←back to thread

Game launcher installs Root CA certificate on your machine (2024)

(github.com)
61 points vandalism | 4 comments | 07 Sep 25 01:13 UTC | HN request time: 0.932s | source
Show context
sneak ◴[07 Sep 25 01:39 UTC] No.45154582[source]
The entitlement of application authors to do whatever the fuck they want on your machine is astounding to me.

Root CAs, background processes 24/7, uploading of the full process list, clipboard spying, local network scanning, surveillance (aka telemetry) - when did developers decide that our machines aren’t ours anymore?

replies(5): >>45154600 #>>45154605 #>>45154643 #>>45154652 #>>45154741 #
chmod775[dead post] ◴[07 Sep 25 01:43 UTC] No.45154605[source]
[flagged]
1. VoidWhisperer ◴[07 Sep 25 02:10 UTC] No.45154744[source]
The work being OSS and done free of charge doesn't excuse them from putting their users at unnecessary risk, especially when it is done so with only a one line mention in their github README and no mention on their website, which doesn't point towards the README at all
replies(1): >>45155045 #
2. chmod775 ◴[07 Sep 25 03:04 UTC] No.45155045[source]
It should not, but they still don't owe it to you or anyone to change anything.

You're not paying them. There's no transaction. They're not even giving the software specifically to you, rather they're saying "this is free for anyone to pick up" - with no warranty of any kind.

When you pick up some free furniture from the roadside, it's on you to determine whether it meets your safety standards. If the free table you picked up has some defect, you most certainly don't ring someone's doorbell and demand rectification.

replies(2): >>45155077 #>>45155181 #
3. benreesman ◴[07 Sep 25 03:10 UTC] No.45155077[source]
Nah, distributing rootkits under false pretenses is a dick move.

That's not even a little controversaial. You put a thing on the web that says "Just a harmless XYZ" and it roots TLS forever?

Malware. Black and white.

4. vandalism ◴[07 Sep 25 03:36 UTC] No.45155181[source]
This assumes that all users are informed enough to make such decisions.

You cannot expect the average player of an online game to have the technical knowledge necessary to discern whether a piece of software is safe to use or not. Even if you could, you'd also be expecting them to take the time to do a proper analysis of such software, which I do not think is a reasonable premise.

What's more, this is open-source software we're talking about and you can actually relatively easily perform meaningful security checks; imagine if this were not the case.