Boxee is an application for streaming video from the Internet and from machines on your local network. I run it on my HTPC. I recently noticed some strange HTTP traffic originating from my HTPC. Whenever you attempt to watch a programme with Boxee, a HTTP POST request is made to http://app.boxee.tv/action/add containing XML in the POSTed data, of the following format:
<message type="watch"> <timestamp>1306583038</timestamp> <object type="tv_show"> <boxee_id>[Numerical ID Scrubbed]</boxee_id> <episode>2</episode> <func_ref>new</func_ref> <name>Tis Better to Have Loved and Flossed</name> <season>1</season> <show_id>891118</show_id> <show_name>Breaking In</show_name> <thumb>http://boxee-proxy.appspot.com/400x0x85/?url=http%3A%2F%2Fthetvdb.com%2Fbanners%2Fepisodes%2F206751%2F4033031.jpg</thumb> </object> </message>
As a temporary fix, I have modified my networks transparent web proxy to block requests to http://app.boxee.tv/action/add and I haven’t noticed any negative impact or loss of functionality in Boxee.
One of the things Boxee does is scan your media and fetch thumbnail images. This also potentially leaks the content of your library, but is unavoidable if you want to fetch images. They don’t provide an option to disable this. I would like Boxee to come out and state that they simply don’t log requests for thumbnail images, or that it at least is anonymised and purged on a very regular basis. I doubt this is the case though.
I think I’m going to give XBMC another try. I don’t need any of the social features of Boxee, and I rarely use it to watch anything other than videos on my NAS anyway. I’m glad I built my own HTPC now, rather than buying a Boxee Box.