[Feedback] Blacklist is better, but not good enough.

[voidlorn]

You know what you are asking for and how SE will implement this, right? Then the characters you block will know instantly they are blocked. They weren't able to filter out the data of blocked characters from data transferred from the server so they won't now add that for this feature. Instead the server will tell that client that they are blocked.

And the stalking plugin will simply remove that from the game anyway.

Even if they would do it the right way, stalker plugin can just synchronize your data and chats from other clients you have not blocked. This is a fight they can't win.

All you are asking for is that "fragile illusion of safety". Unless you suggest adding a kernel-level anticheat which will be the end of the game. If SE is as competent adding kernel-level anticheat to the game as they were with the block feature its just a matter of time until all XIV players get hacked and infected with ramsomware or worse.

Those words and concepts strung together do not mean what you think they do, and have literally nothing to do with how this could be implemented.

[PotatoePet]

I'm not sure I understand what you're saying here. If being blocked meant the person who blocked you disappeared from the world, then the only way you would know you were blocked is if you actively watch them disappear while in the same vicinity. How are you gonna know someone's blocked you if you can't ever see them or their chat? Or are you just laboring under the assumption that everyone has the stalker plugin?

That's how it works right now with blocking characters as well. If you block somebody they disappear in your client only. The server is still sending all their data, chats etc. to your client. Your client is only blocking it by account id which is the whole reason for the privacy scandal.

If SE add this, they will do it the exact same way as they did it before. Meaning: All blocked clients will receive a message: Hey client, this user blocked you so dont show it to the person in front of the screen. Rendering it absolutely useless and easly bypassable.

Those words and concepts strung together do not mean what you think they do, and have literally nothing to do with how this could be implemented.

This also goes for you. SE has proven that they will implement a feature like this exactly like I have it outlined and the reasons for that are to be found in their server-side backend code. You are lecturing a programmer with 20 years of experience here. They simply don't have the ability to filter traffic going out to clients as they are using a cell based synchronization in a pubsub way. That's exactly why they broadcast the account ids now to make the "block one character and block all alts at the same time" function work.

Changing this would A) take the will to refactor their core synchronization code and B) cost more in upkeep due to increased resource requirements and they have proven that they are not willing to do so.

And this idea in itself is flawed and destined to fail as long as there are plugins.

Even IF the server stops sending the data to the client a simple check with another client whose account isn't blocked via a third party tool will reveal the fact that they are blocked. Same goes the other way around.

So the whole concept is insecure and privacy invading and the way SE implemented it is the worst way possible.

EDIT: I do recommend taking a look into this thread https://forum.square-enix.com/ffxiv/...n-circumvented

[voidlorn]

That's how it works right now with blocking characters as well. If you block somebody they disappear in your client only. The server is still sending all their data, chats etc. to your client. Your client is only blocking it by account id which is the whole reason for the privacy scandal.

If SE add this, they will do it the exact same way as they did it before. Meaning: All blocked clients will receive a message: Hey client, this user blocked you so dont show it to the person in front of the screen. Rendering it absolutely useless and easly bypassable.



This also goes for you. SE has proven that they will implement a feature like this exactly like I have it outlined and the reasons for that are to be found in their server-side backend code. You are lecturing a programmer with 20 years of experience here. They simply don't have the ability to filter traffic going out to clients as they are using a cell based synchronization in a pubsub way. That's exactly why they broadcast the account ids now to make the "block one character and block all alts at the same time" function work.

Changing this would A) take the will to refactor their core synchronization code and B) cost more in upkeep due to increased resource requirements and they have proven that they are not willing to do so.

And this idea in itself is flawed and destined to fail as long as there are plugins.

Even IF the server stops sending the data to the client a simple check with another client whose account isn't blocked via a third party tool will reveal the fact that they are blocked. Same goes the other way around.

So the whole concept is insecure and privacy invading and the way SE implemented it is the worst way possible.

EDIT: I do recommend taking a look into this thread https://forum.square-enix.com/ffxiv/...n-circumvented

Got some bad news about who you're trying to lecture, my guy.

I don't care about the plugins or if they know I've blocked them. I care about these people being unable to see me/my chats WITHOUT the usage of the plugin. This is not rocket science, I promise.

[PotatoePet]

Got some bad news about who you're trying to lecture, my guy.

I don't care about the plugins or if they know I've blocked them. I care about these people being unable to see me/my chats WITHOUT the usage of the plugin. This is not rocket science, I promise.

Spoiler: They will still be able to see you and see all your public chats like before. Your idea is circumvented within minutes and will lead to even more privacy invasion with databases containing the blacklists of people.

They are simply not willing (or capable) to filter outgoing packets on a per player basis.

[voidlorn]

Spoiler: They will still be able to see you and see all your public chats like before. Your idea is circumvented within minutes and will lead to even more privacy invasion with databases containing the blacklists of people.

They are simply not willing (or capable) to filter outgoing packets on a per player basis.

Assuming they use the plugin. Which this thread is not about.

I know coding and reading aren't necessarily coexistent skills but you should probably brush up.

[PotatoePet]

Assuming they use the plugin. Which this thread is not about.

I know coding and reading aren't necessarily coexistent skills but you should probably brush up.

So privacy of users isn't important as long as you get what you want.

Its still sent to the clients, so wireshark is enough. All you are asking for, and here it becomes very ironic, is: "providing the fragile illusion of safety"

I already said this before but seems like you weren't able to understand that.

EDIT:

Just want to reiterate once and for all: This is not a "but the PLUGIN" thread. This is a, the base functionality of this safety tool needs to be improved thread. I don't care about the stupid plugin and bypassing the game systems, whatever, that's a separate issue. I'm talking about the basic protections this game should provide for users. That safety should not be discounted with the excuse of "Well, someone will work around it anyways." People ignore restraining orders, too, that doesn't mean you stop issuing them.

I am argueing against building upon that fundamentally broken system only to make it harder to revert it back. The privacy concerns haven't vanished and aren't fixed.

[voidlorn]

So privacy of users isn't important as long as you get what you want.

Its still sent to the clients, so wireshark is enough. All you are asking for, and here it becomes very ironic, is: "providing the fragile illusion of safety"

I already said this before but seems like you weren't able to understand that.

Look, if I want someone to condescend to me and put words in my mouth, I'll call my mother, not you.

I want this basic safety functionality improved. The implementation can be changed to be more secure, and the devs are probably already working on ways to do so. The specific implementation is not what this thread is about. It is about the end result of that improvement, not the myriad ways bad actors can work around it.

I've already said this before, but it seems that you were unwilling to comprehend that.

[voidlorn]

Just want to reiterate once and for all: This is not a "but the PLUGIN" thread. This is a, the base functionality of this safety tool needs to be improved thread. I don't care about the stupid plugin and bypassing the game systems, whatever, that's a separate issue. I'm talking about the basic protections this game should provide for users. That safety should not be discounted with the excuse of "Well, someone will work around it anyways." People ignore restraining orders, too, that doesn't mean you stop issuing them.

[Veladrys]

That's how it works right now with blocking characters as well. If you block somebody they disappear in your client only. The server is still sending all their data, chats etc. to your client. Your client is only blocking it by account id which is the whole reason for the privacy scandal.

If SE add this, they will do it the exact same way as they did it before. Meaning: All blocked clients will receive a message: Hey client, this user blocked you so dont show it to the person in front of the screen. Rendering it absolutely useless and easly bypassable.



This also goes for you. SE has proven that they will implement a feature like this exactly like I have it outlined and the reasons for that are to be found in their server-side backend code. You are lecturing a programmer with 20 years of experience here. They simply don't have the ability to filter traffic going out to clients as they are using a cell based synchronization in a pubsub way. That's exactly why they broadcast the account ids now to make the "block one character and block all alts at the same time" function work.

Changing this would A) take the will to refactor their core synchronization code and B) cost more in upkeep due to increased resource requirements and they have proven that they are not willing to do so.

And this idea in itself is flawed and destined to fail as long as there are plugins.

Even IF the server stops sending the data to the client a simple check with another client whose account isn't blocked via a third party tool will reveal the fact that they are blocked. Same goes the other way around.

So the whole concept is insecure and privacy invading and the way SE implemented it is the worst way possible.

EDIT: I do recommend taking a look into this thread https://forum.square-enix.com/ffxiv/...n-circumvented

This thread isn't about the plugin at all, it's about the base functionality of the in-game blocklist. If you want to discuss the stalker plugin, go to the thread you linked to do so. This thread is about the functionality of the vanilla client.

[Supersnow845]

This thread isn't about the plugin at all, it's about the base functionality of the in-game blocklist. If you want to discuss the stalker plugin, go to the thread you linked to do so. This thread is about the functionality of the vanilla client.

The problem is you don’t have to consent to the plugin to have it be used on you and it’s specifically because the vanilla blacklist was changed to move data to the client in an incredibly unsafe way that is already used for the stalking plugin but can be used for a host of other things

The blacklist needs to be reverted in the short term, whether it’s intended functionally is better or worse than the old blacklist when it creates this many problems is basically arguing about the paint colour while the house is burning down