Quote Originally Posted by Sarevok_Thordin View Post
This the issue, the client does not need the accountID to do anything as it isn't interacting with the other player's account, it's only the character that it sees it needs to check. The accountID should be a server side check with anything requiring the use of account id being managed through a characterid challenge from the client.

A basic pattern of security is least privledge, the client should never have read privledge on account ids of other people.
This doesn't make sense. The blacklist feature blocks another player and their alts. Therefore, the client needs to know some info about those alts so it can block them.