[haunter]

>we wouldn’t work here if we didn’t deeply care about player trust and privacy

Bold message from a chinese company. People freak out about Huawei but Tencent is 1000% worse. And here they are installing a kernel driver on your PC.

[hellcow]

This is being downvoted, but this is an important point. The Chinese government has repeatedly shown they'll work with Chinese companies to carry out the government's agenda.

Do you really think that after 100M people install this kernel driver that the Chinese government won't lean on Tencent to gain access, or use it beyond its original purpose?

[sbarre]

So let me ask you a question then..

Do you feel the same way about Microsoft and Apple, and every other company that provides a hardware driver for a modern computer, and whether state governments (USA included) put pressure on them to let them advance their agenda by using back doors in their drivers or software?

Why is Riot special in all this? What, in your view, makes them more likely to be so secretly and so deeply corrupted in the manner you suggest?

Note I'm not asking you if you run MacOS or Windows.

[hellcow]

Your argument boils down to, "If one country has access, then every country should have access."

I don't agree with that.

It's clear the US has backdoors. That doesn't mean it's wise to invite China to add backdoors as well.

[sbarre]

I am not arguing anything, and would never say anything that ridiculous.

I just find it tedious and irrational to see people up in arms about this contrived and unlikely scenario (a video game company is going to spy on you - a random nobody - for a big bad foreign power), while not being up in arms about the much bigger and more likely vectors of compromise they are exposed to constantly (like your operating system or cell phone).

But of course protecting yourself from those possibilities would require real sacrifice and inconvenience, so let's not talk about it.

[hellcow]

You've thrown out two, new arguments:

1. "Nobody playing this game is important enough to be spied upon."

It might surprise you to learn that some people in the military, congress, the DoD, and even important individuals in significant companies play video games.

2. "Some vulnerabilities exist, therefore any new vulnerabilities should be ignored or not discussed."

All vulnerabilities should be considered, especially new ones that will affect 10s or 100s of millions of people. That's why we're discussing it. Since you find it tedious, you're free not to participate.

[sbarre]

I'm not sure if you lack comprehension, or if you are just really paranoid and can only see things in absolutes, or if I'm writing poorly. But yet again you've taken what I've written and somehow twisted it into something ridiculous.

> It might surprise you to learn that some people in the military, congress, the DoD, and even important individuals in significant companies play video games.

Anyone in this scenario who is using the same computer to run any untrusted software (like all games) as they are using for their national security work is already compromising themselves.

> "Some vulnerabilities exist, therefore any new vulnerabilities should be ignored or not discussed."

This would be a more productive conversation if you addressed my points at face value, and made your own without twisting my words into whatever convenient position you want to argue against. That's the part I find tedious.

Everything is degrees.. you seem to only be willing to consider extremes.

Of course if you work in a sensitive position or are a likely target of foreign spying, you should take many more precautions. But that's not most people, in fact that's almost no one, statistically speaking. So if we're going to discuss likely compromise scenarios, the risk-reward on using a high-profile video game company as a vehicle for APT state-level actions starts to fall into "movie plot" territory, in my opinion.

And I never said that new vulnerabilities should be ignored or not discussed . Again, possible <> plausible.

In fact, you are basically contradicting yourself at this point because I first brought up way more plausible vulnerability scenarios (your underlying operating system being compromised) and you dismissed that in favour of some narrow and much more implausible scenario (a US-based video game company as a deep-state plant for a foreign government).

Keep moving those goal posts..

[XMPPwocky]

Where do you think drivers for your hardware come from? You know, the ones that already silently update through Windows Update?

[danaris]

It's absolutely not clear that the US has backdoors into any Apple product. Apple has fought pretty hard to ensure that their devices remain something that a user can feel safe and secure storing their private data on.

[sbarre]

I have no insider information here.

But if we're talking about plausibility, then it's much more likely that your underlying operating system, regardless of vendor - Microsoft and Apple are the major players - has been compromised in some manner, or contains the hooks for on-demand compromise if compelled by a state actor.

[Bayart]

China passed a law in 2017 requiring all Chinese citizens and organizations to comply with their intelligence departments in relinquishing any information it needs, as well as to keep it secret.

See https://en.pkulaw.cn/display.aspx?cgid=313975&lib=law

A US agency may put pressure on a US company, but the company would be perfectly within its rights to refuse to comply. The only exceptions are well documented and go through the judiciary which is separate from the executive branch of government.

A Chinese company has by law no choice but to comply.

[sbarre]

You've heard of the FISA Court right? And all the details that Snowden released about it? How do you see those secret requests as not effectively the same thing as what you are describing about China's laws?

I don't consider myself a tin-foil-hat wearing type, but even I don't believe that our (western/NATO/5-Eyes etc) governments don't have their own secret powers they can use to compel businesses to comply with information gathering requests without divulging that they did so.