Privacy exploit in VaM found and reported (Patreon)

I stumbled upon something that could be used to do some very nasty things with VAM with just a few lines of code in any .var with any vam settings. With vam1 being so late in its lifecycle I wouldn't expect it to be fixed though. Vam already warns about trustworthy sources and what you allow to load and is kind of covered with that. 

I made a thread on the hub but got no response so far, then I made a very quick demo plugin and sent it to MeshedVR directly as an example. The example plugin grabs the user's most recent screenshot and sends it over the internet to a 3rd party, all silently and with any vam privacy settings, and it's all done in like 20 lines of code (probably 10 if I knew fancy C# compacting) and requires nothing crazy, exposing the user's IP automatically in the process. 

GOOD NEWS 

I'm not a C# coder! and I'm not trying to learn it or anything like that, i actually quite hate it. So hopefully it's just a false alarm and I'm missing something (i wouldn't bet on it though). Also, it's not something I've seen in the wild and have no reason to believe the exploit is being or has been used.

BAD NEWS

I'm not a C# coder! And if I could do this example so fast and easy in just a few lines of code, I can only imagine what actual C# hardcore coders could do and go completely undetected with.

RECOMMENDATIONS

VAM already warns you about these, but just a reminder, if you care about your vam privacy and security in general:
- I'd stay away from loading .dll and .exe files
- I'd stay away from pirated content and loading stuff from unknown sources in general. If someone had the intention to do harm, it would be very simple and easy to 'spike' the original .vars (any var even models) with a few extra lines of code. It would likely go undetected for a long time and the .vars would seem original and working as expected