

Eureka? Node-webkit + bittorent == censorship resistant web-app platform - SchizoDuckie

While in bed late last night, pondering the impact and next logical step in the cat-and-mouse of the ever more common takedowns on github and domain names that are used to distribute applications like Popcorn Time, I believe I&#x27;ve had a massive brainwave that I&#x27;d like some input on.<p>&gt; The Net interprets censorship as damage and routes around it<p>With that in mind, what if somebody were to create a simple cross-platform application shell based on node-webkit with a Javascript Torrent Client integrated, and just one input box that a user would paste a magnet link &#x2F; Torrent Hash into?<p>The application would then resolve the info hash back into a magnet link, connect to the Torrent Network and download the new application payload.<p>After the download is done, reload the shell application with the newly downloaded payload as init target, and voila, you&#x27;re running the application. As long as there are seeds in the network, anybody would have access to the application and it can never be taken down.<p>A simple extension to the package.json format already used in node-webkit based applications could include screenshots and stuff directly embedded inside the torrent and show the user a preview of what they&#x27;re downloading (these would be downloaded first by the shell)<p>No domains to block, no repositories to block, and all the power of the BitTorrent network for peer to peer distribution.<p>Tell me what you think, I&#x27;ll prototype it if i&#x27;m not completely missing something very important.
======
rakoo
I don't know how node-webkit works exactly, but npm uses CouchDB to store the
packages definition. If node-webkit works the same (ie you can publish the
application on the npm registry), you can replicate the registry (or part of
it) on other places, and redirect your local node-webkit installer on those
replicas.

These replicas don't need to be CouchDB instances, they just need to speak its
protocol. Fortunately for you there's an excellent package that does that:
PouchDB ([http://pouchdb.com/](http://pouchdb.com/)), which you can use as a
library (so you don't need to install another server) in your node.js
application.

Finally, when the user wants to install the application that is published on
the npm registry, it would have to get some kind of signature from the
registry, and then pick any mirror to download the content from. This is a
very important step: there must be a way for the user to make sure what he
downloads is legit. One can assume if it's on the npm registry then it is.

This is not bittorrent, but it's much more integrated in the current
environment which means less hacking to do.

~~~
SchizoDuckie
The thing with central registries is that they're central points of failure /
censorship targets.

The main driving thought about this is making sure that outlawed/censored
software can be accessed via an unblockable channel wether it's been banned or
not.

Integrity verification is a good point, the shell application could do
something with that possibily (verifying crc / a pgp hash somehow perhaps)

~~~
rakoo
Sure, having no central point sounds like the better think to have, but then
how do you provide authenticity ? That's the main problem you're going to face
if it starts being popular. You need either trusted sources that can provide
you with the correct infohash/pgp signature/whatever, which are the easiest
thing to do, or you need some kind of p2p consensus system in which peers
"vote" in some way so you can be fairly certain of authenticity. Tribler has
made a lot things in this domain, maybe you should check it out.

------
lollipop25
Some things I might not be getting:

> As long as there are seeds in the network

There's one problem. Like all other P2P, when people find it not interesting,
they stop seeding and it will naturally die.

> all the power of the BitTorrent network for peer to peer distribution

How does the application determine who's the single source of truth?

> No domains to block, no repositories to block

But how does one discover the hash/magnet link? Search over P2P I guess?

> node-webkit with a Javascript Torrent Client integrated

One can craft a program, a special browser like Tor Browser using C++ or
something. Any particular reason why JS?

Just my 2 cents. I find the idea interesting yet needs polish.

~~~
SchizoDuckie
> There's one problem. Like all other P2P, when people find it not
> interesting, they stop seeding and it will naturally die.

That's true, this idea works best when people actually want to access the
program

> How does the application determine who's the single source of truth?

Just by inputting the torrent itself. If the torrent changes, so does the
magnet hash

> But how does one discover the hash/magnet link? Search over P2P I guess?

Hashes can be distributed by any means already available:
facebook,twitter,websites, pen and paper, etc.

> One can craft a program, a special browser like Tor Browser using C++ or
> something. Any particular reason why JS?

Not particularly, mostly ease-of-use and cross-platform abilities readily
available. This same idea can work on any stack ofcourse

> Just my 2 cents. I find the idea interesting yet needs polish.

Thanks, that was why I came here :)

------
pinkyand
What's the big difference from downloading a cross-platform app using torrents
?

~~~
SchizoDuckie
The big difference is that this is a runtime at the same time for html5/nodejs
based apps, allowing developers to just distribute some html + js + assets
instead of having to wrap it in node-webkit themselves (which is the same code
you're downloading every time basically)

