SE Please start caring about your players privacy.

[Rueby]

Of course, it wouldn’t fix the issue entirely it would only prevent it from growing worse. Honestly, I don’t know what kind of solution could truly fix this... It might not even be recoverable at this point. You could try taking down databases one by one, but somewhere out there, someone will have a backup and figure out how to avoid getting caught next time.

The more I think about it, the more depressing it becomes. Not so much for myself because who would even care enough to stalk me? but for many others, this is a huge issue. And the sad reality is that it might not be fixable anymore. Maybe if decisive action had been taken quickly, things could have been mitigated, but now it’s too late. The damage is done that’s the most realistic way I can put it.

I fear there will eventually be a network where all this information is readily accessible. If someone truly wants to stalk you, they’ll find a way. Maybe some of us got on the list because we are talking in threads about it. Like a "Revenge" act i dont know how this people think so yeah .... happy times.

Nothing short of taking the servers and perhaps lodestone down would've 'stopped' this, but even then, what next? The dev is 100% throwaway account, so forget legal action if that's even ever on the table.

It being removed won't deter people who forked it and/or intend to use it privately....

Unless SE changes the way the blacklist works and also finds a way to invalidate all the data that has been scraped....it's all useless. I don't want to come off as hopeless but if accoundIDs are immutable and our only recourse is to throw more money at SE for their oversight. Then yeah, nah. This is SE's fault first and foremost, why did they make this feature with this kind of risk (even if this was the only efficient course of action), it's not like they have not been implementing qols from third party tools.

More than ever we actually need the account wide blacklist to stay.

I don't feel like logging in anymore...

[Dante131]

You've misunderstood me. You said they should just get new hardware to support managing the blacklist server-side, instead of running what you think is hardware from 2010. I'm saying getting new hardware is probably very expensive, just for this little feature.

Sorry if I misunderstood or wronged you, it wasn’t intentional. But it’s strange how I always hear, “That’s too expensive.” If it’s just for something as simple as this, you don’t need a hyper-powerful server. I work with hosting servers in my company, and I can tell you that our entry-level server, with a bunch of GB of RAM and several TBs of storage, costs about €50 a month. Are you telling me they can’t work out a contract with a hardware provider (as they’ve done in the past) to handle a system like this, maybe even with one or two smaller auxiliary systems?

The issue with FFXIV is that, for years, the management’s attitude has been, “FFXIV isn’t allowed to spend money.” But milking one project without reinvesting will inevitably lead to problems and now we’re facing a really big one.

[Dante131]

Nothing short of taking the servers and perhaps lodestone down would've 'stopped' this, but even then, what next? The dev is 100% throwaway account, so forget legal action if that's even ever on the table.

It being removed won't deter people who forked it and/or intend to use it privately....

Unless SE changes the way the blacklist works and also finds a way to invalidate all the data that has been scraped....it's all useless. I don't want to come off as hopeless but if accoundIDs are immutable and our only recourse is to throw more money at SE for their oversight. Then yeah, nah. This is SE's fault first and foremost, why did they make this feature with this kind of risk (even if this was the only efficient course of action), it's not like they have not been implementing qols from third party tools.

More than ever we actually need the account wide blacklist to stay.

I don't feel like logging in anymore...

i am sorry to read this ...

[Rueby]

i am sorry to read this ...

Don't be, I'm sorry I got frustrated...

[Rehayem]

I was brainstorming ideas, but depending on the technicality, wouldn't it be possible to encrypt those unique identifiers? That maybe would most likely kill the bad. Or randomize the identifiers?

[NaoSen]

I don't feel like logging in anymore...

I'm already logging in a lot less, I have a few very specific things to login for, but I used to AFK in game and such which is no more.

This content drip that we are getting has frustrated me to no end, is like "Your release cycles dumb but you look like you have semi-good intentions even if I have no idea why you are doing things this way".

This blacklist issue just feels like a "Yeah we don't really care about you either, just keep giving us your money and we'll get away with as much as we can" slap in the face.
I mean it's a business, so I don't really expect the company to care beyond what they have to but it's at least better than some other ones out there, or so I thought.

[ovIm]

Sorry if I misunderstood or wronged you, it wasn’t intentional. But it’s strange how I always hear, “That’s too expensive.” If it’s just for something as simple as this, you don’t need a hyper-powerful server. I work with hosting servers in my company, and I can tell you that our entry-level server, with a bunch of GB of RAM and several TBs of storage, costs about €50 a month. Are you telling me they can’t work out a contract with a hardware provider (as they’ve done in the past) to handle a system like this, maybe even with one or two smaller auxiliary systems?

The issue with FFXIV is that, for years, the management’s attitude has been, “FFXIV isn’t allowed to spend money.” But milking one project without reinvesting will inevitably lead to problems and now we’re facing a really big one.

I think the actual challenge here is more akin to "how do we design a server that does all of the blacklisting logic, and how does it provide the game client with information about what currently logged on characters are blocked." Thats a huge (not in terms of gigabyte stored, but in terms of amount of entries) database constantly evaluating information. And if we delegate it to an external server - does it communicate with the server, or the client? How would it do that? What exactly would happen when said server is unreachable for whatever current reason?

Those are questions a software architect would have to ask themselves, and then provide solutions for.
I'm in no way saying SqEx should not have done this, quite the opposite - this is what I would expect as a paying customer to happen, really. Just saying that the development costs of that feature is a bit more costly than just the acquisition of additional hardware.

[Kaurhz]

I'm already logging in a lot less, I have a few very specific things to login for, but I used to AFK in game and such which is no more.

This content drip that we are getting has frustrated me to no end, is like "Your release cycles dumb but you look like you have semi-good intentions even if I have no idea why you are doing things this way".

This blacklist issue just feels like a "Yeah we don't really care about you either, just keep giving us your money and we'll get away with as much as we can" slap in the face.
I mean it's a business, so I don't really expect the company to care beyond what they have to but it's at least better than some other ones out there, or so I thought.

If they actually cared about the consumer beyond just "Give me your money", then at the very least courtesy statement will have already followed acknowledging the issue, and impact to the users, in my opinion. This would have happened days ago.

I just feel sorry for the users that don't necessarily engage with content creation or Reddit/Forums that are blind to the issue.

[NaoSen]

I was brainstorming ideas, but depending on the technicality, wouldn't it be possible to encrypt those unique identifiers? That maybe would most likely kill the bad. Or randomize the identifiers?

At the absolute most you could make Account ID's different to each person's FF account, this would eliminate sharing of Account ID's however over time the tool would naturally build its own database of name <-> id pairings just like they doing right now.

If they actually cared about the consumer beyond just "Give me your money", then at the very least courtesy statement will have already followed acknowledging the issue, and impact to the users, in my opinion. This would have happened days ago.

I just feel sorry for the users that don't necessarily engage with content creation or Reddit/Forums that are blind to the issue.

I'm at least not affected by people knowing information about my alts or where I go, what I do etc... It feels creepy and I dont like it but its not going to cause me any problems.

Could you imagine Asmongold (I'm sure everyone knows who this is but if they dont, any game he plays he gets swarmed by fan's) still played FF and had a "On Stream" character and a "Private Play" character, within 24h his "Private Play" character would be leaked and there would be a video out there from him that gets 500k+ views on it. Then people would know for sure.

[Exmo]

Sorry if I misunderstood or wronged you, it wasn’t intentional.

You didn't wrong me, it's ok.

But it’s strange how I always hear, “That’s too expensive.” If it’s just for something as simple as this, you don’t need a hyper-powerful server. I work with hosting servers in my company, and I can tell you that our entry-level server, with a bunch of GB of RAM and several TBs of storage, costs about €50 a month. Are you telling me they can’t work out a contract with a hardware provider (as they’ve done in the past) to handle a system like this, maybe even with one or two smaller auxiliary systems?

The issue with FFXIV is that, for years, the management’s attitude has been, “FFXIV isn’t allowed to spend money.” But milking one project without reinvesting will inevitably lead to problems and now we’re facing a really big one.

For something like this blacklist feature, I don't imagine they would want a dedicated server with an API.

I can only speculate but I imagine what we're talking about is this. Say you're standing at Limsa Lominsa aetherite plaza. For every player at that plaza, the server would have to do a check for every other player at the plaza to see if they've been blacklisted. This has to happen extremely regularly, every second or every five seconds max, to account for the chance that you added someone present to your blacklist since the last check. Remember that each later can have 200 blacklisted players. That's a lot of checks every second. If "the server" needs to poll another dedicated server to perform those checks, that's large overhead for every call. It's probably more likely you would put the check into the same central process where "nearby players are generated", reducing the expense of it, but that means you need to upgrade each server representing a world within each data center. Effectively, upgrading existing architecture, rather than another node on the periphery.

Caveat - completely speculating as to how the servers are currently architected so all of this could be wrong. But given how often the devs cite software difficulties as an obstacle for new features, I wouldn't be surprised if the internals aren't "properly" distributed.