nopy.to discussion & feedback

[c3p0]

Maybe we should protest and stop using Paypal since they're basically the main reason they had to shut down

And behind Paypal are most times credit cards like Visa, Mastercard, American Express and so on.
So if we should stop using something it would be the credit cards. Otherwise Paypal would only be replace with another company and the same would happen again.
But I don't see it. As long as the violance is treated differently than pornography that will not change. Thus thanks all of your big companies, like Apple, Facebook, Twitter, Sony and a lot more, who try to dictate what we should seen and what we shouldn't see.

So, all - and myself included - would need to stop using anythings that is connected to them and I don't see that.

 

[c3p0]

I completely agree.... but, think back not too long ago we didn't have "Youtwitface" Google and stuff and got along just fine These invetions are just tools that sociaty made themselfs dependent on. Agreed life is faster so is the accsess to information, help and more... Still though, it's not like the world is going to "end" if we were to stop using social media, or would it

I don't use really use social media myself. Yet, Google (or Alphabet) and Apple, you can't really avoid them.
Have a mobile, then you support almost one of them. Same goes with payment proccessors, you can choose your evil, but it is very inconvenient to use none of them...

 

[Omi14]

Hey guys, I'm the creator of

You must be registered to see the links

. I know F95 Zone has been using the site for a while now, and I hope that you guys have had good experiences.

Nopy was created to provide fast and dependable downloads, with no ads and no logs. But all sites have their kinks, so thats why I'm finally creating a thread on here, to ask if there is any issues that you have faced while using it. Broken downloads, slow speeds, possible improvements, etc? Feel free to discuss (...or praise...) the site here.

If you feel like donating, you can do that via

You must be registered to see the links

or

You must be registered to see the links

<3

i've been using nopy since my first download in this side and, when i said this, i mean it: NOT EVEN ONCE and NEVER HAVE a single complain, trouble, problem or disappointment with nopy.

#1 downloader for me and for many people i'm sure of it. any new about your work of this special site that you've created, (pls) update us in this thread. since your work for this community (don't know how many more) has been discreet and fascinating; i didn't knew not having nopy for my downloads would left me without more options, since i realise it was the only one everyone uses that was SO EASY!

genuinly hoping for ur best, Thank you very much.

 

[brasileirinho]

This is why we need crypto. Payment companies have too much power.

 

[c3p0]

This is why we need crypto. Payment companies have too much power.

That solve everthing.
We have crypto already, yet as long as the currency (on the foremost bitcoin) has variance of numerous percent per day and as long as the energy consumption of one bitcoin transaction is over 1 million times higher than an VISA transaction. (Therefore a transaction would cost only because of energy usage around 250 $.)
I don't see that happens, regardles of how government handle the currencies and the loss of control over fiscal system...

Additional, "we" "need" a solution now, not in 5 or 10 years when the world have become a better placeor most certain not.

 

[RPDL]

The only decent solution is provided in the thread by some random person hosting a torrent, but who knows if we can trust every random guy hosting the games via torrent.

 

[RPDL]

I'm not accusing you of anything, but it goes without saying that theoretically you could modify the .exe-files before hosting the torrent. While at the same time, a developer/uploader of F95 could obviously do something likewise scummy, so downloading anything on this website is theoretically speaking not safe lol.

The 'safest' way is when the developer(s) of those games post MD5 checksums of the .zip file and executables, so people can double check if the checksum is correct.

Oh yea totally, I agree. There's always going to be an element of risk involved, it's part of the reason why I tag my torrents, post my own checksums and I've recently added a note to my comments stating where I post my torrents.

It's good to be cautious, it keeps you safe (for the most part).

 

[c3p0]

I'm not accusing you of anything, but it goes without saying that theoretically you could modify the .exe-files before hosting the torrent. While at the same time, a developer/uploader of F95 could obviously do something likewise scummy, so downloading anything on this website is theoretically speaking not safe lol.

The 'safest' way is when the developer(s) of those games post MD5 checksums of the .zip file and executables, so people can double check if the checksum is correct.

Assuming this site is corrupted, as yourself have written. How could anything published here then be safe?!

Checksums alone don't help. They only help to detect (or correct) bit errors and most (compressed) archive have this already. Also he do this already.

Only thing that would remove the risk some third party manipulate the file would b e cryptographic signed files and the relate public key published by the game dev on a host he have absolute control over.

 

[brasileirinho]

That solve everthing.
[/ISPOILER].

Strawman fallacy

But I agree with the remainder of the diagnostic.

The 'safest' way is when the developer(s) of those games post MD5 checksums of the .zip file and executables, so people can double check if the checksum is correct.

Why would they do that? They want people downloading only from their own sources to avoid piracy.

The warez groups are based on trust and reputation. It kinda works. Not 100% safe, but that's what you pay if you don't want to spend money on copywrighted stuff.

I think f95 administration and community should give torrents some love

 

[brasileirinho]

They provide it because anybody can modify anything in these ISO-files, both with or without malicious intent and host them somewhere else. With this SHA256 checksum you can verify the integrity of the ISO-file and prevent unnecessary consequences later.

But why would the game developer provide it? They don't want people downloading from other sources. Only from their patreon.

I would like the option for torrents, but then again F95 is not going to host torrents themselves so it would be nice if they add a MD5/SHA-checksum on the download page, so when you download a game via torrent or other websites that regular non-staff-members post, you can verify the integrity of the files.

Just add the magnet links, and let the community seed. The problem is that, today, uploaders NEED at least 3 DDL. This rule could be changed to TORRENT AND/OR 3 DDL.

 

[brasileirinho]

So who is going to create these torrents? Which tracker will they be using (if any) and who will keep seeding the games? How will seeding be handled for slightly older versions?

Yeah, that's what I'm talking about. All these answers need to be answered by the staff and community. And I wish it happens ASAP. Waiting until we run out of servers to host DDL is also an idea, but I think it's the worst one.

 

[c3p0]

Checksums that the developer or a trusted F95 staffmember posts can be compared to the checksum of any person hosting a torrent or upload to another host. If somebody makes any changes to the files, whether this is malicious or not would give you an entirely different MD5 checksum. It will not 100% guarantee anything as hash collisions can happen but the likelihood of that being the case is extremely small. (1 in 2^128 is only a 1 in 340,282,366,920,938,463,463,374,607,431,768,211,456 chance)

MD5 has been severely compromised. The complexity for an collision attack ist 2^24.1 (or 1 to 17 981 374) and can be solved within seconds. See

You must be registered to see the links

Some attack also exist for SHA1 or SHA2. However the security for this algorithm aren't as compromised as for MD5. But, for cryptography use, MD5 is dead.

Also from my understanding how games comes to the site it is either a uploader, mod, trusted user who give the links or it is simple a normal user that post the links in one of the many threads.
If either of them would have a malicious agenda, then both could change the game files (eg. add a new, unkown malicious code), upload it to file hoster and make any checksum codes you like to have.
As long as the post from the actual dev can't be look up, because paywall, you can't have any idea of the difference.
Only (theoretical) variant that would remove this issue would be cryptography signs for the games made by the dev and upload by him to a site that is in under his 100% control. Otherwise "we" would need to trust others than solely the dev of the game.

 

[jclosed]

Well - Just a few points I want to add to this discussion.

First of all - Yes Torrent files can be used for viral infection, but that's also true for uploaded files in any file sharing site. If the uploader has bad intentions it's very easy to spread your malicious software on any platform (for instance, if the file is big enough Google Drive does not even check for viruses).

And if you have a trusted uploader, that uploader can create and give a checksum. It does not have to be the developer at all. Lots of files here can contain viruses while none of them are from a torrent origin. Lots of files here are uploaded NOT by the developer, but by a trusted uploader. If that uploader did modify some files (or obtained that file from a contaminated source) there is nothing that can prevent infection (unless you have a very good file sharing site that does deep file virus detection). The last line of defense is always the end user's quality of virus protection.

So - In short. In my humble opinion using torrents together with a decent checksum created by the uploader is just as "safe" as using file sharing sites. If the uploader can't be trusted, it does not matter what medium he/she/it uses to spread malware. I know this is said already, but I think adding another user's viewpoint does not hurt.

 

[c3p0]

But it's not used for cryptography a.k.a. using it to hide a secret phrase like your password. It is used to compare checksums between two files.

If it is not use for cryptography purpose, then its only use is for integrity check. Same thing modern file achrives (eg. 7zip) already employ. So why add an additional layer on top of it, that doesn't use anything from the cryptography toolkit?
Everybody can make a checksum for any given file.
Everybody can make a link for a file and upload it here. Post that previously made checksum with the link and done.
Not everybody can add a virus to an exe, but it isn't impossible.
So the improve security is based on what? That we know have malicious software with a checksum?

 

[c3p0]

I don't think you fully understand what you can do with these hashes.

Sure, you think that. But I think, it is much more interesting, for me, that you think that I don't know that.

Now compare the hashes, are they the same? Both files have the same filesize and are changed on roughly the same time. So unless you use a decompiler and know how to read the code of the exe-files you will have no way of telling of any differences.

First, what proofs that? That hash works as they are intentend to do, without any ill-natured factors? They do, but then without any ill-natured factors we wouldn't have this discussion?

So, in a ill-natured environment how would a simple code as MD5 help?
Assumption:

• We have game (eg. like BaDik), packed into an archive on a file hoster for download and the corresponded (non-cryptography) hash.
• The game has none element in it (eg. virus) that is not needed for the purpose to play the game.
• Then you have one person who want to distribute a virus (or something similar) and use as an attack vector this game.
• The archive don't need to have the same data. They only needs to be around the same size.

Therefore:

• He will download the original archive, entpackt it and manipulate the files in it, so he can add his payload (clear text virus or something similar)
• He will make an archive and put it on a file hoster or make a torrent or what method ever, but it would available for the public.

Now, we have two ways:

1. He isn't the brightest blub in the basket and upload the archive without additional work
   1. MD5 checksum aren't the same and all can see that (if they know how to...)
2. He do a little more work and change the archive, so that the MD5 checksum are the same. As previous stated, for MD5 this is can be done innert a short time.
   1. MD5 checksum are the same and therefore a MD5 compare will add nothing in regard to security.

So, if you want to avoid evil mind number 1. it helps, but for evil mind number 2. it doesn't help.

I agree with you, it is much more simple to make a compressed version of the game, add a virus into the archive, modifed the exe, so instead of only running the Ren'Py game also start the virus and make a post in the thread and say that I have a smaller size than the orginal. Helps that then the checksums (regardles if MD5, SHA1/2/3, signed or not) are per definition different to the original.

For example:
Your String: cheese
MD5 Hash: fea0f1f6fede90bd0a925b4194deac11
SHA1 Hash: bcef7a046258082993759bade995b3ae8bee26c7

We're simply comparing if both files are fea0f1f6fede90bd0a925b4194deac11 or bcef7a046258082993759bade995b3ae8bee26c7, not trying to crack it to see if both are saying cheese.

So yes using it as a checksum for example storing Usernames and Passwords in MySQL it would definitely NOT be safe to use, but for deterministic goals as comparing two seemingly identical files, it should do it's job.

If you do that, then in all seriousness you should be whiped. Storing a password, even hashed into something without future ado is very bad pratice and is what rainbow table are here for. The very least someone can do today is using salt.

 

[c3p0]

You don't understand how immensely difficult it is to have two completely different files with the same MD5/SHA hash:
MD5: 2^128 chance
SHA: 2^160 chance
You're talking about 1 in 340+ undecillion chance that two different files can have the same checksum for MD5.

In short it's close to impossible to achieve and definitely not worth the effort/time it takes to achieve it and thus nobody would ever even bother attempting it to infect random people downloading porn. Perhaps one would attempt it if the target is a multi billion dollar company, but not a few randoms downloading porn games.

You're saying 'little work' but in reality "simply" cracking an SHA256 hash will take you longer than the earth has existed with the current generation of supercomputers. But having two different files with the same MD5 or SHA-hash would be equally impossible to achieve in a lifetime.

You don't seem to know what means a algorithm is broken.

MD5 has been severely compromised. The complexity for an collision attack ist 2^24.1 (or 1 to 17 981 374) and can be solved within seconds. See

You must be registered to see the links

The security of the MD5 hash function is severely compromised. A

You must be registered to see the links

exists that can find collisions within seconds on a computer with a 2.6 GHz Pentium 4 processor (complexity of 224.1).

You must be registered to see the links

Further, there is also a

You must be registered to see the links

that can produce a collision for two inputs with specified prefixes within seconds, using off-the-shelf computing hardware (complexity 239).

You must be registered to see the links

The ability to find collisions has been greatly aided by the use of off-the-shelf

You must be registered to see the links

. On an NVIDIA GeForce 8400GS graphics processor, 16–18 million hashes per second can be computed. An NVIDIA GeForce 8800 Ultra can calculate more than 200 million hashes per second.

You must be registered to see the links

And in general:

You must be registered to see the links

 

[c3p0]

You have zero understanding of what I'm talking about, WE ARE NOT CRACKING A CODE. We are trying to have two different files to end up with the same hash.

Thanks, you're right.

But for the discussion sake, MD5 is also cracked here, although only theoretical, with the complexity of only 2^123.4. And if we assuming supercomputer, then I would also assume wide used ASIC specialised in calculation SHA256. With up to 140 TH/s and up to 14 in a 48U rack (near 2 PH/s) it would come down to 1.94E54 years for SHA256 and one rack. If the same figures are applied to MD5 it will come down to 2.35E14. Neither of them are pratical.

 

[Rex01]

So this site is gone forever?
Respect for sticking till now.

 

[HoodGangsta]

Thank you nopy.to, it was a wonderful experience using your site. I'll be looking forward to your comeback.

 

[QQP_Purple]

I would wager to say that the overlap between people who have access to state of the art supercomputers and people who make it their mission to spread viruses over a porn piracy website is most likely insignificant enough for it not to be a concern.