Current status of Tribler privacy?

General
#1

Hello,

I have been following Tribler for over a year now, but have not been up to speed with the latest developments. So here are my questions:

  • Tribler used to only provide “anonymous” download to users who allowed out-proxy on their own machine. Is that still going on?
  • Is it possible to set Tribler in a way that only downloads from within the network itself, and not from the regular internet? Is it safer?
  • When downloading from the regular internet, is it always anonymous or not?
  • Since the only ones running tunnel helpers are the University Servers, is it possible to the University (if taken control by a rogue adversary) to spy on the users?
  • Are there any plans for Tribler to use I2P in the near future?
  • Last but not least, anonymity loves company! How many daily users does Tribler has?

Thanks!

#2

Hey guys, would really like to have some feedback on my post… Thanks.
Want to use this, but need to know more about the current status of things. Thanks :slight_smile:

#3

Sorry for the delay, I’m really busy and can’t attend the forums as much as I would like.

Right now you are allowed to use tunneled downloads even if you don’t run as an exit node, but intermediate proxying is always enabled.

There’s people working on having an incentive system set up so you can invest in bandwidth when not needed and then get prioritized when downloading stuff. But that is still WIP. If you are interested you can lurk our github project page and have a look at the issues and PRs.

A tunneled download will have all the bittorrent traffic tunneled through the tunnel community and will download from both hidden seeders and the plain internet via exit nodes. The rest of Tribler’s traffic is still plain text (searches, torrent collecting, channel discovery and synchronization, etc.).

Apparently we aren’t the only ones, but there’s very very few that aren’t ours and we probably provide the vast majority of the available bandwidth.

Re take over: It depends on how many hops you put in between you and the exit node, and who is controlling those :slight_smile: In principle the more hops you add, the harder is for the traffic to get traced back you, but it gets slower and slower.

Also, although we do the best we can with the resources this is still experimental code, so have that in mind before putting too much trust on it.

Not that I know of.

I would like to know that too :smiley:

We used to have a http://statistics.tribler.org site with some numbers and graphs, but it wasn’t maintained and it ended up breaking. I’m currently working in restoring that site so we can get a better idea.

There’s some download stats:
http://www.somsubhra.com/github-release-stats/?username=tribler&repository=tribler
(pre-release download numbers are quite small, better to look at the stable releases)

#4

Thanks for the reply!
No problem with the delay I understand :slight_smile:
The problem here is, in my view, the fact that searches are still regular plain text traffic. It means that someone in the same wifi connection, or my ISP could see what I have been searching for and therefore would have a good idea of what I am downloading.
Are there any plans to change that? Make tribler work in a totally private way? Even if not anonymous.
Kinda like, using Tor Browser you can make a youtube search in privacy and open the video in privacy. Is there any plans on doing that in tribler too?

some possible solutions would be:

  1. having peers doing searches and building a “index” that could be downloaded as a torrent itself, the search would be done locally then.
  2. have mirrors in long lived nodes so that the search could be done using https.
  3. maybe use a onion service to work as index, and use regular tor to access it?

Thanks for the info anyway, I hope to see improvements in the near future :slight_smile:

#5

Yes that’s right.

More stuff could be moved over to happen through the tunnel community or at least all the traffic between nodes could be encrypted. That wouldn’t help with the scenario where you send the request to a malicious node but it would probably be easier to implement in the meanwhile.

This is sort of happening right now: Tribler is constantly collecting content from other peers it stumbles upon, so when you do a search, the results are a mix of the contents in your database (be it from channels you joined or from randomly collected content) and from online requests.

Maybe an “local” search mode could be implemented without much work. This way you would only get results from your database, so there would be less leakage of information.

I also wanted to see if now that we use a LevelDB database to store the collected torrent files maybe it would be possible to raise the number of collected torrents from 50.000 to something higher without performance suffering too much. That would make local searches give more results right away.

That would defeat the whole purpose of Tribler :slight_smile: But with the upcoming Tribler 7 which will have Tribler running as a service with the GUI becoming optional and replaceable. A Web app could be built to make a normal looking site that runs Tribler on the background allowing you to do searches there and do the actual downloads on your local Torrent instance.

See the previous answer. The same could be done, but then hosted on a hidden service.

Yeah, not going as fast as we would like due to being understaffed, but we always welcome contributions.