Pirate Bay Browser Streaming Technology Is a Security and Privacy Nightmare

An anonymous reader writes: Last week the Pirate Bay added support for streaming video torrents inside the browser in real-time. Kickass Torrents followed the next week. The technology they used is called Torrents Time. A security researcher has discovered that this technology which is a mix of client and server side code is actually a security and user privacy disaster. Attackers can carry out XSS attacks on TPB and KAT, the app runs on Mac as root, attackers can hijack downloads and force malicious code on the user's PC, and advertisers can collect info on any user that has Torrents Time installed.

Next on the news...

[MitchDev]

MPAA and RIAA releases tainted movies and music on torrents themselves...

Re:Active content *is* a priv & sec nightmare

[gstoddart]

As long as the dried up lame bed (lake?) has text, we don't give a crap.

Some of us still prefer to get information in the form of text, and not video ... and animate whirligigs and other crap add nothing to the experience.

But, really, in terms of not trusting javascript? That really should be common sense by now.

Re:So?

[houghi]

Who expects privacy and security when they use Internet ?

Fixed that for you.

Re:Oh dear balls.

[tnk1]

Even The Pirate Bay itself is quite hacked code.

Remember that these softwares are made by amateurs who spent their time downloading warez instead of getting proper professional programming education.

Actually, I doubt that they lack CS education. What they lack is QA. "Good" developers with educations let this sort of shit through all the time. The businesses who make software actually make an effort to test their software for security and functionality.

The problem with these guys is that coding is sexy, QA is not.