Search Mailing List Archives
natanael.l at gmail.com
Mon Apr 7 06:10:49 PDT 2014
I would say I2P is better for that purpose (as in more secure and
scalable), but then again I'm not sure if it would be a good idea to embedd
I2P into Popcorn Time.
I2P is a Tor-style anonymizing network (using multiple parallel routes
instead of one at a time) with a nice DHT system named Seedless that can be
used to find the latest version of the data and distributed hosting named
Tahoe-LAFS (custom configured version, this version behaves like Freenet)
which could be perfect for anonymously distributing the data (if the list
would be too large to store in the DHT directly). Everything would still be
just as automatic and easy to the user as it is now.
For those who want extra anonymity and wouldn't mind slower torrenting, I2P
works just fine with torrents, the rest can use it just to fetch sources.
But the I2P network don't benefit much from temporary nodes the way most
popcorn time clients would drop in and out suddenly, and that node behavior
can harm network performance, the network needs a reasonable ratio of
stable nodes. Maybe people could be encouraged to run I2P continously and
those that don't could access it via inproxies.
I'm not sure what's ideal here.
I still think the *easiest* solution is a network of mirroring sites.
There's still anonymous remailers around for anonymous submission. That way
the clients don't need to do anything special and we don't need anybody to
run special software. And those who want to run Tor can easily do so.
- Sent from my phone
Den 7 apr 2014 13:06 skrev "ChaTo (Carlos Alberto Alejandro CASTILLO
Ocaranza)" <chato at chato.cl>:
> Just as Popcorn already includes a torrent client, it can include a
> BitMessage client, it would be entirely transparent to the users, just as
> the torrent client already is.
> The rolling blockchain: it is OK if the "master file" is broadcast every
> two days. BTW the "master file" is a list of mirrors, which can and will
> change, where you can get the meta-data used for popcorn-time to operate.
> Bitmessage isn't anonymous to network-level attackers: the person who
> broadcast the file can be behind Tor. It will be make them much harder to
> find than if they have to seed a torrent file. And it can be different
> persons sharing a private key to post from different locations.
> * * *
> The question is not whether BitMessage is *the* perfect protocol, but what
> protocols are there to distribute a master file in a way that:
> - the sender can easily change the master file,
> - the receiver can easily locate the master file (a single key to locate:
> a URL or a public key),
> - the message is not hosted at a single or a limited number of places
> (because those can be taken down),
> - and the sender itself is difficult to find.
> On 04/07/2014 01:14 PM, Natanael wrote:
> Bitmessage isn't ideal for this.
> Both because it has a rolling blockchain (the data to distribute needs to
> be uploaded repeatedly), because the users will need a special client to
> download it, and then special instructions to find the file, and because
> Bitmessage isn't anonymous to network level attackers (your ISP, the router
> you're connected to, etc), and because of scaling problems.
> The easiest way IMHO is to have a network of mirror sites hosting it,
> reminding people they can download it over Tor.
> - Sent from my phone
> Den 7 apr 2014 09:50 skrev "ChaTo (Carlos Alberto Alejandro CASTILLO
> Ocaranza)" <chato at chato.cl>:
>> An answer to the "single point of failure" of having a URL to pull the
>> content is to use a secure distribution mechanism.
>> I think a great candidate is BitMessage, which I have been using for some
>> months now: https://bitmessage.org/wiki/Main_Page
>> BitMessage is a secure peer-to-peer communications protocol that allows
>> you to broadcast a message (or receive a broadcast message) without
>> revealing your IP address.
>> On 04/06/2014 11:41 PM, Jonathan Wilkes wrote:
>> Hi list,
>> streaming please take over the popcorn-time project? It looks like it was
>> developed pseudonymously by at least three teams now which have all
>> disappeared (probably due to pressure from Hollywood).
>> If you haven't heard of it, see:
>> Why should this interest you?
>> * Licensed GPL v3
>> * Has the most user-friendly interface I've seen in a piece of free
>> * Runs on GNU/Linux, OSX, Windows
>> * Streams downloads efficiently and uses Bittorrent to seed while the
>> user watches (with no setup or intervention by the user)
>> * Accessibility. Looks like the project is getting bullied with a game
>> of whack-a-mole, probably due to pressure from Hollywood. AFAICT there is
>> no new technology being used-- the original devs used mostly pre-existing
>> libs to make something that is easy to use. What everyone on this list can
>> do using Transmission and VLC can now be done by non-experts.
>> How to stop the game of whack-a-mole?
>> There needs to be something like a "popcorn kernel" team. It should use
>> exactly the same API as the software currently does, but just have a place
>> where the user can type in an address from which to pull the content. It'd
>> be pretty easy to host a tracker with one or two public domain titles and
>> test with that. Then if a site like archive.org decides to adopt the
>> YTF API to access its public domain videos, users can just add that address
>> and start streaming the content. (And again because they are also seeding
>> this helps out archive.org, so it's a win-win.)
>> That would remove the only controversial line of code-- the url of YTF--
>> so that anyone who wants to improve the software may do it without being
>> bullied. Also, if there were a well-known organization dedicated to
>> hosting and defending free software that could host the repo and front page
>> it would lower the risk of a rogue, suspicious site putting up downloads
>> with malware in them. (And each time Popcorn-time gets resurrected at some
>> new domain that risk increases.)
>> The original code is still on github. Not sure about the other
>> incarnations. It's worth noting that there seemed to be quite a bit of
>> activity on each incarnation (bug fixes, improvements) so it might be worth
>> it to try to find a link to the most recent incarnation. (And since it's
>> git it should be easy to audit the changes.)
>> ChaTo (Carlos Castillo) <http://chato.cl/>
>> LinkedIn <http://linkedin.com/in/chato> · Facebook<https://facebook.com/chato>·
>> Twitter <http://twitter.com/chatox>
>> Liberationtech is public & archives are searchable on Google. Violations
>> of list guidelines will get you moderated:
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> companys at stanford.edu.
> ChaTo (Carlos Castillo) <http://chato.cl/>
> LinkedIn <http://linkedin.com/in/chato> · Facebook<https://facebook.com/chato>·
> Twitter <http://twitter.com/chatox>
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech