PeerBlock is a firewall application that uses Internet Protocol (IP) blacklists to prevent certain IP addresses from connecting to your computer. One of the potential uses of PeerBlock is by torrenters to avoid detection from torrent monitoring agencies. This is done by denying access to your computer from agency IP addresses thus preventing them from knowing you are part of a torrent swarm.
Generally, the idea of IP blacklists is flawed. Specifically, the idea that dedicated torrent monitoring companies are unable to easily subvert something as fragile as an IP blacklist seems like wishful thinking.
Black and whitelisting
While the concepts of blacklisting and whitelisting as they pertain to computer security may seem similar, they are very different. Whitelisting allows only the IP addresses you have explicitly listed to connect to your computer. Blacklisting allows every IP address except the ones you have explicitly listed to connect. Both concepts have their place, but blacklisting is much less reliable.
The reason the concept of IP blacklists is flawed is because of the dynamic nature of IP addresses. Every device on the internet has an IP address, but it can’t reliably identify a single person or computer because IP addresses are constantly reassigned by their owners. Therefore, the notion that a single IP identifies a company that you want to block doesn’t really follow.
Further, in the case of torrent monitoring, the companies involved in this have a vested interest in avoiding your blacklist, so they employ a wide range of tools to avoid detection.
Reliability of IP lists
The specific implementation of PeerBlock’s blacklist is the use of lists from IBlocklist.com. There are a number of IP lists broken down into categories like agencies and countries.
As a quick test to the integrity of some of the lists, I audited the Russia and Nigeria IP lists. I found five IPs in the Nigeria file that were identified as belonging to other countries by the GeoLite database from MaxMind, and over 100 in the Russian file that were reported as belonging to other countries.
This is a fairly typical example of how transient IP addresses can be. It’s not easy to say which location is correct for any of those IPs, but the inconsistency highlights how little faith should be attributed to an IP address accurately representing any meaningful information about the machine on the other end.
Exposing your real IP address
Now that we’ve determined that there are IPs in blacklists that should not be there, it’s not too big a leap to assume the opposite is also true: there are IPs that should be in these block lists that are not. That means they won’t be blocked by PeerBlock and thus the owners of those IPs will be able to connect you computer. They can then participate in the same torrent swarms that you are participating in and will be able to see your IP address.
The above screenshot of the BitTorrent client for MacOS shows how readily available the IP addresses of other participants in a swarm are. The bottom frame of the main window contains the reverse DNS of everyone seeding the torrent being downloaded.
A quick right-click resolves those DNS entries and exposes the IP address. That’s one short step away from running an IP Whois to determine what ISP owns that IP address which, in turn, can identify you personally.
It’s also worth noting that every blocked IP slows down your torrent speed. Some claim the IBlocklist lists used by PeerBlock contain far too many IPs, which seems plausible given the results of the quick GeoIP test. It also appears that a subscription is required to keep IBlocklist lists up to date, although I was able to initially add lists to PeerBlock without a problem. To update the lists without purchasing them, Peerblock must be completely uninstalled and reinstalled.
A VPN is a better solution
A VPN is a better solution than PeerBlock because a VPN hides your real IP address. This negates the need for an application like PeerBlock because you’re not exposing your real IP address to begin with. If a monitoring agency successfully evades a blacklist and sees your IP address, then they will only see the VPN’s IP address. As well, some VPNs come with a “kill switch” that block all Internet traffic unless the VPN is established. If your VPN drops unexpectedly, a kill switch ensures your IP address won’t be accidentally exposed in the swarm.
All VPNs are not created equal. The important features for VPNs that you intend to use for torrenting are speed, shared IP addresses, and a kill switch.
The need for speed is self-explanatory. Every layer added to your network connection adds some latency. There’s simply no way around that, but a fast VPN provider can minimize the effect.
A portion of VPN anonymity relies on how it handles IP address assignment. VPNs that use shared IP addresses are better for torrenting because many people are using that IP at the same time. It’s therefore more difficult to trace the IP address seen in the swarm back to you for that purpose at that time.
The kill switch is a another very important feature. VPNs can be fickle and unexpectedly drop connections. Most VPN clients will reconnect when that happens, but for that brief period of time while it is reconnecting, your real IP address can be exposed to the swarm. A kill switch feature prevents that from happening because it blocks internet activity until the VPN connection is reestablished.
Check out our article on the best VPNs for Torrenting for more information about which VPNs are the most suitable.
Confirm your VPN is working
Once you’ve setup your VPN, you may wish to ensure it is working as you expect. There are various IP checker websites out there that will allow you to verify your IP address. Visiting a site such as What is my IP with your VPN running will verify what IP address others see.
To see how your IP address is being shown specifically in a BitTorrent client, you can use a BitTorrent tracker site such as IPMagnet. It provides a magnet link to add to your BitTorrent client. Once you do that, the site will show you what IP you’re advertising to the swarm.