_serverless_ file sharing says title, yet the technology "requires a HTTP server". "Its completely anonymous as no data is ever stored on the server". Incorrect, only mild protection against sniffing and spoofing is provided.
The underlying code documentations speaks of "This makes it perfect for anonymity": https://github.com/ShirsenduK/WhatAreYouDownloading/tree/mas...
No PKI is linked or included. Proxy service or Sender/receiver unlinkability is not provided. The used WebRTC technology limits UDP/TCP listen sockets. Browser constraints mean WebRTC offers a severely limited experience. For instance, the state of the art in UDP NAT traversal using the neighbor-invite method (beyond STUN/TURN) is not possible.
Rant Disclaimer: As an academic working on a real deployed zero-server P2P technology for 7 years, this sort of claims are a bit upsetting. Zero-server file sharing systems, with a proven effective spam/pollution prevention mechanism have been proven to be extremely difficult to build. (e.g. no-spam version of Kazaa,Gnutella) See,
https://torrentfreak.com/tribler-makes-bittorrent-impossible...
Tribler research group created an upcoming IETF Internet Standard on sharing/streaming which features integrated NAT/firewall puncturing (IETF PPSP work). Compliant IETF PPSP implementations are capable of doing HD-quality streaming, both on-demand and live streaming: https://datatracker.ietf.org/doc/draft-ietf-ppsp-peer-protoc...
Sorry for the misleading title. By serverless I meant direct browser to browser file transfer with no server in between. Files are transferred directly. We need the HTTP Server to host the static webpage which facilitates the bridge. After all, its a browser based solution you need a page to visit. :). Services file dropbox can be used to host the static files and everyone can setup their own file transfer service. With services like WebDHT coming up each of these shares can communicate.
Just read about Tribler, it sounds really interesting. All the best with it.
This, Tribler and countless other solutions will make the internet what it was meant to be, a decentralized, fault-tolorent network for information exchange. Thanks!
Indeed interesting demo of browser-to-browser downloading, very light. Anybody can start a Napster-style service: it only needs a webserver+JavaScript (or trust a tamper-free copy). WebDHT is fascinating, is it leeching of a KAD overlay or can they also fully serve all incoming requests? (due to listen socket limit)
WebRTC defines a FTP-like 1-to-1 transfer. Would Bittorrent-like swarming be possible in WebP2P?
Strictly speaking, PPSP is a swarm transport protocol ("give me that data over IP, UDP or what have you, use any source available"). I mean, "sharing" is a concept unrelated to the TCP/IP stack thus PPSP is not a sharing standard.
For example, it is easy to imagine HTTP over PPSP (instead of TCP) -- which is essentially a serverless Web.
By "any source available" I meant Sec 3.10. "Peer Address Exchange".
HTTP over PPSP is a weekend project as long as we mean good old static HTML Web.
By the way, what is the current public repo for TUD PPSP?
This currently works only on the latest browsers; like Chrome 24 on the desktop. Its still not 100% stable. Stability and support for other platforms will soon arrive through browsers updates and polyfills.
Chrome v26 has native DataChannels, but I didn't have time to update my polyfill and also it gave me problem the last time I tried it, so I'm waiting until it gets out of Canary.
Yes: I developed DataChannel-polyfill, the first working implementation of the DataChannels specification, too... :-)
Hummm. I've found that same-origin policy annoying on occasion but always assumed it was there for good reason and that it was important my browser couldn't just open sockets to any old machine.
Was I wrong? Was that not important? Did I go though all that pain for nothing?
Well, the tech is for every website to be used, as a visitor to the site that may or may not benefit me. I think that was the reason for the same-origin policy and is, probably the source of concern of the OP.
Personally, I use NoScript and RequestPolicy to deal with it. After all, just because JavaScript exists does not mean I want any random website to execute arbitrary code on my machine (especially not with WebRTC).
Experience has shown that many users just grant such access when prompted, without thinking about it.
Prompts like that also do absolutely nothing to stop malicious use, hidden under a facade of legitimacy. For example, somebody could put together a demo purportedly showing "serverless pure JavaScript P2P file sharing in the browser" solely to trick people into using something harmful. (I'm not saying that's necessarily going on here, of course.)
Why is everyone thinking about torrenting in browsers? I want a service where I can select a sensitive file, give my associate a link, and have that file transferred between our two computers without ever reaching an intermediate server.
Does anyone know of a service like that, easy enough for my father to use?
Great, I'll give it a go soon. I had a look but it can only share folders, not a single file. Otherwise, a very useful service!
EDIT: And it's all static HTML, fantastic! I just hosted it on my server, although there doesn't seem to be much of a reason to do that, since it's all static! Thanks a lot for this.
I worked REALLY HARD to make it all statil HTML and Javascript, and I'm still working hard to remove the handshake servers... Any help here will be greatly welcome :-)
Hmm, who runs the handshake servers, and how can you remove them? Unfortunately I haven't managed to get the app to run, but it sounds fantastic in theory...
Currently I'm using PubNub as a "pool of peers", where a new peer connect and send a "presence" message that's listened by the previous peers, that then send a SDP offer to that new guy. Later, it keeps waiting some time sending offers to the new guys, and when it has several connections (from older and newer peers) it disconnect and start to search for new peers only over the WebP2P network.
Ideally, I would like to use something more "agnostic" like SIP or XMPP, but didn't be able yet to do it in an anonimous way, since both protocols require to create accounts somewhere that later when you register on a SIP or XMPP server it ask to confirm that you exists, so goodbye anonimity :-(
I don't know how Gnutella works, but it's good to know! :-)
EDIT: Ok, I have just read about Gnutella design on wikipedia and although in the past I didn't understand anything (I never was too much into P2P programs since I had internet from neighbours wifi...) now I can say that yes, both Gnutella and ShareIt!/WebP2P has a lot of things on common about their purposses and how it's designed, although just by serendipity :-P This definitely it's not bad, since I can be able to learn from their errors and also I would be able to propose to extend Gnutella to support DataChannels & HTTP as transport layer, so everybody wins :-D
You are true. DataChannels are encripted by spec, and WebSockets are also being cyphered. I've taken security and anonimity as far as I could (I'm not a security nor frontend guy... :-P )
_serverless_ file sharing says title, yet the technology "requires a HTTP server". "Its completely anonymous as no data is ever stored on the server". Incorrect, only mild protection against sniffing and spoofing is provided.
The underlying code documentations speaks of "This makes it perfect for anonymity": https://github.com/ShirsenduK/WhatAreYouDownloading/tree/mas... No PKI is linked or included. Proxy service or Sender/receiver unlinkability is not provided. The used WebRTC technology limits UDP/TCP listen sockets. Browser constraints mean WebRTC offers a severely limited experience. For instance, the state of the art in UDP NAT traversal using the neighbor-invite method (beyond STUN/TURN) is not possible.
Rant Disclaimer: As an academic working on a real deployed zero-server P2P technology for 7 years, this sort of claims are a bit upsetting. Zero-server file sharing systems, with a proven effective spam/pollution prevention mechanism have been proven to be extremely difficult to build. (e.g. no-spam version of Kazaa,Gnutella) See, https://torrentfreak.com/tribler-makes-bittorrent-impossible... Tribler research group created an upcoming IETF Internet Standard on sharing/streaming which features integrated NAT/firewall puncturing (IETF PPSP work). Compliant IETF PPSP implementations are capable of doing HD-quality streaming, both on-demand and live streaming: https://datatracker.ietf.org/doc/draft-ietf-ppsp-peer-protoc...