malware – Can a video file contain code that shares your identity?

I downloaded a tutorial video from a website. (…) I was wondering if that person could have included something in the video (program/script?, I am not familiar with the terminology) that would allow him to see who downloaded and opened that video

If the file you downloaded was the video itself (probably a least a few megabytes or more) then basically:

  • some random other user who uploaded the video — if separate from the owner of the website — probably won’t know about you (unless the site gives them detailed statistics like that, but most forums and stuff don’t)
  • the owner of the website can collect all sorts of information about who downloads the videos — your IP address, basic details about which browser and operating system versions you have, plus any and all login account information and other tracking cookies the site might have
  • depending on how you downloaded the video, it might be a little harder for the site to tell why you accessed the video file. Your browser usually makes approximately the same sort of request to the server whether it’s getting a resource to “save” it versus just to “view” it in the normal video player the site might embed.

If the file you downloaded was some sort of playlist (like an .m3u or other extension, usually only one or two kilobytes) then it’s a bit more complicated. The original website operator would know all of the above, but then the file itself might point to other additional website(s) for the actual video data. Then those additional websites would also be able to at least get your IP address and probably some basic information about what video player you are using.

and give them access to my computer.

This would be a lot harder. The file would have to have some corrupt data in it that would have to trigger a series of bugs in your video player program before it could run new code on your computer. Probably this would crash the video player instead of actually playing the video, but not 100% guaranteed.

If you have a trustworthy video player installed and keep both it and your operating system current with all the latest updates this is less likely to happen.

I’d say if it’s just a “normal site” that hosts e.g. video tutorials it prefers you to watch online, the chances of this are very low. They probably make their money off of subscriptions or ads or user data or even provide the content out of goodwill — anyway with some exceptions they probably wouldn’t try break into their users’ computers.

But if it’s a site that lured you into visiting on the promise of some Special Experience only possible if you “click here” then it’s a lot more likely they didn’t have your best interest in mind.