Hi, I’d like to set the sails due to being frustrated with streaming services, but I have some questions beforehand. I hope, you can help me with that, since lurking and reading the Megathread/Wiki didn’t really answer my questions. Thanks for your help.

  1. Is just using a fitting VPN (I’ve read about Mullvad and ProtonVPN in this community) safe enough to not get caught? I’m located in germany, so sharing even as much as a few kB of pirated content can cost me thousands of euros. I want to be really sure, that I won’t get letters from some lawyer soon. All, that I’ve read so far is basically: Setup VPN and your Torrent software, including kill switch and maybe get into private trackers. Thats it. Is this really enough? Can I do more to be safe? What exactly is the risk with public trackers (as they are often mentioned as the “low hanging fruit” for copyright lawyers)?

  2. I’ve read the post The complete guide to building your personal self hosted server for streaming and ad-blocking, which mentions many tools to setup. I’m sure these help me find and view content. But are there good resources explaining the functionalities of this software? I’m familiar with Docker and I know about Jellyfin, but it is really unclear to me, what exactly all the other tools do.

Big thanks from a long time lurker!

  • Painfinity@lemm.ee
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    1
    ·
    edit-2
    11 months ago

    I’ve not gotten into self-hosting yet, but as someone who has gotten a Filesharing-Abmahnung amounting to roughly 1700€ I can tell you what I would do. All of this is of course purely theoretical.

    Regarding torrenting and piracy, it is my understanding that German law (same with most other countries) has yet to find a decisive answer. But, to keep yourself safe, so far the consensus is as follows:

    1. Don’t use torrents.
    2. If you use torrents, never upload. ('Tis a trap, see below)
    3. If you use torrents, use a VPN.

    Now let’s put this into practice, with examples for each use case. Our goal here is to never break existing German law. The further you go away from option one, the higher the risk of breaking the law.

    1. Don’t use torrents. If you never interact with anything regarding torrents, you cannot be sued for torrenting, and that’s really the only issue in Germany. As far as I’m aware, you’re not liable if you simply download or stream something from a website freely accessible on the internet. Examples are streaming sites like Aniwave or download (DDL) sites like DDLbase.net. Hell, you could click on one of them and watch something right now. No one cares. To make this a bit more organized one could even use Cloudstream, which is an app that can aggregate “streaming websites” through external add-ons and it gives you a beautiful UI for it. Available for Linux, Windows and Android.

    2. “If you need or want to use torrents, never upload.” is what I thought, because it sounds reasonable, right? If you look around on the internet (and in my personal use case) the courts and attorneys that send out these Abmahnungen always seem to take issue with you sharing and uploading files. And mostly music, not movies or TV series. By uploading you’re sharing files that do not belong to you. So, if you deactivate uploads on your torrent client, you’re done, right? If you don’t share, you aren’t technically breaking the law, right? Wrong. And for two reasons: (1) The process of downloading something always includes uploading some information about the download. So while you might be able to stop uploading files, you can’t stop the upload of other information needed for the correct download of the files. Which leads us to the second reason: (2) These attorneys don’t care what information you’ve uploaded, how much you’ve uploaded, what parts you’ve uploaded or how long, they just care that they caught you participating - in any way, shape or form - to their tracked torrent. You participated, you necessarily both downloaded and uploaded something, you broke the law. If you want to make sure you don’t upload nor download anything, use a Debrid service like RealDebrid which downloads it for you. Of course you’re only using it to torrent Linux ISOs for you, so you’re not really breaking the law anyway.

    3. Now correctly: If you use torrents, use a VPN. You either relegate it to someone else (a Debrid service or a seedbox like Ultra.cc) or you do it yourself by using a VPN. You’re not breaking the law by connecting to a VPN or a seedbox.

    Now, to the point that you’re probably most concerned about. “What if one day sharing Linux ISOs becomes illegal, what if the program or kill-switch fails, what if the VPN actually does sell my data, what if the police use brute-force and physically take the datacenters, what if X or Y protection fails?” Enter layered protection. For example:

    • Use a VPN, but also never upload. This way, even if your program accidentally uploads a file, it doesn’t matter because your VPN is there. Use a VPN, but also use a Debrid service like RealDebrid that downloads the torrents on your behalf. This way, even if your Debrid service sells your IP, it doesn’t matter because your VPN masked it. It is highly unlikely that both fail, and even if there’s still a risk, you’re statistically in a much better situation than you were before. You’re basically doubling your chances of success.
    • Use streaming and DDL-websites, but use a VPN too. Let’s say your VPN does sell your data and everyone finds out that you, you, did a thing. It doesn’t matter, because you were just browsing streaming websites, and no one cares about those.

    P.s. This approach doesn’t replace using good tools to keep you safe. Similarly, it doesn’t matter if you have 5 locks on your front door if they’re all made out of chocolate. Use a good VPN, use a good torrent client, use good trackers, etc. And lastly:

    Don’t stress too much.

    A friend of mine uses NordVPN, has a kill-switch on the VPN and uses Stremio with a Debrid service to make sure he never uploads nor downloads any torrents on his server, and paid for it with a Paysafecard that isn’t digitally tied to him. Is this perfect? No. He is the farthest away from option number 1 and is exposing himself to risks. He can theoretically be identified if you look up the security footage of where he bought the Paysafecard. NordVPN has not been proven to be as secure as Mullvad, has no diskless servers and the clients aren’t open-source. He paid the VPN with his credit card. The single kill-switch can fail. He is still dabbling with torrents by using a Debrid service. He is using public trackers. But remember: The FBI or in your case the Bundesnachrichtendienst will not invade Panama to shut down your VPN, then threaten the developer of your favourite streaming client to install a backdoor to see that it’s really you that is pirating this show right now, and then come knocking on your door because you pirated KissXSis or the latest season of Game of Thrones. You’re simply dealing with copyright trolls and to quote someone else in this comment section: “Trolls will look for the best return on their trolling”. As long as you take just two good precautions, you will be safe from most adversaries. And that’s really all you can and want to achieve.

    Edit: corrected the “upload” parts. Thanks @[email protected]!

    • retro@infosec.pub
      link
      fedilink
      English
      arrow-up
      10
      ·
      11 months ago

      It’s not possible to ‘not upload’. While you are downloading, you are simultaneously uploading. If a rightsholder or copyright troll is monitoring a torrent, they don’t care home much you have downloaded or uploaded. If you’re in the swarm, that’s good enough.

      • TwoCubed@feddit.de
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        This. If it has to be torrents, then do it via a Debrid service such as Real Debrid. They do the torrenting, while the user only downloads the cached data. That’s how I understood it at least. Stremio + Torrentio via Real-debrid is what I’m using for streaming high quality shows and movies.

      • Painfinity@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        11 months ago

        That explains how I got caught🤣

        Jokes aside, being part of the seed is all they care about, even if you’re just leeching? The wording in those letters sounds like they take issue in you uploading and sharing that file back.

        But I’ve checked, you’re right. In their communication they don’t provide anything that proves that you uploaded a file or that you’ve done that for a set amount of time, they just use your IP address and time as proof.

        So, to check if I got it right: “Never upload” is simply not possible because (1) the process of downloading something always includes uploading some information about the download and (2) copyright trolls don’t care how much you upload, what parts you’ve uploaded, what information you’ve uploaded or how long, they just care that you’re participating in the process of downloading a file, and that always includes uploading some information. They simply persecute torrenters because unlike with streaming websites, with a torrent they can easily monitor in real-time which IP is connected.

        • retro@infosec.pub
          link
          fedilink
          English
          arrow-up
          4
          ·
          11 months ago

          Yeah, that basically it. If you download the torrent, your ip is visible, they don’t care if you upload or download. As far as they’re concerned, if your IP is there, they’ll snatch it and send you a letter.