drunkensailor

drunkensailor, 6 months ago (edited 6 months ago)

Now just watching uTorrent slowly download them all. Hopefully my VPN keeps the eyes off of me…

1. qbittorrent is better in many many ways compared to utorrent and hasa very similar interface. qbit is open-source, utorrent isn’t. qbit doesn’t have ads or malware, utorrent has or has had both many times. qbit allows you to bind to a specific network interface (e.g. you VPN connection instead of regular ethernet one) which offer better protection if your vpn drops. feel free to do your own research here or elsewhere on the web if you doubt any of my points.
2. if your VPN is a free one, that wont protect you at all. those guys will squeal and turn over server logs with ip address at the drop of a hat. Even a lot of paid-for VPNs are shitty lying bastards. So picking a good vpn can be challenging there are probably posts here covering recommendations but generally you want ones that have either been taken to court and were unable to provide logs OR ones that have been audited by a respected 3rd party firm that can confirm they are truly a “no log VPN”. I can recommend PIA, NordVPN, and Mullvad as some ones that are highly unlikely to turn over any logs (bc they don’t have them) but there are others and doing your own research isn’t a bad thing. The site torrentfreak.com does an article once a year or so that covers a few of the more popular VPNs and different aspects of thier privacy but they don’t declare a “best vpn”, just rate them on varius privacy and security aspects.
3. Even if you have a good VPN, check that you aren’t leaking your real IP via dns lookups: ipleak.net or dnsleaktest.com
4. Check that you torrent client set up not to leak: search for ‘torrent ip leak test’ and do one of the torrent ip leak tests. ipleak.net hasone of these if you scroll down on the page; look for “Torrent Address detection” and click “Activate” button and it will give a magnet link to start test with
5. additionally, you can set up a “vpn killswitch” to prevent traffic from going over regular internet if you vpn drops. If you using qbit, this probably isn’t strictly required but many people here like to have this as an additional safety. i can’t really provide details on this bc the process varies widely. A lot of VPN client apps have this feature built in. But even if they don’t, you can set something like this up in most firewalls but exact steps will vary depending on OS (Windows/Linux/Mac) and which firewall you are using (or I guess whether or not you even have one installed).

drunkensailor, 6 months ago (edited 6 months ago)

Maybe? Been awhile since I’ve messed with my setup and while I don’t like slow, I prioritize security over speed so my settings might not be what you want anyway. so I’d recommend just looking up a guide; it is an extremely popular torrent client and there should be tons of guides out there. Or if you not sure which guide to use, just create a new post here - lot of people use it and probably have set it up from scratch more recently than me. I know some people say to open ports on the router but i’ve never liked the idea (I view it as less secure) but some people swear by it.

I can recommend that you test the following:

• make sure you are using a VPN server that isn’t too far away. If you were in say San Franciso and selecting a VPN in New York or Europe, your speeds will be less than if you selected one in Seattle or Los Angeles
• do a speed test off your vpn vs on it (e.g. speedtest.net). ALL VPNs will be slower than regular non-VPN due to the encryption and having less hops. But you can see how much difference it makes when you switch servers and if you have more than one VPN service, then you can find servers in the same city for both and compare which service is faster.
• If your VPN has a modified WireGuard service (PIA and Nord both do IIRC), then that should be faster. I say modified bc the unaltered Wireguard spec has a privacy red flags so if you have a VPN service that offers it, make sure you read up or at least skim some reviews and whatnot to make sure they handled those issues that in a way that doesn’t leave your identity exposed. PIA and Nord both did that (I think Nord’s was called something else not actually WG but idr).
• make sure you do your testing on popular torrents - but if it is anything you could get in trouble for, then you should do all the leak tests I mentioned above FIRST. Only mentioning, bc I had a friend that was testing his shit on some obscure thing he was looking for and saying it was slow but when i helped him configure his settings, we tested with something popular (i think whatever the current hottest show was) and he was actually getting a lot better speeds than he thought.

---

edit: just searched on dbzer0 and wasn’t seeing much on this. I did find a reddit post and a makeuseof guide that both mention stuff about improving speed. For the reddit one, I think the patched exe they are talking about is likely a dev build and since that was from a few years ago, whatever fix is probably already merged in and no longer needed. will compare the other settings vs mine and post back

---

edit2: are are the differences i have from the guide:

• makeuseof has (Tools > Options > Speed) “Upload and download rate limits are set to infinity by default, and it’s recommended not to tinker with these limits. Most often, users limit the upload rate to save bandwidth and get faster download rates, but the torrent client’s choking mechanism compromises download rates when upload rates are limited, making the download process much slower.” - on mine, i had infinite down and was restricting upload. But I kind of think MUO’s advice is better and increased my upload amount. Mine was 100 KiB/s, now 1000 KiB/s. Only reason I don’t put it on infinite is I am on a capped internet and tend to leave my downloaded stuff around for sharing so I want to avoid uploads consuming too much of my monthly bandwidth and I don’t leave my client running 24/7 so not sure how reliable bandwidth settings are.
• makeuseof has (Tools > Options > BitTorrent) "In the dropdown menu next to Encryption mode, select Allow Encryption. " but on mine I have it as “required Encryption” - probably this would make mine slower than the suggestion tho
• Tools > Options > Connection settings I have “TCP and uTP” (same as MUO) but that old reddit thread was recommending only TCP.
• MUO has (Tools > Options > Connections) : "Ensure the box beside Use UPnP / NAT-PMP port forwarding from my router is checked. " - as I mentioned, I don’t do port forwarding so I leave mine unchecked but there is probably a speed hit for this.
• There was also something about "Don’t download multiple torrent files at the same time. This will then allocate all available bandwidth to downloading a single file, resulting in a faster download. " - I generally ignore this but there IS some truth to it. I have had hundreds of things queued before and gotten awful speeds. I recommend just not going overboard with how many you are running at once.
• Tools > Options > Advanced: Find the network interface and select the one that corresponds with your VPN. If you aren’t sure, for most Windows users you can connect to VPN then find from command line using ipconfig /all and look for something that is NOT disconnected and probably has TAP-Windows Adapter Vx if using OpenVPN-Protocol (most VPNs) but might be different for wireguard. For Linux users, to show network interfaces run ip -4 -o -br addr - usually in linux ethernet interfaces start with an E and wifi interfaces start with a W, lo is localhost, and 99% of the time the vpn interface will be named tun0 if you are using a VPN with OpenVPN-protocol (most of them) but might be something different for wireguard or if you have customized things.

drunkensailor, 6 months ago

Most quality VPNs will have a killswitch built in and enabled automatically, with nothing to setup, but they are notoriously unreliable and can fail.

Fair. I do all of my setup manually these days (networkmanager on linux, openvpn client app on the rare occasion i’m on windows, not a mac guy so no clue there). I implement one using a firewall but that is more complex than most people want. Still, as long as it is done in addition to the qbit network interface bind, then it’s not bad to also set a VPN killswitch.

The key term people want to search for is “bind.” You want to bind qBit to your VPN.

Agreed. This is what I was referencing in the first bullet about network interface

I’m not saying you shouldn’t recommend these, or that people shouldn’t use them, but IMO, people should at least be warned to search for the following, so they can make an informed decision:

1 - Fair points. TBH, I had my doubts about that initially but have been with them the whole time (before and after kape acquisition). FWIW, I have not seen any change in PIA service quality. In fact, I have seen them add Wireguard support and release all of the code as FOSS (see here). I agree that Kape did some sketchy shit in the past but from what I have seen over the last several years, they are not doing anything sketchy in the VPN/technology sector part of their business (aside from maybe advertising which I consider to be separate). I don’t even really think about Kape anymore tbh. If they were ratting me out, I would have had enough dcma notices to start a bonfire with by now.

2 - I had not been aware of that. I haven’t used them in a few years. Any sort of data breach definitely sounds bad but since I haven’t reviewed the details, I don’t want to jump to any conclusions either.

I like Mullvad from a tech and privacy standpoint but IMO they are a bit on the expensive side compared to some of the other options. Nord and PIA you can usually get multiyear deals on periodically and that can drastically lower the overall cost ($80 for a 3yr VPN plan = monthly about 2.22 USD/2.04 euro vs 5 euro/month for mullvad). Not saying price is the be-all-end-all or that Mullvad is unaffordable but it is going to be a consideration for many, especially people that already don’t want to shell out for a paid VPN over the free ones. With that in mind, I think there is still value in PIA (and possibly Nord - I haven’t reviewed the details of what exactly was breached - e.g. vpn service vs blog server vs etc, what data was exposed, what steps they took to address, etc). There are many other no-logs vpn options besides Nord, PIA, and Mullvad out there, I just don’t have any personal experience with them.

drunkensailor, 6 months ago

since you seem familiar with those clients, do you know if either or both of those have a network interface bind feature like qbittorrent? (if not familar, qbit lets you pick which interface your vpn uses and only torrent on that one - which is damn handy if your vpn drops)

i used to use deluge back in the day (years ago) but ended up switching to qbit after i got a dcma when my vpn dropped. i’ve since improved my setup and safeguards a lot but was wondering if it ever got a similar feature.

drunkensailor, 6 months ago

did they censor new versions of the show or something?

drunkensailor, 6 months ago

I agree that that is a very nice feature. So are the rss feeds.

But to me “best” is anything that makes it easier to avoid getting caught so the network interface binding is still my favorite 😉

drunkensailor, 6 months ago

Interesting. I’m still on a VM setup and still need to migrate everything over to using docker (or podman). I had made an attempt a year or so back but wanted to run all my containers without root and whatever one I was using as a template at the time had been expecting the opposite. Then life caught up with me and I ran out of time on that project

But good to know about Gluetun. Maybe I’ll revisit the migration to containers at some point if I get the free time.

drunkensailor, 6 months ago

It’s actually an old windows VM and definitely not convenient, more it’s just that I know I’ve tested the fuck out of it and it’s rock-solid in terms of not leaking ips or whatnot. I’ve been wanting to migrate it to be pure linux for some time but part of the complexity is porting my old firewall rules… linux firewalls don’t see process paths for the most part so I pretty much need to handle things in a much different way. I could probably throw together a Linux VM with iptables-based rules without too much trouble but I guess I just figured skipping past VMs entirely and going directly to containers was better but that ended up being more time- and research-intensive than I had originally expected (apparently i suck at containers lol)

drunkensailor, 6 months ago

not really sure what you mean (maybe i didnt notice or it was before i started using it?) but to each their own I guess?

drunkensailor, 6 months ago (edited 6 months ago)

every few minutes is a lot. havent been on nord for a few years but even when i was on them i dont remember getting drops that frequently. i suspect it is likely not an issue with qbit as many others use it without running into drops like that - including myself.

probably an issue with either nord or your isp. if you are on wifi, there are also some routeres with known issues when it comes to dropping wifi signal - but there’s too many different models and firmware versions to really guess this accurately without detailed info (and sometimes it only happens in specific versions of firmware on specific routers).

i get occasional drops on PIA but its usually after running for something like 3-7 days straight. i’m not using the official pia client app but instead download manual ovpn file configurations from pia and import them into generic client. under windows, you need the openvpn free community client for this. under linux, you can import them into networkmanager. iirc, nord has manual ovpn files too but they make you select a specific server and download 1 config file at a time.

alternately, if you setup wireguard that might also work better but haven’t tested myself

drunkensailor, 6 months ago

Raubmordkopie

Robbery murder copy? (at least thats’ what google is telling me ‘mord’ means?)

drunkensailor, 6 months ago

If you only make a copy, then you’re good 😜

drunkensailor, 6 months ago (edited 6 months ago)

I think legally, rights holders have always been asshats. I remember something called a V-C-R and when media was on magnetic tapes… even back then, there were warnings at the beginning of films. That was back before there were stream content and you had to physical drive or walk to buildings that contained the videos and pay for a rental… and a lot of poeple would make their own copies.

I think the big things that have changed is:

• The DMCA (and I mean the bill, not the notices people get bc of the bill) made “fair use” - like recording a personal copy of a rented or broadcasted film/music/etc - a lot tricker, legally speaking
• People moving to consume most of their “standard” tv content from “no”-cost (technically paid for by non-skippable non-targeted ads) public broadcast over radio waves and picked up via tv antenae just like radio stations but with video to cable-tv networks that were tightly controlled by greedy bastards. (hint: all of those greedy cable-tv bastards are mostly all the same guys trying to control streaming services today, they just moved from cable to internet).
• The expanse of the itnernet + increase of world population / percent of the world thats connected means that one copy is spread a LOT more than when a guy made a copy from a video rental store
• Most companies have gotten more aggressive about marking their territory and pissing legal warnings all over there content than in the old days

That said, I hate big companies and even if it is morally untenable, I will still continue to pirate, bc fuck em. If I could download a car or a barrel of whiskey, I’d pirate those too. maybe someday we’ll get star trek-style replicators and i can finally download a car.

drunkensailor, 6 months ago

There was no licensing, just files to download.

I think some kind of licensing was tehcnicall there, it was just easy to ignore back then bc they weren’t pushing it in our faces every second (like i remember warnings on beginning of movies even before 2000s). I kinda remember one of my friends getting music off amzaon a long time ago but for stuff like that i assume it was just a EULA that they could click once and be done with (no clue how it works present day). Maybe it depends on exactly what we’re talking about, but just saying I’m confident that greedy bastards would have some kind of legal something tied to it, even in 2000s before you could download. I just don’t care - don’t let em know you real info and fuck em 😀

drunkensailor, 6 months ago

The reason? The new deadpool IP shredded the contracts with the original game developers primarily because the voice actors weren’t the ones everyone is now accustomed to (mostly ryan reynolds).

Makes me wonder how out of touch those guys are that they see the only solution is the nuclear route. Even if there were more issues than just this, it seems like better options could be found.

Steam managed to allow the content owners to be able to download and install the game without any problems while also complying with the new terms surrounding the deadpool ip.

That’s a very good example and I agree that’s a much better way to do it.

I would think tho that this was more of a difference in how the original contracts were designed (e.g. Steam probably planned for this from day 1) but it’s clear that wherever along the timeline the decision was made that Steam handled it way better than Sony.

I think one other angle we’re probably missing is that Sony is in the movie industry in a big way, where Steam is not. From everything I’ve seen, film/movie/tv/music bigwigs are some of the greediest and most childish asshats in existence. Just look at the pettiness of their lawsuits.

drunkensailor, 6 months ago

Funny thing is… you can still find it with duckduckgo, search.brave.com, qwant, searx…

plus even on google, you can click any of the first several links - including wikipedia - and the link is easy to find. sadly ‘reddit pirate bay’ is easy to find TPB link from but ‘lemmy pirate bay’ doesn’t have TPB link without more searching (and even more sad, the first result isn’t dbzer0 but a community on the ml instance)

drunkensailor, 6 months ago

want to also add that people using ublock origin would probably benefit from enabling more than just the default filters.

if you go into your extension prefs for UB, there’s a lot of other stuff in there. I usually select everything except the other languages. I occasionally come across a site that has a ‘we see youre using an adblocker’ type message but its not very often. and even then, most of the ones that I have seen let me dismiss the message and still view the content.

i don’t use any social media except lemmy/reddit and the like tho, so no clue how it works on facebook and other trash like that.

drunkensailor, 6 months ago

As I was reading the OP, I was wondering if there would be other comments along the lines of this. I love all the work Valve has done getting stuff to work on Linux and pretty much don’t pirate games bc I want to support them with my wallet whenever I can afford to.

Partly, this is me not wanting to deal with malware. But honestly, I’m well versed enough with security containers and virtual machinesthat I feel like if I put in a little effort, I could probably even run a game that I know has malware in a sandbox without much risk. So I think the fact that they put in an effort to support my platform is the much bigger factor. That said, I also really love GOG’s lack of DRM and downloadable offline installers. So if it’s something I’m confident will work outside of steam, I will buy there instead. But everything else, I get on steam.

drunkensailor, 6 months ago

tbh, i never really used galaxy so i guess i have no idea what i’m missing. if it’s just an online install client kinda like steam but for gog content, that wouldn’t really interest me too much but if it lets me download offline installers as a batch job, that alone would be totally worth it (i have no idea if it does that already or not)

drunkensailor, 6 months ago (edited 6 months ago)

Thanks, I hate goodreads and hadn’t known about BookWyrm … which is ironic since I am currently reading a series that has a dragon-creature that is literally called a book wyrm (Divine Apostasy)

Most of the alternates that I looked at, tend not to have basic info (obv it should have author/title but also i like it to have series info like book # in a series, when it was released, and category/theme tags) or else the sites would have a lot less book coverage (especially in niche genres) so I always seem to end up back on GR which I hate. Will see if some of the bigger BW instances do a better job

drunkensailor, 6 months ago

some games won’t run this way for one reason or another even though they’ll run if you own them (usually, I assume, because of Steam Deck specific tweaks or install stuff that are only used when you’re running them on the Deck via the normal method.)

A lot of this is just easier to do from legit steam setup, not impossible. I don’t usually pirate games (I want to support devs making things playable on Linux when I buy from Steam or making DRM-free stuff when I buy from Gog). But I do have a lot of stuff that I run outside of steam in plain old wine without proton or wine-wrapper tools like lutris. I haven’t come across many games that I have on Gog that you can’t run in wine itself but I will agree that it is sometimes a lot more work. I’m also on a desktop PC using Linux, so not completely the same as a steam deck but runtime-wise it should be pretty darn close.

drunkensailor, 6 months ago

yea, never understood this.

i use a very thoroughly tested no-logs vpn for everyday casual stuff but this isn’t the first time i’ve seen people doing encodes get caught. i’m not a genius but i know how to read shit online, ask questions, and test my setup… you’d think people doing sketchier stuff would lean into the same a bit harder than I have.

drunkensailor, 6 months ago

was surprised to see they are still around. have heard snahp was pretty alright but never used it myself (freinds who mentioned it were talking about tv shows mostly tho, didn’t realize they did LNs too). is there any way to get an invite these days?

drunkensailor, 6 months ago

Possibly stupid question, but how does one manually tag things on lemmy when using desktop web ui from browser (as opposed to mobile apps that specifically have a tagging feature). Is it as simple as add some #SomeWord thing? Asking bc I thought that when using markdown for comments (which I do), the # at the beginning indicates a heading level, not a tag. So… guess I’m just saying I have no idea how tags work in lemmy (don’t know how to add them, don’t know how to search by them, etc).

It might be worth mentioning - or at least linking to - how one can do so manually on lemmy in the readme.md file for dummies like myself.

drunkensailor, 6 months ago (edited 6 months ago)

I understand the chances are low and my media player needs to be exploited but is there a way to be certain?

Personally, even if I was on a highly targeted OS like Windows, I wouldn’t really worry too much about video files being infected - with the obvious exceptions of making sure they are actually video files not something like .mkv.exe and that your system isn’t compromised some other way (e.g. installing / running random apps or scripts off the web / email / etc).

But if you want a little extra peace of mind, you could run an antivirus file scan on it or take steps to sandbox it in a VM or security container.

If you are on Linux, you can run the media player apps like vlc / mpv / smplayer / etc in security containers which would limit their capabilities if there ever was a successful exploit on the player software via something embedded in a video or music file. There are several different apps you can use to make use of such security containers. The easiest is probably to just use flatpak versions of applications (flatpak is a “universal” linux build format - most of these are available on flathub.org - and have a built-in security container called bubblewrap which you can control with a tool called flatseal). There are also other options besides flatpaks such as firejail (which I use myself), which has pre-made profiles for a lot of the more popular linux apps so like for vlc I could simply launch firejail vlc in shortcuts or I think there is a graphical app for it too. edit: jsut checked and yup, there is a gui called firetools: github | their blog which has screenshots and a 2min video demo.

Linux security containers rely on features built into the Linux kernel so I’m not sure if there are comparable alternatives for Windows or Mac. But I suppose if you were on one of those, you could always just run things in a virtual machine.

A post on reddit said to use mkvtoolnix to check all the elements but I honestly don’t know what to look for. Any help?

Without an actual link to see what they said, I’m going to go out on a limb and guess their assumption was that you would either have some kind of corrupted exe that is NOT a valid video OR a valid video. I mostly agree with that assumption - there are things like steganography that can hide data in some other data files like pictures or videos but that is more just extra crap than exploit.

IF you accept this assumption, then what they probably meant was that you could use mkvtoolnix to confirm that the mkv file loaded successfully and had audio + video streams (e.g. a really really basic test for it being a valid mkv file). You could do the same thing with the mediainfo tool (I believe this is also crossplatform since that’s what RARBG used to use on their media detail pages… and God do I miss that, wish other public trackers all did the same thing).