On the proton vpn free tier, they say torrenting is not allowed. And, in fact, if you try to torrent some free libre software, you will be blocked because it goes against their policy.
So protonVPN is supposed to be no logs, they don’t monitor what a person is doing. So how is this possible, but they can monitor that a user is torrenting on the free tier and block the connection?
This means they have to be doing some sort of packet inspecting, which seems counter to what a VPN is supposed to be about.
I am mentioning my confusion on this because Proton is well regarded among the privacy community, but I have doubts and concerns about this.
I know it’s a free tier and I’m not saying that they should allow torrenting, but this indicates that there are at least some servers that are inspecting and filtering packets.
This packet inspecting is done at a very intense level. If I have multiple streams of data open, they know if I torrent. If I connect to whonix and then connect to a non-proton server, I am pretty sure they know. I don’t want to call it deep packet inspection, but I just don’t get why no one else thinks this is strange and sus.
1 Like
no logs doesn’t mean they can’t enforce their terms of use, and further to this, it’s very easy to detect torrent traffic if you’re the one controlling the pipes (i.e., you’re carrying that traffic like say, via a VPN service)
and yes
this is by design from them, yknow, carrying your traffic to the broader internet. ANY provider of a VPN service “knows” broadly what you’re doing, be it IVPN or Mullvad or PissfartsPrivacySexyVPN. And this isn’t some secret, this is known – you’re shifting trust of having that knowledge from your ISP to your VPN provider (as it literally noted on the VPN service recommendations page on this very site…)
If you want privacy from your ISP then Proton will provide this. If you want to do l33t hax0r stuff, you probably should use Tor and have good opsec
9 Likes
I am not sure that IVPN does know if someone is torrenting or not. I am not sure that Mullvad knows. I doubt that either have server code designed to analyze the packets after they are directed according to minimal code.
It’s sus. They of course can enforce their terms but I am saying something feels off about it. That’s a lot of code to analyze packets.
1 Like
they do, it’s called “they carry your traffic to the broader internet”
again, it’s just the basics of how networking works, and calling proton sus while not calling the others equally sus is silly
4 Likes
Why?
If IVPN or Mullvad is carrying my traffic to the greater internet, I doubt they have an extra module in the middle of that called “deep packet analysis module” that is inspecting things so closely. I have never heard of IVPN or Mullvad doing anything like that. Yes it’s sus.
You don’t need any special DPI, you can literally just flag any accounts that connect to known DHT or tracker IP addresses.
They’re offering a free service, on the condition that you don’t torrent. It is quite generous.
11 Likes
I don’t do any “deep packet inspection” on my home network but I can still tell you that someone made a DNS query to a DNS server based on this single log line from the firewall:
such DPI, much wow
3 Likes
no they can’t, since that wouldn’t work due to how bt works.
if they only blocked connections to known trackers then other addresses/peers say resolved by local dht would still go through
so they have to end the whole tunnel if they detect any known addresses to be sure
you could likely actually take advantage of this and easily work around it if you could proxy just the known connections and filter all remaining traffic to specific ports
2 Likes
They don’t need to inspect the packets at all to tell its torrent traffic. Torrent traffic is super obvious.
Port numbers are a dead giveaway, packet headers alone are enough, and packet size and multiple parallel connections and weird packet sizes
If they only blocked usual torrent ports in the 6881-9 range, that alone is probably enough to cut like 95% of people without ever looking at a single packet.
It’s a free VPN that is a loss leader for a real company. It’s a marketing tactic - don’t expect a free ride to use up all their bandwidth.
8 Likes
One point that should be cleared up : in IT one doesn’t need to monitor and log something to block it. For example, you can have DNS blocking without any logging. Same go for torrenting.
3 Likes
Do some VPN providers give your actual ip to websites in some way?
DNS leaks would be the more likely way that a VPN would leak your real IP address. You can test your VPN at ipleak.net - if your actual IP shows up, that’s a DNS leak.
Also ensure that a killswitch is active. If you VPN connection fails and there’s no killswitch, your connection defaults back to a regular insecure connection. So if you’re active on a site, suddenly you’re real you on the site for a few minutes, then the VPN connection comes back and both IP addresses are logged
1 Like