Not sure if this fits here…

An OPSEC community would probably say no, so I probably don’t need to ask in those communities. But I’m curious about a (digital) pirate’s perspective on this issue…

I mean, the sources listed here are supposedly “safe” right? But honestly, how much would you trust these “safe” sources?

When doing sensitive tasks like banking or filing taxes, do you:

  • Use a different OS on the same machine? (Dualboot)
  • Or put the pirated content inside a virtual machine?
  • Or just use a completely separate computer?

And since PC is much different than a Smartphone:

  • Would the extra sandboxing on Smartphones make pirating games on a Smartphone much safer compared to on a PC? (Not that there are much mobile games worth playing, just curious)

(PC in this context referring to all personal computers, regardless of OS)

And last question:

  • Non-installed/non-executable files such as .mp4 .mkv .mp3 .pdf .epub, are mostly safe right? I mean, you are using another program to opening it, not executing a file, there aren’t much attack vectors as long as the video player / ebook viewer is up to date right? (Or am I understanding it wrong?)
  • ReversalHatchery@beehaw.orgEnglish
    5·
    4 days ago

    and even if you remove the Z: drive letter, in my understanding the software can still access your filesystem if it was prepared to call linux specific kernel functions, or if it has a copy of its own glibc or musl and is prepared to use it

      • Aceticon@lemmy.dbzer0.comEnglish
        5·
        3 days ago

        You can configure launchers such as Lutris to run your games inside a proper sandboxing application such as “firejail”.

        Just look into “Command Prefix” under Global Options in Lutris: a sandboxing app like firejail is used by really just running the sandbox app with the original command as a parameter of it, so that means you “prefix” the original command with the sandbox app and its parameters.

        You can go as crazy as you want if you do sandboxing like that (down to only allowing access to whitelisted directories). In my case I’ve actually limited networking inside the sandbox to localhost-only.

      • ReversalHatchery@beehaw.orgEnglish
        3·
        3 days ago

        that should patch it up, mostly. flatpak gives real isolation. It’s not 100% though, things can leak, like I think X11 access is unlimited, so wine programs can read other window contents, capture and inject keystrokes and mouse events if they are prepared to do it. but wayland windows they can’t see or even know if they are open. but they may still be able to mess with your bottles config and other things installed for the bottles flatpak container