
Webtorrent – BitTorrent over WebRTC - rvikmanis
https://github.com/feross/webtorrent
======
chc4
I've been using [https://instant.io/](https://instant.io/) a bit to share
files with people. You don't have to care about captchas or size thresholds
because you aren't storing anything on the server, except for the tracker
file. The more people that download and stay on the page, the faster it will
be for everyone else too.

Of course, it's not perfect. It appears to try and load the entire file to
memory to seed, which makes sense, but that means you can't transfer a 1GB
file without using 1GB of RAM...

~~~
wdewind
I use [http://www.put.io](http://www.put.io) for this and highly recommend it.
If someone has already downloaded the tracker you are trying to get you get it
instantly, so for anything even vaguely popular you are able to get it (or
after the first person downloads the file the rest are just pulling directly
from S3). They also have great customer service, ios and chromecast apps etc.

~~~
toomuchtodo
Someone has a swank Mac menubar app for Putio that's a browser helper; any
magnet or regular torrent file gets added to your put.io queue simply by
clicking the link within your browser.

~~~
wdewind
Oh I didn't know that, sounds like this:

[https://github.com/nicoSWD/put.io-
adder/blob/master/README.m...](https://github.com/nicoSWD/put.io-
adder/blob/master/README.md)

thanks, I'll try it out.

~~~
toomuchtodo
That'd be it!

------
griffinmb
If anyone feels like testing it out, I was actually just playing with
webtorrent a couple days ago: [https://stark-
springs-9580.herokuapp.com/](https://stark-springs-9580.herokuapp.com/)

It's very basic, and doesn't have proper error messaging. Would recommend only
attempting to stream mp4 (h264) if you're giving it a shot.

~~~
Fastidious
Do you have this code on GitHub? Would love to take a look!

~~~
griffinmb
I don't, unfortunately. The webtorrent docs are very straightforward though.
And if you check their npm, they provide a link to cdn hosted source!

Note: sorry for any grammar issues, on mobile now

------
anarcat
this reminds me of [http://ipfs.io/](http://ipfs.io/) although IPFS doesn't
run natively in the browser (it's a go app) and has much wider objectives (ie.
the whole _web site_ is loaded from the swarm, not just specific media
objects, and it is trackerless, essentially).

~~~
david_ar
IPFS doesn't run natively in the browser _yet_

[https://github.com/ipfs/ipfs.js](https://github.com/ipfs/ipfs.js)

~~~
anarcat
i stand correct. this will be awesome. :)

------
jacquesm
Could a website use this to host/download torrents in the background unknown
to the user?

~~~
MichaelGG
Yep that's basically what WebRTC data channels do. And the NYT was abusing it
to get your "real" IP to fingerprint users better.

WebRTC should always be gated behind permissions. Most uses are video/audio,
which already require a prompt, so no problem. Other websites shouldn't have
this capability, so annoying users is no problem. But that's not very
palatable, as it means acknowledging that WebRTC data doesn't really belong on
the wider web.

Honestly, what are the real good uses for it outside of media? Games?
WebTorrent?

I'm rather annoyed that such a feature was deployed, giving any webpage the
ability to override my proxy settings or otherwise change the normal browser
networking behaviour.

~~~
api
Keeping features out because of privacy concerns is misguided, since it's a
lost cause. Look into browser fingerprinting. There are just so many vectors
for tracking Web browsing behavior... literally hundreds. The only way to
truly browse privately is behind a VPN or TOR from inside a virtual machine
with no non-volatile storage so that everything is wiped between each VM
execution.

Security is a legitimate concern, but the browser is already completely
exposed since it downloads and runs arbitrary code all day long.

I do have some objection to WebRTC but it's more architectural. WebRTC is
overly complex, overly monolithic, and bloated. It tries to do too many things
with one standard.

~~~
MichaelGG
Except Tor no longer works as WebRTC ignores your connection settings (in
Firefox anyways, I think). Up til now the networking for a browser has been
straightforward, now it's got a whole extra model that's unneeded by default,
yet enabled anyways.

Also, as per EFF's Panopticlick, fingerprinting isn't nearly a lost cause. And
even then it's thrown off by changing UAs due to updating versions.

~~~
pthatcherg
You can control WebRTC's network behavior, including forcing it to go through
a proxy, by using this Chrome extension:

[https://chrome.google.com/webstore/detail/webrtc-network-
lim...](https://chrome.google.com/webstore/detail/webrtc-network-
limiter/npeicpdbkakmehahjeeohfdhnlpdklia?hl=en)

It's published by the Chrome WebRTC (of which I am a member) for just that
purpose: to let you control that behavior.

~~~
MichaelGG
That's neat, but oughtn't the browser be respecting the proxy settings by
default? If tags like <img> added an "ignoreproxy" attribute, folks would be
rightfully upset, wouldn't they? So why should data channels be any different?
(Video/audio is fine as the user is notified first.)

------
raffomania
There is a gratipay account for WebTorrent if you want to support them:
[https://gratipay.com/webtorrent/](https://gratipay.com/webtorrent/)

------
vital
Looking forward to a WebTorrent-based Popcorn-Time app, itself hosted over
WebTorrent...

~~~
finnn
[http://popcorninyourbrowser.net](http://popcorninyourbrowser.net) used to be
a thing using this. As you can see, it's down, but it's certainly a
possibility

~~~
mintplant
It says right there that it used the Coinado API, not WebTorrent. Coinado does
the download on their servers and streams it over HTTP.

~~~
finnn
Ahh, i didn't know what Coinado is. I know I saw a demo that did use
webtorrent (or similar)

------
Ir0nMan
Quite a nice file sharing implementation done here:
[https://file.pizza/](https://file.pizza/)

------
jd3
sort of reminds me of that torrenttornado javascript extension by one of my
favorite Mozilla add-on developers

[https://addons.mozilla.org/en-US/seamonkey/addon/torrent-
tor...](https://addons.mozilla.org/en-US/seamonkey/addon/torrent-tornado/)

------
pepijndevos
I see one issue here. Who is going to seed? Someone keeping a web page open
after they got the download is even less likely that someone keeping their
torrent client running after they are done downloading.

~~~
diegorbaquero
I'm working on a client that helps you seed the file for a while
[http://diegorbaquero.com/bTorrent/](http://diegorbaquero.com/bTorrent/) it's
still on alpha stage

------
ChrisCinelli
Ferros did a great job with this. Full stop

------
Fastidious
Please excuse my ignorance. Is Node required for this to work?

~~~
griffinmb
Nope! Just plain JS.

~~~
avinassh
I have another question. Is it possible to write this in Python?

~~~
zanny
You can use a native webrtc library in Python to implement the webtorrent
protocol. Half the goal of the project is that desktop torrent clients can
eventually support it through webrtc helper libraries so they can act as
hybrid clients that can seed to both browser and native participants.

------
BenoitP
Server down

~~~
mburns
[https://github.com/feross/webtorrent](https://github.com/feross/webtorrent)

~~~
tracker1
Perhaps the link should be updated...

~~~
dang
Good idea. Url changed from [https://webtorrent.io/](https://webtorrent.io/),
which stopped responding.

------
J_Darnley
Why would I ever want to do this in my browser? I cannot think of a larger
waste of resources except for pdf.js.

~~~
dang
Please don't post comments that are dismissive of new work. Acerbic swipes
poison the atmosphere, and we want HN to be a place where discussion of new
work can thrive.

It's of course fine to ask what a project is for or how it addresses a
specific concern, criticize substantively, and so on, but there should always
be a baseline of respect for someone who tried something and put it out there.

~~~
J_Darnley
It isn't new. I've seen this thing at least twice before. I seem to remember
last time it even said that it couldn't interact with normal torrent clients.

~~~
voltagex_
Yes, because it requires a BEP
([http://www.bittorrent.org/beps/bep_0001.html](http://www.bittorrent.org/beps/bep_0001.html))
to be added as an "official" extension to BitTorrent. Eventually it will
happen. I'd hope that by posting it again to HN, someone might add it to their
list of things to do in their Infinite Free Time.

~~~
J_Darnley
I already have many choices of client. All of which can correctly interact
with each other. A new client come along and can't do that. Suddenly every
other client is broken. Please, this client is broken and needs fixing.

~~~
voltagex_
>Please, this client is broken and needs fixing

Good thing it's open source then.

They interact with each other _because_ of BEPs. This client is a _prototype_
and if it's successful you'll have a whole new source of peers.

And before PeX was a BEP, before Vuze had a Mainline DHT plugin, it didn't
interact with some clients either. Hell, even DHT [1] had to go through the
same BEP process. Do you expect all software to start out complete?

1:
[http://www.bittorrent.org/beps/bep_0005.html](http://www.bittorrent.org/beps/bep_0005.html)

~~~
MichaelGG
By that logic though you can say _anything_ is BitTorrent if it gets a BEP.
IPX/SPX networking only? No problem, just needs a BEP! ;) You must admit it's
certainly different to start off with a completely incompatible client, vs
just a new feature. (I do wish WebTorrent well though.)

Do you have any insight into the BT dev community as to whether WebTorrent is
likely to be picked up in other clients?

~~~
voltagex_
Well yeah, someone could propose IPX/SPX but it'd be unlikely to to get picked
up.

I have no special insight but I think this is a really cool idea. What I do
know is if they _don 't_ put up a BEP then it won't go anywhere.

------
nyan4
Browsers are some of the most complex and [therefore] vulnerable applications.
Implementing more functionalities into them is really bad for security.

------
striking
Reinventing the wheel.

Rather than restricting what browsers can send and making kludgy workarounds
that waste resources, why don't we just allow browsers to send whatever they
want?

~~~
pjc50
Sadly, that weaponises the browser into a tool for portscanning and exploiting
the user's local network.

~~~
striking
And you can't gate it behind a permissions dialog like Geolocation or
something? Please.

~~~
MichaelGG
The WebRTC guys were really, really, against this. They wanted P2P data
channels to always be available, saying that a permissions dialog would
confuse people and be too pervasive.

But when I asked for a concrete example that doesn't involve audio or video, I
literally got "suppose you are using the web UI on a refrigerator, you might
want a data channel to go direct to the fridge instead of to the webserver".
At least BitTorrent is a more reasonable example.

Furthermore, data channels break the security model of a browser just using
HTTP as configured, as WebRTC bypasses your proxy settings without notice.

WebRTC data channels should NOT be enabled by default and should cause a
dialog, as shitty as that is. My approach is to disable it and stick my head
in the sand and hope it'll go away, but people seem irrationally excited about
it. Basically WebRTC right now is shittier than NetMeeting (1996) but "cool".

~~~
striking
Thank you for succinctly explaining most of the reasons I dislike WebRTC.

Now if someone could explain why I'm getting downvoted to hell...

10 points gone so far. I've never experienced this. Are people really that
uncomfortable with opinions? Perhaps I've slain someone's sacred cow :)

~~~
MichaelGG
Probably because adding full networking to browsers is an old topic and
probably never gonna happen due to the abuse concerns mentioned.

Plus permissions dialogs sorta don't work, especially for something like
networking. "This page wants to use the Internet: Allow?" would just confuse
the hell out of users. The alternative, acknowledge that WebRTC data should be
a really limited use case, doesn't appeal to the authors/implementors.

