Not sure if this fits here…
An OPSEC community would probably say no, so I probably don’t need to ask in those communities. But I’m curious about a (digital) pirate’s perspective on this issue…
I mean, the sources listed here are supposedly “safe” right? But honestly, how much would you trust these “safe” sources?
When doing sensitive tasks like banking or filing taxes, do you:
- Use a different OS on the same machine? (Dualboot)
- Or put the pirated content inside a virtual machine?
- Or just use a completely separate computer?
And since PC is much different than a Smartphone:
- Would the extra sandboxing on Smartphones make pirating games on a Smartphone much safer compared to on a PC? (Not that there are much mobile games worth playing, just curious)
(PC in this context referring to all personal computers, regardless of OS)
And last question:
- Non-installed/non-executable files such as .mp4 .mkv .mp3 .pdf .epub, are mostly safe right? I mean, you are using another program to opening it, not executing a file, there aren’t much attack vectors as long as the video player / ebook viewer is up to date right? (Or am I understanding it wrong?)
When you’re discussing your own OPSEC (Operational Security for those unaware), you have to evaluate and determine your personal threat profile. Generally speaking, you need to determine what risks you’re willing to accept, what risks you’re willing to mitigate, and what risks you will not tolerate. There’s a whole field of IT dedicated to this but the general idea is for you to understand that there is no perfect solution and everything is a trade off.
There is an inherent risk to downloading pirated software, especially software that you use for private activities (e.g. finances, etc.). With today’s landscape of mining crypto, I’d go so far as to say almost any pirated software is at risk of this.
I would agree that generally playing media files is relatively low risk (though there was a vulnerability I read about a few years back of a zip-type attack. The details allude me at the moment).
But for executables, you basically have two options:
- spin up a VM to host your executable, sandboxing it from everything else.
- trust the people who are providing the executable and run it on your computer
Personally, I avoid pirated executables. More often than not I can find a similar open source product that I can download. My risk tolerance is not only low, but I don’t see the benefits of using a particular company’s software especially if an open source is available.
You can also use a dedicated system for pirated games. My wife knows if I’m playing a legit game based on which computer I’m using. 😅
Strangely enough I’ve found that some kid in India or Russia distributing his crack doesn’t do it to control my PC or to infect it.
Big corporations that install root kits or use hyper invasive cheat software (even when no competitive mode even exists) are far more insidious and untrustworthy.
I worry more about the hidden telemetry of big apps more than some crack being infected. Hell even MS virus scan will throw up false flags because the software just isn’t a registered dev or will quarantine an exe in error (libremonitor for example).
yes. pirated software is suprisingly secure most of the time.
im also not running windows. malware not meant for proton is gonna have a bad time working.
I dont run non free software. All games are in emulators or i buy them on steam or get them free on epic and play via heroic.
Any ebooks or pdfs are scanned on virus total and one positive result is enough to get deleted. I also only read them on an old tablet and old kindle both from around 2011/12 with networking disabled. They are only used for this purpose.
I mean, I pirated the Windows 10 installation on my gaming PC. Massgrave scripts helped out though, so there’s that.
That said, I’m wiping Windows soon and installing LMDE. It’s the last Windows PC in my house (minus W11 work laptop - that doesn’t count though).
Let’s not be fooled by memes and buzz. Crackers don’t crack it to infect your computer and make money. They do it to le t others play the game. They benefit by getting to play some other game someone else has cracked and distributing. And maybe they enjoy it as it’s challenging. Cracking isn’t about infecting people’s computers. When some pirated game comes with some ransomware or trojan injected, probably it’s been done by someone else whose passion is totally different than that of the cracker. They take the crack, modify it and then redistribute it malware injected. So, maybe, by downloading popular torrents, I mean if you make sure it comes directly from the cracker group, you can avoid malware except the spyware the game manufacturer has put into it, of course.
I don’t consider anything with Windows safe. I do all of my non-gaming computing on my laptop with Linux.
Honestly I don’t run pirated software at all anymore. The risk is too high. If it’s a game then I’m happy to pay for it, and open source software covers pretty much everything else for me.
The only exception is switch games but they run through an emulator which is quite safe.
Most media files are safe but I’ve heard that PDFs of all files can be vectors.
I hadn’t really thought about it until reading this comment but I am definitely the same. I use to pirate so much software back in the day. But, I really just find myself looking for projects on GitHub that fit my needs.
I pirated a video upscaling program just to test it out. Topaz I think it was. But it was mostly just curiosity because it was very niche in it’s performance improvement over it’s open source alternative video2x.
That’s literally the only software I can remember pirating in the last 10 years.
If it’s good and requires a one time purchase. I buy it. Unraid is obviously going to be an example of that for a lot of people here.
I think I’ve spent more money donating “coffee” to good open source projects though. And going windows free for over 3 years now has been a big part of that. I can’t stand when I have to use Windows now. Work still forces it on me. But I literally only use it to SSH into my redhat VM.
All my piracy is media these days. And that’s only because the streaming services have basically reached the point that cable did back in the late 2000s.
Piracy has always been based on convenience rather than cost for me. “Piracy is a service issue” is the famous quote. Additionally it’s about services not giving you ownership over the thing you purchased. Which is what a lot of software has become.
Yeah, Gabe Newell definitely was quite forward thinking when he came to that conclusion, and I can definitely say it works well for my Steam Library.
Honestly at this point the main force that brings me to hunt for media is subscription services, since it always feels like a rug pull compared to alternatives. I paid for things on GOG, I get to keep the installers and back them up. I bought things on Steam, I’m not charged to reinstall or use them on other devices, and I can still download games that are delisted now (RIP poker night at the inventory).
Now that Blu-rays are going the way of Google Stadia, getting phased out, all I can really do is just rip any media I already have and download what I may need. FOSS tools have already replaced any subscription software I would use for my engineering work.
Yep. And I don’t have to use 10 different video player UIs. I can just use Plex. That lifetime pass from years ago has been worth it. Even if I know people are critical of Plex.
Yeah I used to pirate Adobe software religiously. Every version. Now I just use inkscape and suffer through the occasional GIMP session.
Same but photopea usually replaces Gimp for me now. Works in the browser and is basically Photoshop but without all the automated tools.
Yeah photopea is sick
Publisher matters. Some random website advertising a disk cleaning utility could be malware while a Fitgirl repack most definitely isn’t. Installing something from an official Ubuntu software repository is also pretty safe, while something from a 3rd party repository or community development library could be malware. I also generally trust PDFs from Anna’s Archive and Libgen or Internet Archive, because of the reputation loss to them if it were. You can minimize your risk to a tolerable level this way.
what about z-library?
If memory serves, Anna’s links to them if you check their “3rd party sources” links when doing an ISBN search.
When engaging in criminal activity, you have no “legal” recourse for malicious behavior, so you work on the web of trust instead.
If you can’t trust the software, nor the publisher, nor the hash verified by however many seeders, then don’t download it in the first place. Me personally, considering I install indie porn games on the regular and never once gotten a virus that I know of, I think it’s worth it to trust others.
Of course you could always go into paranoid zero trust mode but sometimes being a social being means trusting the criminal serving you free shit isn’t ratfucking your data
Instead the one that actually ratfucks my data is the game manufacturer that I’ve paid $100 for the game.
I run a few games posted by johncena141 on 1337x, so I consider it secure enough :p
If that dude hacked into your machine, you wouldn’t see him anyway 🤷🏻♂️
deleted by creator
vine boom sound plays
He’d probably just upgrade your drivers to the latest stable version for your distro and fix all those W: prints you see whenever a guide tells you to “sudo apt update”.
You know who you are and you’re me.
I don’t know if the malware that could be in these games work on Linux, but I take my time in picking torrents and pick ones through uploaders I know
That’s likely safe. But…
Most malware isn’t trying to make your computer unusable anymore. That was the old days when people just wanted their “hacking” acknowledged.
You can definitely still be running a crypto miner if you sudo’d something stupid you downloaded on Linux.
the games I pirate are all in my Lutris app which I installed as a flatpak on Linux, so they don’t have the necessary permissions to change important files.
also I install them in the virtual C: drive, and they normally shouldn’t thouch the virtual Z: drive. I don’t think a hack would do that because installing malware on the windows drive should be enough for most people pirating games
Thanks for the new rabbit hole 😂
I personally run all my games in Bottles (flatpak) with sandboxing on. Even if a game is available for Linux I still run the Windows version inside Bottles just so it’s slightly safer.
I mostly just avoid running pirated software. If I have to, I run the executable bits through stuff like virustotal first. And I keep my system updated.
