321 Views

In what is possibly the most brainless trend in the VPN industry yet, some providers are encouraging people to use unencrypted network proxies to Torrent all manner of copyrighted material. They actually go out of their way to provide instructions on how to do so, and advertise that their services are perfect for piracy.

Now two VPNs have been sued and forced to block all BitTorrent traffic while compromising the privacy, security, and financial integrity of their customers.

How did all this come about? Read on, my friends.

The First Lawsuit And BitTorrent VPN Ban

We start this tale back in October of 2021. A lawsuit had been raging between VPN.ht (aka Wicked Technology Limited) and Millennium Funding Inc (aka Millennium Media / Voltage Pictures among other members of the movie industry). Several stall tactics were used by Wicked to try to stop the legal drubbing that they were on the receiving end of. This included claiming that they didn’t have to follow U.S. law because the owner was Algerian… even though they advertised to every state in the U.S. and ran several U.S. servers.

Once the company ran out of ways to delay the inevitable, they needed to try to defend the actual charges brought against them. They couldn’t ignore the entire process, since the court had frozen their PayPal accounts. So they stepped into court and did their best to defend their practices.

Their best, as it turned out, wasn’t very good at all. Their ads had included pro-piracy messages that encouraged people to download whatever they liked on their network. Of course there are some things that should just be implied instead of said out loud, unless you want to leave a nice evidence trail.

They also gave complete instructions for how BitTorrent users could set up their systems to use their SOCKS5 proxies for fast Torrenting. Which is lovely until you realize that their SOCKS5 servers aren’t encrypted! So they were actually encouraging their users to get snooped on and caught while pirating music, movies, and software, without a lick of privacy or a hope of defending themselves if the plaintiffs decided to go after them next. Nice job.

Wicked soon realized just how screwed they were. By Q3 of 2021 they told the court that they were in negotiations for a full settlement. The settlement came about in early October, and was accompanied by a court injunction that would unfreeze the VPN’s assets in exchange for shutting down all BitTorrent traffic through their site.

Then there was the ‘no logs’ claim. Part of the court order stated:

Logs for US Servers: Within 30 days of entry of this order, the Wicked Entities are hereby ORDERED to store log records of the Internet Protocol (“IP”) addresses tied to servers in the United States under their control that subscribers of Wicked’s VPN use and to retain said log records for at least 12 months on a rolling basis. Said log records shall include the identification information of the subscriber as stored in the records for the Wicked Entities.

Of course, Wicked claimed there were no logs to hand over… at least that’s what they said to their customers. They also said even if there were logs, they wouldn’t hand them over.

But the reality is, we have no idea. You can’t prove a negative. They wouldn’t be the first to claim ‘no logs’, fake an audit, or otherwise fool their customers into thinking they were safe.

Wicked took the step of shutting down all of their US servers, which doesn’t exactly scream confidence in their ability to fend off future lawsuits. They encouraged their U.S. customers to use their gateways in Canada and Mexico instead.

We’d love to talk about their hubris all day long, but there’s a second fish we need to fry before this is all over…

2022 Sees A Second Lawsuit And BitTorrent VPN Ban

Guess who’s back? Why, it’s Millennium Funding Inc!

And this time they had their sites on TorGuard. And guess who encouraged their customers to make use of their unencrypted SOCKS5 to pirate stuff? You guessed right.

This time, there was an entire mountain of data that got included in the settlement documents. Look at that… tutorials, proxy configuration information, admissions that TorGuard had the ability to monitor and block the piracy as it was happening, the works.

And the techies did their homework. On just one of the SOCKS5 servers, they recorded over 98,500 instances of piracy. It was what a lawyer would call an ‘orgy of evidence’, usually only seen when someone really screwed up or they got set up. In this case, TorGuard really screwed up.

But they weren’t alone. Their provider, Quadranet, failed to process and pass on the copyright claims! So yes, the VPN messed up with their advertising and not properly warning their clients about the lack of encryption on SOCKS, but it was Quadranet who brought everything to a head by failing to send over 100,000 DMCA notices to the right agent. They didn’t null route the offending users. They didn’t provide the information that the VPN would need to adjust their firewall. They simply failed.

It was a comedy of errors all around, and one that TorGuard would need to pay the price for. They settled. They blocked all BitTorrent traffic as part of the injunction.

Millennium Funding was on a roll. They found that so many VPNs were using unencrypted SOCKS5 servers, and it was a goldmine. In the past, they had failed because encryption provided the VPNs with plausible deniability. But the combination of suggested piracy in advertising and unencrypted servers providing a ton of evidence has spelled success. They have several other lawsuits in the works, and show no signs of slowing down.

The Moral of the Story

First of all: Don’t use unencrypted means to do your dirty laundry.

Second of all, don’t trust VPN claims and advertisements. Time and again the industry has been found to exaggerate, lie, and provide some truly terrible advice. They harp on about ‘privacy’ while doing absolutely nothing to stop the greatest privacy threat of the 2020s: Browser and device fingerprinting.

If you want privacy, use a real privacy app like Hoody. Don’t settle for a VPN.