DoNotPay Now Lets You Share Online Subscriptions Without Divulging Your Password

DoNotPay, the digital lawyer that shot to prominence for its bot that helps drivers appeal parking tickets, has launched a new product aimed at consumers. With the DoNotPay Subscription Sharing Chrome extension, anyone can share access to their online accounts -- like Spotify, Netflix, Disney+ -- without divulging their password. From a report: To use the service, you need to install the DoNotPay Chrome extension, after which you'll be prompted to verify yourself by entering your mobile number and submitting an access code that is sent by SMS. Then, whenever you're logged into a website that you would like to share, such as Netflix or Spotify, you can tap the little DoNotPay icon at the top of the browser and then hit Generate Link. You'll be able to copy a link to share or enter a recipient's email address and push the Send Invite button. The recipient also needs to install the Chrome extension and verify themselves through DoNotPay, as this enables the sender to maintain control over who has access.

The account owner is able to revoke access at any time Joshua Browder, founder of DoNotPay, said there are no hard limits in terms of how many people you can share a link with. However, it's worth noting that many services automatically restrict the number of devices that can stream content simultaneously. [...] In terms of the underlying technology, DoNotPay effectively enables the secure transfer of a logged-in session by encrypting cookies for the website that is being shared.

Yep

[Jakester2K]

This'll last long....

Re:

[AmiMoJo]

It may prompt Netflix to be more proactive at stopping account sharing, but it's not easy for them. You are allowed to share your account with your family and that includes their mobile devices, so they will see a lot of random IP addresses coming in all the time.

Re:

[ShanghaiBill]

Netflix doesn't need to figure out how to block the random IPs.

They can just sue DoNotPay to shut down this service.

There is legal precedent (e.g.: Napster) that facilitating peer-to-peer copyright infringement is illegal even if the facilitator does not participate in the copying.

Re:

[mark-t]

This is even more blatant enabling than Napster was, in fact, because with Napster at least there was a plausible fair use claim that could have easily existed for many napster users, for example, providing a means of accessing music that was legally stored on your own computer from a remote location. I don't know if anyone ever actually used Napster that way, but it was certainly theoretically possible.

There is no reasonable use case for this new service that actually complies with streaming services'

Oh good

[Anonymous Coward]

Now I can blame someone else for all those Anonymous Coward posts.

Re:

[BrainJunkie]

You have this confused. This is the DoNotPay extension, not the DonutPay extension, which is the one that allows you to pay your taxes in donuts and there is nothing the IRS can do about it.

Re:

[Bodie1]

If you have donuts, you can offer them and not get the tickets in the first place.

Re:

[Dunbal]

the one that allows you to pay your taxes in donuts

When you REALLY need the local police to look the other way...

Sounds like a really bad thing

[rldp]

I bet it shares your checking account the same way.

This is the opposite of something you should install on your device.

Re:

[geekmux]

I bet it shares your checking account the same way.

This is the opposite of something you should install on your device.

[Digital Criminals in Unison] - "Oh, I totally disagree. I think this is exactly what you need to install on your device. In fact, here, let me help you by installing this browser plug-in..."

Bad indeed. Talk about gift-wrapping data exfil for the Insider Threat.

soo...

[sizzlinkitty]

the same thing as lastpass which has been around for multiple years.

Why?!

[DontBeAMoran]

I understood the reason for all his other services. He helped cut through bullshit, unwanted crap, etc.

But this? It's not like those services are overpriced, or have hidden fees, or are hard to cancel... Sure it sucks if what you want to watch is not on the one service you're using right now, but this is only entertainment, and it's something you decided you wanted to pay for.

I'm not siding with him on this new endeavour.

Re:

[Tx]

Yes, the ethics is debatable. I suppose the rationale is that as long as these service allow account sharing, and that the reality is that people are widely doing it, then might as well provide a method that allows them to share access to the account with actually sharing their password, which is undoubtedly better from a security standpoint.

However the flip side, which I guess you're alluding to is that it might encourage people to share accounts more widely than before, with people who they wouldn't share

Re:

[Tx]

*without

I think this one crosses the line

[the_skywise]

Anybody can share usernames/passwords and that should never be a crime (even if it's against the TOS).
But session IDs are issued by the service provider and, thus, are "owned" by them so a legal case could be made that this is actual "service theft". Let alone the security implementations of sharing cookie data with ACs

Re:

[DaveV1.0]

The Terms of Service are a contract one agrees to when one signs up for a service. If one violates the Terms of Service, one can be banned from the service. it is also quite possible for the Terms of Service to state that if one shares one's password then one agrees to be charged for multiple accounts to the number of concurrent uses and then be banned from the service.

Just because one is not committing a crime, it doesn't mean one can't be punished if one agreed to the punishment.

Re:

[the_skywise]

Right - but if it's a "crime" then the extension can be forcibly removed by the courts and the creator/corp punished as facilitating "crime".

Re:

[sizzlinkitty]

Seems like a way around restrictions is to setup a squid proxy, that way every stream would be coming from the same identical ip address. I haven't tested this method though and have no idea how html5 video behaves being pushed thru squid or if it works at all. Also I assume netflix deploys webRTC which could be used to bypass squid.

Re:

[account_deleted]

Comment removed based on user account deletion

Dumb idea

[Robert Goatse]

Why would you share your Netflix account or Disney+? Once they figure out 10 people are streaming simultaneously, your account is the one that gets censured/suspended. This only hurts this sharer.

Re:

[DaveV1.0]

And, they could decide to change the ToS so one agrees to pay for whatever number of accesses they can find, change you for xXaccounts for Ymonth and then suspend/cancel one's account.

It could very well cost someone a lot of money as well.

Re:

[WallyL]

Netflix only allows so many streams at a time. There are tiers of accounts, and you can pay for a 2-simultaneous-stream account, or for a 4-simultaneous-stream one. This limit actually works in my observation. So long as no more than 4 streams are happening at once, which is enforced, you're good to go! So, nothing to lose on Netflix anyway.

Re:

[tlhIngan]

Netflix only allows so many streams at a time. There are tiers of accounts, and you can pay for a 2-simultaneous-stream account, or for a 4-simultaneous-stream one. This limit actually works in my observation. So long as no more than 4 streams are happening at once, which is enforced, you're good to go! So, nothing to lose on Netflix anyway.

Until the providers realize they can easily counter account sharing by limiting streams, but in a different way. Right now if you exceed the stream limit on Netflix, it

Great idea.

[Rip!ey]

Why would you share your Netflix account or Disney+? Once they figure out 10 people are streaming simultaneously, your account is the one that gets censured/suspended. This only hurts this sharer.

A lot of people seem to be missing the point with this. It's not simply to enable sharing, as that already happens. It's to enable sharing without sharing the password, such that the sharing permissions are controlled and can be revoked by the sharer. Like Mum and Dad letting Junior use their login, without Junior giving the password to all their friends.

When you look at it from that angle, this becomes a legitimate service, and it's the streaming providers who are the ones who should be providing it. I

Re:

[Wycliffe]

This is basically how Netflix and Disney plus already works. You log into the app on their phone for them and then hand the phone back to them. The app has no access to billing and the child doesn't know the username or password. No need for a service like this unless your kid is in a different physical location.

Since we are on that subject . . .

[sgt_doom]

Dude! I'd appreciate it if you would also slam Common Dreams/Truth-out/Cory Doctorow/Dan Savage/ locally (The Stranger/Crosscut --- in Seattle area)/ Nakedcapitalism.com/rawstory.com and every effing anti-free speech site or person who has deleted my comments and/or banned me from their site due to my fact-based comments. Thanx!

Broken out of the box

[PAjamian]

This is going to be broken out of the box. Many, possibly even most sessions store the client's IP address server-side and if the session is attempted to be resumed from an different IP it gets dropped so that the client has to re-authenticate. Sharing the session credentials as this does will only cause the IP check to fail and the session will get dropped anyways.

It's only $6.99/month!

[MobyDisk]

Why would you need to pirate Disney Plus or Netflix? One is $7/month and the other is $8/month. The broadband connection you are streaming on costs on average $60/month. (US prices on all these). Is there some reason people would prefer to pirate an inexpensive service like this? Sheesh.

Re:

[Riceballsan]

I'd assume the fragmentation. 6 or 7 a month isn't much... but when your 10 shows are split accross, hulu, netflix, CBS all access, Peacock, amazon prime, appletv, hbo and I'm sure I'm forgetting a few. At that point you start pairing up with friends... each one subscribes to one or 2... everyone pays 10-20 a month instead of full cable prices.

Wow

[Malays2 bowman]

DoNotPay will be shut down faster than you can say "This domain is now available to purchase". If not, this will be abused so much that it will collapse the universe.