this post was submitted on 02 Sep 2023
51 points (98.1% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54500 readers
385 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

Just making sure I'm not missing something obvious:

Self-hosted Linux VM with protonVPN and QBitorrent installed on it.

QBittorrent networking bound only to ProtonVPN's virtual interface with killswitch and secure core enabled.

Auto updates enabled and a scripted alert system if ProtonVPN dies. Obviously everything with very secure unique passwords.

Is this a safe setup to run 24/7 to torrent and seed with?

Are there any significant risks I'm missing? Thanks, fellow sea salts!

top 19 comments
sorted by: hot top controversial new old
[–] [email protected] 13 points 1 year ago (1 children)

That's more secure than most setups, the VPN with killswitch will defeat any and all attacks you're likely to encounter if you don't open files on that same VM.

[–] [email protected] 3 points 1 year ago

Awesome, ty!

[–] [email protected] 5 points 1 year ago

What kind of firewall do you have? (Not on the VM, though something similar might work there also)

I use OPNSense and have an allow rule for the specific IP and port my VPN uses from that VM's IP. Then a block everything from the VM IP after the allow.

I can connect to the VPN no problem, updates and everything work through the VPN. When it goes down it trys to connect normally and fails.

DNS can be a problem when trying to connect to the VPN so make sure to use the IP

[–] [email protected] 3 points 1 year ago (2 children)

I can't speak to the paid ProtonVPN service, but their free tier doesn't allow torrenting. They'll disconnect you with a slap on the wrist error about it.

[–] [email protected] 2 points 1 year ago

Seems fair TBH, you're easily sending TBs of data through it, that's not the intention of the free tier.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

Yeah I found that out the hard way lol. Was just a soft warning. Premium tier allows P2P traffic and actually provides torrent-optimized servers too.

[–] [email protected] 2 points 1 year ago

I'm trying to recreate this setup in my system. I'm running Ubuntu and I have everything in Docker. I have PIA running outside of Docker. I was also able to get Gluetun working in its own container, too. Does anyone have advice?

[–] [email protected] 2 points 1 year ago (1 children)

That's very similar to what I run and I've never had any problems.

[–] [email protected] 1 points 1 year ago

Awesome, ty!

[–] [email protected] 1 points 1 year ago (3 children)

What about file encryption? How do you store your new files?

[–] [email protected] 4 points 1 year ago (1 children)

FDE is for physical attackers, it would have nothing to do with torrenting unless you're really intending on pissing off every single criminal legal authority and not just worried about civil suits from copyright holders.

[–] [email protected] 1 points 1 year ago

Nah. If you piss off the executive branch in your country, then they can more likely than not force you to hand over the decryption key. Plausible deniability doesn't exist when an encrypted drive of likely illegal content chills there in your room.

[–] [email protected] 2 points 1 year ago (1 children)

Full disk encryption? Or should I do something additional?

[–] [email protected] 1 points 1 year ago

file or disk encryption is only for protecting against attackers with physical access to the machine your VM is running on. Getting files from your server to local storage you should still use a secure connection and encrypted traffic to prevent ISP snooping, but going extreme on file encryption isn't necessary unless you're downloading actual heinous shit (CSAM) in which case you should go to jail.

[–] [email protected] 2 points 1 year ago (1 children)

Why would you need file encryption?
Not like having a drive full of movies is illegal...Except if OP has CSAM stuff inside. Than it should be very encrypted in case of loosing (or not depending if OP wants jail time).

[–] [email protected] 21 points 1 year ago* (last edited 1 year ago) (2 children)

Except if OP has CSAM stuff inside. Than it should be very encrypted

then OP SHOULD go to jail.

[–] [email protected] 4 points 1 year ago

Not like I don't agree. Those vile people should.
But something like that or actually confidential stuff you don't want others to see is a valid reason to encrypt it.

[–] [email protected] 2 points 1 year ago (1 children)
[–] [email protected] 2 points 1 year ago

Holy shit yeah lol. Obviously nothing like that! I was confused as well why anything other than the generic Linux full disk encryption would be needed.

This would be in a server closet, so not on drives that I would be transporting copyrighted media into other countries anyways.