SEARCH

How-To Geek

How To Anonymize and Encrypt Your BitTorrent Traffic

7ahgbsdh

Whether you’re trying to dodge an angry government, a connection throttling ISP, or the watchful gaze of media conglomerates, anonymizing and encrypting your BitTorrent traffic can help. Read on to learn how.

Photo by jin.thai.

What Is This and What Do I Need?

BitTorrent is a form of distributed file sharing. Undistributed file sharing is when you connect to a single source and download a file. When you visit a software repository online, for example, and download a new version of some application you’re engaging in an undistributed file transfer—the file went from their server directly to you.

Distributed file sharing changes that model. When you use BitTorrent, a distributed file sharing protocol, you don’t download a file from a single source but instead from any number of sources. Everyone who is part of the swarm of file sharers using the same tracker and sharing the torrent you’re downloading can potentially send you a piece of that file. Your download is no longer between you and a single source but between everyone in the swarm and you. This means anyone can join the torrent swarm and see what files you are downloading and, in turn, uploading—reciprocating to the swarm is part of the BitTorrent model.

If that person spying in your torrent activity is a hostile government, your ISP seeking to throttle your connection, or an agent hired by a media conglomerate to monitor BitTorrent networks, you can find yourself in unexpected trouble.

How can you circumvent such outcomes? By anonymizing and/or encrypting your BitTorrent traffic.

What are the upsides? Your BitTorrent traffic will be anonymous, the IP the swarm sees will not be your actual IP address. If you choose to encrypt as well as anonymize, even your ISP—the very people with direct access to your bandwidth pipe—won’t be able to see what you’re doing. You’ll be able to use BitTorrent without fear.

What are the downsides? Proxying/tunneling can slow down your connection and encryption can further slow it down. While many people are perfectly comfortable taking a performance hit in order to better secure their BitTorrent connection, it’s something to be aware of.

Ready to get started? To anonymize and encrypt BitTorrent you’ll need the following:

  • For both techniques you’ll need a BitTorrent client with proxy support. We’re going to be using uTorrent on Windows.
  • You’ll need a proxy/SSH provider. For this tutorial we’ll be using the popular Canadian BitTorrent proxy provider BTGuard.
  • To encrypt your BitTorrent session you’ll need an additional layer of security in the form of a local proxy server that connects to your encrypted tunnel. We’ll highlight how to use both the BTGuard supplied application and the free application PuTTY to roll your own proxy server.

Our instructions will help you configure any SOCKS proxy to work with uTorrent (or another proxy-friendly BitTorrent client) but we’re going to be setting it up for BTGuard. If you don’t have an anonymous proxy yet, BTGuard is a solid choice and costs a mere $7 a month. Get your proxy information handy or go sign up for a BTGuard account here. before continuing.

Configuring uTorrent for Anonymous Torrent Traffic

2011-10-11_145756

Run uTorrent. Navigate to Options –> Preferences (or press CTRL+P) to open up the Preferences panel. From within the Preferences panel, navigate to the Connection sub-menu.

From within the Connection sub-menu, you need to fill out the Proxy Server information. For the Type select SOCKS5, for the Proxy fill in proxy.btguard.com and Port 1025. Check Authentication and fill in your Username and Password (BTGuard users will use the same username and password they created their account with). If you’re using another service besides BTGuard, simply change the previous entries to match your service providers data.

Under Authentication check all the boxes, including “Use proxy for hostname lookups”, “Use proxy for peer-to-peer connections”. Make sure to check all the boxes under Proxy Privacy including “Disable all local DNS lookups”, “Disable features that leak identifying information”, and “Disable connections unsupported by the proxy”. Failure to check these options will compromise your anonymity and defeat the whole purpose of using a proxy server.

Restart uTorrent. If you do not restart uTorrent the Proxy changes will not take effect.

Encrypting Your BitTorrent Connection

Anonymization will protect your identity but, if your ISP is throttle happy, it won’t stop them from detecting and throttling your BitTorrent traffic. If you want the extra security of encrypted traffic and/or your ISP is shaping your traffic and throttling BitTorrent connections, this is the configuration for you.

BTGuard offers a free encryption proxy that is preconfigured. In order to use the BTGuard encryption tool, first download it from the BTGuard servers here. Install the application to C:\BTGUARD (this step is extremely important, if you install it to another directory the application will not operate properly). Once you’ve installed it, run the application.

Open up your uTorrent application once again and navigate back to the Preferences menu. Within the Preferences menu replace proxy.btguard.com with 127.0.0.1 (the address of the local computer). Leave all the other settings, including your login information, the same. Restart uTorrent for the changes to take effect. You’ll still be connected to the BTGuard servers but the traffic between uTorrent and those servers will be encrypted.

Alternatively, if you wish to use an SSH service to connect to a foreign server and anonymize your traffic that way, you’ll need to use PuTTY to connect to the SSH service and create a local proxy for uTorrent’s traffic to flow through. Note, if you’re already using BTGuard you might as well use their encryption too and skip this step. If you’re using another service and want to use their encrypted SSH tunnel, keep reading.

Putty is a free Telnet/SSH client for Windows and Linux that allows you to easily route your traffic through an encrypted tunnel. Download and install PuTTY. Run the application for the first time. The first screen you’ll see is the Session screen. Here you’ll need to enter the address of your SSH provider. The default SSH port is 22; only change this port # if your SSH provider indicates you should.  Make sure SSH is checked. Go ahead and give your session a name so that you can save it for future use.

2011-10-11_154822

Navigate to Connections –> SSH. In the SSH sub-menu you need to create a new port configuration. Put a port number in the Source box (it can be any number that isn’t in conflict with your computer’s existing port structure, we used 12345) and then check Dynamic and Auto. Press Add to add the port.

2011-10-11_153949

Navigate back to the session menu and click Save to save your configuration. Then click Open to launch the SSH tunnel to your SSH host and login with your login credentials.

Once you’ve logged in via PuTTY with your login credentials you can now use PuTTY as your SOCKS server. Open uTorrent and the Preferences menu. Configure things exactly as you would for BTGuard except for the IP address put in 127.0.0.1 (the proxy server is on your computer), change the port number to 12345, and leave the Authentication section blank.

Testing The Anonymity of Your BitTorrent Connection

2011-10-11_160143

When you set up your web browser with a proxy server, it’s easy to visit a site like WhatIsMyIP to see if you’re surfing from the new IP address. What about BitTorrent? It’s not quite so easy. Thankfully there’s a service designed to help you check the IP address your Torrent client is broadcasting.

Once you’ve configured uTorrent using the above techniques (either anonymous but not encrypted with BTGuard, anonymous and encrypted with BTGuard, or anonymous and encrypted with your SSH provider of choice), it’s time to visit CheckMyTorrentIP. At CheckMyTorrentIP, click the Generate Torrent tab. Save the resulting torrent file to your computer and load it in uTorrent. It should look like this:

2011-10-11_150452

Click on the torrent and then look down in the information panel at the bottom of the screen. Click on the Trackers tab. In that tab you will get information back from the Tracker (in this case the CheckMyTorrentIP tracker.

2011-10-11_150231

See that IP address? That should be the IP address of your new proxy service and not the IP address of your internet connection. If you see the address of your internet connection and not the proxy server you need to go back and double check your configuration.

You can also visit CheckMyTorrentIP and click on the Check IP tab to see all the IP addresses your torrent file has connected from:

2011-10-11_160049

There you have it. If the IP addresses are those provided by your proxy/SSH provider and not your home IP address then you’re in the clear. All your BitTorrent traffic will be routed through that IP address and your private IP address will never be broadcast to the greater internet!


Have a tip or trick for secure and anonymous torrenting? Let’s hear about it in the comments.

Jason Fitzpatrick is warranty-voiding DIYer and all around geek. When he's not documenting mods and hacks he's doing his best to make sure a generation of college students graduate knowing they should put their pants on one leg at a time and go on to greatness, just like Bruce Dickinson. You can follow him on if you'd like.

  • Published 10/11/11

Comments (32)

  1. Got A Q

    will setin this up affect other applications, such as a browser, or only utorrent?

  2. Jason Fitzpatrick

    @Got A Q: Only uTorrent. You’re specifically going into uTorrent and instructing it to ignore/override your local network settings and to use the remote server instead. Everything else on your computer (browsers, cloud based apps, etc.) will continue to function just like it always has.

    If you *wanted* to, however, could route any SOCKS enabled application (such as Firefox or mIRC) through the proxy to anonymize the traffic.

  3. lol

    SEEDBOX! i used capitals seedbox and SFTP job done

  4. Somebody

    Are there any free SSH providers like BTGuard?

  5. mahamat

    just use peerguard
    100% free

  6. Jason Fitzpatrick

    @lol: If you’re serious about torrenting, a Seedbox is pretty awesome. Bytesized Hosting offers some great boxes.

    @Somebody: There *are* free SSH shell accounts, but it’s considered pretty bad form to take a free shell account and overload it with torrent traffic. Unless the free host specifically says that torrenting is OK, then it’s better to pay a few bucks a month with a host that explicitly approves of such use (and is prepared for the traffic).

    @mahamat: Peerguardian gives a false sense of security and gives more false positives than it effectively blocks companies out to sniff your personal info. Take the time to set up a proper proxy/SSH connection.

  7. dawg

    Peerblock has worked great for me. It keeps comcast out – I can tell because if I forget to start it while torrenting they hit the router with something that causes me to have to reset the router in order to have any internet traffic.

  8. Indisent

    Could you use Tor instead of BTGuard?

  9. Steve

    Do PeerBlock the same work as BTGuard?

  10. Nakaan

    @Indisent
    Tor explicitly forbids using P2P software over their network. They’re about free and anonymous communication, not free files. Besides, as Jason Fitzpatrick said above me, it’s considered really bad form.

  11. Nakaan

    @Steve:
    No, BTGuard is a VPN/Proxy service which determines how your traffic is routed. PeerBlock simply refuses connections to “bad” IPs. I used PeerBlock a while back and it caused more troubles than helped (ended up getting a cease-and-desist letter from Bethesda).

  12. dima

    can anyone recommend me a free alternative to BTGuard?

  13. smoaky

    @dima
    Try Hotspot Shield or Cyber Ghost VPN

  14. horizonguy

    If you set this up (using BTGuard), do you no longer need Peerblock?

  15. lucybellepeso

    Do you have anything like this for Android using tTorrent?

  16. Jason Fitzpatrick

    @Dawg: That’s not how Peerblock works. It simply blocks communication with remote computers over the internet, it does not hide internet traffic from your ISP. Your ISP has direct access to your pipeline and can easily monitor it for unencrypted BitTorrent traffic if they wish to shape/throttle your traffic.

    @Indisent: I would recommend against it. First, the Tor network wasn’t designed for heavy BitTorrent traffic and they forbid using it for such. Second, it’s a free service designed to help people communicate anonymously and you’d be taking advantage of it. Third, you’re not really anonymising your IP to a 3rd party that specializes in IP anonymization you’re passing the risk onto somebody operating a TOR node somewhere… and possibly right in your home town. That’s extra bad form to bring that kind of trouble on somebody’s head.

    @Steve: No. Peerblock is simply a program that blocks your computer from communicating with a black list of IP addresses known to belong to governments, media companies, and other people you may wish to avoid communicating with. It does nothing to hide your identity; any one of those organizations could simply use an IP address that isn’t on the blacklist to effectitively circumvent it.

    @Horizonguy: That is correct, you would no longer need any IP blocking/filtering software. Since such software is of dubious merit anyway, you’ll be far better off without it.

    @Lucybellepeso: If tTorrent supports proxy servers, yes you can use BTGuard with it. If it does not, you’ll need to look into proxying your entire Android connection. There is a blog devoted just to testing out Android proxy applications, you can check it out here: http://android-proxy.blogspot.com/

  17. Antje(nonymous)

    Just for thoughts, if I am really paranoid, Would BTGuard, Google Public DNS and pipfilter.dat make the ultimate combination?

  18. Nimrod

    I use a seedbox located in Europe and I download the data to Canada using either FTP protocols (not sftp) or http links thru my browser.
    Should I be using sftp instead?
    Seeing that none of the data will be trasnferred to me via torrents, I should be able to fly under the radar, right, or am I missing something here.
    I know the Canadian government is trying very aggressively to pass a bill to allow them to monitor what is being transferred, bit if I’m using undistributed channels, I should be fine …???

  19. thyme676

    I think a better solution is to give USENET a try. I paid for 150GB in bandwidth and after like 6 months I’ve only used a bit over half. So the cost now is less than $5 a month if you split it up. Sure there isn’t as much variety/obscure stuff, but you get all of your download speed, all the time. I think HTG has a guide on it but it’s pretty simple.

  20. শাওন

    What about on Linux?

  21. bill

    looks like my pw is too long in the preferences/VPN field for uTorrent

  22. rob

    What security if any is provided by using ONLY private trackers such as “ilovetorrents” or “torrentday” for ALL torrent downloads and uploads?

    And, considering the negative opinions above about Peerblock, is using Peerblock in conjunction with “private” torrent trackers (such as those I noted above) of any added benefit at all as regards security?

  23. Max P.

    Jason Fitzpatrick, October 12, 2011 12:27 pm
    Not only that, it actually doesn’t anonymize you. One of a few ways to de-anonymize is through the DHT. It’s discouraged anyway by both parties: Tor developers as well as Vuze developers. One Vuze developer actually doesn’t know why the feature is still in Vuze (IRC: “it has been there for ages, no idea why it was added back then”).

    hal.inria.fr
    Finally, the third attack consists in exploiting the DHT to search for the public IP address of a user. Indeed, whereas Tor does not support UDP, BitTorrent’s DHT uses UDP for transport and when a BitTorrent client fails to contact the DHT using its Tor interface, it reverts to its public interface hence publishing its public IP address into the DHT. As the content identifier and the port number of a client transit through the exit node, and port numbers are uniformly distributed, an attacker can use this information to identify a BitTorrent user in the DHT. This DHT attack is very accurate and works even when the peer uses Tor to connect to other peers.

  24. Max P.

    rob, October 13, 2011 2:38 pm
    neuron2neuron.blogspot.com/2006/05/blocklist-balderdash.html

    If the lists are correct I suppose you could use it for surfing though to see who you are connecting to. You will be forced to whitelist a few websites to watch videos or w/e, but it kind of works like a hosts file if you will.

  25. Rishabh

    Please suggest the various FREE way to accomplish this task in detail.
    I’m curious to know how I can do it on a windows PC using utorrent o_O.
    Any help will be appreciated. Thanks in advance. :-)

  26. horizonguy

    UPDATE – I signed up with BTGuard and followed this install and it is working, but the torrents are incredibly slow (nothing above 25k per sec). I have 15mbps service and was getting up to 1mbps torrent downloads using just Peerblock. What’s the point of setting this all up if it doesn’t offer comparable speeds? Speed tests online show my speed is correct outside of uTorrent/BTGuard…

  27. sleeping cat

    Just use uTorrent you can set it to encrypt your bit traffic.

  28. Lightingbird

    Hmm…

    I use uTorrent and peerblocker. I just used that site and my IP came right up! Ha that shocked me. Now, I have my utorrent set to only grab files from people with encrypted connections. I’ve never been throttled down or got a warning letter. I’ve thought about getting a extra service for the added security but will my speed take that much of a hit? I have a 60mb connection and I’d hate for it to drop to nothing.

  29. Max P.

    Rishabh, October 15, 2011 1:50 am
    No one would offer such a service. Try I2P for free.
    torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/

    horizonguy, October 15, 2011 10:07 am
    Contact them. Also check your settings: infinite-source.de/az/az-calc.html

    Lightingbird, October 15, 2011 11:00 pm
    I would say it depends where you live.

  30. horizonguy

    Max P. – thanks for the tip – I used the recommended settings via the link you provided and it definitely worked much better….for about an hour – then it reverted right back to the original speeds I was getting (25k max speed per torrent). It seems like I am getting throttled using any service. I guess this is viable if you want to download just 1 or 2 files. I cancelled my BTGuard account, but will continue to do more tests until my paid subscription ends.

  31. Seth

    I use http://openvpn.net/ it is only $20 a month for VPN which hides your IP address, I was downloading some files from a torrent and received an email from my ISP about it being copyright work. I then went and got openvpn and have had no issues since then. $20 is worth it for me. You pay, they send you a link to download a client, you get a user name and password and your off, there is no speed degradation at all.

  32. Max P.

    horizonguy, October 18, 2011 11:34 am
    I’ve never used an anonymizing service, but there must be something wrong with your config.
    Can you say with certainty that you have configured everything as show in the article?
    Visit µTorrents’ forum; if unsuccessful the BTGuard forum.

Enter Your Email Here to Get Access for Free:

Go check your email!