Lately there has been confusion, or rather paranoia, over the collection of statistics showing how many custom firmware users have connected to the PlayStation Network. Certain sites jumped to conclusions and began speculating that M33 was collecting personal data, which of course is not true at all.

Tired of these reports, Dark_AleX cleared up these concerns in a statement today, assuring that no information is on the user is transferred while accessing PSN on a custom firmware enabled PSP. When accessing Network Update, only a simple text file is downloaded in order to ensure you have the latest firmware. Turns out that this same file was unintentionally being pulled down while accessing PSN as well. Since server owners can check how many times said file had been downloaded, it was possible to find out how many users logged onto PSN on a specific day.

According to Dark_AleX himself, the next M33 release will no longer access this file when logging into PSN. Full statement is after the jump.

Ok, I want to clear this up now, ONCE and for all, as I’m tired of certain sites that don’t stop blaming and creating paranoid horror stories about “M33 violating privacy” just because they have no other news.

Let’s begin with the reason. Why does M33 connect to dark-alex.org when going to the PSN? This was not planned, it wasn’t done on purpose. It is not a “feature”, it is a side effect of the patch that allows M33 update, a bug if you want to call it that way.

Before 5.00, Sony network update checked updates in a module called update_plugin.prx, which was patched by M33 when the M33 update feature is on.
Since 5.00, the module that makes these checks is called libupdown.prx (in kd folder).
This module is a library and it is used by other modules: the one responsible of the network update, and the one responsible of signing in the PSN store.

My error was not to realize that libupdown.prx was used for PSN store too. So when going to the PSN, this module check if latest version is installed by going to the Sony server, but M33 thinks that it is using network update, and if M33 update feature is on, it redirects Sony server to dark-alex.org ones to check if there is a m33 update.
In M33-3 I patched the check, the comparison of versions, but I didn’t kill the connection, that’s why it will still connect.

The only thing sent from PSP to server side is a HTTP request to the following file:
http://updates.dark-alex.org/updatelist.txt

There is no more. And there is no way that the server can distinguish between the PSP asking for that file from network update or when going to PSN, although it can be safely assumed that most connections will be when going to the PSN.

What is done is done, and we approached this bug to see statistical data in the server side (normal statistical data, present in most servers), with the educational and general purpose of seeing how many PSP with CFW there are (not exactly though, as not everyone will go to PSN or even have a WiFi connection), and being able to refute to those saying that the scene has killed the PSP.

The numbers were not impressive, it shows clearly that the scene is not a threat to Sony, and that if the PSP is dying the only responsible are Sony, and the companies that prefer to make a cheap to produce DS game instead of an expensive PSP one. Neither scene nor M33 can be blamed by their faults.

As the bug it is, it will be patched in next version, whenever it is out.

Follow this author on Twitter.