Nice try FBI
this post was submitted on 01 Sep 2025
52 points (89.4% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
64213 readers
475 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
🏴☠️ Other communities
FUCK ADOBE!
Torrenting/P2P:
- !seedboxes@lemmy.dbzer0.com
- !trackers@lemmy.dbzer0.com
- !qbittorrent@lemmy.dbzer0.com
- !libretorrent@lemmy.dbzer0.com
- !soulseek@lemmy.dbzer0.com
Gaming:
- !steamdeckpirates@lemmy.dbzer0.com
- !newyuzupiracy@lemmy.dbzer0.com
- !switchpirates@lemmy.dbzer0.com
- !3dspiracy@lemmy.dbzer0.com
- !retropirates@lemmy.dbzer0.com
💰 Please help cover server costs.
 |
 |
|---|---|
| Ko-fi | Liberapay |
founded 2 years ago
MODERATORS
If I was I'd be earning a lot more than I do at the moment.
First rule of Fight Club...
Fair enough. Thought that after I posted.
Seems to be open and allow community apps to work with the site.
I wonder if FMHY is aware of it.
My bigger question is how secure is it? Looks like low trust score new Russian website, what's the chance of malware or other attacks?
It gives you literal FLAC files, how are they gonna be malicious!?
People need to stop over analyzing things, its just a qobuz ripper, people who want to help the community provide them with Qobuz tokens that don't expire as often as Deezer, now they just rip from Qobuz on your request, as simple as that. Firehawk is also building a similar site from scratch.
Well it's both possible, and has been done. both with mp3s and FLAC, not too long ago. It's not the format itself, but rather the applications parsing the files that are the target.
CVE-2023-37327: A remote code execution vulnerability in GStreamer’s FLAC file parser caused by an integer overflow. Carefully crafted FLAC files could exploit this flaw to run arbitrary code on the target system
https://nvd.nist.gov/vuln/detail/CVE-2023-37327#%3A%7E%3Atext=GStreamer+FLAC%2Ccode+on
I mean, a website where you make requests to download many files are pretty ripe for a bate and switch scenario. That said, I'm looking for more cybersecuroty savvy folks than myself to chime in with the all-clear after doing some actual checks and analysis.
bate and switch
Is that when you use your left hand?
Lol, yep, then do a malicious redirection attack after getting a large user base which forces a drive-by-download of a malware package alongside the requested FLAC file.
(The joke was: you mean "bait and switch." "Bate" is short for "masturbate.")
Yes, I know, thats why I lol'ed
Im not aware its possible to put malware in a flac file and its still playable. There are a few examples from 2007-2008 but they were to do with flac media players. Microsoft showed you could corrupt the meta data but its then unplayable. I think BlueRingedOctopus comment has the right idea.
It must be costing them
From their Terms:
DAB Music Player does not host any copyrighted content. Our Service acts as a search and streaming interface that connects to publicly available APIs. We do not store or distribute copyrighted material.
When you open the Webbrowser Developer Tools, Network tab, you can see where it streams from.
When I check on a song, it streams it from a CDN of qobuz (qobuz.com).
I was thinking of the cost of hosting the site rather than paying for the media. Thanks thoigh for the comment about checking the stream source.
Looking through the discord group it looks pretty straight up. Part of the project is an android music player.
I have the same questions about Stremio.
No keep going I just need one more square to turn “non-western hosting”, “free”, “mysterious”, “only used by Indians” into a malware bingo!
To be fair, only non western hosting is copyright resistant.