IPVanish is getting into summer mode with an amazing deal. You can now get the top VPN service for just $4.50 a month if you opt for a 3 month subscription, totalling $13.50 or €12.50. The offer is valid for new users and it can get renewed every 3 months -lifetime offer- for the same, super-low price! The offer is running for a specific time only and in the specific from 21st of May 2019 at 12:01am UTC until the 1st of June 2018 at 11:59pm UTC. So if you want a great VPN service at a super low price, this is your chance. And as a side-note, this is the VPN service I also use daily.
Why choose IPVanish VPN
Other than having a great price especially with this unique offer, IPVanish offers a lot of advantages that should make you consider getting it:
User-friendly apps for all of your devices
Access to the world’s fastest VPN
40,000+ shared IPs, 1,300+ VPN servers in 75+ locations
Unlimited bandwidth
256-bit AES encryption
Zero traffic logs
Anonymous torrenting
Unlimited P2P traffic
SOCKS5 web proxy
Access to censored apps & websites
IKEv2, OpenVPN, and L2TP/IPsec VPN protocols
Unlimited server switching
10 simultaneous connections on multiple devices
24/7 customer support
7-day money-back guarantee
How to get IPVanish lifetime discount with the 3 month billing plan
In order to get advantage of this amazing lifetime discount offer, simply create a new user account, using a new email if you had already an account with IPVanish, using the following link: https://bit.ly/2YMs110
https://dimitrology.com/wp-content/uploads/2019/05/IPVanish3mo.jpg300600Dimitrologyhttps://dimitrology.com/wp-content/uploads/2019/11/WEBSITE-LOGO-2020-SMALL.pngDimitrology2019-05-23 11:25:342019-05-23 11:25:36IPVanish VPN deal for just $4.50 a month for 63% OFF – Lifetime Discount!
Last June, popular ‘pirate’ IPTV service SET TV went offline after being sued by DISH Network and encryption partner NagraStar.
In a Florida court, the defendants were accused of creating and selling subscriptions to the SET TV service which, among other things, offered numerous television channels that were unlawfully obtained from DISH’s satellite service and retransmitted to customers.
The $20-per-month platform had offered its subscribers a package of 500 live channels, including on-demand content and PPV broadcasts, sometimes via pre-configured hardware devices.
Last November that case ended in DISH and NagraStar’s favor, with the former awarded statutory damages of $90,199,000 ($500 for each of the 180,398 subscribers SET TV had) following an agreement with SET TV.
“The judgment and injunction against the SetTV service marks a significant victory in the ongoing fight against pay-TV piracy, and a win for consumers who subscribe to legitimate pay-TV services,” DISH said in a statement.
But while the case against SET TV was being wrapped up, another case lay pending. In a second complaint, filed in Florida May 1, 2018, DISH and NagraStar targeted Julie Bishop and her company A-Box TV, which they accused of acting as a reseller for the SET TV service.
“Defendants sell subscriptions and devices for a pirate streaming television service called ‘SET TV’, which includes numerous television channels that were received without authorization from DISH’s satellite service and subsequently retransmitted without authorization on the SET TV pirate streaming service,” the complaint reads.
The filing goes on to list several now-defunct A-Box URLs (including a-boxtv.com, shop.a-boxtv.com, and store.a.boxtv.com) from where the service and associated devices were sold to customers.
A-Box – A SET TV reseller (Website from 2017)
In common with SET TV, A-Box was accused of offering packages costing $20 per month and selling set-top devices pre-loaded with the SET TV service. Among the illegal broadcasts offered to customers was the record-setting Mayweather v. McGregor boxing match, grabbed from the DISH service and unlawfully distributed.
Screengrab from A-Box’s Facebook page (via complaint)
Following the judgment in the SET TV case last year, it seemed unlikely that the case against A-Box would end well for the defendants. That was confirmed Tuesday with District Judge Mary S. Scriven signing off on an agreed judgment and injunction.
The order states that Julie Bishop and A-Box TV LLC are, among other things, permanently enjoined from “redistributing or retransmitting any DISH satellite signal or over-the-top (‘OTT’) signal” and/or “distributing, copying, reproducing, performing, hosting, streaming, or displaying any video programming” owned by DISH or its affiliates.
There are damages too, which are significant.
The defendants are ordered to pay DISH $2,000,000 which represents $10,000 for each violation cited in the complaint. Whether or not that amount will ever be paid is likely to remain unknown but the parties will cover their own attorney’s fees and costs.
The original complaint can be found here and the consent judgment here
https://dimitrology.com/wp-content/uploads/2017/11/iptv-movies-film-feat.jpg2501179Dimitrologyhttps://dimitrology.com/wp-content/uploads/2019/11/WEBSITE-LOGO-2020-SMALL.pngDimitrology2019-05-23 04:05:022019-05-23 04:05:02SET TV IPTV Reseller A-Box TV Ordered to Pay Dish $2 Million in Damages
If you like watching movies and tv shows then TVZion in it’s latest version V3.7.1 is a great Android app with a huge library and great video quality. TVZion is really easy to use and works great on any Android device like an Android TV Box, Android smartphone or tablet, etc. You can also keep up with your your favorite TV shows as episodes are updated every day. So don’t wait up, jump in and watch free episodes and movies online with this great app.
Important – TVZion has been shutdown, it’s no longer working. Click here to read more.
How To Use TVZion 3.7.1
TVZion uses a very simple user interface from which you can browse the different contents available inside the app. With awesome functions like Auto Play Next Episode just like Netflix and Resume From Last it is now even easier than ever to use. You can find all the movies sorted by categories and all the seasons and episodes of your favorite tv shows. You only need to select any of them and press the play button to start watching them within the app. And other than movies and tv shows, anime is also on the menu, therefore, if you’re a fan of Japanese animations, you’ll be delighted to use this application. Also, it supports all the most used services like Trakt.tv, Real Debrid, Premiumize and external players as VLC and the best you can get in my opinion MX Player.
New Version 3.7.1
This is the latest version of TVZion APK as of today and has been released on May 22th 2019.
Download TVZion v3.7.1 APK
Select here in order to DOWNLOAD the app for Android devices.
For more apps and downloads, visit the dedicated section of Dimitrology Downloads here.
https://dimitrology.com/wp-content/uploads/2019/01/tvzion-kodi-959x675.jpg675959Dimitrologyhttps://dimitrology.com/wp-content/uploads/2019/11/WEBSITE-LOGO-2020-SMALL.pngDimitrology2019-05-22 16:37:472020-12-15 18:38:04Latest Version of TVZion 3.7.1 is out!
With over a million visitors per day, Pelispedia.tv was one of the most popular streaming sites in Latin America.
Just a few weeks ago, it was highlighted by the US Trade Representative as a notorious pirate site, following a referral from Hollywood’s MPAA.
By then, rightsholders and enforcement authorities already had their eyes focused on the site’s alleged operators, a couple from Uruguay. Following collaborative efforts from Interpol, rightsholders, and Uruguayan authorities, this culminated in two arrests last week.
According to Uruguayan prosecutor Mónica Ferrero, the alleged operators are charged with “a continuing offense of making available a digital broadcast for profit without the written authorization of their respective holders or successors, and a crime of money laundering.”
The two, who are referred to in local media by their initials JAGR and MJHG, will remain in custody for 30 days. Their case is being handled by a court specialized in organized crime, which will take a closer look at the allegations.
Initially, Pelispedia.tv remained online following the arrests, but since yesterday it is no longer available. The sister site Pelisplus is still accessible but is also expected to shut down.
Pelispedia
The pair reportedly have no other employment and made roughly $5,000 per month from the business. In addition to the arrests, several assets were seized including hardware, a 2008 Peugeot, a 2014 Volkswagon, $1,257 in cash, and two Payoneer cards.
The Alliance for Creativity and Entertainment collaborated with the authorities and is pleased with the outcome thus far.
“We thank Interpol, the Uruguayan police, and prosecutors for their leadership in this important action against a major illegal streaming service operator,” ACE spokesperson Richard VanOrnum said, commenting on the news.
MPAA Chairman and CEO Charles Rivkin agrees and sees the shutdown of Pelispedia.tv as another example of ACE’s successful and ongoing global effort to reduce piracy.
“Each time we collaborate with law enforcement authorities to disrupt major piracy operations like Pelispedia.tv, we support the millions of people around the world working in the film and television industry and the dynamic legal marketplace for creative content,” Rivkin notes.
There have been many stories published about Game of Thrones, mostly due to its massive viewing figures.
However, the now-concluded show wasn’t always viewed on legitimate platforms, something which made it the most-pirated show in TV history.
While breaking records on all platforms is something that many shows will settle for, behind the scenes there’s a constant battle against piracy. Over in Russia, that task has fallen to anti-piracy company Group-IB.
After working on behalf of streaming service Amediateka, which has held the exclusive distribution rights to Game of Thrones in Russia since April 2015, Group-IB has today revealed some of the facts and stats from its four-year campaign.
The headline figure is that since the launch of Season Five, Group-IB has carried out successful takedowns against 180,000 links to illicit copies of the show on websites, forums, and social media.
As the infographic below shows, enforcement was something of a crescendo, growing rapidly as the seasons progressed (bars represent takedowns during the seasons’ airings).
During Season 8, Group-IB’s team took down more than 43,700 links to pirated versions of the show in Russian.
While that’s a large number of takedowns in itself, those were spread far and wide, spanning 1,098 different websites. More than 90 of those sites were designed specifically to spread pirated copies of the show.
Like all takedown campaigns, Group-IB also placed an emphasis on removing links to pirated copies of the show from search engines. Yandex is Russia’s most popular portal so it’s no surprise it chose to focus there.
The company reports that more than 30,000 links were removed from the search engine. Group-IB informs TF that they were all links to streaming websites but also of interest was the pirates’ response to those takedowns.
According to the anti-piracy company, the operators of the sites were unprepared for their links to be removed from Yandex, so began taking counter-measures by duplicating their platforms to ensure a new search engine listing.
Amediateka, home of HBO in Russia
“In response to the blocking, online pirates struck back by creating mirrors on a daily basis – copies of their websites with new but very similar domain names. For instance, one of the pirates created more than 20 mirrors on their subdomains,” Group-IB reports.
“However, according to the pirates’ forum posts, the owners of pirate websites were not ready for the ‘attack’ on them: ‘Looks like somebody just wiped the links out. Some of the pages disappeared… some of them do not appear in search results’,” Group-IB reports, citing the operators’ comments.
The anti-piracy campaign also targeted social media and by default VK.com, Russia’s largest social networking site. Interestingly, after filing numerous complaints with VK, some of the groups on the platform reportedly decided to go straight, converting from places to host pirated videos to become Game of Thrones fan pages.
“Group-IB Anti-Piracy team filed many takedowns through VK moderators who forced the groups’ owners to remove infringing content,” the company informs TF.
“The groups which kept publishing pirated content despite the warnings from VK were banned. Others, which removed the infringing content, turned into fan pages so as not to lose traffic that can be converted to advertising revenues.”
Finally, some thoughts from Andrey Busargin, Director of Anti-Piracy and Brand Protection at Group-IB.
“For us the battle against online pirates, trying to profit off the illegal distribution of the Game of Thrones in Russian, was as fierce as for George R.R. Martin’s characters,” Busargin says.
“I would also like to highlight Amediateka’s commitment to counter online piracy in Russia: they brought in Group-IB Anti-Piracy team ahead of time and have been making continuous efforts to popularize legal viewership of the Game of Thrones making it available on its website, in movie theaters all over the country and even on the stadium.”
While there will always be historic GoT links to clean up, Group-IB also protects other titles, including True Detective, Billions, The Good Wife, and Westworld. Game of Thrones may be over, but the takedown work will persist for years to come.
After years of work, on March 26, 2019 the new EU Copyright Directive was adopted, with 348 Members of Parliament in favor, 274 against, and 36 abstentions.
A little under a month later, the EU Council of Ministers waved the legislation through, despite opposition from Italy, Luxembourg, Netherlands, Poland, Finland, and Sweden. Belgium, Estonia, and Slovenia abstained.
EU member states were then granted two years to implement the law, which includes the controversial Article 17 (formerly 13). That requires platforms like YouTube to sign licensing agreements with creators. If that proves impossible, they will have to ensure that infringing content uploaded by users is taken down and not re-uploaded to their services.
Or, if one takes on face value a recently published official translation of the Directive, something much more outrageous.
As revealed by Eleonara Rosati over at IPKitten, someone has made a small but monumental mistake when transposing the Directive into Italian.
7. The cooperation between online content-sharing service providers and rightholders shall not result in the prevention of the availability of works or other subject matter uploaded by users, which do not infringe copyright and related rights, including where such works or other subject matter are covered by an exception or limitation.
Now, the same section in the Italian version (translated back to English);
7. Cooperation between online content sharing service providers and rights holders must prevent the availability of works or other materials uploaded by users that do not infringe copyright or related rights, even in cases where such works or other materials are subject to an exception or limitation.
So, according to this translation, sites like YouTube must work with rightsholders to ensure that non-infringing works are never made available on their platforms, even when the use of such works is allowed under relevant exceptions, presumably including…..erm….fair use. Or is that unfair use? Difficult to say.
Considering Italy didn’t want this law to pass, it’s lucky this error got spotted early or the much-heralded “meme ban” might’ve been just the tip of the iceberg.
https://dimitrology.com/wp-content/uploads/2017/09/facepalm-featured.jpg2501200Dimitrologyhttps://dimitrology.com/wp-content/uploads/2019/11/WEBSITE-LOGO-2020-SMALL.pngDimitrology2019-05-21 07:02:062019-05-21 07:02:06Italian Version of Article 17 Requires LEGAL Content to Be Filtered Out
The data for our weekly download chart is estimated by TorrentFreak, and is for informational and educational reference only. All the movies in the list are Web-DL/Webrip/HDRip/BDrip/DVDrip unless stated otherwise.
RSS feed for the articles of the recent weekly movie download charts.
https://dimitrology.com/wp-content/uploads/2017/07/movie-featured.jpg00Dimitrologyhttps://dimitrology.com/wp-content/uploads/2019/11/WEBSITE-LOGO-2020-SMALL.pngDimitrology2019-05-20 16:00:512019-05-20 16:00:51Top 10 Most Pirated Movies of The Week on BitTorrent – 05/20/19
During February, China’s National Copyright Administration (NCAC) announced that it would be upping efforts to deal with copyright infringement.
On top of a promise to “dig deep” into the sources of piracy and “sternly investigate” online platforms that help to distribute pirated content, the NCAC said it would also target unauthorized “camming”.
Camming, the act of recording movies in theaters with video cameras, has been a major headache for the entertainment industries for decades. Illegal copies often hit the Internet within hours of a movie’s premiere, as was the case last month with Avengers: Endgame.
While the NCAC clearly couldn’t do anything about that serious event, the question remains whether physical deterrents (such as bag searches and action against complicit theater owners) can also be augmented by technical measures.
Before Endgame dramatically hit the web, the China-based partnership of Ogilvy and Focus Film Media, part of Focus Media Group, announced that they had developed a new system to prevent camming taking in place in cinemas.
“Originality is the soul of the film industry and the foundation from which it thrives upon; it is our job to protect this originality,” said Jason Jiang, Founder and Chairman of Focus Media Group.
“We are delighted to have gone beyond a conventional approach and develop the ‘Piracy Blockr,’ which allows us to address the problem in a discrete but effective way, ensuring that the film industry is protected for years to come.”
Piracy Blockr in action? (Credit: Ogilvy/Focus Film Media)
The image above, although clearly mocked up, provides an idea of how the system is supposed to work. A watermark, invisible to the viewer, is captured by camcorders when an attempt is made to record the screen.
So how does it work? TorrentFreak spoke with Ogilvy to find out.
“There is a lot more to light than what mere human eyes can detect, but a device in your pocket can help you see beyond your biological limits. Our eyes can only detect colors of light that we see as a rainbow, primarily shades of red, orange, yellow, green, blue, indigo, and violet,” says Silvia Zhang, Ogilvy Marketing & Communications Manager.
“So while our naked eyes can’t pick up on the wavelength of infrared light, the sensors in your phones and cameras can – essentially making the invisible visible.”
Image: Supplied by Ogilvy
Anyone with a smartphone can easily see what the system is about. Simply press a button on an infrared remote control and point it at the camera lens and the image on the screen will display the infrared light emitted by the device. The camera can ‘see’ the infrared light, we can’t.
“We used this to our advantage to combat the multi-billion dollar illegal cam recording industry by embedding panels of infrared light powered watermarks, which we call the ‘Piracy Blockr’, behind cinema screens in China,” Zhang adds.
The idea of using infrared light to foil pirates isn’t new. A report dating back almost 10 years reveals that Japan’s National Institute of Informatics had teamed up with Sharp to pulse infrared light through cinema screens to disturb digital recording devices.
Since we haven’t heard of any such devices actually being deployed in cinemas, we asked Ogilvy how many screens its system currently ‘protects’ in China. The company didn’t respond to our question, despite repeated attempts.
We also asked how the Piracy Blockr system is able to defeat determined cammers who attach infrared filters to their devices. The company didn’t respond to that question either. A request for a real-life image or video clip of Piracy Blockr in action received the same response.
Some research appears to have been carried out in India (pdf) which considered the challenges presented by pirates who deploy infrared filtering but the problem clearly isn’t straightforward. If it was, someone would be making millions by now while resigning ‘camming’ to history.
As for Piracy Blockr, we won’t be holding our breath while waiting for a live demo.
https://dimitrology.com/wp-content/uploads/2017/07/movie-featured.jpg00Dimitrologyhttps://dimitrology.com/wp-content/uploads/2019/11/WEBSITE-LOGO-2020-SMALL.pngDimitrology2019-05-20 00:59:512019-05-20 00:59:51Can a New Anti-Piracy System Really Defeat Cinema “Camming”?
Great New Offers For Android TV Box & Mini PC With Coupon!
The brand-new H96 MAX RK3318 powered by an Quad-core RK3318 64bit CPU and a Penta-core Mali 450 GPU and Android 9 Pie is on sale for just $42.99 over at Geekbuying by using the discount coupon IOUPFCLD.
Having great specs, especially for the price, the H96 MAX RK3318 is offering 4GB of RAM, 64GB of internal storage (eMMC), Dual Band WiFi 2.4G and 5G, Bluetooth v4, 1 x USB 3.0, 1 x USB 2.0, SD Card Slot, HDMI 2.0 for real 4K UHD resolution, AV out and an Ethernet 10/100M port. Not bad at all for an overall great perfomance for a media center and some light gaming as well.
H96 MAX Complete Specs:
General
Model: H96 MAX Type: TV Box
Hardware
OS: Android 9.0 CPU: Rockchip RK3318 GPU: Penta-Core Mali-450 Up to 750Mhz+ RAM: 4GB DDR3 ROM: 64GB eMMC
Support Decoder format: 4K VP9 Video decoder, H.265/H.264 video decoder 1080P other video decoders (VC-1, MPEG-1/2/4, VP6/8)” Support Media format: Avi/Ts/Vob/Mkv/Mov/ISO/wmv/asf/flv/dat/mpg/mpeg Support Music format: MP3/WMA/AAC/WAV/OGG/DDP/HD/FLAC/APE Support Photo format: HD JPEG/BMP/GIF/PNG/TIFF High Definition video output: 4K (4096×2160 pixel ) HDR: HDR10 and HLG modes HDD File system: FAT16/FAT32/NTFS
Another great offer for one of the top of the line Android TV Box out there, the Beelink GT-King that is on sale for just $115.99 by using the coupon FJKSUUMQ. It is powered by the newest and most powerful CPU by Amlogic, the S922X, which is a 12nm six-core chip featuring Quad-core ARM Cortex-A73 that can reach 1.7 GHz and Dual-core ARM Cortex-A53 that can reach 1.8 GHz.
Sports also 4GB of DDR4 RAM, 64GB of internal storage (eMMC), Dual Band WiFi 2.4G and 5G, Gigabit 1000M Lan port and also Android 9 Pie! Performance monster that is also using a Mali G52 MP6 GPU so you can enjoy not only amazing 4K UHD movies but also Android gaming. You can make it yours by using the coupon FJKSUUMQ at: https://bit.ly/2JOL6Lv
Beelink GT-KING Full Specs:
General
Brand: Beelink Model: GT-King Type: TV Box
Hardware
OS: Android 9.0 CPU: S922X Quad-core ARM Cortex-A73 and Dual-core ARM Cortex-A53 GPU: Hexa-core ARM G52 MP6 Graphics RAM: 4GB DDR4 ROM: 64GB eMMC
Communication
WiFi: 2.4G/ 5G WiFi LAN: 1000M Bluetooth 4.1
Video
Amlogic Video Engine (AVE) with dedicated hardware decoders and encoders Support multi-video decoder up to 4Kx2K@60fps+1x1080P@60fps Supports multiple “secured” video decoding sessions and simultaneous decoding and encoding H.265/HEVC Main/Main10 profile @ level 5.1 High-tier; up to 4Kx2K @ 60fps VP9 Profile-2 up to 4Kx2K@60fps H.265 HEVC [email protected] up to 4Kx2K@60f AVS2-P2 Profile up to 4Kx2K@60fps H.264 AVC [email protected] up to 4Kx2K@30fps H.264 MVC up to 1080P@60fps MPEG-4 ASP@L5 up to 1080P@60fps (ISO-14496) WMV/VC-1 SP/MP/AP up to 1080P@60fps AVS-P16(AVS+) /AVS-P2 JiZhun Profile up to 1080P@60fps MPEG-2 MP/HL up to 1080P@60fps (ISO-13818) MPEG-1 MP/HL up to 1080P@60fps (ISO-11172) RealVideo 8/9/10 up to 1080P@60fps
Display
HDMI 2.1 output up to 4K@75Hz HDMI 3D video formats HDMI HDCP 2.2 AV(CVBS) 480i/576i
Interface
USB3.0, USB2.0, HDMI, LAN, AV jack, SD card slot, DC in, SPDIF
Power
Power Type: External Power Adapter Mode 12V-1.5A 18W Certification Input: 100-240V~50/60Hz , Output: 12V 1.5A
Dimensions&Weight
Product size: 10.8 x 10.8 x 1.53 cm / 4.25 x 4.25 x 0.60 inches Product weight: 190g Package size (L x W x H): 13.5 x 15.4 x 7.5 cm / 5.31 x 6.06 x 2.95 inches
Package Contents
1 x TV Box 1 x 2.4G Voice Control 1 x Power Adapter 1 X HDMI Cable 1 X User Manual
If on the other you found another TV Box and isn’t on sale, no worries! You can still get a$5 Off for orders over $50 for all EU Stock TV Boxes: by using the discount coupon ZZSNFQSG.
https://dimitrology.com/wp-content/uploads/2019/05/geekbuying.jpg175348Dimitrologyhttps://dimitrology.com/wp-content/uploads/2019/11/WEBSITE-LOGO-2020-SMALL.pngDimitrology2019-05-19 13:47:072019-05-19 13:54:10Great New Offers For Android TV Box & Mini PC With Coupon!
For better or worse, one of the most powerful features of Kodi is the ability to extend its capabilities via addons. Key components in this are the repositories, or “repos” as they’re more commonly known. They allow for quick and simple installation and upgrade of addons, but as with the whole topic they too have a darker and riskier side that many users do not consider.
Before we go into details of those risks, let’s first set the background by considering what a repo actually is and what it enables.
As most users know, there are two main ways of expanding Kodi’s functionality with addons – install from zip and install from repo. Install from zip does exactly what it says on the tin: it installs a given addon into Kodi using a zip file package that contains the addon code. That zip file may be either downloaded from the internet and transferred onto the device where Kodi is running, or it can be accessed directly over the internet via an added source (most commonly through the Kodi file manager). This route is mainly intended for addon development purposes, prior to release and inclusion in a repo.
There are two main issues with this approach. The first problem is that the installation is then static. If the addon is updated or modified, Kodi won’t know this and any updates will need to be manually installed by the user. The second issue, however, is the one most commonly encountered by users, in that any other addons or code that the original addon depends on (that it uses or references, and requires to be installed for it to run) will not be automatically installed. Thus, for the original addon to operate and not just generate log errors or crash, all of its dependencies, both the correct packages and the correct versions, need to be manually located and installed separately.
So, What’s a Better Way?
Using a repo can solve both of these issues. A Kodi repo contains links to the current (and, commonly, also older) versions of the addon plus any required dependencies. So it acts as a “one stop shop” to install the given addon, with the bonus that it can be done via the Kodi GUI using the Install from repo option. With the exception of the official Kodi repo (which comes built into the Kodi core code), the only install from zip that is required is the original one to install the repo itself.
The real power of the repo, though, is that when the addon author updates their addon and pushes that new version to the repo (whether the official one or their own third-party one which the user has installed), then Kodi will see that the update is available and can either offer the update or just update it automatically, depending on configuration. So, with minimal or even no user effort, addons can be quickly and easily maintained, and distributed, keeping all user devices up to date.
Sounds Great – What’s the Catch?
That update functionality is where the potential risks come into play, however, especially for the common third party “all-in-one” repos (containing addons from multiple authors) that can be obtained from various internet sites and sources. Currently, if a newer version (with a higher version number) of a given addon is pushed to an installed repo, then the addon can be updated regardless of which repo the addon originally came from. Hence, if a malicious programmer pushes a new version of an addon (which may or may not be their own) to an installed repo, then anyone who had the original version will get the poisoned version installed onto their device instead. This is a obviously a very undesirable outcome and would lead to widespread issues if a popular addon were to be subverted.
Another big issue with third-party repos is the fact the domain name might be abandoned and expire while users still have the repository installed. This could enable an attacker to later register that expired domain, effectively taking it over. They could then replace the existing addon content with malicious code. This exact scenario is a significant enough risk to have been covered in several security conferences last year, for example this one.
If Only Someone Could Do Something…
There have been internal Team Kodi discussions on how to manage this risk, ranging from disallowing third-party repos completely, through to only allowing addons to update from their original repo, and on to the official stance of leaving things as they are as all of this should be the user’s responsibility anyway. Another issue is that there are cases which complicate any such restrictions, such as the use of testing “beta” repos for unstable versions of addons either under construction or for adding new features. This most commonly applies to skins, but also when addon authors make early or “bleeding edge” versions of new or existing addons available for public testing using this method.
In the case of the built-in official repo, each and every addon submitted to it is thoroughly reviewed, examined and tested by the repo maintainers (all Team Kodi members) to ensure it poses no risk to our user base. There are also limitations placed on addons – such as containing no pre-compiled, obfuscated or executable code (“binary blobs”) – all to try and stop our addon update system becoming a distribution path for malware. For third-party repos though, no such checks are, of course, performed by the team. So for each repo to be installed, the user – that means you! – should consider where it has come from, and whether they trust the author or organisation that has supplied it. Ask yourself whether they maintain such diligence over what is included in the repos they provide.
For cases such as the well-known individual addon author and their beta repos containing only their own work, the risks are often minimal. The “all-in-one” style repos, though, obviously offer a significantly higher risk of problems, especially for those that just seem to scrape any and all repos that they can access on the net, often without author agreement or consent. This is why many such repos are included on the Team Kodi banned addons list, although their common inclusion of banned piracy addons would place them on the list anyway. It’s also why Team Kodi offers no support for “builds” which pre-install addons or repos, as this is another common gateway to malware problems. And for those who may be under the illusion that this is just a hypothetical scenario, the stark reality is that such hijacking cases, “code flame wars” and distribution of malware-infected code have all actually occurred in the past using these exact methods. It is a genuine and real risk.
Team Kodi and its members are working towards improving the addon/repository infrastructure. A lot of tools have been developed in the last few years. Some examples of this include:
Kodi-addon-generator by Razzeee – simplified creation of new addons based around a standard requirements template.
Addon-check (initiated/mentored by Razzeee and implemented as a GSOC 2018 project) – check addons for known problems and deprecations.
In conclusion, then: before you install any third-party addon, repo or build onto your Kodi device, pause and consider whether you really trust the source you’re getting it from and any repercussions that may result from that install.
https://dimitrology.com/wp-content/uploads/2019/11/WEBSITE-LOGO-2020-SMALL.png00Dimitrologyhttps://dimitrology.com/wp-content/uploads/2019/11/WEBSITE-LOGO-2020-SMALL.pngDimitrology2019-05-19 09:58:512019-05-19 09:58:51Repos: When All-in-One Can Be No Fun.
This week we have three newcomers in our chart.
