Not sure if this fits here…

An OPSEC community would probably say no, so I probably don’t need to ask in those communities. But I’m curious about a (digital) pirate’s perspective on this issue…

I mean, the sources listed here are supposedly “safe” right? But honestly, how much would you trust these “safe” sources?

When doing sensitive tasks like banking or filing taxes, do you:

  • Use a different OS on the same machine? (Dualboot)
  • Or put the pirated content inside a virtual machine?
  • Or just use a completely separate computer?

And since PC is much different than a Smartphone:

  • Would the extra sandboxing on Smartphones make pirating games on a Smartphone much safer compared to on a PC? (Not that there are much mobile games worth playing, just curious)

(PC in this context referring to all personal computers, regardless of OS)

And last question:

  • Non-installed/non-executable files such as .mp4 .mkv .mp3 .pdf .epub, are mostly safe right? I mean, you are using another program to opening it, not executing a file, there aren’t much attack vectors as long as the video player / ebook viewer is up to date right? (Or am I understanding it wrong?)
  • CosmicTurtle0@lemmy.dbzer0.comMEnglish
    2·
    1 day ago

    When you’re discussing your own OPSEC (Operational Security for those unaware), you have to evaluate and determine your personal threat profile. Generally speaking, you need to determine what risks you’re willing to accept, what risks you’re willing to mitigate, and what risks you will not tolerate. There’s a whole field of IT dedicated to this but the general idea is for you to understand that there is no perfect solution and everything is a trade off.

    There is an inherent risk to downloading pirated software, especially software that you use for private activities (e.g. finances, etc.). With today’s landscape of mining crypto, I’d go so far as to say almost any pirated software is at risk of this.

    I would agree that generally playing media files is relatively low risk (though there was a vulnerability I read about a few years back of a zip-type attack. The details allude me at the moment).

    But for executables, you basically have two options:

    • spin up a VM to host your executable, sandboxing it from everything else.
    • trust the people who are providing the executable and run it on your computer

    Personally, I avoid pirated executables. More often than not I can find a similar open source product that I can download. My risk tolerance is not only low, but I don’t see the benefits of using a particular company’s software especially if an open source is available.

    • Geodad@lemm.eeEnglish
      1·
      4 hours ago

      You can also use a dedicated system for pirated games. My wife knows if I’m playing a legit game based on which computer I’m using. 😅