First of all, please forgive me my not so perfect English. Now the feature request and it's motivation will follow:
We live in time where privacy is becoming more important than ever, and software must react to this situation. One of key features I am missing in any torrent client is an enhanced privacy where all the settings (filelist) would be encrypted, and the fact that it is encrypted would be somehow made known to public.
There are adversaries who can target the user depending on the content he shared, and when they pick their target they prefer to pick easy one. For the adversary the most important information is filelist, as he needs some kind of an evidence that certain files were shared from user's particular computer. If he knows that from certain user it would be more diffucult to obtain this private data than from another, he will avoid such user and opt for lower hanging fruit, as there are still many to pick.
The user who want to be safer should not only encrypt his folder with torrent client profile, but he must also announce this information in public. Right now he can encrypt the profile with third party utility thus preventing the adversary from obtaining his private information, but he can't diminish adversary's motivation to make an attempt to access his system. The fact that certain file is found on user's computer does not pose a problem to the user, only the fact it was obtained via torrent technology where it was being shared while it was being downloaded. Therefore some kind of encryption of profile/setttings folder must be build into the torrent client and this fact must be announced via the client's name.
Therefore, I propose this enhancenment to Tribler client:
When Tribler is being started, it will ask for a password that will be used to decrypt all data that could indicate that some certain files were obtained via it. It means that filelist and any files (logs etc.) containing names and/or hashes of files that were download/shared/touched will be stored on the disk only in an encrypted state. It will not be possible by any mean to prove correlation between profile/settings and any file user might have on his disk. Also it must not be possible to figure out how much data were downloaded and uploaded via the client.
Encryption of the profile will be optional and will be disabled by default. When user enables it, he will have to enter the password for the profile, which he will have from then on to enter whenever he starts Tribler. When the feature is enabled, then client's name will change from Tribler to [Sec]Tribler so that others can see that user's profile settings are secured/encrypted. In this way the fact that user's filelist is encrypted is announced to the public, thus diminishing possible adversaries's motivation to target that particular user.
Additional option - after some time of inactivity, the application will be locked and minimized to tray and it will be possible to show it again only after entering the password. Thus any adversary with physical access to the computer will not be able to simply access user's private data. While it would be of course possible with some advanced forensic tools, it would make it harder to unprepared adversary. As in most cases known to me the adversary only grabs the computer for further investigation, this feature will be in practice quite useful.
I believe that those security enhancenments might not only make Tribler better and privacy-enabled, but it could also start a new trend in the torrent security. To change client's name in certain way so that other's knew about this security enhancenments could be a new de facto standard (prefix client name with [Sec]) that would benefit whole community.
Maybe I could create a new client with rasterbar's libtorrent if I was not so lazy, but even if those features were included in some minor client, they would not hit the major population of users. For profile/settings/logs encryption to work as described above, the practice must be spread enough to be well known to those evil adversaries...
Log in to post a comment.