Torrent security measures: how is torrenting suspected when using a VPN?

tl:dr Even with these measures below, can’t my ISP see a lot of downloading on my account which might be enough to raise suspicion of torrenting? Click on the post for a correctly-formatted version!

What else can the ISP see?

What can government spooks see?

I’m in the UK where torrenting seems to be policed and prosecuted (persecuted!) with a heavy hand.

I’d be interested and grateful to hear your opinions on what I do, and on my thoughts on other issues and anything else I’m missing.
Many thanks.

~- I do this:~

~Enable VPN~

Turn on the kill switch – both Internet and App kill switches

Set the highest encryption - Make sure your VPN is set to 256-bit AES encryption so that all your data is as secure as possible.

Use a secure protocol - it’s best to use an OpenVPN protocol, and not PPTP, which is older and not as secure.

Enable leak protection - switch both IP and DNS leak protection on. Can check for DNS leak: https://nordvpn.com/features/dns-leak-test/

Lock the torrent client to your VPN interface/IP. Use a client like qbittorrent which allows you to bind only to a specific interface/set your torrent to only work via network adapter that your VPN uses… Even if the VPN crashes, your client cannot leak anything because it is communicating over a channel which becomes disconnected.

Disable geolocation in browsers and the PC

Do not allow seeding (now permanently set on Qbittorrent: seeding limits set to zero) - sorry about this one, fellow pirates. The UK seems to be bandit country!

Turn PC Wi-Fi off

~- And maybe:~

Use split tunnelling - This keeps some of your online traffic, like torrenting, encrypted with the VPN, and leaves other sites on your regular IP address. It is useful when you need to keep some sites on your normal IP, such as delivery services and online banking.

Turn on obfuscated servers – make sure VPN protocol is set to Open VPN (TCP)And, I haven’t done this because it may be too advanced for me:

~- Advanced measures I haven’t used yet:~

Set up a Linux virtual machine and do all your business from there. There are ways to harden Linux to make no traffic escape, and to force all traffic through the VPN (hint: you still have to allow traffic to go to NordVPN otherwise you will have a hard time connecting)

Theoretically, you can map your VMs network adapter to the VPN tunnel interface on your host. This means that the VM can ONLY talk over the tunnel. The reason I haven’t really done this is because I can’t think of how to make my host NOT use the VPN.

- Problems I can foresee and haven’t seen answered anywhere:

Even with these measures above, can’t my ISP see a lot of downloading on my account which might be enough to raise suspicion of torrenting?

What else can the ISP see?

What can government spooks see?

What do you guys think?

Do not allow seeding.

Sorry, I hate you.

Funny because I’m from the UK too and never had any letters in 20+years and never used a VPN.

If you use a VPN your ISP can’t see what you’re browsing or downloading, he can see there’s a heavy communication between you and your VPN server, but can’t see the nature of data. You could be simply streaming Netflix on 3 TVs at the same time, who knows, and honestly they don’t give a shit.

Just make sure to use a good and reliable VPN service as some of them tend to sell/give data when pressed by authorities. That’s the weakest point in the whole setup.

While using a VPN prevents your ISP from seeing the content of your traffic or specifically knowing you’re torrenting, the primary concern regarding surveillance is metadata.

When using a VPN, your ISP can see when your connection starts and ends. Long, continuous connections can suggest large file downloads or streaming activities, typical of torrenting. They also monitor the volume of data transferred. Unusually high data usage can raise suspicions (at least in theory), especially if it’s consistent.

ISPs can identify the VPN server’s IP address, revealing that you are using a VPN. If this server is known for supporting torrenting, it might heighten their scrutiny. They can also detect the type of protocol you use, like OpenVPN or IKEv2.

Additionally, ISPs can perform packet inspection. While they can’t see the encrypted content, they can observe packet sizes and timing, and frequency. Torrent traffic often involves frequent, consistent exchange of packets of varying sizes with multiple peers. This pattern is distinct from other types of traffic, like web browsing or streaming, which have different packet size distributions and timing characteristics. By observing these patterns, ISPs can theoretically infer torrenting activity even if they can’t see the actual data being transferred.

While ISPs have the ability to see this metadata, they typically do not monitor it closely without a specific reason. Detailed monitoring and analysis require significant resources and are usually reserved for targeted surveillance by government agencies. For most casual users, the risk of ISPs acting on this metadata is very low. Unless a three-letter agency has taken an interest in you, your current precautions are likely sufficient for typical torrenting activities.

Yes, your ISP gives zero fucks about what copyright laws you may be breaking. All is good as long as you “agreed” to their terms of service and you pay your bill and nobody else is complaining. They probably get annoyed by pitbull lawyers wasting their employees’ time, but these days even the legal complaint process is probably set up to be fully automated, zero effort, zero extra costs.

But they do give a fuck - a very serious fuck - about torrent traffic consuming tens or hundreds or thousands of times more bandwidth than typical/expected internet traffic. Extra traffic costs them extra money. More blinky lights on the expensive Cisco boxes. So sooner or later, most ISPs will throttle or block all your torrents.

Killswitch noted.

So, the ISP gives zero fucks and the government has no powers to check the average user’s broadband usage. I that right?

Was going to say the same, but speed limit set to 0 means that the limits are turned off, so it’s all good in my books. But should just seed anyway, makes absolutely no difference at that point.

I hate me too, and after this quite reassuring thread, I may well start seeding again!

To my credit, I last lived in Thailand for 7 years and had a 1Gbps connection. and seeded GB per day during that time, so maybe I may be cut some slack.

Lucky you. I have read that others have not been so lucky, and that the government regs are not favourable to us. Good luck, brave pirate!

That’s reassuring, thank you.

Same thoughts in mind.

An excellent answer, delving into the devil of the detail.

I am very grateful to everyone who has posted, but particularly to you for this assessment of the ISP’s access to suspicious metrics.

Your post is pretty positive though; I’m not going to become a red flag for anyone. In Thailand (my previous base of operations), the chances of being noticed were negligible, because nobody was looking! In the UK it’s different, so a lower profile is desirable. No problem!

Mmmm … that’s what I wondered. I suppose if one is not overusing bandwidth, they won’t give a fuck. As u/sonictank says below, I might just be using Netflix on several devices, which nobody would care about.

Thanks

How can you downvote such honesty?
Shame on you!

What ISPs have you used or tried?

NP! If you’re interested in privacy and VPN alternatives, I highly recommend looking into Nym/Nym Network, a promising new web technology project. Nym is designed to protect against metadata vulnerabilities and attacks that VPNs or even the TOR network cannot fully defend against.

Nym isn’t a typical VPN or TOR; it’s a decentralized mixnet. It protects against metadata surveillance by mixing packets together, obfuscating packet timings, routing packets through multiple nodes, and using packet padding to make them appear the same size.

While it’s not fully operational yet, the project has made significant progress already. If you’re interested, you can check it out on their website: Nym Network

Thank you for the tip on multi-hopping, and for the post which gives a good snapshot of the way things are today.
Yay!

I’m in rural northern Scotland. Fibre only reaches towns and we’re not in one. We had BT broadband with a laughable speed of 20/2. Research led to 4g and an active signal booster which gives approximately 50/20; it’s OK for routine browsing and Netflix, etc.

My ISP is a closely guarded secret … it should be, on this subreddit, shouldn’t it?
No disrespect, my friend.

Thank you!!

It looks interesting and I’ll check it out.

All the best to you, highly informed Redditor!!