Why you shouldn't stream torrents in your browser
Torrents-Time, an interesting browser plugin, is a boon for anyone who needs a simple way to torrent but horribly insecure.
By Gizmodo | Updated:
Torrents-Time is an interesting little browser plugin that lets you stream torrents without needing to download a whole separate client. It's a boon for anyone who needs a simple way to torrent, but as it appears now, it's also horribly insecure.
A dissection by techie Andrew Sampson and the /r/Piracy subreddit, has thrown up a few worries about how the plugin works. At heart, Torrents-Time is trying to run an entire torrent client in a webpage and using a service, which leads to some 'creative' programming, and some serious security flaws.
The most egregious is the abuse of cross-origin resource sharing (CORS), a mechanism that lets one webpage request resources from another webpage. Sampson shows that because of how it's set up, it proves to be a gaping security hole that could compromise what you download, not to mention your IP address — not good for something used for illegal downloads.
There's a few other concerns as well: it seems to run persistently in the background on your PC, which could fry battery life and annoy anyone who tries to put their PC to sleep and Sampson found a CPU bug that is not just annoying, but potentially symptomatic of a more serious coding flaw.
Concerns, according to Andrew Sampson:
- Forced piracy
- User tracking/privacy
- Even more privacy issues
- It runs as root on OSX
- Redirect plugin downloadX
- XSS (Cross-Site Scripting)
- Sky rocket usage/crash it
A dissection by techie Andrew Sampson and the /r/Piracy subreddit, has thrown up a few worries about how the plugin works. At heart, Torrents-Time is trying to run an entire torrent client in a webpage and using a service, which leads to some 'creative' programming, and some serious security flaws.
The most egregious is the abuse of cross-origin resource sharing (CORS), a mechanism that lets one webpage request resources from another webpage. Sampson shows that because of how it's set up, it proves to be a gaping security hole that could compromise what you download, not to mention your IP address — not good for something used for illegal downloads.
There's a few other concerns as well: it seems to run persistently in the background on your PC, which could fry battery life and annoy anyone who tries to put their PC to sleep and Sampson found a CPU bug that is not just annoying, but potentially symptomatic of a more serious coding flaw.
Concerns, according to Andrew Sampson:
- Forced piracy
ADVERTISEMENT
- User tracking/privacy
- Even more privacy issues
- It runs as root on OSX
- Redirect plugin downloadX
ADVERTISEMENT
- XSS (Cross-Site Scripting)
- Sky rocket usage/crash it
ADVERTISEMENT
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Related Articles
From trickle to torrent: Hormuz reopening may trigger a global oil floodADVERTISEMENT
