Hacker News new | past | comments | ask | show | jobs | submit login

Why would I download a sketchy ass torrent client when I can go to a website, download the torrent in my browser, and be able to rely on my browsers sandboxing against the torrent client? Even better, if it's video I'm torrenting, I can rely on my browsers sandboxing against the torrents contents too.

It's more convenient, it's safer, it sucks for other torrentors because I don't seed as long, but let's be honest, most people downloading torrents don't care.




Why a torrent client would be sketchier than any other software ? There are plethora of good open source clients like qbittorrent, transmission ... even aria2 ! At that rate, are you suspicious of wget too ? Even more of Chrome ? There are a lot of sketchy things going on in that one ! It is the user's responsability to choose in which software he trust, and a bittorent client is not worst than anything else ?


Me, personally, sure I can find a torrent client I trust.

My sibling who isn't a programmer. They would have no clue what is trustworthy or not. Downloading random executables from the internet is not a good idea. How should they know qbittorrent is safe as long as it's downloaded from www.qbittorrent.org but utorrent is basically malware? (Or at least was for awhile).

They already know they can trust firefox and chrome, so it's better for them to just do that.

That's before you get to questions about security of the clients, security of the website you are downloading the torrent clients from, etc.


> Downloading random executables from the internet is not a good idea.

OTOH, `apt search torrent` on Ubuntu probably doesn't recommend any malware. Though their GUI nowadays promotes snaps and I'm not sure how much that is better than random executables.


Yes, but a non-tech-savvy person is probably using Windows or Mac... My sibling in particular is definitely using windows (though they do use WSL for some of their work).


Sure. I thought a bit more about app stores and came up with the idea that Microsoft Store should be not that bad, because they probably have money to hire a lot of moderators. But search for "torrent" on microsoft.com recommends programs I haven't heard of, and search results for "qbittorrent" and "transmission" are outright fishy.


I’m extremely suspicious of chrome. More so than a torrent client. Google is a known evil.. emphasis on evil. It’s basically voluntarily downloading spyware.


Browsers are far more battle-tested than just about any other web-facing application on your computer.

Of course, you could make the personal decision to trust a client, and that is fine. But if you aren’t willing to blindly trust a client, the other guy’s point still stands - browsers are probably just the better choice here from a security POV.


> Browsers are far more battle-tested than just about any other web-facing application on your computer.

They also have a monstrous attack surface because they are "web-facing". A specialized client that only implements one protocol without any connection to the "web" is far easier to reason about and debug.

If you only consider the number of man-years an application has been battle-tested, you imply that design complexity and attack surface doesn't matter. If we account for complexity by using a metric like "(man-years of battle-testing)/(magnitude of attack surface)", a well-tested specialized client that hasn't had many recent bug reports is a much safer choice than anything running in a browser.

> blindly trust a client

That's even worse for the browser: you have to trust several orders of magnitude more code implementing a massive set of interdependent features. Yes, there are probably a lot more people working on fixing bugs in the browser, but there are also a lot of people adding/modifying features and thus creating new bugs.


But a bittorrent client isn't trying to be a browser and all the complex stuff that requires. All it's doing is downloading bittorrent files and having a usable GUI.

And as the original article demonstrated the first half of that is a weekend project.


With webtorrent clients you might just get a miner in your codebase:

https://github.com/DiegoRBaquero/BTorrent/issues/71#issuecom...


A "miner" wastes a bit of my cpu while I have the website open, frankly, who gives a crap? If I do give a crap I'll notice and close the webpage.

I'm much more concerned about "real" viruses like ransomware that the browser does successfully protect against.


Lots of people give a crap, myself included. Why would I run a resource hungry browser process with a huge attack surface and support for dozens of protocols, plugins, etc for the entire length of the transfer just to download some files?

For a dedicated torrent client to infect your PC with a "real" virus, you'd need to download the torrent and execute the file yourself (PEBCAK). I trust my own judgement much more than some random webpage.


Moving the application layer to the browser won't magically solve trust and security problems in the long run. This is a battle OS vendors should resume fighting.


From a user's perspective it "solves it" because you already have to trust the browsers security.

Or in other words torrenting becomes no worse than everything else you do.


Busy box (I think) has a torrent client in it and most Linux distributions ship with that if I remember correctly.

If you’re worried about how “sketchy” it is most busybox applets can be read through and totally understand in a few hours tops.


The internet tells me busybox doesn't provide a torrent client.

But you're missing the point, even if it did it wouldn't be a torrent client non-technical users can use. It's not me, a programmer, who I'm talking about here.


The torrent client isn’t the sketchy part of torrenting.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: