top of page

Case Study: BitTorrent Live

bt_live-hero-2.png

Designing trust into peer-to-peer streaming

A BitTorrent-based live streaming service


Role: Product Design, Research, Product Direction, Interaction Design, Component System

Scope: Shipped Beta


What this case study is about: the product-judgment call at the center of the work, and the system that made that judgment hold up across the product.

 

The reframe (and the assumption it killed)

 

​We went in assuming the differentiator was speed, with less buffering than the competition. The survey data backed it up, and on the surface, people did complain about buffering elsewhere. The interviews told a different story. The tech-savvy users already trusted P2P and mostly wanted control. But the mainstream segment we were trying to grow into didn't doubt the speed. They doubted the category. "Torrent" was the thing they'd been warned against installing.
That changed what we were building. The thing blocking mainstream adoption was perceived risk, so a faster player would have solved a problem our existing early adopters didn't have, for an audience we already had. Making that case took a few rounds of internal arguing. Performance was the engineering team's point of pride, and "make it feel safe" sounded soft next to a latency number. My argument was that trust had to be designed into the product, surface by surface, rather than handled by a reassuring landing page.

The hard part: designing provenance you can feel

 

The real design problem was explaining to users where a stream came from and why it was safe without drowning them in legal disclaimers or technical details. Two failure modes sat on either side of it. Say too little, and a clean player that explains nothing leaves a wary user assuming the worst. Say too much, and security badges and legal notes on every screen read as defensive, making people more suspicious.

What worked was treating trust as ambient and progressive instead of announced. Decisions I'd still defend:

  • Provenance rode on the content, not in a settings screen. Every piece of content carried a lightweight source-and-safety indicator at the card level, so the signal traveled with the thing being watched instead of living in a menu nobody opens.

  • The player showed the network's real health. Rather than hiding the P2P mechanics, it surfaced the connection and source status in plain language. Showing how the stream was delivered made it read as more legitimate, and transparency came across as confidence.

  • Depth was available, not required. Advanced users could open full source and connection details; everyone else got a single resolved signal and never had to think about it. One component, two depths of disclosure.

The trade-off I owned: all of this leaned on the verification behind the indicators. A "verified" badge is a promise, and if the backend couldn't actually guarantee it, the design would be lying to users worse than staying quiet. So I scoped the trust states to exactly what the system could substantiate, and cut the ones it couldn't substantiate. That constraint shaped the component set more than any visual decision.

Making trust a system property, not a screen

Trust signals only work if they're identical everywhere. A safety indicator that looks authoritative on the home screen but slightly different in the player teaches people to stop believing it, so consistency here was the mechanism, not a polish pass. I built the product around a small set of reusable components that carried trust as a first-class property:

  • A content card with provenance baked into its structure, used identically across home, search, and recommendations — the same object carrying the same signal everywhere it appeared.

  • A player is defined as a set of explicit states — connecting, streaming, degraded, source-verified, source-unknown — rather than one happy-path screen. The "unknown" and "degraded" states got as much attention as the happy path, since those are the moments trust is actually won or lost.

  • A single expand-for-detail disclosure pattern is reused across security info, network settings, and content sourcing, so people only need to learn it once.

Defining the player as a state machine was the decision that proved to scale. A dropped peer or an unverified source had a designed, on-brand answer instead of becoming a one-off error screen later, which is exactly where trust products tend to leak.

A note on period honesty: the systematization here was component- and pattern-level, built for reuse with the tooling of the time. It predates the token-pipeline practice I work in now, and I'm not going to retrofit that language onto it.

Outcome

In beta testing against traditional BitTorrent clients:

  • Session duration rose roughly 35%, consistent with the trust and clarity work removing the hesitation that made people bail early.

  • The biggest adoption gains came from the non-technical segment the reframe was aimed at, not the existing P2P base.

  • In post-beta feedback, source transparency and safety signals were the reasons users cited most for feeling comfortable streaming.

The audience we redesigned for is the one that showed up.

What I'd change

  • The verification states were scoped conservatively to what we could guarantee. With a deeper backend partnership, I'd have pushed for a real provenance chain-of-custody for licensed content rather than a binary verified/unknown.

  • The persona model was useful internally, but flattened a real spectrum of risk tolerance. I'd design the trust disclosure as one adaptive system rather than implicitly per-persona.

  • LinkedIn
bottom of page