Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improved readme to include MITM warnings and displaying additional functions #14

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Improved readme to include MITM warnings and displaying additional functions #14

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7c728f2
improved README to include events/mitm warning
therealadityashankar Aug 3, 2020
3477548
added mitm prevention alternative
therealadityashankar Aug 28, 2020
5a8cfce
Merge pull request #2 from subins2000/master
therealadityashankar Aug 28, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 21 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,12 @@ Works in both browser & node environment.
* JSON messaging system
* Send & Respond to messages in a chain using Promise

## MITM warnings
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add this at the end of README, plus add a sub-section like "possible solutions", the most important part would be to emphasize "use open, public, trusted trackers" like https://openwebtorrent.com/


- **ensure** you use trusted trackerAnnounceURLs/keep the communication encrypted by some other means, notorius entities could put deceptive trackerAnnounceURL's and read the data that goes through via an mitm attack

- alternatively, create multiple P2PT connections to the same person via the same identifier but different trackerAnnounceURLs, then ensure that connections are sending the same message, then optimize this connection by exchanging a public key on both sides, ensuring the same public key has been sent via all connections, and then creating an encrypted connection over one of the connections. (TODO, create an option that does this de-facto, and easily)

## How Does It Work ?

The [amazing WebTorrent](https://webtorrent.io/) library created a new kind of Torrent Trackers called "WebSocket Trackers" also known as "WebTorrent Trackers". Some torrent clients can use these new trackers to share files.
Expand All @@ -30,7 +36,21 @@ How do we find peers for torrent to download ? We use a magnet link. That magnet
Similarly, to build our apps, we use a identifier. This identifier is converted to a valid Info Hash and sent to our **WebTorrent trackers** who will give us a list of **web peers**. These web peers would be the other users also using our app :

```
var p2pt = new P2PT(trackersAnnounceURLs, 'myApp')
// Find public WebTorrent tracker URLs here : https://github.com/ngosang/trackerslist/blob/master/trackers_all_ws.txt
var trackersAnnounceURLs = [
"wss://tracker.openwebtorrent.com",
"wss://tracker.sloppyta.co:443/announce",
"wss://tracker.novage.com.ua:443/announce",
"wss://tracker.btorrent.xyz:443/announce",
]

var p2pt = new P2PT(trackersAnnounceURLs, '<peer-identifier>')

// some available events, to see all events/an in depth documentation see https://github.com/subins2000/p2pt/blob/master/api-docs.md

p2pt.on('trackerconnect', (tracker, stats) => ...)
p2pt.on('peerconnect', peer => ...)
p2pt.on('msg', (peer, msg) => ...)
```

And that is how P2PT works.
Expand Down