Dark_AleX Issues Clarification Regarding PSN-M33 Privacy Concerns

Posted by x3sphere at November 24, 2008, 2:51 pm


Lately there has been confusion, or rather paranoia, over the collection of statistics showing how many custom firmware users have connected to the PlayStation Network. Certain sites jumped to conclusions and began speculating that M33 was collecting personal data, which of course is not true at all.

Tired of these reports, Dark_AleX cleared up these concerns in a statement today, assuring that no information is on the user is transferred while accessing PSN on a custom firmware enabled PSP. When accessing Network Update, only a simple text file is downloaded in order to ensure you have the latest firmware. Turns out that this same file was unintentionally being pulled down while accessing PSN as well. Since server owners can check how many times said file had been downloaded, it was possible to find out how many users logged onto PSN on a specific day.

According to Dark_AleX himself, the next M33 release will no longer access this file when logging into PSN. Full statement is after the jump.

Ok, I want to clear this up now, ONCE and for all, as I’m tired of certain sites that don’t stop blaming and creating paranoid horror stories about “M33 violating privacy” just because they have no other news.

Let’s begin with the reason. Why does M33 connect to dark-alex.org when going to the PSN? This was not planned, it wasn’t done on purpose. It is not a “feature”, it is a side effect of the patch that allows M33 update, a bug if you want to call it that way.

Before 5.00, Sony network update checked updates in a module called update_plugin.prx, which was patched by M33 when the M33 update feature is on.
Since 5.00, the module that makes these checks is called libupdown.prx (in kd folder).
This module is a library and it is used by other modules: the one responsible of the network update, and the one responsible of signing in the PSN store.

My error was not to realize that libupdown.prx was used for PSN store too. So when going to the PSN, this module check if latest version is installed by going to the Sony server, but M33 thinks that it is using network update, and if M33 update feature is on, it redirects Sony server to dark-alex.org ones to check if there is a m33 update.
In M33-3 I patched the check, the comparison of versions, but I didn’t kill the connection, that’s why it will still connect.

The only thing sent from PSP to server side is a HTTP request to the following file:
http://updates.dark-alex.org/updatelist.txt

There is no more. And there is no way that the server can distinguish between the PSP asking for that file from network update or when going to PSN, although it can be safely assumed that most connections will be when going to the PSN.

What is done is done, and we approached this bug to see statistical data in the server side (normal statistical data, present in most servers), with the educational and general purpose of seeing how many PSP with CFW there are (not exactly though, as not everyone will go to PSN or even have a WiFi connection), and being able to refute to those saying that the scene has killed the PSP.

The numbers were not impressive, it shows clearly that the scene is not a threat to Sony, and that if the PSP is dying the only responsible are Sony, and the companies that prefer to make a cheap to produce DS game instead of an expensive PSP one. Neither scene nor M33 can be blamed by their faults.

As the bug it is, it will be patched in next version, whenever it is out.

Read morePSP Custom Firmware 3.80 M33 Released, PSP Custom Firmware 3.80 M33-2 Update, Update: PSP Custom Firmware 3.80 M33-4, PSP Custom Firmware 3.90 M33, Custom Firmware 3.90 M33-3 Released, Improves NO-UMD Compatibility

Comments

B2K24 says:

Good, this statement should shut up alot of people.


I hate to see DAX have to do more minor work because of people complaining. if you're that paranoid just flash OFW when using PSN then restore the M33 thereafter.
November 24, 2008, 2:08 pm
alex_e says:

team m33 would never spy on there users. c'mon you guys need to get your head out of your a###e and grow up. team m33 and c+d is the only reason i bought a psp. now look, dark_alex has opened the world to great psp developers like torch (who taught me how to hex edit the pspbtcnf.bin files to load plugins from flash), broken codes i think the name is who is currently forging the pre ipl on the ta-88v3 the new so far unhackable slim mobos to load up a custom unsigned ipl. ( i think , correct me if im wrlng). any way what would he gain, if he wanted to spy on us, i think he let us know on a one off update or summit. team m33, broken codes, torch, team c+d you all rule and i thank you for what you done

November 24, 2008, 2:52 pm
cory1492 says:

lol, hacked consoles to those who have them can be compared to going to a packed rave and seeing a full room assuming _everyone_ is there, when in fact it is only a tiny percent of the world population - and then having the authorities blame a bunch of other problems worldwide on this one rave.
November 24, 2008, 3:03 pm
voidzero1 says:

Wow! I really enjoyed that article that DAX wrote! A lot of people are misinformed.


BTW, why not just change the update link in Recover Mode from the DAX link to the OFW link? That option is available.


Correct me if I'm wrong, I know the prx files have certain data pertaining to where the links go, but will that also not at least put some peoples minds at ease by just changing that update link in their Recovery Mode?
November 25, 2008, 6:51 am
you say:

Login with your username and password below. New User?





ss_blog_claim=bf55edcce6ff2f078693a24c8876e229