README List of VaM Creators Who Track their Patreons [Various Creators]

[Bugafuga]

Given that many creators are already violating copyright law by either porting existing characters from IP they don't have license for or are creating likenesses of celebrities that they did not get permission to do, they're already on shaky ground.

If they were to spread viruses deliberately, that's a cybercrime in the US and can be charged up a felony and also opens them up to civil lawsuits. Even if all it does is identify the user, that still falls under the purview of US cybercrime laws.

That's just the US, mind. I know plenty are not in the US, but plenty of other countries have laws for cybercrime and most of them wouldn't protect someone making sex models of celebrities or using IP they don't have rights to.

 

[Bugafuga]

Moot point, it hasn't been. People have been trying to prove that violence in video games breeds violent crime since video games existing became public knowledge man, if anything it has been thoroughly demonstrated that these things do not meaningfully impact crime rates at all.

But I would argue that if it does have an impact, the impact would be reduced crime rates as people with fetishes going in that direction would be able to get their rocks off to the fictional stuff without going through all the trouble of going out and actually committing crime. It's just as easy to argue the opposite of course, but to demonstrably prove it either way? Not really possible.

The only thing that has been demonstrably proven, is that whichever way this whole thing swings, it's statistically insignificant.

There's actually been some argument that the rise of video games in the 90s actually led to a reduction in violent crime, particularly amongst urban youth. I don't think its been studied exhaustively, since its better headlines to say "*X* causes crime!", but it has been brought up.

 

[MrZack]

Given that many creators are already violating copyright law by either porting existing characters from IP they don't have license for or are creating likenesses of celebrities that they did not get permission to do, they're already on shaky ground.

If they were to spread viruses deliberately, that's a cybercrime in the US and can be charged up a felony and also opens them up to civil lawsuits. Even if all it does is identify the user, that still falls under the purview of US cybercrime laws.

That's just the US, mind. I know plenty are not in the US, but plenty of other countries have laws for cybercrime and most of them wouldn't protect someone making sex models of celebrities or using IP they don't have rights to.

Imagine being identified, charged with a cybercrime and then aftwerwards skinned alive by the platoon of thirsty-for-money lawyers from all the celebrities and corporations whose IP characters you replicated in VaM, just to "own le pirates".

It's so stupid I can see one of them trying, worse is that it would hit MeshedVR as well but then maybe he would pull his shit together and make VaM more secure (or shut it all down completely which is more likely).

 

[Bugafuga]

Imagine being identified, charged with a cybercrime and then aftwerwards skinned alive by the platoon of thirsty-for-money lawyers from all the celebrities and corporations whose IP characters you replicated in VaM, just to "own le pirates".

It's so stupid I can see one of them trying, worse is that it would hit MeshedVR as well but then maybe he would pull his shit together and make VaM more secure (or shut it all down completely which is more likely).

MeshedVR would almost certainly be targeted, given that he's making like 30k a month dragging ass on VAM2, they'd want that cash and depending on where he lives, he could be held liable for all the...less than savory things VAM can be used for, since its his "game".

I had this thought of Jenna Ortega, who freaked out because trolls on twitter were sending her hardcore AI images of her (as a child, no less). Imagine if she found out about the 32893290 realistic versions of her there are in VAM. Calling them "Wednesday Ortega" or "Jenna Addams" isn't a real protection, nor is saying "this isn't based on a real person".

VAM is a fairly small community, which is probably why it largely goes unnoticed, but if someone with enough money, and a reason, wanted to bring the pain, they could.

 

[Velomous]

I don't think games that can be modded can be held accountable for the mods people make for it.

That said, vamhub can be held accountable for the content it hosts; that's how they'd get him.

 

[VamJamA4]

I don't think games that can be modded can be held accountable for the mods people make for it.

That said, vamhub can be held accountable for the content it hosts; that's how they'd get him.

Creating a platform that hosts it and enables it is enough to make them liable, especially in civil court where the bar is much lower than criminal.

Think the Metalica v. Napster court case where Napster argued they didn't host any files and shouldn't be held accountable for what other people were sharing.

 

[trogdor5]

Moot point, it hasn't been. People have been trying to prove that violence in video games breeds violent crime since video games existing became public knowledge man, if anything it has been thoroughly demonstrated that these things do not meaningfully impact crime rates at all.

But I would argue that if it does have an impact, the impact would be reduced crime rates as people with fetishes going in that direction would be able to get their rocks off to the fictional stuff without going through all the trouble of going out and actually committing crime. It's just as easy to argue the opposite of course, but to demonstrably prove it either way? Not really possible.

The only thing that has been demonstrably proven, is that whichever way this whole thing swings, it's statistically insignificant.

yes there is no connection between violent crime rates and violent video games, violent crime rates in the US have been steadily going down since the 1990's. but fictional works can absolutely contribute to or cause social harm even if an individual act of consuming it isn't itself directly harmful.

 

[threecat]

I find it strange that this topic does not have the names of these two authors: Archer and Zhfx, they are pioneers in user tracking.
From my perspective, VAM is really unsafe. There are many attack vectors to exploit, not just var files and plugins. Even the famous code repository github contains malicious code, which is very difficult to check, so HUB VAM is difficult to manage all vars, if not impossible.

Whether you update or not, it doesn't matter, the new update fixes a trivial exploit and in order to effectively use it, you have to combine it with others that's why no body bothered implementing/using it, there are more serious ones, vam is largely vulnerable, exploitable, in short, don't run plugins/(assetbundles+dlls) from untrusted sources like Chinese vars ..etc, period.

To be fair, I see the number of Western authors you mentioned is more than Chinese authors. So be careful at all times

 

[Elbo]

yes there is no connection between violent crime rates and violent video games, violent crime rates in the US have been steadily going down since the 1990's. but fictional works can absolutely contribute to or cause social harm even if an individual act of consuming it isn't itself directly harmful.

And censorship can cause and has caused social harm too, far more than fiction. Censorship is packaged under the lie of protecting people but in reality it is basically always about controlling people.

 

[Boss963]

Well shit. So am I right to assume there is no actual proper sandbox for plugins/etc?
With the amount of dependencies I have to pull from the hub how can I even check if everything is legit..

Yes, there is no proper sandboxing & no proper var checking protocol before hosting vars on the hub. That's one of the reasons I am releasing Sharp VaM Searching Tools by Xsmas. There is a Malware Scanner in Sharp VaM Searching Tools, you can use it to scan vars you download from hub/anywhere and it will tell you if vars contain malicious plugins/possible bad behavior among other things.

I find it strange that this topic does not have the names of these two authors: Archer and Zhfx, they are pioneers in user tracking.
From my perspective, VAM is really unsafe. There are many attack vectors to exploit, not just var files and plugins. Even the famous code repository github contains malicious code, which is very difficult to check, so HUB VAM is difficult to manage all vars, if not impossible.


To be fair, I see the number of Western authors you mentioned is more than Chinese authors. So be careful at all times

Archer leaks always come from Asian markets, no Archer patreons here I guess, Zhfx is dead don't know if the is still making content or not, Dnaddr in the past on a few occasions added trackers inside his vars but he no longer does that, but sure will add them to the list, thanks for pointing.

 

[Boss963]

Moved thread to General Discussions, asset releases is not the right place, I just kept it there until many people get the message, you can continue discussion and if you ever need to get back to this thread fast, link is in my signature.​

 

[threecat]

Ironically, they pushed the update to (1.22.0.6) after I mentioned dynamiccsharp doesn't protect vam users: here. Someone must have known the security hole for a long time and decided to push the update now since I disclosed it! It just can't be this fast . Also, I can confirm Applicationopenurl security issue has been fixed in the latest update, meshedvr didn't mention it publicly. However, it's not the only vulnerability, I managed to bypass security on the latest version (1.22.0.6) & execute malicious code even getting persistence but I don't bother reporting, hub mods have given me bad impression lately, don't feel like wasting my time with people who ban & view F95 uploaders as bad all the time.

Reading these things makes me scared, suddenly one day he gets bad and takes advantage of these loopholes, what if . I'm just kidding. Furthermore, I think if someone takes over his account and posts things containing malicious code, it would be dangerous, I can't rule out this possibility. Therefore, I think you should not trust anyone, or at least only trust the author.

Even if you have this tool Malware Scanner in Sharp VaM Searching, you should not be subjective, because does anti-virus come first or does virus come first?

I don't know how long it will be before evil hackers pay attention to VAM if it becomes more and more famous like this. They will have many ways to attack with this vulnerable game

 

[McZippy]

I don't know how long it will be before evil hackers pay attention to VAM if it becomes more and more famous like this. They will have many ways to attack with this vulnerable game

Honestly with the whole crypto angle the devs keep pushing and how prone the crypto community is to phishing and hacking, I'm surprised it hasn't happened yet.

 

[threecat]

Honestly with the whole crypto angle the devs keep pushing and how prone the crypto community is to phishing and hacking, I'm surprised it hasn't happened yet.

I also find it strange, VAM has existed for more than 5 years and still has not received attention. Perhaps the community is small and has little value to exploit. But who knows, thanks to this forum it will be noticed by evil hackers. Because I see a lot of content related to VAM being updated continuously.

 

[Boss963]

Reading these things makes me scared, suddenly one day he gets bad and takes advantage of these loopholes, what if . I'm just kidding. Furthermore, I think if someone takes over his account and posts things containing malicious code, it would be dangerous, I can't rule out this possibility. Therefore, I think you should not trust anyone, or at least only trust the author.

Even if you have this tool Malware Scanner in Sharp VaM Searching, you should not be subjective, because does anti-virus come first or does virus come first?

I don't know how long it will be before evil hackers pay attention to VAM if it becomes more and more famous like this. They will have many ways to attack with this vulnerable game

Antivirus doesn't pick .cs cuz it's simply uncompiled text, once compiled and executed from a trusted signed process like vam, you're done, unless you use something like ESET. As for vam security holes, it varies in severity, sure applicationopenurl is considered high severity but you also have to question yourself, how a malicious actor could use this security hole in his advantage? I believe a couple of people already knew about applicationopenurl for a long time and someone decided to report it recently since I already disclosed dynamiccsharp doesn't do shit. But this security loophole is practically hard to implement in a useful manner, challenge is how you gonna pass a parameter or achieve persistency? I have come across sophisticated vam malware (typically Asian) but none of them used it.

I designed Sharp VaM Malware Scanner so nothing can literally escape my grasp, it's a bit technical with a lot of log. I went and included even already blocked threats and hard to implement ones, who knows maybe someone knows a bypass already, you can't trust dynamic to handle all the security, period.

 

[VamJamA4]

I also find it strange, VAM has existed for more than 5 years and still has not received attention. Perhaps the community is small and has little value to exploit. But who knows, thanks to this forum it will be noticed by evil hackers. Because I see a lot of content related to VAM being updated continuously.

That'll probably change with VAM2.0 if anyone lives long enough to see it released, and more importantly assuming VAM2.0 is capable of supporting Gen8 models while maintaining 60fps in a moderately complex scene with at least 2 person atoms. The moment you take any model and give it mocap animation it immediately increases it's apparent realism as long as the frame rate is high enough to approach smooth motion.

Once your average Joe can make their favorite celebrity do a strip tease with minimal effort that will cause the community to increase dramatically which will increase it's visibility both good and bad.

 

[Boss963]

Boys, just heads up, Meshed pushed another update addressing ApplicationOpenURL, I believe this is the third time he tries to fix it, sorry but you need to update your vam again X3


Several days later ...

Spoiler

You don't have permission to view the spoiler content. Log in or register now.

I'll stop discussing vam security since Meshed is watching and he is stressing himself a lot lately, pushing insignificant updates, will continue after dropping Sharp VaM, stay tuned.​

 

[kangnuonuo]

Man holy shit Boss, the bit about the asian market where the chinese making more money than the author is fucked up. I saw this one shared free look somewhere and I browsed metacosmic and I saw it for sale for 150 yuan, and it was bought for 46 TIMES BRO, that's almost 1000 USD. Man that is just fucked

 

[Bugafuga]

Man holy shit Boss, the bit about the asian market where the chinese making more money than the author is fucked up. I saw this one shared free look somewhere and I browsed metacosmic and I saw it for sale for 150 yuan, and it was bought for 46 TIMES BRO, that's almost 1000 USD. Man that is just fucked

That's the real piracy to me. I find re-selling far more offensive than just personal use. I see on a lot of the porn games messages like, "Hey, this game is free on *websites*, if you paid for it, you got ripped off."

 

[McZippy]

Man holy shit Boss, the bit about the asian market where the chinese making more money than the author is fucked up. I saw this one shared free look somewhere and I browsed metacosmic and I saw it for sale for 150 yuan, and it was bought for 46 TIMES BRO, that's almost 1000 USD. Man that is just fucked

Suddenly I have a wild idea where I sell my own free content on those sites.

So in order to beat the pirates I become the pirate pirating my own content.