Posts by Prophet

  • Pirate Bay Responds to Cloudflare and Moderation Concerns

    The Pirate Bay has responded to concerns about its use of U.S.-based CDN service CloudFlare. According to the people behind the site, this is only a temporary measure to reduce the load on its servers. In addition, TPB now asks users to report fake torrents, noting that the staff's moderating capabilities are disabled for security reasons.


    phoenix1On Saturday The Pirate Bay made its long-awaited comeback. While most users were happy to see the site back online, others were suspicious about the new setup.


    One of the issues that was discussed the most is Pirate Bay’s use of CloudFlare’s CDN and its SSL service. Several people voiced concerns that this would make it easy for U.S. authorities to spy on Pirate Bay’s users.


    Others even went as far as rumoring that the FBI had already infiltrated the site. While this is complete nonsense, general security concerns of using a U.S.-based service are legitimate.


    Today, the Pirate Bay responded to the possible security issue, explaining that it’s only using Cloudflare temporarily in order to cope with the continued stream of millions of visitors.


    “We have seen that there has been some question to why we are using Cloudflare. This is only initially to handle the massive load upon the servers. It will be removed shortly,” TPB says in a statement.


    Another concern is the lack of moderation on the site. The Pirate Bay previously decided to take away the rights of admins and moderators which resulted in a staff revolt and a subsequent pollution problem.


    Since the site’s return many fake torrents have been posted to the site and without moderators these were not removed. The Pirate Bay operators now explain that the decision to keep the staff out was taken as a security measure.


    “Due to severe security issues regarding the old moderator team all moderation has temporarily been disabled,” TPB notes.


    reportTo deal with the spam and fake torrent problem they’ve now added a report link to every torrent details page.


    “Before we sort everything out we have instead added a ‘Report link’ to all torrents which you can find in the details page. We believe that the TPB community can help moderate the site for the time being.”


    Already, several flagged torrents have been removed from the site so the report button seems to work. Whether it will be as effective as a full team of moderators has yet to be seen.


    Finally, The Pirate Bay’s .onion address has been brought back online too, which allows people to browse the site over the Tor network.


    While The Pirate Bay may not have returned with a bang, it was certainly fuel for heated debates and conspiracy theories. The recent announcements may not resolve all concerns, especially not those of the moderators and admins, but it’s good that the people behind the site are speaking out again.

  • Android Dev ‘Punishes’ Pirates at the Behest of Reddit

    A few hours ago Android developer Jack Underwood revealed that his software was being pirated by 85% of users. Now, on the advice of Reddit, the UK-based dev has tweaked the app to provide pirates with some special surprises. Speaking with TF, Underwood says traditional anti-piracy measures are a waste of time.


    walkplankIt doesn’t really matter what kind of digital media a company or individual produces, it’s a given that someone, somewhere, will attempt to pirate it.


    Software, which has traditionally been expensive to buy, has always been targeted by those with small budgets seeking to enjoy products often placed out of reach. But price doesn’t always provide an excuse for those obtaining software without permission. With the rise of smart phones and tablet computers, software has become cheaper than ever, with many paid apps now available for just a few dollars.


    One such app is Today Calendar Pro from UK developer Jack Underwood. It’s an already popular replacement calendar for Android with 4.5 stars from several thousand voters on Google Play. However, like many devs, Underwood is trying to find a way to bring down piracy rates. Just a few hours ago he revealed to Reddit users that 85% of people are using pirate versions of his app.


    How to reduce that volume quickly became the topic of conversation. Some Reddit users were very aggressive but Underwood eventually settled on a more gentle approach.


    “Today Calendar Pro has a 85% piracy rate, so the way we’ve chosen to combat that is to have the app randomly insert pirate-themed events if the app decides the install is pirated,” Underwood told TorrentFreak.


    The first one, which has already been implemented, sees a graphical depiction of a plank suspended over shark-infested waters alongside a subtle reminder – “That’s what ye get fer piratin’ matey.”


    But despite the huge piracy rates, Underwood is surprisingly pragmatic. The developer informs TF that he actually ‘gets’ piracy and understands the mindset behind it.


    “I’m not against piracy, from either a consumer or developer standpoint – I can totally understand why people pirate Today Calender. They want to try it out for an extended period of time, or they can’t afford to buy it, or they don’t think it’s worth the asking price, and that’s 100% fine with me,” he says.


    Nevertheless, there’s no getting away from the fact that almost 9 out of 10 people using the Pro version aren’t paying the $6 price tag. Underwood feels there could be two reasons.


    “Maybe it’s far too convenient to pirate (for the consumer, not the cracker), and the cost of the pro version is more than the convenience of updates from the Play Store. Or perhaps it’s not actually worth $6,” he says.


    “Obviously I’m a little biased, but personally I think it’s worth $6 to people who use a calendar app on a daily basis. I also update the app a lot, probably three times a week.”


    In the meantime Underwood will stick with more unorthodox ways of tackling piracy – he has no interest in investing time in the old tried-and-failed methods.


    “Fighting piracy in a traditional way is a waste of time in my eyes, software will get cracked anyway. The majority of people who pirate my apps wouldn’t have bought them anyway, so it’s not as if I’m losing 85% of my revenue. In any event, I’d rather spend that time making Today more awesome.”


    People who do decide to pirate Today Calender Pro will find it easily using Google, but Underwood hopes that the ‘special events’ appearing in the app at surprise intervals might encourage people to spend $6 if they find the software useful long-term.


    “These events wont start occurring instantly, but when they do they’ll happen a lot – so the cracker (at first) won’t see the event coming, but once they start, they might get annoying quite quickly.


    “The plan is that people will get so bored of being invited to ‘pirate parties’ and being told to walk the plank that they’ll give up and just buy the thing,” Underwood concludes.


    Those who do want to spend $6 can do so here, but for everyone else there’s a free ad-supported version. Those choosing to use unauthorized sources can do so, but expect to be invited to pirate-themed parties – every Tharrrrrsday.

  • The Pirate Bay Already Has a Pollution Problem

    The Pirate Bay has been back for a few days but all is not well. Aside from the site having serious stability problems and decreased functionality, it's already being flooded with fake uploads of the latest movies. While it's still early days, reputations are fragile in the fickle world of file-sharing.


    pirate-bay-sinkAfter seven tense weeks of downtime, The Pirate Bay sprang back to life on Saturday.


    There were no press releases, no triumphant tone, and no gloating blog posts mocking the futility of Hollywood’s efforts. Compared to previous comebacks, this one felt different.


    The early signs were positive, however. The database backup used by the site appeared to be the one made on the last day of the site’s operations before it was raided early December 2014. And, given the use of ThePirateBay.se domain, it seems almost certain that the site isn’t some kind of trap – despite some of the negative discussions currently underway.


    The big question, however, is how the site will develop moving forward. Revelations that the site would no longer ‘employ’ admins and moderators to maintain what was the world’s most popular torrent site sounded some big alarm bells. How would the site cope with the inevitable flood of fake torrents without staff around to remove them?


    Those lucky enough to get on The Pirate Bay today (Cloudflare and caching errors permitting) will find that searches (that’s to say when the search feature works) reveal a somewhat sorry picture.


    Released in theaters on January 23, the Johnny Depp and Gwyneth Paltrow movie Mortdecai hasn’t been well received by critics. Nevertheless, some enterprising individuals released a ‘cam’ copy online a few days ago. But check out Pirate Bay and the listings for pristine Blu-ray rips and DVD screeners are plain to see.


    Some of these fakes have been present for three days, something that would never have happened when the site used mods to remove junk. That being said, maybe this title was a one off and simply got missed? Sadly, that’s not the case.


    Night at the Museum: Secret of the Tomb starring Ben Stiller and Robin Williams is another comedy currently doing the rounds in ‘cam’ format. However, those looking for the title on Pirate Bay can apparently download a special “screening” version not designed for public eyes.


    The third comedy in our tests – The Wedding Ringer – is currently doing no better. Despite only being available in poor quality ‘cam’ format, The Pirate Bay is listing Blu-ray, DVD and DVD screener copies for download. All are completely fake and have been on the site since Saturday.


    So if these aren’t the movies they’re claiming to be, then what are they? The answer is, quite simply, nothing good.


    At the very least they’ll be some prankster’s idea of a joke and at the worse will require the downloader to install some ‘special codec’ or ‘special video player’ to watch the promised movie. Of course, even if they do, no movie will be forthcoming. Instead the user’s computer will have some unexpected additions.


    Also problematic is the lack of user comments. While it appears that some users can comment on torrents (with advice about the torrent’s authenticity, for example) currently even the most popular torrents have little to no comments. Without this user feedback people will become victims of spam and worse.


    One saving grace is that a feature that was previously broken appears to have returned this morning. Users are now able to click on a username in order to see what other uploads he or she has made. Suspicious users – such as b3322210 – can then clearly be identified as mass spammers of fake uploads.


    Of course, people should keep in mind that the site has only been up 72 hours and its operators may have a plan to keep junk off the site in future. However, file-sharers are notoriously fickle and reputations built by sites over many years can be torn down in a fraction of that time.


    It’s worth noting that P2P software such as LimeWire and other “shared folder” apps are no longer used by the majority of file-sharers due to the complete lack of trust in what’s being offered. Without moderation the underlying networks turned into file cesspits that no sane person wants to spend much time around.


    Pirate Bay is a long way away from that, but something needs to be done sooner rather than later if the site is to regain the top spot both in terms of traffic and reputation with users.

  • Yify Rolls Out New Design and Features

    The popular movie release group YTS, also known as YIFY, has released a major overhaul of its site. In order to keep up with millions of pageviews per day the site's backend has been completely redone. In addition, the site has a new look, a new API, and several new features.


    Operated by the popular ‘YIFY’ release group, YTS has become one of the most popular pirate brands releasing several top movies on a weekly basis.


    The group releases its movies on various popular torrent sites, but in recent years its home base YTS.re has also gathered a steady user base.


    “We are currently looking at around 6.5 million pages views with just under a million unique users coming daily to the site,” the YTS team informs TF, adding that it’s roughly a 33 percent increase in uniques compared to last year.


    Since the old site wasn’t built to serve millions of page views per day it started to fail more often, causing all sorts of problems. Several improvements were needed to keep things running smoothly, and in recent weeks YTS worked hard to put these in place.


    Over the past weekend YTS was ready to roll out a major overhaul of the site. The backend was completely redone and the site got a redesign as well.


    “We didn’t really decide to make these changes, we were kind of forced to. In the past half a year the old site was failing us. It started to crash and die with all sorts of errors on a regular basis,” YTS tells us.


    While YTS was working on the backend they also decided to give the site a new look and roll out some frequently requested features. The movie pages were improved with new info and list both 720p and 1080p versions on the same page, for example.


    Another big change is the responsive design, which makes the site more easily accessible across various devices, including smartphones.


    “We are finally embracing the future. We have added a responsive layout for our mobile users making life a little easier when it comes to surfing the website from your smartphone,” YTS notes.


    Finally, the site’s API has also been upgraded and should be more simple to use now. This means that the developers of various Popcorn Time forks and other apps that rely on YTS will have to do some upgrades as well.


    The growth of YTS hasn’t gone unnoticed by Hollywood either. A few months ago the MPAA reported YTS to the U.S. Government in its overview of notorious markets, describing it as one of the most popular release groups.


    “[Yts.re] facilitates the downloading of free copies of popular movies, and currently lists more than 5,000 high-quality movie torrents available to download for free,” MPAA wrote.


    Needless to say, the movie industry group will be less excited with YTS’ continued expansion.

  • advice needed please

    In that case, a little info for you regarding this hobby...


    Typically you will need a package of your own to share, weather it is a uk viewing card, a spanish card, italian card etc...... you will need a card of some description which you can setup and exchange with others who in turn will share their packages with you


    On top of that, you will need a decent motor to drive the dish, our sponsor sells a quality Technomate motor for around £40 and a decent lnb perhaps inverto black ultra will set you back about £10 - £15


    You will of course need a decent receiver and not forgetting brackets for the instalation

  • CANAL + Sport Stop broadcast on SD decoders to prevent piracy

    As part of the distribution of the Orange Africa Cup of Nations, we are forced to change the distribution of CANAL + SPORT signal to enhance security and limit piracy of our programs.


    Some decoders are compatible with this more secure distribution.


    Also, if you have an older generation decoder (SD), you will not receive this channel from 21 January 2015.



    To find CANAL + SPORT on your TV, you can aquire the decoder + LE CUBE.


    To assist you in this change., Please visit the website ESPACECLIENTCANAL.FR section MY ACCOUNT / CHANGE MY ABONNEMENT or contact one of our advisors on 0891 39 40 40 (0.23 € / min from a landline)


    You can also watch CANAL + SPORT on myCANAL from your computer to mycanal.fr or from your tablet and / or smartphone on myCANAL application.


    Thank you for your understanding and remain at your disposal for any further information.

  • SuperBowl 2015 HD Feed

    SuperBowl 2015 HD Feed


    This feed has been displaying the build up for the past couple of days and therefore is a good chance the game will be on also tonight (that's how it happened last year anyway)


    7 East - 11167 - H - 15000 - HD - superbowl hd420enc

  • Odds shorten on Mediaset-*** purchase

    Italian media is speculating about the possibility of an acquisition by *** of the loss-making DTT platform Mediasat Premium.


    The catalyst has been the €700 million contract for the Champions League that will be held exclusively by Mediaset for three years from the start of the next season. It has been suggested that Mediaset might look to offset some of the cost by sub-leasing matches to a third-party, something the media giant has flatly denied.


    “Mediaset invites the media not to feed fanciful hypotheses circulated with the sole purpose of confusing the public. We are not in negotiations for agreements of sub-sale of TV rights to other broadcasters in the Champions League acquired exclusively by Mediaset for the years 2015-2018. Negotiations that will not open either now or in the next few months,” the broadcaster said in a forceful statement.


    Despite the denial the rumours have expanded to the possibility of a purchase of the entire platform; Mediaset has already sold 11% of Mediaset Premium to Spain’s Telefonica.


    London-based Enders Analysis suggests *** might be better off waiting. “Getting rid of competition would allow *** to raise prices, but also burden it with the new contracts. At best, if it kept the Premium subscribers on DTT to limit churn, *** would have a small revenue upside, said Enders.


    It says the regulatory risk looks substantial, including mandated third-party access to the platform and wholesale of content.

  • Eurosport France leaves DTT

    Eurosport France has terminated its distribution on the French pay-TV DTT network on January 21, 2015 following green light by media authority CSA to hand back its DTT slot.


    The reason for the move is the change in Eurosport France’s shareholders. The channel is currently owned 80% by French commercial broadcaster TF1 and 20% by Discovery Communications,
    majority owner of Eurosport International since June 2014.


    The US media group will soon increase its stake in Eurosport France to 51%. The take-over of the controlling interest prompts the channel’s DTT retreat: The shareholding of a non-European company in a TV channel distributed terrestrially in France must not exceed 20%.


    In addtion, there might be a business reason from withdrawing from the TNT network; Eurosport was offered as a ‘low pay’ channel, a business model which does not seem to work in France for digital terrestrial, as is testifeied by a number of closures of such channels, including kids channel Canal J, Groupe AB’s AB1, while more recently, TF1’s LCI, Première and Planete+ asked to be moved from pay to free-to-air distribution. In December, TF6 terminated its broadcasts.


    At the moment, the French TNT network continues to offer the following pay channels: Paris Premiere, Planete+, LCI (news) and the Canal+ channels, Canal+ Cinema and Canal+ Sport.

  • Greece to restart ERT

    Greek public broadcaster ERT (Hellenic Broadcasting Corp) was ordered to close in June 2013, and has struggled ever since with some 2600 staff laid off. ERT returned to air in July 2013 with a dramatically cut-down broadcasting schedule reflecting the country’s austerity programme, and a new name NERIT (New Greek Radio, Internet & Television organisation).



    Greece’s newly-electric prime minister Alexis Tsipras now says that NERIT will be reformed “immediately” and that ERT can re-hire its former “unlawfully dismissed” employees.



    Whether this promise means that the broadcaster’s three orchestras, 19 local and five national radio stations, plus television channels, will all be reinstated is – as yet – unclear. NERIT currently is on air with 6 radio channels and two TV channels.

  • BBC retains Premier League highlights

    The BBC has renewed its deal to show Premier League highlights for a further three years, through to and including the 2018/19 season. The agreement covers the weekend programming of Match Of The Day; its Sunday morning repeat; MOTD2; Football Focus; plus a new midweek magazine show to air 10pm Wednesday nights on BBC Two and BBC Two HD. It is understood the BBC paid 13.5 per cent more than the £179.7 million it bid for the current rights


    Some observers suspected that ITV may try to wrest the rights, as its football programming from the 2015/16 onwards is limited to England national team qualifiers, and it has a ‘Champions League’ dividend available having lost its live rights – shared with *** – to BT Sport .


    The new midweek programme will review and preview the weekend’s action with all the latest Premier League news, going behind the scenes at Premier League clubs and bringing interviews with managers, players and those who have made their mark on the league’s illustrious history.


    All of the BBC’s Premier League programmes will be available on the BBC iPlayer.


    Barbara Slater, Director BBC Sport said Match of the Day was the most iconic brand in television sport, and the BBC worked hard to ensure that it continued to be the destination for millions of viewers each weekend across platforms. “It’s very exciting to be able to add a new midweek show to the mix, reflecting the continued appetite for Premier League action and analysis,” she added.


    “Sport matters. It brings the nation together. It can break hearts and raise spirits. And because it matters to the public, it also matters to the BBC,” declared BBC Director General Tony Hall. “That’s why it’s fantastic news that we have kept the Premier League highlights. It’s the best and most exciting league in the world. The BBC has made the highlights programme, through Match of the Day, a national treasure, and fans can look forward to enjoying all the drama with us for another three years.”


    “The BBC has done a fantastic job with its Match of the Day programmes which provide high quality coverage and analysis for fans of Premier League clubs,” commented Premier League Chief Executive, Richard Scudamore. “The UK highlights allow the competition to be viewed by the maximum number of fans across the country and the addition of a mid-week magazine show will add a new dimension to the BBC’s Premier League coverage. This season is Match of the Day’s 50th anniversary – an illustration of the BBC’s commitment to top flight English football – and a fitting year in which to renew our partnership with them.”

  • KickassTorrents Users Fight Back Against DMCA Takedown Purge

    Many uploaders at KickassTorrents have voiced their frustration after tens of thousands of files disappeared from the site in a few days. Copyright holders are increasingly 'destroying' the hard work of these pirates, who plan to 'fight back' this Sunday with "KickAss Upload Day."


    uploaddayAs the largest torrent site on the Internet, KickassTorrents (KAT) has become a prime target for copyright holders.


    In terms of daily visitors KAT is comparable to The Pirate Bay at its height, but there’s one key difference. Unlike TPB, KAT accepts DMCA takedown notices so rightsholders have the option to remove infringing content from the site.


    Thus far the popular torrent index has processed more than half a million requests. While that’s already a decent number, last week many KAT users noticed that content had started to disappear at an increasing rate.


    “In the past 48 hours over 200 of my uploads have been removed due to the DMCA. In the past four years only 100 had been removed. Does anyone know what’s going on?” KAT’s “elite mod” Politux wrote a few days ago.


    “I haven’t uploaded as much as you, but I’ve lost 6% of my torrents to DMCA,” another user replied, before many more joined in to count their losses.


    Ironically, the thread where the discussion on the takedown purge started was quickly removed. But that didn’t stop the complaints from pouring in. In several forum posts and blog entries people started discussing the takedowns, with some even threatening to leave the site over it.


    Looking at KAT’s takedown stats we see that there has indeed been a significant increase in DMCA takedowns. Over the past week KAT has removed close to 30,000 torrents, which is more than 5% of all files that have been removed in the site’s entire history.


    While the spike may just be temporary, KAT admin Mr.Gooner has seized the opportunity to respond in style, declaring February 1st to be “KickAss Upload Day.”


    “Due to a recent rise in Torrents deleted because of copyright reasons and the mass of users rightfully having a grumble I suggested we should have a day like this as a ‘fight back’ if you like,” Mr.Gooner writes.


    “A way of encouraging everyone to upload and let these removals go over our heads, to work together as a unit & to continue enjoying each and every minute of KAT and one another’s uploads,” he adds.


    The idea seems to be catching on as the call to action has already generated hundreds of replies, with many uploaders vowing to upload as much as they can. On an average day KAT lists roughly 5,000 new torrents, but there may be a few more today.


    Whether copyright holders are planning a counter-response is unknown, but based on the reactions thus far the DMCA whack-a-mole won’t end anytime soon.

  • The Pirate Bay Is Back Online!

    The Pirate Bay has risen from its digital ashes once again. TPB is back online today, more than seven weeks after its servers were raided . The notorious torrent site is operating from the familiar .se domain and it appears that data loss is minimal.


    pirate bayEarly December The Pirate Bay was raided at the Nacka station, a nuclear-proof data center built into a mountain complex near Stockholm.


    After being down for two weeks the domain came back online waving a pirate flag on its temporary homepage.


    TPB later added a countdown to February 1st, alongside several hints that the site would reappear that day.


    Today we can report that The Pirate Bay has lived up to the comeback expectations, with a comeback one day ahead of schedule.


    A few minutes ago the site started serving torrents to the masses again, much to the delight of millions of users. The Pirate Bay’s homepage currently features a Phoenix.


    3ee508357d5bb063.jpg


    The Pirate Bay doesn’t have any ads at the moment but the look and feel of the site is familiar, and the user accounts are working properly too. The “Contact Us,” “RSS” and “Register” links are not operational yet and result in a 404 error.


    Based on the recent torrents it appears that data loss is minimal. The latest upload was on December 9 last year, the same day TPB’s servers were raided.


    There is one quite significant change though. The Pirate Bay staff can no longer access the moderation panel.


    Earlier this week TPB staff already told us that they would be locked out of the reborn site. This kind of streamlining would make the site easier to manage and the risk of being brought down for a third time.


    However, these planned “optimizations” caused mutiny among the site’s original staff members.


    WTC-SWE, one of the lead admins of The Pirate Bay, told us that they are launching their own version of the Pirate Bay, which they believe will be the real one.


    These “former” staff members will also relaunch the official Suprbay forums. Interestingly, Thepiratebay.se is no longer listing Suprbay in its links section.


    To make the matter even more confusing, Pirate Bay’s downtime spurred the development of various spin-offs, all of which have steady userbases of their own. Isohunt.to’s OldPirateBay.org is currently the largest, with millions of visitors per day and the number one spot for the search term Pirate Bay in Google.


    It will be interesting to see if thepiratebay.se can reclaim these visitors during the months to come.

  • Movie Release Group Members Plead Guilty

    Five men in the UK have pleaded guilty to conspiracy to defraud for their participation in the unlawful release of movies onto the Internet. The case, which was heard in Crown Court this week, features big numbers including the distribution of up to 9,000 movies with five million viewers.


    factPlacing unreleased movies onto the Internet whilst located in the UK is a ri*** business and one likely to attract the attention of anti-piracy companies if done on a large-scale.


    FACT, the Federation Against Copyright Theft, are particularly vigilant in this area and have launch numerous investigations into those it believes have infringed their movie partners’ copyrights.


    On February 1 2013, FACT announced that they had joined police officers from the Economic Crime Unit to carry out raids in the UK targeting four addresses in the West Midlands.


    Following a hearing in September 2014, the case was heard in Wolverhampton Crown Court this week. It’s the culmination of three years’ investigative work by FACT into the “source and supply” of copyrighted movies.


    The accused are: Graeme Reid, 40, from Chesterfield, Scott Hemming, 25, and Reece Baker, 22, both from Birmingham, Sahil Rafiq, 24, of Wolverhampton and Ben Cooper, 33, of Willenhall.


    In line with previous FACT-led prosecutions, copyright infringement is completely off the table. All men pleaded guilty to Conspiracy to Defraud a charge that previously saw SurfTheChannel’s Anton Vickerman jailed for four years.


    In an earlier FACT press release the men were referred to as members of The Scene but one of the accused informs TorrentFreak that simply isn’t true.


    “They say we were in The Scene – no, we were P2P,” he said.


    Unless other connections come out in court, his claims appear to be true.


    TorrentFreak has learned that the investigation spanned several BitTorrent-based release groups including 26K, RemixHD and UNiQUE, plus torrent sites Unleashthe.net (the site run by busted US-based release group IMAGiNE) and TheResistance.


    Nevertheless, the case marks the first time that a group of movie releasers have ever gone to court in the UK and the signs are not promising for the men. Big numbers are being thrown around including the unauthorized release of up to 9,000 movies alongside claims that up to five million people may have viewed them.


    At the end of the hearing the men were released on bail. They’re now in the hands of FACT’s private prosecution and whatever the court decides is an appropriate sentence following their guilty pleas. The extent of both will be revealed at a hearing later in the year.

  • Huge Security Flaw Leaks VPN Users’ Real IP-Addresses

    VPN users are facing a massive security flaw as websites can easily see their home IP-addresses through WebRTC. The vulnerability is limited to supporting browsers such as Firefox and Chrome, and appears to affect Windows users only. Luckily the security hole is relatively easy to fix.


    boxedThe Snowden revelations have made it clear that online privacy is certainly not a given.


    Just a few days ago we learned that the Canadian Government tracked visitors of dozens of popular file-sharing sites.


    As these stories make headlines around the world interest in anonymity services such as VPNs has increased, as even regular Internet users don’t like the idea of being spied on.


    Unfortunately, even the best VPN services can’t guarantee to be 100% secure. This week a very concerning security flaw revealed that it’s easy to see the real IP-addresses of many VPN users through a WebRTC feature.


    With a few lines of code websites can make requests to STUN servers and log users’ VPN IP-address and the “hidden” home IP-address, as well as local network addresses.


    The vulnerability affects WebRTC-supporting browsers including Firefox and Chrome and appears to be limited to Windows machines.


    A demo published on GitHub by developer Daniel Roesler allows people to check if they are affected by the security flaw.


    The demo claims that browser plugins can’t block the vulnerability, but luckily this isn’t entirely true. There are several easy fixes available to patch the security hole.


    Chrome users can install the WebRTC block extension or ScriptSafe, which both reportedly block the vulnerability.


    Firefox users should be able to block the request with the NoScript addon. Alternatively, they can type “about:config” in the address bar and set the “media.peerconnection.enabled” setting to false.


    TF asked various VPN providers to share their thoughts and tips on the vulnerability. Private Internet Access told us that the are currently investigating the issue to see what they can do on their end to address it.


    TorGuard informed us that they issued a warning in a blog post along with instructions on how to stop the browser leak. Ben Van Der Pelt, TorGuard’s CEO, further informed us that tunneling the VPN through a router is another fix.


    “Perhaps the best way to be protected from WebRTC and similar vulnerabilities is to run the VPN tunnel directly on the router. This allows the user to be connected to a VPN directly via Wi-Fi, leaving no possibility of a rogue script bypassing a software VPN tunnel and finding one’s real IP,” Van der Pelt says.


    “During our testing Windows users who were connected by way of a VPN router were not vulnerable to WebRTC IP leaks even without any browser fixes,” he adds.


    While the fixes above are all reported to work, the leak is a reminder that anonymity should never be taken for granted.


    As is often the case with these type of vulnerabilities, VPN and proxy users should regularly check if their connection is secure. This also includes testing against DNS leaks and proxy vulnerabilities.