Dealing with Bittorrent traffic shaping/blocking by your ISP

(Updated 2015 with qBittorrent examples and Tor Browser Bundle instead of Vidalia)

So, here’s a guide several people have been asking me to write. Let’s just put a big fat disclaimer above it first: I’m just writing this because I think all internet traffic should be considered equal, and I find it downright wrong for an ISP to prioritize certain connections or deny access to an arbitrary number of sites because they can be used for copyright infringement. This is the basic principle of net neutrality. Take care of our internet roads and crossings, and leave it to the end user’s responsability to pick the destinations.

0. About Bittorrent

(you can skip this section if you already know how Bittorrent works)

There are already tons of excellent guides explaining the principles on Bittorrent. Check this Lifehacker guide for a quick hands-on, or the Wikipedia entry for technical details. I’ll quickly recap it: Bittorrent is a file transfer protocol. In Layman’s terms: when you download a .torrent file, this file only contains the meta-information about the files you intend on downloading, plus a couple of links to machines (trackers) who know which other users have or are looking for that same set of files. By setting up direct connections with several other users, you can retrieve the files. Since you’re downloading different parts of the file from different users, this is a big speedup when compared to downloading everything from a single location.

In the early days of Bittorrent, these trackers were seen as a liability: it was still a form of centralized control that was needed to initiate a connection. In modern Bittorrent specifications, several features were added to make sure you could find other peers without having to contact a central tracker: peer exchange, DHT, … In short: it’s possible to initiate a Bittorrent transfer without using a tracker, but the overall kickstart speed will be slower.

These torrent files are slowly being replaced by so called magnet links: this is a special URL scheme which contains everything you need to start a Bittorrent download: file info and details are fetched from DHT / other peers. It eliminates the need for you to download a small .torrent file containing this information.

1. How and why are ISP’s throttling/blocking Bittorrent traffic?

One of the first concerns might be bandwidth limitations: recent studies have shown that Bittorrent traffic is 53% of all upstream traffic in North America. The ISP’s reasoning is that only a small amount of people use a big chunk of the available bandwidth, which creates an unfair situation compared to regular users. I’m not going into that argument here.

The other major reason is copyright enforcement: your ISP might be pressured by a copyright-infringement-control-organisation to label all Bittorrent traffic as being illegal. This is a wrong and dangerous situation: the protocol is excellent for distributing a file to many people with only limited bandwidth requirements for the original sender. The applications are endless: game updates, virtual machines, … It would be like labeling all bus traffic illegal on the main roads, because some buses are used by criminals.

In general, ISP’s thwart Bittorrent traffic in several ways:

  • Packet inspection: block anything that looks like Bittorrent traffic (traffic blocking), or make sure only a limited amount of bandwidth is used (traffic shaping)
  • Tracker block: block access to well-known trackers, so no or only a small amount of peers (=other people interested in the files you’re downloading) can be found.
  • Blocking torrent-related websites: this doesn’t really qualify as tampering with the Bittorrent traffic itself, but denying access to torrent indexers or search sites, so you cannot get torrent files / magnet links.

2. Dealing with packet inspection

There’s a big chance your ISP is throttling your bandwidth right now. An excellent way to find out is this Glasnost test: you need Java installed. It will only take 15 minutes of your time, depending on your connection speed.  Although inspecting packets is an intensive process, there are several applications and solutions to efficiently identify each packet using the header information. An open-source packet inspector, often used by ISPs is OpenDPI. Deep packet inspection is a costly procedure, and there are a lot of privacy issues as well.

The good news is that most of the modern Bittorrent clients (since 2005) come with packet encryption options. The solution is simple: make sure the peer-to-peer Bittorrent traffic looks like regular TCP traffic with an encrypted payload. The transfer speed will be slightly lower, but it makes it a lot harder for ISP’s to inspect the packages.

Update 2015: Since writing this guide, uTorrent got a lot of flak for introducing advertisements and other spyware-related stuff, so I’m recommending qBittorrent as a client of choice now. All torrent clients however, offer a similar setting.

Also, standard Bittorrent traffic runs on ports 6881-6889 (TCP). Most torrent clients allow you to randomize the standard connection port on startup – I would also suggest you do that, since sometimes ISP’s just blatantly block all traffic on certain ports, encrypted or not.

In qBittorrent, browse to tools->options->Connection, and set “use a random port on each startup”.

randomport

In qBittorrent, browse to tools->options->Bittorrent, en set the setting to “prefer”or “force” encryption there. Some clients will automatically fallback to a non-encrypted peer-to-peer connection if the encrypted connection attempt fails.

QBittorrent Encryption Settings

QBittorrent Encryption Settings

Some ISP’s try to tackle this solution by simply blocking all encrypted traffic, but this causes far to many problems with other applications (Skype, E-mail, …) to be reasonable. If you’re on an ISP which doesn’t allow you to have private communications, it’s time to switch to a different ISP.

3. Dealing with tracker blocking / forbidden websites

There are several ways of contacting web addresses you’re not allowed to contact: using a web-based site like VPNBook, or similar services, like a full-blown VPN (I can recommend Freedome). Often these services are not free, and don’t really offer any guarantee of not storing your data. Configuring your Bittorrent client to use a web-based proxy is often not easy or impossible.

That’s why we’ll turn to the TOR Project.

First of all: Tor (The Onion Router) has nothing to do with Torrent. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It routes your traffic through several nodes in a network. A full explanation on how Tor works internally can be found here. It really is a fantastic project which helps a lot of people all over the world, and I encourage you to read up about it and try to contribute.

The good news is that we can use Tor for two purposes:

  • In the Tor Browser (a browser designed to route all its traffic through the TOR network): to browse to websites our ISP blocks.
  • In our torrent client: to contact Torrent trackers our ISP blocks.

Now, for trackers, remember: Trackers are just servers who give you a list of other clients who are also interested in the same file. Only this connection to the tracker is blocked by your ISP. As soon as you’ve somehow retrieved the list of other peers, you’re in the clear :)

You can download handy bundles on the Tor Project website: There’s a Web Browser bundle (more info here) for quick and hassle-free surfing: just extract it and run it. It will automatically connect to the TOR network and start a proxy on port 9150 on your computer. You can use this browser (which is a heavily modified Firefox browser) to browse to any website that might be blocked by your local ISP. Hurray!

Now, we will use the started proxy to connect to the trackers in our Torrent client.

UPDATE 2015: The Vidalia bundle is not offered anymore. We describe the same process using the Tor Web Browser Bundle now. We also replaced uTorrent with qBittorrent.

Now, how do we make sure our client (in this case: qBittorrent) uses that local proxy (and thus: TOR) to contact the trackers?

Open up the tools->options->connection settings, and enable using a proxy server. The proxy talks to us using SOCKS5, and needs no username or password to connect to. It’s address is our own machine (127.0.0.1, or localhost). The port is 9150 by default. Save and restart your client to have the changes take effect. Keep in mind that this will only help for contacting trackers which are using the HTTP:// protocol. UDP-based trackers cannot be contacted using a SOCKS5 proxy.

QBittorrent Tor Proxy Settings

QBittorrent Tor Proxy Settings

Mind you: do NOT check the box to use the proxy for Peer to Peer connections. We don’t want to have our peer-to-peer traffic over Tor , since this puts a lot of strain on the network. Tor was not designed for this.

Bear in mind: Tor is used in countries with heavily restricted freedom of speech (for example, to penetrate the great Firewall of China), and for whistleblowers leaking important information (like Edward Snowden) so any unnecessary big-volume traffic is frowned upon. Downloading a big file using peer to peer connections over Tor is a bad and anti-social idea, and a lot of Tor nodes will block you for it. I cannot stress this enough!

If you’re a nice person and want to give something back, and you’ve got some bandwidth to spare (on your own machine or on a server you own), you can serve some Tor traffic yourself and help out other people. Without volunteers like these, the Tor network would not exist.  I am a Tor relay volunteer myself. Find out more about setting up a Tor relay here. Recommended!

4. Conclusion

Being able to circumvent ISP-imposed limitations is one thing, being vocal with your disagreement is another. Talk to your ISP and ask them about the why’s and how’s they are shaping traffic, and how it is affecting your internet activities. State clearly that you prefer ISP’s who respect end user freedom and net neutrality, and (if possible) switch to a different ISP.

Leave a Reply