AmberCutie's Forum
An adult community for cam models and members to discuss all the things!

Potential Chaturbate security vulnerability

  • ** WARNING - ACF CONTAINS ADULT CONTENT **
    Only persons aged 18 or over may read or post to the forums, without regard to whether an adult actually owns the registration or parental/guardian permission. AmberCutie's Forum (ACF) is for use by adults only and contains adult content. By continuing to use this site you are confirming that you are at least 18 years of age.
Status
Not open for further replies.
Jun 27, 2024
11
0
1
I have evidence that shows that someone is recording Chaturbate models without paying and is posting the recorded videos online. The person recording is able to record away mode, private shows (with or without spies), secret shows, and ticket shows.

The person doing the recording has targeted models that include independent models from Europe and Canada as well as multiple eastern European studios. I have proof that he is not paying for the videos that he has recorded from one studio. I am assuming that he does not pay for anything that he posts, though I do not have proof of that. In my opinion, the range of models affected suggests that Chaturbate has a security flaw that is allowing these recordings to happen and that it's probably not an issue with security at the models' broadcast locations.

I am making this post to make Chaturbate models aware that this is possible and to hopefully push Chaturbate to take action quickly. Chaturbate support has been contacted about this by one of the affected studios. If anyone from Chaturbate support sees this post and would like any information about this issue, please let me know.

To be clear, the models I have spoken with are aware of the risks involved with broadcasting on Chaturbate and are aware that they will be recorded at times. However, when they are recorded by a paying customer, the amount of recording time is limited by the customer's funds and time. This person is recording without paying and can record anything including away mode. This is not the typical risk associated with Chaturbate broadcasting.
 
You know you sound like a crazy person right?

Edit: you won't push anything without a lot more information.
I am reluctant to post the evidence directly on this forum as it would require posting links to the thread where these videos have posted or to the videos themselves. I don't want to drive more traffic to that thread or further invade the privacy of the models. However, the full evidence was provided to CB support including links to the content. The videos in question were all posted by the same forum user and they show the following:

-A secret show recording that starts in the public show and then seamlessly continues to the secret show. The model can be heard commenting that no one is in the show yet. Then you hear the tip sound and someone joins the show and she makes a comment about that. A paying customer would have to tip to get into the show, so there should have been at least a brief interruption in the video. The moderator would have been allowed in automatically, but he was not present for the other shows listed below.
-A seamless video of back-to-back privates with a brief away period and a brief public period. The video is totally uninterrupted even though the model was away. The person recording also did not have to restart spying at the start of the second private. The privates were with two different Chaturbate users.
-A private that had to be restarted that had a brief away period followed by a public period and then the private restarts. The video is uninterrupted through the away period and the person did not have to restart spying when the private started again.
-A private recording that extends into the away time after the private has ended. The model has confirmed that she was away in this part of the recording and about a minute of away time was recorded. Transactions show that nobody was being charged after the private ended.
-A private with no spies that was with a long-time customer of the model. That customer was not present for any of the shows mentioned above.
-Several more videos where the recordings are too long to have been recorded by any spies based on the models' transactions. They could only have been recorded by the person the model was in private with. This included a lot of different Chaturbate users (at least 12 different users), but the videos all posted under the same forum thread by the same forum user.
 
Upvote 0
I am reluctant to post the evidence directly on this forum as it would require posting links to the thread where these videos have posted or to the videos themselves. I don't want to drive more traffic to that thread or further invade the privacy of the models. However, the full evidence was provided to CB support including links to the content. The videos in question were all posted by the same forum user and they show the following:

-A secret show recording that starts in the public show and then seamlessly continues to the secret show. The model can be heard commenting that no one is in the show yet. Then you hear the tip sound and someone joins the show and she makes a comment about that. A paying customer would have to tip to get into the show, so there should have been at least a brief interruption in the video. The moderator would have been allowed in automatically, but he was not present for the other shows listed below.
-A seamless video of back-to-back privates with a brief away period and a brief public period. The video is totally uninterrupted even though the model was away. The person recording also did not have to restart spying at the start of the second private. The privates were with two different Chaturbate users.
-A private that had to be restarted that had a brief away period followed by a public period and then the private restarts. The video is uninterrupted through the away period and the person did not have to restart spying when the private started again.
-A private recording that extends into the away time after the private has ended. The model has confirmed that she was away in this part of the recording and about a minute of away time was recorded. Transactions show that nobody was being charged after the private ended.
-A private with no spies that was with a long-time customer of the model. That customer was not present for any of the shows mentioned above.
-Several more videos where the recordings are too long to have been recorded by any spies based on the models' transactions. They could only have been recorded by the person the model was in private with. This included a lot of different Chaturbate users (at least 12 different users), but the videos all posted under the same forum thread by the same forum user.

-???? The model did something wrong or the app developer, the video URL changes...it doesnt just hide the video on the browser, if it did then all the recording bots would have all hidden shows.

- Same thing as above, how is the model broadcasting? is she bouncing her stream from another service or split casting or something?

- Same point as the first, none of this should be possible.

- Same

- Same xD
 
  • Like
Reactions: KingMarti
Upvote 0
Are you talking about the site every single model on here is already aware of and that Chaturbate routinely seizes their domain names?
 
Upvote 0
-???? The model did something wrong or the app developer, the video URL changes...it doesnt just hide the video on the browser, if it did then all the recording bots would have all hidden shows.

- Same thing as above, how is the model broadcasting? is she bouncing her stream from another service or split casting or something?

- Same point as the first, none of this should be possible.

- Same

- Same xD
The models broadcast directly to Chaturbate using OBS. I am referring to four different models above. They are all experienced models (all streaming at least 1 year) and the recordings just started happening a few weeks ago. They have not changed what they do. They retrieve a new key from Chaturbate every time they broadcast and enter that into OBS. And they only stream to Chaturbate. None of them have accounts on other sites.

I am aware that the video URL changes. I believe that somehow the stream is being intercepted prior to being put behind the paywall. Otherwise away mode could not be recorded at all since that doesn't broadcast to anyone downstream from Chaturbate.
 
Upvote 0
Are you talking about the site every single model on here is already aware of and that Chaturbate routinely seizes their domain names?
No. That site only has the public shows as far as I'm aware. I'm referring to a forum where people post their personal collection of videos or videos ripped from the site every single model knows that has tons of private recordings.
 
Upvote 0
I am aware that the video URL changes. I believe that somehow the stream is being intercepted prior to being put behind the paywall. Otherwise away mode could not be recorded at all since that doesn't broadcast to anyone downstream from Chaturbate.

uh huh so basically what you are suggesting is some one has some how figured out what the video URL is going to be before its revealed. How did CB support respond to your email?
 
Upvote 0
The models broadcast directly to Chaturbate using OBS. I am referring to four different models above. They are all experienced models (all streaming at least 1 year) and the recordings just started happening a few weeks ago. They have not changed what they do. They retrieve a new key from Chaturbate every time they broadcast and enter that into OBS. And they only stream to Chaturbate. None of them have accounts on other sites.

are they perhaps all using the same obs plugin? perhaps they installed a compromised plugin?
 
Upvote 0
uh huh so basically what you are suggesting is some one has some how figured out what the video URL is going to be before its revealed. How did CB support respond to your email?
Either that or someone is intercepting at CB's ingestion port. My understanding is that the protocol that CB uses is not encrypted on its way to CB. That it's more security through obfuscation and not encryption. There are two other possibilities. One is that the studio has a security problem, but the guy is recording models from lots of studios, so I think that's unlikely. The other possibility is that it could be someone at CB, but I really hope that isn't the case.

According to the studio, CB responded with a form letter offering assistance with DMCA takedown of the videos but no assistance with the security issue. They did not even mention the security issue in their letter even though that was the main point of the message the studio sent to CB support. I'm really disappointed by that response. One of the models has had nearly every private show in the last three weeks post on the forum. Even if this was a problem at the studio, I would think CB would be interested in helping them solve it. This has to be costing CB money. The videos are not paid for and then I'm sure some people don't spy because they can just watch the videos for free when they post on the forums. The videos get thousands of views.

The other issue with just offering DMCA takedown assistance is that the videos get posted on DMCA-resistant or DMCA-proof hosts. It is very difficult to get these videos taken down. It would be much better if CB was offering assistance to help prevent them from getting recorded and posted in the first place. I understand why CB cannot stop all recordings by paying customers. However, this is different and it really should be addressed.
 
Upvote 0
are they perhaps all using the same obs plugin? perhaps they installed a compromised plugin?
I would guess that they are all using the same OBS version and plugins since most are broadcasting from a studio from the same rooms. Some that work for the studio are broadcasting from other locations and still getting recorded. I don't know if their OBS version would be the same.

I was wondering if this could be an issue because I could see it being a possibility that a corrupted plugin might be used by multiple models and even multiple studios.

Just saw your post about the parent company or tech support...I only have been corresponding with one studio (several models from one studio). I don't have any definitive information on the other studios' locations, owners or tech support. Their accents sound eastern European when they speak and that would be consistent with the studio I've been helping.

The guy on the forum posted a video of a ticket show from an independent Canadian model. She is in a different country from the studio I've been helping for sure. I have no idea if he paid for that or not. She is the only other model he's recorded that I know the location of.
 
Last edited:
Upvote 0
are they perhaps all using the same obs plugin? perhaps they installed a compromised plugin?
I checked into this and the studio has told me that they monitor the bandwidth that they use and they would see it if the data usage on a stream increased. They have not seen that. My understanding is that if a corrupted plugin was broadcasting to two different places, that it would use twice the bandwidth. Is that correct?
 
Upvote 0
I checked into this and the studio has told me that they monitor the bandwidth that they use and they would see it if the data usage on a stream increased. They have not seen that. My understanding is that if a corrupted plugin was broadcasting to two different places, that it would use twice the bandwidth. Is that correct?
A studio isn't telling you shit, I don't believe a word you say.
 
  • Like
Reactions: KingMarti
Upvote 0
A studio isn't telling you shit, I don't believe a word you say.
I have no reason to lie. I am trying to help some models with a problem they are having. All I want is for CB support to look at the evidence that I've gathered and for them to help determine where the problem is. If I couldn't prove what I'm saying about what the videos show, it would be pointless to try to engage with CB support.
 
Upvote 0
I am reluctant to post the evidence directly on this forum as it would require posting links to the thread where these videos have posted or to the videos themselves. I don't want to drive more traffic to that thread or further invade the privacy of the models. However, the full evidence was provided to CB support including links to the content. The videos in question were all posted by the same forum user and they show the following:

-A secret show recording that starts in the public show and then seamlessly continues to the secret show. The model can be heard commenting that no one is in the show yet. Then you hear the tip sound and someone joins the show and she makes a comment about that. A paying customer would have to tip to get into the show, so there should have been at least a brief interruption in the video. The moderator would have been allowed in automatically, but he was not present for the other shows listed below.
-A seamless video of back-to-back privates with a brief away period and a brief public period. The video is totally uninterrupted even though the model was away. The person recording also did not have to restart spying at the start of the second private. The privates were with two different Chaturbate users.
-A private that had to be restarted that had a brief away period followed by a public period and then the private restarts. The video is uninterrupted through the away period and the person did not have to restart spying when the private started again.
-A private recording that extends into the away time after the private has ended. The model has confirmed that she was away in this part of the recording and about a minute of away time was recorded. Transactions show that nobody was being charged after the private ended.
-A private with no spies that was with a long-time customer of the model. That customer was not present for any of the shows mentioned above.
-Several more videos where the recordings are too long to have been recorded by any spies based on the models' transactions. They could only have been recorded by the person the model was in private with. This included a lot of different Chaturbate users (at least 12 different users), but the videos all posted under the same forum thread by the same forum user.
I would assume that the forums acronym would be "SMG" without giving the forum away since you do not want to do that.. there's more out there that do this thing of course, but this one has been around FOREVER
 
Upvote 0
I have evidence that shows that someone is recording Chaturbate models without paying and is posting the recorded videos online. The person recording is able to record away mode, private shows (with or without spies), secret shows, and ticket shows.

The person doing the recording has targeted models that include independent models from Europe and Canada as well as multiple eastern European studios. I have proof that he is not paying for the videos that he has recorded from one studio. I am assuming that he does not pay for anything that he posts, though I do not have proof of that. In my opinion, the range of models affected suggests that Chaturbate has a security flaw that is allowing these recordings to happen and that it's probably not an issue with security at the models' broadcast locations.

I am making this post to make Chaturbate models aware that this is possible and to hopefully push Chaturbate to take action quickly. Chaturbate support has been contacted about this by one of the affected studios. If anyone from Chaturbate support sees this post and would like any information about this issue, please let me know.

To be clear, the models I have spoken with are aware of the risks involved with broadcasting on Chaturbate and are aware that they will be recorded at times. However, when they are recorded by a paying customer, the amount of recording time is limited by the customer's funds and time. This person is recording without paying and can record anything including away mode. This is not the typical risk associated with Chaturbate broadcasting.
Please provide your username or ticket number so I may pass it along to our Support team
 
Upvote 0
Please provide your username or ticket number so I may pass it along to our Support team
Thank you for responding. I am not the one that submitted the note to support. I will get the ticket number from one of the affected models. Should I post that here or send it to you in a private message?
 
Upvote 0
Thank you for responding. I am not the one that submitted the note to support. I will get the ticket number from one of the affected models. Should I post that here or send it to you in a private message?
If you are not the person who contacted help, support will not respond here. Even with a ticket number.
They will only communicate with the person that started the support ticket
 
  • Like
Reactions: punker barbie
Upvote 0
If you are not the person who contacted help, support will not respond here. Even with a ticket number.
They will only communicate with the person that started the support ticket
Thank you for the information. This is my first time posting on here, so I didn't know how it worked. If I get the person who originally contacted support to post on this thread, is that ok? Or should she start a new thread?
 
Upvote 0
You know you sound like a crazy person right?

Edit: you won't push anything without a lot more information.
Lol, right? Go to Github and you can get bots that do this automatically. They are just data scrapers. Sucks they think we're just data and free, but that's life until CB implements no anons to view. They never will.
 
Upvote 0
Please provide your username or ticket number so I may pass it along to our Support team
the ticket number: #23577749
Hey, Im the one who submitted the ticket. I really hope you can do anything to stop recordings of away mode and posting EVERYTHING what supposed to be hidden or remain private. CB responded with suggestions to remove the posted stuff, but it doesnt really makes sence. There will be just more new videous of models from studio and not only.
 
Upvote 0
-A secret show recording that starts in the public show and then seamlessly continues to the secret show. The moderator would have been allowed in automatically, but he was not present for the other shows listed below.

-A seamless video of back-to-back privates with a brief away period and a brief public period. The video is totally uninterrupted even though the model was away. The person recording also did not have to restart spying at the start of the second private. The privates were with two different Chaturbate users.

-A private that had to be restarted that had a brief away period followed by a public period and then the private restarts. The video is uninterrupted through the away period and the person did not have to restart spying when the private started again.

-A private recording that extends into the away time after the private has ended. The model has confirmed that she was away in this part of the recording and about a minute of away time was recorded. Transactions show that nobody was being charged after the private ended.

-A private with no spies that was with a long-time customer of the model. That customer was not present for any of the shows mentioned above.

-Several more videos where the recordings are too long to have been recorded by any spies based on the models' transactions. They could only have been recorded by the person the model was in private with. This included a lot of different Chaturbate users (at least 12 different users), but the videos all posted under the same forum thread by the same forum user.
How do you have all the above details about which users were or weren't in the room at each stage?
 
Upvote 0
How do you have all the above details about which users were or weren't in the room at each stage?
I wrote a computer program that allowed the studio to analyze the models' transaction history and give them a summary of who was present in each of the models' private or secret shows and for how long. They informed me of their findings without disclosing viewer usernames. Then I helped them write the note they sent to CB support.
 
Upvote 0
Status
Not open for further replies.