How To Anonymize and Encrypt Your BitTorrent Traffic from the HowToGeek
Whether you’re trying to dodge an angry government, a connection throttling ISP, or the watchful gaze of media conglomerates, anonymizing and encrypting your BitTorrent traffic can help. Read on to learn how.
Photo by jin.thai.
What Is This and What Do I Need?
BitTorrent is a form of distributed file sharing. Undistributed file sharing is when you connect to a single source and download a file. When you visit a software repository online, for example, and download a new version of some application you’re engaging in an undistributed file transfer—the file went from their server directly to you.Distributed file sharing changes that model. When you use BitTorrent, a distributed file sharing protocol, you don’t download a file from a single source but instead from any number of sources.
Everyone who is part of the swarm of file sharers using the same tracker and sharing the torrent you’re downloading can potentially send you a piece of that file. Your download is no longer between you and a single source but between everyone in the swarm and you. This means anyone can join the torrent swarm and see what files you are downloading and, in turn, uploading—reciprocating to the swarm is part of the BitTorrent model.
If that person spying in your torrent activity is a hostile government, your ISP seeking to throttle your connection, or an agent hired by a media conglomerate to monitor BitTorrent networks, you can find yourself in unexpected trouble.
How can you circumvent such outcomes? By anonymizing and/or encrypting your BitTorrent traffic.
What are the upsides? Your BitTorrent traffic will be anonymous, the IP the swarm sees will not be your actual IP address. If you choose to encrypt as well as anonymize, even your ISP—the very people with direct access to your bandwidth pipe—won’t be able to see what you’re doing. You’ll be able to use BitTorrent without fear.
What are the downsides? Proxying/tunneling can slow down your connection and encryption can further slow it down. While many people are perfectly comfortable taking a performance hit in order to better secure their BitTorrent connection, it’s something to be aware of.
Ready to get started? To anonymize and encrypt BitTorrent you’ll need the following:
- For both techniques you’ll need a BitTorrent client with proxy support. We’re going to be using uTorrent on Windows.
- You’ll need a proxy/SSH provider. For this tutorial we’ll be using the popular Canadian BitTorrent proxy provider BTGuard.
- To encrypt your BitTorrent session you’ll need an additional layer of security in the form of a local proxy server that connects to your encrypted tunnel. We’ll highlight how to use both the BTGuard supplied application and the free application PuTTY to roll your own proxy server.
Configuring uTorrent for Anonymous Torrent Traffic
Run uTorrent. Navigate to Options –> Preferences (or press CTRL+P) to open up the Preferences panel. From within the Preferences panel, navigate to the Connection sub-menu.
From within the Connection sub-menu, you need to fill out the Proxy Server information. For the Type select SOCKS5, for the Proxy fill in proxy.btguard.com and Port 1025. Check Authentication and fill in your Username and Password (BTGuard users will use the same username and password they created their account with). If you’re using another service besides BTGuard, simply change the previous entries to match your service providers data.
Under Authentication check all the boxes, including “Use proxy for hostname lookups”, “Use proxy for peer-to-peer connections”. Make sure to check all the boxes under Proxy Privacy including “Disable all local DNS lookups”, “Disable features that leak identifying information”, and “Disable connections unsupported by the proxy”. Failure to check these options will compromise your anonymity and defeat the whole purpose of using a proxy server.
Restart uTorrent. If you do not restart uTorrent the Proxy changes will not take effect.
Encrypting Your BitTorrent Connection
Anonymization will protect your identity but, if your ISP is throttle happy, it won’t stop them from detecting and throttling your BitTorrent traffic. If you want the extra security of encrypted traffic and/or your ISP is shaping your traffic and throttling BitTorrent connections, this is the configuration for you.
BTGuard offers a free encryption proxy that is preconfigured. In order to use the BTGuard encryption tool, first download it from the BTGuard servers here. Install the application to C:\BTGUARD (this step is extremely important, if you install it to another directory the application will not operate properly). Once you’ve installed it, run the application.
Open up your uTorrent application once again and navigate back to the Preferences menu. Within the Preferences menu replace proxy.btguard.com with 127.0.0.1 (the address of the local computer). Leave all the other settings, including your login information, the same. Restart uTorrent for the changes to take effect. You’ll still be connected to the BTGuard servers but the traffic between uTorrent and those servers will be encrypted.
Alternatively, if you wish to use an SSH service to connect to a foreign server and anonymize your traffic that way, you’ll need to use PuTTY to connect to the SSH service and create a local proxy for uTorrent’s traffic to flow through. Note, if you’re already using BTGuard you might as well use their encryption too and skip this step. If you’re using another service and want to use their encrypted SSH tunnel, keep reading.
Putty is a free Telnet/SSH client for Windows and Linux that allows you to easily route your traffic through an encrypted tunnel. Download and install PuTTY. Run the application for the first time. The first screen you’ll see is the Session screen. Here you’ll need to enter the address of your SSH provider. The default SSH port is 22; only change this port # if your SSH provider indicates you should. Make sure SSH is checked. Go ahead and give your session a name so that you can save it for future use.
Navigate to Connections –> SSH. In the SSH sub-menu you need to create a new port configuration. Put a port number in the Source box (it can be any number that isn’t in conflict with your computer’s existing port structure, we used 12345) and then check Dynamic and Auto. Press Add to add the port.
Navigate back to the session menu and click Save to save your configuration. Then click Open to launch the SSH tunnel to your SSH host and login with your login credentials.
Once you’ve logged in via PuTTY with your login credentials you can now use PuTTY as your SOCKS server. Open uTorrent and the Preferences menu. Configure things exactly as you would for BTGuard except for the IP address put in 127.0.0.1 (the proxy server is on your computer), change the port number to 12345, and leave the Authentication section blank.
Testing The Anonymity of Your BitTorrent Connection
When you set up your web browser with a proxy server, it’s easy to visit a site like WhatIsMyIP to see if you’re surfing from the new IP address. What about BitTorrent? It’s not quite so easy. Thankfully there’s a service designed to help you check the IP address your Torrent client is broadcasting.
Once you’ve configured uTorrent using the above techniques (either anonymous but not encrypted with BTGuard, anonymous and encrypted with BTGuard, or anonymous and encrypted with your SSH provider of choice), it’s time to visit CheckMyTorrentIP. At CheckMyTorrentIP, click the Generate Torrent tab. Save the resulting torrent file to your computer and load it in uTorrent. It should look like this:
Click on the torrent and then look down in the information panel at the bottom of the screen. Click on the Trackers tab. In that tab you will get information back from the Tracker (in this case the CheckMyTorrentIP tracker.
See that IP address? That should be the IP address of your new proxy service and not the IP address of your internet connection. If you see the address of your internet connection and not the proxy server you need to go back and double check your configuration.
You can also visit CheckMyTorrentIP and click on the Check IP tab to see all the IP addresses your torrent file has connected from:
There you have it. If the IP addresses are those provided by your proxy/SSH provider and not your home IP address then you’re in the clear. All your BitTorrent traffic will be routed through that IP address and your private IP address will never be broadcast to the greater internet!