Biggest Mistake People Make Using a VPN For Torrenting?

Torrent download progress bar

Torrenting is considered illegal if copyrighted materials are downloaded without the copyright owners permission. So many people look at using a VPN to hide their tracks when they are torrenting, to make it more difficult to trace them and their activities.

Biggest mistake people make using a VPN for torrenting? A VPN may not be able to hide a users identity or their activity when torrenting across a VPN connection if the VPN does not have built-in protection against DNS leaks, WebRTC leaks and a kill switch to stop all internet activity if the VPN connection fails.

Many VPNs can fail miserably at protecting their customers identities by not providing them the level of anonymous protection they have paid for. I take a look at what VPNs can end up doing to jeopardise their customers identities as well as what options are available to make identity protection better.

Real identities can leak using a VPN

Some VPNs can leak their users real IP addresses (used to trace their identity) making it really easy for their real IP addresses to be seen not just on the torrenting sites but be also seen by their Internet Service Provider.

This allows their Internet Service Provider (ISP) to keep a log of when they visited the torrenting website and when their ISP is asked for this information through a court order, the ISP will be obliged legally to provide a detailed analysis of their customers activity including torrenting.

Savvy VPN users look for VPNs with leak protections built in (latest list of VPNs with leak protection here), stopping any information about their IP address from leaking out. 

Common types of information leaks include DNS leaks and WebRTC leaks.

DNS leaks

DNS leaks allow the tracking of the communication made to the torrenting sites by giving away the real IP address used to connect to the torrenting site. To avoid this, it’s important to make sure all communications made to the torrenting sites is done using the VPN and it’s services only.

One of these important services is the DNS (Domain Naming Service), which translates the torrent site names into IP addresses, allowing the torrent client installed on the user’s device to use the IP address to find out the location of the torrent site.

Remembering the torrent site IP address is difficult as it’s just a series of numbers but remembering the name of the torrent site is a lot easier and it’s DNS which provides the mechanism to translate the torrent site names into their corresponding IP addresses using its database of mappings of names to IP addresses.

VPNs with poor DNS leak protection will cause any requests for the IP address for a torrent site name to use the DNS service provided by the ISP and not the VPN. This means the ISP will know which torrent sites are being visited and these will be logged by the ISP along with the corresponding dates and times of when these torrenting sites were visited.

This information logged by the ISP can easily be obtained by the copyright holder’s legal representatives to prove who was actually illegally downloading their copyrighted material.

As they can request the ISP for information on who was using the IP address for downloading their copyrighted material at a particular time and date. They will need some form of legal right to get this information from the ISP and this is generally a court order.

The ISP will have no other option than to comply with the court order and as it keeps detailed logs of all the connections made by their customers (they keep these for several months; some keep them for several years), they will provide the details of their customers who have been using the IP address.

It’s important to remember that IP addresses are leased out to the customers, that is each customer doesn’t get their own IP address (unless they pay extra), the IP address assigned to a customer by the ISP a couple of months ago might not be the same IP address the customer is currently using.

This doesn’t mean the ISP has no way of knowing what the customer was doing, the ISP keeps detailed logs of what IP address was assigned to the customer and what the IP address was being used for.

WebRTC leaks

Another way IP addresses can be leaked is through a WebRTC leak and if a web based torrent is being used, WebRTC can be a problem. As the web browsers like Chrome and Mozilla Firefox can pass the users IP address to the torrenting site and allow the ISP to log these connections.

By using an appropriate VPN, the WebRTC communications made by the web torrent client can be re-routed through the VPN. This will stop any logging of the connections made by the ISP and the torrenting website may only see the IP address of the VPN and not of the user.

VPNs without decent WebRTC leak protection where all WebRTC communications only go through the VPN connection, will expose the real IP address of the user as they will be unable to stop the WebRTC communications from the web torrent from  going directly to the torrent site by bypassing the VPN secure communication channels.

VPN failure

Even with a good VPN the connection can sometimes fail, stopping the VPNs protection working. The connection itself is still maintained to the torrenting site but instead of going through the VPN, the connection ends up going through the ISP without being hidden.

The ISP will now be able to see where their customer is connecting to and this information will be logged by the ISP. Which means the ISP will have to give away their customers details should a court order requesting to do so is presented to them.

By using a VPN with a Kill Switch, if the VPN connection fails, the Kill Switch will switch of all internet connectivity until the VPN connection is restored. Thereby stopping any torrenting communications to be made in the open across the customers ISP.

As files from many torrents can take a long time to download, people tend to leave their torrent clients on overnight to do the downloading. This leaves a wide window of opportunity for the VPN connection to fail and if there’s no kill switch, the torrent connection will carry on regardless of the VPN connection working or not.  

Torrents may be contaminated with Malware

Certain malicious types like hackers will use P2P networks and torrent websites to spread malicious malware files like viruses and spyware. It makes a lot of sense to have some form of malware protection installed as with an anti-malware program enabled, any torrenting done is protected against these malicious threats.

Some VPNs include malware checks as part of their service, where they check all the data travelling across their connections for malware. Even so, it would still make a lot of sense to also have your own malware protection software on your device.

Watch out for free VPNs as these can have malicious files installed as part of their installation, including spyware to steal your credit card and banking information.

I use the MalwareBytes program to provide protection against malware.

VPNs can log torrenting activity

VPNs can keep logs even though they may publicly say they don’t keep logs and when pressed to divulge their customers details for torrenting activity, they may give this up to the legal representatives of the copyright holder.

There have been a few cases of VPNs giving up details of their customers under legal orders and whilst the example highlighted haven’t specifically involved torrenting. It’s important to note, torrenting may not be big news ticket items so may remain outside the media reporting.

VPNs may be forced to share torrenting habits

Depending on where the VPN is located can make it either easier to get information about their customers or make it more difficult to do so. Especially if the VPN is located in a country that belongs to the 5 Eyes, 9 Eyes, or 14 Eyes agreements. The VPN may share their customers information if the governments of these countries asks them to.

The agreements between the countries are designed as a legal framework for members to capture communications as part of their counterintelligence operations, intelligence gathering, and law enforcement activities.

The countries involved in the 5 eyes agreement are:

  • Australia
  • Canada
  • New Zealand
  • United Kingdom
  • United States of America.

The countries involved in the 9 Eyes agreement are the 5 Eyes countries along with:

  • Denmark
  • France
  • Netherlands
  • Norway

The countries involved in the 14 Eyes agreement are the 5 Eyes countries along with:

  • Belgium
  • Denmark
  • France
  • Germany
  • Italy
  • Netherlands
  • Norway
  • Spain
  • Sweden

VPNs can sell user data and habits for money

It’s important to know free VPN services and other less-reputable VPN providers can make money selling their customers sensitive personal data to third parties. This can include the habits of their customers like torrenting along with details of what torrenting sites they are visiting.

This information could potentially be used to find out the identities of their customers using legal recourse such as court orders.


VPNs can provide protection to those who use torrenting websites but only as long as those VPNs don’t leak their identities or keep logs of their customers activities.

Some VPNs can also be in countries where they are more inclined to give up information as part of the countries legal frameworks, whilst other VPNs are in countries where these legal frameworks don’t apply, so they are less likely to divulge their customers habits.

Recent Posts