AmberCutie's Forum
An adult community for cam models and members to discuss all the things!

How to deal with malicious CB apps?

  • ** WARNING - ACF CONTAINS ADULT CONTENT **
    Only persons aged 18 or over may read or post to the forums, without regard to whether an adult actually owns the registration or parental/guardian permission. AmberCutie's Forum (ACF) is for use by adults only and contains adult content. By continuing to use this site you are confirming that you are at least 18 years of age.
Sep 2, 2024
28
4
1
This is a question I hope that @punker barbie can help with, please.

I have clear proof that there is malicious functionality contained in one or more CB apps. I know the username of an alt account used by the developer to execute said functionality and a list of the apps running in a room where this functionality was executed. Using the list of apps I can narrow down who the developer actually is.

My question is: even with clear proof of malicious behaviour by apps, how can one get CB to take it seriously enough to take action, i.e., to remove the apps and ban the developer?

Thank you!
 
I could block your mods, or known top tippers, or a user I'm jealous of, etc. I could block users by color or beacause of things they say that I do not agree with.
i can guarantee thats going to be misunderstood, when you say block you mean prevent their messages from showing up in chat right

edit: and the only impact you can really have on a models position on the list is really to trigger a hidden cam show right?
 
Upvote 0
Yes, by block I mean from speaking in chat. You can't "block" a user from your bio/room with either API. Yes, you could trigger a hidden cam anytime and pull the model off their page. However, I think it would show that the cam was hidden because there would be a tiny delay between entry and adding that username to the allow list.

Cheers,
Cexmental
 
Upvote 0
@cexmental maybe you can make a list of things bots and apps can do that could be used negatively. There are a ton of people spreading ridiculous rumors right now and they actually believe the bots and apps they use are to blame for their low traffic.

This might be a good place to start: https://chaturbate.com/smoker919/


I only say this about V1 apps, in which case I am unfair and judgmental AF. However, it is my understanding that starting with V2 apps undergo code review, so hiding the code isn't as much of an issue with V2 apps. There have been enough malicious V1 apps released that it is better safe than sorry. For every V1 app with hidden/obfuscated code there are dozens that do the same thing with open source code. Why expose yourself to potential risks?

There are no code reviews taking place for V2 apps, so those apps are still capable of implementing malicious functionality.


Apps/bots can not control your traffic, who is in your room, stop you from receiving tips, access your PMs, stalk your users, shadow ban (or whatever), hide your media, hide you from the front page, change the CB ranking, access your personal computer, change your CB bio or settings, know who you take private, know the amount of tokens a user has, etc. They are truly slimplified and limited by design.

I disagree with this. The error handling in the V1 framework is very poor and exposes private APIs in stack traces. Someone with enough time could theoretically map the topology of those APIs and potentially use them.
 
Upvote 0
I didn't understand this one at all, could you give an example?

A stack trace shows the path through the code that was traversed from the point of entry up until an error occurred. Usually it names the code constructs that are used at each point and the functions executed on those constructs. For V1 apps, the stack traces expose constructs and function that seem to underpin the internal CB API. Knowing that internal API could allow someone to try to execute code against it directly instead of just using the public API.
 
Upvote 0
A stack trace shows the path through the code that was traversed from the point of entry up until an error occurred. Usually it names the code constructs that are used at each point and the functions executed on those constructs. For V1 apps, the stack traces expose constructs and function that seem to underpin the internal CB API. Knowing that internal API could allow someone to try to execute code against it directly instead of just using the public API.

Probably nothing to be concerned it's been many years now and I recall at some point (not sure if still doing it) but CB was rewarding people for finding exploits.
 
Upvote 0
@Everyone, don't be fooled by this

striped_speedo

he is smoker919 guy advertising himself because he launched his v2 app by subscriptions - he posted against random popular apps/bots developers trying to get more audience to his copied apps/bots in different communities including Reddit while he grants himself power to execute commands.

In almost all smoker919 developments there are this if statements:

if ($user.username === $room.owner || $user.username === AppAuthor) {

if ($user.username === $room.owner || $user.username === AppAuthor || $user.isMod) {


where "AppAuthor" is a variable containning smoker919 name/account.

So basically he is granting himself to execute commands as the models.
This happens in the apps with open source code without describing and informing the models - I let you imagine what he can do in the apps where the code is hidden.

For sure I assisted in a chat where smoker919 was reading to the model (and writing in the public chat) all the X-SPAM messages guys where trying to execute and blocked by his antispam.
Reading from history he stored in v2 storage so not only the active session in real time but the whole history since the model installed the app. Unluckily i lost the screen when my old laptop fucked up.

V2 apps are really dangerous because a shady developer like smoker919 can store almost everything happening in the room (all users joined, left the room with timestamp, how much they tips, all the tip notes and performing all the malicious actions as a V1 app can do - so basically transforming users messages rewriting completely, marking as X-SPAM all the messages, reading the tip notes, accessing hidden cam etc.
For sure V1 apps / bots are safer than V2 because they don't have the possibility to store anything among the stream sessions but the platform methods used behind to interact with the platform are the same.

I agree on this: there are so many free apps/bots that models:
- can use whatever they want and change whenever they encounter some problems
- or they can pay or ask for free developments to users they trust
- or totally don't use any apps/bots
The platform is self protected to not let apps to do anything so disruptive.
 
Upvote 0