Another VPN Bans BitTorrent!

The VPN industry is involved in a disturbing trend: Banning BitTorrent traffic.

Some providers were caught telling people to use their unencrypted network proxies in order to Torrent all kinds of things… including copyrighted material. Even more incriminating, they also provided instructions on how to set up the whole thing and advertised that their services are great for piracy!

So of course, they’re getting sued.

Two VPNs have already been successfully sued. Among other penalties – block all BitTorrent traffic from users while being court-ordered to share the identities of their customers.

Think that’s pretty crazy from an industry who likes to throw around the words ‘privacy’ and ‘security’ every ten seconds? You ain’t heard nothing yet.

Lawsuit And BitTorrent VPN Ban #1 – VPN.ht

In October of 2021, the trouble started to hit home. At the time, a lawsuit had been ongoing between Millennium Funding Inc (Millennium Media / Voltage Pictures / et al) and VPN.ht (aka Wicked Technology Limited). In a nutshell, the movie industry VS VPNs. Nothing new there.

But Millennium had a new strategy… they were going after unencrypted traffic. The VPNs had no excuse about the inability to monitor what passed through their own servers in the clear. They couldn’t hide behind a shield of ignorance, and that was going to cost them.

Wicked did their best to stall. They were on the receiving end of a legal hammering, and they needed to buy time in order to regroup. So they claimed that the U.S. had no jurisdiction because the business owner was Algerian. That failed because in months prior, they advertised to every state in the U.S. and ran several U.S. servers, which clearly made the piracy enforcement aspects an American issue.

They tried a few more legaal tricks, but quickly ran out of options. They took stock of their situation and realized that they were going to lose. They had no way to defend the actual charges levied against them. Normally they could just ignore the entire process and focus on other areas of their business, but in this case the court froze their PayPal accounts. So they needed to find an ‘out’ that would please the judge and get their payment processor back on board.

The evidence was presented, and it was damning. The plaintiff shared ads that included pro-piracy messages and encouraged people to download whatever they liked on the defendant’s network. In short: They left a trail of evidence that included intent and motive.

As mentioned earlier, they also left a literal instruction manual. Users were told how to set up their BitTorrent clients to use their SOCKS5 proxies for high speed Torrenting. What most users failed to realize was that their SOCKS5 servers were not encrypted. This meant that the movie studios were free to snoop on users while they were pirating movies, music, and apps. There wasn’t a hint of privacy involved.

Wicked soon realized that the flood of unencrypted traffic data and their own commercials were the final nails in the coffin. As Q3 of 2021 rolled around, they informed the court that they were settling with the other party. That settlement happened in early October. The judge handed down a court injunction that agreed to unfreeze the VPN’s Paypal and other assets, in exchange for providing all user information that they had on the pirates, and of course shutting down all BitTorrent traffic through their unencrypted servers.

How much user data ended up in the hands of movie studios? Well, part of the court order read:

‘Logs for US Servers: Within 30 days of entry of this order, the Wicked Entities are hereby ORDERED to store log records of the Internet Protocol (“IP”) addresses tied to servers in the United States under their control that subscribers of Wicked’s VPN use and to retain said log records for at least 12 months on a rolling basis. Said log records shall include the identification information of the subscriber as stored in the records for the Wicked Entities.’

Wicked turned around and claimed there were no logs to hand over. In a statement to their customers, they said that even if there were logs, they wouldn’t ever hand them over. Of course we have only their word to rely on. VPN companies have, in the past, claimed ‘no logs’ when they were logging and faked audits. So who knows.

Wicked shut down all of their US servers, in order to avoid further prosecution. They told their U.S. customers to use their gateways in countries like Canada and Mexico instead. Their users were thrilled by that news, of course.

One incident is a fluke. But when the second one rolls around, you have to wonder if it’s part of a trend.

Lawsuit And BitTorrent VPN Ban #2 – TorGuard

Millennium Funding Inc was at it again. This time, they had their sights set on TorGuard. It was another easy target, and another precedent that they could use when going after the big companies down the road.

TorGuard was another company who encouraged their customers to use their unencrypted SOCKS5 to pirate things. But this time, the evidence didn’t stop with commercials and instructions for setup.

The lawyers trucked in a mountain of data. This is just some of what got included in the settlement documents: Proxy configuration information, tutorials, the fact that TorGuard could easily have monitored and blocked the pirates using their network, and more.

Whoever the plaintiffs hired to gather evidence, they did a good job. On a single SOCKS5 server, they recorded over 98,500 incidents of piracy. TorGuard had no real defense against this, nor did they deny the events.

They did have an excuse, however. It turns out that their ISP, Quadranet, didn’t properly process and pass on the copyright claims as they were being made. They even offered TorGuard a discount if they would keep using them, after such a monumental screw up.

Just in case you’re keeping score:

• The VPN screwed up with their advertising and not properly warning their clients about the lack of encryption on SOCKS.
• The ISP failed to pass on over 100,000 DMCA notices to the right people at the VPN.
• That meant nobody null routed the users doing all the piracy.
• So TorGuard was going to lose this one badly if they didn’t settle.

Clearly it was in TorGuard’s best interest to make this go away by any means necessary. So they settled, rolling over to the Millennium legal team.And of course they blocked all BitTorrent traffic as per the injunction instructions.

Millennium Funding just won two cases on the trot. How? They found the weakness of VPN piracy: If the users wanted it to be fast, they couldn’t use the normaal encrypted tunnel. So they used unencrypted SOCKS5 servers, which left a massive ‘papertrail’. No VPN would have a valid excuse for allowing this, as it could be easily monitored.

Normally, encryption let the VPNs get away with murder because they had plausible deniability. But their unrealistic claims of privacy, combined with the suggestion that their services could be used for piracy, combined with hundreds of thousands of users flooding into their unencrypted servers and leaving a mess… that’s a recipe for disaster.

But not for Millennium Funding, of course. They have a bunch of similar lawsuits in the works, and the VPN industry is going to suffer.

This just proves that you can’tblindly trust every VPN claim and ad. They were originally designed for secure network logins to a business network, not as a privacy tool.

Simply put, even the encrypted offerings can’t stop browser and device fingerprinting. It’s the biggest privacy threat of the 2020s, and they do nothing to stop it. Look into a real privacy app that will provide a layer of abstraction between you and the rest of the world. Start with Hoody, then do your homework.