Security & privacy issues using bittorrent through proxies

Discussion in 'other security issues & news' started by phkhgh, Feb 9, 2011.

Thread Status:
Not open for further replies.
  1. phkhgh

    phkhgh Registered Member

    Aug 17, 2007
    Edit (after post below):
    I'm dealing with uTorrent, but same questions are valid w/ any bittorrent client. My questions are about privacy & resulting potential attacks by revealing your real IP address to trackers or peers via bittorrent. Not so concerned that my address is revealed, but what can happen once it's revealed.

    Just did more uTorrent 2.2 tests - both w/ & w/o using a proxy (or having proxy settings enabled in UT). I'll summarize my findings & puzzlement, & you can read on.

    1) In Basic BitTorrent Features (in regular mode - NO proxy),
    I UN checked-
    - Enable DHT network
    - Enable DHT for new torrents
    - Enable UDP tracker support

    Torrent downloads fine w/o DHT or UDP. Has Availability of 46.

    2) Switch uTorrent to use proxy - HTTP
    - REcheck the 3 features above in Basic Features - click Apply.
    Then in Proxy settings ("Connections" in uTorrent):
    - "use proxy for hostname lookups" is checked
    - "use proxy for peer - peer connections" is checked - (both by default, when use a proxy).
    - ALL 3 boxes under Proxy Privacy are UNchecked (see below).

    - del torrent & file from above. Close & restart uTorrent. Start new d/l of same torrent w/ proxy settings above.
    --> Result: D/L Speed same thru proxy as w/o. Availability is = or better than when not using proxy. Number of trackers & seeds about same as w/o the proxy.

    3) Keep all proxy settings as in # 2. Now also CHECK only "Disable connections unsupported by proxy."
    Result: Availability drops way down, d/l speed drops way down.
    But remember, in NON proxy mode, didn't UNchecking DHT & UDP do basically the same (as help file excerpt below says) that using the proxy & checking "Disable connections unsupported by proxy" would do? Why the big diff in availability & d/l speed then?

    4) Keep all proxy settings same, except UNcheck the "Disable connections unsupported by proxy," AND then check other 2 options under Proxy Privacy.
    Result: Speed is maxed out the same as using no proxy. Trackers & seeds are about same as w/ no proxy (& settings used above).

    So, the fly in the ointment is the proxy privacy setting, "Disable connections unsupported by the proxy." But seems like most of what that supposedly disables is ALSO what I disabled in Basic Features in # 1 above, when NOT using a proxy? Yes? Anyone know the answer? I just know it makes a huge diff in availability & d/l speed.
    Original Post:

    I've read quite a few articles here & elsewhere on privacy & potential attacks (from lack of privacy) using bittorrent, in general. The suggestions are ALL over the map. "Check this setting." "No, don't check that (same) setting." I could spend a month reading & still wouldn't have any definitive answers. Some proxy docs say there's no way to make P2P through a proxy safe from potential attacks (or private).

    Not disclosing your IP address is one thing; potential attacks because it's disclosed, is another. I must say the uTorrent 2.2 help file isn't very informative about the settings below. Is there any authoritative source that discusses these privacy / security issues of using bittorrent clients in detail but still layman's terms?

    But, I'll ask about these anyway. Generally, have no speed problems (depending on what proxy settings are checked / unchecked). Speed & privacy / safety are different issues.

    Under CONNECTION tab, I use HTTP for proxy type. Under that, there are 2 settings I'm curious how they affect privacy / security:
    1. Use Proxy for hostname lookups (DNS) (my proxy does handle DNS requests)

    2. Use Proxy for peer - peer connections

    Having these 2 checked doesn't affect my speed. What about privacy/ security?

    Also under CONNECTION, > Proxy Privacy;
    1. Disable all local DNS lookups. Help file says, "will disable reverse DNS and prevent hostname lookups from bypassing the proxy." How does that affect privacy / security, if at all?

    2. Disable features that leak identifying information. Help file says, "will prevent µTorrent from sharing your non-proxied IP through handshakes with other peers, as well as through DHT."

    3. Disable connections unsupported by the proxy. Help file says, "For HTTP, HTTPS and SOCKS4 proxies, this will disable all UDP-based communication (DHT, uTP, UDP trackers, IPv6)." I would interpret that as, since I have "HTTP" selected as proxy type, and IF check # 3, DHT, uTP / UDP trackers will not be allowed.

    But, the DHT & UDP settings are also under the BitTorrent tab. If they were checked under BitTorrent tab, would checking # 3 under Proxy Privacy over ride settings under BitTorrent?

    There doesn't seem to be any authoritative consensus on implications of checking / unchecking many of these. There's a LOT of potential combinations. NOTE: WHEN I CHECK ALL 3 OPTIONS UNDER PROXY PRIVACY, the # of trackers / peers & "Availability" fall to practically nothing - thus, speed drops to a crawl.

    However, under BitTorrent tab, Forcing outgoing encryption & not allowing incoming legacy don't affect speed much. So, the proxy privacy settings are the big speed (& privacy/security) issues.

  2. katio

    katio Guest

    Besides unchecking DHT, UDP did you also disable uTP?
    UDP traffic (and by that uTP) can traverse NAT and closed ports more easily, if you are behind a proxy your port is certainly closed.

    Privacy is pretty obvious, though against whom? HTTP is plaintext so your ISP for example could do DPI, but other peers won't see your IP (I think that's all you are after).
    But you also keep mentioning "security" and "safety", what do you mean by that?
    What kind of attacks, what threat model do you have in mind?
  3. phkhgh

    phkhgh Registered Member

    Aug 17, 2007
    Katio, By "did you disable uTP," you must be talking about when NOT using proxy, & the setting in BitTorrent tab - basic features. Setting for "Enable bandwidth management [uTP]"
    No, when NOT using a proxy, I didn't disable that one.

    AFAIK, when USING a proxy, the only setting relating to uTP (in uTorrent -proxy settings ) is one below. Says for HTTP... proxies, will disable ...uTP..., but also several others. Disabling that setting is the one that seems to drastically reduce tracker, seeds, availability & speed. Disabling all those in non-proxy mode (except didn't disable uTP in a test, yet), doesn't affect speed, trackers, seeds at all.

    Re: potential attacks. I'm not an expert on different methods of attacks - under any circumstance. But, there are many web sites, articles warning of * possible * issues from a dozen or more trackers & seeds. If Firefox warns you because you're about to access a page that may be dangerous, unless you d/l something from the page, all you're giving the page is your IP address. Maybe referrer's address, if don't have that disabled.

    Edit: Also found this on Wikipedia:
    With d/l torrents, you're connected to many others that you know nothing about & nothing is checking / telling you "this IP / URL may be dangerous." What's the entire list of bad things they could do, one have your IP or are connected to you? Don't know. Others could probably answer better. But, from what I've read, it's not w/o risk. Not that I'm using Tor, but they have some of best info on proxies around. If I could find similar docs from other proxies, I'd link that.

    Aside from all that, most use a proxy for a few reasons. Anonymity - from gov'ts, ISPs, etc. Security - not connecting w/ their real IP address; other reasons I'm not sure about. Illegal activity.

    Besides issues raised about proxies & bittorrent, I'll learn more about security issues concerning same type of connections / communication when not using bittorrent. Many of them are common to different types of internet communication.
    Last edited: Feb 10, 2011
  4. katio

    katio Guest

    Yes, that's exactly what I meant. You need to test this to rule out uTP as the core problem of your speed and connectivity loss. Also, don't forward any ports when you test uTorrent without the proxy.

    There are three things we need to discern:
    1) Downloading illegal/copyrighted content. I won't go into that because it's well, illegal. I'll just say that the way this usually works is that an anti-piracy firm collects IPs from swarms and an http proxy would make that more difficult.
    2) goverment, ISP etc snooping
    They have the capability to do DPI. Since http is plaintext no matter how you configure the proxy they can see _everything_. A "real" VPN makes this more difficult. (Note my wording again, if they really want to they can still get the data)
    3) hackers, crackers, script kiddies
    There is the idea floating around that by revealing your true IP in a torrent swarm (or countless other means) you make yourself vulnerable to an attack. This is a urban legend, a myth:
    You need to keep an eye on IPv6 which is enabled by default in recent Windows (using Teredo) and used by uTorrent. Just disable it, or in your case proxying does take care of it anyway.
    Don't confuse this with the Firefox warning, this is about using a vulnerable client (Firefox) to access untrusted code (a malicious website). In the context of Torrents a possible scenario would be:
    You use a vulneable Torrent client to connect to a malicious tracker or peer. A VPN/tunnel wouldn't protect you because it will route all the malicious packets to you. Keep your client updated and you'll be fine. There are far less exploits in torrent clients than in web browsers.

    Please correct me if I'm wrong but I believe the issues described in the Tor blog post are fixed in uTorrent.
    Last edited by a moderator: Feb 10, 2011
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.