SE Please start caring about your players privacy.

[Shialan]

Step 1 is to fix the blacklist so all this account information is properly protected.

This is the only step that can help mitigate this issue.

People don't seem to understand that the damage is done. There are already multiple forks of this plugin. As long as SE does not disable the sending of IDs to the clients and even one person still has the plugin, they can scrape everything.

Also, a quote from Reddit that succinctly explains the issue with ID and name changes:

them changing internal IDs of players wouldn't matter. the data is saved, and account connections between characters that have logged in and been near people with this plugin are already found. until they allow full data wipes (lodestone ID change, name change, and clearing everyones friendlist and blacklist of that character, the house the character owns, free company, possibly even the exact appearance data, plus a lot of small other things like leaderboard positions) then theres no way to remove those connections. Which if they did would create other issues. Namely, the blacklisting, as that would allow [bad people]to just full wipe their data so no one knows they're [bad people].

This really is the worst privacy issue FF XIV will ever have. So much shit is linked to the GUID that you can't just change it with going ALL the way as explained in the quote.

[Kahnha]

I mean even if square locks down the ID sharing don't these people already have our account infos already up to the point that it gets patched out?

[Shialan]

Correct. The data for at least 750k characters is already out there.

"Thanks" to the plugins ability to also track the location of these characters, it's possible to link them to houses and other players.

Even changing the ID and name won't change anything now.

For example, if Player A (ID 1234) is in FC Y and PVP group Alpha and also owns house Limsa 1-1, people with access to the database can just look at this FC after any ID or name change.

Even worse when they now know that Player A (ID 1234), Player B (ID 1235), and Player C (ID 1236) always sit on the same bench in Limsa. Doesn't matter if they are now Player G (ID 7393), Player U (ID AHEG), and Player 3 (ID 4T0J).


The only solution for anyone not already in this database is for SE to revert the changes to the blacklist or to remove the sharing of unique IDs. That also means lodestone. Remove the ID in the url and use something like Firstname.Lastname@server@datacenter or something. I mean, that is unique enough for something like this.

People already in the database are out of luck. Their data will be tracked forever now and no kind of ID change or name change can change that. They would have to start a complete new character after SE fixes this somehow and would not even be allowed to play like they did before. The same friends, possibly already in the database? Yeah, pretty obvious who this "new" character belongs to.

I feel like people are not freaking out enough about this. This is a massive issue.

[Archmortal]

Can you explain how you would do that?

Do an emergency rollback to the previous blacklist pre-Dawntrail to stop the bleeding (they really should have done this already, and the JP thread is calling for the game to be entirely shut down for maintenance to facilitate doing it). That alone would accomplish the primary goal of Step 1. After that, implement ANY kind of security measure to prevent account data from being scraped if the Dawntrail blacklist functions absolutely must operate client-side. It is trivial for a developer of SE's means to implement encryption of some sort to keep that data secure from the type of data scraping that's happening.

This is the only step that can help mitigate this issue.

It is not the only step that would help, just the step they must take first. Any other steps would be worthless until our account data can't be scraped anymore. As to your edit, the person who wrote the contents of that quote lacks imagination for how much work SE owes us for the severity of the damage their incredible negligence for our data security has caused. I can imagine an absolutely MASSIVE amount of work, meticulously editing all the IDs and all calls the code makes to those IDs manually until absolutely everything is no longer consistent with that database. It might be like old times when they made A Realm Reborn, it'll be a grand ol' time for them. I can imagine them doing that work for months according to their normal work schedule, staying nice and well-rested on the weekends to be fully present of mind for their normal work hours, day in and day out, until every single player's account information is once again secure and the database is wholly inaccurate. They absolutely should do that much work if that's how much work it takes. It is after all their lack of consideration for our safety that caused this, and it is their responsibility to rectify this no matter how much work it would take to do so. They don't even need to do it for every single account in the game. The database isn't that large. They only need to do it for some million-odd accounts that have logged in since November 1st. That's easy by comparison to what I'm imagining.

Will they want to do that much work? LOL ABSOLUTELY NOT. So let's hope the JP community pressuring them like I've never personally seen before is enough to get meaningful action out of SE.

[Rueby]

Correct. The data for at least 750k characters is already out there.

"Thanks" to the plugins ability to also track the location of these characters, it's possible to link them to houses and other players.

Even changing the ID and name won't change anything now.

For example, if Player A (ID 1234) is in FC Y and PVP group Alpha and also owns house Limsa 1-1, people with access to the database can just look at this FC after any ID or name change.

Even worse when they now know that Player A (ID 1234), Player B (ID 1235), and Player C (ID 1236) always sit on the same bench in Limsa. Doesn't matter if they are now Player G (ID 7393), Player U (ID AHEG), and Player 3 (ID 4T0J).


The only solution for anyone not already in this database is for SE to revert the changes to the blacklist or to remove the sharing of unique IDs. That also means lodestone. Remove the ID in the url and use something like Firstname.Lastname@server@datacenter or something. I mean, that is unique enough for something like this.

People already in the database are out of luck. Their data will be tracked forever now and no kind of ID change or name change can change that. They would have to start a complete new character after SE fixes this somehow and would not even be allowed to play like they did before. The same friends, possibly already in the database? Yeah, pretty obvious who this "new" character belongs to.

I feel like people are not freaking out enough about this. This is a massive issue.

What would freaking out do to this? I've been freaking out for the past 5 days. Many people ingame are unaware, not everyone uses reddit/youtube/forums and I wish I was unaware too. It makes me wonder if that's why they're withholding making a statement for now.

I think if it truly is 'oops guys we fucked up and 750k chars are compromised and we can't do anything about it, but please continue paying us money! Continue buying the mogstation items that are not account wide' This is absurd. We actually suffer for their negligence.

If this data is out there forever then we need the account wide blacklist to stay even more in case anyone wishes to use it to harass others or act on it. That's the only comfort there is.

This is the only comforting fact there is. If someone contacts you in game on an alt, then you can block/report them, if they're an alt to a stalker then you already blacklisted their entire account. It's too late to roll back the blacklist to its previous iteration, not with so many catalogued.

[Archmortal]

I feel like people are not freaking out enough about this. This is a massive issue.

Try to put a lid on some of the fearmongering. Rueby already addressed why that's not helpful. The way you're phrasing things makes it sound like you're more interested in convincing us we're doomed with things like "you're out of luck, nothing can change that" when SE can absolutely do the work to change that. Whether they will do that work is another question entirely. If you want them to, I suggest a more constructive angle than defeatism.

It's too late to roll back the blacklist to its previous iteration, not with so many catalogued.

They need to do SOMETHING to stop more account data from getting scraped and compiled in that database. It is a suggestion as a temporary measure while they fix the existing blacklist. They MUST fix the data vulnerability of the current blacklist, you'd agree with that right? If they need time to implement security measures to protect our account data, then they shouldn't just let our data continue to be exposed for that amount of time. It shouldn't take long, as I said it is trivial for a developer of SE's means to do that much. And then the current blacklist can come right back WITHOUT exposing our detailed account information to this sort of abuse. If they don't need much time to do it, then hopefully we'll see a patch roll out as soon as Sony approves it for Playstation.

[Rueby]

Snip

I mean, you also know what would stop our data being scraped? Them taking the servers down (though doing so would mean they likely lose money, but they would gain a measure of goodwill), but doing so and releasing a statement would bring more attention to the fact that they messed up (I'd be alot calmer and at ease if they released a statement but I'm not expecting it). It's a lose/lose situation that they put themselves in. I believe the current blacklist shouldn't have released like this, but unironically the current blacklist does mitigate a measure of this. I thought about it alot, I don't believe reverting the blacklist is a fix, because who is to stay it's temporary? What's to guarantee that they'd actually re-implement this and not whip it up to some technical limitation?

Essentially you're stripping any potential victim from a layer of protection while also allowing the stalkers to have all information they need. This is why I don't view it as an answer, but that's just my opinion.

If it was a technical limitation, why was the current blacklist released with such a horrible flaw? They turn a blind eye to third party stuff because for the most part it allows them to be complacent and makes a segment of their customers happy while they do minimal work. I kept myself asking this over and over, why did they release it this way? The fact that someone warned about this six whole months ago solidified that this was a ticking time bomb waiting to happen.

I checked the dev's repo, they've been visibly working on it since 20 November, who knows what was going on behind the scenes and what will go behind the scenes. We've been getting scraped for way longer than we thought. The way that it only needed (to my knowledge) playersearch to scrape user data was pretty damning. All you had to do was be online...

Like I said before, nothing short of taking the servers/lodestone down would've stopped this but it wouldn't have remedied it. I'm not a dev, I'm not a coder, I won't claim to know much. I wish I could talk to someone who knew and would help me understand, but all I see is speculation and misinformation and panic....It's very hard not to get angry at them, I get they tried to implement something nice and I like it...but it really feels unfair that this happened.

I already have to deal with their ingame and lodestone systems being privacy nightmares and having to jump through hoops not to interact with their systems. Why is privacy not being treated seriously? Why did we have to get this...like I feel like bouncing between stages of grief but never reaching acceptance.

This is a bad look for them too...I'm scared of the scenario that they might see the effort put into this as not worth the monetary investment though I absolutely believe they should.
Bottom line is that I feel uncomfortable logging in and playing because this thing is in the back of my mind. DT truly has been testing my love for this game but I'm so tired.

Edit: Seems like the forum has been experiencing issues the past few hours... Plenty of server errors...

[Archmortal]

snip

Ah I'll have to edit my last post so it reads since November 1st instead of since the New Year, then.

Someone warned on reddit about it when Dawntrail came out and was promptly ignored by everyone on reddit. It almost certainly never reached SE unless that person tried to contact SE or Support directly on their own and being fully honest here they really might not have. In the time since then SE probably never got a single other complaint about it until this plug-in showed up. So while I can't tell you why they implemented it with such a massive vulnerability, I can tell you they didn't fix it in the time since its implementation because they didn't think it could be abused this way. They have to own that lapse in judgement now. Hopefully they break radio silence at some point because they really need to show they aren't ignoring it.

I'm not speculating when I say it is within SE's ability to fix all of this. However I don't know exactly how much work it would take so I'm just assuming it would take a tremendous amount. I will say your mental well-being is worth more than this game, and regardless of how things shake out with whatever action or lack thereof SE takes the game will still be here if all you need is to take an extended rest for a while (or if they actually fully fix the problem). It sounds pretty clear that the anxiety from the security problems is burning you out and burnout in any form takes a while to recover from.

[CVXIV]

am I reading that correctly
no way you can subscribe to individual players to get constant updates on them LMAO
I've said so before in the thread that was deleted, but this has to be nothing short of malicious
I refuse to believe there are any good intentions here

[Exmo]

Do an emergency rollback to the previous blacklist pre-Dawntrail to stop the bleeding (they really should have done this already, and the JP thread is calling for the game to be entirely shut down for maintenance to facilitate doing it). That alone would accomplish the primary goal of Step 1. After that, implement ANY kind of security measure to prevent account data from being scraped if the Dawntrail blacklist functions absolutely must operate client-side. It is trivial for a developer of SE's means to implement encryption of some sort to keep that data secure from the type of data scraping that's happening.

Thank you for your reply. It sounds like you don't know how to properly secure what you're asking to be secured while having blacklisting done client side, which is fine. I'm sceptical it's possible. Encryption isn't a silver bullet here since all you're changing is how the ID is spelled, it can still be used to infer the same information as now.