Encrypt incoming traffic question

Discussion in 'Mac Apps and Mac App Store' started by strausd, Jun 16, 2010.

  1. strausd macrumors 68030

    Jul 11, 2008
    Is there anyway to encrypt incoming traffic so people wouldn't know what I am downloading? I have an airport extreme base station and am wondering if it is possible to do it through that. If not, what would be the best software way to do this? Now, since illegally downloading is bad, I'm not gonna say that's why I am wanting to know this, buuuuut..... ;)
  2. angelwatt Moderator emeritus


    Aug 16, 2005
    Encrypting incoming data is pointless because others won't be checking it so much after it's already at your machine. They'll (e.g., ISP) see the traffic over the network as it goes to your machine. You would need to encrypt both outgoing and incoming traffic. This is done through various means including SSH tunneling, VPN, and secure proxies/anonymizers. It also depends on who "people" are that you're hiding your activity from. These methods won't keep people from accessing your machine and getting the information for instance.

    Also, this won't protect you from the RIAA.
  3. strausd thread starter macrumors 68030

    Jul 11, 2008
    100% hypothetically speaking here, but it would be to hide certain downloads so a certain ISP, caugh*verizon*caugh, wouldn't send any emails to one of their customers...
  4. emiljan macrumors 6502


    Jan 25, 2010
    I will tell you this no matter what you do your ISP can find out what you are doing since your internet traffic flows through their servers before it hits the internet.

    Also if you are doing something illegal its only a matter of time before you get caught.
  5. darkplanets macrumors 6502a

    Nov 6, 2009
    I'm not really keen on the double thread going on here... but I do enjoy privacy, albeit for a different reason than you.

    As far as I know, if you have traffic leaving/incoming encrypted, and it goes to a remote sever to then access the Internet, you'll be fine. In other words, your ISP will know what server you're accessing, but not where that data is going from there, or what data is leaving.

    A couple ways to do this.

    1) SSH
    2) VPN
    3) Proxies
    4) Tor network
    5) Any combination of the above.

    I do, however, have reason to suspect that you're using bittorrent here, so you should be aware that you'll have to pay for these network services, and they'll have to be configured properly to allow for the correct data to reach the tracker or distributed database. Additionally, you may want to use a blocklist if you're on public torrents... but that's as much information as you'll get from me; google the rest.

    Oh, and as always, please, use a firewall. Protect your computer as much as possible.
  6. strausd thread starter macrumors 68030

    Jul 11, 2008

    Sorry about the double, I posted in one and noticed it was in the wrong place and didnt see a delete button. And this is completely hypothetical of course ;) but do you know anything about encrypting through vuze?
  7. darkplanets macrumors 6502a

    Nov 6, 2009
    BitTorrent is an interesting beast. The problem with BT, is that in a nutshell, it is inherently insecure. DHT sends your IP address out to peers, and you make distributed 1:1 connections with them. Connecting to a tracker sends your IP to the tracker, which can then be picked up elsewhere. I could go on, but generally its just a big, giant mess for security.

    This leaves only a few options that are favorable security-wise, which coincidentally also greatly impacts performance.


    -VPN. All (and I mean all) traffic to the VPN (encrypted tunneling), with the VPN network making the connection to the BT tracker and clients. The problem with this is that the VPN network needs to have the proper ports open, both for you to communicate with it and for it to communicate with the swarm. Most private VPN services will cover this for you. I can use my schools VPN so I'm not aware of many commercial solutions; try iPredator.

    -SSH, Proxy, etc. Same as the above in concept; you're just masking your initial location through encryption and a remote server that connects to the swarm for you. Ports also have to be configured for this, and certain proxy types won't work, etc. Also generally paid for-- you wont find free proxies that you can use that will support your bandwidth.

    Without those two, that really only leaves us with a few, less favorable options, some of which can be combined:

    -Configure a blocklist (Safepeer) in Vuze. It's in some preference pane. These lists can be auto-updated.

    -Run behind a NAT router, egress firewall, and limit BT to localhost traffic only

    -Private torrents (The safest of all of this when combined with other measures, ex TorrentLeech)

    -Private networks and services (Usenet, freenet, bitblinder, gnunet, etc) Many of these networks have severe restrictions, either through cost, bandwidth, safety, speed, or general reliability-- all of these networks require extreme diligence in setting up your internet connection so that there are no outer network connections to your computer. In other words, the same as VPN; only connect to that network.

    -Force encryption in Vuze, but just as an fyi people will still have your IP, your traffic throttling will just be obfuscated and your IP won't know what you're doing.

    -Use i2p network, but this is quite slow. Also, you can't use public torrents on it, you have to use their private torrents that are inter-network only (no-cross network peers, in either direction). You can set it up in Vuze, despite the FAQ, but I'd suggest reading more about it first. Here's the specific FAQ on BT. Note once again, that this is ENTIRELY secure, but its slow. Also note that opening a public torrent in Vuze once configured with i2p will still allow that torrent to run; itll just connect normally like any regular, non-private torrent would.

    -Tor with onioncat. Haven't done much reading on this yet; looks like it could have some potential, but again has a bottleneck on speeds. To quote onioncat; "OnionCat creates a transparent IP layer on top of Tor's hidden services. It transmits any kind of IP-based data transparently through the Tor network on a location hidden basis. You can think of it as a point-to-multipoint VPN between hidden services. OnionCat is based on anonymizing transport layers like Tor." Note it requires Tor to run.

    -That leaves our final option, Tor. Tor is, well, awesome, but at the same time, not awesome. For starters, the network is slow. Not ideal for BT. For two, they don't want you to use BT on it. For three, since its really just an elaborate proxy network, there's no such thing as private, inter-network torrents like i2p. i2p is end-end encryption since it has no connections out to the unregulated Internet, Tor is encrypted up to the exit node, and supports HTTP/S. Furthermore, you CAN set up Tor in Vuze, in a pref pane, but be aware; your IP is not safe, and sometimes the torrent will just ignore Tor and go out of network over the regular Internet. Furthermore, BT with Tor requires some security enhancements to really be safe; that is: 1) enable proxy for trackers and peers, 2) disable DHT, and 3) Multiple instances for multi-use; that is, if you're on Firefox at the same time, fire up a new instance of TOR, use a different SOCKS port.

    My recommendation? VPN or Proxy.
    Second recommendation that's free? Safe Peer (PeerBlock), forced encryption, disable DHT (up to you), Tor with Onioncat, enable proxy, or if you're really paranoid; run behind NAT router with egress firewall and limit BT to localhost traffic.

    Feel free to check out some of the other networks like i2p2, freenet, bitblinder, gnunet, usenet, ipredator, etc; I haven't really had a time to check them all out or try most of them.

    Remember though; I'm telling you this for your privacy, not piracy. You can apply these same techniques to the rest of your Internet traffic, with varying levels of success depending on the method chosen. Remember too, if you like the artist or developer, support them by buying their product.

Share This Page