3

So my setup is essentially 

MyPC -> VPN Server -> Remote SOCKS Server in Utorrent -> Destination torrent swarm

The VPN server is a well known "no-logs" provider, the country is the Netherlands and i have a different gateway/entry and exit ip when i connect.

I use the "elite" Socks5 proxy (which supposedly omits the header) ONLY for Utorrent, nothing else.

And it works perfectly with good speeds, its a simple IP:Port addition in Utorrent, and i do all hostname lookups and p2p everything only through the proxy server in Utorrent. (I know and have ticked all the right tabs in bittorrent and connection tabs, and i use forced encryption thats in Utorrent, which i know, means very little but nevertheless i select it.)

I have verified that during torrents download, the IP that appears in the peer swarm, is this Socks5 server in another EU country, like Czech Republic.

So, my Utorrent traffic is a tunnel nested in an encrypted VPn tunnel, and at no point is the VPN ip exposed in Utorrent swarm. Although i understand that the proxy server knows and can see my VPN IP in the Netherlands. That doesnt bother me, because its not my home IP.

Is there any security risk in this nesting of socks5 Utorrent proxy in the VPN tunnel that makes me MORE vulnerable, instead of using simply the OpenVPN tunnel for torrents?

nomalokumi
  • 41
  • 1
  • 5
  • I would say this is difficult to answer without actually looking at your network traffic. Assuming you have complete trust in your VPN provider, make sure your SOCKS proxy correctly handles UDP traffic, since not all SOCKS5 proxies implement all of the SOCKS5 protocol correctly. – Steve Oct 31 '18 at 15:58
  • I have seen the presentations on youtube where people who use web/http proxies have malicious javascript exploits running in outdated browser instances. Like i said, i dont use proxy in the browser. And my utorrent is updated, and i suppose the socks proxy handles udp traffic correctly, because the torrent linux distro that i download checks out, and its the complete file, no issues. Its not like something has injected malicious packets and corrupted the actual downloaded file. Its the original file as it was uploaded, and this socks proxy in CZ simply facilitated the seamless download for me. – nomalokumi Oct 31 '18 at 16:59

1 Answers1

1

Running a SOCKS5 proxy inside of a VPN is a pretty common setup, and can provide pretty good security since in theory you wouldn't be relying on a single entity for your anonymity.

If you pay for the SOCKS5 proxy, and some authentication is used, then that may be a week spot if that could be connected to an identity.

DNS leaks are one thing to be careful of, since they aren't always tunneled correctly. WebRTC is usually another thing to look for, but as long as you're only using BitTorrent traffic on the VPN it's not an issue.

One last thing to note is that this VPN should only be used for BitTorrebt traffic. If you have any unencrypted HTTP traffic you increase your risk from an attacker who is monitoring the VPN output (before it hits the SOCKS5). An attacker could use WebRTC or a browser fingerprinting technique to at least track and coorolate your traffic. Then if you ever connect without the VPN, and the attacker compare the fingerprints your IP may be exposed.

Overall VPN+SOCKS5 is going to be good enough protection for the vast majority of people seeking for privacy in their BitTorrebt traffic.

Daisetsu
  • 5,110
  • 1
  • 14
  • 24
  • I appreciate your helpful inputs. My VPN does provide me with a free proxy but here's the thing. The login-name is my actual account login with an X added. Which means, since its a socks5 proxy its unencrypted, and so DMCA or some other agency can see the login, know how it signals the PIA account holders actual loginID (which they never would have had if only OpenVPn is used) and then can ask PIA to give the specific id info. I'm not sure of users are aware of this. The socks proxy i use is an "elite/anonymous" proxy which is free, ie no signup or login. – nomalokumi Nov 01 '18 at 03:49
  • I have also hardened ff and chrome where webrtc, system time zone spoof is enabled, flash etc disabled. Its locked down, but i will take your suggestion about being careful of fingerprinting. Im glad you confirm that this setup is pretty decent for some normal torrenting, as long as basic precautions are taken. – nomalokumi Nov 01 '18 at 03:53