How Tribler aims to improve the privacy of Bittorrent users
Direct connections between users are used by the Bittorrent protocol by default. This means that whenever you load a torrent in a client like uTorrent, seeders and users downloading the torrent as well connect to your device directly to transfer data.
Once you start to receive data your device is being used to deliver these parts to other users who download the torrent as well.
The core problem with direct connections is that it is dead easy to trace users. Some companies use this to track downloaders and seeders of torrents as there is no anonymity involved in the process.
Anyone involved in the process can log IP addresses of users downloading or uploading data, and use reverse IP look up scripts to get information about the Internet Service Provider that maintains the IP address.
Certain services and techniques have been created to protect users from that. There are proxies that users can make use of for example. A proxy sits between the user device and the other device so that traffic flows through it.
A log file would show the IP address of the proxy and not that of the user device. This means that a trace would reveal information about the company that maintains the proxy. It is still possible to trace users back under certain circumstances, for instance if the proxy company cooperates with companies or the authorities to log users or if it did log users in first place.
A second issue here is that a compromised proxy would render the privacy benefits useless.
Tribler attempts to improve the privacy of Bittorrent users by using proxy layers instead of single proxies. One of the core benefits of this approach is that it is not necessary to trust a single proxy server anymore:
- The seeder connects to the first proxy, and the data that is transmitted here is encrypted.
- The second proxy sits between the first and third, and will encrypt the data as well.
- The third proxy is the only one that connects to your device directly. It is also connected to the second proxy.
One of the issues with the system is that the seeder is still unprotected. Tribler plans to change that by using similar proxy chains to improve seeder privacy as well.
Interested users can run a test download in the client currently that uses the layers of proxies for the downloading.
According to the team, the anonymity layer for downloaders is expected to be released this Fall.
Another interesting feature of Tribler is the fact that its search is powered by peer to peer connections and not a central server that is used to index data and return search results.
How fast will it be?
While the test download should allow for speeds of 1.5 Megabyte for downloaders, it did not cross the 81 KB/s mark during a test on a Windows 7 Pro system with a fast 50 Mbit connection.
Closing Words
It needs to be noted that users are not fully anonymous when they use the client this Fall after the anonymity update is made available. While downloads are covered, all users are automatically uploading parts of files they download to other users as well, and this is not anonymized currently.
In addition, it is unclear who is operating the server infrastructure. Since the project is funded by the European Union, it could very well be that it is operating its own server infrastructure.
Now You: What is your take on this? Will you use it if it works?
I suspect not all the privacy problems will be solved.
http://krebsonsecurity.com/2014/09/dread-pirate-sunk-by-leaky-captcha/
“In addition, it is unclear who is operating the server infrastructure…”
I will stick with the vpn of my choice but thanks anyway.