What settings to stay anonymous

Hi

Please help, done some searching and still confused, What is the easiest and best setting for utorrent to be anonymous when file sharing?

I enabled incoming Protocol Encryption, is that enough?

I am confused about VPN and proxy servers.

Please help

Much appreciated

Thanks

Mick

Hi

Please help, done some searching and still confused, What is the easiest and best setting for utorrent to be anonymous when file sharing?

I enabled incoming Protocol Encryption, is that enough?

I am confused about VPN and proxy servers.

Please help

Much appreciated

Thanks

Mick

Hi Mick,

I've studied this too and here's what I (think) I understand. This is my own simplified version. I may be wrong...

uTorrent encryption - This encrypts the data stream between your computer and the trackers you're connected to. It obfuscates your content from your ISP. They can see the amount of data you're passing through their system, but not the contents. It does NOT hide your IP address!

Proxy Server - This does absolutely NO encryption of your data stream. It changes your IP address to the world but your ISP can still see everything, including your torrent activity. If your proxy fails it will still "leak" your true IP address to the world and the trackers you're connected to.

VPN (Virtual Private Network) - This bores a tunnel into another network. It's the equivalent of taking a network cable from your computer and plugging it into another network at a different location. The "cable" is an encrypted data stream. Your ISP can't see anything but a stream and your public IP address is that of the network you're connected to. You have to login to the other network. Once again, if your connection fails, you may "leak" your true identity.

I have listed them above from least secure to most secure as far as "tracker" anonymity.

Like I said, this is my simplified understanding about how these things work. I may be wrong and look forward to some additional comments to clarify my understanding.

I too hope to have answered a couple of these security basics.

Absolutely without getting into reasons why since that has devolved, in dozens of old threads here, into a too much ad hominem flame having nothing to do with the real questions.

Proxy Server - This does absolutely NO encryption of your data stream. It changes your IP address to the world but your ISP can still see everything, including your torrent activity. If your proxy fails it will still "leak" your true IP address to the world and the trackers you're connected to.

Is this correct? I have read many of the older threads here about vpns, socks proxies, ip spoofs/changers, and have taken from them that a proxy can no more "hide" or "leak" your ip to the world or trackers since it seems to be conventional wisdom that peers must be able to "see" your ip in order to share data with it.

Is that correct? Why the popularity of so many "free" ip changer programs then? Do many users misapprehend the function of them?

I guess I'm still in the dark about much of this since I did install a trial of a VPN service, went to http://www.whatismyip.com/ and it succeeded in changing my ip. What does that mean exactly? If I now connect to peers via utorrent does this VPN not, without a doubt, change the ip that is logged somewhere while I'm downloading content on utorrent? How does it do that if I MUST show my real ip to the peers/trackers in order to do the sharing?

how is it possible that even though http://www.whatismyip.com/ shows a different IP than my own, I still must check my torrenting ip via http://www.checkmytorrentip.com/? Evidently, according to the sources that suggest I must check there, my ip may be changed for the sake of all other web activity, but it may not be changed for the sake of downloading torrents.

I tried the checkmytorrentip site and cannot manage to get it to work. Generates a torrent download in utorrent that just sits there saying "searching for peers" and the checkmytorrentip just says "your torrent ip has not been detected yet". I've tried it open, no vpn, no socks proxy. I've tried it just vpn. I've tried it just socks proxy installed in utorrent. In each case I can download other torrents without a hitch. While they are downloading even, I try checkmytorrentip, and it still says "your torrent ip has not been detected yet.

Sorry. Hope we can avoid the "your an idiot if you think you can hide your ip" kind of stuff. I have read all the threads here regarding this and tried pretty hard to google deeper understanding of it. But these bigger parts of the picture just keep eluding me.

Is this correct? I have read many of the older threads here about vpns, socks proxies, ip spoofs/changers, and have taken from them that a proxy can no more "hide" or "leak" your ip to the world or trackers since it seems to be conventional wisdom that peers must be able to "see" your ip in order to share data with it.

Is that correct? Why the popularity of so many "free" ip changer programs then? Do many users misapprehend the function of them?

Yes it is, and yes users do miscomprehend what the function of the various systems are.

A proxy server simply makes the request on your behalf, so only 'hides' your ISP provided IP from the source. The packets are still routed through your ISPs system and are readable there.

A VPN on the other hand vreates a "virtual" network interface and gets an IP from the VPN provider and directs all your network request through that tunnel, your ISP can then only ascertain the amount of data that is passing through your router but the packets are not readable on their systems.

A proxy server simply makes the request on your behalf, so only 'hides' your ISP provided IP from the source. The packets are still routed through your ISPs system and are readable there.

So a proxy server does hide your IP from peers and trackers (are they the same thing?) on utorrent? I've been reading here that a proxy (a socks proxy inserted directly into utorrent's proxy window) blocks too much peer exchange to be even a little bit useful. Not true?

And what sort of real risk does leaving such traffic visible to the service provider pose? My take on that (could be completely wrong) is that the only parts who really care at all about such content are the people affected by it monetarily.... the IRAA. The ISP is extremely happy, giddy in fact (unless you literally are abusing your bandwidth, which the majority of casual torrenters are not) to be getting your monthly check and are not in the financiall interested in harming that relationship until/unless compelled to by some higher authority. The likelihood of which happening, of course, is greatly diminished by keeping your ISP off of the radar of the parties upstream of the service provider.

So what are the real risks here?

The risk of getting a mere warning from your ISP seems pretty high, it seems, from anecdotal evidence in forms. They respond to requests from some party upstream who noted your IP. The risk of actually ignoring those risks repeatedly without either quitting torrenting or putting some form of security in place are very very small. Then the ISP is most likely to throttle you down to uselessness.... and finally just cancel your account.

The risk of being threatened by one of a cadre of lawyers ostensibly working for the RIAA is the next step down in likelihood and approaching very unlikely indeed. Finally the risk of actually getting a summon to appear from the RIAA is very very very small.... and vanishingly small for anyone not actually involved in posting content directly to torrent sites and/or making person profit from such activity by doing so in enormous and very conspicuous volume.

Is most of that about correct? Are most 'regular' consumers of torrents just overstressing?

I think what is often asked in regard to such security, from people other than myself of course;), is not how to gain security absolutely but about what steps to take, in some order of effectiveness, to limit risk.

Many are so concerned that they would worry about any possibilities at all, with little rational assumption of risk in the first place. They probably look over their shoulders when compiling/recycling a mix of purchased ipod apple tunes for their girlfriends, have not flown since 911, and spend a sizeable part of their paychecks on lottery tickets. They generally carry the thread into the bloody flames with some silly distraction clamped in their teeth like a terrier on your pantleg.

For the more reasonable who are asking questions, it's just a matter gaining a bigger picture of real privacy, security from spam or exploitation, and possibly getting caught up in some riaa sweep for downloading some fantastically obscure 1957 black and white that is not available anywhere on earth commercially except through some kindred soul on a torrent site.

(are they the same thing?)

I've been reading here that a proxy (a socks proxy inserted directly into utorrent's proxy window) blocks too much peer exchange to be even a little bit useful. Not true?

As a a question then it is true.

As a statement you would be wrong

I think what is often asked in regard to such security, from people other than myself of course;), is not how to gain security absolutely but about what steps to take, in some order of effectiveness, to limit risk.

And yes; To ensure absolute security, the only answer is: Do NOT download copyright material.

The risk of being threatened by one of a cadre of lawyers ostensibly working for the RIAA is the next step down in likelihood and approaching very unlikely indeed. Finally the risk of actually getting a summon to appear from the RIAA is very very very small.... and vanishingly small for anyone not actually involved in posting content directly to torrent sites and/or making person profit from such activity by doing so in enormous and very conspicuous volume.

I have a fixed IP and use no proxies or VPNs, though I do pay for a BTGuard VPN, AND have a Tor network setup, but that is for occasional use and for reasons other than running BitTorrent clients through.

Hypothetical.....

I want to see Bela Lugosi in "Genius at Work".

I've checked to the very best of my ability to find it commercially and failed. I've even emailed a couple of obscure vendors and they've responded that it's out of print and not available.

Some kindred spirit has put it up on a torrent site.

I don't know and, for the sake of this hypothetical, it ends up being difficult to discover if it is still copy protected. I've emailed the RIAA and they never responded. I tried calling them and they took my name and number and promised to get back with me.

I download the movie with utorrent.

Just to maintain a margin of safety, just in case there continues to be a misapprehension on my part of the justification for this, I select a public proxy from hidemyass.com and simply insert it in the proper fields in my utorrent client.

I go to checkmytorrentip.com and the site informs me that my utorrent client is using the proxy ip I've inserted, no other ip is detected, and no proxy is detected. So far so good. I'm using an http proxy since every socks 4/5 that I've tried seems to completely block any download of torrents in utorrent. The proxy is listed as http, Ecuador, very high speed, high security.

Now..... is my real IP getting logged anywhere downstream? I guess the proxy server in Ecuador is logging it, but can it leak beyond that point? If someone at the RIAA decides to seek recourse against everyone downloading this Bela Lugosi film from the fifties, they will see a list of IPs from US downloaders and send their service providers letters corresponding to those. But will they just ignore an IP logged from Ecuador? If so, why would I bother with a paid VPN for simply torrenting?

I think I get that the VPN is not logging anywhere at all, even in Ecuador. But the proxy server in Ecuador may be logging my IP from just using a proxy in utorrent, and if enough people, dozens and dozens, are likewise using this proxy to download this particular Bela Lugosi film, then the authorities or the RIAA might consider it worthwhile to petition their records. But unless this is the latest, just released hollywood blockbuster film with 300 people using this Ecuadorian proxy to download it, the likelihood of any such petitioning for records is far less than winning 600 million dollars in the lottery. No?

I've tried.... really I have... to get a basic understanding to this via google search. For some reason, these ABC's of proxies just don't seem to be explained anywhere. But as far as torrenting via utorrent, it ought to be a simple question I'd think.

I've emailed the RIAA and they never responded.

it ends up being difficult to discover if it is still copy protected.

Not that difficult.

Copyright in a film expires 70 years after the end of the year in which the death occurs of the last to survive of the principal director, the authors of the screenplay and dialogue, and the composer of any music specially created for the film.

from http://www.ipo.gov.uk/types/copy/c-duration/c-duration-faq/c-duration-faq-lasts.htm

Or read the World Intellectual Property Organisation (WIPO) PDF on copyright.

http://www.wipo.int/freepublications/en/sme/918/wipo_pub_918.pdf

So as Leslie Goodwins died in January 1969 .. copyright expires in January 2039; but to be honest, for your example, worrying about an out of print film that maybe a few hundred people in the entire world would be downloading is not likely to attract the attention of anyone monitoring downloads. They are really after the "big fishes" where stopping the theft of such property is actually a commercial concern rather than a protection of intellectual property concern.

Folks, I am a brand newbie to forums so hopefully I'm joining this stream appropriately. I am concerned about an anonymous issue not yet discussed. When looking for alternatives to torrent anonymously I investigated the TOR network which is a onion routing network used primarily to evade repressive regimes.

https://www.torproject.org/about/overview

This research turned up this link which is very disconcerting because if I understand it correctly, it states that in some situations certain bittorrent clients and names uTorrent by name (!), that the client itself imbeds the native IP address into the tracker and peer requests so no amount of network obfuscation is going to help. That uTorrent itself is ratting you out by placing the address in the bittorrent protocol requests independent of any network protocol.

https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea

Questions:

1) The post is quite old (2010-04-30). Was this a known issue that used to exist and now doesn't? I haven't had a chance yet to review the release notes (assuming all the back dated ones are available).

2) Is this only an issue if you don't have a router? How would uTorrent know what your external IP address would be as everything is NAT'd? Would it only imbed your non-routable and hence non-traceable address into the tracker and peer requests?

Anyways, this put a chill through me. Hopefully it's just my ignorance.

I investigated the TOR network which is a onion routing network used primarily to evade repressive regimes.

This is not really an issue for browsing and reading emails etc. but can be for downloads.

Tor is for the seriously paranoid who think that "Echelon" (or "The Machine" in "Person of Interest") does exist and is monitoring EVERY single communication we make.

Or of course, people who really do have something to hide.

The paragraph in the link I provided about not using bittorrent over TOR that concerned me was this one:

The attack is actually worse than that: apparently in some cases uTorrent, BitSpirit, and libTorrent simply write your IP address directly into the information they send to the tracker and/or to other peers. Tor is doing its job: Tor is _anonymously_ sending your IP address to the tracker or peer. Nobody knows where you're sending your IP address from. But that probably isn't what you wanted your Bittorrent client to send.

If this is correct, then this is not a problem unique to TOR uses. Whatever underlying network you use, VPN or webproxy, if uTorrent is sending the IP address of your computer imbedded in the tracker and peer requests you will have lost your anonymity.

So reiterating my original questions:

Questions:

1) The post is quite old (2010-04-30). Was this a known issue that used to exist and now doesn't? I haven't had a chance yet to review the release notes (assuming all the back dated ones are available).

2) Is this only an issue if you don't have a router? How would uTorrent know what your external IP address would be as everything is NAT'd? Would it only imbed your non-routable and hence non-traceable address into the tracker and peer requests?

Thanks

It is the Internet layer of the network interface that constructs the data packet (TCP or UDP) with the return address and port data. The client simply informs the transport layers that a block of data has to go to somewhere else.

The machine NiC then passes it off to the routing device which then adds the external IP that the returned data has to come back to, and so on through as many 'hops' as necessary to reach the destination.

ciaobaby, I'd rather hoped that anyone responding would not pick apart the hypothetical question itself without addressing the MAIN points. Did you overlook the gist of my post in your zeal to find some fault with the question? Just what is your joy in this?

Would you have any interest in addressing my main points?

I select a public proxy from hidemyass.com and simply insert it in the proper fields in my utorrent client.

I go to checkmytorrentip.com and the site informs me that my utorrent client is using the proxy ip I've inserted, no other ip is detected, and no proxy is detected. So far so good. I'm using an http proxy since every socks 4/5 that I've tried seems to completely block any download of torrents in utorrent. The proxy is listed as http, Ecuador, very high speed, high security.

Now..... is my real IP getting logged anywhere downstream? I guess the proxy server in Ecuador is logging it, but can it leak beyond that point? If someone at the RIAA decides to seek recourse against everyone downloading this Bela Lugosi film from the fifties, they will see a list of IPs from US downloaders and send their service providers letters corresponding to those. But will they just ignore an IP logged from Ecuador? If so, why would I bother with a paid VPN for simply torrenting?

I think I get that the VPN is not logging anywhere at all, even in Ecuador. But the proxy server in Ecuador may be logging my IP from just using a proxy in utorrent, and if enough people, dozens and dozens, are likewise using this proxy to download this particular Bela Lugosi film, then the authorities or the RIAA might consider it worthwhile to petition their records. But unless this is the latest, just released hollywood blockbuster film with 300 people using this Ecuadorian proxy to download it, the likelihood of any such petitioning for records is far less than winning 600 million dollars in the lottery. No?

I've tried.... really I have... to get a basic understanding to this via google search. For some reason, these ABC's of proxies just don't seem to be explained anywhere. But as far as torrenting via utorrent, it ought to be a simple question I'd think.

Now.... why would you make the effort to respond at all if you were only interested in attacking the fluffy first 1/4 of my post? (that's a little weird by the way.... what's with the chip on the shoulder? We're all here to share info, no?) You completely ignored the last 3/4?

Maybe you just don't have any knowledge to add here?

No it's simply that I over estimated your capabilities and comprehension of networking

So dumbed down then.

Outgoing:

Your REAL external IP is visible from YOUR router to the FIRST hop in the network route, if using a proxy this means that the IP, port and data is visible through your ISPs system and your ISPs gateway to the Internet backbone(s). The proxy then makes the outgoing request to the source and it is the proxy IP that is exposed there.

With a VPN the initial connection is NOT via your router or your ISPs router, so the external IP is one that the VPN provider supplies.

And if using a proxy that DOES log traffic will leave your ISP provided IP available in those logs.

Oh and by the way.

Correcting your hypothetical points of contacting the RIAA over a movie was not particlarly for YOU but for OTHERS who may read this thread in the future and incorrectly assume that the RIAA is in control of movie copyright.

Being hypothetical in no way means that the incorrect statement should NOT be addressed.

Thanks for the update on that. You didn't dumb it down so much as just skip the main points almost entirely. Thank you for updating that though.

"Dumbing down" needn't be a insult in any case. I generally appreciate any effort made to "dumb down" a response. Most people do actually. It's pretty unusual for a response to so overstate the obvious to the questioner that I frankly can't remember ever seeing a questioner impatient or aggravated by such. They'd be the bigger @$$ for doing so anyway.

A question is asked because the poster genuinely does not know much about it. My questions in this thread made that abundantly clear in any case without you having to remind me that....

it's simply that I over estimated your capabilities and comprehension of networking

For the future, that's probably not a wise estimation to make in most cases ciaobaby. Just lights up otherwise unprovoked flames

For the future, that's probably not a wise estimation to make in most cases ciaobaby. Just lights up otherwise unprovoked flames

That is one major problem with forums, you never have the measure of the questioner until:

A: The answer was way over their head

B: The answer was patronising

In either case [or both cases] the questioner decides to take umbrage because:

A: they either didn't understand the answer

B: feels their intelligence has been insulted

C: decides that you are just talking bollocks for the sake of it.

And then there are the ones who ask a question but want an answer to a different question, and then get hacked off because clarification is asked for. Discussion forums have long since disproved the maxim of "There are no stupid questions"