for the web in the future.
The question is : even assuming that the user is fully aware of the upload, that the upload is only related to the current page, and that users get download traffic from other users in exchange for their upload. Shouldn't the users still have total control over their computing, as a matter of principle ? Which implies the right to turn off or throttle down the upload. Maybe even the right to never have any upload starting if the user didn't trigger it himself (maybe with a button or a prompt).
Yes, in some cases this can be considered as amounting to leeching, and leeching is bad. But having control over one's computing is more important than preventing leeching. This is why (non-browser) torrent clients allow to control the upload speed. Why should we give up our control when P2P happens in a browser ? If it's because it would be too hard to keep control in practice considering the technical balance of power between users and websites today, then we should say that this is the reason, instead of saying that this loss of control is legitimate. But it's not obvious to me that this battle is already lost.
A side note : GeoffRiley you said that with non-P2P systems the users already pay for the bandwidth anyway, either directly when buying videos or often indirectly with intrusive ads for free services. But a similar justification was used to defend coin mining : some said that because sites had to make money anyway, that would be better than having ads, like if mining would replace ads. But sites not being charity organizations, having the technical possibility of having both ads and mining, that's what they would end up doing. Same here, having the users pay for the content distribution with their own upload bandwidth doesn't mechanically imply that the sites will stop having ads for extra profit if nothing constrains them to stop, or even that they will lower the prices of their videos. And even if that was the case, the user should have the right to refuse indirect payment involving (ads or P2P) code running on his own computer.
I don't have a specific suggestion on what to block or do more generally but my conclusion is that things like webtorrent as they are used now shouldn't be considered 100% ok : simply warning us that upload is happening is not giving us enough control, and I'm surprised that C0nw0nk is the only other voice agreeing with this specific point in this discussion.
GeoffRiley
commented
5 years ago @Rudy65, I think you misunderstand my argument against relying upon direct downloads: I didn't say that it would guarantee less adverts, just that it didn't require extra adverts.
It is impossible to run a direct distribution of files to thousands of connections from a single server: even the most powerful of servers would grind to a halt and the outgoing bandwidth would saturate meaning that no-one would get a reliable connection. Further to that if the physical server is in, say, California (a guess for webtorrent.io) and you are in the middle of Europe then there is also that long ping time that you have to worry about… packet loss, out of order, retransmits, and so on. Adding extra servers in California will help people that live close, but not people on other continents. So servers have to be set up in different locations around the world and arrangements made to ensure that people download from the closest server cluster. For a long time this is how companies have worked; indeed there are file distribution companies whose sole purpose is to provide servers around the world like this. However, it all costs and as the number of users of the internet increases those costs increase.
It is awkward but possible to run a p2p file distribution on a single server… so long as people co-operate. The WebTorrent component doesn't implement everything that is available on a full torrent program, elements such as bandwidth limiting take quite a lot of processing and are beyond the capability of a Javascript Object. As I'm in the UK I cannot access most Torrent sites anyway, but the odd site that does use the protocol always seems to either have the torrent file or the magnet link available to copy to a separate application (Transmission in my case)… perhaps you can miss out the WebTorrent Object and find another app for your phone?
I would not be surprised if the sites in use do not record ratios though… and compile an internal blacklist of leechers to prevent people from doing just what is being suggested.
If you are worried about it being accepted 100% of the time, then perhaps you should think of it in the context of everything else that you click on: some things can only be regulated by the withholding of the finger on the mouse (or prodding of the screen). In the same way that you couldn't blanket ban all .JPG files just because some have an embedded fault in them, it is impossible to just classify all torrents as bad.
Filters have already been provided that can be used in personal settings, and I think that should be enough.
Rudy65
commented
5 years ago Coinmining was a specific case of using your CPU at no benefit to you. P2P, on the other hand, is directly of benefit to you.
P2P upload for web content distribution, which is what the issue is about, does not benefit the user who uploads. Primarily it benefits the web site which uses the users as its free CDN to avoid having to pay for bandwidth. But, of benefit or not, the user should have full control over how a web site uses his upload bandwidth.
I am not arguing against P2P web content distribution at all, you do not need to convince me that this can be useful. I am arguing against P2P upload being enforced by web sites on users. Right now, what should be upload bandwidth voluntary donation from the user to the site, is just forced bandwidth theft by the site. Thus resource abuse in my opinion.
elements such as bandwidth limiting take quite a lot of processing and are beyond the capability of a Javascript Object
I'll have to trust your word on this technical point, webRTC design is very flawed if users can't control their upload bandwidth at all. The same kind of flaw in browser designs that makes it possible for sites to connect to any peers and initiate uploads without even warning users. Obviously site interests came before user interests here. Even if we admit that upload bandwidth limitation is technically impossible, the user should still always have the choice not to upload at all.
I would not be surprised if the sites in use do not record ratios though… and compile an internal blacklist of leechers to prevent people from doing just what is being suggested.
That would imply user tracking, aggravated by the purpose of establishing a blacklist, another piece of nefarious code running in users browsers without their consent.
If you are worried about it being accepted 100% of the time, then perhaps you should think of it in the context of everything else that you click on: some things can only be regulated by the withholding of the finger on the mouse (or prodding of the screen). In the same way that you couldn't blanket ban all .JPG files just because some have an embedded fault in them, it is impossible to just classify all torrents as bad. Filters have already been provided that can be used in personal settings, and I think that should be enough.
It is important to make the difference between what we don't block because we don't want to, and what we don't block because we would want to but we can't in practice (because of breakage or something else). I was arguing that with upload bandwidth theft we're not in the first case like everybody else except C0nw0nk seems to think in this discussion, but more in the second case. I'm discussing what the blocking policy should be, not what filters should be used.
Hrxn
commented
5 years ago P2P upload for web content distribution, which is what the issue is about, does not benefit the user who uploads.
This is disingenuous . It does benefit the user, by virtue of being part of a group, where this mechanism applies to every part of the group, and is therefore beneficial.
Rudy65
commented
5 years ago @Hrxn Imagine that in the near future it's Youtube that decides to steal users upload bandwidth instead of paying for servers, without asking for permission, and that it doesn't give anything back to users as a compensation. How exactly will this benefit any user ? This is the sort of scenarios I'm worried about. I want the right to choose the sites I will donate my bandwidth to. Current policy seems to be that as long as they warn the users there is nothing wrong in forcing them to upload.
C0nw0nk
commented
5 years ago After reading some peoples responses and noticing that some users who replied here upvote downvote argue are from the https://github.com/webtorrent/webtorrent webtorrent github page (devs) etc @feross for example is a dev of webtorrent who has been replying here.
I want to just point out I am not against webtorrent or P2P sharing I do love it and think decentralized networks are fantastic and I do love your work and I do see you are putting a wedge between copyrighted material and webtorrent to prove it is in no way supported or to be used for copyrighted materials. But I do not appreciate the way it is abused to steal my bandwidth just like you do not want it abused for DMCA and transmission of copyrighted materials and I can't disable seeding or throttle down to 1kbps upload speed like you can with uTorrent for example it is problems like this that grow into worse scenarios.
My point still stands bandwidth theft is bandwidth theft because it automatically starts uploading without asking permission first. The same as coinhive and bitcoin miners did.
Moving onto another noticeable and questionable thing with webtorrent @feross why is the only CDN sharing your script Cloudflare ( https://cdnjs.com/libraries/webtorrent )
I take it Google refused to be a part of it seeing as they won't host your library ? https://developers.google.com/speed/libraries/
GeoffRiley
commented
5 years ago @Rudy65, the OP was talking about 'uploads' starting when he began downloading.
i.e. he's complaining that when he starts to download a video via a torrent, then WebTorrent automatically starts to seed to other people.
He is not saying that it is when he is trying to make an upload to a torrent site. If he was uploading, I would have even less sympathy as the primary source always has to accept more hits… further to that, I cannot see any way for WebTorrent to act as a primary source anyway.
Rudy65
commented
5 years ago @GeoffRiley : Yes, I had understood what OP was talking about, I am talking about the same thing as him.
Rudy65
commented
5 years ago Edgemesh was blocked because they cached all sort of resources from a site and it was unreasonable to expect users to be aware of the torrenting silently occurring in the background -- which only benefited the site itself. In the current case this happens only for videos currently viewed by the user.
So there were two reasons for blocking Edgemesh : users not being aware, and the upload "only benefiting the site itself". I do not understand your second reason. Data uploaded by users on Edgemesh sites "benefits" other users too, even if it's not exactly the part of the site that the uploading user is currently viewing, it's still "helping" other users download stuff from the site. But that would be resource abuse only for the "selfish" reason that it's not the specific part of the site that the user is currently viewing ?
In the Edgemesh blocking issue gorhill said:
If one care about informed choice, than edgemesh filters definitely fit in the default lists, even if there is no tracking involved. Just open the logger, select All, then visit the sites above pointed out by @smed79: tons of behind-the-scene requests, out of view of users. If one is fine with this behavior, than it's just a matter of pointing-and-clicking to create an allow (green) rule for edgeno.de in the popup panel. In effect, having these filters in uBO by default does bring back informed choice, formerly non-existent. There is no informed choice in having to opt-out of something you do not know is going on.
At that time I thought that you were defending the idea that uploads should be opt-in. But it seems that you were only blocking it because users were unaware, or that you changed your mind now on what deserves to be blocked. Choice is not only about knowing what's happening, it's about being able to say no. In the current issue not only the upload is not opt-in, but worse than that, it's not even possible to opt out.
We should be encouraging more sites to adopt decentralized web technology
Decentralization is a good thing when it decentralizes power from the hands of big sites. When the only thing decentralized is the (upload bandwidth) resource burden while control is still centralized in the sites hands, it's a regression for user rights. Think about my Google Youtube example (or Dailymotion, to talk about a site I've already actually seen connections to peer5.com appear on...).
I insist that we should stop seeing forced upload as web sites being benevolent dictators protecting good uploading users from bad leeching users who don't contribute back. The bandwidth savings first go to the site's bank account. Only then the site may decide to redistribute back or not those savings to the users whose upload bandwidth was used, by having less ads for instance. It's unfair that this decision is only in sites hands while it's users resources that were used, and without their consent. Some sites may be fairplay, some may just leech on users for extra profit. We should be the ones deciding if our upload bandwidth can be used.
Besides, even if some sites are fairplay and redistribute the savings, we shouldn't even accept the idea of a benevolent dictator web site implementing some sort of forced upload DRM in our browser for the greater good. Because of uBlock's manifesto :
The user decides what web content is acceptable or not in their browser.
And all my argumentation didn't even mention yet the terrible disrespect for phone users with metered connections...
ghajini
commented
4 years ago @mapx- This site downloading (sintel.torrent) 129MB without my consent, any custom filter you suggest to prevent this data usage by site?
mapx-
commented
4 years ago ||webtorrent.io/bundle.js$script,1p ?
ghajini
commented
4 years ago Works
WebTorrent scripts abusing outgoing UPLOAD bandwidth sneakily forcing and tricking browsers into Uploading and seeding files unwillingly
I am curious as to why uBlock and AdBlocking industry in general does not block these scripts because just like JavaScript based bitcoin mining was sneaky and abusive on our CPU of our machines this does the same consuming our outgoing bandwidth. Those who are limited on bandwidth every month this can be severe and costly unless these scripts are blocked.
https://webtorrent.io/The way it works is you visit a website running torrent scripts.
The videos images etc you download on that website you then are seeding them from your browser and rouge IP addresses connect to your browser and you start UPLOADING these files to them consuming your monthly bandwidth bill without even knowing.