This repository has been archived by the owner on Dec 11, 2019. It is now read-only.
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.
Closed
Description
Currently WebTorrent is integrated into Brave as an on-by-default extension. There are a couple of risks, such as:
- ISPs can in theory distinguish WebTorrent traffic and issue copyright notices to users who are torrenting.
- It is easy for an attacker to track what public IP addresses have downloaded which files over WebTorrent.
- WebTorrent uses WebRTC, which may leak your local IP address.
(2) is probably the biggest concern. It means that if you click on a .torrent or magnet file in Brave, you are at risk of publicly broadcasting that your IP address is downloading that file (or the IP address of your VPN, etc.). This may not be a concern for users who are torrenting .ISO files or the full text of wikipedia or other such non-sensitive content, but it may present a serious privacy hazard for people who are downloading things like adult content.
I think our options are:
- Keep WebTorrent enabled by default, but show a disclaimer about the privacy risks of torrenting before the torrent starts.
- Disable WebTorrent by default, and assume that the users who enable it are aware of the privacy risks.