
WebTorrent – BitTorrent over WebRTC - Doolwind
https://webtorrent.io/
======
mmcclure
I feel like I've seen this pop up a few times now, but this is really, really
cool stuff. The only thing that concerns me about the growing popularity of
using WebRTC is the security concerns around unknowingly joining a p2p network
like this for potentially any site you visit. It's not hard to imagine what a
bad actor could do to content before passing it along, or more simply, the
fact that your true IP is exposed.

Curmudgeony security issues aside, this undeniably feels like The Future™ and
a big deal to watch out for. It's also one of those cases where a creator /
maintainer makes a huge difference for long term viability in my opinion.
Feross is crazy smart and has been working with all the related tech for a
while now (via PeerCDN, Instant.io, etc, etc), and is just an all around
respectful, nice guy, which is important for the continued development /
community aspect.

~~~
MCRed
Seems like this is an opportunity for a tor like network over a webRTC peer to
peer network, maybe? (Dunno maybe that's a bad idea for some reason...)

~~~
bb88
Why Tor-like? Why not just Tor? Seems like a great way for people to send
messages that don't involve a cloud-based server.

~~~
dcposch
Same reason webtorrent isn't quite bittorrent. WebRTC gives you P2P in a
webapp, but it doesn't let you connect to arbitrary hosts and ports.

You could have an onion routing protocol derived from tor or i2p that uses the
webrtc data channel. You could even, like webtorrent, have the concept of
hybrid nodes that existing network to the new webrtc-based one.

------
lambdacomplete
Amazing project, really! But _please_ , for the sake of users (like me) who
live in countries where ISPs set a "quota" on DSL connections: ask the users
whether they want to start downloading Sintel before doing so :) Now I'm
afraid of opening the website again.

~~~
feross
Author of WebTorrent here. Sorry for surprising you with a large download. To
be fair, YouTube autoplays videos too, and the video size is comparable.

Good news, though! Looks like we can use detect users on a metered connection
with `navigator.connection`, or worst case look for a mobile user agent.
Thanks for the feedback!

~~~
notalaser
Or, you know, you could ask users if they want to download it :-).

It seems to be done as a demo right now. Why not just add a big red "click
here for a demo" thing?

There are very few things that you can reliably find out over the web. Whether
or not a connection is metered isn't one of them.

~~~
rmc
Or a "The download will begin in 10 seconds. Press the pause button to stop
it"

------
imrehg
Does this site really start downloading a 124MB torrent right after opening
the page (sintel.torrent)? If so, why would that be a good idea to do?

~~~
technoblue
It's a relatively small download (for desktop) and it demonstrates its
simplicity.

~~~
thegenius2000
120MB is no small deal when you're using a 50MB data bundle on a crappy Kenyan
ISP, on your phone. There should definitely be a prompt, I just lost half my
day's data (before I stopped it).

Edit: changed "your" to "you're" ;)

~~~
dabeeeenster
WHAT? You mean you're not sat in a cafe in San Francisco?

~~~
user_0001
oh the horror, the horror!

------
erikpukinskis
This makes me so happy. If we can get good support for WebRTC and getUserMedia
the web will be able to keep going as a decent platform for apps.

[http://caniuse.com/#feat=stream](http://caniuse.com/#feat=stream)

[http://caniuse.com/#feat=rtcpeerconnection](http://caniuse.com/#feat=rtcpeerconnection)

We're really at the mercy of open platform-minded engineers at Google, Apple
and Microsoft though! I wonder what we can do to help support those folks.

~~~
sadgit
Well, there's also Mozilla.

------
currysausage
Very curious about the legal implications if every site that I visit can
transfer files to unknown peers in the background. P2P is, AFAIK, a big source
of costly cease-and-desist orders in Germany. With WebTorrent, I guess I could
tell the right holder to bring the matter to court and plausibly state that
some malicious ad iframe must have distributed that MKV without my knowledge.

~~~
iofj
Not just that, but why wouldn't ads start using your bandwith for this sort of
thing ? Do you get a legal claim for your bandwith costs (especially on
mobile) against the site owner for doing this without your permission ?

Do you get a claim against your browser maker ?

~~~
Myrth
Is there a difference between using bandwidth this way, or loading say 150MB
image? (bandwidth costs wise)

~~~
iofj
I would certainly say yes. They're using your bandwidth to serve another one
of their customers, for free, without compensating you in any way.

Whereas loading a 150MB image from their server is using their bandwidth (that
they're paying for) to serve you.

Legally, I have no idea. Morally, it'd be nice if they at least asked and
actually had a working site if you say "no".

------
TheAceOfHearts
You can try out WebTorrent at Instant.io[0]. It's probably the easiest ways to
share files with someone, as long as both people have modern browsers.

Unfortunately, after a certain file size it'll just crash your browser. It'd
be great if there was a way to work with large (+2GB) files.

[0] [https://instant.io/](https://instant.io/)

------
taylorhou
Very interesting. Figured the day would come but the dev finally did it. Re-
decentralizing the web is a great goal and with simple demonstrations like
yours, we'll get there! Cheers mate

------
lelandbatey
This seems very interesting already! I now have some more technical questions:

\- Where is the downloaded data being stored? With a traditional bittorrent
client I the data is written to disk. Since JS doesn't make raw disk access
available, I'm assuming it's being kept track of in through some js api that
tells the browser to store this data. What API is it using?

\- Even when I finish downloading the video, the player doesn't allow me to
seek to random positions in the video. It displays a "this is how much is
buffered"[0] bar that is way smaller than the green bar at the top of the page
indicating download progress. Why is this the case?

\- As you can see in the screenshot[0], there's lots of nodes that are labeled
with ip addresses that are not visible to my computer at all. Is this because
the displayed ip addresses are self reported?

[0] - [http://nacr.us/media/pics/screenshots/screenshot--
17-46-37-2...](http://nacr.us/media/pics/screenshots/screenshot--
17-46-37-2016.png)

~~~
jsprogrammer
Presumably the data is stored in RAM (or potentially on a swap disk) by the
browser. Most likely they are feeding the data into the Media Source
Extensions [0] APIs.

I'm not sure why you can't seek to random positions. It seemed to work for me,
after a few second delay (presumably to issue commands to start downloading
different blocks).

Those IP addresses are private network addresses. The machine you are
connected to is probably behind a NAT and is connected to you through a
different address. The UI is probably just showing the local address that that
node reports.

[0] [https://w3c.github.io/media-source/](https://w3c.github.io/media-source/)

------
johnchristopher
Question: I see there are some local network IP addresses in the graph ? I
suppose external IP addresses are hidden for privacy/security purpose but how
well are there hidden ?

Anther question: How do I open the file once downloaded ? (I use ublock,
should the file be displayed in the rectangular area next to the graph ?

------
kentbrew
Page wants just a tiny bit of explanation about what's going on. Firefox
43.0.4 doesn't play the movie; it just sits there with a black box.

~~~
tasqa
I've had the same issue. It seems h264 support is turned off by default in
FF43. Just go to about:config and set

media.peerconnection.video.h264_enabled => true

------
yAnonymous
That's great, but BitTorrent over JS is also dangerous, at least where I live.

C/D letters come with a 200-1000 € fee depending on the content and now it's
trivial to make someone download stuff illegally in the background.

~~~
Sujan
See it the other way around:

One big website in your country could implement this in the background with a
list of know "C/D letters" triggering torrents, and the business model of
these C/D letter writing laywers would be broken in half a year. Because if
they target people that really didn't download anything knowingly, they will
get lawyers themselves and go to court. And when the courts figure out that
the old way of "proving" a download doesn't work any more, the business modell
is broken.

Unfortunately there is collateral damage :/

~~~
yAnonymous
In theory, yes, but you have no idea how incompetent German courts are. They
believe everything copyright holders feed them.

There was a similar case last year that, fortunately, went very badly for the
copyright attourneys. Thousands of users were redirected from an ad to
copyrighted porn videos and then C/D'd. The attourneys got into a lot of
trouble and even lost their license, but their clients still ran off with the
money.

The case was only reviewed when it got media attention, but using torrents
makes it even more difficult to prove the scam.

~~~
Sujan
Believe me, I have a pretty good idea how competent or incompetent German
courts are.

Still, you're right. This would only work at scale, after quite a long time
and cause a lot of damage on the way. The website implementing this would
probably also get sued into the ground.

Better get a Netflix subscription and/or install Kodi on some FireTV
thingie...

------
magicmu
What a coincidence, I was just playing with this for the first time last
weekend! They also have an npm package that can be used for both torrent
streaming via node and the browser
([https://www.npmjs.com/package/webtorrent](https://www.npmjs.com/package/webtorrent)).
Awesome project.

------
liamzebedee
WebRTC __requires __the use of a centralised signalling server for the initial
connection between two peers. I feel many miss this point when reading about
WebRTC-enabled projects. Even if you do have Universal Plug and Play which
port forwards automatically (and thus you can communicate directly between two
peers), you still need this centralised signalling server.

Correct me if I'm wrong, but this poses a problem if you ever want to take
WebRTC further (i.e. in a self-hosted mesh network).

~~~
chc4
You need a server for holepunching/STUN via IPv4, but not for IPv6 since each
client has a unique IP instead of being behind the router's address.

~~~
liamzebedee
I've setup Minecraft/web servers which required no server for holepunching.
Just plain old IPv4 with port forwarding.

~~~
chc4
The "with port forwarding" is the problem there. That assumes you have access
to your NAT resolver to add the rule, which isn't a fair assumption to hold.
People at colleges, businesses, hosted events, etc. need to do NAT traversal
(or be on IPv6) in order to do P2P.

I didn't see that you mentioned UPnP in the OP though, sorry. I'd assume
downloading metadata from a signalling server if you don't need it for
traversal is completely optional - most P2P networks have an initial list of
peers to connect to to bootstrap new clients.

------
rtkwe
Interesting, if the player never starts you never connect to additional peers.
I'm running this in firefox 43 with flash disabled and the video never starts.

------
rasz_pl
1 Pretends to work on a browser not supporting WebRTC. This got me thinking so
I went to webrtc.org and all the examples/samples also pretend to work and/or
fail silently - is WebRTC API really not able to even ascertain level of
support of the running browser? .. looked under the hood and found
[https://webtorrent.io/bundle.js](https://webtorrent.io/bundle.js): throw new
Error('No WebRTC support: Not a supported browser'), so it definitely can, but
fails to catch those errors and do anything/inform user.

2 looked at network traffic and it seems to open separate TLS sessions per
transferred data packet, not the most optimal thing to do, might be an
artefact of being hosted on https. Probably a cpu bottleneck right there.

3 doesnt store anywhere (local/session storage).

------
janpieterz
Interesting, I'd be curious to some speed tests. I was seeding to around 22
peers for a while but did not get over 5Mbps up, while my internet connection
is capable of around 530Mbps. Wondering if this was an inherent WebTorrent
problem or simply that not enough people were online with strong connections.

------
_98fj
Like many, I thought about this since a couple of years.

My idea was a browser-plugin for youtube, that would take the downloaded video
and start seeding it. On the other side, if a video has been blocked by YT, it
would automatically use the torrent version.

------
jaysoncena
How come the download was already completed but the video only buffered around
50%?

------
throwaway13337
Can't wait to see a popcorn time in the browser. :)

------
franciscop
I was toying with the idea of doing something like this a couple of days ago,
but two things stopped me:

\- No support even in modern browsers by default [1]

\- Don't want to [maybe] get into legal troubles if it's wrongly used

[1] [http://caniuse.com/#search=webrtc](http://caniuse.com/#search=webrtc)

PS, apparently the caniuse info was wrong, since now it appears in green

------
buzzdenver
What is the animation on the left full of RFC 1918 addresses ? I assume those
are really NAT-ed at some point, aren't they ?

~~~
seba_dos1
That's what caught my eye as well. I didn't know that was possible to get via
the browser and started to think about its implications. I wonder if exposing
private IP to any website is a very good idea when router firmwares have all
sorts of basic security bugs in their web panels.

~~~
ribasushi
There is also [https://github.com/diafygi/webrtc-
ips](https://github.com/diafygi/webrtc-ips) ( harmless(?) demo here:
[https://diafygi.github.io/webrtc-ips/](https://diafygi.github.io/webrtc-ips/)
)

------
edpichler
Very cool, but what annoys me is it starting the p2p download and upload
without asking authorization?

------
devilsbabe
Other companies like [http://streamroot.io/](http://streamroot.io/) are also
using WebRTC to help content hosting sites like YouTube and Netflix deliver
VOD and live streams. Really exciting!

------
ferongr
>Error: No WebRTC support: Not a supported browser

Funny, Fx44 does support WebRTC

------
nik736
If I use Safari on that site it's just downloading from your server, right?
Since Safari doesn't support WebRTC.

------
leoplct
Looking forward to see Popcorn time on WebRTC

------
vonklaus
it is so fucking obvious that this idea is exactly how browsers will work in
the future. A browser is going to just be something like node-
webkit/webkit/electron etc. so compatability won't be an issue, then you just
connect to a ton of different clients that are running narrow crawls of shit
you are searching for. The browser will then not take you to the page, but
just display the information directly without loading a shit ton of js.

You can tag or organize the data locally and cache it, or return it sorted to
the nodes which serve it to others. People don't give a shit about webpages
for search, they care about information. The web is a big rss feed, and our
old feedreader "google" stopped doing that well, and also we pay a massive
privacy tax for that now.

I see this happening in ~2 years for really techie people and being standard
in 5.

edit: elastic search, webkit, real time, distributed file systems, apache
spark, google tensor flow. These ingredients will be used to make the new
browser which browses information and _returns that information_ not the
actual web pages.

~~~
jsprogrammer
Yes, but there is no reason to wait ~2 years. It can be built now.

~~~
vonklaus
obviously. I think it will become mainstream with technological people in 2
years. It will take time to, of course, actually be built. Then, have enough
data fed into it to actually be useful. That will take about 2 years(ish).

------
ericfrederich
How does this project differ from ipfs?

------
andreapaiola
Nice tech!

------
jsprogrammer
Nice demo.

------
gionn
are you a wizard?

------
knocte
WebRTC will anyway become obsolete with IPv6, right?

~~~
teddyh
No. For security reasons, nobody wants Javascript to be able to open actual
TCP connections – Javascript is supposed to be sandboxed, and if it can open
TCP connections it can do any number of malicious things. So this whole
Websockets thing have been invented, which is _just like_ TCP sockets, except
it’s understood that Javascript can access it, so nobody should implement any
service accessible on a Websocket which could be misused by malicious
Javascript. I’m not sure this is a solid plan.

------
Nux
-1

Complains it cannot play the file for not having Chrome with Mediasource. Why
not serve an ogg or webm for crying out loud?

Also, why auto-start the download?!

After the download is finished, where can I watch the video? There's no link
for watching it anywhere.

If I refresh the page the download starts again.

I realise this is just an experiment and kudos for that, but the author could
have made some better choices re above.

