PS Vita: content Manager and security concerns
A few days ago I posted my concerns about the “Content Manager” tool, a tool that is compulsory to install and use if you want to copy files from and to your vita. Some people said I was paranoid (see my answer to that at the end of the article), and others shared my concerns and started digging. Interestingly enough, that article gathered almost as much attention as my much more spectacular (in my opinion) video of a Megadrive emulator running on the vita.
Some sites took my words out of context and said that I had proof Sony is spying on us when we copy files. This is not true, I don’t have any proof, just lots of concerns. Because of that I decided to call Sony’s customer service in order to get more information. Read along.
At least we can copy media files (music, pictures, movies) without an internet connection
First of all, a piece of relatively good news: some users on French site psvitagen mentioned that it is possible to copy Movies and Music without being connected to the internet, through the dedicated “Music” and “Movie” sections of the vita. I confirmed this is true, so movies, music and pictures can still be copied to the vita even without an internet connection. The internet connection is however, as far as I can tell, required to copy anything else, which, given the limited possibilities of the vita, basically means PSP/Vita games and/or savedata.
The content manager cannot be run if the PC client is not connected to the internet. why is that?
In theory and from what I saw so far, the internet connection is probably used for two things: check for new versions of the firmware (an update was enforced on me if I wanted to keep using the content manager 2 days ago), and possibly do some DRM verifications. That’s the theory, and is somewhat confirmed by some early investigations of the binary by dev Hykem. So, when you copy it to your vita, Sony checks that your Vita game or your Sony-purchased movie is actually “ok” to play on your vita, to make sure you didn’t steal it or copied it from a friend’s computer. Fair enough (although I would question why this check needs to be done there, rather than directly on the vita). But what happens for content that does not require any Sony drm check is my concern. Even though it’s possible to copy them without an internet connection, does Sony gather any information on my music, my pictures, or my movies (and how about my games savedata, which do require the internet connection while being transferred) ? Do they collect filenames, id3 tag, or exif information? Probably not, but more transparency on the subject would definitely be welcome. This is not about hacking here, this is about sending private information to a company that has proven regularly that they cannot be trusted with our data.
So ,full of concerns, I decided to call Sony’s customer service today (actually my wife did it for me…). The person we talked to, as expected, wasn’t a technical person and therefore had close to no information on this. She was aware that an internet connection is required, and mentioned to us that this is written on the manual. We explained that we knew that, and that we have an internet connection (it usually takes time when calling a customer service to explain that you don’t have a technical problem using the software, but an ethical one) , but we’d like to disconnect it when it is not necessary, because we don’t see the point in being connected to Sony’s server when we transfer files between two pieces of hardware we own (at which point my wife added: “especially given what happened to your company recently, we’re a bit concerned about our private information“. Hehe, that’s why I love her 🙂 ). Understanding our concern the person at the customer service contacted somebody more technical to get more information on the subject. She then came back to us and told us this was in place to make sure that the computer running the content manager is correctly “associated” to the Vita. She didn’t have any technical details to share about the firmware upgrade or the DRM verifications, but she guaranteed us that no personal data was being transferred. She also gave us her name (which I won’t share here) in case we have more questions on the subject (but don’t ask me to call them more, first it’s not a free call, and second I already felt super bad to have my wife spend 30 boring minutes on the phone for me because of my new toy)
(one thing I’d like to say is that every time I contacted Sony’s customer service, their answers were fairly fast and accurate. They usually give me bad news, but they’re doing their best to help. The only time they were completely wrong was when my PSP 1000 stopped accepting connecting to Media Go. They told me it was because the PSP was a Japanese PSP, and I was trying to connect to the European store. I knew this wasn’t true since I had no problem doing the exact same thing with two other PSPs. The real cause was probably that Sony had banned my console for some reason. Anwyays overall thumbs up for the efficiency of the customer service)
So, that’s the official answer, but I’m sure some of us will pass the PC parts of the Content Manager through their microscopes to confirm if this is true. But at least now I have some official information from Sony, which is, in a way, positive. Nevertheless, it does not statisfy my curiosity on some of the files found by Hykem, (such as Mp3Promoter.suprx, png_promoter.suprx, etc…) so I’m sure many people will want to learn more about this thing.
Oh, Before I go…
Note: don’t read the section below if you don’t like me when I rant, I know some of you don’t like me when I do that (Spare me the “why do you buy Sony products in the first place?” types of comments if possible, as that’s not the point)
A personal note about why I’m doing all of this, and a message to haters. There’s something interesting about fanboys, no matter how much you show them the truth and give them verifiable proof about it, they’ll always find excuses to justify the illegal behavior of their favorite company. A few days ago I started investigating the insides of the PS Vita. I got HBL to run on it, and was able to run PSP homebrews on the vita. Fanboys told me I would kill the vita because of piracy. I also raised privacy concerns about the vita “content manager”, a tool that is compulsory to use if you want to transfer some files from and to your vita, and requires you to be constantly connected to the internet while doing so. Again, Sony fanboys told me Sony would never spy on their users, or went Eric Shmidt on me, telling me that Sony probably has good reasons to spy on me in the first place.
Well guess what, champions: my work on the PSP was never used in any way to pirate Sony’s content, because it is not technically doable to do such a thing with HBL. And telling me that Sony would never do something illegal to their users is completely forgetting that they intentionally did so a few years ago with their infamous rootkit.
There’s no historical record of me being a bad guy, I was never sued or sent to jail in my life, while Sony has proven several times to engage in illegal or barely legal activities (see the rootkit case, or the Sony VS Universal studios case), but yet in Sony fanboys’ heads, I am the one with a suspicious behavior. Next time you comment on my work, just get your facts straight, not all hackers are promoting piracy, and my work (HBL) cannot be used to pirate games. I won’t pretend I’m a fighter of freedom or anything, I do this mostly for fun, but I take extra care to do things that are legal, or at least not ethically questionable. The same cannot be said for Sony, so it is perfectly legit to have doubts about the tools they make me install on my machine, even if in the end the suspicions were wrong.
Sony lost their “presumption of innocence” rights years ago, I’d rather assume they’re guilty first, than feel sorry for myself later when the contents of my hard drives get leaked from Sony’s servers by some black hat hacker.
Hey Wololo I have a big questoin for you should I update the firmware or not because I want ps1 but I want homebrew
nice post wololo and your wife too..great job..lol
I don’t normally post or comment on any site but I do see a valid point on here.
I took the liberty to actually read through the “rootkit” link (i.e. Sony BMG copy protection rootkit scandal’ on Wikipedia.
There are a few direct quotes that are quite unnerving for me, such as, Steve Heckler’s “”The industry will take whatever steps it needs to protect itself and protect its revenue streams… It will not lose that revenue stream, no matter what… Sony is going to take aggressive steps to stop this. We will develop technology that transcends the individual user. We will firewall Napster at source – we will block it at your cable company. We will block it at your phone company. We will block it at your ISP. We will firewall it at your PC… These strategies are being aggressively pursued because there is simply too much at stake.”
I do realize that SONY has a right to protect it’s interests and assets as a company by protecting it’s media and hardware from misuse. However, it seems to be very focused on money.
My question is this, however rhetorical it may be, at what point do you think that it is enough?
It is one thing to make a game, CD, console or any other device for use and use it in a legitimate fashion. It is another thing to purposefully break the law and write a code that is malicious and potentially threatening. I am not here to judge on what is good or bad. What I am saying though is:
I bought my PS Vita, my phone, my PC. It is mine. I own it. I do have the right to manipulate it although I may void any warranty. It is not SONY’s right to place restrictions on my for what I do with my own stuff. The law, the public voice, and SONY has a right to say something only in the event that I have used my device illegitimately. Whether it be for pirating games or movies or, even as far as to say, using it to find and molest children or stealing someone’s identity.
My Android phone connects perfectly to my computer without having to be online. Google has pretty tight security features on OPEN SOURCE code. Sony can do the same.
I remember some years back when Dark_AleX disappeared from the scene for a minute. Rumors floated about that SONY paid him to stop working on the PSP and then March33 shortly came out to continute the PSP CFW legacy.
If any of you are familiar with the recording industry you will not only find that SONY’s gaming and console industry has problems but Tommy Mattola and his abuse to Mariah Carey. (cited in NY Post as well as his book “Hitmaker”:
“If it seemed like I was controlling, I apologize. Was I obsessive? Yes. But that was also part of the reason for her success.”
SONY is just an aggressive company. It bothers me that a company of this magnitude can get away with so much. They obviously have the money, the lawyers and apparently the brutality to enforce such maliciousness.
EVEN IF I was a game pirater online and I downloaded a game or two for my own selfish reasons, it doesnt compare that SONY HAS VIOLATED EVERY ONE OF IT’S CONSUMERS whether they are a pirater, a fanboy or just your average Joe who likes to tinker with new gadgets.
You wont change SONY. You wont change the Fanboy’s. The only thing YOU can do is to stop buying their products. It wont kill them but it will keep them off your hard drive and keep your life a bit more private and you can get some rest without having to worry. Problem is, so many of us rely on technology. TECHNOLOGY means you have no privacy anymore. They know where you are, when you’re there, who your texting, what you said and what you look like.
Its the mark of the beast cause its in everyone’s hand. If you dont have some device in your hand… you, my friend, can not live in this society. Go start growing your own korn and potatoes and just wait for these people to blow themselves up. lol
EDIT: Google has tight security features but it totally lack in privacy concerning its AdWords marketing campaigns. They know more about you than you do and you essentially agree to to. It’s actually a kind of extortion with plausible deniability. Youre forced into it voluntarily. Think of Eisenhower and his Military-Industrial Complex but it’s Military-Tech Complex now. Brute scripts and alogorithms that make you identifiable and easy to reach.
Interesting article on Google a much bigger player in stripping the world of its privacy:
http://modernl.com/article/google-privacy-and-you
Well, If I had owned a game company, I’m pretty sure I’d want extreme security measures. After all, I don’t want my PSN used in explicit or illegal activities, I understand the point on, Too many measures to defeat the purpose of a gaming console, but let’s face the facts. Pirate’s will always mess up the hardships that people like Wololo is trying to accomplish. Piracy is always something people are trying to prevent happening on game consoles, but it happens anyways.
For example,
Xbox 360, FLashing your DVD drive to play Burnt Backups on current and past games.
PSP, ISO Loaders, Also used to play Backups.
Wii, Hack and Cheat in games, rendering Online Play unfair.
And Lets talk about Emulators.
Emulators itself are legal, but come on, what is the sole purpose to use Emulators for? Isn’t that piracy, the same thing that is illegal?
I’m just saying Emulators can virtually be ported to mostly any console that you can play on, let alone running backups. PS Vita is another example, you can run emulators on it, so isn’t that piracy?
You just can’t win with pirates!
I’m also glad we have people like Wololo, GBOT, Smoke, Coldbird, Total_n00b, Dark_Alex and others who have contributed to the PSP and PS Vita scene.
Shoot, I’d love to run my Vita as an FTP Server just like my PSP,
Or, Juice and Push the limits of the RAM on my Vita.
Also, maybe use my Vita as a Guitar Tuner. (Because I love playing in Double Drop C tuning) Kid you not, I used to use my PSP as a guitar tuner many of times to harmonize notes for the correct tunings using PSPFiler V6.0.
Sorry (lol) going off-topic. My point is, As part of the Homebrew community, Top programmers will always be shunned for it. No point on arguing it (as much as the non-pirate developers try to justify themselves and their good works) , but just continue the good work and Live and Learn like a Community.
xd
Thanks for sharing this information
Situs Poker Online