BitTorrent is a public file-sharing protocol, which broadcasts IP-addresses of up- and downloaders to the public at large.
For some, this is a problem, so to prevent this from happening, people turn to third-party services such as VPNs, proxies, or cloud torrent downloaders.
While these services add an extra layer of protection, not all are anonymous. Many cloud torrent downloaders, for example, can still connect an IP-address and timestamp to a specific user or their service.
With this in mind, we wondered how this applies to seedboxes. While these services are not predominantly used as an anonymity tool, some believe that they are.
To find out whether this is indeed the case, we reached out to several of the largest seedbox providers with a set of relevant questions. The questions cover logging practices, responses to DMCA notices, and legal requests, among other things. The full set of questions is as follows:
1. Does your service collect any temporary or permanent data that can link a seedbox IP-address to a specific user on your service? If so, what information do you collect and how long is that stored?
2. Does your service store any personally identifiable information of users (including IP-addresses)? If so, what information do you store, and for how long?
3. Does your service store the names/hashes or other identifying information of (previously) downloaded content (stored on your servers) that can be connected with a specific user? If so, for how long?
4. Do you offer dedicated and/or shared IP addresses? When IP addresses are shared and you get a ‘live’ complaint from a third-party, is it possible for you to link an IP address to a ‘live’ torrent and related user account?
5. How does your service respond to DMCA notices or similar takedown requests?
6. Do you have a repeat infringer policy? If so, what does it entail?
7. Have you ever had a request to provide information on a specific user from a third-party and been able to do so?
8. In what circumstances do you comply with legal requests and what are you able to hand over?
While we contacted nearly a dozen seedbox providers, only two replied. This is rather disappointing, especially from companies that sometimes serve tens of thousands of customers.
Below are the responses from the two providers who were kind enough to answer: SonicBit, Seedit4.me, and Rapidseedbox.
SonicBit
1. We do store user IP addresses for any user using our seedbox to keep our service clean from dupe/ fake email accounts, invalid referral activity, etc. Information will be removed when a user requests to remove their account.
2. We do store user IPs when a user logs in and logs out, for user account security to check any invalid activity in their account. Information will be removed when a user requests to remove their account.
3. We do not store downloaded hashes.
4. We only offer shared seedbox IP address, but different seedbox instances. We can check the specific user for any torrent downloaded in their account even with a shared seedbox IP address.
5. We will respond to it promptly and seriously, check if the takedown request is valid, and then forward the DMCA notice to the user. If there is no response in three days, we will remove the content manually.
6. No.
7. Never.
8. We do comply with the legal requests and do our best to resolve any legal requests to keep our service clean.
Seedit4.me
1. On account creation users can fill in their (user)name and the email address they wish to use with our services. This information is used for billing purposes only. We do not store any IP data about our users.
2. The only details we store are the name and email address a user provides us with. These details are used solely for billing purposes, sending invoices to our users and/or informing them about tickets they might have opened with us. A user can decide to use any billing address for additional payment options, but doing so is optional and users are fully in control of their data. We give users the option to add, edit or fully remove any account information they have shared with us. We also give our users the option to delete their profile fully from our systems after they have stopped using our services. No data will be stored on our servers after a user chooses to do so.
3. We do not store any identifying information on our servers. The only thing stored on our servers is the software needed to run the service (OS, apps, config files users make themselves) and the data users choose to store on them.
4. We currently only offer shared IP addresses. Our policy forbids the use of public trackers and thus it is very rare for us to receive any DMCA notices. In case we do receive a notice we will check the IP and port that is reported on the notice, which leads to a specific slot on one of our servers that is seeding the torrent in question. Being able to do so is part of the way torrenting works and we have not added any additional checks or ways to link users to torrents. This information is only accessible to our administrators and is never shared with other parties.
5. In the few cases that we actually receive a DMCA notice, we remove the torrent manually and inform the DMCA party that the takedown has been fulfilled, as is customary with takedown-notices in general. No other information whatsoever is shared with the DMCA party.
6. We have a clear policy about public trackers: we do not allow our users to connect to them. If users keep trying to do so, we will suspend their service and contact them about this issue. If and when we are confident a user will stop trying to use public trackers they will receive another chance. If they then choose to use public trackers again we will close down their slot and they will be unable to use our services from thereon.
7. We have never had such a request and we will not comply with them, the privacy of our users is paramount.
8. The only circumstances that will lead to sharing any data whatsoever is due to reports of child exploitation, or child pornography. We will hand over the email address and the name a user has provided us with.
RapidSeedbox
1. A user is linked to a seedbox IP, at the time of usage. When the subscription is terminated, the whole seedbox is terminated as well.
2. We store the email, transaction history, last logged time and IP address in the client area. Users can request account/data deletion at any time. At times, we clear up dormant accounts to save resources.
3. No. On five out of six plans, the user gets a VPS with root access and has full control over the seedbox.
4. Each seedbox has a dedicated IP address. “Live” complaints are linked to an IP address/user.
5. Locating and deleting the data proactively, informing the user, and asking to not repeat.
6. Repeat infringers will get their services suspended and eventually terminated.
7. We refer people to our Terms of Service and encourage them to take responsibility for the activity and the content on their allocated seedbox.
8. See the answer to question 7.
—-
As the answers above show, seedboxes can be very useful. However, they are certainly not (always) anonymous.
If your seedbox provider isn’t listed here we would encourage you to reach out to support, asking these same questions. We are happy to add responses to this article going forward if any more come in.