Online piracy skyrocketed into the 21st century this week as The Pirate Bay and Kickass Torrents adopted new technology from Popcorn Time spinoff Torrents-Time allowing users to stream TV show and movie torrents in their browsers.
Hours later, anti-piracy groups were already publicly decrying the technology, but whether you care about the obvious legal issues surrounding Torrents-Time or not, you still might want to avoid using it.
This week, Andrew Sampson, creator of the Aurous music streaming app, dissected the Torrents-Time plug-in and discovered a multitude of issues that could put users at risk. The most worrisome issue is the abuse of cross-origin resource sharing (CORS), which is the mechanism that allows resources on a webpage to be requested from another domain.
It’s the key to bringing Torrents-Time to any HTML5 page, but it also gives someone with malicious intent the ability to cause real problems for users.
Sampson managed to come up with seven things that a hacker could do with the poorly implemented technology. The first (and one of the most terrifying) is that the creator of the invisible media player could force someone streaming content to torrent content unknowingly. So while you’re streaming one show, you could be torrenting other illegal content insecurely in the background, and all the attacker had to do was input a line of code.
In layman’s terms, Torrents-Time is dangerous, and you should remove any traces of it from your computer. It sounded too good to be true to begin with, and it turns out it is. Hopefully someone will come up with a more secure solution in the future.