Carl: the torrent client I always wanted but couldn't find \ stacker news

pull down to refresh

Carl: the torrent client I always wanted but couldn't find

3731 sats \ 25 comments \ @whitewolf 4 Jun nostr privacy

If you've ever felt like you were renting your own privacy from a tracker, this one's for you.

I've been using BitTorrent for years, and one thing always bothered me. The protocol is peer-to-peer, but almost nothing around it is. You still depend on trackers and indexers to find anything, and those are the parts that get blocked, seized, or logged. Your IP is attached to every piece you download and seed. For something that is supposed to be decentralized, that always felt wrong to me.

So I started building Carl.

Carl is a small, privacy-first BitTorrent client. It started as a CLI, like most of my projects, and now I'm building a proper desktop GUI on top of it so it is not only for people who live in a terminal. The goal is to do everything a BitTorrent client should do, without leaking who you are.

Finding torrents without trackersFinding torrents without trackers

The first difference is how you find torrents. Instead of relying on a few indexers, Carl finds and publishes them over Nostr (NIP-35). Every torrent is a signed event, so you can check who published it and which relays carried it. No account, no login, and nothing central that can be taken down. You query the relays directly, and publishing is basically one command. Pretty neat, right?

Not leaking your IPNot leaking your IP

The second difference is anonymity. I wanted Tor to be first-class here, not an afterthought. You can download over Tor, and you can also seed as a Tor hidden service, which is the part I like most. Your files live behind a .onion address and your IP never touches the wire. When you seed this way, Carl turns off tracker and DHT announces by design, and it tells you clearly that it did. There is no "trust me" here, you can see the real state on screen.

Privacy you can actually seePrivacy you can actually see

One small detail that matters to me. Most clients hide routing deep in a settings menu. Carl puts a badge on every transfer (clearnet, proxied, or tor) so you always know how something is routed without going to look for it. Three ways to find peers (trackers, DHT, Nostr) and three ways to route them (direct, proxy, Tor), labeled the same way everywhere.

There are also no accounts, because there is no server. Your identity is just a local Nostr keypair that never leaves your machine.

Where it's atWhere it's at

Carl is still early. The CLI works today and the GUI is coming together. I'm sharing it now because if you care about this kind of thing, your feedback is what I need before going further.

Ask your agent to install Carl for you and to teach you how to use it:

https://github.com/vincenzopalazzo/carl

Follow the update on https://x.com/PalazzoVincenzo/status/2062483778417701139

view all related items

6 sats \ 1 reply \ @gregtonoski 4 Jun

Why is it important to write the source code in the Zig language?

75 sats \ 0 replies \ @whitewolf OP 4 Jun

Not really important, but it is a nice language that allows you to embed a C library, so you can reuse other well-known libraries, but it is not the language that the tool is written in, but it is what problem you solve with that language.

You can write it in C, rust, go, Java, Haskell, Ocamel, who are is you provide a good tool to people

13 sats \ 19 replies \ @BallLightning 4 Jun

Why turn off DHT?

6 sats \ 18 replies \ @whitewolf OP 4 Jun

is turned off because it can't be anonymized (UDP can't traverse a SOCKS5/Tor tunnel), so leaving it on would broadcast your IP and silently break the privacy guarantee the proxy/Tor mode exists to provide.

129 sats \ 17 replies \ @optimism 4 Jun

Could maybe do something like https://github.com/mullvad/udp-over-tcp through a set of tor hidden services.

6 sats \ 16 replies \ @whitewolf OP 4 Jun

yeah but why? too complicated! jsut announce the IP over nostr and sleep well :)

82 sats \ 15 replies \ @BallLightning 4 Jun

DHT is genious way to make truly decentralized, infinitely scalable and most importantly, extremely efficient index. Very rarely someone finds genious solutions like this.

75 sats \ 13 replies \ @justin_shocknet 4 Jun

It works in theory not practice, trackers are still a thing all these years later because DHT is slow and unreliable.

6 sats \ 11 replies \ @BallLightning 4 Jun

It does work in practice. Almost everything I download is via magnet links without tracker.

75 sats \ 10 replies \ @justin_shocknet 4 Jun

Magnet links usually have a tracker embedded (because DHT blows ass)

Unless you're stripping those out or disabling trackers in your client I assure you that you're using trackers and not DHT most if not all of the time.

view all 10 replies

23 sats \ 0 replies \ @optimism 4 Jun

DHT is always slower than a tracker, and it's always less reliable too, until the tracker goes away, then DHT is more reliable.

75 sats \ 0 replies \ @whitewolf OP 4 Jun

Sounds good, feel free to add it under a flag if you want it. This is the nice thing of open source

I have nothing wrong with your point of view

6 sats \ 0 replies \ @sox 4 Jun

Congrats! I'll try this out later today.

Always nice to see Italian devs here 🇮🇹

6 sats \ 0 replies \ @nitter 4 Jun

https://twiiit.com/PalazzoVincenzo/status/2062483778417701139

6 sats \ 0 replies \ @Doung 4 Jun -10 sats

The internet keeps reinventing the same lesson: central points of failure eventually fail.