Mastodawn

internetarchive Jun 17, 2024

More than 500,000 books have been removed from the Internet Archive's lending library due to the Hachette v. Internet Archive lawsuit, including more than 1,300 banned and challenged titles. 📚 Our patrons have shared powerful stories about how this loss has impacted them, and we need your help to make a change.

Sign our open letter to the publishers urging them to restore access to these books. 📖✍️ #LetReadersRead

👉 https://blog.archive.org/2024/06/17/let-readers-read/

Let Readers Read | Internet Archive Blogs

Mitex Leo Jun 25, 2024

@internetarchive Torrenting is the only way.

d@nny disc@ mc² Jun 25, 2024

@ml @internetarchive bittorrent (and all other current alternatives afaik) don't have any sort of anonymization, so ISPs can surveil torrent peers and cut off your access. it's not clear to me yet how to apply the consistent hashing used in most DHTs to tor's model yet, but tor may expose a sort of internal node ID that could be similarly used to achieve consistent hashing? @torproject has there been work to anonymize DHTs via tor or other alternatives?

Irenes (many)Jun 25, 2024

@hipsterelectron Tor actually has a FAQ asking people to not use Tor for bittorrent because it stresses the network

IPFS has done some work in this space, we're not sure how far along that aspect is

d@nny disc@ mc² Jun 25, 2024

@ireneista their website says ipfs is not private and to use something else if you want privacy i was checking it out yesterday

Irenes (many)Jun 25, 2024

@hipsterelectron oh. drat.

I2p is an overlay network that does support bittorrent, although that falls significantly short of true anonymization, for reasons you can probably already see

d@nny disc@ mc² Jun 25, 2024

@ireneista tor's anonymity via noise addition is less interesting to me anyway; VPNs can be used to interface but i recall hearing that some VPNs don't like being used for seedboxes. the level of privacy sufficient to mask participation in a particular swarm to an ISP seems less stringent than tor's guarantees and the consistent hashing needed for a DHT seems like something that could be achieved with any other identifier, but masking identity to all other participants in the swarm seems necessary as well and may be more difficult than i'm hoping :(

Cassandrich Jun 26, 2024

@hipsterelectron @ireneista Getting a VPS anonymously in a jurisdiction that you DGAF about to run your torrents and logging into it over Tor seems like the safest option that's currently practical.

Irenes (many)Jun 26, 2024

@dalias @hipsterelectron yeah - well, we want to solve the problem for everybody, not just for ourselves

@ireneista @hipsterelectron Absolutely. I'm not sure what the right solution is, but it seems like it should still involve some of these ingredients, so access patterns from your home don't implicate you. One view is that, ideally, you outsource the actual p2p stuff anonymously to some rented low risk space, just without needing sysadmin expertise to do it (but likely still opsec expertise). A potentially better outcome is the normalization of untrackable p2p comms to the point it's not sus.

Irenes (many)Jun 26, 2024

@dalias @hipsterelectron normalization of untrackable p2p comms would be amazing, yeah. there's a herd immunity effect....

Cassandrich Jun 26, 2024

@ireneista @hipsterelectron Amazing but hard to achieve, I think. 😭

Irenes (many)Jun 26, 2024

@dalias @hipsterelectron at least keeping it in mind as a goal may help, over time...

Cassandrich Jun 26, 2024

@ireneista @hipsterelectron Yes. It means quietly favoring design choices that lead us in that direction.

Irenes (many)Jun 26, 2024

@dalias @hipsterelectron absolutely

LisPi Jun 26, 2024

@dalias @hipsterelectron @ireneista A remote VPS is just as vulnerable to timing analysis as running it directly from home, and it has previously been observed that adding nodes in a tunnel with I2P past the initial 3 has various diminishing returns.

Unless adequate timing mitigations are in place, accessing the server from home will in itself generate an observable pattern. Whereas with such mitigations, no real benefit would be obtained from using the server (and risking memory & storage scanning in datacenters) instead of just using it on your own hardware.

Cassandrich Jun 26, 2024

@lispi314 @ireneista @hipsterelectron The point is it's not tied to any identity, and exfil of the stuff downloaded is over Tor.