Maybe You Shouldn't Stream Torrents In Your Browser

Illustration for article titled Maybe You Shouldn't Stream Torrents In Your Browser

Torrents-Time is an interesting little browser plugin that lets you stream torrents without needing to download a whole separate client. It’s a boon for anyone who needs a simple way to torrent, but as a few people are pointing out, it’s also horribly insecure.

The plugin works with Firefox, Internet Explorer, or Chrome, and the premise is simple: with it installed, navigate to any Pirate Bay torrent page, and you’ll get a link to stream the torrent, rather than just downloading it. Sounds great! But there are a few worries.

A dissection by Andrew Sampson, as well as people on the /r/Piracy subreddit, has thrown up a few worries about how the plugin works. At heart, Torrents-Time is trying to run an entire torrent client in a webpage and using a service, which leads to some “creative” programming, and some serious security flaws.


The most egregious is the abuse of cross-origin resource sharing (CORS), a mechanism that lets one webpage request resources from another webpage. Sampson shows that because of how it’s set up, it proves to be a gaping security hole that could compromise what you download, not to mention your real IP address—not good for something used for illegal downloads.

There’s a few other concerns as well: it seems to run persistently in the background on your computer, which could fry battery life and annoy anyone who tries to put their PC to sleep, and Sampson found a CPU bug that is not just annoying, but potentially symptomatic of a more serious coding flaw.

All in all, Torrents Time is a neat plugin, but probably not worth the effort. Legions of much better, more robust and far more secure torrent clients live out there; sacrifice three seconds of convenience, in order to not compromise your entire computing setup.

[Andrew Sampson]


Share This Story

Get our `newsletter`



The film industry has come a long way in making movies available online, the way people want them, via HBO GO, or Amazon or Netflix or iTunes or others. Could they do better? Yes, absolutely, but streaming pirated sites is hurting yourself in the long run, because they’ll target movies at people who pay for it, so that’s less stuff for your demographic. It also hurts the smaller people who work on movies by hauling gear for productions or pushing pixels in post. Real actual work.

I get wanting to pirate things and just watch whatever you want for free, but it devalues the content both to you, who become used to it being worth $0, and to the studios and independent producers who risk losing money on every movie they make. Napster came about because the music industry was doing a lot of stupid things and not skating to where the puck was going to be. That doesn’t really apply here. You can stream a lot of stuff on Netflix for cheap and Apple TV or Roku basically puts a Blockbuster video in your house. $5 for a movie in HD and surround sound with almost no waiting or travel or late fees, that’s a very good deal. So please don’t pirate movies or tv as a Plan A, save that for like Plan C if you want something specific and it's just not available elsewhere. The end.