Warface (closed beta) is actually a spyware?

[Arclight]

Hello fellow TR forumists,

Recently i received an invite for participating in the Warface closed beta. After going through the usual stuff of setting up a username and confirming e-mail i reached a point where i was asked to install a plug in for the browser (currently it only supports Chrome and firefox afaik) and to my surprise it asked me to allow it to have access to all my browsing history and all the data on my HDD.

<<<<<<<<<<Click for screenshot/hosted on imgur>>>>>>>>>>>>

Isn't that a SPYWARE or am i wrong?

Please discuss bellow.

Background information
Warface is a upcoming first person shooter, free to play game which is developed by Crytek Kiev. It uses the Cryengine 3 and it will have closed maps, as far as i can tell and probably no vehicles. It will try to target CoD fans with a simillar style of play but better graphics and a few features specific to games like Crysis. Here is a video of the gameplay

[Waco]

There's no chance I'd let that install on my machines. Some profiling? Sure. All browsing history and all HDD storage? Not a chance.

[Arvald]

you see the same on phone apps... devs get lazy and just ask for 100% access.

Likely they want a directory on the HDD to run the game data from

[SuperSpy]

Yeah, either the devs are lazy or they really are malicious and are hoping normal users won't notice.

Either way I wouldn't let it install.

[auxy]

Yah -- that Chrome permission amounts to "write to the hard drive without the rest of Chrome being involved"; in other words, without downloading a file -- so it's *probably* not as sinister as it seems. Crytek is a reliable and fairly honest company -- but I probably wouldn't install it either. (;ﾞ°´ω°´)

[Captain Ned]

Yah -- that Chrome permission amounts to "write to the hard drive without the rest of Chrome being involved"; in other words, without downloading a file -- so it's *probably* not as sinister as it seems. Crytek is a reliable and fairly honest company -- but I probably wouldn't install it either. (;ﾞ°´ω°´)

Sounds like someone may be posing as Crytek to take advantage of the HTML5 local storage bug that Chrome hasn't closed yet.

http://feross.org/fill-disk/

[auxy]

http://feross.org/fill-disk/

Eheh, well, that doesn't require a permission. If they wanted to do that, they could just do it! (;´Д`)

There's a reason I don't use Chrome, tho. ┐(￣ヮ￣)┌

[MadManOriginal]

Yah -- that Chrome permission amounts to "write to the hard drive without the rest of Chrome being involved"; in other words, without downloading a file -- so it's *probably* not as sinister as it seems. Crytek is a reliable and fairly honest company -- but I probably wouldn't install it either. (;ﾞ°´ω°´)

Sounds like someone may be posing as Crytek to take advantage of the HTML5 local storage bug that Chrome hasn't closed yet.

http://feross.org/fill-disk/

It affects Chrome, Safari and IE according to the page you linked. Did you not read the page, or do you just hope that people don't read links?

[Captain Ned]

It affects Chrome, Safari and IE according to the page you linked. Did you not read the page, or do you just hope that people don't read links?

Um, the OP was using Chrome and I was merely pointing out that this could be an exploit of the HTML5 local storage bug.

[ludi]

At the risk of pointing out the obvious...it's a browser-based application that apparently uses install files on the local hard disk. In the broadest sense, it can access all data on the computer, and it can access your browser history. But so can Steam and quite a few other applications that use browser integration, and the fact that we're not used to thinking about it that way is more of an indictment of the Windows security model than of Crytek.

How/when/why the application will attempt to do so is another question entirely, at which point you have to decide whether or not you trust the publisher.

[auxy]

It affects Chrome, Safari and IE according to the page you linked. Did you not read the page, or do you just hope that people don't read links?

How rude. You don't have to leap to the defense of your favorite products when you assume someone else is attacking them. That's called fanboyism. (≧σ≦)
That said, in his defense...

Sounds like someone may be posing as Crytek to take advantage of the HTML5 local storage bug that Chrome hasn't closed yet.

Read quickly, it's easy to assume you're implying it's a bug in Chrome rather than the larger vulnerability. I know you're not, but it's an easy mistake to make. I read it as "this is a bug that Chrome has", rather than "this is a Chrome bug", so I didn't have a problem with it, but someone less rational than me -- :looks at MMO: (;¬_¬) -- might not read it correctly.
This kind of semantic nonsense is what happens when people are way too sensitive about other people's implications -- if you take everything at face value like I do, life is much simpler and communication works much better.（＊＾∇゜）v

In the broadest sense, it can access all data on the computer, and it can access your browser history. But so can Steam and quite a few other applications that use browser integration, and the fact that we're not used to thinking about it that way is more of an indictment of the Windows security model than of Crytek.

This is a good point! Gold star for you.
(ﾉ･ｪ･)ﾉ⌒☆

[Arclight]

At the risk of pointing out the obvious...it's a browser-based application that apparently uses install files on the local hard disk. In the broadest sense, it can access all data on the computer, and it can access your browser history. But so can Steam and quite a few other applications that use browser integration, and the fact that we're not used to thinking about it that way is more of an indictment of the Windows security model than of Crytek.

How/when/why the application will attempt to do so is another question entirely, at which point you have to decide whether or not you trust the publisher.

Wait what? I thought Steam's access to local files only extended to hardware configuration. Have i been living a lie? Sure it might have the capability of accessing everything but just as well it should be stated in the TOS (or EULA?) that they would not use Steam for such purposes or otherwise they would face legal action. Was i wrong this whole time?

[auxy]

Wait what? I thought Steam's access to local files only extended to hardware configuration. Have i been living a lie? Sure it might have the capability of accessing everything but just as well it should be stated in the TOS (or EULA?) that they would not use Steam for such purposes or otherwise they would face legal action. Was i wrong this whole time?

:lol: Are you serious?!

Any application software that runs locally can do anything it wants to your PC, and it doesn't have to tell you, and you didn't have to agree to it. Most EULA include a line or two mentioning that anything the software does to your PC is not the creator's fault, meaning you don't even have legal recourse if their program breaks your PC.

[Arclight]

Any application software that runs locally can do anything it wants to your PC, and it doesn't have to tell you, and you didn't have to agree to it. Most EULA include a line or two mentioning that anything the software does to your PC is not the creator's fault, meaning you don't even have legal recourse if their program breaks your PC.

I'm not talking about modifying other local files and/or breaking the PC. I'm talking about that software being used as a spyware, surely there must be rules laws against it, right?

[cheesyking]

No one has mentioned Ubisoft yet?

Just look at what happened when they tried to do something similar. Their plugin allowed anyone to remotely read, write and execute whatever they wanted on your local machine.

Browser plugins are bad M'Kay

[jihadjoe]

^ I'd extend that to DRM programs are bad.
I'm not installing any of that crap on my main box, not even Steam.

[JustAnEngineer]

You're missing out on a lot of great games if you're not willing to use Steam. This is especially true during their big sales.

[wiak]

well any real game install will have to have full access, why? how else can they have full access sound, graphics card, etc?

when i say real i mean any game you buy in store that are high quality graphics in them
Crysis Series, Half-Life Series, Left 4 Dead etc all use full access to system unless the user is restricted to standard user not admin

so basicly this game will have to talk to the chrome plugin outside chrome

[auxy]

^ I'd extend that to DRM programs are bad.
I'm not installing any of that crap on my main box, not even Steam.

I object a little to the characterization of Steam as a "DRM program", even though in the literal sense, that's what it is. ＼(°o°；）

It's also so much more than that, though; it's a chat service, a news service, an auto-updater (remember Fileplanet.com? there's a reason it stopped being relevant) and a community resource, not to mention a handy-dandy game launcher. You can even add your non-steam games to Steam, just so you have all your games in one place! ヾ(＠°▽°＠)ﾉ

I hate DRM as much as the next anti-DRM zealot -- NeelyCam pissed me off so much in a comment thread the other night with his pro-DRM trolling that I told him to "go and die" -- but the DRM functions of Steam aren't restrictive and don't impact anything else you do with the machine.

[JustAnEngineer]

You can even add your non-steam games to Steam, just so you have all your games in one place!

I do it so that my Steam friends can see that I'm currently playing Guild Wars 2.

[ULYXX]

Yeah, either the devs are lazy or they really are malicious and are hoping normal users won't notice.

Either way I wouldn't let it install.

I just found the subject topic of the thread, your posting and username amusing.