Jump to content

Encryption and security on uTorrent?


DeBo

Recommended Posts

Warm welcome guys from Torrentprivacy team here!

Let me answer your questions and tell you more about our software. We've been building this system for you during 7 months and messages that it's scam or shit makes us very confused.

Yes you have to you use our client, but all this done in order you can use software at one click - no configuration, no tech skills are needed.

As for speeds we've made 3 locations where you can connect to get the best speed: USA, Canada, Europe. If you're afraid that our servers will be raid you can connect Canada or Europe where privacy laws are more loyal.

The system gives you complex solution when nither your ISP can't see what you're doing (because of ecnrypted tunnell) nor the trackers and peers can't see your IP, because our servers' IP is left to them. Isn't it good?

So as a conclusion - you may not need it, but do not give negative feedbacks until you try it. And again, I'd like to answer your question regarding the subject of privacy, lawsuits and downloaders.

Link to comment
Share on other sites

  • Replies 76
  • Created
  • Last Reply

Well OK.. I have a question.. ;)

Is it just my imagination or I could have sworn when I found your site last week one of the sign-up options was a "free" account limited to 128kb of throughput? I checked a few days later and that option was gone.. I think.

Not that I'm cheap or anything and oddly.. my torrents don't run ANYwhere near as fast as my regular downloads.. nor my Usenet pipeline, but I'd have to justify another $10 a month above and beyond what I already pay for my broadband, then add my Usenet service.. then Rapidshare premium access.. you get the picture.

The whole concept I'm enjoying about this "new" (.. to me anyways) P2P concept.. is that it's the one and only freakin' avenue I DON'T have to pay for! I'm probably willing to even tack on a little more moolah for privacy.. but that kind of money for something I NEVER get more than 50kb total of throughput on (most of my torrents aren't "popular".. hence not much speed).. has to be worth my while.

Link to comment
Share on other sites

Ok, guys thanks for warm welcome back and let me answer your questions.

scorch:

Yes we had free version for a several days, but it's a pity that we couldn't keep it. The reason we've given out of it - we were having less paid registrations and much more bandwidth used. We charge for membership not because we want money bad, but because when you download movie using our servers we pay for it: we pay for bandwidth, we pay for servers - and beleive me it's not a couple of bucks. There is no other way - this is not a similar to running websites - our costs are much bigger in this case.

As for speed - it's only about your line and torrents you're using. Some torrents I download at 7-10Mb/s, some 200-300Kbs. If you have good connection to peers your speed will be incredible.

Switeck:

If you want to have total privacy and hide your data transfer from your ISP, you have THE ONLY WAY - encrypt your traffic. It can be done by using VPN (but you have to configure it and have VPN provider) or you can use SSH Tunnel encryption - which we make for you automaticly - this is the purpose of our software: you can get privacy at one click, we beleive it's good.

Have a nice weekend ;)

Link to comment
Share on other sites

torrentprivacy.com, why don't you then just offer

a) your own (propietary?) easy-to-use VPN client that peoples cna use to connect to your servers and then use utorrent or so

B) give users a normal VPN 'account', use OpenVPN for example... And if wanted do give some one-click stuff for newbies to use etc...

Tough all of that is pretty much useless if peoples needs to buy yet another doohickey for basically something that makes same thing way more complex than before etc...

Link to comment
Share on other sites

uTorrent can already encrypt its traffic, though it's usually not set to (by default.)

Encryption alone is not a solution.

uTorrent already has support for multiple proxy server types as well as authenticated login.

Adding 3rd party software for a specialized VPN is one thing, requiring us to run a 3rd party BitTorrent client to work at all...is a MUCH harder sell.

Basically, it'd be like BitComet staff coming here and saying we need to quit running uTorrent and run BitComet instead because it's better, trust us!

Link to comment
Share on other sites

  • 2 weeks later...
  • 1 month later...

Hey all. I just started using TorrentPrivacy.com and besides their customized version of uTorrent 1.7.5 it also works fine with 1.8.1 if you can figure out their "hidden" proxy settings. Their SSH tunnel is a socks5 proxy at 127.0.0.1:2222 using a renamed copy of the putty SSH client's command line version (plink.exe). They also use port 2222 for incoming connections and have somehow tweaked their customized uTorrent 1.7.5 to not show the red icon but the popup "listen error" is still displayed if you mouseover where the icon should be. Besides not allowing incoming connections uTorrent itself doesn't proxy DHT via UDP so you have to disable DHT if you don't want to shout your real IP to the world! I read elsewhere here that v1.9 is going to support UDP proxy on socks5 so DHT proxy should be working in a week or two <grin>. I also unchecked "Enable Local Peer Discovery" and "Enable Peer Exchange" as I still saw my real IP showing up in the peer list. In spite of the incoming connections port being blocked and no DHT and peer exchange I see speeds as good as or better than without the proxy on my 6mbps/385kbps line!

Link to comment
Share on other sites

Thanks RoadRanger, I will give this a try with uT 1.8 as soon as I'm able to. At the moment their tracker is down, so testing my visible IP through them is not an option at the moment. They had some outage for a period of time a few days ago as well (whether it be DNS or a full site outage, I wasn't able to connect to torrentprivacy.com).

This will be a big help as I'd prefer to not have a hard tether to their version of uTorrent. Not that I am worried of nefarious activity, I simply enjoy the freedom.

How exactly were you able to tell that your DHT packets were displaying your real IP address? I played with the Wireshark packet sniffer but I am not enough of an expert on packet technology to see this.

After using TorrentPrivacy for about three weeks or so, it appears to be one of those solutions that is a good idea and with good intentions, but it needs some maturity. I think they have a good concept, but if you use them right now, be prepared to roll with a few punches.

Link to comment
Share on other sites

  • 1 month later...

I read all posts in the tread but I could still not fully understand some things.

Even if all my TCP connections with the tracker and with other peers are SSH encrypted monitoring companies can still see what torrent I am seeding data from? Because they can see the IP list for the torrent? But they can't see what peers I'm connected to, however they can ask me for data and in case I send it they can record that transfer? This is the main difference with for example FTP connection where an SSL connection is enough to conceal all information, including file listings and file transfers and everything and be anonymous to practically all monitoring attemps? Basically the main problem with torrents is that monitoring companies can at any time ask me for a package, and then record it?

So I have to use a service like relakks.com or torrentprivacy.com? Does that also mean that all torrent data needs to go via their servers? Or can a direct connection to a peer still be arranged even if I'm using their anonymous IP?

Did anyone try relakks.com? As I understand it they offer a VPN connection. And as it practially works in windows there is no way to only have for example uTorrent connect to the internet via the vpn, and all other things like browsing etc go directly through my ISP? Or is it?

Can anyone explain exactly how torrentprivacy.com works? According to this purchase guide they provide a modified uTorrent client that automatically connect to the internet via their server. But if uTorrent is not open source how could they modify it?

What is this UDP isse? As I understand it DHT and Peer Exchange announce your IP via UDP, it can't use TCP?

Link to comment
Share on other sites

PE (Protocol Encryption) provides encryption for connections between peers. This includes the data transfers, PEX (Peer Exchange) and other communication (have, request, etc).

ISPs usually don't care about what you download, they just want to throttle you so they inspect packets looking for BitTorrent traffic. PE makes this more difficult.

PTB (mpaa, riaa, ifpi, fbi, etc) don't care about how much you download, they just want to catch you downloading something illegal. Their most popular technique is to pose as a peer and find the IPs of infringers that way. PE doesn't help here at all. (and FYI neither do blocklists or private trackers)

The IP you use is owned by your ISP. When the PTB find an offending IP they often email your ISP and your ISP can (and sometimes does) forward this to you. To actually sue you the PTB need to get your personal information from your ISP, your ISP is (depending on local law) not allowed to give this to any 3rd party (including the authorities) unless ordered by a judge.

A VPN service simply adds a link to the chain. The PTB know the 'anonymous' IP is owned by the VPN service, they'll email the VPN service which could then email it to your ISP (this almost never happens) who could then email it to you. To legally go after you they first need to get your IP from the VPN service (who is, depending on local law, only allowed to give it if ordered by a judge) and with your IP they know your ISP and they then have to go get your info from your ISP (bla bla local law, judge bla).

Having a VPN service might reduce the pesky emails but it doesn't protect you from the legal point of view. If the PTB decide to go after you it doesn't really matter if they need to go to the judge once or twice. The only reason they might not go through the trouble if you use a VPN service (as compared to no VPN service) is if the VPN service is hosted in a foreign country. Then they'd have to go to two different judges in two different countries with two different sets of laws.

In short with a foreign VPN you make it more work for them to go after you. They might decide to not do it and go after easier prey but it doesn't actually provide protection.

I hope this answers most of your questions.

Please note that using BitTorrent to infringe on copyright is illegal in pretty much any country (including Relakks' Sweden). Just because the Pirate Bay is getting away in Sweden with hosting .torrent files doesn't mean that you can get away with downloading/uploading using a Swedish VPN.

Link to comment
Share on other sites

A VPN service simply adds a link to the chain.

Yes, but if the relay / VPN service don't save a log all the PTB know is that ... bytes of file ... was dowloaded at at certain date and time by the torrentprivacy (for example) IP, and if they don't save any logs it's forever forgotten what end user IP that downloaded that content through the relay service. So in that case it's very anonymous in my opinion.

My other questions was how the torrentprivacy software works in detail. And I think the link I posted answered some of that, it even had comments from people who had tried the service. But I could not see a definitive answer for the question if the data is downloaded though the torrenprivacy service or if they are able to host a router of sorts that can establish a direct connection, kind of a private tracker if you can call it that. Is that possible? Or can I expect slow downloads from the Torrentprivacy service?

And how they can modify uTorrent if they don't have its source code?

Link to comment
Share on other sites

  • 4 months later...
The Peer Exchange extension is to the protocol, not the program

Was that an answer to the question "And how they can modify uTorrent if they don't have its source code?"? If so I'm afraid I don't understand what you mean? If you look at the picture of the Connection preferences in the AfterDawn.com article I posted in the post before the last one, they have removed half the settings, for example. So how can the modify the GUI and the program if they don't have the source code?

Link to comment
Share on other sites

As to VPN/Torrentprivacy. Those companies are basically ISPs. If they don't keep logs they'll have a problem when the police comes with a warrant for one of their IPs.

If they can't track down the guilty client then the might be held accountable themselves. Unless some local law protects them somehow. But they couldn't even throw in the 'wireless defense' because they are willingly selling access to their service and they are willingly not keeping logs.

But think of it... if not keeping logs was the solution to anonymity why aren't there any real ISP offering to not keep logs?

I'm all in favor of anonymity on the internet. But with that I mean anonymity from websites, corporations and other users. Not from the authorities. How would we fight childporn, terrorism, hacking, etc if everybody and their mom can hide from the authorities for just a few bucks a year.

The bullying of the common man through the abuse of ancient laws to try and uphold an outdated economic model is not a good reason to make the whole internet lawless.

Link to comment
Share on other sites

  • 3 weeks later...

The general concept of a paid (or unpaid in a similar configuration) VPN/proxy does work. A privacy service would either not log at all or log them bare minimum required by law (I think that only applies to websites and only for about 2 weeks but I'm not sure). Thus, even if they logged, by the time a warrant was obtained, it will be too late.

Even if the VPN company is held liable for their service, that means they take the legal heat and you, personally, don't and can go on to another service.

As for the basic encryption provided by BitTorrent, it's good to prevent passive monitoring, which some ISPs are likely employing now (see AT&T's deal with the RIAA) or in the near future. With active monitoring, there are other methods, such as heuristics to detect suspicious behavior and IP blocking.

Link to comment
Share on other sites

"Even if the VPN company is held liable for their service, that means they take the legal heat and you, personally, don't and can go on to another service."

Exactly. And no company with even the slightest knowledge of laws that apply to them would take such a risk. These companies aren't stupid.

So the actual security depends on the loopholes VPN services have found in the local laws that allow them to throw away logs (or not log at all) without becoming actionable themselves.

Sadly (anonimity from authorities is bad imho) these loopholes do seem to be present in some local laws. But you'd have to make an informed decision when picking a VPN service. An interesting read on such an apparent loophole:

http://torrentfreak.com/swedish-isps-obstruct-new-anti-piracy-legislation-090427/

The basic encryption BitTorrent provides is great because it makes the questionable practice of throttling by ISPs more difficult. I believe ISPs shouldn't oversell their capacity and then try solve the resulting problems by throttling users.

Link to comment
Share on other sites

  • 1 month later...

Ok Ive read through this entire thread and its been VERY helpful.

I have a question though, lets say 'a friend' of mine did receive a letter from their ISP stating politely to refrain from downloading , I dont know, lets say music for example.

This friend heard from someone else that encrypting Vuze would solve the problem but then he came here and found out that this isnt the case, encrypting only stops throttling correct ?

Would using Usenet instead of a Torrent be his best option to ensure he doesnt get another letter ??

Imagine this friend is a bit of a dummy and didnt know the real, tanglible, major differences between torrents, P2P programs such as Frostwire, and newsgroups, could you perhaps enlighten him ....and me :)

Link to comment
Share on other sites

  • 10 months later...

New question (I haven't seen this addressed in the discussion): is the initial Announce message to the tracker encrypted when I turn on encryption (in v2.0.1) or not?

Also, as I understand, other BT clients don't include your IP address in the Announce message to the tracker. Is there any chance we could also see uTorrent stop doing that? If others can do without it, it should be OK from a protocol POV, right?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...