Popcorn Time is a revolution in the world of torrents. An app that presents movies beautifully, just like Netflix, but with one crucial difference: they’re all streamed illegally using torrent technology. Popcorn Time is just a really pretty torrent streaming client.
I’m not here to preach though. It’s obvious that streaming or downloading movies without paying for them is illegal. But since you’re going to do it anyway, I just want you to be safe.
Not sure what torrents are? Read our free guide to torrents
The Truth About Popcorn Time and Its Clones
Popcorn Time set the internet alight when it was first released. It offered a Netflix-like experience, but one key difference: all the movies and TV shows you could possibly want. And it was completely free.
The original project was shut down rather quickly, but with the code being open source numerous clones were developed.
However, some users are completely ignorant of where the content actually comes from. There is, after all, no indication in the app itself that you’re doing anything illegal (though newer clones added warnings). It looks just like a streaming service, with nice DVD covers and a great looking interface.
Even users who were aware that the files were obviously of dubious legal origin weren’t necessarily also aware of the underlying technology, believing it to work like any other streaming internet movie site.
The truth is that the app itself (and all the clones) is based entirely on torrents. When users stream media, the app downloads a torrent file, joins the swarm, and immediately seeds the file back out to everyone else.
From the perspective of anti-p2p organizations and the companies hired to monitor torrents, this is a problem. It’s no different to anyone heading over to the PirateBay and downloading it using a traditional torrent client. Popcorn Time is a just very pretty media index and torrent client in one package.
You are still downloading from a torrent.
Don’t be under the illusion that you’re protected simply because you’re using Popcorn Time-based apps to stream content instead of downloading in a traditional torrent client. It is exactly the same thing underneath with a pretty interface on top, so every precaution you should take when downloading a torrent still applies when using these streaming applications.
But before you even get to that point, you’ve got to make sure you download the right Popcorn Time.
Which Popcorn Time Should I Download?
The problem with a project becoming open source is that anyone can then make a copy, tweak the app name, and release it as a brand new application. But guess what: they might also have injected some nasty bonus code in the process.
In fact, they may not even have changed the app name. You might think you’re downloading Popcorn Time, but you’re actually downloading something that’s going to work the same as Popcorn Time, all the while secretly running a crypto mining script on your PC.
It’s easy: Popcorn Time isn’t a virus, but “Popcorn Time” is. That’s because you downloaded Popcorn Time from PopcornTime.xx instead of the official site.
But there is no official site anymore. The official site was shut down. The only thing left is the clones. Thankfully, one project emerged as the preferred client, and their code can be inspected and verified.
— Popcorn Time (@popcorntimetv) May 9, 2016
Okay—so you’ve downloaded the new official open-source client. So that’s safe to use, right? Not so fast. Remember, this is all still based on torrents. Your ISP can see exactly what you’re doing, and if a torrent monitoring company sees your IP in the swarm, it’ll get your info from your ISP and potentially lead to a lawsuit.
The solution, as with many privacy concerns, is to tunnel your traffic through a Virtual Private Network, or VPN.
Always Use a VPN with Popcorn Time
The very nature of peer-to-peer torrent technology means that everyone who attempts to download a file is given a list of everyone else doing the same: you become both the downloader, and uploader. Even if you’ve set your client to never upload, you’ll still be on the list as a peer.
It should therefore be obvious that anti-p2p organizations could do the same thing to figure out who is downloading a specific file. Companies are paid to monitor specific torrents by the copyright owners, which they do by downloading it themselves, checking the swarm, and keeping a record of every IP address they see.
Your IP address is cross-checked against a known list of ISPs. Your ISP is contacted, and they may be forced to pass on the details of the customer associated with an IP at a specific date and time, or asked to take action themselves. Fines, and possible disconnection await repeat infringers.
Using a VPN is the only safe way of having any contact with torrents, period. Tunnel your connection through a torrent-friendly VPN that won’t keep records of who was using the service and when.
This video from CyberGhost VPN explains the concepts.
Good VPNs cost money. Yes, you can find free VPNs, but they aren’t secure for doing anything. There’s a reason they’re free.
We maintain a list of best VPNs, but not all of them are friendly toward torrents. Private Internet Access is the most commonly recommended for p2p users, but even then, you’re asked to restrict your torrent usage to servers located in specific countries.
Good VPN providers are “logless”, meaning they do not keep logs of who does what
. Even if local law enforcement were to subpoena them for information on a specific user, they would have no information to give.
Peerblock/Peerguardian Doesn’t Do Anything
It’s often been recommended that anyone dabbling in torrents should run Peerblock or Peerguardian. These apps work like a firewall, maintaining a list of “bad IPs” that belong to anti-p2p organizations, universities, and law enforcement agencies.
The app then prevents those from connecting to your machine. The theory goes that if they can’t connect to you, you won’t end up on their naughty list.
In reality, they don’t need to actually connect to your machine in order to see you’re in the torrent swarm and actively downloading or uploading a file. Peerblock is utterly useless.
In fact, these apps often prevent useful peers from seeding a file to you because their IP is unlucky enough to be in a block owned by a certain company or university. The app provides a false sense of security and will not provide any protection when using torrents.
Use a VPN instead.
Malware Risks of Popcorn Time
It is possible to embed malware inside movie files, but it’s extremely rare, and only works on specific media players.
As long as you play standard video file types like MP4, using an up-to-date version of VLC (or through Popcorn Time) you’re safe. Windows Media Player has been exploited in the past through the Digital Rights Management extensions.
A more common attack vector is to make you think you’re downloading a movie, but actually, it’s an executable file. Never randomly double-click a downloaded file.
Or you attempt to play a movie, and it consists of a single screen that instructs you download a different player or Codec pack in order to watch it, which turns out to be a virus. The malware is almost never in the movie file itself.
Software and games, on the other hand, are always executable files, and as such can easily contain executable malware code. There is no safe way to run pirated software. Instead, get software and games from legitimate sources.
I don’t condone downloading copyright materials, nor can I make any guarantee you won’t get in trouble even after following all this advice—but if you’re going to anyway, these tips are going to give you the best chance of not getting in trouble.
Just remember that those Popcorn Time videos are all courtesy of the BitTorrent network. If you’re thinking about cutting out the middle man, use these “reputable” BitTorrent websites