Managing your Privacy Online: BitTorrent DownloadsBy
BitTorrent users are increasingly finding themselves under the watching eye of anti-piracy agencies and ISPs trying to detect copyright infringement or curtail bandwidth hogging, often employing questionable tactics in the process. The fact is, whether you're doing anything illegal or not, the open nature of this peer-to-peer file sharing protocol means that anyone with the right tools and knowledge can dig into stuff like your home IP address or your download history.
Although we don't support piracy, we are not fond of media giants getting a hand from governments to legally tap on users' online activities either. It's our belief that draconian DRM restrictions and other related nuisances is what's affecting the industry in the first place, but that's another story.
If you're concerned about being monitored, it pays off to learn a few tricks and increase your privacy when downloading using the BitTorrent protocol.
There are some free and pretty straightforward solutions available, as well as some paid services that promise to safeguard your data from snoops, thieves, and other unauthorized parties. None of the tips below can guarantee complete and utter anonymity, that's for sure, but adding a few layers of protection will certainly help.
Avoid going through a central tracker
Since most of the traffic snooping technology available today uses BitTorrent trackers to gather data, it's a good idea to avoid going through a central tracker and rely on DHT and PEX instead. These features are enabled by default in clients such as uTorrent and Vuze, and millions of people are already using them without knowing. To make sure you are too, when opening a .torrent file with your favorite client you'll have to remove the trackers before starting the download.
In uTorrent you can do this by clicking the advanced button in the 'Add New Torrent' dialog box after opening a torrent file. Here you'll see a text box with the list of trackers plus your bandwidth settings and some other info. Clear everything on the text box and make sure that DHT, Peer Exchange and Local Peer Discovery under 'Other settings' are checked.
DHT and PEX allow BitTorrent users to get all the information they need from the swarm without affecting performance. As explained by TorrentFreak, DHT's function is to find peers who are downloading the same files, but without communicating with a central BitTorrent tracker such as Demonoid.com or the like, while PEX (or Peer Exchange) leverages the knowledge of peers you are connected to, by asking them for the addresses of peers they are connected to. Keep in mind that while monitoring DHT and PEX is harder than using the BitTorrent trackers, it certainly isn't impossible.
Use an IP-blocking application
When you download something using BitTorrent, you're connected to several peers who are distributing pieces of said file, exchanging IP addresses in order to send data back and forth. Knowing this, anti-piracy organizations will often join in the download and log your information to contact your ISP later on if they believe any wrongdoing has occurred.
PeerBlock uses a constantly updated blacklist of IP addresses known to track your activity, including advertising, spyware, education, and anti-P2P organizations. The program is based on Peer Guardian 2 and maintains the same functionality as the original application, but it also includes fixes for various issues in the latest version of PG2.
After installing it, you'll have to go through a setup wizard to select what type of blacklists to download and block, and how frequently you want to update them. While any decent firewall program will let you block hosts one by one, PeerBlock does a huge amount of the work for you by providing several frequently updated lists of these addresses.
Add a middleman
One way to protect yourself while using a peer-to-peer protocol like BitTorrent is by setting up a proxy. In a nutshell, what this means is that there will be a middle-person (or server) between you and the Internet. That way you'll hand off requests only to the proxy server, which in turn will handle the requests and fetch the results for you. Users connected to the swarm will see the proxy's IP address instead of your home IP address.
To set up a proxy in uTorrent go to Options -> Preferences, click on Connection in the sidebar, and fill the necessary information under the Proxy Server section. There are a number of free proxy servers out there, including one we recently mentioned called The Onion Router network (Tor). Using Tor for BitTorrent is a big no-no however -- it's too slow and the operators of the network advise against it because they simply can't handle the load.
If you've found a proxy server that offers decent speeds, and you aren't intimidated by a few advanced configurations, you might want to look into encrypting your traffic over SSH -- here's a pretty straightforward guide on the topic. This basically provides an extra layer of security to prevent traffic sniffers from seeing what you're doing online. Additionally, if you are willing to part with a few dollars per month, there are other solutions made specifically for BitTorrent use.
One of them is BTGuard, a subscription service that promises anonymous BitTorrent connections and speeds almost equal to an unsecured connection. The $7/mo. service supports 256-bit AES encryption via an SSH tunnel and is fairly easy to setup. Simply download and run the installer, then configure your BitTorrent client to route traffic through their servers in Canada. BTGuard can reportedly bypass your ISP's bandwidth throttling as well.
Last but not least, another paid solution -- and my preferred one at that -- is to go for a VPN service. These services offer an (often encrypted) tunnel between your home connection and an external server, usually exchanging your IP address for one in another country. Unlike BTGuard a VPN will secure your entire connection, not just BitTorrent downloads, and besides helping you avoid being tracked by anti-piracy groups it will also let you access any service that may be blocked because of geographic restrictions (Hulu, Spotify, Pandora, Netflix, BBC's iPlayer, and the list goes on).
The Pirate Bay folks launched such a service under the IPREDator moniker last year after Sweden passed the European Union's IPRED legislation, which allows privately held companies to request information about individuals' Internet activity. IPREDator's premise is that they don't log any activity, thus there is nothing to hand out should authorities come knocking. Like them there's also another service called HideMyNet, which offers access to servers in six different countries (Canada, Germany, Netherlands, China, UK and US) for a monthly flat rate of $5.
There is some configuration involved but nothing too complicated to turn you away from signing up. Usually you'll have to download the OpenVPN client, add the server information, and login using the provided username and password.
If you're serious about protecting your privacy then going for either a proxy or VPN is probably the best option. Each has its benefits and drawbacks. For instance, a VPN will usually be faster than a proxy and offer traffic encryption by default, but losing your VPN connection can leave your IP address exposed to third parties. This last scenario can be somewhat of a concern if it happens while you are away from your computer and, say, you are downloading copyrighted material.
Infringement issues aside, nobody likes to be spied on. Adopting one or more of the solutions mentioned above will improve your chances of staying anonymous online and can go a long way to give you some additional peace of mind.
"Managing your privacy online" is a three-piece series delivered weekly, in which we will have a look at different popular Web services to give you pointers on how to safely navigate through them.
Read Part 1: Managing Your Privacy Online: Facebook
Read Part 2: Managing Your Privacy Online: Search Engines