PSA: If you're going to write software for piracy, put it on I2P!

onlinepersona@programming.dev to Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ@lemmy.dbzer0.com – 172 points –
geti2p.net

movie-web was just taken down with all its repos, Yuzu was taken down, then suyu forked it on gitlab and was taken down, countless clones of nintendo games, platform emulators, and a bunch of other things are taken down because they are hosted on the clear web.

If you're a dev and planning to write software for piracy, host it on I2P!

50

Just don’t use public and free services like GitHub or GitLab. Setup your own webspace with a trusty provider, install Gitea/Forgejo and host the code yourself. It’s that easy!

Not Gitea, they got bought by a for-profit company or something

So far nothing bad has happened and the company was founded so they can sell support hours to businesses. Just like lots of other companies behind Open Source projects do it. 🤷‍♂️

Why does that matter? The most popular Linux distros are run by for-profit companies.

I'm curious what real-world scenario you're envisioning that is likely to happen soon.

Then they can request the provider to hand out your details just like they can with github, gitlab, codeberg, or whatever.

Anti Commercial-AI license

But they can’t just DMCA it under false premises. GitHub and others just don’t want to risk anything and are pretty quick with taking down repos without checking anything.

Also there are still a few countries that don’t bow before the US-invention that is the DMCA.

If they don't honor DMCA, what stops them from suing you? And if they got that far, wouldn't you rather want a DMCA?

Probably staying on the clear web is good for discoverability, but that's a two edged sword, because if you piss them off enough, a DMCA would be the best outcome.

Anti Commercial-AI license

At least in Germany, many of these copyright claims have no real legal grounds and wouldn't hold up in an actual trial. All cases I've read into so far ended with a settlement - as the private person was too afraid of even more legal fees. Or were dropped completely after a while (full of empty threats) if the people never engaged with the other party.

Can't they just DMCA the provider then? To request to disable your account

DMCA is only valid in the US. Those other countries obeying it are usually just doing it to avoid trouble, but there's no real legal obligation. (But if ignored, it is pretty safe to assume that any bigger company would look into local laws and try to find a different way.) But from what I've heard, hosters don't just close your account because of some DMCA. They will actually look into it and work with you to solve it.

And in the end, you could simply host it on a Raspberry Pi at your home. The ISP can't be held responsible for the data you transfer, so they won't just shut down your Internet connection. And if you get a strongly worded letter from some company, you can send it directly to the recycling bin.

I remember trying to play with I2P back in the day and it being slow. Now I wouldn't even know how to access it. Is there something I can read or watch that can reintroduce me and teach me the basics?

https://geti2p.net still exists.

I2P is still slow, but that's because there aren't many nodes. It is faster than a few years ago though. I can get download speeds of 100 KB/s or more. It's like TOR in the early days with mostly private nodes and few hosted nodes. It's easy to get a VPS and host and I2P node for a fiver a month or less.

Anti Commercial-AI license

Also check out Radicle, it's basically decentralized Git. @forgejo@floss.social is also working on a federation solution: @ForgeFed@floss.social (https://forgefed.org/)

Radicle can still suffer under a DMCA if it's on the clear web. They just have to take down the node(s) hosting the repos, same as github, gitlab, et al. However if radicle works on I2P, that would be... rad 🤑

Anti Commercial-AI license

What is I2P?

Thanks! I think it would be a good idea to add a short info blobb directly in your main post tho :)

It's not my post so you'd have to ask OP to do that.

Sound like the tor network? Or am I missing something?

https://geti2p.net/en/comparison/tor

Perhaps the main differences are:

  • Unidirectional tunnels instead of bidirectional circuits

  • Fully distributed and self organizing

  • Packet switched instead of circuit switched

  • Tunnels in I2P are short lived

  • i2p puts an emphasis on communicating within the network, whereas Tor puts more emphasis on communicating via the network to outside

Together these provide some additional resilience and protection against traffic analysis compared to Tor, arguably improving security.

Different purposes. Tor was intended so you could access the real web anonymously.

I2p the whole thing is an anonymous web. Everybody is a node. Tracing a packet never ends because you can't be sure you found the origin of the packet. Which only gets worse the longer somebody remains connected to i2p. And it even can handle torrenting, a torrent client is built in.

I2P sadly gets a lot less funding/support.

I'm stupid, can someone please quickly tell me what I2P is?

If you know TOR, I2P is TOR but with P2P support.

But in general terms, it's anonymization network. Data is sent over multiple hops/nodes and the original source is not included. The nodes are hosted by random people. The downside is that the slowest node in the chain of nodes between the source and the target means that's how slow the entire chain is (at least). So, the more nodes, the better for anonymity, and the faster the nodes are, the better for speed.

Anti Commercial-AI license

A side question : I'm making a similar protocol, anyone knows some space where you discuss stuff like I2P, IPFS etc?

They all have their pros and cons, and I'd like to see if my protocol and its possibilities would interest.

Cheers

That's a good question. Unfortunately, I don't know. IPFS does have a matrix channel where you could ask questions though.

Anti Commercial-AI license

Thanks!

I actually went there maybe 6 months ago, but they were (which is totally okay) not interested in my protocol or how it works. I'm probably not very good in selling it either 😞😊.