So what are the risks of having illegal ROMs, anyway?

Crush

Legal answers are useless if no one cares to ask what country/legal jurisdiction you fall under.
For instance in my country it's not (yet) illlegal to download copyrighted media, cause technically you don't know if uploader is licensed to, but its illegal to upload.
But that's not what you're looking for anyways.
Technical, worst case scenario is that you have to reboot your pie, but it is the same with legal roms.

[Edit] sorry just notice this is a necro thread.

Clyde

@crush said in So what are the risks of having illegal ROMs, anyway?:

Technical, worst case scenario is that you have to reboot your pie

Or rather that a malware that you picked up on an illegal download site eats through your network and the computers connected to it.

I know this should be very unlikely with the common emulation romsets, but it is the worst case scenario that I can think of.

Crush

@clyde said in So what are the risks of having illegal ROMs, anyway?:

Well he did ask about roms, not dodgy sites, no downloaded file you try to run as a rom in retropie is capable of doing what you say.
I'm not going to comment on how to surf the web safely.

Clyde

@crush I wasn't sure if your answer was connected to @AGTRigorMortis' one directly above it. Thanks for the clarification.

As for dodgy sites, apart from maybe archive.org, I'd call every site that you can download illegal software from dodgy and potentially dangerous. And although it doesn't seem to have been heard of (I called it very unlikely after all), I wouldn't be so sure that a capabably hacker couldn't come up with a modified rom that exploits some security flaw in an emulator, just like malicious image files can infect your system by simply viewing them. Ultimately, roms are just code executed by other code.

It may be very hypothetical at this point, but I would never say that it couldn't happen principally. Especially since emulators are a niche software that isn't audited for security issues regularly like many mainstream applications are, and which are found insecure on a quite regular basis. Thus, I expect emulators to have undiscovered security flaws almost certainly.

A Former User

@clyde It's also hard to know if segaretroorg doesn't have malware, Steve Snake hasn't updated Kega Fusion in a very long time to my knowledge and the site that originally hosted it (Eidolons Inn) is no longer available. Plus there's the whole requirement for BIOS files in Sega CD emulation on Kega Fusion, which is another security problem and illegal.

Crush

@clyde Ok i will comment on surfing the web more safely lol.
Just because this has made my life on the world wide web so much better for years.
In Chrome under privacy and security settings block javascript.
Now no site can use javascript without your permission.
Get this addon to simply give or revoke javascript permission with the press of a button. https://chrome.google.com/webstore/detail/quick-javascript-switcher/geddoclleiomckbhadiaipdggiiccfje

You'll find many site's wont need javascript to function.

YFZdude

@crush
Yes JavaScript is a problem these days.
I prefer browser extensions that default to blocking but give you the option to selectively enable the scripts one at a time until the website starts working properly.

It turns out that almost every website I visit regularly has necessary scripts (1 or 2) and also they usually have something google related that is completely unnecessary. So I leave those blocked. Sometimes it can be quite the adventure figuring out which 4 or 5 scripts need to function out of the total 17 or so in order to submit forms or login properly on some website out there.

A Former User

@yfzdude Another heavily flawed extension is Flash, which is now disabled by default these days but back when it was relevant and commonly used, it apparently was one of the most exploitable software out there. For security reasons it's best to have it disabled. And while some software can't run without Adobe Flash, most can, and Youtube uses HTML5 I believe, so this made Flash Player obsolete. The only thing Flash was good for is free online games but the security risks just aren't worth it imo.

Crush

I think the biggest risk from within retropie is Kodi when used with unofficial repository, an overwhelming number of them does exactly that, there was a piece on it a while back on tv where they they researched Kodi and its security, you're golden with the official repository, but the majority of the ones that enabled illegal downloads of shows and movies also caused compromised networks.

Where as with emulated roms they're mostly contained in an emulated workspace on an emulated machine, especially when it comes to the console games, the profit vs effort ratio needed to breech that for malicious purposes is not very attractive, when there's easier and much more popular things like Kodi out there.

A Former User

@crush May as well consider it phishing, it's the same end result if it means more people get hacked. If it's just advertisements then I would say who cares, sure they're annoying but generally are not harmful and there's often workarounds for stuff like that, but from what you're suggesting it seems a lot more serious than that.

Clyde

@crush said in So what are the risks of having illegal ROMs, anyway?:

In Chrome under privacy and security settings block javascript.
Now no site can use javascript without your permission.
Get this addon to simply give or revoke javascript permission with the press of a button. https://chrome.google.com/webstore/detail/quick-javascript-switcher/geddoclleiomckbhadiaipdggiiccfje

I'm using Firefox with uBlock Origin against ads and uMatrix against scripts and other active content in webpages. Both are also available for Chrome/ium.

@yfzdude said in So what are the risks of having illegal ROMs, anyway?:

I prefer browser extensions that default to blocking but give you the option to selectively enable the scripts one at a time until the website starts working properly.

Me too, and as a neat but also sometimes horrifying bonus you'll see how many external scripts and content providers many websites are loading nowadays – with at least your IP shared among all of them if your browser is allowed to contact them.

@A Former User said in So what are the risks of having illegal ROMs, anyway?:

If it's just advertisements then I would say who cares, sure they're annoying but generally are not harmful

With some exceptions like Malware Hidden In Banner Ads Served Up To Millions already being reality.

MortalWombat

@clyde and to the rest of youse talking about privacy issues related to your browsers, you can also try checking out the Brave browser, which apparently blocks ads and website trackers (and no, I don't work for Brave or am I getting anything for mentioning it, just heard it mentioned in a computer course I was in...).

Clyde

@mortalwombat I know Brave, and a good friend of mine is a big fan of it. I just prefer Firefox for the time being, because I'm used to it, it isn't based on Chromium (I don't like Google), and it doesn't have a somewhat controversial business model like Brave does.

That said, I wouldn't discourage people from using Chromium (with the proper privacy addons) or Brave, since those are still preferable to even more controversial browsers like Google Chrome or Microsoft Edge.

As for addons, I forgot to mention Privacy Badger from the Electronic Frontier Foundation (EFF). It's available for Firefox, Chrome/ium, Edge, and Opera.

retropi19

@clyde for sure this guy is a heaven in copyright
[site removed]