I would like to prevent to the best of my ability getting malware or virus when torrenting. I know there is never 100% certainty of not getting one, but i'd like to mitigate it. I'd like to ask your advice/expertise.

These are the practices I use. Please build on them if you think there is room for improvement and how.

First off, I use linux (transmission) and only download media (music, movies), no software. I know this already lowers the risks significantly since most malware are on .exe for Windows, however I am aware mp3/mp4 and mkv files can still embed malware to exploit VLC vulnerabilities and also Linux.
I use Proton VPN with kill switch in advanced settings - no internet (at all) allowed when the VPN is not connected.
I limit opening the downloaded media in the PC. After seeding for a few months, I usually transfer them into an external HDD and delete them from the PC. Media may be used in a TV/phone for viewing/listening.
I have downloaded torrent media going into a separate internal SSD which is encrypted (obviously unencrypted when torrenting). This probably doesn't do much, but I get somewhat piece of mind when I am not torrenting and the ssd is locked.
I use normally pirate bay org and get the torrents with the higher number of seeds.

I understood joining some private tracker may help, but I found it difficult to join. Any advice and recommendations are welcome!

all 25 comments

sorted by: hot top controversial new old

[–] baka@lemmy.blahaj.zone 3 points 2 days ago* (last edited 2 days ago)

Read comments

Look for high seed counts

Trust your gut

Trusted uploaders

Private torrent sites, some of them open to public periodically

[–] sefra1@lemmy.zip 3 points 2 days ago (1 children)

I'm probably the most security paranoid person you may find here on Lemmy, I'm the kind of person who actually checks the gpg signatures of software I download, and refuses to use anything like AUR.

And I never worried one time in my life about exploits in media files, it's just extremely unlikely that between the time a 0day is discovered, and your system is updated (you do update frequently, right?), that torrent is going to exploit some player or media library.

Last time I heard of something like that, it was like 10 years ago, a gstreamer 0day that got quickly patched.

Executable files aren't going to execute themselves. If you don't chmod +x them they shouldn't execute at all even if you click them. I guess it can depend on your system.

I am much more concerned about internet facing applications like a web browser or torrent client.

[–] ui3bg4r@lemmy.org 2 points 1 day ago (1 children)

And I never worried one time in my life about exploits in media files, it’s just extremely unlikely that between the time a 0day is discovered, and your system is updated (you do update frequently, right?), that torrent is going to exploit some player or media library.

Last time I heard of something like that, it was like 10 years ago, a gstreamer 0day that got quickly patched.

Executable files aren’t going to execute themselves. If you don’t chmod +x them they shouldn’t execute at all even if you click them. I guess it can depend on your system.

I am much more concerned about internet facing applications like a web browser or torrent client.

True, the combination of Media Player exploit + Linux + not patched, it is very unlikely. However, what if he is using a Debian based distro? Those may have a couple of year old version of VLC installed in the package manager for example...

[–] sefra1@lemmy.zip 1 points 1 day ago (1 children)

Well, supposedly Debian stable backports security updates and bug fixes. So should it's derivates.

There's an issue where this isn't always the case and small bugs are patched upstream without making the news, but something as big as remote code execution from a media file it's something that doesn't go unnoticed. That's usually big news.

On another topic, I used to be a proponent of rolling release for better security, but the recent xz supply chain attack made me question that wisdom.

[–] ui3bg4r@lemmy.org 1 points 23 hours ago (1 children)

I understood they backport security updates, but is that also for apps in the software manager? For example: Currently I am using Mint. The VLC version there is 3.0.20 which is behind 2 years (current is 3.0.23). According to the releases of VLC, it indicated security fixes. Do these get fixes within the old number or are they neglected? What do you think? I concord by the wya on what you say related to rolling distro vs stable.

[–] sefra1@lemmy.zip 1 points 5 hours ago* (last edited 5 hours ago) (1 children)

Do these get fixes within the old number or are they neglected?

From what I understand (and I may be wrong) at least on debian the fixes get backported if it's viable to backport, when that happen they increment the number after the dash ex. 1.2.3-1 to 1.2.3-2. If backporting the fixes isn't viable they backport the package.

I couldn't find information relating to mint, it seems that packages.linuxmint.com website is broken atm. But ubuntu seems to have backported fixes on their VLC 3.0.21 package 11 times, the latest one in 29 Aug 2025 https://changelogs.ubuntu.com/changelogs/pool/universe/v/vlc/vlc_3.0.21-11/changelog

[–] ui3bg4r@lemmy.org 1 points 3 hours ago

Ah, interesting. So in principle they wouldn't leave a VLC or Media player with a big bug out there for long. The VLC of Mint is actually older 3.0.20-3build6 and it also looks like backported 3 times. I thought they were the same as Ubuntu but apparently not.

[–] cmnybo@discuss.tchncs.de 17 points 3 days ago (3 children)

Don't rely on the VPN kill switch for torrenting. It's not fast enough to prevent your IP from leaking if the VPN disconnects. The torrent client needs to be bound to the VPN interface. Transmission doesn't have an option to do that, so you would have to run it in a container instead.

[–] melfie@lemy.lol 2 points 2 days ago

I run my VPN via OpenWRT, with rules setup per device that either routes traffic through the WAN or VPN interface. If the VPN is not working, there’s simply no outbound traffic. It’s more reliable than a kill switch.

[–] mangaskahn@lemmy.waynetec.us 2 points 3 days ago (1 children)

It's probably best to handle that at the firewall, host based, external, or ideally both. The only traffic allowed outbound from the torrent box should be the VPN connection. Then it doesn't matter if routing or interface binding is set up wrong.

[–] so0t8@lemmy.org 1 points 3 days ago (1 children)

The only traffic allowed outbound from the torrent box should be the VPN connection. Then it doesn’t matter if routing or interface binding is set up wrong

Thanks, how could I do this with ufw?

[–] mangaskahn@lemmy.waynetec.us 1 points 2 days ago

https://yottasrc.com/wiki/article?t=how-to-block-outgoing-traffic-to-private-networks-using-ufw-on-your-server

Stop all incoming and outgoing traffic then allow only the VPN remote port number out to the Internet.

Remember to allow inbound connections from your local network to the management ports if you need them.

Do the same on your network firewall, block all outbound traffic from the torrent box IP address then allow only the remote vpn port out.

[–] so0t8@lemmy.org 1 points 3 days ago

Thanks for that feedback. Is that also true when using the advanced kill switch? ProtonVPN with that setting does not allow internet at all if the vpn is not connected. In the case that I must use that container, how would I do this?

[–] B4DR0B0T@lemmy.dbzer0.com 8 points 3 days ago (1 children)

Using linux and downloading only media files makes you 90% safer. But malware comes in many shapes, for example i've seen it executed from .pdf or .url or .lnk files. Even if you download only music and movies, dont open included files like that. And if possible make a filter to not download anything except what you need like .mkv .mp4 .mp3 .flac

Using a killswitch on any vpn is a must, and actually number one good practice you should always do at firewall level. If you use linux use iptables or ufw for that dont rely just on your vpn software. Another good practice is to bind your transmission to specific network/ip/port. So when your vpn killswitch triggered software stops to function.

SSD/HDD encryption is really a personal preference its not required if you are torrenting. I would use encrypted storage for more important things than just your movies/shows =) But remember encrypted storage does not save you from a virus or malware.

Actually avoid using pirate bay org use something more modern like EXT (dot) TO or 1337x (dot) TO or something more smaller like YTS (dot) BZ or uIndex (dot) TO or PiratesParadise (dot) ORG or EZTVx (dot) TO or if you want CAM/TS try CinemaCity (dot) CC (but it has watermark logo flying around) The reason why I say try not to use pirate bay is because from my own experience that where the most malware and viruses are coming to torrents from.

And joing a private tracker really not required, the piracy is so widespread now its actually more work than just finding content in the open. Everything sooner or later ends up in the open. Leaks of content from scene, p2p groups or private trackers happen hourly.

Another alternative you could try is direct downloading, there are many places out there, especially for older content. For the newest content i recommendation using irc, its so easy and quick and you can automate downloads.

[–] so0t8@lemmy.org 2 points 3 days ago (1 children)

Thanks, really appreciated detailed response. I checked out the websites youshared, and found them really good and actually with more seeds than pirate bay so am definitely moving away from that. A couple of questions if you dont mind. I am currently using Transmission and also the ufw. Do you think what steps I have to take to link it like you said? I am quite noob on this and I can't find any step that is understandable.

[–] B4DR0B0T@lemmy.dbzer0.com 2 points 3 days ago* (last edited 3 days ago)

I don't use Transmission or UFW, I use Area2 (CLI) and IPTables. But from what i know of UFW its just a frontend for IPTables. So firewall rules should be similar. So here are few rules you can try, but I highly recommend you do your research on how to properly use UFW or IPTables with Transmission.

// This command resets all your existing rules.
sudo ufw reset

// Block all outgoing and incoming traffic by default.
sudo ufw default deny outgoing
sudo ufw default deny incoming

// Allow outgoing connections via VPN interface only.
// Allow forwarding traffic through the VPN interface tun0
// Change "tun0" to your VPN interface and 12345 port to your Transmission port.
sudo ufw allow out on tun0 to any port 12345 proto tcp
sudo ufw allow out on tun0 to any port 12345 proto udp

// Allow VPN service traffic on your normal interface (exp. eth0 or wlan0)
// Replace x.x.x.x to your VPN server port and 1194 port to your VPN port.
sudo ufw allow out to x.x.x.x port 1194 proto udp

// Optionally if you dont want to restrict your vpn per ip/port do something like this.
// Change eth0 to your network interface and 1194 port to your VPN port.
sudo ufw allow out on eth0 to any port 1194 proto udp

// Enable your UFW firewall rules.
sudo ufw enable

[–] Confused_Emus@lemmy.dbzer0.com 4 points 3 days ago

I use and highly recommend Cleanuparr. Kills stalled torrents, and has a malware component to block known malware torrents.

[–] Damarus@feddit.org 5 points 3 days ago

Don't use public trackers is really the most important precaution imo.

[–] nullptr@lemmy.dbzer0.com 4 points 3 days ago (1 children)

Your best bet is to join MAM. From there, you can progress to Aither and other sites within a reasonable amount of time through the invite forums.

[–] so0t8@lemmy.org 6 points 3 days ago (1 children)

Your best bet is to join MAM. From there, you can progress to Aither and other sites within a reasonable amount of time through the invite forums.

Could you elaborate what is MAM?

[–] theskyisfalling@lemmy.dbzer0.com 8 points 3 days ago (1 children)

MAM is myanonamouse which is a private tracker focusing on books and audiobooks. It is generally seen as one of the easier trackers to both get into and maintain your ratios on and is a good place to learn how private trackers work.

From there it helps you get into others by having a proven track record as well as being able to get invites via the MAM forum sometimes from other users etc.

I love the place as a lot of what I get is audiobooks anyway, it is super friendly and people will help you out as long as you have done your due diligence and aren't asking stupid questions that are covered in their already extensive documentation and forum.