Sorry to dissapoint, but there is no hand details being passed back. There is simply a http request passed every 20 seconds that consists of:
Code:
GET http://api.mutatum.net/gateway/gateway.inc.php?instr=handsPlayed&rk=FFCGHQHHTHEETF8SW&comp=2 HTTP/1.0
User-Agent: TCValidator
Host: api.mutatum.net
Pragma: no-cache
This is part of the "hand counting" system (you get it unlocked after 500 hands).... i've played thousands, so I don't see why it's necessary...
[paranoia]
the only good reason to waste that kind of bandwidth is to maintain a connection so that the server can suddenly return a special code (other than "OK" which is the standard reply) ..... and then it would be possible for all your most paranoid fears to come true.
kinda like a sleeper agent
[/paranoia]
this much i can tell you - it's not sending any hand history right now. but then as a true paranoid would tell you: that's because they know we're watching.
it's also worth noting that they don't encrypt or pack or otherwise obsficate their application to prevent analysis or decompiling. if they are hiding even the *capability* of being able to do something like has been suggested, it would be very easy to prove.
if you care - it's a 5 minute job to put together a PHP script that responds with the required:
Code:
HTTP/1.0 200 OK
Date: Tue, 31 Mar 2009 03:36:52 GMT
Server: Apache/2.0.52 (CentOS)
X-Powered-By: PHP/5.2.5
Content-Length: 2
Content-Type: text/html; charset=UTF-8
X-Cache: MISS from localhost
Connection: close
OK
and change your "hosts" file to direct the traffic to your own php server that returns "OK"
i'll even write it for you and host it, and if it starts sending me all your hole cards, i'll let you know.
maybe.