The torrents time server is just to allow your local browser to stream the videos that are being downloaded in a way that makes the browser happy and avoids mixed content issues. Why does it matter if the keys are shipped?<p>They're a workaround that don't improve or reduce security from what I can tell.<p>Edit: The more egregious parts of the security issues is due to any website being able to access that local server, the server running as root on OSX, etc. THAT is major.
Why use proprietary software when there's <a href="https://webtorrent.io/" rel="nofollow">https://webtorrent.io/</a><p>Is piratebay turning into another sourceforge or download.com?
I strongly dislike the idea of a CA going around revoking certs/keys just because the keys were leaked somewhere.<p>This road (as wished for by the author) is very dangerous - it reads to me: "If a software(-bug) or human error allows technically skilled personal to gain access to a private key, all connected keys shall be revoked".<p>This would apply to (possibly) millions of servers with e.g. vulnerable PHP versions or such stuff.<p>So. Torrents Time made a bad move. Why is that a CA-concern? Honestly, tell me.