The endless question about torrents

Hello everyone,

although I have done researches and checked forums before, I am still not convinced so I thought I should ask on this forum.

how safe is it to play files downloaded with torrent?

I am someone who has a prime account but yet I prefer to download a torrent movie to watch like the old days (especially now with the Amazon stupid ads), how safe is it to watch a movie on vlc either on Window android or linux? having done my research, everywhere I read says that it is impossible to run a virus like a trojan on a video file (unlike games where if you run a cracked exe you also run the virus), which makes me want to ask, why are torrent movies free? is there any ransomware? trojan or cryptmining inside a free torrent movie file that takes 10 minutes to be downloaded? i simply find it hard to believe it is free with no catch

I would be grateful if someone could explain their point of view as I feel paranoid sometimes to play a torrent movie (but still not paranoid enough to spend money to buy every single one :sweat_smile:

What do you mean by “safe”? P2P and the BitTorrent protocol are not malicious but, its very common to download a torrent that has malicious files inside.

Again, I am unclear about what you mean by “safe” here.

Anything you download can be malicious.

It seems like you are referring to pirated material. This topic is not really appropriate for this forum. Downloading in general has its risks, downloaded pirated content has many of the same risks, regardless of monetary cost.

Well that’s wrong for sure. There have been deliberately manipulated video files that exploited a vulnerability in certain video players/decoders. So yeah, it’s possible.

See e.g.:

4 Likes

Relatively safe. Many download and watch and torrenting is popular because you do get what you want or most things you want for free and it works.

Do better research. It is unlikely but not impossible. The chances are very minimal though. If you can, always do this on a spare computer you wouldn’t mind resetting should anything go wrong.

Because its possible. Because its there. Because people want to fight DRM. Many more reasons.

Again, unlikely but always use “reputable” torrenting websites.

This is part of the good ol internet so I understand the skepticism but it is called the good ol internet for a reason. No catch.

BUT ALWAYS USE A TRUSTED VPN - I recommend Proton VPN with port forwarding with qbittorrent.

1 Like

I heard that self hosting Jellyfin sort of mitigate the “vulnerable VLC” issue but it also opens a different sort of problem.

thank you for the clarification.

I guess i can always dedicate an old laptop for this purpose.

i was not aware of the importance of port forwarding, Proton VPN has the option, I will then go for it

thanks again

I guess using Jllyfin in flatpak (sandbox environment is relativelly safe)

this is very intersting, thank you for sharing.

I guess using VLC or Jellyfin in a sandboxed environment like flatpak (with internet disabled) would be ideal

Apologies I did not mean anything inappropriate, i just wanted to make sure I remain private and secure when using the internet but I understand what you mean, I will avoid getting into this topic in future then

Regards

1 Like

I believe playing whatever you’ve downloaded through a virtualized desktop could also potentially make it more secure. A sandboxed environment should make it better.

Its a little too much especially if you are not on the particularly risky parts of the internet.

Mostly you could just throw everything to virustotal.com for the non-sensitive things: the “warez” you downloaded, torrented movies, e-books of books you should have bought but didn’t and other illicit files before opening/running them them.

Usually you are not the first one to send a sample so you usually get an instant result. Otherwise you upload it. For larger files, like movies, a hash information get sent, if it hasn’t been uploaded yet, you get the honor of uploading a large movie file for analysis to virustotal.

1 Like

I do use virustotal too. I might be wrong but isn’t there a size limit to the uploaded file?

You can theoretically get a virus from interacting with any file, including video files. It’s just less likely. Take for instance, a 2020 VLC vulnerability:

Imagine if you were using an outdated apple device in 2021, and downloaded a maliciously created .avi video file from a reputable torrent site, and ran the video in VLC. An attacker could use this buffer overflow and infect your computer without you even knowing. And of course, a system like “Virustotal” would be completely unable to stop this.

The FBI once used a media player vulnerability to run arbitrary code to deanonymyze a sextortionist and terrorist, but this costed them 100,000$. Media file exploits, like the one mentioned above, are precious and powerful, but made mostly useless upon discovery, and are usually disclosed by security researchers so they can be fixed, or sold on exploit markets for tens of thousands for advanced hacker groups or intel agencies to use on specific targets.

Such vulnerabilities also are discovered for basic image files - you could theoretically get infected by an image loaded in your browser. This kind of attack could theoretically be used by a power adversary to infect targeted individuals by serving them ads with infected images, without the user even clicking on it, and while they’re on reputable websites.

Running and processing any file carries an amount of risk, and requires a level of trusting the sender of the file.

Its true that you should be wary of “Free” products, but in the case of torrenting, the expectation is that you also help share the file, since they were so kind to share it to you. Its like a commune. Some torrenting communities only allow people who can prove that they’ve been good internet citizens and also help seed files.

This is incredibly subjective, but I would say “extremely safe”, as long as you are only running video files, and not excutables disguised as media files (like the infamous "music.mp4.exe trick).

Here’s what you can do:

  1. Keep your computer up to date. Updating patches known security vulnerabilities. It is extremely, extremely unlikely that a threat actor would burn a new undisclosed vulnerability for a media player on random torrenters. But someone just might distribute old vulnerabilities to catch those who haven’t updated their PCs, because this costs much less effort.

  2. Be aware of which file extensions are media files and assume anything that seems “rare” is a sort of executable.

  3. Disable hiding file extensions in your file browser, you should see the full name of any file you’re running.

  4. If you’re really paranoid, you can just torrent on a disposable linux VM. But this is probably unnecessary, as long as you’re running media files only (not executables), and keeping your computer up-to-date.

3 Likes

Most torrent sites will have a comment section or “approved” users (users which were vetted before uploading) which makes it easier to trust some torrents.

i use mpv

are there similar holes?

1 Like

Probably not. I feel like it is actually VLC specific.

thank you all guys and special thank you for Karlson for detailed explanation

I just wanna add one thing, it is good to use virtual machines if it comes to that, if you dont want to use a virtual machine, use vlc on flatpak with no access to the network, it can be a huge improvment for safety as trojans or remote code execution becomes less likely (i’m not talking about movies only, but in general executing an app in a sandboxed environment with no access to the network is safer)

if you have flatpak download vlc and use the command
flatpak run --unshare=network org.videolan.VLC

You should also limit filesystem access since by default flatpak VLC has full permission to the entire disk. That makes it an easy attack vector since you can use things like manipulating bash aliases etc. Plus, it’s worth mentioning that VLC flatpak is unofficial.

From my understanding, all these exploits require crashing the process. While it’s not obvious at all, if you’re aware of this, you might take notice if the player crashes immediately. And are these files even playable at all if they crash? If they aren’t, you’d probably know immediately there’s something wrong with them.

Maybe running ffprobe on the files before playing them would help some; it’s possible it could pick up something suspicious. If you had more technical knowledge, you might try analyzing these video files in a hex editor. The back of the file could just be a lot of padding to make it an expected file size.

1 Like

Putting a multigigabyte file in a hex editor seems excessive :sweat_smile: most apps suffer a stroke when you load a huge file it is not optimized to open. Its hard to go around the data.

1 Like