我想在座的各位可能还有不太清楚 VT 的隐私条款的，正好在下也在这上面吃了点小亏，于是谈一谈。
如果有人总是在看各大安全媒体的话，应该能注意到之前 VirusTotal 搞出来的诸如 “木马作者通过 VT 检测免杀，VT 辅助追踪” 之类的新闻。对此我特意去看了一下 VT 的隐私条例，原文引用如下：
Information we collect to provide you with the services includes:
- Information you submit in connection with using our services. This includes the files, URLs, and other information you submit for scanning, information you provide when you join and participate in the VirusTotal community (such as profile information, comments, mentions, and votes), and any information you provide when contacting VirusTotal.
- Device information: We may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number).
- Log information: When you use our services or view content provided by VirusTotal, we may automatically collect and store certain information in server logs. This may include: details of how you used our service; Internet protocol address; device event information such as crashes, system activity, hardware settings, browser type, standard HTTP request headers, including but not limited to user agent, referral URL, language preference, date and time; and cookies that may uniquely identify your browser or your VirusTotal Account.
- Payment information: To the extent you purchase any premium services offered by VirusTotal, we may collect or receive your credit card and other payment information.
而且毫无疑问你提交的文件会被 VT 所保存，而那些人会拿到你的文件呢？请往下看。
We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new services, and to protect VirusTotal and our users.
This includes using the information to:
- analyse and scan the files and other content you submit;
- develop new services and service features;
- create, publish and update the scan reports available on VirusTotal, including comments, mentions and trusted ratings;
- develop and provide information to the VirusTotal Community;
- create and administer your account;
- understand and improve how our users use and interact with VirusTotal services;
- protect and secure the VirusTotal site and services, including the networks and systems through which we provide the services; and
- process payments for premium services offered by VirusTotal.
Files, URLs, comments and any other content submitted to or shared within VirusTotal may also be included in premium services offered by VirusTotal to the anti-malware and ICT security industry, with the sole aim of improving research and development activities, expecting it to lead to an overall safer internet and greater end-user protection. Participants include a broad range of cybersecurity professionals focused on product, service, and system security and security products and services.
所以说，当我发现自己仅上传过 vt 测试的程序被扒下来当样本的时候我的内心毫无疑问是极度崩溃的。。。而回首一翻隐私条例发现，这 tm 还是我同意过的。。。请注意上传框下方的这一段话：