Instantly share code, notes, and snippets.

anonymous /pt.md Secret
Created Jan 28, 2017

Embed
What would you like to do?

This is a short summary of Popcorn Time, as far as public facts go. The purpose of this post is to reduce the FUD (fear, uncertainty, doubt) being spread by people who don't know what they're talking about.

TL;DR: The original Popcorn Time (made by the Argentines) was good. Then came the PopcornTime.io fork, which was good, but for various reasons, a lot of the developers left. The old developers moved to the Butter Project (link) and then later to the http://popcorntime.sh website.

First off, I would like to say that I am not involved with Popcorn Time, or any of its forks. This post will attempt to be a neutral explanation of the situation. If there are any inaccuracies, please message me the issue, and I will fix it in an edit.


Starting from the beginning: as most people know, the first Popcorn Time app was originally launched in 2014 by a group of programmers, mostly from Argentina. The app quickly became known as a quick and simple way to watch movies. [1] The source code for the app was freely available on Github [2], so anyone can check to see if the program was safe and clean from viruses; or contribute to the app, if they wanted to. On March 14, 2014, [3] after the developers came under pressure, the original Popcorn Time was shut down. [4]

After the first Popcorn Time app shut down, there were many efforts to create another app to replace it. There were some good attempts, and many others that were not so good.


I'm going to take a moment to pause and point out an important fact: many scummy people were interested in taking advantage of the "popcorn time" name and make money off of it. Whether users like it or not, an unscrupulous person would take advantage of users searching on Google for the term "Popcorn Time", and have a website set up with a "bad" fork of Popcorn Time. The worst case scenario is that the fake "Popcorn Time" download is actually malware; alternatively, "gray" situations involve showing advertisements, or offering a service/VPN for money. All of these are based on the idea that someone can make money off of a website purporting to be a fork of Popcorn Time.

Here are some links to Wikipedia spam examples to forks of Popcorn Time:

  • Popcorntime.ws was spammed in certain locations. [5][6] After a bit of research, it turns out that the website had a large banner advertisement (to generate ad revenue), and the download contained malware. [7]

  • Popcorntime.com.br is a Brazilian fork, claims to be open source, but does not provide link to source. [8]

  • Popcorntime.nl edits the Wiki page to replace the website link in the main infobox. [9]

  • Popcorn-time-download.nl is added to the page [10]

  • Popcornexpress.me is added to the page, not open source, small possibility contains a backdoor [11][12]

  • Popcorn-time-free.com spam link was added as main website in infobox. [13]

This isn't anywhere near a complete list of spammy stuff, just a partial list from the Wikipedia article on "Popcorn Time". So, are all of these links bad? Not necessarily, some perhaps were posted with good intentions, like the popcorntime.com.br link. (Edit: Apparently that .br fork contains malware as well, someone just told me. Whoops.) However, the point of showing all of this spam is to point out that it is profitable to make a Popcorn Time fork. Do not assume that any purported Popcorn Time fork is made with good intentions. Even if a fork doesn't contain any malware, it can still make money by Google ads or other sources.


This brings us to the two "main" forks of Popcorn Time, after the original one closed down. Most people here know about these two forks: Popcorntime.io (now at popcorntime.sh) and Time4Popcorn (later known as popcorn-time.se, now at popcorn-time.to).

Popcorntime.io was the "cleanest" Popcorn Time branch. The source code was originally available to view and edit on Github [14] and then transferred to their own Git server [15] later. Anyone could contribute to the program by sending a pull request. The source code for each version of the app was available, so you can confirm that the program that you install doesn't have a backdoor or any malware. Importantly, some of the original Argentine developers moved on to popcorntime.io, and eventually set up the original website at getpopcornti.me to point to the website popcorntime.io. For all intents and purposes, popcorntime.io was the "official" Popcorn Time app that replaced the original one, and users should have used popcorntime.io instead of anything else.


Time4Popcorn, like Popcorntime.io, claimed to be the successor to the original Popcorn Time. However, there are several very large problems with this fork that means that it would be a bad choice.

  • First, despite claiming to be "open source", the source code for the program is not available. There is a webpage [16] where you can download a zip file [17] of some source code, which (as of today 10/25/2015) claims that it was updated on 8/21/2015. There is a mirror of this page at Archive.org [18]. The truth is much more sinister: if you actually download the zip file [19], you can see that it actually hasn't been updated in a long time [20], since the August of 2014. Not only is Time4Popcorn not providing an up-to-date source code or a way to contribute, they're blatantly lying to your face about how recent the download is. It's like the actual app that they give you in Windows Vista, while they also have a zip file containing the source to Windows XP that they claim is the source to the real program. I don't like being lied to about something "Authored on Aug 21, 2015" when it's actually a link to a zip file to stuff that hasn't changed since Aug 27, 2014 (according to Archive.org).

  • People have claimed that they put adware in the download, a bunch of months back. I haven't personally confirmed this, but there have been enough reports [21] that I think it should be taken seriously. The current download, that being said, does not contain any adware. Personally, I doubt they have adware now, since they have another source of money now and don't need to put ads on your computer. This leads me to the third point...

  • Offering a VPN service. VPN integration isn't a horrible thing- definitely, it will make users feel better about the security of the network traffic generated by the program. However, this sends off red flags. Any free VPN offering is suspect, because they can go through your network traffic and sell your data to advertisers- remember, if something is offered for free, that means you're the product. A paid VPN isn't sketchy, but it is a way to make money off of users, meaning that this fork is acting more like a for-profit company... which is not a good thing. Interestingly enough, this 3rd point about VPN will bring us back to popcorntime.io.

In summary, I wouldn't touch Time4Popcorn (aka popcorn-time.se/popcorn-time.to), it's way too sketchy. You don't know what's in the source code that you're being lied to about, and this program had historically had adware installed. I'd avoid it, since even if it wasn't straight up malicious, it still smells like a cash grab.


"But wait", you ask, "doesn't popcorntime.io have a VPN service now?"

Yes, and I'm 99% sure that's the cause for popcorntime.io going down right now. As a WARNING, this next part is me guessing at the events that happened recently. I don't know for sure if it is the real reason, but I'm fairly sure that most of it is correct.

Popcorntime.io is not a for-profit company or something, but rather a community of programmers who built the app together. However, when popcorntime.io introduced VPN support, they had a "bundled" VPN service [22] that apparently was founded by one of the contributors to the popcorntime.io app. A VPN service means commercialization of a free community project, and an actual cash flow. The former is bad enough, but for popcorntime.io, the latter issue causes problems as profit means that the app becomes a much bigger target for lawsuits. Remember the controversy over Thepiratebay advertising money? Cash flow is a magnet for lawsuits, as a 10 minute trip to /r/legaladvice will show you.

The Torrentfreak article [23] is especially telling, because it gives enough information to make an accurate guess at what happened. The sentences "[...] and other developers were not happy with the commercial angle the VPN introduced to the project" and "the commercialization and possible legal implications as the main reason to walk out" summarizes the situation fairly well.

The end result is that after a bunch of members on the development team received some money, the people realized that there was a problem with the situation. The development team split into two main groups- one group that favored supporting the VPN feature for users, and commercialization; another group that preferred keeping the app community driven and not a target for legal action.

Eventually, this disagreement spiraled out of control, possibly partially caused by a rumored lawsuit (or maybe even just a sternly worded letter from some lawyers). Whatever the reason, the team split up, putting development on indefinite hold. [24][25]


You can still download the last version of popcorntime.io from various sources, and install it. However, when you run the app, it does not load a list of movies (since YIFY died) and it does not load TV shows (since EZTV died).

In the few months in the aftermath of popcorntime.io shutting down, there has been no news of shady behavior from any of the old developers. Had there been any hidden viruses or anything, this information would have became public; instead, the worst thing is personal disagreements between developers, as listed above. This is very encouraging, and points to the fact that popcorntime.io was safe when it was still online.


It appears that a group of developers from popcorntime.io is sticking around for the new "Butter Project" app. [26] (Someone can correct me on this if I'm wrong). The new "Butter Project" is basically a fully legal material version of Popcorn Time- you need to add the movies yourself, by using a plugin. Without using a plugin, the base "Butter Project" app is supposed to be 100% legal and open source, hosted on Github [27]. This hopefully means that there should be no risk of lawsuits for this new project, although most users would not be interested in streaming only public domain material.


A few other groups sprung up after Popcorntime.io project closed, producing some "Popcorn Time community edition" (Popcorntime CE).

The "safe" option:
After popcorntime.io died, a few guys decided to make a community edition [28] as a different fork. This is the "popcorntime.ml/tk" branch, which had to move websites several times [29] due to MPAA pressure. This Popcorn Time fork can currently be found at the "popcorntimece.ch" [30] website. For the most part, this version seems to have taken the community fixes to the old popcorntime.io, released them as a build; pretty boring, but it works. As of right now, it doesn't have any viruses, despite what the other branch may claim; at least, I personally didn't find any malware in the program.
As of right now, it seems to be just basically a copy of the last version of popcorntime.io, with a few patches to replace YIFY and EZTV so that the program gets video torrents from different sources... so it'd be difficult to sneak a virus into the file. If you have questions, direct them towards reddit user /u/popcorntimece via private messages. More details can be found in the reddit post [31]. If you don't trust the website, just get the old popcorntime.io installer (which is guaranteed clean) and change some files yourself so that it points to the new video sources to get it to work; that should be safe.

What to avoid:
After the popcorn time CE changed websites, the "popcorn-time.is" branch [32] popped up, which is now located at "popcorntime.ag" [33]. This branch is made by yify.is (not the same as the original YIFY/YTS which shut down [34]). The dev team for the popcorntime.ag branch is still coding features and stuff for their branch, like loading movies off of google's servers rather through torrents. Unfortunately, the popcorntime.ag team engages in very sketchy practices. They have used fake accounts to promote their product [35], produced a fake subreddit (notice the extra "s") [36], impersonated popcorntime subreddit mods [37], lies about viruses in other projects to incite fear [38], etc. Their strategy for gaining users is to intimidate them by fear, and by impersonating legitimate sources. The are also other websites that the creators made, such as getpopcorntime.org [39], which are used to spam this branch. I would highly recommend users stay away from the ".is" and ".ag" versions. One of the developers of the original popcorntime.io explains his perspective on the issue as well [40], basically iterating a key point: users like projects that are not sketchy, where all of the app and code of the project is open.


Popcorntime.io Successor:

As of mid-Feb 2016, some developers of the original popcorntime.io came back [41]. They used a web domain not seized by the MPAA, which include the Popcorn Time update servers, and the signing key for the original popcorntime.io. This caused popcorntime users to receive an update popup with "Hail Hydra" (A reference to the mythological hydra which grew 2 heads every time 1 was cut off, and the organization from Marvel Comics). The new website for popcorntime is located at http://popcorntime.sh [42]. In addition, the statuspage [43] for Popcorn Time was updated, indicated it is back online [44].

This website (or any other Popcorn Time fork) is not controlled by the MPAA, for legal reasons: operating Popcorn Time would be a massive legal risk. The MPAA does not have access to all of the rights to the movies on Popcorn Time, including indie moves... the MPAA is liable for these things and open to lawsuits by the people who own those indie movies.

This would also be opening them wide up for entrapment. I can (hilariously) imagining some guy going up to a judge:
"Your honor, the MPAA is accusing me of copyright infringement, but I was using the MPAA version of the popcorntime software."

In court, entrapment as a defense requires that the defendant not commit the crime otherwise, which actually works in popcorntime users' favor: they can argue that popcorntime provides a much easier to use interface to access movies compared to regular torrents. By reviving popcorntime as a honeytrap, the MPAA would open itself up to massive lawsuits for providing an easier way to access movies than just torrenting.

The its.pt website had used the nameservers that the MPAA captured, but amusingly, the MPAA didn't shut down the old nameservers after they obtained control over those domains [45]. This means that, since the DNS nameserver is separate from the actual host, the MPAA currently doesn't have control over the its.pt domain registration and server itself [46][47]. Therefore, like the Torrentfreak article says [41], "The MPAA probably isn’t behind the comeback". Considering that popcorntime.sh has access to the old popcorntime.io keys, it's probably run by an old popcorntime.io developer, although people are still trying to figure out which one.

For now, the source code for the popcorntime.sh program can be found on Github, and some old developers from the popcorntime.io team appears to be working on it, not a MPAA honeypot.


Ok, you skipped to the bottom, and don't care about the history as much... What is a tldr for what should an average user do? (As of Feb 2016)

TL;DR

The current website for Popcorn Time is located at https://popcorntime.sh/ in the meantime. This should be where most development will be located, going forward for now at least.

If you're lazy, the current website for the Popcorn Time community edition is located at https://popcorntimece.ch/ for now. It's basically the last version of popcorntime.io with a few fixes to make it work, but don't expect new features. It now exists as a backup for if problems happen to popcorntime.sh.

I don't recommend using any other versions of Popcorn Time from other websites right now (including popcorn-time.se, popcorntime.ag, etc). They either contain malware, or engage in sketchy activity.

If you don't trust any website (due to MPAA or whatever), then just get the last version of popcorntime.io and patch it yourself to work again. The old popcorntime.io was known to be good and safe. The directions to do this is in this reddit post: https://www.reddit.com/r/PopCornTime/comments/3sbsz6/download_working_installers_or_fix_your_current/

Alternatively, find a different product. Some users have reported success (and no malware) with Kodi or strem.io or other apps. I haven't used them myself, however.


References:

[1] http://www.pcmag.com/article2/0,2817,2454833,00.asp
[2] https://github.com/popcorn-time/popcorn-app
[3] https://web.archive.org/web/20140314235617/http://getpopcornti.me/
[4] https://medium.com/@getpopcornapp/goodbye-popcorn-time-93f890b8c9f4#.wiu7f88tt
[5] https://en.wikipedia.org/w/index.php?title=Popcorn_Time&type=revision&diff=681815665&oldid=681804053
[6] https://en.wikipedia.org/w/index.php?title=Popcorn_Time&type=revision&diff=666015740&oldid=666009818
[7] https://en.wikipedia.org/w/index.php?title=Talk:Popcorn_Time&oldid=687316485
[8] https://en.wikipedia.org/w/index.php?title=Popcorn_Time&type=revision&diff=643737636&oldid=643615969 [9] https://en.wikipedia.org/w/index.php?title=Popcorn_Time&type=revision&diff=637761615&oldid=637720113 [10] https://en.wikipedia.org/w/index.php?title=Popcorn_Time&type=revision&diff=632532279&oldid=632240283
[11] https://en.wikipedia.org/w/index.php?title=Popcorn_Time&type=revision&diff=631898075&oldid=631797507
[12] https://www.virustotal.com/fr/file/c6c56b2e2979e6bab471e7a77bd7e6ee23de06626838d7f5c2da43239fcabf9a/analysis/1396965513/
[13] https://en.wikipedia.org/w/index.php?title=Popcorn_Time&type=revision&diff=631738304&oldid=631733239
[14] https://github.com/popcorn-official
[15] https://git.popcorntime.io/
[16] http://popcorn-time.se/source.html
[17] http://popcorn-time.se/source/PopcornTime_Desktop-src.zip
[18] https://web.archive.org/web/20151024033921/http://popcorn-time.se/source.html
[19] http://web.archive.org/web/*/http://popcorn-time.se/source/PopcornTime_Desktop-src.zip
[20] http://i.imgur.com/hlxnmMh.png
[21] https://www.reddit.com/r/PopCornTime/comments/2lyxnm/time4popcorn_popcorntimese_now_includes_adware_do/
[22] https://vpn.ht/en/popcorntime
[23] https://torrentfreak.com/lawsuit-rumors-break-up-popcorn-time-team-151019/
[24] https://torrentfreak.com/popcorn-time-yts-global-outages-cause-concern-151021/
[25] https://torrentfreak.com/lawsuit-rumors-break-up-popcorn-time-team-151019/
[26] https://butterproject.github.io/
[27] https://github.com/butterproject/butter
[28] https://torrentfreak.com/popcorn-time-developers-poke-mpaa-with-a-new-fork-151202/
[29] https://torrentfreak.com/popcorn-time-fork-goes-dark-after-mpaa-hounds-developers-151216/
[30] https://popcorntimece.ch/
[31] https://www.reddit.com/r/PopCornTime/comments/3sbsz6/download_working_installers_or_fix_your_current/
[32] http://popcorn-time.is/
[33] http://popcorntime.ag/
[34] https://torrentfreak.com/yify-yts-shuts-down-the-end-of-a-piracy-icon-151030/
[35] https://www.reddit.com/r/PopCornTime/comments/3vagft/warning_about_yifyis/
[36] https://www.reddit.com/r/PopCornTimes
[37] https://www.reddit.com/r/PopCornTime/comments/3vagft/warning_about_yifyis/cxltb0w
[38] https://www.reddit.com/r/PopcornTimeCE/comments/40rrk5/warning_extremely_dangerous_trojan_virus_at/
[39] https://getpopcorntime.org/
[40] https://www.reddit.com/r/PopCornTime/comments/3vagft/warning_about_yifyis/cxlyinn?context=3
[41] https://torrentfreak.com/mpaa-hunted-popcorn-time-makes-surprise-comeback-160217/
[42] https://popcorntime.sh/
[43] https://popcorntime.statuspage.io/
[44] http://archive.is/F6knG
[45] https://torrentfreak.com/images/its.png
[46] http://whois.marcaria.com/domain-whois/europe/portugal-domain-pt?q=its.pt
[47] http://archive.is/tVXac

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment