Spoiler: no such thing is being said.
This forum thread seems like utter nonsense. It’s originating from here. This phrase is copied and pasted from here:
The user agreement VirtualBox extension pack states of sharing a user’s data to the US govt. including the hardware information and so on.
Probably someone with poor legalese reading skills got a standard phrase from the EULA wrong which talks about cryptographic export laws or made it up from thin air.
Then turned this wrong understanding into a slanderous statement of fact in some forum. Zero evidence, citation was provided.
If this had any truth to it then it would be easy to find a reliable source such as a news report or comment by security researcher. VirtualBox is very popular. The privacy community would have criticized this.
Don’t take random slanderous claims from any forum and then repeat them as it was a fact. You’re spreading misinformation.
Try to ask it as a question instead of statement of fact.
Is it true that you’ve been convinced of …?
Still slanderous to ask that way. Try an open question.
Are there any privacy / security issues with VirtualBox guest extensions?
Extraordinary claims require extraordinary evidence. Please don’t repeat slanderous claims without providing evidence or at least the original of the claim.
And why even ask in a forum? Why not use search engines, AI? Do you think if there’s an issue it wasn’t asked before on the internet? Do you expect an investigative journalist or security researcher is going to do original research because you asked in a forum?
Please read the hackers manual on smart questions to avoid the spread of misinformation on the internet.