All that you need in Costa Rica is a "data transmission license". It doesn't require any sort of oversight that I am aware of like any respected gaming jurisdiction would.

Hopefully you guys are recording some data with wireshark from current tables, I can't anymore as I have been IP banned.

Also that file I posted, I am mostly an observer. I was only sitting for a small number of hands, the rest I was just watching games.

If that data I posted was indeed unencrypted, that is pretty huge news to my non-tech ears. Is that a correct reaction?

Yes...
In your pcap I can see you were dealt 4 hands:
3d 5s 8d Tc
Jd 8h 6d 4s
2h Ks 5s 4d
6d Td Ac 5d

And btw: checked again some minutes ago, still not encrypted.

Spacebidder, your findings?

-m

Thanks to all those doing work to expose what's going on.

This is probably nothing but I noticed the few hands I did play I saw that after being dealt my hole cards my IP sent something to 255.255.255.255 each time. I have read what this address is but to be honest don't totally understand it. Is there any chance it was then sent elsewhere? I suppose that would show up as going to a seperate IP address, which I didn't see, but I just wanted to ask.

So you're saying you could write a simple script at your end to see what hole cards PBP is dealing you without using their client? AND someone at a network node can see what hole cards are being dealt to multiple players in real time? And they can do this today? Please to hear this is not the case for other poker sites.

Found this :

255.255.255.255 is a subnet broadcast as it broadcasts to anyone on your local network . Do you happen to have networking or file sharing enabled? It is basically harmless, unless it gets in. Have seen a lot of sync/ack packets from port 80 to non-existent addresses on a network.
Hackers are spoofing source addresses to
attack a host, but you are just caught in that, as an innocent victim. If ISPs would filter their customer's packets (to prevent spoofing), you would no longer see those packets. I have also seen syn/ack packets from 255.255.255.255:X
Just make certain your FIREWALL is blocking them, by frequently reading the security logs.

I only tested play-money but traffic still appears to be unencrypted. (No way i am actually depositing there to test real-money tho. If someone wants to ship me a microstakes stack for testing purposes, pm me plz )

And no, this is obviously not standard. Sites are supposed to use strong encryption for any poker-client traffic.

Are you the same muckthenuts from NB/PTP..?

Yes.

Yes, Yes, Yes, and .... yes, hmm, we do not know everything about all poker sites. They can still try to convice you (like PBP) that they use strong encryption and that they are the most secure site in the world. Not many people take the time to verify this.

-m

Wow. That's pretty sick. Could you explain in layman's terms what a network node is exactly and who manages one of them? Is this like a regulated thing or can anyone (any hacker?) set one up and sniff for interesting things like PBP hole cards? If a node is "close enough" to PBP then theoretically they could see all hole cards at all games?

I think its worth adding that encrypting the client<->server communication is relatively easy and inexpensive. There is basically no reason for sites to NOT use strong encryption.

Thats why i do not believe that PBPs traffic has been unencrypted all along.

That doesn't make sense to me though. It was unencrypted a month ago, and still now, so why should we think it has ever been encrypted? It really just looks like they have horrible programming.

IE

face down hole cards,
blind bugs,
note bugs,
inability to get hh,
inaccurate blinds in hh,
others I am sure i'm forgetting right now

I agree with the first part, but why disable it now? that does not make any sense.
If they can not "re-enable" the encryption within a day (or 2) from now, I find it difficult to believe that it has been enabled before (and that they even are able to encrypt hole cards, player actions, chats...).

Lets see how long time it takes before they encrypt the data

-m

Hy i've read this thread and i don't know what to say.I've been playing the site since 2006 and i have never suspected it for cheating.I am up on this site with more then 100k in winnings in those 3 years and i play it regulary-i have to say i usualy play the long-hand tables wich on pitbull means 10 players-i was winning constantly from those donks the site is crowded with.Since 2007 the site came along with the short hand tables(6) and i couldn't find anymore my regular game since everyone was playing the shorthanded tables.I have tried to play them but i started to loose constantly to those donks i had so many profits before-i tryed to change my strategy but is just not working-i reach to the conclusion that i'm not made for that-i just can't adapt my game to the donky world-those short fast handed table is nothing but that-don't know this guy who posted this thread but he says is a pro-wich i doubt(pro on 5nl-yea right)-small stakes are for grinders like myself-but maybe u are not playing the right games for youre style-also take in consideration that the platform is used also by a sportbook site wich brings a loot of donks with money who actually don't really care playing 500$ after winning thousands on there sportsbets and chase u down with minimal odds-one thing is for sure-whenever i played tight and agressive i won-as the shorties that are on tables think a bit-if they could see youre cards why not come full buy in and take u down one shot-no need for all that trouble with small staks-they are just there to take a shot-luky shot in my opinion.I don't think the stuff with superusers and such-i think u just play youre style on the wrong tables and wrong stakes-I played absolute poker before the scandal they had with potripper seeing the whole cards-after the scandal i witdraw my money and moved to another site-never went back,never complained-maybe u should do the same-i am doing very well on this site and would be a pitty to lose all those donkey money are there just cuz u are fustrated or not playing the right games for youre style or bankroll.
cheers

Given how much updating PB have been doing of their pages recently, I am going to insist that they take this misleading statement off their "Welcome" page. We here at 2+2 know now that this is just so much guff, but new and inexperienced players will take it at face value.

For this statement still to be on the site so long after it has been exposed as false is bordering on the cynical. Remove it, please.

Mods plz IP check above poster. I'm laying odds on Costa Rica

Huh? If you define "pro" as someone who makes their living playing, I know plenty of pros that play 1-2 NL and some that play .25-.50.

I found that the card data was not encrypted. You are correct.

Is your continued misspelling of my screen name deliberate? Not that it bothers me, some find that to be a funny alternative, as I did the first hundred times or so people used it.

For the ones who are looking at hole card packets with wireshark, here is a much better filter: tcp contains "*115%"

-m

Actually it wasnt on purpose, I am sorry about that.

Well, i guess its possible they never had encryption set up correctly. Just assumed nobody would be careless enough to launch a poker site without a tested client<->server encryption.

As why to disable it later: One obvious reason would be to make cheating possible. (Or they were dealing with performance issues and tried to decrease load by disabling encryption?)

But you are probably right, they should be long aware of it by now, and would have enabled it again if they could.

Btw, i did some more playmoney testing and was able to reproduce moofz results. At least for playmoney, hole-card information is definitely transmitted unencrypted.

Shill for PBP seems obvious, new account, first post, in the midst of controversy, supporting the site.

Over/under on ban coming?

Me too. And since the application lets you choose playmoney or real money in the same menu, it's doubtful that the communication protocol changes for real money. I'm not depositing to find out.