Is Stremio a honeypot?
Is Stremio a honeypot?
Does anybody have the impression that Stremio may be a honeypot of some sort?
Thay are allegedly a legal service where some nefarious actors provide torrenting plugins etc. I tried to find out how they were financed, and found northing but a site purportedly selling "Web3" advertising, and filled with technobabble nonsense. No address, no way to purchase their services no GDPR notice or anything...
All I can find regarding their safety are "It's legit, nothing has happened to me so far" comments in reddit and other boards.
They have your email, they host the service, they can track all you do...
Seems kind of fishy.
Ive tried it, ironically, to watch stuff that I pay for, I have Netflix, prime video, Disney... But Stremio gives me much higher resolutions.
Even though I live in a country where sailing the high seas is not persecuted, as long as you are the end-user and you derive no profit, I'm going to delete my account (made with an email address I have for bullshit stuff ), make a new one with a truly disposable email and get a VPN.
I stopped using it because I figured if everyone did this and stopped sharing torrents, neither would work
It's kinda selfish
I read a comment somewhere that Stremio uploads like a normal client. Just a comment oc, but it should be easy to check for a network savvy reader. It may be that the plugin does it, dunno.
It does when you're watching. I have sys monitor widgets with rainmeter on my PC and whenever I'm watching something, it cpu is at least 5 or so degrees hotter and there's 5 mb + network activity on the upload. You can check yourself on system monitor.
Hmm. I just heard about Khoj https://github.com/khoj-ai/khoj from worldofai on YT https://youtu.be/Lnx2K4TOnC4
From the readme:
Khoj is an application that creates always-available, personal AI agents for you to extend your capabilities.
You can share your notes and documents to extend your digital brain. Your AI agents have access to the internet, allowing you to incorporate realtime information. Khoj is accessible on Desktop, Emacs, Obsidian, Web and Whatsapp. You can share pdf, markdown, org-mode, notion files and github repositories. You'll get fast, accurate semantic search on top of your docs. Your agents can create deeply personal images and understand your speech. Khoj is open-source, self-hostable. Always.
The LARPers on c/Piracy are finally taking a break from shouting 'high seas' and discovering the tragedy of the commons!
I started using it since I filled up my NAS and couldn't keep hoarding stuff for my arr stack and Plex.
To be fair I always seed at least at a 2 ratio, and when I use Stremio (or Kodi) I use them through a Real Debrid account.
You don't need to make an account. There is a guest login option.
The shadiest thing I am aware of them doing was the time they added a crypto miner and asked users to choose between that or ads.
For me, the guest login option only appeared on first boot. When i came back to it the next day it was gone and i had to use a fake email to signup :/
Stremio is a parasite. They are "legal" because the app itself doesn't contain anything illegal, you have to add the plugins on the side. It is just awful because it just leeches from torrents and don't seed anything.
We're just self hosting our stuff and using Jellyseer, it's convenient and we can just forget stuff seeding as long as we can
Shouldn’t the complaint be about real debrid then? People just want convenience, buying a bunch of hard drives setting up jellyfin getting a vpn waiting for things to download when you want to watch something is annoying. Paying 35 dollars for a year of hassle free easy to setup high quality streaming is an amazing deal to most.
People that really want convenience just pay for streaming services. Stremio has a shitty transferrate and even with 1GB internet you aren't able to watch anything 4k, for example.
I can't relate with the complait about setting up jellyfin/VPN, that's something you only need to do once. Theorically Stremio would also need a VPN because it is getting it from a torrent, no? Just get stuff you need in advance and you won't have to wait and will get to watch something HQ if you have the setup to do so.
I also don't know/care about debrid so I can't comment on it. Isn't it direct download?
Something can be shady and not a honeypot. It's much more common. Its like people forgot this and now anytime anyone feels something is sus this type of post appears.
Unlikely.
Seems like a lot of effort when torrent trackers already provide plenty of low hanging fruit.
I use it with real debrid and a vpn. I have it on a few android TV devices. I need the ease of use for my luddite wife and 5 year old.
I never considered the re-seeding issue until now. Do the debrid servers not re-seed?
I'm working on a homelab and will eventually try to set up jellyfin, but this is a work in progress.
Same, just need to find the time and motivation. I have all of the equipment I need.
I'm in over my head a little bit. I've got an old desktop converted to a server running proxmox. But I can't ssh into it or access the web interface. It's obnoxious.
Isn't it open source?
If you are not hosting, it having a repo on Github makes no difference. The server you are connecting to might have a different service running and you cannot know.
Is every open source app audited? Look at the XZ near disaster. And XZ is pretty critical software. Open source doesn't mean it's safe by default, it means that the code can be read.
The XZ topic was way more complicated than that and overly exaggerated by some people. Open source is still the closest thing we have to "safe by default".
Still, as someone else stated, if you're not hosting it's not truly open source as you can't really verify the actual code running behind the server.
IMO the XZ thing shows the strength of open source, some turbo pedant found the backdoor within about an hour of it being released because a program took 0.3 seconds longer to start. That wouldn't be possible in a closed source app that can't be debugged properly.
Yeah, but usually with open-source software you get like 150 Github comments complaining and outlining their shady business practices... If there's something to complain about.
The XZ disaster is an example for sth else. There are probably more backdoors in proprietary software that we just don't know about. And they can just keep it hidden away and force the manufacturers to do so. No elaborate social engineering like in the XZ case needed... And no software is safe. They all have bugs and most of them depend on third-party libraries. That has nothing to do with being open or closed source. If so, being open provides you with more of a chance to catch mischievous behaviour. At least generally speaking. There will be exceptions to this rule.
I'm always incredibly skeptical of these super easy "all in one" solutions. Would rather do the work myself just to make sure.
I did the work first, then filled up my disks and moved to Stremio, no regrets, and yeah both solutions offer a better experience than Netflix, Prime Video, MAX, Disney+ and Star+ (which are the platforms I am have/once had.
With PopcornTime it was the same thing, but it got too popular
I'm not sure if it's a honeypot, but I am sure it's never worked well for me and just caused more headaches.
Same here
No not a honey pot. That's now how honey pots work.