-2

I stay on the East coast. My Private Internet Access subscription gets me New York as one of my closest virtual IP locations. I do a lot of file-sharing and i like to maintain my torrent seed-ratio. Sharing with my fellow peers is caring, as they say. However, i am faced with an internal dilemma. I am a regular at the torrentfreak website, i see the crackdown and extraordinary measures been taken on behalf of the industry lobby. Sure, its their job. I think its my job to know how to secure myself from my ISP's packet sniffing and DPI. I already use OpenVPN with all the highest settings enabled. In the New York server the IP i am assigned is a shared IP. Meaning, it probably has over a hundred other users simultaneously using the same IP that i am using as my exit IP to make requests on my behalf onto the internet. i am sure, the NSA must just be hoovering up all this delicious data by sitting upstream from the N.Y. datacenter. Speculation, i admit. Question number 1) Wouldnt it be hard to really isolate my particular torrent traffic from hundred others? So am i protected in the crowd, or more vulnerable to targeting because some idiot decided to scam someone or send an email threat and now all of the other 99 individuals are under scrutiny by the Feds?

Question number 2) Should i just have an exit IP in Netherlands or Sweden? Sure, the torrent traffic will be slower but i can live with that if i can escape from teh clutches of this dragnet surveillance. Ok so both those countries are in the 14 eyes. Fine, lets say i exit in Romania. and decide to just use a Romanian IP to do my torrenting. Am i safer from the 3 letter agencies now? Or, because the encrypted traffic is still coming back to my physical location in the States, and since its coming from Romania, the NSA is even more curious??

You see what i am getting at guys? Help me out here please!

Edit: Question to user forest. forest, if you dont mind, i would like to pick your mind a little. I have carefully gone through the links you have posted, and i had a couple of followup questions if you dont mind indulging me.

question A) I never login to email or social media accounts when i use a VPN. Plus, thebank i use frowns upon customers using VPN's to check in to their accounts. Given that my external IP is shared by atleast 100 other customers of the PIA VPN, traffic correlation seems much harder, and infact it could be possible to mistakenly attribute my activity to some other user who simultaneously generates similar amount of traffic as i do right? It would be tough to be 100% certain would you agree? Question B) For browsing purposes, if i implement a SSL socks5 proxy on my browser on top of the existing Openvpn connection, i now have 2 hops from 2 different VPN providers. Would this not be more difficult to track realtime?

nomalokumi
  • 51
  • 1
  • 5
  • This depends heavily on your threat model. If every part of your VPN is in the same country, you often are more anonymous due to there being less traffic going through heavily-monitored fiber optic cables. On the other hand, in some countries VPNs may be required to provide logs. – forest Mar 31 '18 at 04:07
  • I already answered much of this on another question: [Could logless VPNs be traced?](https://security.stackexchange.com/questions/175179/could-logless-vpns-be-traced) – forest Mar 31 '18 at 04:09
  • Anonymity is complicated. Shared IPs for example do not give you extra anonymity because you will still have a unique IP:port combination. That's the way IPs work and the reason they can support multiple people at once. It would not be possible to mistakenly attribute your activity to someone else because that other person will not be using the same port on that IP. – forest Apr 01 '18 at 01:50
  • As for doing multiple hops, this can sometimes increase anonymity, and sometimes decrease it. I would suggest you use Tor which uses three hops, and each hop is carefully selected to not result in the traffic "short circuiting" through the same area. It also uses some minimal padding and the circuits regularly change. Simply hacking up your own multi-hop proxy won't necessarily improve anonymity. – forest Apr 01 '18 at 01:51
  • Honestly though, for seeding torrents, you probably don't need heavy anonymity. Any VPN popular for file sharing would be fine. Though I would suggest instead a seedbox which will give you superior speeds and will not be as vulnerable to traffic analysis. A seedbox is just a remote server which you control that downloads and seeds torrents for you. You upload a torrent file to it, and it will let you download the finished files directly over another protocol like SSH or FTP. – forest Apr 01 '18 at 01:57
  • Thanks forest, hmm. I thought i have an internal private 10.XX.XX.XX IP internally assigned at the VPN server that my ISP IP connects into, and then my traffic exits from 443 or 80 depending if its HTTPS or plaintext. So you are saying my web requests from my browser will use a different port while using the VPN IP, and the same port number is then used to forward my traffic back to me from the VPN? – nomalokumi Apr 01 '18 at 11:35
  • https://security.stackexchange.com/questions/151845/can-port-numbers-be-detected-from-vpn-traffic i do see this post fleshing the port matter out, but maybe i just need to study it to understand what is being said. I get that the VPN should internally know which client to forward the traffic to, but im not sure if a third party observing the traffic incoming and exiting the VPN IP can attribute source and destination based on port number, because is'nt the port number for OpenVpn usually 1194 for all clients? – nomalokumi Apr 01 '18 at 11:43
  • Regarding the 3 hops of Tor for browsing, i have looked around in the dark web out of curiosity using Tor a while ago, there is just nothing really in there for me that i cant find on the clearweb. Plus its slow, and it has an identifiable signature that the ISP can detect, perhaps even with bridges and so its really not for me. I could, first bootup the VPN and THEN fire up Tor to avoid detecting by my ISP but like i said since you cant torrent over Tor anyway. You could just install Windscribe VPN free browser extension on Chrome while your VPN is on, to get a tunnel within a tunnel..so yeah – nomalokumi Apr 01 '18 at 11:51
  • Tor is not exclusively for the "dark web" (which is really, really overrated). In fact that is just an afterthought for the technology. It is meant primarily for people to anonymously browse the regular internet. – forest Apr 02 '18 at 00:38

2 Answers2

1

1 - Probably PIA is not the best VPN for seeding copyrighted material. See their page about DMCA

That being said, PrivateInternetAccess.com will do its best to assist copyright owners and their agents that report copyright infringement by a user that is using our services to the extent we can.

2 - Having their headquarters in the US (Westminster, CO) they are subject the US laws and to three letter agencies, regardless if you are using their Romanian, Swedish or any other exit node.

3 - IF (and it's a reasonably big if) they keep their word about no logs (even if were requested by any three letter agency or justice department) then it might be hard to pinpoint what are you doing with the connection. Unless they wait for you to start seeding and monitor you in real time, then you are toast. They know your public IP, what traffic you are sending and to where.

4 - If you are really worried about your privacy your best bet is to purchase some VPS on a region from outside the 14 eyes with some untraceable payment method (think XMR, for example) and set up your own VPN with OpenVPN and delete the logs yourself.

And please, don't do illegal stuff like seeding copyrighted material, but I know you won't and all this is just an exercise of imagination, right? ;))

Tux
  • 861
  • 6
  • 10
  • As for what i seed in torrents, i will plead the fifth. ;) – nomalokumi Mar 30 '18 at 17:11
  • As to your point about them being subject to U.S. laws, while that is true, since there is no mandatory data retention law in the U.S. for VPN's, they will share what they have, which is not metadata nor timestamps nor connection logs, nor total bandwidth used. They will share the signup email address i believe, and if you have paid with credit card then those details perhaps.. – nomalokumi Mar 30 '18 at 17:23
  • As to your example of buying a VPS, well....if i have a digital ocean droplet in say Sweden, it will be a IP that will have traffic to and from only me, and only my IP will be connecting to my server, so they dont even need to see the traffic in plaintext to know its me requesting those resources from the droplet out. Plus, i think digital ocean and other VPS companies, they do log! Also, if i buy a VPS, its only in that country, i cant jump between 30 countries like i can with a VPN subscription – nomalokumi Mar 30 '18 at 17:23
  • My question boils down to: Q1) If i am sharing a VPN exit IP with over a hundred users, is my traffic mixed enough to thwart traffic analysis efforts to single out me and my traffic all the way from destination to source? Q2) Will the traffic analysis be impeded if i use a non 14 eyes country location to exit out of, like Romania, OR will the fact that there is an encrypted connection from my U.S> based ISP to Romania arouse more suspicion and therefore monitoring? – nomalokumi Mar 30 '18 at 17:31
  • 1
    Even if they did not keep logs, their upstream ISP **absolutely does**. – forest Apr 01 '18 at 01:47
0

Note: let's assume this takes place within the context of a copyright owner making a false DMCA claim...

1) If you are approaching this from the standpoint of avoiding 3-letter agencies, and you reside in the US, my advice is to give up now; I don't think you'll find a single credible security professional who would claim to be able to evade a state actor while operating within their own country.

That said, 3-letter agencies rarely investigate copyright infringement crimes, and even then it is usually only in pursuing a site operator; not individuals.

Copyright owners(and nowadays, companies who do this on their behalf) send C&D/DMCA letters to ISPs based on IP blocks, and the ISP attempts to correlate that to a user account based on date+time. I have never heard of a single situation in which a copyright owner has pursued a downloader behind a VPN; their goal is to reach as many people as possible, as quickly as possible, and waiting for subpoenas and VPN sting operations(which wouldn't happen anyways for copyright infringement) just doesn't fit with expediency.

2) I have never heard of a monitoring case happen simply because of the origination/destination country; there is just too much traffic to all countries at all times to make this meaningful(except maybe NK). Even a site-by-site level would likely only happen if a site was being watched as part of an ongoing case(and once again, I'm not talking about copyright infringement cases).

tl;dr No federal agency is going after people downloading stuff, unless that thing is itself likely to be material in another crime.

If you are on a VPN, and you are not doing something that would land you on the evening news, you are 99.9999999% safe.

Angelo Schilling
  • 711
  • 3
  • 11
  • Actually operating within an adversarial country can give you certain benefits. In the US for example, there are far more taps on traffic leaving the US than traffic within the US. You will find many credible security researchers who agree. There was even a big paper detailing it called ASToria. – forest Mar 31 '18 at 04:08
  • https://theintercept.com/2014/06/18/nsa-surveillance-secret-cable-partners-revealed-rampart-a/ Begin quote "The secret documents reveal that the NSA has set up at least 13 RAMPART-A sites, nine of which were active in 2013. Three of the largest – codenamed AZUREPHOENIX, SPINNERET and MOONLIGHTPATH – mine data from some 70 different cables or networks. The precise geographic locations of the sites and the countries cooperating with the program are among the most carefully guarded of the NSA’s secrets." End Quote. I see your point Angelo Schilling and it ties in with what forest is saying above. – nomalokumi Mar 31 '18 at 08:55
  • hi forest, i have edited my original post with a couple of questions, could you take a look? Thanks! To the peeps downvoting the question, well i am just trying to learn more about keeping myself secure from all sorts of bad actors online, i am not asking these questions without reading and researching if i can figure out the answers. – nomalokumi Mar 31 '18 at 09:15
  • hi forest, please provide citations on that. I cannot find any paper with that name, nor any papers advocating that it's "safer" to be in an adversarial country. – Angelo Schilling Apr 11 '18 at 17:41
  • @AngeloSchilling See the [GitHub PoC](https://github.com/sbunrg/Astoria) and the [original paper](https://arxiv.org/abs/1505.05173). – forest May 20 '18 at 01:21