Torrent Privacy for dummies (like me!) in the UK:

Just thought I'd post here as when I was searching for info regarding this I landed here - so I imagine lots of others will do the same.

I'll try and summarise the problem and how to solve it (also in as non-tech terms as possible) because people who are tech-illiterate deserve privacy as much as anyone!

I am also fully aware that many of the regulars' here probably know more about the technical aspect than me, and that this info is to be found in various posts on this fourm - this is supposed to be an all in one solution for the dummies!

My motivation for this is because I believe privacy is important - especially in the UK since the recent ACS:LAW data leak meant lots of unsuspecting taxpaying citizens received a nasty surprise when their details were pasted all over the internet!

More info here: http://en.wikipedia.org/wiki/ACS:Law#Data_leak_and_investigation_by_the_Information_Commissioner

Problem 1:

You can't control who sees your IP address when downloading a torrent (just click the "Peers" tab from an active torrent and you'll see what I mean!

Solution 1:

Proxy/VPN - this way the list of peers currently downloading see the proxy server IP address and not yours. There are many pay services that offer this - just google them.

Problem 2:

So you use utorrent to connect to a proxy? utorrent should point at your local IP address (127.0.0.1) and the port of your VPN program.

The VPN then connects to the proxy. Problem is the VPN connection drops now and then and utorrent continues to download exposing your real IP address to anyone connected to the swarm.

Solution 2:

You can use Windows firewall to solve the problem. Your aim will be to allow utorrent to connect to your local machine, but not access the outside world. Your VPN is on your local machine and it's the thing that accesses the outside world!

Steps to perform: Win7 home premium (I imagine vista and other versions of win7 would require a similar process, but can't confirm).

1. Open "windows firewall with advanced security"

2. Click Inbound Rules - there should be two existing rules for utorrent

3. Right click on the rules > Properties > General Tab > Choose to Block the connection (do this for both the rules) Currently utorrent shouldn't be able to do anything!

4. Click "New Rule" (the type of rule should be "Program")

5. Click "Next"

6. Browse for the utorrent .exe file and double click it (this should populate the program path field

7. Click "Next"

8. Choose the "Block the connection"

9. Leave the boxes checked to the "When does the rule apply question" (because you want it to apply all the time!)

10. Give the rule a useful and descriptive name (something like BLOCK UTORRENT)

11. Fill in the description (something like "This rule blocks utorrent from accessing the internet unless it is connected via remote access (VPN)

12. The rule will now be created, right click on it > Properties > Advanced tab and under the "Interface types" section click "Customize"

13. Click "These interface types"

14. Check "Local area network" and "Wireless" ensure "Remote access" is UNCHECKED

15. Click OK > OK

The rule will Block the program from receiving INBOUND communication using your wireless and Local area network connections! Only allowing the program to use Remote Access (i.e. VPN)

15. Click Outbound Rules

16. Return to Step 4 and repeat for outbound rules

The most important thing is to test if its working: simply connect your VPN and begin to download a torrent, once its downloading, disconnect your VPN, if the list of peers disappears, and the torrent stops downloading it's working!

Please note: I'm assuming that you're using a VPN and proxy for your torrent because you wish to prevent nefarious people knowing your IP address? If so, conventional wisdom implies that your utorrent settings should be as follows:

TO BE ANONYMOUS YOU MUST NOT CHECK: Enable UPnP port mapping, Enable NAP-PMP port mapping, Add Windows Firewall Exceptions, Enable DHT Network, Enable DHT for new torrents, Enable Local Peer Discovery, Enable UDP tracker support, Enable Peer Exchange

Hope this makes sense.

I believe that privacy is important therefore please feel free to post corrections

You don't need to disable peer exchange, DHT or UDP trackers.

Probably should disable Resolve IPs just to lower the load on the VPN or proxy.

You don't need to disable peer exchange, DHT or UDP trackers.

Thanks for the info Firon - regarding your comment on DHT, It was implied that DHT needed to be disabled to maintain traffic anonymity from ISP's and peers in this post from Switeck: http://forum.utorrent.com/viewtopic.php?id=58714

Perhaps I have my wires crossed - can you elaborate?

Just thought I'd post here as when I was searching for info regarding this I landed here - so I imagine lots of others will do the same.

..

TO BE ANONYMOUS YOU MUST NOT CHECK: Enable UPnP port mapping, Enable NAP-PMP port mapping, Add Windows Firewall Exceptions, Enable DHT Network, Enable DHT for new torrents, Enable Local Peer Discovery, Enable UDP tracker support, Enable Peer Exchange

Hope this makes sense.

I believe that privacy is important therefore please feel free to post corrections

The steps killed my WebUI connection via local or remote

Any help?

Thanks for the info Firon - regarding your comment on DHT, It was implied that DHT needed to be disabled to maintain traffic anonymity from ISP's and peers in this post from Switeck: http://forum.utorrent.com/viewtopic.php?id=58714

DHT uses UDP. *ONLY* the most recent versions of uTorrent (v2.2 and later) can send UDP traffic through a proxy. The earlier ones would send all the UDP traffic out through the "regular" connection, IN THE CLEAR.

Secondly, ONLY a few proxies will support UDP traffic.

Avatar78x: Given that DHT is fine to be left on with either proxies or PPTP VPNs, the solution for windows firewall you posted doesn't stop DHT from running when the VPN disconnects. (You can test it). Do you have a solution which does work with DHT?

Ps. Can a VPN be used at the same time on two computers which use the same Internet connection/router?

Maybe you can only do it with comodo firewall...

TO BE ANONYMOUS YOU MUST NOT CHECK: Enable UPnP port mapping, Enable NAP-PMP port mapping

Please explain why disabling these will increase your anonymity?

It wouldn't.

iirc uT will pass its known IP in communications to other peers. It can get it from the update server. UPnP can also retrieve the routers Internet IP, dunno if it would get passed along from that. If you don't have whatever VPN crap running at the time uT is started then maybe..

µTorrent can figure out its IP just fine without UPnP.

The only thing disabling UPnP does is that it prevents µTorrent from opening ports without your knowledge. If for whatever reason you deliberately want it to be firewalled, then this would work around that goal... but I'd still hardly consider that relevant to anonymity.

I should have my firewall set up properly to stop torrent running when the VPN is d/ced. IPV6 is off.

However a few bytes or even a couple of kb sometimes appears in the Utorrent total downloaded/uploaded. Where are these packets going?

Edit: it seems exactly 134 bytes are uploaded every time I start utorrent even thought he firewall has it blocked?

I use UPnP (actually NAT-PMP) to just open the ports while utorrent is running (which it's very good at) but I agree, it doesn't help anonymity. The alternative is either to open and close the ports manually (which is a b*ll-ache) each time or keep them open all the time (which is more of a security hole).

My thanks to the original poster. Very useful.

I should have my firewall set up properly to stop torrent running when the VPN is d/ced. IPV6 is off.

However a few bytes or even a couple of kb sometimes appears in the Utorrent total downloaded/uploaded. Where are these packets going?

Edit: it seems exactly 134 bytes are uploaded every time I start utorrent even thought he firewall has it blocked?

Regarding a few kb's that appear, I noticed this as well, but I checked my port activity and could not see any leakage from the VPN. Having given it some thought I assume that uTorrent is pushing and pulling data from the cache.

In terms of the 134 bytes I am assuming that when you launch uTorrent it trys to connect to the network, which is represented by this 134 bytes, but is blocked by the firewall; it takes pushing 134 bytes by uTorrent for the application to realise that it is being blocked from the network.

Just to be clear these are assumptions on my part, based on seeing what you also saw in uTorrent, but not being able to detect any VPN leakage. You would need the development team to confirm or refute my assumption.

I have adapted avatar78x approach to work with OpenVPN.

Windows will classify OpenVPN connection as a Public network. This cannot be changed, the configuration on the network categorisation is locked. We can setup a firewall rule to restrict uTorrent to Public networks, so this is only effective if you do not use public networks, and therefore OpenVPN will be the only network defined as 'Public'

Follow Steps 1 to 11 of the original posters guide

12 - The rule will now be created, right click on it > Properties > Advanced tab - under profiles uncheck public. (other options Domain and Private leave checked)

13 - Click OK

Repeat for both inbound and outbound

Please remember this will only be effective if OpenVPN is the only Public network in use, which should be the case in the home. However if you are connecting to public networks from a laptop, you should not use this method.

Appreciate corrections :-)

With regards to the discussion on disabling the port mapping: This was primarily to ensure utorrent will use the port you specify.

Less important for anonymity, but more for control/security - which I believe are concepts that are closely related.

I would really like some help. I did the avatar78x fix and something has gone wrong. Now uTorrent 2.2.1 will only allow 1 active download at a time and will not allow any completed downloads to seed.

I am one of the tech-illiterate and I was just trying to take measures to protect myself. I have successfully been using uTorrent for about 1 year. I don't have any idea how to fix this change I have made.

I regularly use dsl through a phone line and modem at home, not a wireless router and also download sometimes at wifi public spots.

Can anyone help me to reverse the changes I made to Windows Firewall with Advanced Security. Thanks.

J

You can use Windows firewall to solve the problem. Your aim will be to allow utorrent to connect to your local machine, but not access the outside world. Your VPN is on your local machine and it's the thing that accesses the outside world!

Hello,

I am on Windows 7 Home ed and my VPN Proxy server is a German one called " Your Freedom". I have been using U Torrent for a long time.

I have followed your steps to allow Utorrent to connect to my local machine, but not access the outside world. When I tested, however, by disconnecting the VPN, the list of peers does not disappear!

Also, I was going to test another filesharing software, called Bit Spirit and possibly create the same Firewall rules you laid out for U Torrent. I downloaded it and I tried to use the very same guidelines . Here I got to a dead end, because Bit Spirit, unlike UTorrents is not even listed among the apps in the "Windows Firewall with advanced Security" console ( inbound and outbound rules).

How can I have another app like Bit Spirit listed in the Windows Firewall with Advanced Security Console in order to create those security rules you proposed for U Torrent?

Thank you

Ittiandro

Montreal, Canada

Vpn is the best choice if you are regular user for torrent sites. I have seen some content or pages are only prohibited to regional user only they can access it but by using VPN uk, I am able to access all the pages present in torrent database. That’s pretty awesome thing about vpn services.