• 0 Posts
  • 13 Comments
Joined 5 months ago
cake
Cake day: December 6th, 2024

help-circle

  • Look, I’m extrapolating from the general rule to the specific case of torrenting.

    The general rule is that, because the IP protocol requires numerical addresses to connect to a remote machine, if what you have is a site name you have to translate that name into a numerical address before you can actually establish a connection, and a DNS query is how you translate site names into their numerical IP addresses.

    Now, if you look at the contents of a tracker, what you see are not numerical addresses but site names, so those must be translated into numerical addresses before your client can connect to those trackers, hence DNS queries are done to do that translation.

    Meanwhile, if you look at the “peers” section in an active torrent in your torrenting program, you see that they all have numerical IP addresses, not site names. This makes sense for two reasons:

    • Most of those machines are user machines, and usually users don’t just buy a domain to have site names for the machines they used only as clients (i.e. browsing, torrenting and so on) since that is not at all needed. Site names are required for machines which serve stuff (literally, “server machines”, such as machines hosting websites) to arbitrary clients that by their own initiative connect to that machine - they’re meant as a human readable memorable alias for the numerical IP address of a machine, which people can enter in appropriate fields of client applications to connect to that site (i.e. putting “lemmy.dbzer0.com” in your browser rather than having to remember that its IP address is “51.77.203.116”)
    • As I said, IP connections require IP numerical addresses to be established. For performance reasons it makes sense that in the torrent protocol the information exchanged about peers and between peers is always and only the machine’s numerical IP address since with those there is no need to do the additional step which is the DNS query before they can be used by the networking layer to open TCP/IP or UDP/IP connections to those peers.

    Hence my conclusion is that the torrenting protocol itself will only deal with site names (which require DNS queries before network connections can be made to them) for the entrance into the protocol (i.e. start up and connect to trackers) and then deal with everything else using numerical IP addresses only, both because almost no peer will actually have a site name and because it’s low performance and doesn’t make sense to get site names from peers and have to resolve those into numerical addresses when then peer itself already knows its numerical address and can directly provide it. Certainly that’s how I would design it.

    Now, since I didn’t actually read the protocol or logged the network connections in a machine torrenting to see what’s going one, I’m not absolutely certain there are now DNS queries at all after the initial resolution of the trackers of a torrent. I am however confident that it is so because that makes sense from a programming point of view.


  • Well, if the trackers are specified as names (and a quick peek at some random torrent shows that most if not all all), those do have to be resolved to IP adresses and if that DNS query is happening outside the VPN then your ISP as well as the DNS server being queried can see you’re interest in those names (and it wouldn’t be hard to determine with a high probability that you are indeed torrenting something, though WHAT you are torrenting can’t really be determined by you merely accessing certain servers which have torrent trackers active, unless a specific server only tracks a single torrent, which would be pretty weird).

    Things like peers aren’t DNS resolved since they already come as IP adresses.

    So when it comes to torrenting as far as I know all that the DNS can leak is the information that you ARE torrenting but not specifically WHAT you are torrenting.

    It’s more in things were you’re constantly doing DNS queries, such as browsing, that DNS leaking can endanger you privacy: if for example somebody is going to “hotsheepbestialityporn.com”, somebody at their ISP could determine that person’s very specific sexual tastes from seeing the DNS queries for hotsheepbestialityporn.com coming in the open from their connection.


  • It might be a DNS problem.

    I vaguely remember that Mullvad has a setting to make sure that DNS queries go via the VPN but maybe that’s not enabled in your environment?!

    Another possibility is that Mullvad going down and then back up along with your physical connection when your ISP forces a renewal of the DHCP is somehow crapping up the DNS client on your side.

    If you have the numerical IP address of a site, you can try and access the site by name in your browser when you have problems in the morning and then try it by nunerical IP address - if it doesn’t work by name but it does by numerical IP it’s probably a DNS issue.

    PS: you can just run the “ping” command from the command line to see if your machinr can reach a remote machine (i.e. “ping lemmy.dbzer0.com”) and don’t need to use a browser (in fact for checking if you can reach machines without a webserver, the browser won’t work but the ping command will).


  • Even if Mullvad did erroneously allow applications to access your physical network connection for a moment, because you bound qbittorrent explicitly to the network device of the Mullvad VPN, qbittorrent will never use the physical connection.

    You can check this out easily by disconnecting Mullvad and trying to torrent something on qbittorrent and also browsing the Net: you’ll notice the browser gets through just fine but qbittorrent will not.

    Mullvad leaking would be a problem if what you’re worried about is loss of privacy or government surveillance, not for torrenting if your torrent server is correctly bound to the VPN device.


  • In Lutris there’s a “Command prefix” configuration option both per-game and one in the global config with the default for all games, which is where the firejail command line goes (basically for sandboxing with firejail you’re supposed to run “firejail firejail-options original-command original-options” and putting firejail and its options in “command prefix” does that).

    Note that there are other sandboxing options that run in the same way as firejail but I found firejail to have more straightforward options.

    Also note that this won’t sandbox the actual setup of a game, only the running of the game.


  • I run all my games in Linux and everything but Steam goes via Lutris which I configured to, by default, launch them inside a Firejail sandbox with no network access (plus a bunch of other security related limitations) something which I can override for specific games if needed.

    It’s interesting that Steam games are actually the least secure to run in Linux and with a configuration as I have it’s literally safer to run pirated shit downloaded from the Internet than Steam games.


  • Aceticon@lemmy.dbzer0.comtoPrivacy@lemmy.ml"You need to try Linux"
    link
    fedilink
    English
    arrow-up
    42
    ·
    edit-2
    11 days ago

    One should be have been assuming since Windows 7 and automated online updates that the Microsoft key used to sign OS updates is in the hands of at least the NSA (and hence probably the Israeli equivalent) and they can push whatever they want to your computer as an OS update, bypassing all protections.

    In fact the same applies to Linux updates of certain distros - if they’re maintained by a company based in the US they can be forced by FISA courts to provide the signing keys to the US Government.

    More in general, just go read about FISA courts and their secret court orders - companies based in the US or hosting things in the US can be secretly forced to just “give the keys of the Realm” to parts of the US Government.

    Since things like the Patriot act one should be treating companies based in the US as just as untrustworthy as companies based in China.

    (By the way, some other supposed Democratic countries have similar or worse systems - for example the equivalent of FISA courts in the UK have things like secret court sessions were the side which is not the State is not authorized to have a legal representation, see most of the evidence or even know the decision of the court).

    Have people already forgot most of what came out in the Snowden Revelations?!




  • How to give it a go:

    • Get a 256GB SSD and install it on your computer alongside the existing drives.
    • Install a gaming-oriented Linux distro such as Pop!OS, Bazzite, SteamOS or similar, on that drive (don’t let it touch any other drive - those things generally have an install mode were you just tell it “install in this drive” which will ignore all other drives)
    • Unless your machine is 10 years old or older, during boot you can press a key (generally F8) and the BIOS will pop-up a boot menu that lets you choose which OS you want start booting (do it again at a later date if you want to change it back). If your machine is old you might actually have to go into the BIOS and change the boot EFI (or if even older, boot drive) it boots from in the boot section of the BIOS.
    • Use launchers such as Steam and a Lutris since they come with per-game install scripts that make sure Proton/Wine is properly configured, so that for most game you don’t have to do any tweaking at all for them to run - it’s just install and launch. In my experience you still have to tweak about 1 game in every 10.
    • If it all works fine and you’re satisfied with it, get a bigger SSD and install it alongside the rest. Make one big partition in it and mount you home directory there (at this point you will have to go down to the CLI to copy over your home directory). You’ll need this drive because of all the space you’ll be using for games, especially modern ones and launchers like Steam and Lutris will install the games in your home directory so having that in it’s own partition is the easiest way to add storage space for games.

    As long as you give a dedicated drive to Linux and (if on an old machine before EFI) do not let it install a boot sector anywhere else but that drive, the risk exposure is limited to having spent 20 or 30 bucks on a 256GB SSD and then it turns out Linux is still not good enough for you.

    When NOT to do it:

    • If you don’t know what a BIOS is or that you can press a key at the start of boot to get into it.
    • If you don’t know how to install a new drive on your machine (or even what kind of drive format it takes) and don’t have somebody who can do it for you.
    • If you don’t actually have the free slot for the new drive (for example, notebooks generally only have 2 slots, sometimes only 1).

  • I thought the same, especially since I had tried Linux on my main several times since the 90s (my first dual boot was with Slackware).

    Then maybe 8 months ago I did the transition, and installed Pop!OS since I’m a gamer plus I have a NVidia graphics card and didn’t want to go through the whole hassle related to that (Pop!OS has a version which already comes with those drivers).

    Mind you, I did got a separate SSD for Linux and meanwhile added a new one, which is where my games directory is mounted and upgraded the root one to something a bit bigger,

    So, this time around, what did I find out in about 8 months of use:

    • Once, I did had to boot into CLI mode and have apt do some failed upgrades, which included doing some kind of rebuild thing (you get instructions of what command to run when apt fails). This was due to a upgrade of the apt itself, I believe. All the other times it just boots to graphics mode (I’m using X rather than Wayland) or if it fails to start it (happened only a handful of time) you just reboot it.
    • In general even though I’ve done things like add and change hardware components, I have done little tweaking via CLI and some of it I did it because I’m just more comfortable with it or wanted so obscure options (for example, I wanted to mount the drive shared with Windows with a specific user and group, so I had to edit fstab). Except for the more obscure stuff there are UI tools for all management tasks and one doesn’t have to actually do much management and things almost always just work (for example, I changed graphics card - whilst staying with NVidia - and it just booted and worked, no tweaks necessary)
    • As for games, I use Steam for Steam Games and Lutris for all other game versions including GOG. Both have install scripts specific for each game, that configure Wine appropriately, so you seldom have to do anything but install, launch and play. That said in average I have had to tweak maybe 1 in 10 games. Further, about 1 in 20 I couldn’t get them to work. If you do install pirated games, then there is no install script and you do have to do yourself the whole process of figuring out which DLLs are missing and configure them in Wine using Winetricks (curiously, I ended up having to install a pirated game because the Steam version did not at all work, and the pirated version works fine). Note, however, that since I don’t do multiplayer games anymore, I haven’t had problems with kernel-level anti-cheat not working with Linux.
    • Interestingly, for gaming you have safety possibilities in Linux which you don’t in Windows: all my games launched via Lutris are wrapped in a firejail sandbox with a number of enhanced security restrictions and networking limited to only localhost, so there is no “phone home” for the games running via that launcher (Steam, on the other hand, is a different situation).

    I still have the old Windows install in that machine, but I haven’t booted into it for many months now.

    Compared to the old days (even as recently as a decade ago), nowadays there is way less need for tweaking in Linux in general and for gaming, even Windows games generally just install and run as long as you use some kind launcher which has game-specific install scripts (such as Steam and Lutries), but if you go out of the mainstream (obscure old games, pirated stuff) then you have to learn all about tweaking Wine to run the games.

    If you have a desktop and the space to install the hardware, just get a 256GB SSD (which are pretty cheap) and install a gaming-oriented Linux distro (such as Pop!OS or Bazzite) there, separate from Windows and you can dual boot them using your BIOS as boot manager: since the advent of EFI, booting doesn’t go through a boot sector shared by multiple OSs anymore, so if you install each in their own drive then they don’t even see each other (you can still explicitly mount the Windows partitions in Linux from the Files app to access them, but otherwise they have no impact whatsever on booting and running Linux) and only the BIOS is aware of the multiple bootable OSs and you can get it to pop up a menu on boot (generally by pressing F8) to change which one you want to boot.

    For the 20 or 30 bucks of a 256GB SSD it’s worth the try and if you’re comfortable with it you can later do as I did and add another bigger one just for the directory with you games (or your home directory, though granted to migrate your home like this you do have to use the CLI ;))


  • It massively depends on the country - it’s probably fine in Southern and Eastern Europe but not for example in Germany were if I’m not mistaken copyright violation is even part of Criminal Law rather than Civil Law as in pretty much the rest of the World.

    Personally ever since I lived in the UK - which has the most insane levels of civil society surveillance in Europe, including of Internet usage - I got into the habit of doing pretty much everything behind a VPN, which also helps with peace of mind for the whole torreting thing no matter which country I’m living in at the moment, plus I pay 5 euros a month for the VPN which is less than a single streaming service, so in a way it pays itself (it’s funny how piracy compensates for the costs of protecting myself from dragnet surveillance).