DHT enabled or not

[zardave]

from a security stand point does it make any difference if dht is enabled or not. im using a proxy vpn at the moment.

whats the recomendations. thanks.

[The UnUsual Suspect]

DHT is not a security risk. There are some rumors that it's a risk on private trackers and can allow leeching, but this is completely false. Any properly made private torrent will now allow use of dht, and even if someone was using a hacked torrent client that forced dht to enable, they could only connect to another user that also use a hacked torrent client.

Also, using dht can help your download performance on public torrents, and if you use torrents from thepiratebay, they won't work at all without enabling dht.

[kluelos]

There's a lot of complaining about DHT from private trackers.

Any programmer willing to invest a little time can easily detect whether a torrent has its "private" flag set, or not. Trackers that are serious about this issue could very easily detect that the torrent you're uploading doesn't have the private flag set, and reject the upload for that reason ---

BUT THEY DON'T.

They could, but they don't. So let's let them sit in their own cynicism here. Rather than actually enforce their rules on themselves, they'd prefer to b**** at their users, but not reject the uploaded torrents.

[zardave]

below is the quote from a web page from checkmytorrentip. com im not using the socks settings. is there information on setting up proxy in comet available ? thank you.

How can I secure my proxy?

There are various types of proxies and the discussion here is limited to the socks proxy. Follow these 3 steps:

1. Never ever leave DHT, uTP, UDP peers, and UPnP/NAT-PMP turned on unless you know what you are doing. DHT in some clients like uTorrent bypasses your proxy settings and will advertise your local IP address. Clients based on libtorrent from Rasterbar such as Deluge are safe since they will proxy your DHT. UPnP/NAT-PMP will open the ports on your router/firewall automatically and allow peers to connect to you directly. It is suggested to disable UPnP/NAT-PMP in your torrent client and also on your router.

[The UnUsual Suspect]

Bittorrent protocol itself was never designed to be secure in this sense. When referring to being secure, we are referring to being relatively certain your not connecting to peers outside the swarm in relations to private vs public trackers.

If your trying to turn bittorrent into an anonymous file sharing protocol, then the closest your going to come to that is to operate a server (seedbox) in a country that isn't easily intimidated by threats from anti p2p groups. Even then, I'm sure when served the proper legal papers, any legitimate company will surrender records of it's users.

So basically, if you want to be 100% sure your anonymous, then don't use bittorrent.

ps. One thing that quote you posted is unclear about is when it mentions disclosing your "Local IP", is that referring to your Local (LAN) IP address (which is no threat), or your actual WAN IP address? If the latter, then it is strange to refer to it as "Local" IP, since that term is widely used for LAN.

[zardave]

yes im sure i would never be completely anonymous. im just doing what i can to be more secure than not taking any steps at all.

im wondering about the proxy server settings, didnt see any mention in the settings guide.

[kluelos]

Bittorrent is peer-to-peer.

That means, your computer contacts mine in order to swap pieces.

That means you have to know my IP address in order to contact me.

Let's say that I'm behind a proxy. You don't know my IP address, all you know is the proxy's.

You contact the proxy and say, "wanna trade pieces?" The proxy responds, "nope, I'm a proxy server and don't bittorrent". The proxy server doesn't know, can't know, that it was supposed to forward that question to me. How could it? You'd have to have told it, "oh, forward this to (my IP address) but you don't KNOW my IP address, so you can't.

So generally, the typical proxy is used only for communicating with the tracker, and you give the tracker your actual IP address so that other peers can contact you. (If you don't, then this is the same as operating in No-Listen-Port mode. You can do that, but your download will probably be much slower.)

Pause a minute to appreciate the statement from checkmytorrentip. Can you say "disinformation"?

P2P generally, and bittorrent specifically, is all about advertising your actual IP address to others. THe tracker not only does this, but that's its purpose, its reason for existing. It's there to tell all the other members of the swarm what your IP address and listen port number are, so that they can contact you directly, and you them. But oh, don't use DHT because it might tell others what your IP address is. No kidding?

Now private VPN services like iPredator are there to get around this very issue, but you have to pay for them. If a free service existed, it would (did) quickly get buried and overloaded with traffic. (This is also why TOR forbids P2P over their network.)

VPN security generally is very good, but Microsoft's early implementation of Point-to-Point-Tunneling-Protocol was notoriously not. (So don't use it.)

[The UnUsual Suspect]

I can tell you that BitComet has had plans to introduce an anonymous version of our VIP service, where your only connections would be to our server, and once download is complete, all data regarding the transfer would be deleted. Introduction of this service into the community has been delayed due to some "growing pains" we've been having getting VIP service to function completely stable, but when implemented, it will probably be about as close to being as anonymous as you can get using bittorrent.

Regarding your specific questions, I think our staff hesitates to make any absolute statements about how BitComet functions in a VPN without testing it first. I believe all dht connections would go through the vpn, but since you report that uTorrent has a bug in this area, then perhaps your better to not use it until you've done testing of your own.

I don't believe the development team does testing this specific, simply because it was never meant to be anonymous.

If your really concerned, try using "wireshark" and look at whats being sent/received. It may take some study in regards to the protocols used to be able to tell, but if your actual WAN IP is being spread by dht, then it won't be hard to detect.

[zardave]

i could be wrong but my understanding was that my proxy server is using a different address than my regular ip address. it is using this new proxy address (or fake address)to

send and receive p2p and participate in the swarm and only using my true ip address between the proxy server and myself . is this correct ?

my download speed has been cut in half but everything seems to be working ok otherwise. thank you for your response.

[kluelos]

Not to receive, Zardave, for the reasons I explained above. You are limited to those peers that you initiate contact with, if you're behind a proxy. None of the swarm can initiate contact with you.

You can call out, but nobody can call you. Anybody tries to call you, they get the proxy, and the proxy doesn't know which of those 52 other people also using that proxy for bittorrent, to send the request to. The proxy doesn't even know that it should send it on to anybody -- this is just some random unsolicited connection, and odds are strong that it would be blocked by the proxy's firewall anyway. A proxy server doesn't need open ports to do its job, and wouldn't have any in a properly secured network.

[greywizard]

***Thread moved from CometPlayer section***

So, in the end are you using a proxy or a VPN connection?

You didn't explain very clearly what type of service you're using.

VPN connections will create a new virtual network adapter on your PC, give it by DHCP a new public IP (from the DHCP pool of the VPN server) and usually create an encrypted connection between your PC and the VPN server.

All communications leaving your PC while the VPN tunnel is active will use the new public IP, therefore you'll be as secure as the company hosting the VPN server is (read, whether they keep server logs or not).

OTOH when using a plain proxy the communications between you and the proxy will be done using your public IP and it is only from there on that the communications are proxied (i.e. using a different IP) but only for the applications for which the proxy is set (i.e. it could be set for the whole system or only for a single application).

As far as BitComet is concerned it can use a proxy server and by default, when set, it proxies both peer-to-peer connections and client-tracker connections.

As stated previously, whether the proxy "knows" how to forward incoming connections towards your IP or not, that's a whole different story and most of them don't know how to do that.

Anyway, the question whether DHT bypasses proxy settings is interesting and worth looking into.

I'll start a thread on the staff section where we'll probably get an answer from the team on that. Then we'll update the guides with more details.

[zardave]

sorry if i wasnt clear, it is a vpn network it claims to tunnel all of your traffic through encrypted connection through VPN servers, then out to the internet.

when i connect it creates a temporary ip address for me each time.

[greywizard]

In that case, all the connections made by BitComet irrespective of the protocol used (HTTP, FTP, BitTorrent, DHT, LT-Seeding, eMule, etc.) will be using the VPN tunnel and are therefore secured.

The main weak chain in the link lies with the VPN provider. Are they keeping any logs or not?

Because if anybody REALLY wants to know WHO is hiding behind a certain VPN IP they will go to the VPN provider. Provided they can be persuasive enough (read provide a warrant or the likes of it) the provider will have to hand them what info they have.

But if they don't keep logs, then there won't be much info to hand.