I wrote this post for a friend, I’m sharing it here for anybody it might help. I got asked multiple times how I download cracked music software so I figured it’d be easier to write it down once. It’s meant for people with very low technical skills who just want to start torrenting software without major risks, and it includes a bunch of safety tips that are already known in this community.

If you have feedback, let me know and I’ll update the post.

  • itsnotlupus@lemmy.world
    link
    fedilink
    English
    arrow-up
    43
    ·
    edit-2
    1 year ago

    Running strange software grabbed from unknown sources will never not be a risky proposition.

    Uploading the .exe you just grabbed to virustotal and getting the all clear can indicate two very different things: It’s either actually safe, or it hasn’t yet been detected as malware.

    You should expect that malware writers had already uploaded some variant of their work to virustotal before seeding it to ensure maximum impact.
    Getting happy results from virustotal could simply mean the malware author simply tweaked their work until they saw those same results.

    Notice I said “yet” above. Malware tends to eventually get flagged as such, even when it has a headstart of not being recognized correctly.
    You can use that to somewhat lower the odds of getting infected, by waiting. Don’t grab the latest crack that just dropped for the hottest game or whatever.
    Wait a few weeks. Let other people get infected first and have antiviruses DBs recognize a new malware. Then maybe give it a shot.

    And of course, the notion that keygens will often be flagged as “bad” software by unhelpful antivirus just further muddies the waters since it teaches you to ignore or altogether disable your antivirus in one of the most risky situation you’ll put yourself into.

    Let’s be clear: There’s nothing safe about any of this, and if you do this on a computer that has access to anything you wouldn’t want to lose, you are living dangerously indeed.

    • XpeeN@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 year ago

      Running sandboxed via sandboxie or similar product is always a good idea imo.

    • andscape@feddit.itOP
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      1 year ago

      You’re right of course, but it’s hard to communicate this level of nuance in a post targeted at newbies. If you don’t disable your antivirus, 9/10 times it will quarantine the KeyGen automatically, and you don’t get anywhere.

      I’ve added a warning about the risk of infection. Do you have any recommendations on how to tackle this in a way that’s appropriate for non-nerds?

      • itsnotlupus@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        I honestly don’t know. The only advice I’d have for the layman would be “just don’t do this”, but I understand that’s little more than an invitation to be ignored.

        • andscape@feddit.itOP
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Yup, exactly. We can’t gatekeep this too much, even if it’s warranted, otherwise people will just give up and never actually spend time to learn about this.

    • Sagrotan@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      2
      ·
      1 year ago

      What’s life about without a little risk here and there? And the really important stuff should be mirrored somewhere anyways, so: go for it! No fear!

    • Dohnakun@lemmy.fmhy.mlB
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      Running strange software grabbed from unknown sources will never not be a risky proposition.

      I have a jail for wine on my Linux desktop.

      There you go, it’s save.

  • lobelia581@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    35
    ·
    1 year ago

    nice guide! i’d mention that it’s good courtesy for your seed to leech ratio to be >=1 so you’re giving back what you took. given that you’re able to seed safely of course

      • andscape@feddit.itOP
        link
        fedilink
        English
        arrow-up
        11
        ·
        1 year ago

        Thanks for the tip about the archived Reddit link, I’ve updated it!

        For the seed to leech ratio you’re right, but I feel like it might be a bit much to throw at somebody who’s just figuring all this stuff out. It’s not a guide on how to seed safely, I don’t want to encourage people to put themselves at risk who don’t yet have the skills to protect themselves.

        • lobelia581@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          fair enough, and you do already mention the importance of seeding in one of the last paragraphs. maybe you could add a sentence like “If you decide to seed, ideally the amount you upload should be equal to or greater than the amount you have downloaded to help keep the torrent alive.”

  • Deletecat@lemmy.fmhy.ml
    link
    fedilink
    English
    arrow-up
    27
    ·
    edit-2
    1 year ago

    After a quick glance over your post, I have some thoughts;

    Free: ProtonVPN

    ProtonVPN is good for torrenting on the paid plan, not the free plan. Proton doesn’t allow torrenting on their free plan. They will block your connection if they detect that you are torrenting, or they will disconnect you from their VPN tunnel - exposing your real IP on the torrent.

    Paid: Mullvad

    Mullvad is a decent choice, though they no longer support port forwarding. You are still able to download, though you won’t be able to seed iirc

    VirusTotal

    The problem with a virustotal scan is that pirated software is often false flagged for malware. It’s difficult to tell what is safe from what you’ve downloaded. It’s best to download from a trusted uploader, though that doesn’t always guarantee safety as they can always go rogue (As an example, FTUApps were seen as safe until one of their uploads to 1337x contained malware).

    Older uploads tend to have less false positives in my experience, though it can be very easy to become complacent.

    edit; score out comment about mullvad seeding, others have pointed out that it still works fine! oops

    • eoddc5@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      1 year ago

      Would you like to offer alternative suggestions to the vpn selection?

      FWIW: I have a paid torguard and poaching my works license for NordLayer.

      Both have their pros and cons. They’re generally good with anonymity and security and speeds.

      • Deletecat@lemmy.fmhy.ml
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        I don’t know of any free vpns for torrenting, though I believe ProtonVPN (paid), Windscribe (paid) and AirVPN (paid) offer port forwarding at the moment. PIA can be used to port forward, though they are owned by kape which is kinda sketchy to me.

        You can use windscribe free for torrenting, but you will quickly hit the data cap they have in place

      • gaylord_fartmaster@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        2
        ·
        edit-2
        1 year ago

        I can confirm PIA fully works as long as you’re connected to one of the endpoints that supports port forwarding, and it works over wireguard which I prefer. My torrent client runs in a docker container that runs all traffic through it.

        Whether or not you trust their claim of not saving any logs (especially after getting bought out a few years ago) is up to you, but there hasn’t been any evidence to suggest they are, and they’ve had reputable audits to suggest they don’t.

        • ninjakitty7@kbin.social
          link
          fedilink
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          Does PIA have a free plan that works? Since the only free option was immediately debunked in these comments.

            • andscape@feddit.itOP
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              I already have a paid one, but I wrote this for people who don’t care enough to pay for one. Basically the alternative is either a free one or none. If I’m talking to a friend I’d rather they use a shady free VPN than none at all.

              • gaylord_fartmaster@lemmy.world
                link
                fedilink
                arrow-up
                2
                ·
                1 year ago

                I mean fair enough, it’s better to expose your IP to one VPN provider than to blast it to thousands of peers, but the trade-off of recommending free VPNs to people who aren’t tech savvy (especially when it sounds like there aren’t any legit ones that support torrent traffic), is you’re inviting them to find a shady one somewhere thinking they’re being safer and risking getting MITMed or their login tokens stolen in transit trying to browse the internet while they’re downloading something.

                I would just consider paying a few bucks for a VPN to be a hard constraint of using torrents even somewhat safely.

                • andscape@feddit.itOP
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  1 year ago

                  You’re right, I guess, but if we only recommend paid ones people will just google for free ones and use whichever shady provider is at the top of the google results. People are really averse to subscriptions.

                  I’ve added a warning about free VPNs and switched to recommending Windscribe, which still has a decent reputation.

                • andscape@feddit.itOP
                  link
                  fedilink
                  arrow-up
                  3
                  ·
                  1 year ago

                  Yeah I’ve updated the post to have Windscribe as the recommended free one, with a warning about free VPNs

          • ADHDefy@kbin.social
            link
            fedilink
            arrow-up
            4
            ·
            1 year ago

            There is no good free VPN. Proton is the only one with a free tier I’d trust, but again, it won’t help with stuff like this. VPNs are expensive operations to run. If it’s free to use, there’s basically no chance that they aren’t monetizing it in a shady way.

            Mullvad is $5/month, you don’t have to subscribe (you can buy a single month), and they accept multiple private payment options. I would highly recommend shelling out the $5 to protect yourself over risking it with a free VPN.

          • JamesBean@kbin.social
            link
            fedilink
            arrow-up
            2
            arrow-down
            1
            ·
            edit-2
            1 year ago

            I mean, PIA is like 40 bucks for an entire year. You’re not gonna find any prominent streaming service, pro-grade subscription software, or pro-grade software license that’s as cheap as that.

            If the goal is to access all desired software and media safely while paying as little as possible, it’s a great choice.

            • abrasiveteapot@sh.itjust.works
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              Windscribe at $3 per month is slightly cheaper and less dodgy than PIA. I left PIA for Mullvad when Kape bought them. They’re very questionable based on my (then) research.

    • andscape@feddit.itOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Thanks for the report about ProtonVPN, I haven’t used it in a bit so I didn’t know. Do you know a better free VPN which does allow torrenting? I know a paid one would always be better, but this is for people who are just not willing to spend money. A shady free VPN is better than none.

      For VirusTotal I know about the false positives, that’s also why I included the reddit post on how to interpret the results. I still find a scan to be good practice to weed out the more obvious malware.

      • Phrax@reddthat.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        1 year ago

        In that case, direct downloads (in conjunction with ProtonVPN free) would be a superior method. The article makes piracy sound synonymous with and exclusive to torrenting, but DDL and Usenet also exist. Many of the megathread categories have DDL links right at the top.

        Cs.rin.ru is mainly gaming focused but has an FAQ that covers general DDL concepts like source trustworthiness/scene names and workarounds for filehoster limits. You could probably paraphase/quote or screenshot with credit (ironically) to save a login. The same people not wanting to sign up for a VPN might also look askance at a .ru domain.

        • andscape@feddit.itOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          The article makes piracy sound synonymous with and exclusive to torrenting

          It was only meant to be a guide about torrenting pirated software specifically, not pirating software in general. I also started by linking to the megathread to link people to other resources.

          I don’t really want to add a whole other section about DDL just because I feel I couldn’t do it justice, and people have probably already done a better job at that.

      • Deletecat@lemmy.fmhy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        Do you know a better free VPN which does allow torrenting?

        I don’t, sorry. There are free VPNs which have been recommended in the fmhy wiki, though I don’t know if they support torrenting and/or port forwarding.

        Edit; just remembered about windscribe, you can torrent on the free plan, but data is very limited so might not be a good option either

    • MetaCubed@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      edit-2
      1 year ago

      I can confirm that Mullvad tunnelled seeding still works even with the port forwarding changes

      • Deletecat@lemmy.fmhy.ml
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Just a quick question, have you port forwarded in Mullvad in the past?

        They stopped people from opening new ports last month, September is when they will get rid of the remaining ports. If you aren’t port forwarding, I will edit my initial comment!

        • MetaCubed@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          edit-2
          1 year ago

          No port forwarding ever set up on my system! It’s bound to my interface and lockdown mode is enabled, all leeching and seeding is tunnelled fully.

          Edit: as far as I’m aware, not being able to port forward only limits who you can seed to. Meaning you can only seed to those who do have port forwarding.

      • Jagget@programming.dev
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Could you please elaborate. What does it mean? Do still able to seed with Mullvad and default settings?

        • MetaCubed@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          You can still seed without port forwarding, not being able to port forward only affects how many clients can seed from you. Not being able to port forward causes it to be limited to only other people who are able to port forward.

      • Deletecat@lemmy.fmhy.ml
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        I’ve scored out that part of the comment now.

        I was under the impression that you couldn’t seed without port forwarding, guess I was wrong :p

        • S0berage@mstdn.ca
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          @Deletecat it’s not necessary on a VPN level when your router has port forwarding configured properly. App tunnel splitting can be used to dox your IP but allows the DHT table and trackers to “find” you, then just disable it to hide your IP. Simple, but not recommended.

      • Deletecat@lemmy.fmhy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        No such thing as a stupid question :p

        Yes, you can self-host a VPN! Though there are a few things to keep in mind if you are going to torrent using one:

        • A self-hosted VPN on your own network isn’t good for torrenting. Your own IP is still shown to other peers on the torrent, you might as well torrent without the VPN.
        • Depending on your server host, you may not be allowed to torrent on their network.
        • If you are allowed to torrent, you will have to watch your bandwidth limit*. I have a cheap VPS - for other things unrelated to VPNs/torrenting - and the limit is 20TB of traffic
        • Many hosts will respond to DMCA/Abuse complaints - very few are relaxed and ignore DMCA complaints, others may shut off your access to their services after a single complaint

        *some hosts do not have a limit though cheap servers usually do.

        From what I can tell, most server hosts don’t care about what you are doing with your server, unless your server is gathering abuse reports or using an excessive amount of resources constantly. I would go for a subscription to a VPN instead of self-hosting but that’s just me.

    • andscape@feddit.itOP
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      It’s there… Step 4 of the section “Download A Torrent Client”. I didn’t call it “binding an interface” because the intended target of this post would have no idea what that means.

      • /home/pineapplelover@lemm.ee
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Ah ok. Yeah I thought that was just a section for installing it but with no configurations. Seems like a good article for newbies then.

    • m0nka@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      sorry, to hear that happened to you! I have paid VPN and use it to isolate devices on my network that i don’t trust (not torrenting).

      I would never trust 100% a vpn running on the same machine as the app that needs the connection.

      Probably super paranoid, but always use one of those VPN boxes with separate ethernet sockets - for input and out connection. Quite cheap on Amazon. I assume they run Linux and when they loose the VPN just crap out instead of exposing my home network.

  • gaylord_fartmaster@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    ·
    1 year ago

    I’d say blocking traffic to/from pirated software via a firewall is less something you should try if it isn’t working and more something you should be doing everytime no matter what. That traffic is going to at best the vendor you ripped off, and at worst somewhere malicious.

    If you’re already pirating software then there is probably some kind of firewall solution you could also pirate to make it easier, so I don’t think there’s really much of an argument against it.

    • andscape@feddit.itOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I mean you’re right, but it’s already probably too technical for the kind of target I’m aiming at with this post. I wrote this for a friend who didn’t know what a torrent is but wanted to get cracked FL Studio. I cannot expect them to dive into firewall rules.

    • Trainguyrom@reddthat.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      If you’re already pirating software then there is probably some kind of firewall solution you could also pirate to make it easier, so I don’t think there’s really much of an argument against it.

      Something really funny happens when it comes to software for system administration, programming and Cybersecurity where the second best solutions are actually free (and almost always open source) ones, and the only things better than those free ones involve enterprise support contracts that cost more than your house every month and dedicated support people for every contract. And it’s often arguable how much better those enterprise solutions are than the free and open source ones you can grab off of GitHub

      In the case of firewalls specifically, windows firewall is actually more robust than whatever you might install onto windows, and the better thing to do would be to run Linux and use UFW or IPtables. Bonus points if you further sandbox the app via containerization. Or if you don’t need granular application-level filtering a dedicated firewall/router like OPNsense/PFsense tends to be more than good enough for many small businesses

      • Dohnakun@lemmy.fmhy.mlB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        windows firewall is actually more robust than whatever you might install onto windows

        Except against MS Software, those still leak through, even though you blocked them.

        Btw, Glasswire and Simplewall use Windows’ Firewall, as far as i know.

      • gaylord_fartmaster@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Oh, I 100% agree with all of those suggestions and use each myself these days, but a cracked copy of Netlimiter was a godsend back in the day, and I’d still recommend it over expecting the average Windows user to be vigilant about creating firewall rules everytime they download something new.

    • DarkTides@lemmy.fmhy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I dedicated an old laptop running Linux to pirating material. Can get all the programs I need right from the included software app that is in a lot of distros to get Qbittorent and Jdownloader. Linux is awesome.

  • LuckyLu@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    You might want to explain what an OS is, since many people have no idea. I explain it like this:

    “Hardware is the machine you use, like a phone or computer. Apps and games are software that run on that hardware and let you do stuff. But in order for your software to run smoothly on your hardware, another collection of software is needed to allow them to interact. Collectively this bundle of code can be called an OS or Operating System. The most common one on computers is Windows, followed by macOS, ChromeOS and Linux. Your phone runs iOS or Android (usually).

    Some torrents are available for Mac, most are meant for Windows since it’s more popular and has fewer restrictions on what can be installed by users. In any case, you should always check that the app you’re downloading is going to work with your operating system.”

    • andscape@feddit.itOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Yeah I was also thinking that using “OS” might not be obvious, but I also don’t want to explain too much. Like, I don’t want the reader to feel treated like a child. I expect someone who’s trying to pirate software to at least know that they’re running Windows.

      I added (Mac / Windows / Linux) as examples there, hopefully it’s enough…

  • argv_minus_one@beehaw.org
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Page does not work with JavaScript disabled. Pretty funny, for an article about how to keep your computer secure. One of the rules of keeping your computer secure is to disable JavaScript!

    • andscape@feddit.itOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Well it has embedded GIFs and videos, it’s not gonna work without JS…

      On a side note, people are way too paranoid about JavaScript for privacy. Browsers are much better at sandboxing and restricting webpages than they used to be. Sure, I guess only viewing static pages like it’s 1995 is better for privacy, but it’s a bit unreasonable of a tradeoff to make.