this post was submitted on 23 May 2024

97 points (92.2% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54772 readers

222 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):

💰 Please help cover server costs.


Ko-fi	Liberapay

founded 1 year ago

MODERATORS

[email protected]

Is Stremio a honeypot? (sopuli.xyz)

submitted 6 months ago by [email protected] to c/[email protected]

63 comments fedilink hide all child comments

Does anybody have the impression that Stremio may be a honeypot of some sort?

Thay are allegedly a legal service where some nefarious actors provide torrenting plugins etc. I tried to find out how they were financed, and found northing but a site purportedly selling "Web3" advertising, and filled with technobabble nonsense. No address, no way to purchase their services no GDPR notice or anything...

All I can find regarding their safety are "It's legit, nothing has happened to me so far" comments in reddit and other boards.

They have your email, they host the service, they can track all you do...

Seems kind of fishy.

Ive tried it, ironically, to watch stuff that I pay for, I have Netflix, prime video, Disney... But Stremio gives me much higher resolutions.

Even though I live in a country where sailing the high seas is not persecuted, as long as you are the end-user and you derive no profit, I'm going to delete my account (made with an email address I have for bullshit stuff ), make a new one with a truly disposable email and get a VPN.

(page 2) 14 comments

sorted by: hot top controversial new old

[–] [email protected] 28 points 6 months ago* (last edited 6 months ago) (3 children)

You don't need to make an account. There is a guest login option.

The shadiest thing I am aware of them doing was the time they added a crypto miner and asked users to choose between that or ads.

load more comments (3 replies)

[–] [email protected] 11 points 6 months ago

Unlikely.

Seems like a lot of effort when torrent trackers already provide plenty of low hanging fruit.

[–] [email protected] 36 points 6 months ago (1 children)

It's legit, nothing has happened to me so far

[–] [email protected] 35 points 6 months ago (1 children)

so far

[–] [email protected] 18 points 6 months ago (1 children)

It released in 2015. Many of us have been using it since the beginning without issue.

[–] [email protected] 21 points 6 months ago (2 children)

But what if they have a ten year plan?

load more comments (2 replies)

[–] [email protected] 10 points 6 months ago (2 children)

Isn't it open source?

[–] [email protected] 12 points 6 months ago* (last edited 6 months ago) (3 children)

Is every open source app audited? Look at the XZ near disaster. And XZ is pretty critical software. Open source doesn't mean it's safe by default, it means that the code can be read.

[–] [email protected] 13 points 6 months ago* (last edited 6 months ago)

Yeah, but usually with open-source software you get like 150 Github comments complaining and outlining their shady business practices... If there's something to complain about.

The XZ disaster is an example for sth else. There are probably more backdoors in proprietary software that we just don't know about. And they can just keep it hidden away and force the manufacturers to do so. No elaborate social engineering like in the XZ case needed... And no software is safe. They all have bugs and most of them depend on third-party libraries. That has nothing to do with being open or closed source. If so, being open provides you with more of a chance to catch mischievous behaviour. At least generally speaking. There will be exceptions to this rule.

[–] [email protected] 34 points 6 months ago

The XZ topic was way more complicated than that and overly exaggerated by some people. Open source is still the closest thing we have to "safe by default".

Still, as someone else stated, if you're not hosting it's not truly open source as you can't really verify the actual code running behind the server.

load more comments (1 replies)

[–] [email protected] 40 points 6 months ago

If you are not hosting, it having a repo on Github makes no difference. The server you are connecting to might have a different service running and you cannot know.

[–] [email protected] 67 points 6 months ago (12 children)

I stopped using it because I figured if everyone did this and stopped sharing torrents, neither would work

It's kinda selfish

[–] [email protected] 12 points 6 months ago (7 children)

I read a comment somewhere that Stremio uploads like a normal client. Just a comment oc, but it should be easy to check for a network savvy reader. It may be that the plugin does it, dunno.