Aside from the obvious risks of installing the R2R certificate it's also important to consider that the machines that it passes through before being uploaded to audiosex.pro are an opportunity of interception. Therefore it's critical that the admins here remain hypervigilant to communications from unknown sources and attacks on their devices. These days hackers exploit people. I do trust the admins but I have no idea of the level of their expertise. Nor am I questioning it, just making a point.

 

May I ask which release included discussed Root Certificate?

 

Cubase 12

 

I can't be of any technical help, but pondering the question and in my own circumstances... I'm more likely to unintentionally press the perfect key combination to see screen messages such as, 'File foobared' or 'Contents of Studio drive have been deleted. Press spacebar to begin recording.
Just my round-a-bout way of saying it's an excellent question to to ask, though if you're an idiot like me, there are bigger concerns nearby.
Cheers! :D

 

What are the dangers of installing the R2R root certificate? | AudioSEX - Professional Audio Forum

 

I made this thread because I couldn't find a concrete answer there.

It's not for Cubase. I am asked to install the certificate to get the latest Plogue ARIA Engine release.

 

I installed the certificate on March 13, 2022, if you don't trust R2R, better skip

 

Why you risk your PC just for free app. Skip it if you don't feel safe.

 

R2R can enter your computer and take all the information and sell it.
Joking apart. I trust in R2R.

 

If you type CERT in the search bar and click "computer certificates", you can see which root certificates are allowed and to which purposes they are limited.

If you have the R2R cert installed, you can see that it is only authorized for code signing (apps). This means that R2R can only create certs inside an app using their private key, which can then be installed on your computer by using their trusted root CA.

Currently, you can install programs under windows without problems, which are not signed. This can (and will) change in the long run, as apple has done. So R2R is only planning for the future (when windows only accepts signed software) Read their readme.

A problem can only arise if R2R's private key becomes known or R2R wants to install malicious programs. I think both are unlikely.

But even in these cases, the virus scanner would respond. It does not check whether a program is malicious on the basis of the certification only.

When in the near future signed apps are the standard ... for example, to remotely control your computer, three criteria would have to be met:
1. you install the root CA from R2R
2. you install the program signed by R2R or another vendor with R2R's private key with a backdoor inside.
3. your virus scanner does not recognize that it is a backdoor.

Backdoorrs are easily recognizable by virusscanners because they need several ports and a datatransfer mechanism. So they are likely not installed when an a/v is active.

So, all in all the risk is low. (There is more of a risk with apps singed by using e.g. Let's encrypt imho. And their cert CAs are ubiquitous in recent years.)

P.S.: What is a root CA and who used them for an attck (but they were not limited to codesigning but SSL etc)...
https://en.wikipedia.org/wiki/Root_certificate

 

Last edited: Oct 30, 2023

I installed it and my computer's background turned into the soviet flag & the russian anthem started blaring on my speakers. Also, all my messages are hijacked to have pro-russian propaganda inserted into them. Never trusting R2R again.

Слава государству Российскому!

 

On my side I trust R2R more than Microsoft. R2R nevers disapoint, I installed it since release and no problem so far.

 

Btw. V.R installers install a root certificate as well but without telling or asking you.
You should more worry about that than the R2R certificate.

But such certificates also have a very good benefit.

Since Microsoft decided to add some new rules to their general terms and conditions that allows them
to monitor everything you do and track down every file you store/open using AI (in future builds from October 2023 on),
certified apps/plugins probably won't be affected. Therefore R2R makes sure that we still can use their releases
on future versions of Windows (e.g. Windows 12).

In the most recent Windows 11 build I already found something called "Windows AI Machine Learning API"...
so I removed it as well as I completely removed Windows Defender as I believe they'll use that piece of crap software
to scan everything everytime. Btw. Windows 11 runs a lot faster without defender + it takes about a GB less of memory.
There were also rumors that it then becomes risky to even store "private" photos from your cohabitants on a disk as MS
could flag them as whatever they want and store an information about it on their servers.

 

Or you could install Linux on a bootable external USB drive.

 

Who the fuck uses Windows 11 anyway? As soon as the software I use stops supporting Windows 10, I'm gonna move on to Linux and never look back again. Only tech illiterate idiots would voluntarily use Windows 11.

 

@r4e

I didn't find this... "Windows AI Machine Learning API"... In my Windows 11 Pro 22H2.

P.S. Could you please explain how it is removed.

 

Last edited: Oct 30, 2023

The three biggest risks from installing an r2r root certificate: using uvi products, accidentally dressing as an anime character, wearing a pointy hat because witchpreciation? (I guess only the first is a risk, technically)

 

Offline auth if they offer it (all mine do) and or use alternative plugins/soft. it's not like UAD plugins, for example, are magic or something. IMO they're just really greedy, always have been, and will punish their legit users with exaggerated protection methods that liter their machines just to try and squeeze every last cent they believe they can. It also gives them an air of exclusivity and therefor perceived superiority to some.

You can also buy a product to support the company and use the fixed version, if available and done right, in your machine. I say fixed because It's sometimes an advantage, memory and speed wise, to do so.

 

It's a conspiracy and we are all involved.

 

It's pretty funny though, that legit users never complain about this at all. And the only people who worry about those legit users machines are people running the stuff cracked. 99% of the time it's simply an excuse.

Do you really need some elaborate reason to justify what you are doing? Maybe you might want to do that in other places, but surely not here. Aren't we all in on the secret by now?