Does anybody have the impression that Stremio may be a honeypot of some sort?

Thay are allegedly a legal service where some nefarious actors provide torrenting plugins etc. I tried to find out how they were financed, and found northing but a site purportedly selling “Web3” advertising, and filled with technobabble nonsense. No address, no way to purchase their services no GDPR notice or anything…

All I can find regarding their safety are “It’s legit, nothing has happened to me so far” comments in reddit and other boards.

They have your email, they host the service, they can track all you do…

Seems kind of fishy.

Ive tried it, ironically, to watch stuff that I pay for, I have Netflix, prime video, Disney… But Stremio gives me much higher resolutions.

Even though I live in a country where sailing the high seas is not persecuted, as long as you are the end-user and you derive no profit, I’m going to delete my account (made with an email address I have for bullshit stuff ), make a new one with a truly disposable email and get a VPN.

    • unknowing8343@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      41
      arrow-down
      1
      ·
      6 months ago

      If you are not hosting, it having a repo on Github makes no difference. The server you are connecting to might have a different service running and you cannot know.

    • elucubraOP
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      6
      ·
      edit-2
      6 months ago

      Is every open source app audited? Look at the XZ near disaster. And XZ is pretty critical software. Open source doesn’t mean it’s safe by default, it means that the code can be read.

      • jnk@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        34
        ·
        6 months ago

        The XZ topic was way more complicated than that and overly exaggerated by some people. Open source is still the closest thing we have to “safe by default”.

        Still, as someone else stated, if you’re not hosting it’s not truly open source as you can’t really verify the actual code running behind the server.

      • RobotToaster@mander.xyz
        link
        fedilink
        English
        arrow-up
        30
        ·
        edit-2
        6 months ago

        IMO the XZ thing shows the strength of open source, some turbo pedant found the backdoor within about an hour of it being released because a program took 0.3 seconds longer to start. That wouldn’t be possible in a closed source app that can’t be debugged properly.

      • rufus@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        13
        ·
        edit-2
        6 months ago

        Yeah, but usually with open-source software you get like 150 Github comments complaining and outlining their shady business practices… If there’s something to complain about.

        The XZ disaster is an example for sth else. There are probably more backdoors in proprietary software that we just don’t know about. And they can just keep it hidden away and force the manufacturers to do so. No elaborate social engineering like in the XZ case needed… And no software is safe. They all have bugs and most of them depend on third-party libraries. That has nothing to do with being open or closed source. If so, being open provides you with more of a chance to catch mischievous behaviour. At least generally speaking. There will be exceptions to this rule.