AmberCutie's Forum
An adult community for cam models and members to discuss all the things!

How to deal with malicious CB apps?

  • ** WARNING - ACF CONTAINS ADULT CONTENT **
    Only persons aged 18 or over may read or post to the forums, without regard to whether an adult actually owns the registration or parental/guardian permission. AmberCutie's Forum (ACF) is for use by adults only and contains adult content. By continuing to use this site you are confirming that you are at least 18 years of age.
Sep 2, 2024
30
5
6
This is a question I hope that @punker barbie can help with, please.

I have clear proof that there is malicious functionality contained in one or more CB apps. I know the username of an alt account used by the developer to execute said functionality and a list of the apps running in a room where this functionality was executed. Using the list of apps I can narrow down who the developer actually is.

My question is: even with clear proof of malicious behaviour by apps, how can one get CB to take it seriously enough to take action, i.e., to remove the apps and ban the developer?

Thank you!
 
I could block your mods, or known top tippers, or a user I'm jealous of, etc. I could block users by color or beacause of things they say that I do not agree with.
i can guarantee thats going to be misunderstood, when you say block you mean prevent their messages from showing up in chat right

edit: and the only impact you can really have on a models position on the list is really to trigger a hidden cam show right?
 
Upvote 0
Yes, by block I mean from speaking in chat. You can't "block" a user from your bio/room with either API. Yes, you could trigger a hidden cam anytime and pull the model off their page. However, I think it would show that the cam was hidden because there would be a tiny delay between entry and adding that username to the allow list.

Cheers,
Cexmental
 
Upvote 0
@cexmental maybe you can make a list of things bots and apps can do that could be used negatively. There are a ton of people spreading ridiculous rumors right now and they actually believe the bots and apps they use are to blame for their low traffic.

This might be a good place to start: https://chaturbate.com/smoker919/


I only say this about V1 apps, in which case I am unfair and judgmental AF. However, it is my understanding that starting with V2 apps undergo code review, so hiding the code isn't as much of an issue with V2 apps. There have been enough malicious V1 apps released that it is better safe than sorry. For every V1 app with hidden/obfuscated code there are dozens that do the same thing with open source code. Why expose yourself to potential risks?

There are no code reviews taking place for V2 apps, so those apps are still capable of implementing malicious functionality.


Apps/bots can not control your traffic, who is in your room, stop you from receiving tips, access your PMs, stalk your users, shadow ban (or whatever), hide your media, hide you from the front page, change the CB ranking, access your personal computer, change your CB bio or settings, know who you take private, know the amount of tokens a user has, etc. They are truly slimplified and limited by design.

I disagree with this. The error handling in the V1 framework is very poor and exposes private APIs in stack traces. Someone with enough time could theoretically map the topology of those APIs and potentially use them.
 
Upvote 0
I didn't understand this one at all, could you give an example?

A stack trace shows the path through the code that was traversed from the point of entry up until an error occurred. Usually it names the code constructs that are used at each point and the functions executed on those constructs. For V1 apps, the stack traces expose constructs and function that seem to underpin the internal CB API. Knowing that internal API could allow someone to try to execute code against it directly instead of just using the public API.
 
Upvote 0
A stack trace shows the path through the code that was traversed from the point of entry up until an error occurred. Usually it names the code constructs that are used at each point and the functions executed on those constructs. For V1 apps, the stack traces expose constructs and function that seem to underpin the internal CB API. Knowing that internal API could allow someone to try to execute code against it directly instead of just using the public API.

Probably nothing to be concerned it's been many years now and I recall at some point (not sure if still doing it) but CB was rewarding people for finding exploits.
 
Upvote 0
@Everyone, don't be fooled by this

striped_speedo

he is smoker919 guy advertising himself because he launched his v2 app by subscriptions - he posted against random popular apps/bots developers trying to get more audience to his copied apps/bots in different communities including Reddit while he grants himself power to execute commands.

In almost all smoker919 developments there are this if statements:

if ($user.username === $room.owner || $user.username === AppAuthor) {

if ($user.username === $room.owner || $user.username === AppAuthor || $user.isMod) {


where "AppAuthor" is a variable containning smoker919 name/account.

So basically he is granting himself to execute commands as the models.
This happens in the apps with open source code without describing and informing the models - I let you imagine what he can do in the apps where the code is hidden.

For sure I assisted in a chat where smoker919 was reading to the model (and writing in the public chat) all the X-SPAM messages guys where trying to execute and blocked by his antispam.
Reading from history he stored in v2 storage so not only the active session in real time but the whole history since the model installed the app. Unluckily i lost the screen when my old laptop fucked up.

V2 apps are really dangerous because a shady developer like smoker919 can store almost everything happening in the room (all users joined, left the room with timestamp, how much they tips, all the tip notes and performing all the malicious actions as a V1 app can do - so basically transforming users messages rewriting completely, marking as X-SPAM all the messages, reading the tip notes, accessing hidden cam etc.
For sure V1 apps / bots are safer than V2 because they don't have the possibility to store anything among the stream sessions but the platform methods used behind to interact with the platform are the same.

I agree on this: there are so many free apps/bots that models:
- can use whatever they want and change whenever they encounter some problems
- or they can pay or ask for free developments to users they trust
- or totally don't use any apps/bots
The platform is self protected to not let apps to do anything so disruptive.
 
Upvote 0
he is smoker919 guy advertising himself because he launched his v2 app by subscriptions - he posted against random popular apps/bots developers trying to get more audience to his copied apps/bots in different communities including Reddit while he grants himself power to execute commands.
Yes, smoker919 is my main account. I did not wish to bring an issue public about another developer under that account. @punker barbie was informed of my main account in a private message.

As for the developers I have publicly called out: kentos and pigley are well known to be malicious, and myself and others have had personal encounters with their apps and/or them directly; CB Support confirmed my report of i0_ol and The Menu which is where this thread started; and streamersuite has been stealing dozens of open-source apps from multiple developers (including me) and passing them off as their own.

I have never posted to Reddit.

In almost all smoker919 developments there are this if statements:

if ($user.username === $room.owner || $user.username === AppAuthor) {

if ($user.username === $room.owner || $user.username === AppAuthor || $user.isMod) {


where "AppAuthor" is a variable containning smoker919 name/account.

So basically he is granting himself to execute commands as the models.
This happens in the apps with open source code without describing and informing the models - I let you imagine what he can do in the apps where the code is hidden.
I would challenge you to quantify "almost all" because I'm quite sure that you'll only find such statements in 3 of my apps: Ad Blocker, Ad Blocker Lite, and /dev/null, and in each case the commands and who can access them is openly documented in the app description.

For sure I assisted in a chat where smoker919 was reading to the model (and writing in the public chat) all the X-SPAM messages guys where trying to execute and blocked by his antispam.
Please refresh my memory on this. I can only recall one incident where it was necessary to call out messages that were being blocked because the messages were attacks from pigley and I was working directly with the moderator in the room to inform the model.

Reading from history he stored in v2 storage so not only the active session in real time but the whole history since the model installed the app. Unluckily i lost the screen when my old laptop fucked up.
Ad Blocker indeed stores anything related to the messages it blocks, but only the information related to those messages. The purpose there is to use that information as a check to make sure that only ad-related messages are being blocked and to create an inventory of which sites are referenced in those messages and to block other messages that refer to those sites.

V2 apps are really dangerous because a shady developer like smoker919 can store almost everything happening in the room (all users joined, left the room with timestamp, how much they tips, all the tip notes and performing all the malicious actions as a V1 app can do - so basically transforming users messages rewriting completely, marking as X-SPAM all the messages, reading the tip notes, accessing hidden cam etc.
Yes, I documented most of those cases in my bio already since they are common to V1 and V2 apps.

For sure V1 apps / bots are safer than V2 because they don't have the possibility to store anything among the stream sessions but the platform methods used behind to interact with the platform are the same.
No, this is incorrect. We know that V1 apps can bypass the security restrictions and execute against the private CB APIs. The V2 API has walled constructs that strictly limit how they can be used.

I agree on this: there are so many free apps/bots that models:
- can use whatever they want and change whenever they encounter some problems
- or they can pay or ask for free developments to users they trust
- or totally don't use any apps/bots
The platform is self protected to not let apps to do anything so disruptive.
This last statement is head-in-the-sand thinking. I think it's clear that the platform has serious flaws and some apps can indeed be used to disrupt users and rooms.

-----

@cute_kristall What you've said here doesn't stand up to analysis. If you want to bring specific complaints against any of my apps to CB Support the way I did against The Menu then please do so and I will assist them and comply with their findings.
 
  • Like
Reactions: Slapstick
Upvote 0
You both need to work your shit out and stop reporting each other's posts to me. Or I could just ban both of you.

@cute_kristall @striped_speedo
 
Upvote 0
You both need to work your shit out and stop reporting each other's posts to me. Or I could just ban both of you.

@cute_kristall @striped_speedo
Just so that anyone else reading knows: @cute_kristall is the very same pigley I mentioned twice in my previous post. If he wants to report anything about my apps then he should do it to CB Support the same way I reported The Menu and let them decide.

His hate-on for my apps is because my Ad Blocker anti-spam app detected and reported his use of backdoor commands in one of his apps, i.e., he got caught.

At this point, since CB Support did actually investigate and confirm my report on The Menu, I will take the screenshots collected from the incident with pigley and submit them with the details and ask them to investigate. @punker barbie
 
Upvote 0
Just so that anyone else reading knows: @cute_kristall is the very same pigley I mentioned twice in my previous post. If he wants to report anything about my apps then he should do it to CB Support the same way I reported The Menu and let them decide.

His hate-on for my apps is because my Ad Blocker anti-spam app detected and reported his use of backdoor commands in one of his apps, i.e., he got caught.

At this point, since CB Support did actually investigate and confirm my report on The Menu, I will take the screenshots collected from the incident with pigley and submit them with the details and ask them to investigate. @punker barbie

Thank you for reporting the malicious backdoor but after that i doubt the majority cares about the drama between app developers.
 
  • Like
Reactions: AmberCutie
Upvote 0
Just so that anyone else reading knows: @cute_kristall is the very same pigley I mentioned twice in my previous post. If he wants to report anything about my apps then he should do it to CB Support the same way I reported The Menu and let them decide.

His hate-on for my apps is because my Ad Blocker anti-spam app detected and reported his use of backdoor commands in one of his apps, i.e., he got caught.

At this point, since CB Support did actually investigate and confirm my report on The Menu, I will take the screenshots collected from the incident with pigley and submit them with the details and ask them to investigate. @punker barbie
You are wrong as in many of other statements; i'm not Pigley i'm an ex model friend of him - he helped me a lot both while working as model and to leave the cam girls sites. i always granted him as moderator and always granted him free access to my hidden shows - he deserves it for the job he made for me as he helped many others friends developing custom functionalities specific for models or studios without asking anything to anyone.

You want to appear the good guy but you are only using malicious code to execute and spy the rooms activities to check all the commands of all the others apps / bots - luckily you can't spy the private messages otherwise you will find so many bad comments against you.

Do you think you did a good thing "reverse engineering" popular apps/bots? Now there are already copies of it with all the malicious code you were searching for.

I repeat myself: let the models use what they want and don't stress anyone else.
You won't never know why an app / bot has been developed and how it was requested - if a studio or a model asked hidden commands or not and if it was requested to keep it open to be executed on all the studio accounts or closed to a specific account or not...
 
Upvote 0
as you banned Pigley
I am unsure who you speak of.

I just want you both to work out your issues with each other privately, and leave it to CB to sort out what is/isn't OK on their site. It isn't necessary to hash it out here, and definitely not cool to add more moderation for me to deal with.

As stated above, nobody really cares about the beef.
 
  • Like
Reactions: rockin_rod
Upvote 0
Look folks.

There is a very simple and standard process in the IT industry for investigating and reporting CVE's (security vulnerabilities). CB support is responsive, concerned with our safety and always within a few days, responds. This flame war is total crud.

Real IT pros and security experts follow industry guidelines and best practices.

https://cve.mitre.org/ is where anyone can see the documented process real security researchers use.

This is not professional conduct in the IT industry (smoker, pigley, kentos, etc). You are all not doing it correctly. So in my model opinion, after your apps and advice my show dies

No, I do NOT endorse flame wars and I do fully endorse the correct procedures. Please be mindful. thank you.

(CB support, thanks for all the help folks!)
 
Upvote 0