An OPSEC community would probably say no, so I probably don't need to ask in those communities. But I'm curious about a (digital) pirate's perspective on this issue...

I mean, the sources listed here are supposedly "safe" right? But honestly, how much would you trust these "safe" sources?

When doing sensitive tasks like banking or filing taxes, do you:

Use a different OS on the same machine? (Dualboot)
Or put the pirated content inside a virtual machine?
Or just use a completely separate computer?

And since PC is much different than a Smartphone:

Would the extra sandboxing on Smartphones make pirating games on a Smartphone much safer compared to on a PC? (Not that there are much mobile games worth playing, just curious)

(PC in this context referring to all personal computers, regardless of OS)

And last question:

Non-installed/non-executable files such as .mp4 .mkv .mp3 .pdf .epub, are mostly safe right? I mean, you are using another program to opening it, not executing a file, there aren't much attack vectors as long as the video player / ebook viewer is up to date right? (Or am I understanding it wrong?)

you are viewing a single comment's thread
view the rest of the comments

[–] liliumstar@lemmy.dbzer0.com 10 points 1 week ago* (last edited 1 week ago)

I run such games on Linux now, mostly with wine/proton. There is some risk, sure, but I'd largely say that system is still secure. If something comes by and wipes out the system, I have snapshots of anything important, including root and home. If those are gone, I have versioned backups offsite and maybe offline. I don't expect to receive any malware targeting my somewhat esoteric software choices from windows games, so I feel okay logging into a secure sevice, for example, but I may have to adjust this in the future.

With regards to smartphones, I think there are so many holes that it's not much more secure, if any, than a paranoid desktop setup. From time to time I have installed random APKs and had extreme anxiety each time. I am massively more paranoid about my phone as I don't have real control over what's running on it. Hoping for more competitive open source solutions in the future.

Generally speaking, opening non-executable files is fine. There are and have been specific exploits which allow arbitrary code execution, but it's dependent on the application/library loading them. The bigger danger is files disguised as other things. This is especially bad on Windows as it likes to hide that information from users, or just execute random embedded vbscripts, or whatever. Also see the recent whatsapp mimetype bug/exploit. Certain things pose more of a risk than others. PDFs (thanks adobe) can embed arbitrary javascript which is meant to be executed. Same as web pages, of course, but browsers have a lot more attention to sandboxing.

Edit: I don't really run cracked software anymore, but I have VMs ready to go if need be. Would recommend others do the same.