WebTorrent should warn users of potential privacy risks

[diracdeltas]

Currently WebTorrent is integrated into Brave as an on-by-default extension. There are a couple of risks, such as:

1. ISPs can in theory distinguish WebTorrent traffic and issue copyright notices to users who are torrenting.
2. It is easy for an attacker to track what public IP addresses have downloaded which files over WebTorrent.
3. WebTorrent uses WebRTC, which may leak your local IP address.

(2) is probably the biggest concern. It means that if you click on a .torrent or magnet file in Brave, you are at risk of publicly broadcasting that your IP address is downloading that file (or the IP address of your VPN, etc.). This may not be a concern for users who are torrenting .ISO files or the full text of wikipedia or other such non-sensitive content, but it may present a serious privacy hazard for people who are downloading things like adult content.

I think our options are:

1. Keep WebTorrent enabled by default, but show a disclaimer about the privacy risks of torrenting before the torrent starts.
2. Disable WebTorrent by default, and assume that the users who enable it are aware of the privacy risks.

cc @flamsmark @feross @dcposch

[diracdeltas]

There's currently a disclaimer but it only warns of the legal risks, not privacy ones:

[diracdeltas]

how about: Starting a torrent makes the data available to other users by means of upload. Your IP address may be publicly associated with the torrented file, which means others may know what files you have torrented. You are responsible for understanding the privacy and legal risks of torrenting.

in black bold letters instead of grey.

Also I suggest replacing "Start Download(ing)" with "Start Torrenting" to make it more clear that it's going to torrent the file, not just save it locally over HTTP.

[feross]

1. Yes, ISPs that do deep packet inspection can see that you're using torrents. That's almost certainly not a problem; torrents are just a transport protocol. However, if you're torrenting copyrighted content it's possible that the copyright owner will observe that (see below) and send your ISP a copyright complaint.

2. Yes, to download a torrent you basically shout to the world "Hey everyone, I'm downloading file X, please send me it!" This is also true of IPFS and Dat (as far as I'm aware) and it's not easy to mitigate. In a peer-to-peer system, you basically have to tell peers what data you want so they can give it to you.

3. WebTorrent does not uses WebRTC in Brave since the WebTorrent process is not a renderer process so WebRTC was not available there. Brave just does traditional BitTorrent over TCP/UDP.

As for the button text, how about "Start Torrent"? I think that sounds better than "Start Torrenting" and conveys to point that it's not a normal download.

[diracdeltas]

@feross thanks for the replies! I didn't realize (3), that's great. Another question that @flamsmark had (sorry if you already saw it in Slack): do we need to point out to users that they should abide by their local laws when torrenting (for legal or other reasons)? Tom points out, "It sounds like we assume that folks generally use torrents for no good. I don’t think that’s the case, and I don’t think we should suggest that it is."

Re: button text, I changed it to 'Start Torrent' in the PR

[feross]

@diracdeltas That phrasing was copied from the window that Transmission shows when you first open the app. I thought it was prudent to include it (to be safe) but I agree with @flamsmark that torrents have many uses that are perfectly legal. If the phrasing implies that torrents are mainly used for ill, let's remove it. FWIW, WebTorrent Desktop doesn't include such phrasing but IANAL.

[feross]

@diracdeltas Also, I think the correct path forward is your first choice:

1. Keep WebTorrent enabled by default, but show a disclaimer about the privacy risks of torrenting before the torrent starts.

I think it's important that Brave never starts torrenting without the user explicitly asking it to. Which is why we designed the interstitial page with the "Start Torrent" button. IMO, there are sufficiently many steps to start a torrent that no one should be doing it accidentally and disabling the extension by default would make it a lot harder to discover the torrent functionality in Brave.

[diracdeltas]

@feross yup i think we have consensus on Option 1. i will remove the legal disclaimer from the PR

[LaurenWags]

MacOS: