Implement Protocol Encryption (PE/MSE)

[transitive-bullshit]

Protocol encryption (PE) aka message stream encryption (MSE) is a bittorrent extension to enhance privacy and confidentiality, effectively making bittorrent traffic harder to identify and throttle by ISPs.

Note that there is no official BEP describing protocol encryption, but it is widely supported by all the top clients.

At a high level, there are two different levels of bittorrent encryption that exist, namely those which only encrypt bittorent headers, and stronger encryption such as RC4 which encrypts the entire stream. I'm guessing that webtorrent will want to eventually support both, but I'd recommend implementing the header-level encryption first since webtorrent is already heavily burdened by all the SHA1 hashes going on.

bittorrent-clients should accept encryption options similar to those described here; e.g., encrypted connections should be either disabled, enabled and optional (e.g. prefer encryption but fallback to unencrypted if the remote peer doesn't support encryption), or enabled and forced (e.g., only connect to peers supporting encryption).

Resources:

• Bittorrent protocol encryption on Wikipedia
• Sourceforge article on MSE
• MSE in Vuze

[feross]

This is important for webtorrent.app, but less important for webtorrent.js since WebRTC already automatically encrypts data streams. I don't think ISPs will be throttling WebRTC any time soon.

[NumDeP]

I don't mean to come across as rude but how is it that this has taken around 4 years?

[feross]

@NumDeP We are an all-volunteer team with limited time. In open source, if you see a problem that needs fixing, it's your job to fix it! No whining, please.

As it turns out, some nice folks have submitted PRs to fix this:

#1384
webtorrent/bittorrent-protocol#36

[NumDeP]

Hi @feross

When I initially came across this issue and wanted to continue using the product as I liked it's functionality compared to others (not to mention the partnership with Brave), I wanted to very briefly discuss with you something I had in mind with a freelance cryptographer surrounding the encryption feature and propose whether you like Tribler or Joystream and perhaps contemplate combining the solution/s because other torrent clients that have been for quite a while such as Bitcomet and Deluge are good services but don't receive the support they deserve and there's way too many services available which unlike Webtorrent are feature heavy and I thought it would have been an excellent way to support Webtorrent in the end.

I'm sorry to say that my earlier comment wasn't meant to be jaded at all :(

[feross]

@NumDeP Thanks for explaining, no worries. It's hard to read tone of voice over text. I'm sorry for assuming your tone was rude. No hard feelings ❤️

[heri16]

Any reason why the PRs have not been merged?

[fijiwebdesign]

I don't think ISPs will be throttling WebRTC any time soon.

UAE blocks WebRTC to control the Voip. I think encryption will NOT mitigate it since I vaguely remember peers not able to establish connections. This went on and off in the few years I was there.

I can't remember but there was 1 other country I had the same issue. It would be nice if a reproducible test could be put in place either using proxies? or tested by users on different ISPs?

This is important for webtorrent.app, but less important for webtorrent.js since WebRTC already automatically encrypts data streams.

Would be beneficial since there are a lot more countries monitoring/filtering/throttling BitTorrent traffic.

[jimmywarting]

UAE blocks WebRTC

That's stupid. Nobody should be allowed to control the internet. Damm those who go against net neutrality.

[NumDeP]

Shadowsocks is a feature in this service https://mullvad.net/en/guides/intro-shadowsocks/ I wonder if it would it be possible to implement into webtorrent when it becomes obvious that the software, either standalone or in Brave-Browser isn't working due to ISP or nation states.

In addition, @figiwebdesign why didn't you just utilise a VPN to mitigate this yourself?

Here's the open source link to the feature - https://github.com/mullvad/shadowsocks-rust

[fijiwebdesign]

In addition, @figiwebdesign why didn't you just utilise a VPN to mitigate this yourself?

@NumDeP Sure, but isn't really a solution for everyone. Baking something into WebTorrent is much better.

Note:

VPNs are banned in some countries - https://thebestvpn.com/are-vpns-legal-banned-countries/

For UAE specifically here is an extract:

A punishment of temporary imprisonment and a fine of not less than AED 500,000 and not more than AED 2,000,000, or either of these two penalties, shall be imposed on whoever uses a fraudulent computer network protocol address by using a false address or a third-party address or by any other means for the purpose of committing a crime or preventing its discovery.