this post was submitted on 20 Jun 2023
115 points (97.5% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54500 readers
748 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

So I'm pretty recent to the high seas but I've seen a few posts now about "stop relying on your VPN" and "people that think VPNs will protect them are naive" and so on.

So since I believe knowledge is our greatest weapon/tool/super-power, can we get some answers regarding what exactly the doomsayers are getting at? ELI5 why VPNs wouldn't protect your anonymity.

Is it about logging? The country your end-point is in? Something more technical?

Ultimately I'd like to be fully armed in order to keep making the best choices for my fledgling ship as it navigates the vast, stormy seas.

top 50 comments
sorted by: hot top controversial new old
[–] Ilandar@aussie.zone 61 points 1 year ago (1 children)

The people saying that are either idiots or private tracker snobs. VPNs are absolutely an important part of shielding yourself from any potential legal action, particularly if you are torrenting.

It's true that a VPN doesn't make you or your activity completely anonymous - you are trusting the logging policy of your provider - and won't necessarily protect you against a court order, for example. However the only realistic danger to a small scale pirate such as yourself is the copyright troll who traces torrent IP addresses back to your ISP, thereby identifying you. If you mask your IP address with a VPN, you prevent them from doing this efficiently and effectively protect yourself from the threat of legal action.

[–] Banzai51@midwest.social 16 points 1 year ago (4 children)

And encrypting your traffic so your ISP can't definitively see what you're doing. They can guess, but they can't definitively tell. That encrypted traffic is a shield for your ISP. When an IP holder demands something, the ISP can say it is encrypted and they can't read it. It forces the bulk of the work back onto the IP holder. If your VPN is doing what it claims to do, then the work of that IP holder gets extremely difficult to downright impossible.

[–] Pulp@lemmy.dbzer0.com 5 points 1 year ago (1 children)

The copyright troll would be sending the emails to the VPN provider's host. They won't even know who your ISP is.

load more comments (1 replies)
load more comments (3 replies)
[–] CausticFlames@sopuli.xyz 38 points 1 year ago (8 children)

The thing with VPN's is that you're only shifting the trust from your ISP to your VPN provider. That provider can still see pretty much everything you're doing and your real IP, if they wanted to. To add to this, plenty of VPN companies have been found logging when they said they didn't. I would say either set up traffic for I2P, or simply go with an actually no logs VPN company like Mullvad, who's been battle tested and doesn't log, and you'll be fine.

People also say that because it's important to understand what a VPN is and does as well. It wasn't originally meant to be any sort of anonymity tool, the technology exists to make it seem as if your traffic is coming from somewhere else - which allows for things like remote work on a local network.

[–] myersguy@lemmy.simpl.website 12 points 1 year ago

Important to note that Mullvad has stopped allowing port forwarding, if that is important to your VPN needs. I'm giving ProtonVPN a try now (though they don't make Linux usage as friendly as I'd like)

[–] HelixDab@kbin.social 5 points 1 year ago (4 children)

I would say either set up traffic for I2P

Any ideas on how to do this? I've tried using i2p--in Firefox--and can't seem to make it work. Sites that are supposedly up won't load. I've followed all the tutorials that I've found, and it doesn't seem to be doing what's expected. And no, I can't give any details at this second, because I'm away from my home computer, and it's been a few months since I tried.

load more comments (4 replies)
load more comments (5 replies)
[–] DrLongTRL@feddit.de 19 points 1 year ago

Almost every time "regular" people get in trouble for piracy, the reason is that they seeded something, a copyright law firm (or their contractor) noticed it, noted their IP address and then either went and got the real life address from the ISP so that they could send you "the bill" or they made the ISP send you something, depending on where you live really.

That means, as long as that that IP address that shows up on that law firms screen isn´t actually "your own", isn´t immediately traceable to you simply by calling up your ISP, you´re already one step ahead in the game.

That law firm might still try to contact the owner of that IP though, either to send them "a bill" or to get them to rat on you. And that´s why it is important that your VPN provider operates in a way that allows them to simply ignore that. Either by operating out of a country that doesn´t mandate them to "help finding you" or by simply not keeping any logs of what actual IP was connected to what VPN IP at what time.

So if you have a VPN provider that maybe operates out or through a country where piracy is legal or has proven through audits that they couldn´t rat even if they wanted, you´re highly unlikely to get into any trouble.

[–] leraje@kbin.social 18 points 1 year ago (3 children)

A VPN doesn't make you anonymous, it enhances your privacy. If you login to a named FB account you're still you. All you've done is tell FB you're using a VPN.

In terms of torrenting, a VPN client, if configured correctly, encrypts all data between the device its on and the endpoint. This means your ISP cannot spy on what you're doing. When you leech or seed it also masks your real IP.

But you have to trust your VPN provider isn't logging you. And if you use a provider who's located in a good country (legally speaking) but they own or rent servers in not so good countries (5 eyes etc) and you connect via those servers then the provider has no physical access to them. Tracking could easily be carried out without their or your knowledge.

If you pay a provider with a card or PayPal then there's a paper trail to you. Use a VPN that accepts Monero or cash physically mailed to them.

Make sure your VPN network interface is bound to your torrent client so if your connection drops, your IP isn't exposed.

[–] Pulp@lemmy.dbzer0.com 3 points 1 year ago

undefined> Make sure your VPN network interface is bound to your torrent client so if your connection drops, your IP isn’t exposed.

This is the most important step, for most even if provider logged them it's not going to be the problem when you're just torrenting

[–] plexnose@geddit.social 3 points 1 year ago (1 children)

your ISP cannot spy on what you’re doing.

ISPs dont monitor torrents, they just pass on complaints from copyright trolls. ISPs have no interest in inspecting your torrent traffic and have always resisted any attempts to make them do so.

[–] FunkyClown@lemmy.fail 3 points 1 year ago* (last edited 1 year ago)

Exactly. In Australia by law they had to block certain websites. All they did was block it via their own dns servers as it’s easy and cheap. All you have to do is use google/Cloudflare etc… for your dns and it works fine. They only care if you get complaints/legal stuff.

[–] RedCanasta@lemmy.fmhy.ml 2 points 1 year ago

Another good idea would be to use a visa gift card to purchase your VPN as an extra step

[–] crankylinuxuser@midwest.social 16 points 1 year ago (2 children)

Using a VPN and HOW you use it all depends on your operational security (OPSEC).

If you're a pirate consumer, then basically you need to keep your ISP from knowing what you're doing, to prevent copyright strikes or shit-letters from Disney etm. A good VPN is fine.

If you're a torrent creator, you need to raise your security a bit, depending on the "hotness" of the content. Rare anime torrent? Eh who cares. But you're hosting HDCams from a movie released yesterday, or games that will be released officially in a week? You need to use a VPN in a country that does not have good relations to your country of origin. Yes, that means if you're in the USA, get a Russian or Chinese VPN.

If you're leaking state secrets, Snowden talked about what he did. He cracked wifi within a 2h drive distance, used a 12dBi yagi antenna, with a burner laptop loaded with Tails (Tor linux distro), and only used 1 cracked wifi per use. Never went back to the same place. Then again, he didn't exactly fare well eventually.

[–] Socsa@sh.itjust.works 3 points 1 year ago

In addition to this, boost your anonymity by buying second hand equipment off local marketplace apps. And make a mobile jumpbox that you can plug into random USB ports and leave there, connected to public wifi.

Tbh, I'm hesitant to ever suggest a Chinese VPN. That's a great way to paint yourself with a target. 90% of good tradecraft is never giving anyone a reason to look at you.

load more comments (1 replies)
[–] plexnose@geddit.social 16 points 1 year ago (1 children)

There's often a lot of bad information about VPNs which is never backed up with any actaul evidence.

Sure, you have to make sure its working properly and bound to your torrent client, but if it is, then that's enough to protect you from copyright claims.

There is no evidence of any commerical VPN provider ever responding to a copyright notice. People mistakenly think this, when all that's really happened is they were not connected properly and their ISP got the notice direct. There is no situation where the copyright troll contacts the VPN provider, find the real user, then somehow makes the ISP send a notice to them. Doesn't even make sense.

[–] hardypart@feddit.de 22 points 1 year ago (2 children)

There is no evidence of any commerical VPN provider ever responding to a copyright notice.

Because doing so would put them out of business faster than you can say "fuck Spez".

[–] plexnose@geddit.social 14 points 1 year ago (1 children)

Exactly - snd yet people still claim their 'VPN ratted them out' - it didn't - it might hve failed, or the user never turned it on, but the VPN provider didn't get a copyright notice from Disney and forward it an ISP.

[–] bandario@lemmy.dbzer0.com 9 points 1 year ago (1 children)

Spot on. All you need to do is change adaptor in your torrent client so that it is only allowed to work with the virtual network adaptor set up by your VPN software. That way even when your connection falters, it's never allowed to send a single packet via your raw network adaptor.

[–] RSVPN@lemmy.dbzer0.com 3 points 1 year ago

This is the answer.

load more comments (1 replies)
[–] PurrJPro@beehaw.org 16 points 1 year ago (1 children)

VPNs protect your IP address, which is useful, but it ends there. Your IP is known to your VPN provider and can even still be found by those tech-savvy enough if you don't take the right precautions. Basically, VPNs are useful, but don't expect them to be the ultimate privacy multi-tool. It's more like one of many different tools to protect yourself online

[–] fell@ma.fellr.net 12 points 1 year ago (2 children)

@PurrJPro @jordank1977 The thing is, VPNs create enough friction for authorities to stop them from tracking you down for downloading a movie.

Also, in some countries it's not even authorities catching you torrent stuff, it's asshole lawyers who basically bounty hunt for media companies. It's only viable for them to screw over hundreds of people at once, they're unlikely to try and argue with a VPN provider.

load more comments (2 replies)
[–] Moonrise2473@feddit.it 15 points 1 year ago (2 children)

It depends what are you doing. Torrenting child porn? A VPN won't change anything because they'll hopefully collaborate with law enforcement to track you down.

Torrenting a tv show? Usually the vpn company will ignore any requests from law enforcement as it's not a real crime

[–] GunnarRunnar@kbin.social 19 points 1 year ago (2 children)

as it's not a real crime

Loving the nonchalantness.

[–] Uriel238@lemmy.one 4 points 1 year ago* (last edited 1 year ago) (2 children)

Copyright infringement is not a crime. It's grounds for a civil suit, but it looks really bad for Sony entertainment to try to bleed tens of thousands of dollars from a poor family trying to watch a movie they couldn't afford to watch in theaters.

Possessing or viewing CSAM is so severe a crime, you need a lawyer to dispose of it. To not do so is to stay in possession of it, which is a felony. To destroy it is destruction of evidence, which is a felony. Your only recourse is to stuff it in an unmarked box, and ask your lawyer to anonymously hand it over to the local precinct. It is essentially social toxic waste.

ETA [rant] Note that a) Sony (and all the other major studios and publishers and record labels) gladly pirates IP that is not theirs, and also underpays the people that produce their content. And b) Sony freely engages in dark patterns and odious TOSes which is one of the reasons I haven't been able to play Sony games in years. So it is actually more ethical to pirate Sony content (or again, that of any major studio, record label, publishing house or AAA game company) than it is to pay the company and support their ongoing abuse of workers, end consumers and the market.

Also there is one thing you can do to them that is worse than pirating their content, and that is not pirating their content. [/rant]

load more comments (2 replies)
load more comments (1 replies)
load more comments (1 replies)
[–] pirate@lemmy.dbzer0.com 14 points 1 year ago (2 children)

VPN is good as long as you use it correctly. I've seen people use vpn and still loging into there email or bank or do shopping while on same vpn that they use for piracy. Number one rule when using vpn is to never mix your real life accounts with the onces you use with vpn.

[–] state_electrician@discuss.tchncs.de 6 points 1 year ago (1 children)

Depends. There are varying levels of opsec and you need to tailor your precautions to the level of your opponent. In my country ISPs must deliver data if asked by a court. They can only ask for a specific IP address at a specific time. And then they would get my address. A VPN provider outside of my country doesn't give a crap and ideally also doesn't have any data to begin with. There is no way for the content industry to collect data beyond the ISP. First, because there is no legal right for them to get that information and secondly because it's too expensive. Now, if you are trying to hide stuff from the government, then I'd argue that a simple VPN is not enough.

[–] pirate@lemmy.dbzer0.com 6 points 1 year ago* (last edited 1 year ago) (2 children)

A VPN provider outside of my country doesn’t give a crap

It takes so much more resources to get your data outside your country. And if your country is a part of 5-9-14 eyes, you should not be using your countries vpn at all.

Like I said, if you're trying to hide from your government, your opsec requirements are on a whole different level than those of someone trying to download a torrent. You don't need to use TOR over a public wifi while booting Tails from USB on your laptop if you want to download Fast X. A VPN that is either not required or even better just cannot provide information to the content industry is quite sufficient in that case.

[–] Socsa@sh.itjust.works 2 points 1 year ago

The five eyes stuff is dumb. For starters, this is is a technical question, not a political one. If your OPSEC relies on guessing where the CIA does or does not have resources, you fucked up.

I can assure you, the CIA is perfectly capable of buying colo racks in Slovakian datacenters.

[–] justinalanbass@kbin.social 5 points 1 year ago (1 children)

Well, your VPN knows your address so this advice is pointless. Unless you only access your VPN through a totally anonymous ISP at a totally random location on the planet each time, probably impossible due to KYC laws, you are certainly not anonymous.

[–] plexnose@geddit.social 3 points 1 year ago

For piracy purposes its irrelevant. The VPN provider won't send you a complaint or give your details to a copyright troll. If you are hiding from the governement then maybe its a different story, but a copyright holder doesn't have the ability to force a VPN to do anything.

[–] PeterCxy@metapowers.org 8 points 1 year ago

people that think VPNs will protect them are naive

The correct way to phrase this should be

people that think VPNs alone will protect them are naive

[–] justinalanbass@kbin.social 7 points 1 year ago* (last edited 1 year ago) (2 children)

That sentiment isn't so much about piracy, but general security. Do keep in mind that the NSA can easily sniff your VPN traffic, even through logless Mullvad in theory, and access your account information to correlate and deanonymize you via subpoena. This is done routinely, and there are thousands of illegal subpoenas done yearly with no repercussion. Fortunately it seems the NSA is only going after heinous criminals, but that could also change. To be truly NSA safe is nearly impossible - did you know your password can be determined by a simple audio recording of you typing it? The NSA has frequently snuck into private residence to install keyloggers as well. What will a VPN matter in such a case?

So a VPN might prevent a DCMA notice from your ISP, but if the NSA starts caring about piracy y'all are out of luck.

[–] Banzai51@midwest.social 5 points 1 year ago (1 children)

The NSA is always going to have bigger fish to fry than busting individuals for IP violations. Risks exposing their methods in court and allowing their real targets the opportunity to harden their security even more. It would be an incredible waste of their resources.

load more comments (1 replies)
[–] Armbar@kbin.social 2 points 1 year ago (4 children)

Do keep in mind that the NSA can easily sniff your VPN traffic, even through logless Mullvad in theory, and access your account information to correlate and deanonymize you via subpoena.

Can you say more about this?

load more comments (4 replies)
[–] deCorp0@lemmy.dbzer0.com 5 points 1 year ago

Try to find a VPN that’s a nonprofit or community oriented. Usually the VPNs with the most marketing and advertising are the most profit driven and less concerned about your privacy. Use DDG, Brave search or anything but Google to research. A lot of people don’t understand that Google is just an advertising company that uses it’s search engine sell products, they also get commission through referral, so it’s in the company’s interest for you to pay more.

[–] EvilMonkeySlayer@kbin.social 4 points 1 year ago (3 children)

I think the big issue with commercial VPN's are that you are trusting your traffic through someone else's infrastructure where they're typically a target for malicious actors.

If you want to be relatively sure of your privacy, use something like a cloud vm from for example digitalocean and install wireguard on it using https://pivpn.io

I have a home vpn where I connect to my home lan using the wireguard vpn app on my phone. Which means I get more privacy since mobile providers often slurp up dns queries to sell to advertisers and also it allows me to use my pihole for adblocking on my phone.

[–] Pulp@lemmy.dbzer0.com 3 points 1 year ago

For piracy/illegal activities, note that digitalocean account & ip is directly tied to you, unless you manage to create one completely anononymously

[–] postscarce@kbin.social 3 points 1 year ago* (last edited 1 year ago) (1 children)

At the end of the day arguments for or against a particular solution are going to depend on what threats a person considers most important to protect against and where they're willing to put their trust.

[–] CmdrShepard@lemmy.one 4 points 1 year ago

And if all you're doing is downloading torrents, your need for protection is pretty low as all you're trying to do is hide your IP address from some corporate lawyers.

load more comments (1 replies)
[–] equalszero@lemmy.dbzer0.com 4 points 1 year ago

I use a VPN to avoid captivation portals. That alone makes it worth it for me since I can have free internet connection, my ISP just puts a captivation portal instead of just cutting off your internet access.

[–] AlphaCharlie@lemmy.pt 4 points 1 year ago* (last edited 1 year ago) (2 children)
load more comments (2 replies)
[–] hi65435@discuss.tchncs.de 3 points 1 year ago* (last edited 1 year ago) (1 children)

I think this is not how it works. It's like saying: I'll connect a physical lock to my laptop and I'm more secure. (Many PC laptops have on the side a standardized connector for physical locks which is often used in electronics stores)

Better to go a step back and to consider your Threat Model. What are you doing? What are things that could likely happen right now? Is adding to your security/backing up your Threat Model or is it making things worse because it's adding stuff that you don't need, making workflows so complicated you're likely to misconfigure?

To give a more practical example, there have been a lot of conspiracy theories about Antivirus software. In some sense the nay sayers are right and it actually adds possible holes since they tend to run with elevated privileges. On the other hand, does it really matter for your use case? If you download random stuff online, you should probably install one. (Probably also for your fellow humans so your computer doesn't end up being a botnet host) But if everything on your computer is hand-picked (TM), you might be actually right and they decrease security.

load more comments (1 replies)
load more comments
view more: next ›