I'm using many of the book sites and general torrent ones (I won't name them here), but none of these are on the list.

I also think the point is kinda moot because everyone doing torrents in Germany will already use VPN because it's only a matter of time before you get serious letters from lawyers there, demanding about 400 euro per move they've seen you download. ISPs always cooperate in giving subscriber info for each IP. Some lawyer firms actually specialise in this and go after downloaders on their own.

I wonder if they leave the big torrent sites out to provide income for these lawyers?

So it's not shocking that some might want to shut down VPNs or make using a VPN illegal (like, uh, North Korea, Belarus, Iraq, Oman, Turkmenistan... oof).

This might be more a proof for this whole blocking-business actually working. kinox, serienjunkies and similar named domains were very famous and huge 5-10 years ago. Since then, they have been raided, sued, blocked, etc. So it seems they've been fallen in grace and awareness with their target-group.

I'm no Data Scientist, but would be willing to bet a small round that were we to look, presence of founder bio's and their domicile's extradition policies are not uncorrelated.

[AFAICT there was a lot of paranoia on the Soviet side, and as a basis for that paranoia they pointed to all the Capitalist forces active in russia during the revolution, but in retrospect some part of all that foreign intervention had been due to a problem of their own making: they believed world revolution was only a few years off (and just maybe they didn't want to look inconsistent with their own ideology?), so instead of doing what any reasonable mafia would've done and kept on paying dividends on imperial paper (perhaps even after negotiating an acceptable haircut?) and maybe even paying lip service to IP rights, on both fronts they rather rudely essentially told all the now-former investors to "go to wood"]

Lagniappe: somewhere in Abai's қара сөздері, he says something similar to "you know, it wouldn't do us Kazakhs much harm if once in a while we were to think of something other than how to grift more cows"; with that in mind: https://www.smbc-comics.com/comic/life-3

Soviet and post Soviet literature tends to be layered and full of oblique messages, many of these suffer in translation.

I'm sure that you can get in plenty of trouble for downloading a ton of data from randompiratesite.xyz or whatever, but how the ISP determine the number of movies they've seen you download?

That isn't how torrent sites work. You visit site.xyz and download a .torrent file in the realm of 10s-100s (typically) of kB and that contains some metadata that a dedicated torrent client consumes. The torrent client connects to (1) some tracker via http (or https, but usually http) which may or may not be associated with the site the .torrent came from, to register as part of the swarm, and (2) any number of peer torrent clients. The actual data (X GiB) transfer comes from those peers; not the original site.xyz nor the tracker.

ISPs can observe DNS lookups / connections to site.xyz; tracker "announces" (that's (1) above), especially if they are http. And even the peer-to-peer traffic has a distinct protocol which is recognizable with packet inspection. But the main avenue for finding offenders, I believe, is just downloading the same .torrents for some specific copyrighted content and using the torrents' associated tracker(s) to enumerate swarm peer IP addresses.

Obviously, because, as the chain of comments above your shows, torrent users are easily caught and get fined to hundreds of euros per downloaded movie. Then they stop using torrent and tell all their friends about the experience. This has been going on for more than a decade, maybe two. So by now, German culture has adapted and people don't use torrents.

Then you may get a court order that states what the lawyer accuses you of and this you have to react to. The court just states this and gives you 2 checkboxes. If you check the one saying “I reject the accusation completely” the lawyer needs to decide. He invested some 40 euros into the court order but going to court is a different ballgame and not his main business model so they have to weigh the chances.

The owner of the router that the file went through is responsible for access to the router. Since the owner has so far not said anything to his Defence there is a possibility that multiple people including family members had access to the router and the lawyer might, in court, be presented with a list of people and their addresses which satisfies the defendants task to erschütter the accusation for the court and leave the lawyer with the option to figure out whodunnit or rather who in the list is going to fold and pay.

This is really not his business model. That said they do go to court and people get sentenced to pay the fine.

Years ago I did exactly this by modifying my client to never seed/share, and also to fake my reported sharing stats so the private trackers wouldn’t boot me for failing to share.

Those were the days.

Now, I no longer fear the ISP or copyright holder chasing me (seems ISPS and laws moved on where I am) and don’t bother with modifications any more.

I even know of more people using Usenet then torrents! The amount of work to use torrents safely just isn't worth it for most people.

I've heard from kinox from people I would have never suspected to be even capable of finding such a site.

Guess those people have been the marker.

The seedbox providers are typically headquartered somewhere where they can just burn DMCA notices. The servers themselves are also often located in piracy friendly jurisdictions (the Netherlands used to be common, not sure what’s current).

They usually come pre-installed with a remotely accessible torrent client like Deluge, Transmission, etc. Also often includes other software like VPNs, Plex, etc.

You should be relatively safe using one. The server does all the torrenting, you just download the files over FTP so you never appear in the swarm directly. It’s also a huge pain in the ass for law enforcement because it becomes international quickly. You’re in country X, the server with its IP in the swarm is in country Y, and the company that has the rental agreement with the data center for the server is in country Z.

Anecdotally, I used to spend some time in the space and I can’t recall a seed box provider ever getting raided. I think they just generally don’t bother with folks technical enough to go that far; there are easier fish to fry.

I'd hope someone prepares for that, and when it happens proposes a vote or public address, for laws that make the attempts backfire.

Some provide root, some don’t. Last I checked, you’ll pay more for root because most of the servers are physical so you have to rent a whole server basically.

The servers are typically IO bound on the NIC so they aren’t super picky about what you do with CPU and memory. They won’t let you run a crypto miner or do heavily parallel transcoding, but if you want to chuck a Python+SQLite web app on there I doubt they’d care.

I've also resorted to putting tailscale exit nodes in foreign relatives homes with Pis in the past.

There are enough weird issues with pretending to be a domestic internet connection from a VPS IP that I've given up trying.

providing such a service (-network) is a popular monetization option for all kinds of useless crapware. this is very useful, but even more shady than regular vpn providers.

(Note: I'm Australian, been living in Canada for almost 20 years and only recently had someone explain that to me and suddenly it all made sense!)

The Studios and Music Companies lobbied and got a law passed but the ISPs managed to have the law include a small charge ($20 from memory) for each notice. So the Movie/TV people never bother sending any notices and the music people only rarely do it.

sudo apt install dnscrypt-proxy

sudo systemctl enable dnscrypt-proxy (or system service dnscrypt-proxy start|enable)

sudo mv /etc/resolv.conf ~/resolv.conf.bak

sudo rm /etc/resolv.conf

sudo nano /etc/resolv.conf

nameserver 127.0.0.1

#back up to dns over plaintext not recomennded if your dnscrypt-proxy service stops for whatever reason (enable in systemd, too lazy to write here)

#nameserver 1.1.1.1

sudo chattr +i /etc/resolv.conf

Always use DoH / DoT (DNS over HTTPS / TLS)

in firefox, settings -> DNS in search select Max protection choose NexDNS, make a NexDNS account for further privacy/setting up your local DNS restrictions like ad/tracker blocks

or use cloudflare.

Cheap VPS proxy:

on a VPS, do said dnscrypt-proxy

ssh -D 8080 -i ~/.ssh/sshkey [email protected] (always use SSH key auth, no passwords)

in firefox, set up proxy 127.0.0.1 8080 select 'Use DNS through proxy' - can set proxy settings at OS level to use DNS.

There's some options for you. Tailscale works, haven't tried it though.

There's at least 2 or more different efforts to make WireGuard DPI resistant. Ex: https://github.com/database64128/swgp-go

Interestingly, Cloudflare (and Apple?) have begun switching to MASQUE: https://blog.cloudflare.com/zero-trust-warp-with-a-masque

> Everybody should use something standard ... like QUIC, DTLS or TLS1.3, for their transport layer.

Very common for anti-censorship tools (V2Ray, XRay, Clash, Hysteria, Trojan, uTLS, Snowflake, SingBox, Outline etc) to use these.

If you don't want to stand out you should use steganography and masquerade as a legitimate and popular protocol. It seems that MASQUE does exactly this.

Not so trivially as it seems. I use wireguard from Russia despite their efforts to block it. It needs some tricks to connect, but it works. I believe that openvpn will work too with those tricks.

> Everybody should use something standard and indistinguishable, like QUIC, DTLS or TLS1.3, for their transport layer.

Let them first learn how to block wireguard properly. No point to show them the full scale of the problem they face, so they could get more funding. :)

On a more serious note, it is whack-the-mole game, the idea that sounds like "everybody should use X" for some value of X is not a good idea. Everybody should look for their own way to bypass censorship, and they should do it with as much creativity and tech skills as they have.

so even though that stream was itself encrypted, it was trivially easy to track down that one guy and tie it to him.

I don't understand why this matters, it's not like your ISP will ever block this kind of traffic since every company that has any form of IT department uses some form of VPN making it not only a legitimate kind of traffic but also quite common.

Exactly this does exist, search for xray / xtls-reality.

A node pretends to be a valid web site, with a valid third-party TLS certificate (like a CDN node serving that website), until a correct secret key is presented, then it looks like regular TLS-encrypted web traffic.

E.g. https://github.com/XTLS/Xray-core — most documentation, sadly but expectedly, is in Chinese and Russian, because these folks seem to need this most.

The project you mentioned seems to be pretty complicated; I think it is possible to implement the tunnel in a single Python file without any external libraries. But I was not intending to implement any serious crypto, just masquerade traffic.

Yes, I saw that project and even the English documentation is not easy to read.

This protects the VPN node from being blocked after a port scan, and gives you plausible deniability: "Yes, I have visited this IP. Let's open it. Ah, I just wanted to look at the newest Samsung phone model."

For the remaining 0.2% who know how things work, they are a brief bump in the road to getting to the site they want to pull up.

You need to spend more time with the normies. 99.8% is probably an exaggeration, but if so, not by much. It's easy to forget just how little the average person knows, or wants to know, about how technology works, or their ability to change it to their advantage.

The vast majority of people not only do not understand DNS, they couldn't tell you with any specificity what a domain or IP address even are, and they're afraid of doing anything which might break their computer in a way they don't understand enough to fix.

Easily two thirds of FiFo (Fly In | Fly Out) mine workers in this state, the full on beer swigging head butting rail labourers et al have a rough understanding of the problem and have traded a carton or three with a mate of mate to fix it on their phone | home network so they can get all the p0rn and free movies they can watch on time off.

Real understanding of layered networking protocols from fibre and wire upwards is rare; bypassing DNS blocks is common as muck even sans that fancy CISCO certification.

It is not in Germany.

Therefore, more people in Turkey would know about measures to circumvent it than in Germany.

Germans are not using torrent not because they don't have the knowledge but because they will get sued unless they take other anonymization measures that cost money and slow down speed so why not just pay for Netflix. In developing countries enforcement is not so great that's all

Stuff they actually do day to day. Scroll social media, use messaging apps, watch Netflix, Youtube, Twitch etc, in the older generations (millennial and up) also email and MS Office.

1. Cynically, for bureaucrats to be able to claim they're doing something about an issue the politicians care about, but which the bureaucrats think is a non-issue. 2. Less cynically, to take away plausible deniability for the torrenter about whether the thing is allowed or not.

(And pick another ISP - it's their job to provide neutral net access, not mess with it, especially not mess with it without court order or something just by request of some private companies)

For extra points you could deploy a firewall which intercepts all DNS requests and forwards them to that machine. Some apps have hardcoded DNS servers and ignore what you have configured.

Not really! You can buy a router that ships with OpenWrt out-of-the-box and just toggle a little checkbox. Plug that into your ISP's router (or use a wireless bridge in client mode, that's supported, too) and connect all of your devices through that. Now all your devices use DoH and don't even know it.

And even if they don't, for a few years now there is a law that guarantees you the right to choose your own router (because previously we had quite bad bundling that forced you to rent the ISPs router), so ISPs can't lock you in like that.

The latter usually allows you to disable its IPv4 DHCP sever though but enforce itself as the IPv6 DNS server across your network, which can’t be disabled on your own.

Vodafone Kable, so YMMV.

Always a bit scared to switch providers of course, you never know if you get cgnat and blocked DNS servers. They are building a Deutsche Telekom fiber to our street this summer. It's tempting for the 200 Mbps uplink, But I have no idea is it then CGNAT and do they even provide real IPv6. It's never mentioned in the advertisement.

I haven't used a proprietary router in my entire adult life, except as a WAN connection for my 'real' router with some shitty ISPs.

AFAIK they are legally required to maintain a list of compatible devices and accept any modem that is on that list.

If there's some US law I can cite at them like a magic invocation to make their dumb combo device go away in favor of my own cellular modem, though, I'd like to.

However, once you learn how much data is collected/sold about you from the router level you won't want to go back.

>However, once you learn how much data is collected/sold about you from the router level you won't want to go back.

I need to be scared straight. Go on.

Yes, this is why I switched over to their modem-router, I was starting to hit their caps every month and it was costing me a lot of money.

I really don't care if they monitize that my live-in mother-in-law streams game shows all day.

Products like NextDNS also provide a client app to simplify the process of overriding DNS.

I'd guess if you get business tier service you have more options also, but I've never had that.

Sure, their NXDOMAIN (or whatever) response will appear bogus, but your client won't be able to rebuild the missing response.

says what is blocked is at the DNS level; I guess that means not blackholing routing to the IP addresses

interestingly, the benchmark sites I use to conduct my censorship research are not even in their list?

To state the obvious: If you have someone doing things you don't like in office you can vote them out and replace them with someone who doesn't do those things. This is already a slow and cumbersome process that may take decades to materialize.

Or does this provide a framework for implementing direct democracy? Have a website with law proposals that can be implemented in a privatized way, have the citizens vote for and against them then pressure corporations to implement them.

It's just after people get accustom to having a censorship infrastructure in place, it slowly starts spreading like cancer and gaining momentum...