Tight Poker

[jp]

Yep, I'd rather not have the slight edge that a software package supplies if it means they might close my account and take my funds.

[jukofyork]

Thanks for the post Juk and 'Hello!' as well, first time I believe we've met.

Hi, yes I new here - it was a post on "Yahoo Answers" in relation to the question about the dll which brought me here

I don't want to get too much exactly into details regarding Party and their DLLs, but what you've said is square on the ball in regards to Party hooking into users' computers. They're doing this to detect third party programs (such as finding the processes for Poker Edge, Poker Prophecy or bot development...) and will go to great lengths to even dig through browser cache to see if you have visited these sites.

Yes, I didn't mean to imply that I agree with people using banned software, just think these methods are very intrusive. I also think it seems very strange that they should try to catch users simply browsing websites, who don't necessarily use the software they are reading about. Using is very different to reading about IMHO.

I believe they even have the ability to do a screen scrape (screenshot) and upload it back to their team.

I can confirm this also, and after more investigation I have found another freeware utility called SnoopFree (http://www.snoopfree.com/) which can block and observe their screen captures. I also found a very interesting thread regarding this policy on the ProcessGuard site:

"I read a letter from a former employee of partypoker who quit because of how unethical the behavior was. Apperently $5/hr costa rican employees would pass around funny screenshots of peoples desktops which may include things like private bank acct info!!"

- See: http://www.wilderssecurity.com/showthread.php?t=110700&highlight=partypoker

A process guard is utility is so far the best way to stop Party from snooping across in other processes. There may be a way to lower the running privileges of Party's executable and sandbox it somehow, but I believe this is still being looked into.

I tried the obvious things like running in a restricted user area, and running with restricted privileges, but both cause the client to crash. Possibly using something like VMWare might get around this, but I think it will be terribly slow.

--------------------------------------------------------------------------------

I think this is exactly the case. Though I'm not a registered user, I will admit that I investigated Poker Prophesy. Their tabs are constantly changing description in an effort to trick PP into thinking that your not surfing their site. Though, I have SERIOUS doubts that this small cover-up does any good..... therefore I stay away from such sites all together.

Yes, I agree 100% and noticed that sadly somebody mentioned this was some kind of workaround to hide PokerEdge shortly after I posted this info on 2+2. I also doubt this will cover the use of such commercial banned software.

Like I said before, I don't condone the use of banned software, but at the same time I don't condone privacy invasion either (and if the post about "$5/hr Costa Rican employees" passing around information is to be believed, then I think I am not the only one!).

--------------------------------------------------------------------------------

Since making this post I have investigated more into the legal situation, and it appears that Party will be quite hard pushed to force users to disable things like process guard, as in some countries simply not protecting your PC against potential threats, opens the PC's owner liable for any misuse, and this would be equivalent to asking them to disable your firewall.

Hope this is of interest - Juk

[mervhage]

So a bunch of below-minimum-wage motherfuckers are taking screenshots of my bank account info????????????????????????

I hope they're watching me right now, b/c I want to send my warmest "GO FUCK YOURSELF YOU SCUM SUCKING LLAMA FUCKERS".

[jukofyork]

LOL, but I don't honestly know how credible that poster was, and he could be talking [censored]

But it does make you wonder... I have been asked to fax copies of identity documents and cards to them (and the skins) before, and was under the impression that these would be treated with high security...

Juk

[fishdawg65]

Where did you get your info about this dll from? Did you track it yourself?

[mervhage]

Where did you get your info about this dll from? Did you track it yourself?

Just saw it sitting on my desktop a few days ago.

[jukofyork]

Yes, I also saw a copy of llh.dll appear, thought it could be related to some kind of malware or Trojan and decided to disassemble it and take a look.

Looking at the disassembly I noticed that it imported three functions necessary for hooking windows messages/API calls (see: http://www.codeproject.com/system/hooksys.asp). This always should ring alarm bells, as this is exactly what is needed to make a global key-logger capable of stealing passwords etc.

I then (surprisingly) traced the dll back to the PartyPoker folder and realized after installing something called AntiHook that it was indeed PartyPoker which was installing this.

Juk

PS: It should be noted though that there are many useful/innocent uses of hooking and they are not always from malware and for example; both Amir's Blinder utility (see: http://www.playerview.net/) and my application which converts $'s to BBs (see http://forumserver.twoplustwo.com/showthreaded.php?Cat=0&Number=4150941&an=0&page=0#Post4150941) rely on hooking API calls inside of the Party client itself. Also Yahoo IM and MSN messenger both install hooks for them to work correctly, so don't instantly assume if it hooks something, then it is malware!

[beezee]

Is the Free version of process guard enough to block the spying. I'm not running any banned software, but I am (sadly) addicted to pr0n. I honestly don't feel comfy knowing a $5/hr guy in india can see the big boob pron playing on my second monitor... or really that he has access to my house security cameras. (via taking screen shots while I have my video playing software running)