If you use the Torrents Time browser plugin to stream videos from torrents on trackers like The Pirate Bay, you probably already know that’s illegal. But it’s potentially dangerous to use as well.
According to Sampson, the plugin appears to be attempting to run an entire torrent client in your browser. Because it’s poorly coded, it misuses the cross-origin resource sharing (CORS) mechanism and could allow malicious sites to stream files other than what you wanted to watch. It also logs your IP address and location.
Torrents Time also seems to use between 50 and 80 percent of your computer’s CPU cycles, which is entirely unnecessary and symptomatic of flawed coding.
You’re better off uninstalling the plugin for now, even if it does mean losing the ability to stream torrents in your browser.
Update: The Torrents Time team has shared a response to Sampson’s comments. Concerning the issues we’ve highlighted above, the group said:
User Tracking/Privacy: The full code of the XHR function which Sampson copied a part of, can be found here on line 712. It’s not that he dissected the application to retrieve it. It’s an open source code.
It is thus obvious to anybody with some knowledge of the matter (or who has no hidden agenda) that Torrents Time has no issue of CORS. None whatsoever. Sampson appears not to be the expert he claims to be (or he has a hidden agenda).
Skyrocketing CPU usage: Even clever Mr. Sampson doesn’t know why he’s machine consumes so much of his CPU or crashes. He may have installed a virus of his own. We’ve not have had a similar complaint from normal users, but if we do, we’ll fix it. We know how to and we want the users to enjoy Torrents Time. Crashing their computers is not something we want.
Despite Sampson’s hollow statements, Torrents Time does not enable attackers to control your computer! It’s safe, user-friendly and fun.