this post was submitted on 10 Sep 2023

30 points (94.1% liked)

Privacy

31837 readers

93 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

Extension Pack in VirtualBox, is there a privacy risk? (lemmy.dbzer0.com)

submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]

12 comments fedilink hide all child comments

Hello, I try to keep my Debian laptop as private as possible, but for work, I need to use Windows software, so I run a VirtualBox with Windows 11. My PC runs smoothly without any issues, but I need to access my specific hardware USB ports, and it doesn't recognize them. I read that I need to install the Extension Pack, so I downloaded it, but before installing it, I get a warning message that seems to suggest I'm accepting some risk to my computer. I don't really understand this stuff, so I wanted to ask the following:

Is there any security or privacy risk associated with the VirtualBox Extension Pack?

Is there any other way to access my USB-C devices without installing it? (I've already tried selecting USB 2.0 and 3.0, but the list shows "no device available").

Thank you very much to whoever responds.

PS: Also I found this on the Internet: "The user agreement VirtualBox extension pack states of sharing a user’s data to the US govt. including the hardware information and so on. Does it make sense even if I use Tails/Whonix for anonymity?" :-/

all 14 comments

sorted by: hot top controversial new old

[–] [email protected] 18 points 1 year ago (1 children)

No USB passthrough in VirtualBox without the extension pack. And unless you have a paid version it is a license violation to use the extension pack in a commercial setting. Take that with a grain of salt: it's from the top of my head and it has been a while (years) since I touched VirtualBox. Since you are concerned about privacy, I'd suggest not touching closed proprietary software, like VirtualBox, at all whenever possible. Luckily, for virtualization in linux, that is perfectly possible. What you will want to look at is kvm/qemu. And maybe a handy UI to that like (qt-) virt-manager or gnome Boxes.

[–] [email protected] 1 points 1 year ago (1 children)

Virtualbox is libre. However, virt-manager is still better

[–] [email protected] 1 points 1 year ago

The extension pack isn't though: it's closed source and only free for evaluation, personal use, and educational purposes.

[–] [email protected] 13 points 1 year ago

It’s oracle. I wouldn’t trust their software on my PC. Use qemu or something instead.

[–] [email protected] 10 points 1 year ago

Read about Oracle actively investigating user if there is a business usecase and charging insane amounts of money.

[–] [email protected] 9 points 1 year ago (2 children)

Why are you using VirtualBox for this anyway?

KVM/QEMU + Virt-manager all the way.

[–] [email protected] 2 points 1 year ago (2 children)

How do you migrate a Windows VM to virt-manager (without any risk of invalidating the license)?

[–] [email protected] 2 points 1 year ago

That's a great question. Mostly it'd be a matter of exporting and then importing / converting the disk image and standing up similar VM "hardware".

You might still need to reactivate the licence; I'm not sure if the virtual hardware move will trip activation.

[–] [email protected] 2 points 1 year ago

Do whatever you want, then use MAS to activate Windows again :)

[–] [email protected] 7 points 1 year ago (1 children)

At the company I work at we needed to use USB 3.0 devices for which you need the extension pack (Windows hosts, Ubuntu VM).

For commercial use you need a licence to use the extension pack, so I don't know how Oracle knew of the abuse of some employees but our company received a communication reminding about the licence rule.

[–] [email protected] 1 points 1 year ago

the thing must phone home to check license status, and they were able to match your systems to the same entity via ip or network or something. but with a minimum buy of 100, i'd tell 'em to fuck off if the total seats using the pack was less than that, regardless of commercial/personal use status.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Running unauditable code is always a risk.

Consider an alternative to virtualbox, like QEMU/KVM with virt-manager.