Making BitTorrent Safe to Use Over Tor

Published @Tue, 18th May 2010
There has been a lot of discussion recently about how it is unsafe to use BitTorrent over Tor. A recent paper described a number of attacks which could be used to expose a users real IP address.

It's not that BitTorrent can't be used safely over Tor, it's just that various popular BitTorrent clients do things in such a way as to lead to IP address leaks.

I use Vuze on an Ubuntu system, and I think I've managed to lock it down to make it safe to use over Tor.

Before I go any further, I am not interested in discussing the moral implications of using BitTorrent over Tor. This has been discussed many times before, and the fact remains that there are legitimate use case scenarios.

There is no point in only sending your tracker communications over Tor. You will connect to others peers directly and thus they will know your IP address. You need to send peer communications over Tor as well. If you configure it to use the SOCKS proxy provided by Tor, for tracker and peer communications, you'd expect that to be enough. Well... it's not. If Vuze fails to connect to the tracker over a SOCKS proxy, it falls back to making a direct connection. Other popular BitTorrent clients also do this apparently. I tried wrapping Vuze in tsocks to prevent this problem, but it continued anyway for reasons I haven't figured out. So I edited the system wide Java configuration to force connections to go through the proxy. The file to edit is called "net.properties". On my system this can be found inside /etc/java-6-openjdk/. Once I made this change, Vuze stopped making direct TCP connections outside of Tor. Luckily for me, the only Java app on this system is Vuze so I can make that change without affecting other apps.

Vuze also uses UDP for some traffic though, which bypasses the proxy. You need to turn off DHT to prevent this traffic. I'm not sure if anything else causes UDP traffic though so I added a couple of firewall rules to prevent all external UDP traffic just to be safe. I still allow UDP packets to/from my DNS resolver though of course. Turn off UPnP as well; this stops Vuze from opening up ports on your router.

The paper also described a problem where the BitTorrent client sends its own IP address to the tracker. I don't know if this is something which Vuze does, but I don't think it is. I spent some time looking at the contents of HTTP communications between Vuze and different trackers and didn't see my IP in there. But even if Vuze does do that, I believe I am safe anyway... I use NAT so the machine Vuze is running on doesn't even know my external IP address, and the fact that all Vuze traffic is going out through Tor means that Vuze shouldn't be able to figure out my real IP address, only the one belonging to the exit node.

You can actually run any BitTorrent client safely within Tor if you know how. Set up a Linux virtual machine on your box which uses NAT, and follow these instructions. Now any network traffic that occurs on that box is either relayed through Tor, or blocked. No apps running on that virtual machine know your real IP address so they couldn't leak it even if they wanted to.


If you want to read more stuff like this, follow my blog rss twitter or check out the rest of my articles: All, Linux related, Privacy related, Security related. If you found this article helpful, interesting or entertaining, and wish to donate:If you need a freelancer or some consulting, you'll find me at Cardwell IT Ltd.

CommentsAdding comments disabled for this post