At this point I use

- a VPN
- a proxy with Socks5 protocol

DHT
------ start up DHT is turned off
------ DHT mode for normal trackers is off
-------DHT mode for trackerless transfers: search + announce

Trackers
------- allow UDP tracker connections: no

Do I need to do something else to prevent being tracked?

Thanks you.

I was wondering about this too. Sorry for the bump after a few years :)


PrivadoVPN: SOCKS5 Proxy settings for Tixati (v3) - a 2026 manual.


I was playing around with PrivadoVPN and its SOCKS5 proxy.

I found a new (to me) torrent program that (for now) outperforms qbittorrent and has, as an added bonus, security features & a p2p file search feature like eMule once had (users can share a folder and other users can search and download files within said folder).

I did keep getting errors and warnings. I now found out that while changing network options usually also updates how network traffic gets handled, it's not a 100% foolproof test. You really need to quit the program after changing the proxy settings.

So to save you the hassle... These are the 2025 / 2026 settings that work with the maximum of privacy and security in mind.

You can test if you were successful here:
* https://ipleak.net/
and here
* https://www.dnsleaktest.com

---

Go to Tixati Settings. Go to Network - Proxy.

For all Proxy Tabs you enable the SOCKS5 option.

For all Proxy Tabs you enable the "USE TLS..."-options, EXCEPT for these 3 tab options:
* the tab "TCP Trackers", and also for
* the tab "UDP Trackers", and lastly for
* the tab "UDP Peers And DHT".
These tabs have the "Use TLS option" disabled.

All Proxy Tabs can (and must?) set the option "Use proxy to resolve names" to ON, except for the tab "UDP Trackers".
I followed Tixati's own advice to keep that option disabled (hardly any proxy apparently supports this option, and it will also be slow a.f. if they do support it. This is due to the nature of UDP-IP traffic).

Then the obvious options. Log in to Privado and look for your SOCKS5 credentials. They are not the same credentials you would use for their VPN.

Sadly, you will need to enter the credentials in each and every Proxy Tab. So prepare to start copy pasting.

Server address, find yours in your account credentials and settings.
Address: geolocationid.socks.privado.io
Port: 1080
Login: ed23423glowq
Password: only god, privadovpn and you know this one.

---

More Tixati settings to set in regards to your privacy.

Go to Settings - Network - Connections (right above your Proxy settings).

Set "Encrypted Only" for Outgoing and Incoming Peer Connection's Encryptions.

Outgoing Peer Connection Protocol: UDP > TCP
Incoming .. Protocol: TCP = UDP

Network Mode: IPv4 only
(IPv6 should be as secure, but its technology apparently isn't as battle hardened as IPv4)

For the next two options I will assume that you also run PrivadoVPN's client and have it connected.
Local IPv4 address or interface: WireGuard Tunnel #17
(And if you trust IPv6 enough to enable it, set the Local IPv6 address or interface also to WireGuard Tunnel #17.

There are many adapters given there: I will assume that the highest number is from my latest installed version. PrivadoVPN's VPN client is also set to use Wireguard for its connections. It's also why that's the one I'm currently using. These adapters come both with an IP4 address and IP6 addresses. You could also select an IP address instead of an adapter. I don't know what happens if your IP (v4 or v6) changes. So I advise against doing so unless you use static IP addresses for everything in your LAN. By directly directing Tixati to use the VPN connection, you made a simple kill-switch. If the Wireguard tunnel goes down, the socks5 connection goes down with it. No IP information can be leaked.

---

Next go to Settings - Network - Incoming Ports (right above the Connections options).

Disable the option "Use UPNP / NAT-PMP to forward port on router". You can do without this option and enabling it would open the doors to IP leaking. Which is bad :)

Set Random port Interval to "Everyday". You don't want too many interruptions, right? No? :)

---

Lastly we go to the Settings - Transfers options.

Settings - Transfers - Trackers

* Tracker presets: (select the given preset with Configure)

If you are really paranoid, I think you should leave this option disabled? But SOCKS5 + TLS when possible should give you a lot of cover to begin with. Depending on the adapter chosen for IPv4 and IPv6, your SOCKS5 traffic will get an extra layer of encryption through the connected VPN connection.

I suspect that if you would choose an IP address in your local LAN instead of a VPN adapter (or to one of its IP addresses), the SOCKS5 traffic will not get encrypted, unless the TLS option is enabled by Tixati (and supported by the proxy!) for that traffic type.

Please correct me if I'm doing this wrong :)

* v1+v2 protocol mode: V2 only
I don't know what the risks are for v1 but history has taught me well: v2 always gets introduced because version
ones got hacked or became easily decrypted. So that's why I go for v2 only. Get with the times, oldies!! No?

* IP protocol mode: preferred

* Allow UDP tracker connections: enabled

Again, this should be disabled if you are paranoid.

I trust that the SOCKS5 protection layer is enough for my privacy. TLS for UDP Tracker connections cannot be enabled for Privado's proxy! If you could enable TLS for UDP Trackers (under Tixati's proxy settings), you could safely enable the "Allow UDP Tracker Connections" there. But we can't. So you shouldn't allow unencrypted UDP Tracker connections if privacy really matters to you.

---

Settings - Transfers - Peers

* Local Peers (configure): both local (LAN) Discovery options should be disabled. Trust nobody 'n nothing'!

---

Settings - Channels

I kept the Channels Feature On. I think they were like old school IRC channels? For files? And chat? Disable it if you are paranoid. You probably won't use it anyway (but you definitely should explore the feature).

---

Settings - I2P

I had no motivation to try to get yet another direct-from-linux-to-windows ported tool working that won't work with a simple setup.
You be you though and do test it out! It's very interesting as a privacy focused technology. You could compare it to a faster file sharing and streaming over the Darknet (TOR). Cool! IF you can get it to work, USE it. No? :)

---

Settings - DHT

This is another important one to disable if you want to protect your privacy (according to many online sources).

* Startup DHT mode: on

I doubt that disabling the DHT mode for (trackerless) transfers will add to your privacy and security. I kept them to their defaults (ON), and set to "Search + Announce". If you know better, do let me know :)

* Auto node ID change interval: 1 Day
* Auto node ID change only on startup: enabled
I had this disabled at first. But when the ID changes, it will disrupt your active searches.

---

Settings - IP Filter

* Activate IP Filter Feature: On (action: drop matches).
Applies to: In + Out Peers, DHT + Trackers.
By default, IP filter options do not apply to Trackers.

* The Automatic Reload Interval was set to an interval of 6 hours.

---

Settings - Event Logging

If you need to disable these... You need Jesus and salvation more than you need privacy is all I'm gonna say :)

---

Pro tip: if you set the Proxy TCP (TLS) settings wrong, Update Check will fail :)

---

Import/Export is not just for the settings but also includes any downloads you did or have or some sheit like that. I was
unpleasantly surprised learning this the hard way. It's also why I wrote down my settings for next time when I'm in doubt :)



Peace!


Devvie



Sources used:
- https://support.tixati.com/settings%20-%20dht  (DHT ID changes)
- https://support.tixati.com/transfer%20properties%20-%20options  (DHT modes)
- https://forum.tixati.com/support/7288  (yes, you should enable DHT unless you use private trackers)
Note: Tixati has a right click option to disable DHT for any torrent you are downloading
- https://airvpn.org/forums/topic/49353-looking-for-some-clarity-regarding-safe-torrenting-and-privacydns-leaks/?tab=comments#comment-166110&ct=1769112480
(IP leaks: IPv4 versus IPv6)(DHT and your privacy)
- https://billing.appbox.co/knowledgebase/180/DHT-Enable-or-Disable.html?language=dutch
but but but!!!? No! You are wrong! :)
- https://stackoverflow.com/questions/1181301/how-does-a-dht-in-a-bittorent-client-get-bootstrapped
Just pull yourself up by the bootstraps!! Right? No. Wrong!! Don't use this. You don't need it.

No edit possibility for my previous post?

I found a mistake. I'll probably find some more because I'll start watching the log files closely moving forward.

No worries: everything downloads just fine with the above settings, except for one... Update Check fails because I enabled TLS one too many times...

For Tixati and PrivadoVPN, go to Tixati's
* Settings: Network - Proxy: "TCP Default"-tab:  
--> TLS needs to be disabled or the update over TCP will fail with a proxy connection error.

I even warned myself this would happen!! :)

My next reply will be once I'm convinced I checked and triple checked all boxes and log files. Until then... I'll shut t.f. up.

Thank you.

Peace!

Forget my previous configuration instructions. After some tests, and more importantly, after asking Privado's support themselves...

These are the Privado VPN SOCKS5 Proxy settings for Tixati.

All options are OFF, unless mentioned otherwise.
TCP Default: Use proxy to resolve names
TCP Trackers: Use proxy to resolve names
TCP Peers: Use proxy to resolve names

UDP Default: -
UDP Trackers: Use proxy to resolve names
UDP Peers And DHT: -

As you can see, TLS is NOT supported by Privado SOCKS5 Proxy.

Quotes from support@privadovpn:

Encryption: Our SOCKS5 proxy service does not encrypt traffic.

All TCP and UDP connections through the proxy are sent in plain text. If you require encryption, this must be handled by the application itself (in your case, the torrent client).

The SOCKS5 proxy only masks your IP address and forwards traffic; it does not provide TLS or any other form of encryption.

IPv6 support:
Currently, our SOCKS5 service only supports IPv4. IPv6 connections are not supported.

Tixati UDP Trackers - “Use proxy to resolve names”: This option is not supported. All DNS requests should be handled by your client or system. Using the proxy for DNS resolution may cause delays or failures.

Which brings us to the next set of Tixati options to correct, the Connections settings!

Network Mode: IPv4 Only
Local IPv4 address or interface:
You may choose any network interace. I prefer some decent encryption of my torrent traffic, so I set it to Wireguard Tunnel #16. That way, Tixati uses the unencrypted proxy over a connected and therefore encrypted VPN tunnel only. If the wrong VPN connection is active, it will act as a kill-switch and no IP information will leak.

Local IPv6 address or interface: disabled

Note to self: https://forum.tixati.com/support/8666  TCP <=> UDP settings... how what why whuh?

For anyone still confused, and to answer the original question by op...

1. use no VPN, use no proxy
You trust your ISP has your back and The Law can't touch you, by law! Or all you care about are Linux distributions ; -)

2. use no VPN, use an unencrypted SOCKS5 proxy (best option, depending on ISP)
This will give you another IP address, nothing else. Your ISP could still see you are downloading or uploading a torrent, but The Law cannot see who you are.

Optionally you can encrypt your proxy traffic too IF your proxy supports it. PrivadoVPN's proxy alone does not support this.

If your ISP doesn't care, the only thing The Law could do is subpoena your proxy provider to hand over your details. Most VPNs cannot do this (look for no log policies).

3. use a VPN, use an unencrypted SOCKS5 proxy
You still tell Tixati to use your proxy. Why? Why not! Then, connect PrivadoVPN to a server that supports torrents (all of them as of 2026). Configure Tixati to use PrivadoVPN's network connection AND set the SOCKS5 options.
This way, even your unencrypted socks5 proxy traffic gets encrypted by the VPN tunnel itself. It also acts as an immediate kill-switch if the VPN goes down.

4. use a VPN, use no proxy
When you think about it... The proxy isn't really needed if security, encryption and obfuscation is what you need. The only thing needed is a VPN provider that allows for torrents.

Note. Depending on your trust of your VPN provider, what you download and whom you ask... An unencrypted socks5 proxy is all the security you need. It's fast. And you are anonymous from the outside world (which is everyone except for your ISP and your VPN providers).

You can use bittorrent's encryption protocols, but that's for obfuscation of your network traffic from your ISP - it is not for real security and anonymity. So don't enforce it, unless you know your ISP will be a bitch about it.

A security expert will also advise you to never use double layers of encryption, so if you insist on encrypting your traffic, better make use of option 4 above and use the VPN for all your torrent traffic (and if it makes you feel good, connect to the SOCKS5 proxy too. Then, the outside world will then see your proxy IP address and your ISP provider cannot distinguish what your traffic is, or isn't, because of the encryption used in the VPN tunnel over which your torrent traffic runs). And while two layers of security can make you extra secure, it can also open you up to unexpected attacks... Remember, either encrypted traffic is securely encrypted and uncrackable, or it isn't. No point in using 2 layers of encryption unless you are an academic in cryptography.

Shit! Forgot to fix this while pointing out this was wrong...

UDP Trackers: DO NOT Use proxy to resolve names!!

So...

UDP Trackers: Use proxy to resolve names

should read

UDP Trackers: -

Another correction. Quote:
* v1+v2 protocol mode: V2 only

That was so wrong!

Use both V1 + V2 (= dual).

Enable V3 and prioritise it once it gets adopted and implemented.

Reasoning? Read this thread (https://forum.tixati.com/support/8586  ), posted by Guest on 2026/02/05 12:48:59 PM.

V2 is rather hated and most trackers still use V1.

V3 is a proposal for the torrent network and is already implemented (and developed) by Tixati. The waiting is for others to adopt and implement V3 too (see Github).


----
Note: https://support.tixati.com/settings%20-%20transfers%20-%20trackers  :
IP Protocol Mode
This will allow you to announce only from the preferred IP protocol as set in Settings > Network > Connections, or to announce always from both protocols if available.