I wrote this post for a friend, I’m sharing it here for anybody it might help. I got asked multiple times how I download cracked music software so I figured it’d be easier to write it down once. It’s meant for people with very low technical skills who just want to start torrenting software without major risks, and it includes a bunch of safety tips that are already known in this community.
If you have feedback, let me know and I’ll update the post.
Running strange software grabbed from unknown sources will never not be a risky proposition.
Uploading the .exe you just grabbed to virustotal and getting the all clear can indicate two very different things: It’s either actually safe, or it hasn’t yet been detected as malware.
You should expect that malware writers had already uploaded some variant of their work to virustotal before seeding it to ensure maximum impact.
Getting happy results from virustotal could simply mean the malware author simply tweaked their work until they saw those same results.Notice I said “yet” above. Malware tends to eventually get flagged as such, even when it has a headstart of not being recognized correctly.
You can use that to somewhat lower the odds of getting infected, by waiting. Don’t grab the latest crack that just dropped for the hottest game or whatever.
Wait a few weeks. Let other people get infected first and have antiviruses DBs recognize a new malware. Then maybe give it a shot.And of course, the notion that keygens will often be flagged as “bad” software by unhelpful antivirus just further muddies the waters since it teaches you to ignore or altogether disable your antivirus in one of the most risky situation you’ll put yourself into.
Let’s be clear: There’s nothing safe about any of this, and if you do this on a computer that has access to anything you wouldn’t want to lose, you are living dangerously indeed.
What’s life about without a little risk here and there? And the really important stuff should be mirrored somewhere anyways, so: go for it! No fear!
You’re right of course, but it’s hard to communicate this level of nuance in a post targeted at newbies. If you don’t disable your antivirus, 9/10 times it will quarantine the KeyGen automatically, and you don’t get anywhere.
I’ve added a warning about the risk of infection. Do you have any recommendations on how to tackle this in a way that’s appropriate for non-nerds?
So how do you tell if a keygen is a virus or if it’s just being detected as a keygen?
If it’s a keygen then you should just assume it contains a virus and run it in a sandbox. You’ll only need to run it once anyway to test the key.
And what about other stuff?
After a quick glance over your post, I have some thoughts;
Free: ProtonVPN
ProtonVPN is good for torrenting on the paid plan, not the free plan. Proton doesn’t allow torrenting on their free plan. They will block your connection if they detect that you are torrenting, or they will disconnect you from their VPN tunnel - exposing your real IP on the torrent.
Paid: Mullvad
Mullvad is a decent choice, though they no longer support port forwarding.
You are still able to download, though you won’t be able to seed iircVirusTotal
The problem with a virustotal scan is that pirated software is often false flagged for malware. It’s difficult to tell what is safe from what you’ve downloaded. It’s best to download from a trusted uploader, though that doesn’t always guarantee safety as they can always go rogue (As an example, FTUApps were seen as safe until one of their uploads to 1337x contained malware).
Older uploads tend to have less false positives in my experience, though it can be very easy to become complacent.
edit; score out comment about mullvad seeding, others have pointed out that it still works fine! oops
This is going to be a total noob (and thus stupid) question, but is it possible to selfhost a vpn?
No such thing as a stupid question :p
Yes, you can self-host a VPN! Though there are a few things to keep in mind if you are going to torrent using one:
- A self-hosted VPN on your own network isn’t good for torrenting. Your own IP is still shown to other peers on the torrent, you might as well torrent without the VPN.
- Depending on your server host, you may not be allowed to torrent on their network.
- If you are allowed to torrent, you will have to watch your bandwidth limit*. I have a cheap VPS - for other things unrelated to VPNs/torrenting - and the limit is 20TB of traffic
- Many hosts will respond to DMCA/Abuse complaints - very few are relaxed and ignore DMCA complaints, others may shut off your access to their services after a single complaint
*some hosts do not have a limit though cheap servers usually do.
From what I can tell, most server hosts don’t care about what you are doing with your server, unless your server is gathering abuse reports or using an excessive amount of resources constantly. I would go for a subscription to a VPN instead of self-hosting but that’s just me.
Would you like to offer alternative suggestions to the vpn selection?
FWIW: I have a paid torguard and poaching my works license for NordLayer.
Both have their pros and cons. They’re generally good with anonymity and security and speeds.
I don’t know of any free vpns for torrenting, though I believe ProtonVPN (paid), Windscribe (paid) and AirVPN (paid) offer port forwarding at the moment. PIA can be used to port forward, though they are owned by kape which is kinda sketchy to me.
You can use windscribe free for torrenting, but you will quickly hit the data cap they have in place
I can confirm PIA fully works as long as you’re connected to one of the endpoints that supports port forwarding, and it works over wireguard which I prefer. My torrent client runs in a docker container that runs all traffic through it.
Whether or not you trust their claim of not saving any logs (especially after getting bought out a few years ago) is up to you, but there hasn’t been any evidence to suggest they are, and they’ve had reputable audits to suggest they don’t.
Does PIA have a free plan that works? Since the only free option was immediately debunked in these comments.
I wouldn’t recommend using any free VPN for anything, personally.
I already have a paid one, but I wrote this for people who don’t care enough to pay for one. Basically the alternative is either a free one or none. If I’m talking to a friend I’d rather they use a shady free VPN than none at all.
windscribe offers 10 GB/month free, and you can build a $3 custom monthly plan if you need more bandwidth
Yeah I’ve updated the post to have Windscribe as the recommended free one, with a warning about free VPNs
So how do you check for viruses without a bunch of false positives?
@ScratchySoft @Deletecat http://virusscan.jotti.org
Online file scannerAre you sure that won’t also get a bunch of false positives because it detects that a file is a keygen or crack?
@ScratchySoft it should know the difference between a virus and a keygen, yes.
I sure hope so.
deleted by creator
Could you link that?
deleted by creator
nice guide! i’d mention that it’s good courtesy for your seed to leech ratio to be >=1 so you’re giving back what you took. given that you’re able to seed safely of course
i’d also recommend changing the reddit link to an archived version of the comment in case it gets deleted
Thanks for the tip about the archived Reddit link, I’ve updated it!
For the seed to leech ratio you’re right, but I feel like it might be a bit much to throw at somebody who’s just figuring all this stuff out. It’s not a guide on how to seed safely, I don’t want to encourage people to put themselves at risk who don’t yet have the skills to protect themselves.
I highly encourage you to update the article to have a section for binding network interface to the VPN. I didn’t do this and one day my vpn disconnected and it used me actual IP address and I got DMCA’d.
It’s there… Step 4 of the section “Download A Torrent Client”. I didn’t call it “binding an interface” because the intended target of this post would have no idea what that means.
sorry, to hear that happened to you! I have paid VPN and use it to isolate devices on my network that i don’t trust (not torrenting).
I would never trust 100% a vpn running on the same machine as the app that needs the connection.
Probably super paranoid, but always use one of those VPN boxes with separate ethernet sockets - for input and out connection. Quite cheap on Amazon. I assume they run Linux and when they loose the VPN just crap out instead of exposing my home network.
Step 1: Live in latam. Step 2: Sail the 7 seas.
Or any 3rd world countries.