BitTorrent Launches Project Maelstrom, the First Torrent-Based Browser

An anonymous reader writes BitTorrent today announced the first torrent-based browser. Project Maelstorm, as the app is currently called, is being made available as an invite-only alpha to "a small group of testers." Although BitTorrent is in the very early stages of the project (testers are being asked to help assess for usability and reliability), the company strongly believes Maelstrom "is the first step toward a truly distributed web, one that does not rely on centralized servers." This is by no means a new idea from the company: it's the core behind the relatively successful synchronization tool BitTorrent Sync. "Centralized architectures have not scaled well to the volume and size of data moving across the Internet," a BitTorrent spokesperson told VentureBeat. Maybe, but building a file-sharing tool around the idea of decentralization is not the same as building a whole browser.

Private?

[buchner.johannes]

For normal websites, I can see the benefit of requesting data blocks identified by hashes. But doesn't bittorrent require that all data you download is shared between peers? How can any secure, private connections be handled, like banking or shopping?

Re:

[Anonymous Coward]

I suspect that the torrent aspect would not function for anything using https, session variables, or a few other similar html gimmicks.

As for practicality, the server's connection speed is rarely the bottleneck in web browsing. Something like this would mostly serve as a potential user-defense against accidentally DoSing a popular page (if enough people join the maelstrom).

Re:

[Charliemopps]

For normal websites, I can see the benefit of requesting data blocks identified by hashes. But doesn't bittorrent require that all data you download is shared between peers? How can any secure, private connections be handled, like banking or shopping?

Do you think the hops between you and your bank are private?

I'm not saying that this doesn't present some security concerns, I've no idea how it works. I'm just questioning the premise you seem to have that the connection between you and... anywhere... is in any way private.

Re:

[Anonymous Coward]

Do you think the hops between you and your bank are private?

I think his point is how do you create a secure HTTPS-type channel over a BitTorrent type of network.

Re:

[Anonymous Coward]

Probably using some system comparable to how bitcoin does that. decentralized currencies at least show it is possible to be both decentralized and have secure transactions (as long as you hang onto your private keys, but hey, someone can steal your online banking passwords just as easily).

Re: Private?

[WarJolt]

All distributed systems have similarities, but bit coin doesn't really apply very well to this. The problem with bit coins is that distributed monetary transactions have to be synchronous. The proof of work function(generating hashes) basically creates a giant global virtual clock, such that consensus can be reached. This fixes your double spending problem and also why it takes so long for a transation to go through.

This system wouldn't have to deal with all that nonsense.

Re:Private?

[Jane Q. Public]

But doesn't bittorrent require that all data you download is shared between peers?

No.

Most bittorrent clients force you to upload to others as you download. But that isn't a requirement of the protocol, it was a judgment call on the part of the programmers. They felt that if you don't share what you download, then "the community" of sharers will fall apart.

But the BitTorrent protocol has many perfectly legitimate uses today, other than just copyright infringement.

At least some BT clients allow you to control how much (or whether) you upload when you download. Or to share things you didn't download in the first place.

But the short answer is: no. There is no requirement in the BitTorrent protocol that you "share" everything.

Re:

[buchner.johannes]

The point was more than any request for data my bittorrent client receives from a peer, I can also request from the network. So nothing is secret.

Re:

[sexconker]

Your communication with the bank can be secured with public-key cryptography like usual, I would think. People can view the bits you pass back and forth with your bank already- anyone at your ISP and any interconnects between you and the bank. But, in theory, public-key crypto makes those bits meaningless to everyone else.

That's only true once you've established said keys outside of the public channel.
So you have to use something other than this Bittorrent for HTTP bullshit to establish security, then hand the connection off to Bittorrent for HTTP.
The question remains: Fucking why?

Netflix et al

[davidwr]

Netflix could too, if they can get authorization to actually use the system (insert MPAA members howling about their IP being on a P2P network

I can see the MPAA accepting "partial" distribution (say, 75% or maybe even 90% or 99%+ of the bits) over hard-to-track torrent-like protocols as long as enough of the bits are distributed "directly" to ensure that those having only the "partial" distribution either get a useless (e.g. encrypted or compressed-with-key-bits-missing) bits or they get bits that result in such an unpleasant viewing experience (drop-outs/noise, segments that have key plot elements removed, or missing audio) that it won't be an e

Re:

[nmr_andrew]

Peered file sharing will work fine for the parts that are common to everyone, like background images, javascript libraries, CSS, etc. Actual user specific data and operations, like bank account balances, I can't really picture going through hosts other than the customer and the bank, but that's probably a miniscule fraction of the data transferred.

That sounds sort of like I'd expect something of this sort to work, but there has to be more to it. All of those things mentioned as "common to everyone", with the possibility of some larger JS libraries or Java applets, are already fairly small (or at least can be, anyone using a 4+ MB image for their background should be summarily executed). I'd expect the overhead of noting the request, sending the torrent data, then having the local browser connect to multiple peers would actually INCREASE the total amo

Re:

[Bengie]

I wondering how BT will work for CDN style static data.

Re:

[NotInHere]

I guess very well. In fact, there is a project called peerCDN, which P2P based on WebRTC as a CDN. So Maelstrom can already be achieved by firefox and chrome.

Re:

[MemeRot]

Why? CDN companies like Akamai spend huge amounts on their server networks, and they are already local to you.

Re:

[zidium]

Because they're MUCH cheaper for the end-developer who wishes to use them. Think about it.

Freenet?

[halivar]

There was a project a while back that was called Freenet (I think) that was supposed to be an P2P anonymous internet. Seemed slow as dog crap and more than a little shady. How will this project avoid the same fate?

Re:

[bobbied]

I don't know how it will be fast, but to use existing bitTorrent logic, there ARE legal torrents out there and I would assume web content would be similar.

Re:

[Anonymous Coward]

Freenet cares about anonymity. Unless this Maelstrom is torrent in name only anonymity won't be a concern. On the bright side that probably allows it have lower latency.

Re:

[Finallyjoined!!!]

To paraphrase:

How will I avoid paying for stuff quickly?"

Re:Freenet?

[Jane Q. Public]

Freenet [freenetproject.org] is not "shady". In fact its purpose was the opposite of shady: to enable legitimate internet use without being spied on by others.

There are others, among them OneSwarm [oneswarm.org], created at the University of Washington.

These projects were intended to promote freedom and privacy. That isn't a "shady" goal. Though people who want to spy on you (like the government) try to pretend that it is.

Re:

[phorm]

I don't think that the GP was indicating the *project* was shady, but more likely many of the visible uses.
Like many things, freedom affords benefits to both paragons and scoundrels, but the latter may often be more high-profile or visible.

Re:

[Jane Q. Public]

I don't think that the GP was indicating the *project* was shady, but more likely many of the visible uses.

I don't think that argument holds water. Is cash "shady" because it can be used for illegal purposes?

Re:

[phorm]

No, because the majority of people visibly using cash are still doing so for legitimate/legal purposes.

Re:Freenet?

[PhrostyMcByte]

Freenet had some issues. Most of them won't apply to BitTorrent's offering.

The main one is receiving content was dog slow compared to, say, Tor. This is simply an artifact of how it was routing connections and the distributed storage aspect.

Second, but still contributing to the poor experience is that the app itself had some architectural flaws that made it and your PC run dog slow -- the choice was either use hundreds of threads or let the operations stall.

The third, more of a security/philosophical flaw, is that the base protocol was not documented in any significant fashion. To review the protocol's security, you'd need to have an expert understanding of Java and a large part of the codebase. So it never really had many eyes on it looking for flaws.

I haven't used Freenet in around 5 years, so this may have improved. It was pretty clear why it never caught on at the time.

The code is the documentation

[davidwr]

The third, more of a security/philosophical flaw, is that the base protocol was not documented in any significant fashion. To review the protocol's security, you'd need to have an expert understanding of Java and a large part of the codebase. So it never really had many eyes on it looking for flaws.

I know what you are trying to say - that the protocol was not documented in any significant fashion in a popular human language, but I must point out that computer code, to the extent that it is non-ambiguous,* is "documentation in a significant fashion" of the protocol's implementation. Unless there is other documentation to that contradicts it (such as a human-language protocol spec) it is also the de facto documentation for the protocol.

Now all we need is a few million people who can understand Java as

Interesting if done right

[amaurea]

One of the reasons why the world-wide web is buried in a sea of advertising is that the costs associated with hosting a web-site increase as the site becomes more popular. So you might be ruined by your site becoming too popular. Advertising fixes that problem by giving income proportional to the popularity. But it comes with the undesirable side-effect of the ads themselves.

A peer-to-peer alternative to HTTP is a very different way of solving the same problem. If people who visit a page help upload it to other visitors, then the available resources will scale with the number of visitors without the server's bandwidth needing to increase. Bittorrent does this very successfully for large files and demonstrates that this mechanism can work. But bittorrent's latency is too high to serve as a replacement for HTTP. If this new protocol fixes that, and manages to get supported in many browsers, then things could get interesting. If they are to have any hope in the protocol gaining acceptance, it mustn't only be low latency, it should also be open and well-documented. So let's hope they don't pull another "Bittorrent Sync" here, and keep the protocol closed.

Re:

[Bengie]

Parallelizing requests could help hide latency. Small requests would hurt, unless you could make many at the same time and or batch them up. If you're working with relatively static data, you could optimize the data such that many small pieces could be placed together in a single block. The same way file systems like to batch together small files to reduce the overhead of minimum block sizes.

Re:

[davidwr]

Advertising fixes that problem by giving income proportional to the popularity. But it comes with the undesirable side-effect of the ads themselves.

Thereby lowering popularity - a classic example of a negative feedback loop keeping your server farm from crashing under load.

Re:Interesting if done right

[DigitAl56K]

One of the reasons why the world-wide web is buried in a sea of advertising is that the costs associated with hosting a web-site increase as the site becomes more popular.

Costs per visitor are usually extremely small.

The main reason the www has so much advertising is that almost nobody wants to pay for content, yet content is not free to produce, and even if you come up with a schema for which some people will pay, your competitors will steal all your volume by offering something closer to free (or supported by advertising), and volume is essential for almost all internet-based businesses.

None of this will change because of the distribution method. Content is still not free to produce.

Re:

[xonen]

As you say, the costs per visitor are extremely low. That's also why i, personally, wouldn't mind to pay a few cents to have access. However, such is not possible. Either one pays reasonable high fees, up to multiple dollars per month, either it's free and filled with ads. There is no such choice as donating 1 cent.

So, what is lacking is a proper micropayment system that works, in an unobtrusive way. That's something that a *random big player in the market* has to solve. 20 years of consumer internet. The w

Re:Interesting if done right

[amaurea]

Not all websites are for profit. In fact, the majority probably isn't. This approach would only be a moderate help for for-profit websites, but it would help for popular noncommercial websites like wikipedia, discussion forums, open source software pages, etc. It could also be used to make a noncommercial youtube alternative. Just because something takes an effort to produce doesn't mean that somebody is looking to get paid for it. Some people are just looking for an audience, or others to collaborate with, or are just trying to make the world a better place.

Just a few stories back here on Slashdot we heard examples of people who had their webpages grow so popular that they were forced to put ads on them, even though they didn't wish to. That's the sort of case that would benefit the most from a distributed system.

Subsistence, Gift, Exchange, Planned & More

[Paul Fernhout]

On alternatives to profit-making websites emphasizing other types of transactions than exchange, see my comment: "1. Outdoor Holiday Lights 2. ??? 3. Profit!" http://slashdot.org/comments.p... [slashdot.org]

As I mention there, I've been working on-and-off towards software for supporting a social semantic desktop. Many other have of course (like with NEPOMUK), I'm just one more. The Maelstrom sounds like it may be heading in that direction too.

I have some later stuff I have not released yet, but it is pretty similar to thi

Re:

[kaiser423]

I'm a bigger fan of HTTPS everywhere over this. As far as I can tell, this would break a lot of that....But it still could be a boon for imgur, and other picture/video hosting sites. Makes sense, but I think that the trend towards encrypting everything clash with this idea pretty well.

Re:

[Bengie]

They don't entirely clash. HTTPS makes it so both a passive and active viewer cannot see what you're requesting. In theory, something like P2P could still make it so a active viewer could not see what you're downloading, but an active participant could. As long as the protocol had a way to quickly black-ball participants who falsely claimed to have data, then anyone who wanted to watch would also have to help.

Akami is dead

[ADRA]

Yeah, they're really shaking in their boots. But really, if you want 'anonymous' go use Tor I guess. What is this besides something that will probably break most of the web?

Seriously, if you think static content is the life blood of your internet business, then a solution like this (though packaged specifically for your audience) is great, but how does this help anyone else, when I'd say about 90% of the content delivered to most people now a-days are at least somewhat curated to you as an individual or at

Re:

[omtinez]

Wanting to "break the internet" seems to be a hot trend these days.

Re:

[davidwr]

Tor isn't anonymous anymore, and just using it probably puts you on a watch list somewhere. Insert tinfoil hat joke below.

I'm not laughing, and I doubt you are either. Sigh.

On a slightly different topic:
Tor increases anonymity by making it much harder for someone to track you down. In practical terms, if neither you nor anyone using your ISP are currently being monitored, you don't use it to visit sites that are being actively monitored by an adversary (including any site that shares an ISP with such a site), and you use it only sparingly (maybe a few MB today e.g. to visit a blocked-from-your-country news or web-mail site,

No centralized servers?

[bananaquackmoo]

Of course it relies on centralized servers. Websites have to come from somewhere. Data has to be load-balanced. You don't download and upload a website with a database and hardware.

Re:No centralized servers?

[codebonobo]

There are many examples of decentralized sites: openbazaar, twister, bitmarkets, ect ... all which require no centralized servers and are created with DHT and the blockchain protocol.

Interesting as an alternative for CDNs

[Anonymous Coward]

Obviously this works only for static resources. I can see this work as an alternative for CDN's, and as such it's really interesting. Cache invalidation is annoying. Distributed cache invalidation is a headache in a whole different ballpark

Imagining torrented streaming

[davidwr]

(except that I can't imagine now 'bit-torrent streaming' would work.)

Imagine a video broken into small chunks of 1-2 seconds. Imagine a torrent-ified web browser that used the torrent protocol to verify that all chunks were available for download from somewhere then proceeded to download the first few seconds of the video ("buffering") and while doing so figure out how big of an initial buffer it needed (latency, sigh), then after filling the initial buffer displayed them in order, downloading subsequent chunks while the first chunks were displaying.

Oh, that large and ever-

Re:

[Bengie]

This shouldn't be used to replace normal web browsing, but to help augment it. The web server can always been around to seed the data.

Re: Imagining torrented streaming

[Anonymous Coward]

Surprised tot see no mention of YouTube's 'network-assisted' option in the flash for video's. That's p2p streams right there for you, and it works.

Re:

[Bengie]

Optimally, there would be a notion of a few buffers. P2P works best when chunks are randomly uploaded as not to cause a bias to what data is available. Probably a primary buffer that fills and requests data sequentially, then a much larger secondary buffer that is ahead of the primary one's timeline, where it grabs random blocks.

I wonder how much data storage would be required for a base optimal viewing experience and what kind of eviction algorithm.

There are two primary types of data for web viewing. L

Right

[Dunbal]

one that does not rely on centralized servers.

They all say that. Bittorrent. Bitcoin. Etc. And yet somehow, there is always a key - some centralized process somewhere that is the Achilles' heel. Why? Because if I am going to start using that service when I boot up or when I log in for the first time - my computer needs to know where to find the info to check in and start looking for the network. Just like DRM will never, ever work, "decentralized" systems will never, ever work. If I can find it, the enemy/feds/hackers can find it and take it out. So in

Re:

[diamondmagic]

You just need to track down a peer who's a member of the network, and you need to be able to get packets to them. Any peer will do; doesn't matter who or how much you trust them.

How is any part of that 'centralized'?

The very worst that can happen is you never get to download your file, or your payment never makes it to the vendor, if you have a bottleneck through your ISP, and your ISP decides to cut your service... but that's not a fault of the protocol, that's a fault of physics. If you have any connectio

Re:

[Dunbal]

There's always a choke point. With Bitcoin - how do you buy them for US dollars? How do you sell them? Go after the "exchanges". With distributed networks I can sniff them and see who's on - and if I have enough resources (like say the NSA) I can figure out which packets are going where. If I know an origin (you, my suspect) and a destination (what I think you're accessing), I can make the same link. Why? Because you can make it.

Multiple "central" servers

[davidwr]

And yet somehow, there is always a key - some centralized process somewhere that is the Achilles' heel.

And this is why there are hundreds of root DNS servers with over a dozen "names" (list [iana.org]).

TOR has (or had) "directory servers." Although it was discarded as not being practical, TOR or its predecessors considered using fully-distributed directory information (see 2004 documentation [torproject.org]). TOR now has the option of using bridge-nodes. The addresses of these nodes are typically distributed "out of band" (e.g. by email or personal contact) on a need-to-use basis.

In short, "centralized servers" are not a bad thing

Asteroids

[ChunderDownunder]

I remember Maelstrom.

It put Andrew Welch on the map as a game developer, 22 years ago.

dynamic sites ?

[Tom]

How does it handle dynamic sites? If the answer is "not at all" as with previous projects of this kind, it's dead on arrival.

Most of the web is dynamic today, and almost all of the interesting sites are. How many of us would be reading /. if it didn't have comments and moderation?

Re:

[ThePhilips]

Most of the web might be dynamic.

But most of the interesting content is quite static, changing relatively slowly. Consider Wikipedia or YouTube. Wikipedia updates relatively slowly. YouTube only adds new videos (and after Google's touches the comments and the recommendations are pretty useless anyway).

Search and the comments might need to stay dynamic - and centralized - but hosting costs would drop significantly if the bulk data transfers would be handled by the P2P network.