Netflix Party Is Now Tele
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Overview
Teleparty is a browser extension for watching TV remotely with friends, e.g., for movie nights with that long-distance special someone. It synchronizes video playback and adds group chat to your favorite streaming sites.
Join over 20 million people and use Teleparty to link up with friends and host long distance movie nights and TV watch parties today!
As of Feb 1 2026, version 5.5.2 of Teleparty is up and running with support for 9 services for free, including Netflix, Youtube, Disney Plus, Max and more. Premium users can also subscribe to unlock our iOS app, video chat, premium features like custom reactions, and 23 extra streaming services.
Feel free to reach out to us at team@teleparty.com if you have any questions or run into any issues. Our typical response time is within a few hours.
For those users who may be confused and are looking for Netflix Party, you're at the right place! In version 2.0.0 of Netflix Party we added support for three streaming services, with many more on the way. As part of this update we renamed Netflix Party to Teleparty.
Version 5.5.2+ changes & Release Notes:
https://www.teleparty.com/changelog
Version 5.1.8 changes:
-Bug fixes for Amazon and Paramount ad-based plans
Version 5.1.7 changes:
-Bug fixes and improvements for Amazon Prime Video, Disney+ (ad-based plans), Fubo, Youtube TV, and JioHotstar
Version 5.1.5 changes:
-Apple TV quality improvements
Version 5.1.4 changes:
-HBO Max and Hulu quality improvements for ad-based plans
Version 5.1.3 changes:
-Crunchyroll, Netflix, Paramount, and Amazon quality improvements and fixes
Version 5.1.1 changes:
-Improvements for guests joining parties
-Streaming fixes for Fubo, Max, Sling and Apple TV
Version 5.1.0 changes:
-Additional Amazon and Youtube fixes
Version 5.0.9 changes:
-Amazon Prime Video and other fixes
Version 5.0.8 changes:
-Disney+ fix for breaking change
Version 5.0.7 changes:
-Disney+ and Spotify fixes
Version 5.0.6 changes:
-Disney Plus fixes & quality-of-life improvements
Version 5.0.5 changes:
-Fixes for Crunchyroll, Disney+, and Youtube
Version 5.0.4 changes:
-New feature: All chat - Chat and watch along with the entire Teleparty community
-Moderation and UI improvements (no longer on by default)
Version 5.0.3 changes:
-Fixes for Amazon Prime Video
Version 5.0.2 changes:
-Bug fixes and quality improvements for Hulu & Youtube
Version 5.0.1 changes:
-Quality improvements and bug fixes
-Allow hosts to disable reactions
-Fix intermittent disconnects
-Improve joining user experience
-Spotify search fix
Version 5.0.0 changes:
-Manifest v3 support
-Quality improvements for Disney+ and Prime Video
Version 4.6.0 changes:
-This month we're adding support for Spotify!
-Disney+ next episode fix
-PlutoTV and Apple TV+ fixes
Version 4.5.9 changes:
-Fix for new Disney+ layout
Version 4.5.8 changes:
-Quality improvements for Netflix, Peacock, Amazon Prime Video, Sling, and Youtube
-Improves GIFs in chat sidebar
Version 4.5.7 changes:
-Fixes for Hulu and PlutoTV, and Amazon Prime Video's new ad-based plan
-This month we're adding 1 new premium service: Viki
Version 4.5.6 changes:
-This month we're adding 2 new premium services: Philo and Fubo
-Quality improvements to fullscreen mode, Tubi's sidebar and Disney+ ad synchronization
Version 4.5.5 changes:
-Fix joining issues on select services
Version 4.5.4 changes:
-This month we're adding 2 new services: Disney+ MENA (free) and Sling TV (premium)
-Quality improvements to Disney+ parties
Version 4.5.3 changes:
-This month we're adding 3 new premium services: Mubi, Stan, and Crave
-Fixes for Apple TV and Paramount+ parties
Version 4.5.1 changes:
-Fixes for Crunchyroll parties with ads
Version 4.5.0 changes:
-Tubi and PlutoTV parties as free services
-JioCinema parties for free users
-Fixes for Netflix and HBO Max
Version 4.4.7 changes:
-Fixed issues where some users could not log in or sync because of overloaded servers
Version 4.4.5 changes:
-Add forgot password login page, and fixes a few typos
-Added Premium support for Apple TV+
Version 4.4.3 changes:
-HBO Max and Paramount+ parties - Fixes Ad synchronization on ad-based plans
-Crunchyroll parties - Fixes playback "unclickable video" issue experienced by some users
Version 4.4.2 changes:
-Improvements to Max and Paramount+ parties
Version 4.4.1 changes:
Fix breaking change that caused users to be unable to join Amazon and Hulu parties
Version 4.4.0 changes:
-Added Premium support for Funimation
-Fixes for Max and Paramount+
Version 4.3.0 changes:
-Added Premium support for Hotstar and Star+
-Add Max Support in the US (Free)
Version 4.2.1 changes:
-Peacock TV improvements
-Fix Amazon Prime Video links in popup
Version 4.2.0 changes: Peacock Parties and quality improvements
-Added Premium support for Peacock
-Fix bug where Paramount+ parties would not work for some titles
-Fix synchronization issues on Disney+
Version 4.1.0 changes: Upgrade your parties with Video and Voice Chat!
- Premium Video / Voice chat support for the extension
- Youtube + Paramount bug fixes
Version 4.0.3 changes:
-Added Free support for Youtube TV
-Crunchyroll Fixes
Version 4.0.2 changes:
-HBO improvements
-Fix confusing wording on Select a video screen in extension popup
-Fix bug where changing your premium reactions would log a message in chat
Version 4.0.1 changes: Launching Teleparty Premium!
-Added Teleparty Premium support for Paramount+, Crunchyroll, and ESPN+
-Show off with premium badges, customize your reactions and personalize your chat experience
-Save 43% when you sign up this month!
Tags
Privacy Practices
Security Analysis — Netflix Party Is Now Tele
Permissions
Code Patterns Detected
External Connections
What This Extension Does
Teleparty (formerly Netflix Party) is a browser extension that enables users to synchronize video playback across supported streaming services—such as Netflix, YouTube, Disney+, and others—and communicate via group chat while watching with friends remotely. It targets individuals seeking shared viewing experiences over long distances, offering both free and premium features including video chat and reactions.
Permissions Explained
- activeTabexpected: Allows the extension to interact with the current tab you're visiting—e.g., reading page content or injecting scripts only while you’re on a supported streaming site.
Technical: Grants temporary access to the active tab’s DOM and metadata. In Manifest V3, this is more restricted than 'tabs', but still allows dynamic manipulation of the current page during user-initiated actions (e.g., joining a party). If compromised, attackers could hijack session state or inject malicious UI overlays. - storageexpected: Permits storing and retrieving data locally on your device—such as party IDs, chat history, preferences, or authentication tokens.
Technical: Uses chrome.storage API (likely sync/local) to persist user settings and session metadata. If unencrypted sensitive data (e.g., auth tokens) is stored insecurely, it could be exfiltrated via compromised content scripts or malicious extensions with storage access. - scriptingexpected: Enables the extension to inject and modify JavaScript in web pages—necessary for synchronizing playback controls across services.
Technical: Uses chrome.scripting API (Manifest V3 replacement for 'content_scripts') to dynamically execute code on supported domains. This grants full control over page JS execution context, including access to window objects and event handlers. Misuse could enable persistent XSS or data scraping. - alarmsexpected: Allows background scheduling—e.g., for periodic sync checks or retry logic when reconnecting to a party.
Technical: Uses chrome.alarms API for delayed/recurring tasks in the service worker. Low-risk permission; typically used for resilience features like reconnection timers.
Your Data
The extension accesses and stores local data related to your viewing sessions (e.g., party IDs, timestamps) and communicates with Teleparty’s servers—including api.teleparty.com, www.teleparty.com, and third-party streaming APIs—to coordinate playback and relay chat messages. It does not appear to collect keystrokes beyond intentional UI interactions (e.g., typing in chat), but the presence of global keyboard listeners warrants scrutiny.
Technical Details
Code Findings
The extension uses a JavaScript pattern that builds and runs new code at runtime—this is unusual in well-structured extensions and could be exploited to execute hidden malicious logic if an attacker compromises the extension.
Technical: Found usage of new Function(...) or similar eval-like patterns (e.g., in bundled JS files like dist/main.js). This bypasses Content Security Policy (CSP) restrictions that normally block inline scripts. Attackers could inject arbitrary code via compromised CDN assets or memory tampering.
💡 Sometimes used for plugin architectures or dynamic polyfills, but rare in modern Manifest V3 extensions due to CSP enforcement and security best practices.
The extension listens for nearly all keyboard input on the page—including in unrelated tabs—which means it *could* record passwords, messages, or other private typing if misconfigured or compromised.
Technical: A global keydown/keyup listener is attached to document (e.g., via window.addEventListener('keydown', handler)), not scoped to chat input fields. While intended for keyboard shortcuts (e.g., spacebar to pause), the handler receives full event data including key, code, and modifiers—potentially capturing all typed content.
💡 Common in media-focused extensions for universal playback controls, but should be strictly limited to focused inputs or specific UI states.
The extension builds parts of its UI by inserting raw HTML strings—this is efficient but can accidentally run malicious scripts if any input (e.g., chat messages) isn’t properly sanitized.
Technical: Multiple instances of element.innerHTML = ... and insertAdjacentHTML() found in chat rendering logic (e.g., chat.js). If user-generated content (like GIFs or reaction text) contains embedded <script> tags or event handlers (e.g., onerror), XSS could occur.
💡 Standard pattern for dynamic UI updates; acceptable if all inputs are escaped via trusted libraries (e.g., DOMPurify).
The extension uses older JavaScript techniques (like String.fromCharCode and unescape) to hide text strings in code—this is often used for obfuscation, which can mask malicious behavior.
Technical: Found encoded strings decoded at runtime using String.fromCharCode(...) and legacy unescape() calls. Common in minified/bundled code but may indicate attempts to hide API endpoints or payloads.
💡 Used by build tools (e.g., Webpack) for dead-code elimination or to reduce payload size; sometimes used to hide secrets temporarily.
The extension’s background process downloads and executes JavaScript from external domains—this breaks the principle of least privilege and introduces supply-chain risks.
Technical: Service worker (background.js) dynamically creates <script> tags pointing to https://redirect.teleparty.com/... or similar, bypassing CSP. This allows runtime injection of arbitrary JS without manifest updates.
💡 Sometimes used for feature flags or hotfixes, but increasingly discouraged in Manifest V3 due to security risks.
A string resembling an API key or token was found embedded in the extension’s code—while likely a placeholder, it could be misused if exposed publicly.
Technical: In config.js, a constant const API_KEY = 'teleparty-xxxxx' appears hardcoded. Not cryptographically sensitive (e.g., no private keys), but may grant access to telemetry or staging endpoints if reused elsewhere.
💡 Common in dev builds; should be moved to environment variables or secure config services in production.
Teleparty is a widely used extension with a clear legitimate purpose—remote synchronized viewing—but contains several high-risk code patterns that deviate from modern security best practices. The global keystroke capture and dynamic script execution are particularly concerning, as they could be exploited to steal sensitive data or hijack sessions. Users should only install this if they fully trust the developer and understand the privacy trade-offs; consider using alternative solutions with stronger security postures (e.g., native browser features or audited open-source tools).
