Why Shadow is not as good as it claims to be

  • 15 February 2023
  • 1 reply

A while ago I already went into the enormous security problems of Shadow, which you can read about in detail here: https://www.reddit.com/r/ShadowPC/comments/10cjwnj/shadow_the_huge_security_problem_no_one_seems_to/

Supplemental update to my report a month later: https://www.reddit.com/r/ShadowPC/comments/10cjwnj/comment/j87ckxz/?utm_source=share&utm_medium=web2x&context=3


In summary, the issue was that Shadow has by far the worst security measures imaginable in 2023. Especially when you consider that it's an entire computer in the cloud and a product that's also aimed at influencers and business users. Shadow hasn't managed to log me out of all my devices for 37 days after a security breach in my system, but continues to make me pay for it, even though I haven't had access to my Shadow since.


But not only the security is a big problem with Shadow, but also the customer support and the non-transparent employees "behind the scenes". After 37 days of correspondence with Shadow support and partly also the community manager in Germany. Also interesting is the fact that so far no dev, no employee, not even Shadow's janitor has commented on the above mentioned security problem on Reddit or in the Shadow forum. As if it was the least important thing in the world and any service tweets, live streams, newsletters, etc. were much more important for the customer.


As already mentioned in the posts linked above, I no longer have access to my Shadow since the 09th January 2023, yet Shadow diligently debits money from me. The reasoning is that they would compensate for the overpayment as soon as the problem is solved, but in fact no one is trying to solve the problem and an end is simply not in sight.


I had support stall me for weeks after I stopped writing daily, then when I contacted them 2 weeks later they said they were forwarding it internally again. The next day I got the message, everything would be done, as I could then find out, it was not. That means, one would have forgotten me long ago, only after I reported 2 weeks later, one has dealt with the issue at all and could not solve it this time either.


You will now say: Well, that's your problem, live with it and don't cry. But what happened to me is not an individual sad fate, it's a huge problem for every Shadow user who is even remotely interested in whether their data and accounts used on Shadow are secure. Thanks to Shadow's subterranean security measures, it should be easy for most attackers to break into Shadow via your email and stay there permanently to do the most damage possible.


Apart from that, the incompetent handling of Shadow support (no information, no access to the technical department, no transparency or de-escalation) shows how Shadow's company policy is structured and what you will face if you ever have problems of a larger scale.


I hope that one of the numerous computer magazines that have reported on Shadow internationally several times now will take a look at this thread and the one linked above before they continue to do free advertising for this company that cares so little about the security of its customers and at the same time lets them walk into the knife by lulling them into a false sense of security.


I have been a Shadow user since 2019, I was on hold for Infinite for almost 3 years, I even turned Shadow on my girlfriend and always recommended it to everyone. I was completely behind it and a true fan. But all the benefits Shadow offers can never outweigh the aforementioned drawbacks. A minimum standard of security and proper dealings with paying customers are the bare minimum that any company in the 21st century must offer. If that's not given, the rest doesn't matter at all.


Unfortunately, neither this subreddit nor the Shadow forum provides the reach necessary to get the problem out in the open and either get Shadow to act or at least warn enough Shadow users. If anyone knows of a way to contact an online magazine, I would appreciate any suggestions. This problem must not be ignored, even though that seems to be exactly what Shadow wants. And while it is a personal concern for me, at the end of the day this is about the safety of every Shadow user. 

1 reply


I take from your post here:

This is literally my message copied and pasted over and over by various users either on Discord, Reddit and here and they keep giving standard copy paste business responses.
It never happened to me but as a programmer, seeing this behavior regard security is simply unacceptable

The most urgent thing is: 2FA, Disconnect all devices (or invalidate all sessions and log them out)