FSLabs intentionally installing DRM that can steal your passwords

[Fetzie]

Even if they have a clause in the eula that would permit this, it would not be legally binding in the EU as private contracts cannot contradict laws. That's why steam has different eulas and ToS for Americans and Europeans.

[Zodiark1593]

I didn't know it was so easy to snatch passwords from a browser. The phrase "Like stealing candy from a baby" comes to mind.

[Yoinkerman]

Yes having your passwords stolen is definitely an appropriate response to pirating a game

[mr moose]

3 hours ago, Notional said:

Pirates don't have that issue. Imagine that.

 

DRM is getting increasingly draconian, with no point whatsoever. Just look at playready 3, that requires outright hardware to play streams. It's just too much.

This isn't DRM.  This is malware.  

[Wolther]

Wait.. is it that easy to take passwords from the chrome stored passwords? 

[billchen0014]

This sort of thing is so sad, as flight simulator community is a small one and when a relatively reputable company in that community does something like this the impact will be severe on the market that is already small and niche. 

[ItsMitch]

25 minutes ago, Wolther said:

Wait.. is it that easy to take passwords from the chrome stored passwords? 

If you know the path to your chrome directory, yes, very very easy. 

[vanished]

29 minutes ago, Wolther said:

Wait.. is it that easy to take passwords from the chrome stored passwords? 

I wonder how many people think that having the browser save your password is safe... it seems to be a common misconception.

[Nowak]

Stealing private information like passwords is worse than piracy in the eyes of the law, and if they intended on using the information in court against the pirates, lol tough luck, courts toss stolen information like that.

 

But this is also extremely worrying. What else are they planning on doing with the passwords they illegally obtained? Obviously affected customers should change their passwords and switch to a different password manager, but still.

[mr moose]

3 hours ago, Ryan_Vickers said:

I wonder how many people think that having the browser save your password is safe... it seems to be a common misconception.

As far as i am concerned nothing that stores passwords is secure.

[vanished]

8 minutes ago, mr moose said:

As far as i am concerned nothing that stores passwords is secure.

some things are better than others though... a lot better

[Arika]

8 minutes ago, mr moose said:

As far as i am concerned nothing that stores passwords is secure.

i would like to think my brain is rather secure

[mr moose]

1 minute ago, Ryan_Vickers said:

some things are better than others though... a lot better

 

1 minute ago, Sierra Fox said:

i would like to think my brain is rather secure

 

Yes, the notebook beside my computer cannot be compromised by software in any way shape or form. 

[Arika]

13 minutes ago, mr moose said:

 

 

Yes, the notebook beside my computer cannot be compromised by software in any way shape or form. 

unless you have a webcam that can be hacked into and has a view of the notepad

[vanished]

17 minutes ago, Sierra Fox said:

unless you have a webcam that can be hacked into and has a view of the notepad

This did occur to me tbh.  Also

42 minutes ago, mr moose said:

As far as i am concerned nothing that stores passwords is secure.

That implies the book is not safe either

[mr moose]

1 hour ago, Ryan_Vickers said:

This did occur to me tbh.  Also

That implies the book is not safe either

technically it's not, anyone can read it.  However it is orders of magnitude safer than any software solution, because to read it you physically have to access my house.

[Wolther]

7 hours ago, SC2Mitch said:

If you know the path to your chrome directory, yes, very very easy. 

 

7 hours ago, Ryan_Vickers said:

I wonder how many people think that having the browser save your password is safe... it seems to be a common misconception.

... well that’s cool I guess.. I use LastPass but I would think that stuff would be secured.. guess not. Is the “remember me” check boxes also unsafe or are those more secure? Cause I do use those sometimes if it’s something I use hourly 

[vanished]

Just now, Wolther said:

 

... well that’s cool I guess.. I use LastPass but I would think that stuff would be secured.. guess not. Is the “remember me” check boxes also unsafe or are those more secure? Cause I do use those sometimes if it’s something I use hourly 

"remember me" uses cookies and lastpass is something completely different, but using the browser's built in "remember password" function is very easy to get things out of.

[Capricorn180]

From what Ive read this is the same idiot that was responsible for a previous DRM for another flight simulator addon company PMDG, it pissed off the community as it would malfunction deleting legitimate users' installs (the entire game, not just the addon). It was the MD11 I believe and was pulled from their store some time ago.

 

The whole situation is sad, from their updates they believe they are in the right and only apologised for offending people. Even posted screenshots of pirate sites they obtained access to through the password theft on their forums.

 

will be interesting to see what the legalities are of packaging malware into trusted installers and masquerading it as DRM.  

[BlueChinchillaEatingDorito]

I've always viewed these companies that make products for niche markets to be enthusiast driven and thus, rather more trustworthy than your typical random add-on developer. This is very disappointing to hear. Can't trust anyone these days, not even in such a small niche community.

[Greenver_420]

Criminal code 1995 Cth. (Australia)

 

478.1  Unauthorised access to, or modification of, restricted data

 

             (1)  A person commits an offence if:

                     (a)  the person causes any unauthorised access to, or modification of, restricted data; and

                     (b)  the person intends to cause the access or modification; and

                     (c)  the person knows that the access or modification is unauthorised.

 

Penalty:  2 years imprisonment.

 

             (3)  In this section:

restricted data means data:

                     (a)  held in a computer; and

                     (b)  to which access is restricted by an access control system associated with a function of the computer.

[Nowak]

Tiny brain: Making a $150 add-on for a flight simulator

Growing brain: Making a $150 add-on for a flight simulator with no refund policy

Growing brain: Adding DRM to the add-on's installer

Galaxy brain: Making the DRM steal passwords

[Arika]

but wait. it gets better.

 

in their weak apology they stated

Quote

I also want to thank the majority of our customers who have declared their support and continued trust already but for those who feel their trust was violated, we feel it's only fair to offer full refunds of your paid P3Dv4 purchase, 

they are offering refunds. but this exchange was posted on reddit a few hours ago from someone trying to get a refund.

 

Quote

I submitted my request on Sunday, but they replied stating:

Dear <reddit user>, we've updated our installer to v232 which removes the DRM file in question. Please download the new version to alleviate your concerns. Thank you for your support!

My response:

That doesn’t alleviate my concerns at all. I have removed your product and I am one final time going to request a refund before I seek further remedy.

Leftheadass Calamari says:

What are the concerns not alleviated? The remedy is in place. How can we help you further?

Me:

The concerns are that malware was implanted in the installer which is a major breach of privacy, even though your company alleges the malware was not used for legitimate licenses. You don’t just remove that and pretend everything is okay again. I’m sure I’m not the only one who doesn’t trust you henceforth. You can help me further by deactivating my license and issuing a refund in the full amount paid. Very disappointed.

RADIO SILENCE.

they now think that because they removed the malware from the installer, there is no issue now and trying to get out of giving people refunds.....i foresee a whole bunch of chargebacks in FSLabs' future

[ItsMitch]

BRING ON THE LAWYERSSSSSSSSSSS

[Capricorn180]

30 minutes ago, Sierra Fox said:

but wait. it gets better.

 

in their weak apology they stated

they are offering refunds. but this exchange was posted on reddit a few hours ago from someone trying to get a refund.

 

they now think that because they removed the malware from the installer, there is no issue now and trying to get out of giving people refunds.....i foresee a whole bunch of chargebacks in FSLabs' future

Better still, users of the P3dV3 were given a free upgrade to the P3dV4 version of the addon, and are being refused refunds as the V3 version (according to fsl) didnt contain the malware. Meaning they were given the malware version and then no refunds as they originally purchased the V3. Flashbacks of Windows 10 upgrade debacle

 

/headscratch