Timeline for An unrelated program (Clash for Windows) links to FFmpeg libraries. Can it be spyware?
Current License: CC BY-SA 4.0
17 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Feb 15 at 19:12 | audit | First answers | |||
| Feb 23 at 8:31 | |||||
| Feb 3 at 10:36 | audit | First answers | |||
| Feb 3 at 10:37 | |||||
| Jan 30 at 22:37 | audit | First answers | |||
| Jan 30 at 22:38 | |||||
| Jan 30 at 8:39 | audit | First answers | |||
| Jan 30 at 8:39 | |||||
| Jan 29 at 17:41 | history | edited | grawity_u1686 | CC BY-SA 4.0 |
It looked ugly
|
| Jan 29 at 10:54 | comment | added | Bob | Minor pedant note: VSCode still uses Electron, and as far as I can tell there are no current plans to move away from it. Meanwhile MSTeams did shift over to Edge WebView2 recently. | |
| Jan 29 at 8:48 | comment | added | Guanyuming He | Yes, I cannot avoid its monitoring what I do on the Internet. That's why I usually speak vaguely and do not tend to comment on non-technical matters in popular platforms. Anyway, I felt that if I could be certain that it was spyware, then I could notify some of my friends and record evidence of such things actually being done. And I cared about the safety of my passwords, etc., that cannot be obtained by monitoring my traffic if I am using secure protocols. | |
| Jan 29 at 8:46 | comment | added | Guanyuming He |
You are right in that it theoretically does not need FFmpeg to capture and stream my screen. It still needs to call certain Windows APIs, though, as it's run as a normal user.
|
|
| Jan 29 at 8:46 | comment | added | grawity_u1686 | Right, but even being a proxy relay still gives it direct access to traffic that you're sending through it... | |
| Jan 29 at 8:43 | comment | added | Guanyuming He |
It can be used as a VPN, but I have been careful by never running it as Administrator (and used its installer to install only for me, which does not require Administrator privileges). This way it cannot install a virtual network adapter and cannot monitor all my traffic. I have only used it as a proxy relay. Considering this, I have been more sensitive to things that a normal user can also do --- so I asked this question when I found out it loaded FFmpeg libs.
|
|
| Jan 29 at 8:26 | comment | added | grawity_u1686 | @GuanyumingHe: If it were spyware, you could not determine that just from the DLL list. The issue is that it's already a VPN app, i.e. privileged by its nature; it has access to your network traffic as part of its function – meaning that it can already monitor and divert that traffic without any additional DLLs, just with small updates to its "core" tunneling code. (Not to mention, you're already allowing it to install its copy of the TAP driver, which is even more risky if you don't know where that came from – hopefully it's the official OpenVPN driver, at least.) | |
| Jan 29 at 8:18 | history | edited | grawity_u1686 | CC BY-SA 4.0 |
added 66 characters in body
|
| Jan 29 at 8:13 | comment | added | Guanyuming He | This intelligence is really valuable to me. Thank you. In fact, I would rather hope this program is not spyware --- For some reasons I cannot say publicly, I have to use proxy programs to normally browse the Internet. This one was open source but got its repository deleted under intervention by some force. So I have to be careful lest its official website be tampered and malicious code be added to its binary. | |
| Jan 29 at 8:11 | history | edited | grawity_u1686 | CC BY-SA 4.0 |
added 66 characters in body
|
| Jan 29 at 8:08 | vote | accept | Guanyuming He | ||
| Jan 29 at 7:48 | history | edited | grawity_u1686 | CC BY-SA 4.0 |
added 55 characters in body
|
| Jan 29 at 7:43 | history | answered | grawity_u1686 | CC BY-SA 4.0 |
