Not sure if this fits here…
An OPSEC community would probably say no, so I probably don’t need to ask in those communities. But I’m curious about a (digital) pirate’s perspective on this issue…
I mean, the sources listed here are supposedly “safe” right? But honestly, how much would you trust these “safe” sources?
When doing sensitive tasks like banking or filing taxes, do you:
- Use a different OS on the same machine? (Dualboot)
- Or put the pirated content inside a virtual machine?
- Or just use a completely separate computer?
And since PC is much different than a Smartphone:
- Would the extra sandboxing on Smartphones make pirating games on a Smartphone much safer compared to on a PC? (Not that there are much mobile games worth playing, just curious)
(PC in this context referring to all personal computers, regardless of OS)
And last question:
- Non-installed/non-executable files such as .mp4 .mkv .mp3 .pdf .epub, are mostly safe right? I mean, you are using another program to opening it, not executing a file, there aren’t much attack vectors as long as the video player / ebook viewer is up to date right? (Or am I understanding it wrong?)
Clean copies of GOG games can be hash-checked. The only pirated games I really fuck with are GOG.
Although I wouldn’t be too worried even if I did because I’m in Linux, and anything I did would be sandboxed and closed off from the rest of the system since it’s running in a compatibility layer.
A compatibility layer like Wine is not a replacement for a true sandbox. Although Wine may have some basic sandboxing capabilities, the default wine configuration grants access to your home directory, which something like ransomware could take advantage of.
and even if you remove the Z: drive letter, in my understanding the software can still access your filesystem if it was prepared to call linux specific kernel functions, or if it has a copy of its own glibc or musl and is prepared to use it
Is that still the case if you use it in a flatpak e.g., Bottles?
You can configure launchers such as Lutris to run your games inside a proper sandboxing application such as “firejail”.
Just look into “Command Prefix” under Global Options in Lutris: a sandboxing app like firejail is used by really just running the sandbox app with the original command as a parameter of it, so that means you “prefix” the original command with the sandbox app and its parameters.
You can go as crazy as you want if you do sandboxing like that (down to only allowing access to whitelisted directories). In my case I’ve actually limited networking inside the sandbox to localhost-only.
that should patch it up, mostly. flatpak gives real isolation. It’s not 100% though, things can leak, like I think X11 access is unlimited, so wine programs can read other window contents, capture and inject keystrokes and mouse events if they are prepared to do it. but wayland windows they can’t see or even know if they are open. but they may still be able to mess with your bottles config and other things installed for the bottles flatpak container