API tools faq
paste
Advertisement
Guest User

Why Time4Popcorn is incredibly Dangerous.

a guest
May 2nd, 2014
1,515
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.30 KB | None | 0 0
raw download clone embed print report
  1. **Why YOU should not install Time4Popcorn**
  2. ***
  3. **Introduction**
  4. ***
  5. So yes, i am the creator of the alternatives list over at /r/popcorntime (the good side). You are probably asking yourself, why did you create this subreddit? Well i am about to tell you what Time4Popcorn is and why you should not even be thinking about installing their software. So let's start off.
  6. ***
  7. **Background Story**
  8. ***
  9. So i am around since Popcorn Time started. That was before it got blown up by the media. I started to follow Time4Popcorn to see if the project was interesting, i didn't like the project very much. Graphics weren't beautifull. However i kept an eye out while going back to the Github that isra17 made, after a while that merged with Jduncanator. In a week or so after that the whole repo was gone, jduncanator aswell. Isra took over, a week after that the same thing happend. At that time i went back and researched a whole lot of alternatives and made a list of them at /r/popcorntime. At that time it included Time4popcorn. I will start to tell you why i removed it 2 weeks back.
  10. ***
  11. **How it started**
  12. ***
  13. Time4Popcorn was not a unique project, they took everything that the Official guys from Argentinia left behind. Just like the guys at get-popcorn.com did. However after introducing a non working TV Shows option they began to steal the code from the Popcorn Time repo. After a while they were finally going to release their "source code" because many had asked for it. Since they didn't trust them without an open source code, TorrentFreak also covered their software. Which i untill this day don't like, since they are not a legit and safe application. So the entire source code was just a simple fork from Popcorn time, everything was the same, including the readme and the newest pulls. Sharkiller (a PT dev) even commented that his code was in there, they didn't even say that it wasen't true. They just wanted to have a talk on the email, they have never ever showed any trouble to go into discussion. The only thing they ever say is, email us. Well that just doesn't cut it, since that could easily be faked.
  14. ***
  15. **Coding & Safety**
  16. ***
  17. In the comments that i have included (with permission) will be stated by different people what T4P actually is behing the scene. Their code has been revealed best by Cesasol & Sharkiller shows that, their code is on the fly. They have deactivated everthing accept for the NodeWebKit. Their on the fly tactic makes it so that the program contacts app.time4popcorn.eu to load in everthing. So without that server, the program would be useless. Which is of course a very vulnerable point, when you are so called trying to stay anonymous. The feds could raid the server or follow the trail and find the devs. Even worse they could force the devs to make backdoors. The thing that however is the most frightning is the fact that they (T4P) can change their code 24/7, which means that one second you may be enjoying the movie. And the next your HDD is erased, or your bankcode is keylogged. Do you now understand why their software is everything but safe?
  18. ***
  19. **Communication**
  20. ***
  21. Time4Popcorn has never ever tried to communcate to any of us. We have tried to merge with them at the point that we didn't know any of their source code. But they said no, they claimed that they were better of alone. And i see why now, when we were to merge. We would have found out about their programming code. On the other hand, we have tried to communicate to get credits for the work that our (PT) community has done in the form of code. But we have never gotten any actual anwers back, just the anwer "email us". Which just means, we can't prove anything. So yeah, email us to start a pointless conversation. And when we don't like it we just manipulate the emails (which is easy)
  22.  
  23. ***
  24. **Some aditional fun stuff**
  25. ***
  26. **Look at this for example**
  27. The Official Popcorn Time group at discuss.get-popcorn.com has been working on their new layout for over 2 weeks. About 14 days before release (estimated) Time4Popcorn steals the developers version of the UI and implements it into their own software.
  28.  
  29. **Official Developers Build of Popcorn Time**
  30. http://i.imgur.com/jflfBhV.png
  31. http://i.imgur.com/F2YhNYk.jpg
  32. **Blatant Copy that Time4Popcorn used**
  33. http://i.imgur.com/iBLhoJu.jpg
  34.  
  35. That's some similarity right there? So yeah, they steal. Don't give credits, and use a very dangerous implementation of watching movies (centrialized server). So...
  36.  
  37. ***
  38. **Notice**
  39. ***
  40.  
  41. **Below here are some comments of people explaining personal situatins with T4P and how there code works. If you have a similair situation or you want to have a discussion. Feel free, i will update it every couple days.**
  42.  
  43. **And don't forget to come over to the good side:** http://www.reddit.com/r/PopCornTime/comments/232xmf/a_list_of_popcorn_time_clones_and_android/
  44.  
  45. ***
  46. **Comments**
  47. ***
  48. Be warned!
  49. **@cesasol commented:**
  50. After checking the source code, i could see there is no software beyond nodewebkit under popcorn4time binary, instead they work on this "cloud" http://app.time4popcorn.eu/ *deactivate js before going to this link And there is a couple of binary files with the extension php, wich is more than suspicius. After checking in a vbox, they send random data to that server and another two, not only the torrent seeding.
  51.  
  52. **@Sharkiller a Popcorn Time dev has also showed his doubts:**
  53. @Foxito they steal code, dont release them, put features that dont work only grow up their userbase who knows for what. for weeks they do interviews for a lot of pages to gain more and more userbase even when their code never works(tvshows). in the code you can find suspicious images to track the users, they don't even are from analytics. after a few weeks they "release" a source code in github that is a clone of the popcorn-official repo, even the links go to that repo. with the commits of the same day. They don't even do a fork only a renamed code. If that is not fishy to you then use it.
  54.  
  55. **@traplover69 commented:**
  56. The download links on http://get-popcorn.com/download/mac and http://time4popcorn.eu/Popcorn-Time-0.2.9-Mac.tar.gz point to the same file. Both give a shasum of fc00796208ca412b01c3715fb44af191d937ba8a. Any ideas whats happening here?
  57. **@Sharkiller's amazing input once again:**
  58. Im a dev from the official Popcorn Time and after I asked to add proper credits to our repo (they took the work of weeks for the UI of our next update), my issues were closed and now im blocked.
  59. http://i.imgur.com/DUju5cr.png
  60. This is the message
  61. Please give the respective credits. Reply and don't close the issues #1 #2 #7 #8 #9 #10 You are going to need to delete a lot of issues if you still doing this.
  62. I have no interest in contact you through email. Simple add proper credits and done.
  63. http://i.imgur.com/kkPUWqX.png http://i.imgur.com/PL6P6Pd.png
  64. As you can see they delete the messages and closed them:
  65. http://i.imgur.com/ObC3vQF.png
  66. BE VERY CAREFUL WITH THEIR APP, THEY RUN THE APP IN AN IFRAME WITH ALL THE CODE HOSTED EXTERNALLY. IN THE MODE NODEWEBKIT WORKS THEY CAN EDIT THE EXTERNAL CODE AND TOOK CONTROL OF ALL YOURS FILES AND DO WHATEVER THEY WANT
  67. Here you can see the iframe:
  68. https://github.com/time4popcorn/popcorntime-desktop/blob/b34978bd32c820a05f1204dcd45d82569aecb5c7/nativeapp/js/app.js#L290 here the "ghost image" to grab data:
  69. https://github.com/time4popcorn/popcorntime-desktop/blob/b34978bd32c820a05f1204dcd45d82569aecb5c7/webapp/index.html#L189 And here you can see that all the app is hosted externally (open with this in chrome to see the source):
  70. view-source:app.time4popcorn.eu/? uid=E92E1FB84DBCA114AA406F29AD01F35F&register_date=1398509469&version=0.3.0&os=win&r=0.7509009002242237
  71.  
  72. One clearification due comments.
  73. No program can ever be safe, but Popcorn Time and several other alternatives offer a local version with local code. Their code only uses api's to get the content. Time4Popcorn uses an "cloud" to connect to their interface, you are just downloading a almost empthy program. The danger here is mostly that they can change that code at any given point of time to malware. And given that it is centrialized it could be taken down or become a honeypot for feds. This isn't a safe infrastructure to go. But it's still up to you, if you want to use it. Go ahead, you have been warned.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!