I am confused by how much of what appears to be private on webcam sites is actually truly private. The underlying streaming technology that is apparently used on these sites is RTMP, but the stream is not encrypted? When sites like MFC and CB enter into a "private chat" mode, how is that actually being implemented? Are they sending out the stream to even people who are not in the private chat and encrypting it? Or are they simply not transmitting any stream at all to anyone not in the private chat?
CB has an app known as "CrazyTicket" that is used to do ticket shows. How secure is that? Does it send an unencrypted stream to all users? It's not clear to me is something like CrazyTicket being implemented as some kind of password protection inside the web browser, but the underlying RTMP stream may in fact not be protected at all?
unsecure?
07-22-2017, 12:26 PM
yes a good question! it is possible to record privates from other people. if yes :(
supersonic80
07-22-2017, 09:11 PM
Imagine you have an account and only you know the login and password to access it? Will it be truly private?
In simple words...
The public and private streams are completely the same "inside", they are not encrypted and use the same RTMP protocol.
The difference is only when you send a request to watch a private stream you have to sent some "login/password" to prove that you can do so. If you steal this "login/password" from someone else then YES, you will be able to watch the private stream.
And one more, whenever the model goes to "private" or any other "limited" mode, her public streams gets terminated by the server, then the server creates a completely new stream protected by "login/password". To get your "login/password" you will have to pay for it.
And one more, whenever the model goes to "private" or any other "limited" mode, her public streams gets terminated by the server, then the server creates a completely new stream protected by "login/password". To get your "login/password" you will have to pay for it.
Okay, this is clear. So for a "private chat" that is under control of the webcam website, all of the public streams are terminated and there is no RTMP stream there that can be "stolen" under the web browser interface. As you clearly state, if you have a userid and password, then you would be able to get the stream. That's not the case I was worried about.
Now let's consider something like the CrazyTicket application that is a very popular ticket show app on CB. That app is implemented as some kind of web browser trick on top of the stream? I doubt that this app has any ability to direct the webcam website to stop publishing the stream to everyone. So it seems to me that this CrazyTicket App might be less than secure? Someone who has the RTMP stream URL might be able to bypass the web browser and steal the stream?
gdunc
08-04-2017, 11:06 PM
Now let's consider something like the CrazyTicket application that is a very popular ticket show app on CB. That app is implemented as some kind of web browser trick on top of the stream?
No, it instructs the stream server to go into Limited Cam mode where access is based upon whether your username is on the allowed user list.
Basically the same as Private except for two things:
1) the Public cam feed is replaced by static graphic (saying Cam is Hidden), and
2) public chat is still open.
The CrazyTicket app, (in fact all apps and bots), runs on the streaming server, the broadcaster interacts with it via commands - nothing to do with the client web browser.
I doubt that this app has any ability to direct the webcam website to stop publishing the stream to everyone.
That's exactly what it does via JavaScript commands to the server:
cb.limitCam_start - start a hidden cam session
cb.limitCam_stop - stop a hidden cam session
cb.limitCam_userHasAccess - check if a user has access
cb.limitCam_allUsersWithAccess - list all users with access
cb.limitCam_addUsers - add users to the access list
cb.limitCam_removeUsers - remove users from the access list
cb.limitCam_removeAllUsers - remove all users from the access list
cb.limitCam_isRunning - check if hidden cam is running
Commands available via the API are here (https://chaturbate.com/apps/docs/index.html).
vBulletin® , Copyright ©2000-2025, Jelsoft Enterprises Ltd.