[tor-talk] Question regarding Bittorrent [was: regarding relay abuse reports]

Thu Sep 29 15:17:19 UTC 2016

On Thu, Sep 29, 2016 at 10:30 AM, Tristan <supersluether at gmail.com> wrote:
> I've tested many torrent clients with Tor's proxy.
> Vuze is the only one that strictly follows the settings

No it doesn't. Last I checked, Vuze leaked all sorts of
junk around the configured proxy. From phoning home
on startup, to whatever else I forgot. When you set a
socks5 proxy in a client, it should send *ALL* traffic through
the proxy, including UDP / IPv6 and everything else, and not fall
back to clearnet for anything ever. It doesn't meet that safe spec.

Since you're currently testing clients (which is very cool and should
be published somewhere), try opening a ticket with vuze and
others on that once you have the proof in packet dumps.

> every other client ignores the proxy if it fails.

That may be usable but it's certainly not safe.

> In Vuze, most trackers failed to connect, but with DHT
> (not sure if DHT goes through the proxy)

Then you have more testing to do with tcpdump / wireshark whatever.

> the actual torrent still goes through Tor.

This may be true, but if any metadata leaks around socks5,
including DHT, song lookups, covers, advertising, etc... that's bad.
Leaks of any kind that do not have an explicit documented config
option to permit such leaks... are bad.

Yes, DHT, PEX, and tracker should all have separate options.

Because how it works is you're scraping them for client ip's to
connect to, since they are usually udp protocols (except http), and
tor doesn't do udp via socks5, then no ip's and no connecting out
for torrent data for you.
Then there's the issue with ports you're still listening on, etc.

Regardless, if someone configures a global socks5, clients should
honor that. Let them choose more options if they want other
subparts to "work".

> Honestly I'm not sure how torrent clients would grab Tor IPs since Wireshark
> shows it bypassing the proxy, but the check my torrent IP website will show
> your proxy IP.

Tor doesn't accept inbound connections via exits.
If user's client is listening to clearnet or doing whatsmyip / phonehome
IP discovery on itself, and embedding that in outgoing metadata or
packet addressing, that's a problem too.

You can test and publish a report on it all :)

People can also use onioncat and share completely internal to tor
or use i2p, no exit to clearnet is ever needed eith either of those setups.

Or send it all over some vpn somewhere.