Can I just use Socks5 with uTorrent and not install VPN?

DaleDietrichDaleDietrich
edited June 2016 in P2P Support

Hello:

If a user does not want all their Internet traffic fed through PIA can they use Socks5 alone and accomplish torrenting invisibility using Socks5 without the VPN client. For example, the user may want to use Google maps or other local services that the PIA VPN would interfere with. And, of course, they might not want the additional needless overhead of a VPN running 24/7 or having to turn it on and off constantly.

It's my understanding that a user can do this using the Socks5 Proxy as discussed in this thread:

https://www.privateinternetaccess.com/forum/index.php?p=/discussion/434/utorrent-install-instructions-for-proxy-proxychecker/p1

Thanks.

Comments

  • DaleDietrichDaleDietrich
    edited June 2016
    I figured out that to do this you need to separately generate a separate Socks5 userid and password on the PIA control panel (in your account page on the web). Use those credentials in the uTorrent Proxy Server settngs and otherwise follow the cryptic instructions in the link above and everything works fine (being sure to select an IP address from the list that is actually present in Amsterdam). 

    Once done the user can see if the proxy is working and showing their IP address as coming from Amsterdam with this handy dandy trick:

  • OmniNegroOmniNegro
    To be honest I am just skimming topics. I did not really read all the text here, so please disregard this if you already covered it and I just missed it.

    You should always use the proxy WITH the VPN. The VPN can be used safely without the proxy, but the proxy cannot be used safely without the VPN. And you really need to make sure all applications you care about are actually forced to use the VPN connection only. If you fail this, you will have a very bad experience.

    The proxy offers and supports zero encryption, so you will be fully exposed unless you use the VPN. Nonetheless, the choice is yours. Choose wisely.
  • DaleDietrichDaleDietrich
    edited June 2016
    OmniNegro said:
    To be honest I am just skimming topics. I did not really read all the text here, so please disregard this if you already covered it and I just missed it.

    You should always use the proxy WITH the VPN. The VPN can be used safely without the proxy, but the proxy cannot be used safely without the VPN. And you really need to make sure all applications you care about are actually forced to use the VPN connection only. If you fail this, you will have a very bad experience.

    The proxy offers and supports zero encryption, so you will be fully exposed unless you use the VPN. Nonetheless, the choice is yours. Choose wisely.
    I don't understand this. Here is what I understand:

    1. If uTorrent user configures their connection settings to use Socks5, uTorrent has a proxy connection to the PIA server that was specified in the Socks5 settings. 
    2. Say a user in the U.S. specifies a Socks5 IP address in Amsterdam
    3. Assume that users has confirmed that with the torrent IP address checker mentioned above
    4. From Big Content's perspective, isn't that uTorrent user seen to be in Amsterdam at that IP address - and not their actual IP address in the U.S.?
    5. PIA keeps no logs of what their users are doing. 
    6. If PIA was served with some demand letter, they couldn't pass it on to any given user because even PIA doesn't know what a user did with their torrenting
    7. If at any time the Socks5 connection goes down, uTorrent instantly ceases all seeding and leaching activities - so there is no accidental leakage of IP address in that way.

    Is the above not all true? Is there some other way a torrenter's IP address can 'leak' in a way that is visible to big content or the torrentor's local ISP? I'm not aware of any.

    So, exactly how is the user 'fully exposed'? To whom? how? 

    I gather that the ISP could, if it chose, see that the user is torrenting, but I don't believe they proactively investigate torrenting without some big-content serving them with a notice. And can the ISP peer into the bittorrent traffic, on their own volition, to see what is being sent/received?

    Thanks.
  • OmniNegroOmniNegro
    Torrent clients use what is called RC4 as the single encryption method. Since you are using the proxy only, this is the single encryption obstacle to overcome to fully uncover what your IP is based on the information your torrent client provides.

    https://en.wikipedia.org/wiki/RC4
    https://en.wikipedia.org/wiki/BitTorrent_protocol_encryption

    It has been noted that at current, most of the time brute forcing a RC4 cipher takes a few minutes. And after it has been, the copyright trolls have your information.

    Who would do this? Many groups. Media trolls and content sellers have both the means and a good reason to do this if you are ever downloading something they have an interest in. Intelligence agencies do as well. (It provides information that can be used to exploit and/or coerce your cooperation with whatever they need.) And many other groups may want to do this because it is simple enough to do and achievable without a supercomputer.

    PIA made no false claims when they said they log nothing. But the torrent clients provide plenty of information just to maintain a connection. Not all of it is going to directly reveal your IP, but knowing you are on what particular OS, and then a few simple packets to test what services you have running at the time can reveal who you are.

    I suspect your ISP is the last likely attacker. But there are plenty of scammers who will go to great lengths to find information allowing them to threaten you.
  • DaleDietrichDaleDietrich
    edited June 2016
    Thanks OmniNegro but I still don't get it. 

    Setting aside the NSA etc. that a typical law-biding person wouldn't need to be worried about, who is going to be able to use WHAT to uncover an IP? Under the above scenario a user's IP is/will always be the PIA IP. That is what is shown in the swarm. How do they go from the PIA IP to determining a user's IP.  If they packet sniff the IP aren't they packet sniffing PIA's Socks5 servers? And, how exactly would the big content guys get from that to seeing what torrenting is going on. Presumably there are any number (dozens/hundreds/thousands) of PIA users all using the same IP.

    So, for example, in the Canadian Teksavvy case, the Hurt Locker owners discovered the users IPs because they were in the clear in the swarm? How would they go from a PIA IP to isolating the users actual IP. I still don't get that.

    In this thread two vague issues with Socks5 connections (other than the ISP seeing your traffic) are mentioned:

    1. [deleted] says "Most clients don't work well, and they leak IP addresses". But I've found nothing on the internet (yet) so suggest uTorrent doesn't work well with Socks5 of that uTorrent leaks addresses; and

    2. pmcadon1 says: "The problem is sometimes your computer won't be able to connect to that proxy and then it jus uses your standard connection and IP address". But, again, I thought uTorrent was architected to stop all traffic the second the Socks5 proxy goes down.

    You also discuss Socks5's low level of encryption. But, again, it's not a question of encryption. Who even needs encryption. All that is shown to the swarm is the PIA IP. Knowing PIA's IP wouldn't permit anyone other than my ISP to be able to sniff my traffic would it? If the ISP isn't sniffing, I don't see how any third party can see/access/scan/sniff a user's content stream other than the ISP.

    Yes, an ISP may be able to inspect a torrent stream (encrypted poorly or not at all), but they have no incentive too unless given a notice by big content and big content won't be able to get them the notice without the user's IP.

    Articles like this one:


    and this one:


    seem to imply that using a proxy is pretty much just as safe as a VPN.

    But to answer your question directly, I can think of three reasons why a user may not want to use a VPN when they have a Socks5 connection:

    1. Extra overhead on their PC - yet another process running in the background.
    2. Inability to use local services like Google Maps, Weather apps, Uber, and any other Internet service that uses your IP to locate you and provide you with local services.
    3. Degradation in speed. Correct me if I'm wrong, but if you use a VPN, doesn't EVERYTHING your computer EVER uploads and downloads have to transit VIA the VPN. Wouldn't that slow down your interent surfing and everything else you are doing substantially?

    Again, sorry if these all sound like newb questions/issues. I'm new to this and trying to understand it.

    Thanks.
  • OmniNegroOmniNegro
    Allow me to present a simplified explanation. Lets say there are 100 users connected to the proxy. (I have no idea if this is too small a number or not.) If 50 of them are using Linux and you use Windows, then the details in the decrypted connection using the proxy can be reduced to 50 possible connections. From here, the number can be further reduced if for instance half the users use a different torrent client. That leaves 25 possible connections. Then a different version of the same client again reduces the possible connections. And in fact, the different settings even in the same version of the client will each reduce the possible matching connections until but one remains. (Things like if encryption is forced, or merely preferred, and in the shameful option of disabling encryption altogether that some use.)

    I could list hundreds of things that can differentiate a single client here. But it is easy to look through the options and see that reducing or increasing the number of half open connections would be detectable if one had a system setup to attempt connections until they were refused. And speed itself can help determine what ISP you use. For instance, if you can manage speeds that are pretty fast, then it greatly cuts down the number of ISPs you could be using. Your ping time from three different locations can tell where you are within a very small region, even if using the proxy. And that last part cannot be stopped from happening in a number of ways even if you have your system set to disallow ICMP pings.

    So in short, what do you think your ISP would do if they were contacted with a legal threat by a media troll to either give up what users they had connecting via for instance a Windows 7 x64 PC via qBittorrent on port 12345 at 3:16PM on a particular day? They may not have the information, but they would surely hand it over if they did. This is why the VPN is so beneficial. They would not know any of that information if you use the VPN, and all is plain to see if you only use the proxy.

    Now on to the rest of your post. First of all. The proxy does *NOT* support or allow any form of encryption. Period. The torrent clients can use RC4 themselves, but if they are not told to always do this, they do not. And the encryption is 40 bits strong. It really does take a typical system a few minutes to break so weak encryption by brute force guesses.

    Second, the VPN can and does slow things down, and some things will not work. I cannot and would not dare to contest this. But the proxy imperfect as it is, is entirely useless when it goes down. And the VPN stops all traffic both ways when it fails, whereas the proxy failing depends entirely on your torrent client being configured to cut all traffic when the proxy fails. I honestly cannot say I know how reliable it is. It may work equally well, but frankly I doubt it.

    I am sure I am missing one or even several issues in this. Please do not hesitate to keep asking until I give satisfactory answers. I am glad to help.
  • DaleDietrichDaleDietrich
    edited June 2016
    OK, so I'm now kinda getting where you are coming from.  In summary, you are pointing out that there are a number of ways for the content owners to ascertain telemetric info on the user. And, it seems, you indicate there are ways to ascertain with some degree of accuracy what ISP the user is using.  Then you go on to say the ISP could be contacted with all this information and the ISP may be able to give over the info based on those telemetrics.

    I also understand (and understood) that without the VPN there is no practical encryption. I get that and really don't think it matters (except for direct sniffing by your ISP).

    Back to your main points, there are a LOT of ifs in there. 

    Firstly, it seems to me they have no way of identifying with certainty who the ISP is. On that basis alone, a court would probably throw it out.

    Secondly, I know of no big-content vs bittorent user were a copyright infringement notice was given based on telemetric data. It's always been (as far as I know) X IP address on your specific network was in a swarm - give us their name.  If this is not true to your knowlege please site an example where telemetric data was used.

    Thirdly, I've read many places that uTorrent stops the second Socks5 stops. I've not read anywhere that the modern uTorrent client will (or even can) function if the Socks5 proxy dies.

    What I'm hearing is a theroretical risk vs one that has actually happened. The one's I read about that actually transpired (ie: socks5 clients getting notices) are all usually explained by the user forgetting to turn it on after having turned it off or the content owner and ISP were the same (ie: Comcast) giving the content owner visibility into the users online activity.

    All that said, I do concede that for most using the VPN with the proxy is probably a good practice if they don't care about the 3 issues I identify above.

  • OmniNegroOmniNegro
    Sounds like you have it all figured out. I tend to be somewhat cautious. So to me, a theoretical risk is seen as a known risk. (Think of the Heartbleed bug last year. It would have been "theoretical" for years until someone proved it actually worked.) If you do not see it as such, that is your choice. I do not have any evidence of this stuff actually being done. But I do believe this is only a matter of time.

    As said, I cannot speak of utorrent. My torrent client is qBittorrent, and I never use the proxy anyway simply because qBittorrent can be bound to the specific interface used by the VPN, so even if the VPN dies, all traffic dies with it.

    But I should point out that a court need not be contacted to get your details. As I explained in my example above, a group with the right information needs only to threaten legal action against for example your ISP and the odds are your ISP will try to give them what they have. With most people it is a part of your contract with your ISP that they can collect, and share information on your activity over their network. And if they contact the wrong ISP, it still cost them nothing to threaten them.

    Please do not hesitate if you have any further questions.
  • wolfspiritwolfspirit
    edited June 2016
    It's refreshing to see an actual civilized discussion with 2 people disagreeing but respecting each other's perspective on a topic of interest. Very informative post. Thanks!
Sign In or Register to comment.