Trepia: A Buddy List Of Strangers

An anonymous reader writes "Trepia has released an IM client that automatically populates itself with people who happen to be around you. Something that has been done before by Apple with iChat, but Trepia claims to be 'iChat on crack' in this article featuring the software. This could have potentially revolutionary social effects..."

What happened?

[shmuc]

If you notice, the installer obviously uses nullsoft's NSIS, but they recompiled it, and changed the banner at the bottom to "Trepia, Inc.". Isn't that a breech of GPL or whatever license NSIS is out under?

Be caeful, very careful in using this software

In the website of Trepia, it is mentioned "Trepia(TM) is free to use and contains no spyware or ads." But you know what: Jawed Karim, one the authors mentioned in the article, wrote another piece of code called MP3 Voyeur. Now, in MP3 Voyeur, which searches for MP3s and other media files within LANs, there is a feature that connect to his personal web server every time it was run. If it could not connect to the server, it would refuse to run! Now, coming from such an author, this tool looks a bit suspicious.

So, someone might want to fire up Ethereal and sniff those packets flying from your machines.

Re:Half Way There

[loopyfx]

I got some data off the wire, here is what I made of it after about 10 min of observation:

outgoing message:
<F><a>4181</a><b>testing out</b></F>

incoming message:
<Q><a>4181</a><b>gorgonzola</b></Q>

outgoing message:
<F>
<a>4181</a> remote uid
<b>testing out</b> message
</F>

incoming message:
<Q>
<a>4181</a> remote uid
<b>gorgonzola</b> message
</Q>

incoming member update? [0x0A between each element]
<M>
<a>4141</a> member id
<b>1054626160</b> timestamp
<c>2</c></M>
variations of <c> = 1,2

??
<N>
<a>4141</a> remote uid
</N>

login:
<C>
<a>xx-xx-xx-xx-xx-xx</a> my MAC
<b1>xx-xx-xx-xx-xx-xx</b1> my default gateway's MAC
<c>my login</c>
<d>my password, MD5'd and probably salted. 32 bytes</d>
<e>2.0</e> version?
</C>

???:
<L>
<a>0</a>
<b>1054630291</b> timestamp?
<c>2</c>
</L> ... series of <M> ...

request profile?:
<D>
<a>1498</a>
<b>1</b>
</D> ... in a series, variations of <b> = 1,2
1=full, 2=partial? ...

profile:
<O>
<a>1498</a> member id
<p>missouri</p> location
<b>1044120269</b> login time?
<d>xxxxx</d> login
<m>99</m> age
<n>F</n> sex
<g>xxx</g> first name
<h>xxxl</h> last name
<o>wardriver</o> profile data
<e>xxxx@xxxx.com</e> email
<i></i>
<j>xxxxx</j> AIM
<k></k>
<l></l>
<f>http://xxxxxxx.org</f> homepage
<r>usa</r>
<s>mo</s> state
<t></t> city
<u></u> languages?
<v></v> school?
<w></w> company?
<q></q> base64 encoded image (not always present)
</O>

Re:Amazing

[MikeFM]

I've been online forever too and I still disagree with you. ;)

I'm a stupid geek boy with the social skills of a turnip and even I can spot people who are full of shit. If someone can't pick out the shitheads then they probably will be hurt no matter how they go.

Besides I'm paranoid. I backtrace most the people I chat with for any length of time so that I can find out who they really are. Of course not everybody knows how to do that but it is a useful tool. I've tried to do that in real life but it takes more work. No useful IP addresses or other clues to let you trace them.

I can fool just about anybody in person. Sociopaths are very good at faking facial expressions, tones of voice, emotional responses, etc to fit their needs.

It's much harder to carry on such a dialog over the period of months without the aid of the emotional ploys you can use to distract people as in real life. It's difficult to even disguise who you are online. Even if you change your alias and try to change your style of writing and fake being someone else a good many people that know you will still recognize you. People seem to be very good at recognizing such patterns.

If people believe implausible claims without LOTS of proof then they are morons best weeded out of the genetic pool.

It's much easier to social engineer in person. Most people you can begin working on before you even open your mouth. Body language, cloths, etc are easy ploys to use.