Even what you call LibGen isn't LG. These are LG forks, actually running against LG and pretending to be LG. LG was set up to create other libraries on its basis. Each of the forks aggressively fights for own dominance in all ways, and they resist the development of other forks by naming themselves LG and sucking in all the funds to personal possession without public reporting. Being forks themselves, they have closed the open project for own ambitions and for money grab.
Their values are incompatible with LG, and all what's left similar is the external part of letting download books, without which there would be nothing useful to look at.
Yeah, and the herculean work is actually done outside such aggregators by myriads of smaller collections, digitizing, binding, processing, collecting, and channeling millions of handmade books into rivers of literature, for free and ready to grab. The growth is global and isn't relevant to what the forks do.
While it's nice to see people reading, learning, and loving libraries, keep in mind the Library Genesis remnants you are typically using are money hogs covering their profiteering under the original altruistic LG disguise. They don't produce forks and link up everyone to work for their own growth. That's not what LG used to be.
Anchor does not solve the bootstrapping issue. You may click an URL with an anchor or without, but the new page in the browser will need to load the database fragment and search over it before showing you the retrieved record. There's no faster way known yet in this implementation.
Evolution makes different systems adopt each other's features and eventually they may equate as operating systems did. IPFS has key necessary features more on the surface and is a lot more adaptive to modern operating systems compared to torrents, with much less internal games nearly absent in a nodal IPFS software design.
Multiple things make IPFS a more architecture-oriented solution than application-oriented BitTorrent.
There are various application features yet holding back BitTorrent and LG will utilize them in future.
True, but I gave a solution for such countries and other cases along the lines: use VPN. It fully recovers security. You only need to quit your local network to bypass MITM risk. VPN does a lot more for your security and privacy.
It is not less secure since there's no equivalent more secure option. Don't mix problems of your network access with global decentralization. Decentralization alone is a way for better security by obscurity, but you should appreciate that whoever makes the project are volunteers having scarce resource and who don't want to make it a job for making it perfect for infinitesimal concerns.
I have no idea what "original" you refer to in this context. If the Web is more secure with broken HTTPS here and there and fully centralized access, you probably didn't fully understand what the dWeb project is doing.
1. The main contributor, the author, of this code sees this thread, but previously he asked not to mention his nickname. However, to give it an own tag, libgen.crypto is referred to as antisite. If he wishes otherwise, we'll happily present him to the public. Phiresky deserves the other half of the appraisal for his work on the underlying VFS. By looking at how people find each other to get tiny bits together into something mind-blowing we see how LG functions as a social development core, as a heritage harvester, and as a living organism.
Everybody who makes a contribution, even a smaller one, no need to make revolutions every day, directly affects the civilization through Library Genesis. LG is built of contributions in the same way as our body is made of cells. It's our heritage.
LG should fit in the abyss for the poor, but let the business evolve. A rebalancing from the legal entities will be required, but then a global balance can be established. Even widely known, it should take its place, and businesses their place. The two sides aren't mutually exclusive, but rather complementary.
Business cannot offer what LG does, and in this frame it is pointless to battle LG.
There is always a trade-off between convenience and security, and in the comment about http user's convenience is considered a priority.
Papers are distributed with IP-addresses stamped in many pdf files upon their downloading from publishers, and nobody seems discussing it. This is incomparably more harmful than some random MITM somewhere done by someone and requiring an infrastructure invasion. But even this has not yet posed a real threat.
BitTorrent: anybody directly intercepts the IP-addresses of seeders, and again, no much worry. No need to hack in as with MITM, it's just yours, go watch.
So, no problem with MITM in this project, at all. People who want to steel the projects reputation or name, simply squat domains or make various groups.
In my opinion MITM is no much different from intercepting a phone conversation by connecting to physical wires going to your apartment. It's very localized.
I've just reread my message above, it has many mobile typos. Sorry about that. I hope it wasn't too derailing.
About MITM I'd like to add that this event is an exception even for a single person, since (the same) MITM cannot occur on different millions of network we all randomly switch. Anybody would see that the target site doesn't behave as normal at some point, should such an event happen.
Indeed, malicious networks exist and the key points here about them would be:
1) the current libgen.crypto implementation is read-only and doesn't request anything of value to be transmitted over the network;
2) your personal visiting statistics would quickly reveal, if MITM attack occurred. Eventually MITM is not more than site defacing. It's not going to be unnoticed in a read-only project, if starts behaving suspeceously.
Everyone knows what results to expect from LG (remember, the original LG project sets reputation and ethics as the top priority), there should be no issue to simply stop browsing.
Also, to avoid local network tricks (which can be very harmful), use VPN whenever possible. Nowadays it seems to be a universal tool everybody should have.
And don't connect to random WiFi networks ever. Only to those which belong to organizations you visit and are trusted.
Your post was correct, yes, since it stems from a mere HTTP protocol observation, but it ignores why it's the only way to access for some systems with some features, and that the expected harm of it for an average individual is practically zero. All variations of LG have been running without SSL for longer than a decade globally, and no problem. So, on the practical foot it's not a concern, (take into account my other comments about various issues introducing HTTPS in every part of the system).
Let's quantify it somehow to actually see if this is a concern beyond an academic exercise:
1 user out of a million users on a million networks a year may get a wrong forward due to a MITM attack on his network and notice that it is not the site he has seen a hundred times before. The probability of such an event for an average individual is something like 0.00000000000001 per annum. I call it a practical zero.
Should one get a small permanent job servicing certification for a dozen randomly expiring systems and paying money with the risk that an expired certificate, should the person die, would practically block access to resource, to get the practical zero to real zero?
My answer would be definitely not, this would be waste of life. We all know Http has this flow, but return to that comment about using http: it actually tells you may not have access at all, if you use https (not always, though, but that comment is a hint, not a statement you don't need security). Here's the choice: access with http or secure no access via https? I think there is no real choice. Neither that comment tells you more than to remember a pattern to use with dWeb domain names which reliably works.
Summarizing, your logic is correct but not practically helpful.
Story time: about 10 years ago a forker from ebookoid came in to the LG forum and started aggressively promote his site, an LG fork, selling books, while pointing out how poor LG's security was since it had no SSL/HTTPS, and his site had it. A scammer with a legit encryption was humiliating a legit project without encryption.
I hope you get my point: don't make a storm in a glass of water, because some less knowledgeable people may take it as a real breach which it is not )
I am aware of SSL on blockchain domains, but this is pain in the ass. As I mention somewhere in this thread, if random downloaders lose the same concerns about privacy as serial killers and child traffickers, I think it's better to buy a book, than to actually satisfy such demands. It can be a good joke for stand-up, though, but since there have been only a few individuals caught in the entire mankind history for making or hosting such libraries, it's not more than a joke which should not detail the world from using high tech. No need to be afraid as an academic exercise. In reality nobody needs users. At all. A few owners vs a billion users... No, bro, no. We are wasting time discussing how a book without any private data is "defaced". It is possible, if to stick a dynamite up the ass, but likely without real exposure or, let alone, the interest of all those 12 lawyers in the world fighting with piracy.
Have a glass of wine and relax. There is a long line of people to catch before you get on the list.
Didn't quite get the problem with .fun. Doesn't FF render it properly? It's a pretty conservative code behind, really nothing outstanding compared to the code of 2008. What's your JS version in the browser?
Real life has shown users are never hunted. Operators are, since they hold stuff. A random user out of a million of such a month on mostly a protected connection should really not think anybody will have a wish to find him. It's absolutely unfeasible and should only be mentioned as a joke.
The problem with SSL certification on blockchain domains is that certificates from authorities cannot be made eternal. Either unmanned, or from CA. No real alternative.
Ok, true. I think realistically, just use a community approved (and actually the only) software from the company who risks its huge business, if they become a MITM.