Jump to content

FSLabs intentionally installing DRM that can steal your passwords

Arika
By Arika
in Tech News
 Share
Go to solution Solved by daned33,

EDIT: Added ArsTechnica and Motherboard links

 

This story now has an article from Rock Paper Shotgun, but has original post on reddit

 

 

https://www.rockpapershotgun.com/2018/02/19/flight-sim-group-put-malware-in-a-jet-and-called-it-drm/

 

Motherboard Vice: https://motherboard.vice.com/en_us/article/pamzqk/fs-labs-flight-simulator-password-malware-drm

Ars Technica: https://arstechnica.com/gaming/2018/02/flight-sim-devs-say-hidden-password-dump-tool-was-used-to-fight-pirates/

 


I personally own the said flight simulator aircraft and am absolutely appalled by FlightSimLabs' actions with this blatant spyware in their software, wether it be for pirates or not, they are distributing malware to all their customers.

 

FlightSimLabs added a Chrome password dumper to their installer, and if someone used a known pirate key their information would be sent to the developers.

 

The CEO, Lefteris Kalamaras of FlightSimLabs himself stated:

Quote

 

If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us… That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).

This method has already successfully provided information that we’re going to use in our ongoing legal battles against such criminals.

 

 

Source: https://forums.flightsimlabs.com/index.php?/announcement/10-a320-x-drm-clarification/

 

Posted
1 minute ago, dalekphalm said:

No worries.

 

Anyway, I'm 99% sure this is illegal in Canada and the US. Probably in the UK, and Australia as well.

 

Just because pirating software is also illegal (depends on country), does not give them a free pass.

Definitely illegal in it's current form.

 

But my question was, if they disclosed very clearly that their DRM will extract passwords if they think there is a problem, would it be illegal then?

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
11 hours ago, mr moose said:

Definitely illegal in it's current form.

 

But my question was, if they disclosed very clearly that their DRM will extract passwords if they think there is a problem, would it be illegal then?

No. Yes.

 

Of course not.

 

That part of the EULA/TOS would be void and null. No user would willingly consent to those kinds of terms. Whether they're up front about it or not, them going into your browser and dumping your passwords is definitely illegal.

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
6 hours ago, dalekphalm said:

No.

 

Of course not.

 

That part of the EULA/TOS would be void and null. No user would willingly consent to those kinds of terms. Whether they're up front about it or not, them going into your browser and dumping your passwords is definitely illegal.

I think you just did the same mistake I did :P

 

6 hours ago, mr moose said:

if they disclosed very clearly that their DRM will extract passwords if they think there is a problem, would it be illegal then?

6 hours ago, dalekphalm said:

No.

 

Of course not.

 

 

6 hours ago, dalekphalm said:

No user would willingly consent to those kinds of terms.

You would be surprised by how incredibly obedient and complaint some people are.

I have no problem imagining some people agreeing to that because "well I have nothing to hide anyway, so why shouldn't they have my password?".

But that's why we need laws. To protect stupid people who doesn't know any better.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
5 hours ago, LAwLz said:

I think you just did the same mistake I did :P

 

 

 

You would be surprised by how incredibly obedient and complaint some people are.

I have no problem imagining some people agreeing to that because "well I have nothing to hide anyway, so why shouldn't they have my password?".

But that's why we need laws. To protect stupid people who doesn't know any better.

Lmao yep - totally thought he said legal. I corrected my post.

 

Exactly. But even in those cases, all you need to do is explain to them "that includes your banking too", and some of them will be like "WHAT? I DID NOT CONSIDER THIS THOROUGHLY!"

 

But you're right. There will always be morons that wilfully give away their privacy and rights out of misguided brand loyalty.

 

But even though they are "giving up" those rights, I don't think they legally can.

 

For example, a bank certainly wouldn't authorize you giving your login details to a random FSX add-on dev. Same with the CRA/IRS (tax bureau).

For Sale: Meraki Bundle

 

iPhone Xr 128 GB Product Red - HP Spectre x360 13" (i5 - 8 GB RAM - 256 GB SSD) - HP ZBook 15v G5 15" (i7-8850H - 16 GB RAM - 512 GB SSD - NVIDIA Quadro P600)

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
13 hours ago, LAwLz said:

I think you just did the same mistake I did :P

 

 

 

You would be surprised by how incredibly obedient and complaint some people are.

I have no problem imagining some people agreeing to that because "well I have nothing to hide anyway, so why shouldn't they have my password?".

But that's why we need laws. To protect stupid people who doesn't know any better.

 

8 hours ago, dalekphalm said:

Lmao yep - totally thought he said legal. I corrected my post.

 

Exactly. But even in those cases, all you need to do is explain to them "that includes your banking too", and some of them will be like "WHAT? I DID NOT CONSIDER THIS THOROUGHLY!"

 

But you're right. There will always be morons that wilfully give away their privacy and rights out of misguided brand loyalty.

 

But even though they are "giving up" those rights, I don't think they legally can.

 

For example, a bank certainly wouldn't authorize you giving your login details to a random FSX add-on dev. Same with the CRA/IRS (tax bureau).

 

I noticed but had an emergency to attend and couldn't respond.    

 

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing Tech News

×