With the influx of new p2p movie streaming apps like Popcorn Time, and a system for copyright infringement notices about to begin in the UK, I thought it might an apt time to remind you of some basic torrenting safety guidelines. I’m not going to be preachy and pretend I don’t know what you use torrents for, but I am going to ask that you stay safe regardless – both legally, and from a computing perspective. No one wants to end up in prison or handed a hefty fine.
Not sure what torrents are? Read our free guide to torrents. Please don’t ask me in the comments what the best torrent sites are or beg for private tracker invites. I don’t condone piracy of any kind, and you’ll waste my time banning you.
The Truth About Popcorn Time, Flixtor, Zona (And So On…)
Popcorn Time set the Internet alight when it was released earlier this year: it was a better experience than Netflix, with a wider selection of all the movies and TV shows you could possibly want, and completely free.
The original project was shut down rather quickly, but with the code being open source numerous forks were made and clones developed. However, some users were completely ignorant of where the content actually came from. There is after all, no indication in the app itself of anything illegal (newer clones have added a warning to the download page) – it looks just like a streaming service, with nice DVD covers and a great looking interface. Even users who were aware that the files were obviously of dubious legal origin weren’t necessarily also aware of the underlying technology, believing it to work like any other streaming Internet site.
The truth is that the app itself (and all the clones) are based entirely on torrents. When users stream media, the app downloads a torrent file, joins the swarm, and immediately seeds the file back out to everyone else. From the perspective of anti-p2p organizations and the companies hired to monitor torrents, this is no different to anyone heading over to the PirateBay and downloading it using a traditional torrent client. Popcorn Time is a just very pretty media index and torrent client in one package.
Note: since the original project was taken down, there has a been a bit of controversy over the Time4Popcorn clone, including possible attack vectors for malware (though no evidence of it being used for such yet) and the use of a centralised server that could be subverted. Please consider using the Get-Popcorn clone instead.
My point is: don’t be under the illusion that you’re protected simply because you’re using these apps to stream content instead of more directly using a torrent client. It is exactly the same thing underneath with a pretty interface on top, so every precaution you should take when downloading a torrent still applies when using this new breed of streaming applications – namely….
Use a VPN
The very nature of peer-to-peer torrent technology means that everyone who attempts to download a file is given a list of everyone else doing the same: you become both the downloader, and uploader. Even if you’ve set your client to never upload, you’ll still be on the list as a peer.
It should therefore be obvious that anti-p2p organizations could do the same thing to figure out who is downloading a specific file. Companies are paid to monitor specific torrents by the copyright owners, which they do by downloading it themselves, checking the swarm, and keeping a record of every IP address they see. Your IP address is cross-checked against a known list of ISPs. Your ISP is contacted, and they may be forced to pass on the details of the customer associated with an IP at a specific date and time, or asked to take action themselves (as is the case in America and soon also the UK, sending warning letters to infringing subscribers). Fines, and possible disconnection await repeat infringers.
To clarify the situation in the UK: the warning letters will not have any action taken, and will simply stop after 4 have been sent. But still – do you want to be on that list? Do you really want your ISP to know you were downloading “Big and Busty BDSM Babes” while the country is on a moral crusade?
Using a VPN is the only safe way of having any contact with torrents, period. Tunnel your connection through a torrent-friendly VPN that won’t keep records of who was using the service and when.
This video from CyberGhost VPN explains the concepts.
Good VPNs cost money. Yes, you can find free VPNs suitable for 5 minutes of privacy when using public Wi-Fi in an Internet cafe, but they are as good as nothing when it comes to torrenting. We maintain a list of best VPNs here, but not all of them are torrent friendly. Private Internet Access is the most commonly recommended for p2p users, though this isn’t a personal endorsement as I’ve never used them. When purchased yearly through PIA, a VPN can cost as little as $3.33 per month.
Seedboxes are a private computer rented from someone else: that machine, and therefore the IP address of that other machine does the downloading instead of you. Originally designed to make seeding of torrents easier without requiring your machine to be on 24/7, they also have the benefit of placing you one step away from legal implications. You’re provided with a remote management interface, and an FTP login so you can grab the completed downloads without using the torrent protocol. For those without legal concerns, Seedboxes are also useful to get around traffic shaping or networks where the torrent protocol is completely blocked.
This spreadsheet maintained by the Reddit r/seedboxes community is a comprehensive list of seedbox providers. Prices range from about $15 for a good level of service, though cheaper plans can be found. Many heavy users will combine a Seedbox and VPN for the ultimate in privacy.
Peerblock / Peerguardian Doesn’t Do Anything
Peerblock is like a firewall against the bad guys. The app maintains lists of “bad IP” addresses belonging to anti-p2p organisations, universities, law enforcement agencies, etc. – and prevents those from connecting to your machine. In theory, this will stop you from being added to their lists. In reality, they don’t need to actually connect to your machine in order to see you’re in the torrent swarm and actively downloading/uploading a file; the lists often prevent useful peers from seeding a file to you because their IP happens to be in a block owned by a certain company or university. The app provides a false sense of security and will not provide any protection when using torrents.
Don’t use it.
Avoid Software: Malware Risks
It is possible to embed malware inside music and movie files, but it’s highly unlikely and only works on specific media players. Sticking to standard codecs like AVI and MKV, and using an up-to-date version of VLC to play movie files for instance, will mitigate the chances of contracting malware. Windows Media Player on the other hand is most commonly targeted since it’s so badly coded and the default for many users.
Still, you’re relatively safe when downloading movies and music from the Internet, at least from a malware perspective. This doesn’t include “fake” movies, which are can be an executable file renamed to give the impression it’s a movie.
Software and games on the other hand are by their nature, executable files, and as such can contain executable malware code. If you absolutely must download software or games, don’t be the first: wait until it has a large number of completed downloads and comments reporting safety. Even then, safety isn’t guaranteed, but at least you’ve had the benefit of other users testing it first.
Sadly, virus protection suites can’t be relied upon: most virus scanners report false positives on nearly every “keygen” program out there, which are packed with games and software to generate useable licence keys or crack the software. There is no safe way to run pirated software.
The safest option then, is to steer clear entirely of software and game downloads. If you don’t mind waiting, Steam sales will net you bargains on gaming titles year or two old, and there’s almost always a decent open source or cheaper alternative to popular software titles.
I don’t condone downloading copyright materials, nor can I make any guarantee you won’t get in trouble even after following all this advice – but if you’re going to anyway, these tips are going to give you the best chance of not getting in trouble.
Do you have any other tips you think I’ve missed? Have you ever received letters from your ISP for using torrents?