Translated by AI model Qwen/Qwen3-8B.
Source Language: Simplified Chinese, Target Language: english, Translation Time: 2026-05-01 03:13
.AI translation is for reference only. Accuracy is not guaranteed, please refer to the original text.
The open-source project Alist seems to have been sold, with the author quietly selling it to a "black industry" company.
That "black industry" company is said to have implanted a lot of garbage code, collecting user information, and it's also rumored they are hiring penetration testers.
Now the original project's issue section is filled with complaints.
转载(click to expand)
-
- What happened
- The project was acquired by a trash company, and only one person knows about it, while other project members are unaware. They inserted a lot of garbage ads, collecting private information! Please stop using it!
- Also, the company is hiring a large number of penetration related personnel!
-
- Is this project still usable?
-
No, on the community level, it's already being advertised by the trash company
-
On the technical level, all api token trash companies are visible, you don't want them to use your password to xxx you, do you?
- It is now collecting your deployment server configuration information
- Moreover, the code is extremely poorly written, don't underestimate bad people, but fear stupid people who might have a sudden idea and cause all sorts of bugs later
-
On the review level, referring to Baota, all companies within China need to be registered, and software is no exception. Therefore, binding a phone number is inevitable afterwards, otherwise it would violate China's registration principles and laws,
- Why could it be used before? It was assumed to be non-profit and not a company
-
- What should we do?
-
Versions 3.40 and earlier may be safe, but do not obtain new token, delete the authorization as early as possible, the following replies will be migrated below
-
https://github.com/AlistTeam - clean community-maintained version address, most original contributors have migrated here, it may take some time to recover
-
Others
-
Note: The safest way is to delete the authorization in already mounted cloud drives, the previous authorization relied on the backend, which was also compromised
- Even if other, this trash company's address is unlikely to survive in the future, it will be taken down immediately
- You can use this company's service as a pressure test for probe machines or botnets
-
https://github.com/AlistGo/alist/issues/8654 (this was originally an issue for releasing the community version, but was deleted by the scum, this is already rotten, and they don't allow community promotion? The programmer who deleted it probably thinks they can stay at this company forever)
-
-
Basically, it's a crisis of trust and capability, the community won't maintain it anymore, and the scum company hired are all scum
-
- Who should we blame?
-
- Guizhou Bugotech Technology Co., Ltd., this company has done more than one such thing before Address: No. 24, 11th floor, Building 5, Business District Project of the first phase of Guizhou International Financial Center, Lincheng Road, Changling Street, Guanshanhu District, Guiyang City Legal representative: Shi Yuxi (also has Guizhou Qiongjie Shielding Information Security Co., Ltd. under his name) Number of insured employees: 4 (data from the 2023 annual report) Official WeChat ID: bugotech Phone number: 18096054816 (source: Aqichacha, questionable, same as qq email but definitely a Guiyang-based number) Contact email: [18096054816@qq.com](mailto@qq.com) (source: Aqichacha, reverse-checked to find several Guizhou-based companies also use this contact email)
Registered capital: 500,000, actual capital unknown Trash official website https://www.bugotech.com/ Don't DDoS, but can be used for stress testing, also can report fraud, how to get rid of the trash? Domestic machines can't be unregistered, you can research it
-
- The scum couple Shi Yuxi and Chen Xia, fitting the stereotype
- Not excluding the possibility of identity theft, but it seems not at the moment
-
- Guizhou
-
Guizhou's failure to develop for years has its reasons, what kind of disgusting companies are these
- Don't argue, arguing means you're right
- If there's no one at this address, it's even easier to handle, report the false registered address, and the business license will be listed as abnormal operation
-
- The original author
-
Not commenting for now, first of all, thank you for the previous open-sourcing
- But selling it openly isn't a problem, projects like rustdesk and overleaf have business models, it's normal to spend money, no problem at all. Selling it to this kind of scum is unethical, and it's done secretly
-
- Newly hired Go programmers
- First, their skills are not good, second, they have no principles at all. If you use this project, you might have a job in a big company, HR or programmer, you can block these scum
-
Also, if you think I'm not civilized, then you're right
-
Also, don't try to delete it, delete one and get two, all platforms. Ask your programmers if they know the Yang Hui triangle, if you delete it, they will add it again, but the godly osNsme probably doesn't know
-
Also, it's possible that it's malicious acquisition by black and gray industries, this kind of thing is quite common
-
Also, don't believe xhofe and all his platform accounts, including the authorization app, it's likely that they were all acquired together, and the original author may be controlled by the black and gray industries in Myanmar
Feels like a pretty good project is about to disappear
Clean community-maintained version https://github.com/OpenListTeam/OpenList
If you enjoyed this, leave a comment~