Flight Sim Labs' DRM tool could collect Google Chrome passwords

Piracy is a problem that has hounded the entertainment and software industry for decades and there doesn't seem to be any light at the end of the tunnel yet. Different people have different opinions on how to cut or at least curb it and tools have come and gone with mixed effectiveness. One software maker, however, may have gone a bit too far in its quest stop a pirate. Popular slight sim maker Flight Sim Labs admitted to shipping an installer that included a tool that, under very specific circumstances, would collect a specific user's passwords stored on Google Chrome and send them back to the company.

It isn't a clear-cut case of a company spying on its customers. Flight Sim Labs admits that it shipped a tool with the latest installer of its A320-X simulator that would harvest passwords from Google Chrome. It justified that tool by initially explaining that it only runs when its servers detect that the copy is one of the many pirated serial numbers in the company's database.

Naturally, that explanation didn't fly even with those who legitimately bought the A320-X. Flight Sim Labs later clarified that it was only looking for a specific subset of data that it traced back to a particular pirate. It was already able to track down the original cracker of the software but was unable to gain access to a registration-only website he was using to spread the information to other pirates. Flight Sim Labs' solution? Basically crack the cracker's Chrome browser to get his passwords, which may include the password to that website.

Paying users, however, still questioned the method. Even if Flight Sim Labs' installer only runs the tool when triggered by specific data, it still actually copies the tool on the user's disk. The company claims that the tool is erased after a successfully authenticated legit install, but users might never know about that. Flight Sim Labs is asking for trust, which is a huge thing to ask after this incident.

That said, the company already pulled out the affected installer and released a new, clean one without the tool. It may already have the information it needs to identify the exact identity of the cracker and the pirates spreading the cracked software. Whether that evidence, which may be considered to have been acquired illegally, holds in court is a different story.