Maybe You Shouldn’t Stream Torrents In Your Browser

photo: Gizmodo

A dissection by Andrew Sampson, as well as people on the /r/Piracy subreddit, has thrown up a few worries about how the plugin works. At heart, Torrents Time is trying to run an entire torrent client in a webpage and using a service, which leads to some “creative” programming, and some serious security flaws. The most egregious is the abuse of cross-origin resource sharing (CORS), a mechanism that lets one webpage request resources from another webpage. Sampson shows that because of how it’s set up, it proves to be a gaping security hole that could compromise what you download, not to mention your real IP address—not good for something used for illegal downloads. – Chris Mills, Gizmodo