Hi, I’d like to set the sails due to being frustrated with streaming services, but I have some questions beforehand. I hope, you can help me with that, since lurking and reading the Megathread/Wiki didn’t really answer my questions. Thanks for your help.
-
Is just using a fitting VPN (I’ve read about Mullvad and ProtonVPN in this community) safe enough to not get caught? I’m located in germany, so sharing even as much as a few kB of pirated content can cost me thousands of euros. I want to be really sure, that I won’t get letters from some lawyer soon. All, that I’ve read so far is basically: Setup VPN and your Torrent software, including kill switch and maybe get into private trackers. Thats it. Is this really enough? Can I do more to be safe? What exactly is the risk with public trackers (as they are often mentioned as the “low hanging fruit” for copyright lawyers)?
-
I’ve read the post The complete guide to building your personal self hosted server for streaming and ad-blocking, which mentions many tools to setup. I’m sure these help me find and view content. But are there good resources explaining the functionalities of this software? I’m familiar with Docker and I know about Jellyfin, but it is really unclear to me, what exactly all the other tools do.
Big thanks from a long time lurker!
I’m having doubts about the VPN provider not logging. To trust them is a decision to be made. For simple things (like masking my internet usage when in a public wifi) I use my own OpenVPN server on my VPS. Though I cannot use this for piracy, since I’m the only user and it is directly liked to my name and address (through my VPS hoster).
About DNS: When I setup the VPN, the DNS queries should also go through there, right? Should I additionally look into DNS Sec? For my complete home network I already ditched the ISPs DNS server (currently using cloudflares 1.1.1.1). I probably would setup a VM in my NUC, that I got recently, for the services.
Thanks for your advice. I’m thinking about this for quite a while now. When I start sailing, I want to be prepared. Currently I’m collecting all the information. Then I will decide, if I want to try it.
VPNs usually route your DNS through them as well, sometimes to other DNS servers but sometimes they just send them to your original DNS server but through the VPN, kinda up to your VPN config - all of the vpn services I’ve used to date did this, although they were all reputable ones. I’d not recommend to use a questionable VPN though.
Dnssec only verifies authenticity of the server and the integrity of the data, so it helps to prevent man-in-the-middle of DNS, it doesn’t provide privacy. Look into DNS over Https (DoH) instead. It provides e2e encryption for your DNS traffic which achieves what dnssec does, but also gives you privacy. DNS over TLS (DoT) also does this, but it runs on a different port so it’s easier to block (e.g. if your isp decided they don’t like private DNS), while with DoH your DNS traffic looks the same as other web traffic - and afaik it can’t be blocked. As above, it’s likely this is not needed for use with a VPN, but I’d recommend looking into in general for use even when not on the VPN. Things like controld or nextdns can give you even more peace of mind (although read up on their policies for yourself)
Pihole also can be your sole DNS provider and then you can pick your upstream server.
Thats what I have in my home network. Upstream is currently cloudflares 1.1.1.1
Unless you configure pihole to connect to CF via DoH, the above is still entirely true. Pihole is not a privacy tool, it’s a filtering tool.
I used to have this setup too until I realised spending a single hour per year on pihole “costs” me more than paying for a good DNS resolver which can also do the blocking, and I can easily use on my phone as well when I’m away. I’m very happy to have switched, personally.
Definitely true, but I think the problem is there’s no DNS out there that blocks everything you want. I’ve never found a DNS resolver that blocks my TV’s telemetry domains, for instance. A pi-hole on a RPi runs super cheap so the quick initial setup adding blocklists is super worth it for me at least.
The above is still true for the upstream regardless, pihole provides filtering - it doesn’t replace the privacy provided by using a trusted upstream server and you should still configure pihole to use DoH to the upstream.