Kodi has warned that unofficial add-ons could be used to spy on users to ascertain whether or not they are watching content illegally.
We have written before about the risks of using Kodi add-ons to access copyrighted content as well as the confused legal situation around whether streaming content is actually against the law.
The warning comes after it emerged that the domains of three add-ons from the TVAddons Repository, which closed down suddenly last month, had been transferred to a Canadian law firm, DrapeauLex, with no reason for the action being given.
The demise of the TVAddons Repository
TVAddons was the biggest repository for unofficial Kodi add-ons and is reported to have had up to 40 million unique users. It provided access to around 1,500 add-ons which allowed users to stream both legal and illegal content.
It was home to a number of Kodi’s most popular add-ons but went offline last month shortly after it emerged that its developers were being sued through the Federal Court system in Texas.
Many of these add-ons have now found new homes in other repositories, but users are often still connected to the version they downloaded from TVAddons. The transfer of the 3 domains to a Canadian Law firm indicates that the domains which are being used to update these add-ons are no longer under the control of TV add-ons.
With no party to the ongoing legal case around TV add-ons being willing to comment on the issue, the concerns being raised now are that legal entities are in control of the TV Addons domains and could be using them to spy on users to see if they are accessing content illegally.
Kodi Project Manager Nathan Betzen has spoken to the TorrentFreak website about the risks users may now face.
Spyware threat a real risk
“The person [in control of] the repo[sitory] could do whatever they wanted”, he explained. “If some malware author wanted, he could easily install a watcher that reports back the user’s IP address and everything they were doing in Kodi. If the law firm is actually an anti-piracy group, that seems like the likeliest thing I can think of.”
The likelihood is that were this the case, users would notice pretty quickly as the add-ons use Python code which Betzen says is pretty easy to read.
He has acknowledged that this is a ‘worst case scenario’, but it is nevertheless a viable on and in the absence of any genuine information, it is not unreasonable for users to fear the worst.
Whilst it is conceivable that the sites are just being taken offline by anti-piracy groups, it is not unheard of for law enforcement bodies to take over a site and then use it to incriminate users.
What the current system serves to highlight is how much the Kodi updates system relies on trust. Users are reliant on the trustability of the repository they are using, but the reality is those repositories can use updates to download anything onto devices.
How to protect yourself
If you are a Kodi users who has installed add-ons from the TVAddons repository, it is highly advisable that you update your add-on to redirect it to its new repository or else wipe your system altogether and download your add-ons afresh.
It also serves to emphasise how important it is to use a VPN when streaming content through Kodi. A VPN can help to hide your identity should you inadvertently stream content which is copyrighted, whilst it also encrypts all of your online data to secure it against hackers and prying eyes.
You can see our recommendations for the best VPN to use with Kodi at this link, while if you are using Kodi on an Apple Fire TV Stick, our recommendations are here.