HideIPVPN
RSS Feed Click to Subscribe!

DVDFab bug reports sending computer screenshots to the developers

DVDFab is a paid for Media Player made by Chinese company Fengtao Software, I was given a free license for this player in GiveAwayOfTheDay and after trying it out I was satisfied with it.

The player does not have audio visualizations and very few settings can be customized but it worked with every single video and audio file I had, it is skinnable and it needs less CPU/RAM than Windows Media Player, I decided to make it my main player because of the simplicity and ease of use.

After a few months DVDFab Media Player crashed for the first time and it asked me if I wanted to send the bug to the company, thankfully I clicked on No and out of curiosity I looked at the file that DVDFab was about to send to the company head quarters in China. The file is named “Bug Report” and it was zipped, after uncompressing it this is what I found:

DVDFab spyware screenshot send in bug reports
DVDFab spyware screenshot (click to enlarge)

A text file named log.txt containing computer hardware information and a list of the video titles played in DVDFab MediaPlayer for the last months, including date and time. The names of the videos revealed a lot about my viewing habits, as an example, if one of the videos is called “Drug problems” or “Pirated Superman movie” DVDFab developers will known about it. I was surprised to see the names of all of the videos I had played for the last months being sent instead of a single title concerning the video I was watching at the time of the crash.

Two more files sent in the bug report were registry key settings with the language file and the path to the images folder, indicating the computer username, usually the real name of the computer administrator.

Another file being sent out was called system.xml and it listed detailed computer hardware, computer MAC address, operating system with installed service packs and all of the programs installed in the computer. Encryption programs and tax filling software I had were all named. Another surprise is that the file included the MAC address of my VirtualBox software.

Another file sent to DVDFab developers is called crashdump.dmp, you need special software to open a .dmp file, it can not be read with Notepad, the filed enclosed information about the drivers installed in the computer,

And the last file being sent away was the most privacy invasive one,  a screenshot of my computer desktop showing the video player and everything opened in the background, this can include bank information opened in your password manager, whatever page you are visiting at the time or personal pictures of your kids and wife.

I  then tried to find somewhere in DVDFab settings a way to tell the player to never send bug reports and this does not exist. You only have the option to refuse sending bug reports when the player crashes. If you let your kids use the computer they could click on Yes,if are too busy you click on Yes and if you haven’t got a clue about all the personal information that the bug report contains you click on Yes. There are many ways for a person to be fooled into giving away their personal privacy to DVDFab developers in China.

One thing is to collect hardware data and another thing is to collect a list of all the videos you have played dating back months and screenshots of your computer without clearly telling the customer about it. Don’t be surprised to learn that your home computer IP is also logged when sending the bug report.

I will be astonished if DVDFab developers aren’t breaking any privacy laws in the European Union and the USA with the data they collect in their bug reports. It is totally disgusting what they are getting away with.

Don’t get enticed by DVDFab give aways and their steep discounts, if you value your privacy download an open source free player like Videolan VLC, or a closed source program like BSplayer or GOM, you have plenty of free alternatives that are not that privacy invasive.

One Comment

Add a Comment

Your email address will not be published. Required fields are marked *