Hi, I’d like to set the sails due to being frustrated with streaming services, but I have some questions beforehand. I hope, you can help me with that, since lurking and reading the Megathread/Wiki didn’t really answer my questions. Thanks for your help.
-
Is just using a fitting VPN (I’ve read about Mullvad and ProtonVPN in this community) safe enough to not get caught? I’m located in germany, so sharing even as much as a few kB of pirated content can cost me thousands of euros. I want to be really sure, that I won’t get letters from some lawyer soon. All, that I’ve read so far is basically: Setup VPN and your Torrent software, including kill switch and maybe get into private trackers. Thats it. Is this really enough? Can I do more to be safe? What exactly is the risk with public trackers (as they are often mentioned as the “low hanging fruit” for copyright lawyers)?
-
I’ve read the post The complete guide to building your personal self hosted server for streaming and ad-blocking, which mentions many tools to setup. I’m sure these help me find and view content. But are there good resources explaining the functionalities of this software? I’m familiar with Docker and I know about Jellyfin, but it is really unclear to me, what exactly all the other tools do.
Big thanks from a long time lurker!
A VPN is enough for torrenting, as long as the VPN provider isn’t logging. I personally use AirVPN because they have port-forwarding but I’ve used Mullvad before. I also live in Germany and I’ve never gotten in trouble.
The guide you linked seems a little outdated, Jackett has been replaced by Prowlarr, which is there to have a central location to manage your trackers. If you plan to use Jellyfin, you should also use Jellyseer instead if Overseer. The *arr services are the ones that actually search for the files to download by using the trackers you set up in Prowlarr. You don’t need all the *arr services, I only have Sonarr and Radarr, which are for shows and movies respectively. I also have Bazarr for subtitles. AdguardHome is only for ad-blocking, might be useful to you but isn’t needed. Idk why that’s even in the guide. Flaresolverr is something I’ve never heard about and I don’t use it, so I can’t tell you anything about that. Heimdall is something I don’t need because I use YunoHost, which has a dashboard already but it might be useful to you.
AirVPN isnt based on Italy? Watchout Italy is a place where Lawfull Interception is easy to implement. I understand the portfowarding thing, stick to ProtonVPN. You need a VPN where countries do the things right, I’m not saying Italy is not one of those. But Switzerland, seems like the best option to resolve any issue.
Maybe… You can use i2p.
BTW cryptostorm is a very old and very known for the paranoid owners. They are really tech savvy, you should give them a try. They do not have a nice, client for windows, and doesn’t for Linux they use nm for connections. I think that’s where you know they don’t want to be more famous , like mullvad orprotono or the others.
Hey fellow german :D
Yeah, trusting the VPN provider to not log is a decision I was hesitant to make. Do you take precautions when paying for the VPN service, like paying with crypto or similar? I guess easiest would be paying via paypal or similar, but is that OK for opsec?
I guess I have to do a bit more research about trackers, which and how to use them. Thats for sharing your setup.
I might start sounding like a shill, but Mullvad has a great track record so far. They’ve been raided by police and they’ve walked away with nothing. They also fairly recently migrated fully to a diskless RAM only infrastructure also.
The previous poster kind of hinted on this, but Mullvad removed port forwarding from their services, so keep that in mind.
Also for payment, Mullvad will accept cash over mail so you can’t be traced digitally by payment.
XD cash over mail, ok. But I guess for only a couple of euros that is worth a try. They seem to be located in Gothenburg, Sweden. Might try that. Honestly their website is really based. Thats for the suggestion with cash over mail.
For what would I need port forwarding?
Makes you connectable. If you don’t forward ports for your torrent client you can only connect to peers who are port forwarding, meaning you will download and upload more slowly in most cases.
Your isp can most likely tell which VPN you’re using (unless you also use tor, and even then there’s the theories that a lot of it is ran by law enforcement… depends on how paranoid you are), they will still see the quantity of traffic coming from your home to the VPN and vice versa. All they need to do is to check the IP and they’ll likely find it’s in use by … VPN service.
As long as using a VPN is not illegal in your country you can pay for it however you want really (in some places paying with crypto may make it more suspicious than if you just paid for it through PayPal), if law enforcement really wanted to find out the VPN service you use they probably could, the payment would only make it a tiny bit easier.
The key point as mentioned multiple times is to use one you trust, there’s no objectively best one, but you’ll find a lot of objectively bad ones (for privacy) if you research them. As a start just never use any which are sponsoring YouTube videos or blog articles, pretty much all of those are crap.
I’ve not gotten into self-hosting yet, but as someone who has gotten a Filesharing-Abmahnung amounting to roughly 1700€ I can tell you what I would do. All of this is of course purely theoretical.
Regarding torrenting and piracy, it is my understanding that German law (same with most other countries) has yet to find a decisive answer. But, to keep yourself safe, so far the consensus is as follows:
- Don’t use torrents.
- If you use torrents, never upload. ('Tis a trap, see below)
- If you use torrents, use a VPN.
Now let’s put this into practice, with examples for each use case. Our goal here is to never break existing German law. The further you go away from option one, the higher the risk of breaking the law.
-
Don’t use torrents. If you never interact with anything regarding torrents, you cannot be sued for torrenting, and that’s really the only issue in Germany. As far as I’m aware, you’re not liable if you simply download or stream something from a website freely accessible on the internet. Examples are streaming sites like Aniwave or download (DDL) sites like DDLbase.net. Hell, you could click on one of them and watch something right now. No one cares. To make this a bit more organized one could even use Cloudstream, which is an app that can aggregate “streaming websites” through external add-ons and it gives you a beautiful UI for it. Available for Linux, Windows and Android.
-
“If you need or want to use torrents, never upload.” is what I thought, because it sounds reasonable, right? If you look around on the internet (and in my personal use case) the courts and attorneys that send out these Abmahnungen always seem to take issue with you sharing and uploading files. And mostly music, not movies or TV series. By uploading you’re sharing files that do not belong to you. So, if you deactivate uploads on your torrent client, you’re done, right? If you don’t share, you aren’t technically breaking the law, right? Wrong. And for two reasons: (1) The process of downloading something always includes uploading some information about the download. So while you might be able to stop uploading files, you can’t stop the upload of other information needed for the correct download of the files. Which leads us to the second reason: (2) These attorneys don’t care what information you’ve uploaded, how much you’ve uploaded, what parts you’ve uploaded or how long, they just care that they caught you participating - in any way, shape or form - to their tracked torrent. You participated, you necessarily both downloaded and uploaded something, you broke the law. If you want to make sure you don’t upload nor download anything, use a Debrid service like RealDebrid which downloads it for you. Of course you’re only using it to torrent Linux ISOs for you, so you’re not really breaking the law anyway.
-
Now correctly: If you use torrents, use a VPN. You either relegate it to someone else (a Debrid service or a seedbox like Ultra.cc) or you do it yourself by using a VPN. You’re not breaking the law by connecting to a VPN or a seedbox.
Now, to the point that you’re probably most concerned about. “What if one day sharing Linux ISOs becomes illegal, what if the program or kill-switch fails, what if the VPN actually does sell my data, what if the police use brute-force and physically take the datacenters, what if X or Y protection fails?” Enter layered protection. For example:
Use a VPN, but also never upload. This way, even if your program accidentally uploads a file, it doesn’t matter because your VPN is there.Use a VPN, but also use a Debrid service like RealDebrid that downloads the torrents on your behalf. This way, even if your Debrid service sells your IP, it doesn’t matter because your VPN masked it. It is highly unlikely that both fail, and even if there’s still a risk, you’re statistically in a much better situation than you were before. You’re basically doubling your chances of success.- Use streaming and DDL-websites, but use a VPN too. Let’s say your VPN does sell your data and everyone finds out that you, you, did a thing. It doesn’t matter, because you were just browsing streaming websites, and no one cares about those.
P.s. This approach doesn’t replace using good tools to keep you safe. Similarly, it doesn’t matter if you have 5 locks on your front door if they’re all made out of chocolate. Use a good VPN, use a good torrent client, use good trackers, etc. And lastly:
Don’t stress too much.
A friend of mine uses NordVPN, has a kill-switch on the VPN and uses Stremio with a Debrid service to make sure he never uploads nor downloads any torrents on his server, and paid for it with a Paysafecard that isn’t digitally tied to him. Is this perfect? No. He is the farthest away from option number 1 and is exposing himself to risks. He can theoretically be identified if you look up the security footage of where he bought the Paysafecard. NordVPN has not been proven to be as secure as Mullvad, has no diskless servers and the clients aren’t open-source. He paid the VPN with his credit card. The single kill-switch can fail. He is still dabbling with torrents by using a Debrid service. He is using public trackers. But remember: The FBI or in your case the Bundesnachrichtendienst will not invade Panama to shut down your VPN, then threaten the developer of your favourite streaming client to install a backdoor to see that it’s really you that is pirating this show right now, and then come knocking on your door because you pirated KissXSis or the latest season of Game of Thrones. You’re simply dealing with copyright trolls and to quote someone else in this comment section: “Trolls will look for the best return on their trolling”. As long as you take just two good precautions, you will be safe from most adversaries. And that’s really all you can and want to achieve.
Edit: corrected the “upload” parts. Thanks @retro@infosec.pub!
It’s not possible to ‘not upload’. While you are downloading, you are simultaneously uploading. If a rightsholder or copyright troll is monitoring a torrent, they don’t care home much you have downloaded or uploaded. If you’re in the swarm, that’s good enough.
That explains how I got caught🤣
Jokes aside, being part of the seed is all they care about, even if you’re just leeching? The wording in those letters sounds like they take issue in you uploading and sharing that file back.
But I’ve checked, you’re right. In their communication they don’t provide anything that proves that you uploaded a file or that you’ve done that for a set amount of time, they just use your IP address and time as proof.
So, to check if I got it right: “Never upload” is simply not possible because (1) the process of downloading something always includes uploading some information about the download and (2) copyright trolls don’t care how much you upload, what parts you’ve uploaded, what information you’ve uploaded or how long, they just care that you’re participating in the process of downloading a file, and that always includes uploading some information. They simply persecute torrenters because unlike with streaming websites, with a torrent they can easily monitor in real-time which IP is connected.
Yeah, that basically it. If you download the torrent, your ip is visible, they don’t care if you upload or download. As far as they’re concerned, if your IP is there, they’ll snatch it and send you a letter.
hey Op - I went through the same journey as you recently.
I found the exact same guide you linked - but here’s what I found on my journey from knowing literally nothing to having it work.
firstly that guide is a bit outdated and very terse, in fact most of the guides have at least one thing that’s outdated and several things not explained
Here were my learning steps:
-
getting confident with the Linux command line enough that “chmod” and “chown”, user:group, rm, nano, and other basic commands weren’t foreign to me
-
getting confident enough with docker and docker compose that I understand what a container, image, compose file are and how to both manipulate them and exec commands inside them
-
understanding the basics of what a VPN is and does so the terms proxy, reverse proxy, port forwarding, DNS aren’t alien to me
-
understanding the basics of Linux file management including dotfiles, fstab, mounting, blkid, and as mentioned chmod and chown
none of this is particularly hard to grasp once you’ve grasped it but most guides you see and people you meet along the way will assume all of the above is second nature to you. at first I would pull my hair out seeing suggestions like “have you shelled into the container to curl your public IP?” like what the fuck does that even mean
I started with VPN as thats the important protective part. I paid for Mullvad because its fairly cheap and stuck with it all the way. First I used their GUI app and then later I switched to Tailscale and ran it as an exit node.
I also found guides like YAMS (Yet Another Media Server), dockSTARTer, Trash Guides and the Servarr wiki and would jump between them, Uninstalling, reinstalling, going down paths that didn’t work and formatting my raspberry pi and starting from scratch several times. It took me about 6 weeks to skill up to the point where I’m confident knowing about all the parts of my setup.
I’m happy to answer all the questions I can (bear in mind I knew nothing about this a few months ago, but my newbie perspective could help because I know what it’s like to not really know what half these terms mean)
PS:to specifically answer “what do these tools do”
- Ombi (optional) – allows other people (or yourself if you like) to select requests for things to download (tv shows and movies)
- qBittorrent - the torrent download client, takes a torrent from Prowlarr (see next point) and downloads it to your storage
- Unpackerr (optional) - if it happens to download as a rar or zip file, unzips it for you
- Prowlarr (replaces Jackett) – takes requests from Ombi (optional part) or Radarr/Sonarr/Lidarr (usually de rigeur) and uses trackers to find torrents. Trackers are services that take “I am looking for this movie” and turn it into “here is the torrent”. Prowlarr is where you manage the Trackers
- Radarr (movies), Sonarr (tv), Lidarr (music), Whisparr (porn), Mylar (comic books), and Readarr (books) are part Ombi (find me this movie) but when qBittorrent has finished downloading and Unpackerr has unzipped it, puts tv shows together into series/seasons, handles the meta data, organizes everything for you and talks to the other apps so your library isn’t just a /downloads/ folder full of random crap, also sometimes you’ll download episodes 1 and 2 from one source, 3 and 4 from another, Sonarr gives you a UI to group them all together.
- Jellyfin then let’s you watch these on your TV
Thanks for your answer. I’m well versed in Linux and Docker due to heavy personal and professional use. For me it is a I-cannot-know-what-I-don’t-know situation. Your explanations of the tools helps quite a lot. When I have enough time again (maybe at the weekend) I will setup Mullvad and some of the mentioned tools, without loading first. Then, when I’m sure bout the setup I can start
-
A VPN is a great start, but there’s a few things you can do to make yourself a bit safer.
I like Mullvad for it’s client that allows me be in a lockdown mode where access to the internet can only go through a VPN. It’s a killswitch and you’re going to want one no matter who provides your VPN. The reason you want a kill switch is because your computer may otherwise connect to your home or office network and leak your IP address.
If you torrent you’ll want a torrent client like qBitTorrent because under advanced settings in that program you can set it to only work on your VPN’s network interface. This adds a second wall of protection to make sure you don’t leak your IP address.
At this point your ISP isn’t going to know any much more than you’re using a VPN and torrenting, but that’s all. And you’re probably good right here, but there’s more you can do if you’re really worried.
By tweaking some wireguard settings in the Mullvad client you can even obscure your torrenting traffic altogether. At that point your ISP won’t have much more to report than that you’re using a VPN.
You’ll then want to test your VPN is working well with your torrent client by using Torrent Tracker IP Checker or something similar. Verify that your IP is what it should be.
And if you’re feeling extra motivated, doing all of this on a separate computer running linux would be ideal so that you can ensure no software running on your rig deanonymizes you, and can keep it locked when not in use.
VPN, in addition to masking your real IP, will also encrypt all of your Internet traffic, even from your ISP.
What does that mean? Encryption is a means of making your data unreadable to everybody except those with permission to view it (you and the other person you’re talking to; servers in this case). Your ISP (otherwise known as your Internet Service Provider) is not your friend. They will turn your Internet traffic data over if asked.
This will include, at a minimum, any DNS lookups (more on that in a moment) and any unencrypted (http://) websites you have visited. A VPN can prevent this by obfuscating your Internet traffic. It is a special ISP (of sorts) that should not be logging anything you do on the Internet.
Back to DNS (Domain Name Service). Just like with phones, the Internet uses numbers to connect to other servers. And like a contacts list, DNS is a way to map those numbers to names. For example, one of the IPs used by www.google.com is 142.250.72.132. It would be near impossible to remember all the IPs used by every website, so we use DNS servers to translate them for us. It’s more complex than that of course, but good to understand the basics.
Back to the topic of VPNs. As long as you use a reputable VPN that doesn’t log your internet traffic, you should be safe from pesky lawyers knocking at your door. The beautiful thing about a VPN is that typically you set it up and forget it’s there.
Lastly, my best advice I can give you is to trust your instincts. If something feels too sketchy, then don’t do it. Some things are not worth the consequences. Happy sailing!
I’m having doubts about the VPN provider not logging. To trust them is a decision to be made. For simple things (like masking my internet usage when in a public wifi) I use my own OpenVPN server on my VPS. Though I cannot use this for piracy, since I’m the only user and it is directly liked to my name and address (through my VPS hoster).
About DNS: When I setup the VPN, the DNS queries should also go through there, right? Should I additionally look into DNS Sec? For my complete home network I already ditched the ISPs DNS server (currently using cloudflares 1.1.1.1). I probably would setup a VM in my NUC, that I got recently, for the services.
Thanks for your advice. I’m thinking about this for quite a while now. When I start sailing, I want to be prepared. Currently I’m collecting all the information. Then I will decide, if I want to try it.
VPNs usually route your DNS through them as well, sometimes to other DNS servers but sometimes they just send them to your original DNS server but through the VPN, kinda up to your VPN config - all of the vpn services I’ve used to date did this, although they were all reputable ones. I’d not recommend to use a questionable VPN though.
Dnssec only verifies authenticity of the server and the integrity of the data, so it helps to prevent man-in-the-middle of DNS, it doesn’t provide privacy. Look into DNS over Https (DoH) instead. It provides e2e encryption for your DNS traffic which achieves what dnssec does, but also gives you privacy. DNS over TLS (DoT) also does this, but it runs on a different port so it’s easier to block (e.g. if your isp decided they don’t like private DNS), while with DoH your DNS traffic looks the same as other web traffic - and afaik it can’t be blocked. As above, it’s likely this is not needed for use with a VPN, but I’d recommend looking into in general for use even when not on the VPN. Things like controld or nextdns can give you even more peace of mind (although read up on their policies for yourself)
Pihole also can be your sole DNS provider and then you can pick your upstream server.
Thats what I have in my home network. Upstream is currently cloudflares 1.1.1.1
A VPN is just a relay. Copyright trolls know you are uploading because you are connected to the swarm. Whatever IP address the swarm sees, the trolls will also see.
You can make it harder on them by selecting a VPN provider that doesn’t log. You can make it harder for them to put pressure on your VPN by selecting an endpoint in a location unfriendly to trolls. Make them cross multiple jurisdictional boundaries if they want to get to you.
Trolls will look for the best return on their trolling. If they ever decide to come after VPN providers, they will probably target the one with the largest number of pirates in their jurisdiction. Consider a VPN provider outside Germany and the EU. South American or Asian VPN providers might be good choices for you.