I feel like I've seen this pop up a few times now, but this is really, really cool stuff. The only thing that concerns me about the growing popularity of using WebRTC is the security concerns around unknowingly joining a p2p network like this for potentially any site you visit. It's not hard to imagine what a bad actor could do to content before passing it along, or more simply, the fact that your true IP is exposed.
Curmudgeony security issues aside, this undeniably feels like The Future™ and a big deal to watch out for. It's also one of those cases where a creator / maintainer makes a huge difference for long term viability in my opinion. Feross is crazy smart and has been working with all the related tech for a while now (via PeerCDN, Instant.io, etc, etc), and is just an all around respectful, nice guy, which is important for the continued development / community aspect.
Same reason webtorrent isn't quite bittorrent. WebRTC gives you P2P in a webapp, but it doesn't let you connect to arbitrary hosts and ports.
You could have an onion routing protocol derived from tor or i2p that uses the webrtc data channel. You could even, like webtorrent, have the concept of hybrid nodes that existing network to the new webrtc-based one.
Amazing project, really! But please, for the sake of users (like me) who live in countries where ISPs set a "quota" on DSL connections: ask the users whether they want to start downloading Sintel before doing so :) Now I'm afraid of opening the website again.
You shouldn't have to "beg" website authors to "play nice" for you, as a user. Web Standards and browsers have failed you by putting that much control into the authors' hands.
It is reasonable to consider that "web" maybe should not have this capability, and web browsers should provide intuitive UI controls for users to enable/disable the ability for sites to do this to you.
To be fair, if the problem is the amount of data that will travel through your connection, there is not much difference between this and a 120MB text-only html file.
So maybe browsers should offer a setting to cap the data retrieved from each individual domain on metered connections, unless instructed otherwise on a domain-by-domain basis?
This is only problem on fast and capped connections which I would guess are rare. On slow connection (and proper browser) you see that it's downloading data, how much, how fast and you can stop it.
Oh, you are right. I was under the impression that 4G is something like 2-3 Mbps, which would make the caps somewhat proportional and hard to pass by accident. But I just tried speedtest.net (app) and download speed was almost 40 Mbps. I really had no idea.
ISP offering 100/1000 Mbit connections with a data limit of 2 GB /month is absurd. I think that is the problem here, and not heavy content.
Then there are bandwidth monitors ...
I noticed though that the video continued downloading even though I had hit pause.
Author of WebTorrent here. Sorry for surprising you with a large download. To be fair, YouTube autoplays videos too, and the video size is comparable.
Good news, though! Looks like we can use detect users on a metered connection with `navigator.connection`, or worst case look for a mobile user agent. Thanks for the feedback!
I appreciate that it sucks for you personally (I used to have a capped connection myself), but frankly the web should not be held back by such arbitrary limits.
A demo that starts working immediately with no input required is a LOT more impressive and impactful than something behind a "try" button.
129.24 MiB is actually really small for a 15min video.
Even worse, if you are using a firewall it will block and potentially throw warnings about all of the connections that the site is trying to setup. I had a deluge of Little Snitch dialogs that showed up again when I backed up to the home page. The whole thing should really be behind a "try it now" button.
I really think WebRTC should require explicit permission from the user, same as the geolocation and push notification APIs. This tech has a lot of potential, but I don't like the idea that any site can add my browser to a P2P network without my knowledge.
More accurately, the browser should monitor the data usage in the current page (including iframes and possibly subsequent pages in that domain) and cut and request an explicit permission when it reaches a high water mark.
The major issue I see here is that someone can upload and make you share a copyrighted material. It could cost you lots of money. I wouldn't be surprised if it will be abused...
120MB is no small deal when you're using a 50MB data bundle on a crappy Kenyan ISP, on your phone. There should definitely be a prompt, I just lost half my day's data (before I stopped it).
It might be good to show a download of something like a 1MB video file that you could turn on. Tying a 120MB download to reading about what you are showing to people is ridiculous.
A 120MB video downloading and playing in real time as a torrent is a lot more impressive than a 1MB clip. A page showing a 120MB video that is not DDOSed by making it to the front page of Hacker News is even more impressive ;)
This is also not different (on desktop) from visiting a Youtube channel page which has an auto-play "intro" video. I just hope this at least tries to detect device/connection type before starting on cellphone. Wonder if there is an HTTP 'connection-metered' header or something like that...
We're really at the mercy of open platform-minded engineers at Google, Apple and Microsoft though! I wonder what we can do to help support those folks.
Very curious about the legal implications if every site that I visit can transfer files to unknown peers in the background. P2P is, AFAIK, a big source of costly cease-and-desist orders in Germany. With WebTorrent, I guess I could tell the right holder to bring the matter to court and plausibly state that some malicious ad iframe must have distributed that MKV without my knowledge.
Not just that, but why wouldn't ads start using your bandwith for this sort of thing ? Do you get a legal claim for your bandwith costs (especially on mobile) against the site owner for doing this without your permission ?
Those cease and desist orders are toothless. You can either ignore them or write them a nice letter that you didn't violate the copyright and don't plan to in the future.
Very interesting. Figured the day would come but the dev finally did it. Re-decentralizing the web is a great goal and with simple demonstrations like yours, we'll get there! Cheers mate
This seems very interesting already! I now have some more technical questions:
- Where is the downloaded data being stored? With a traditional bittorrent client I the data is written to disk. Since JS doesn't make raw disk access available, I'm assuming it's being kept track of in through some js api that tells the browser to store this data. What API is it using?
- Even when I finish downloading the video, the player doesn't allow me to seek to random positions in the video. It displays a "this is how much is buffered"[0] bar that is way smaller than the green bar at the top of the page indicating download progress. Why is this the case?
- As you can see in the screenshot[0], there's lots of nodes that are labeled with ip addresses that are not visible to my computer at all. Is this because the displayed ip addresses are self reported?
Presumably the data is stored in RAM (or potentially on a swap disk) by the browser. Most likely they are feeding the data into the Media Source Extensions [0] APIs.
I'm not sure why you can't seek to random positions. It seemed to work for me, after a few second delay (presumably to issue commands to start downloading different blocks).
Those IP addresses are private network addresses. The machine you are connected to is probably behind a NAT and is connected to you through a different address. The UI is probably just showing the local address that that node reports.
Question: I see there are some local network IP addresses in the graph ? I suppose external IP addresses are hidden for privacy/security purpose but how well are there hidden ?
Anther question: How do I open the file once downloaded ? (I use ublock, should the file be displayed in the rectangular area next to the graph ?
One big website in your country could implement this in the background with a list of know "C/D letters" triggering torrents, and the business model of these C/D letter writing laywers would be broken in half a year. Because if they target people that really didn't download anything knowingly, they will get lawyers themselves and go to court. And when the courts figure out that the old way of "proving" a download doesn't work any more, the business modell is broken.
In theory, yes, but you have no idea how incompetent German courts are. They believe everything copyright holders feed them.
There was a similar case last year that, fortunately, went very badly for the copyright attourneys. Thousands of users were redirected from an ad to copyrighted porn videos and then C/D'd. The attourneys got into a lot of trouble and even lost their license, but their clients still ran off with the money.
The case was only reviewed when it got media attention, but using torrents makes it even more difficult to prove the scam.
Believe me, I have a pretty good idea how competent or incompetent German courts are.
Still, you're right. This would only work at scale, after quite a long time and cause a lot of damage on the way. The website implementing this would probably also get sued into the ground.
Better get a Netflix subscription and/or install Kodi on some FireTV thingie...
What a coincidence, I was just playing with this for the first time last weekend! They also have an npm package that can be used for both torrent streaming via node and the browser (https://www.npmjs.com/package/webtorrent). Awesome project.
WebRTC requires the use of a centralised signalling server for the initial connection between two peers. I feel many miss this point when reading about WebRTC-enabled projects. Even if you do have Universal Plug and Play which port forwards automatically (and thus you can communicate directly between two peers), you still need this centralised signalling server.
Correct me if I'm wrong, but this poses a problem if you ever want to take WebRTC further (i.e. in a self-hosted mesh network).
The "with port forwarding" is the problem there. That assumes you have access to your NAT resolver to add the rule, which isn't a fair assumption to hold. People at colleges, businesses, hosted events, etc. need to do NAT traversal (or be on IPv6) in order to do P2P.
I didn't see that you mentioned UPnP in the OP though, sorry. I'd assume downloading metadata from a signalling server if you don't need it for traversal is completely optional - most P2P networks have an initial list of peers to connect to to bootstrap new clients.
Interesting, if the player never starts you never connect to additional peers. I'm running this in firefox 43 with flash disabled and the video never starts.
1 Pretends to work on a browser not supporting WebRTC. This got me thinking so I went to webrtc.org and all the examples/samples also pretend to work and/or fail silently - is WebRTC API really not able to even ascertain level of support of the running browser? .. looked under the hood and found https://webtorrent.io/bundle.js: throw new Error('No WebRTC support: Not a supported browser'), so it definitely can, but fails to catch those errors and do anything/inform user.
2 looked at network traffic and it seems to open separate TLS sessions per transferred data packet, not the most optimal thing to do, might be an artefact of being hosted on https. Probably a cpu bottleneck right there.
Interesting, I'd be curious to some speed tests. I was seeding to around 22 peers for a while but did not get over 5Mbps up, while my internet connection is capable of around 530Mbps. Wondering if this was an inherent WebTorrent problem or simply that not enough people were online with strong connections.
Like many, I thought about this since a couple of years.
My idea was a browser-plugin for youtube, that would take the downloaded video and start seeding it. On the other side, if a video has been blocked by YT, it would automatically use the torrent version.
WebRTC can bust through NATs with STUN and provide a TURN proxy in case the NAT can't be busted through. STUN will generate a number of candidate addresses that may be tried for initiating WebRTC connection(s). These addresses may be exchanged through a third party or directly communicated between peers once a data connection is established. It looks like the addresses in the animation are generally the local host addresses of the machines you are connected to. Perhaps the site is just showing the first candidate in the list, or, intentionally picks the local name to allow for moderate privacy.
That's what caught my eye as well. I didn't know that was possible to get via the browser and started to think about its implications. I wonder if exposing private IP to any website is a very good idea when router firmwares have all sorts of basic security bugs in their web panels.
Other companies like http://streamroot.io/ are also using WebRTC to help content hosting sites like YouTube and Netflix deliver VOD and live streams. Really exciting!
it is so fucking obvious that this idea is exactly how browsers will work in the future. A browser is going to just be something like node-webkit/webkit/electron etc. so compatability won't be an issue, then you just connect to a ton of different clients that are running narrow crawls of shit you are searching for. The browser will then not take you to the page, but just display the information directly without loading a shit ton of js.
You can tag or organize the data locally and cache it, or return it sorted to the nodes which serve it to others. People don't give a shit about webpages for search, they care about information. The web is a big rss feed, and our old feedreader "google" stopped doing that well, and also we pay a massive privacy tax for that now.
I see this happening in ~2 years for really techie people and being standard in 5.
edit: elastic search, webkit, real time, distributed file systems, apache spark, google tensor flow. These ingredients will be used to make the new browser which browses information and returns that information not the actual web pages.
obviously. I think it will become mainstream with technological people in 2 years. It will take time to, of course, actually be built. Then, have enough data fed into it to actually be useful. That will take about 2 years(ish).
No. For security reasons, nobody wants Javascript to be able to open actual TCP connections – Javascript is supposed to be sandboxed, and if it can open TCP connections it can do any number of malicious things. So this whole Websockets thing have been invented, which is just like TCP sockets, except it’s understood that Javascript can access it, so nobody should implement any service accessible on a Websocket which could be misused by malicious Javascript. I’m not sure this is a solid plan.
Curmudgeony security issues aside, this undeniably feels like The Future™ and a big deal to watch out for. It's also one of those cases where a creator / maintainer makes a huge difference for long term viability in my opinion. Feross is crazy smart and has been working with all the related tech for a while now (via PeerCDN, Instant.io, etc, etc), and is just an all around respectful, nice guy, which is important for the continued development / community aspect.