Naughty R2R – Cracks Now Live So…

While that is clear, I would like to see this thread take more of a course of how can we compromise. 

Admin has made a decision to protect the members here who do not all have the same abilities to verify or refute the existence of malware in cracks. Personally I am thankful for their concern. Some members seem very adept at doing so and I appreciate their tenacity in trying to keep applications coming here which others desire.

Surely some kind of way forward that is less restrictive could be agreed to by Admin? I would have to assume anyone grabbing these applications is seeking them out and not autosnatching and installing them without explicitly seeking them out. Would it not be possible to create a torrent approval system? Those uploaded applications that have not been approved by a team of verifiers could be marked with a red X, those which have been verified with a green check (similar to movies at PTP for example).

Yes, this would put a large workload on those agreeing to check, but judging by the veracity of some in this thread, they should quite bluntly be willing to put their money where their mouth is. Also, it will require Admin put a huge amount of trust in those verifying content, but I’d hope there would be a way to do so to each party’s satisfaction. And of course those downloading would have to trust too. This is somewhat of a lesser issue as folks who lack the technical ability to verify cracks are no worse off, and those with the ability will most likely continue to be cautious.

I don’t care about reversing it, I just want to know if there actually is a crypto miner in the removed torrents. A few of my friends who are less tech-savvy and use the site have been asking me about this since the front page announcement is so matter-of-fact, but all I can tell them is so far the only proof posted is some releases pinging suspicious IPs (which although alarming does not prove anything about crypto mining, and certainly doesn’t generalize to every release on the site). I haven’t seen any user comment that they found their machine to be acting as if it were mining crypto and nobody has found anything suspicious via disassembly.

Personally I find the statement “R2R releases contain a slew of crypto miners/bloatware that pings unfamiliar IP addresses” to be misleading if the only proof the admins have is that which has been provided in this thread. I think it should really read something like “some R2R releases ping unfamiliar IP addresses” since there has been no evidence beyond a reasonable doubt that any crypto mining is happening.

I understand that the admins care a lot about this site and its users; if pinging suspicious IP addresses is grounds for removal, with the admins erring the side of caution, that is fine with me, but the announcement seems rather opaque and unnecessarily startling.

Honestly I’d be less surprised to find out that was the case than that the admins on Red actually believe there to be a cryptominer in *some* R2R releases, not to mention freakin ALL of them, and then further to actually accuse the original group (not some third party) of putting it there. You’d need a mountain of evidence to convince me of all that, and if it were true you should be able to get that mountain by comparing CRCs of original uploads to those of “infected” uploads without even decompiling any executables.

Of course if it’s not true, all you’d have is admins saying, “It’s our way or one of the thousands of other trackers on the internet, but if we don’t like what you say we’ll edit your post to flex our e-peen.”

One Response - Add Comment

Reply