ISP Code Injection prevents playing FFXIV:Stormblood (and creates system vulnerabilit

[Elliander]

My ISP, Charter Communications, likes to use code injection to serve up messages to subscribers. It's annoying and stupid, but I can't do anything about it and don't have any alternative broadband ISP available to me in my area. Normally this doesn't affect the console because it's doesn't rely on webpages and it's secure (to prevent, say, piracy I'm sure) and on a PC the code injection ends up being a minor annoyance because I can back out and click again and it always works since such notifications happen only occasionally, but if I reload a browser they always come up first page loaded and that's why it's causing an issue with the latest update of Final Fantasy to Stormblood.

I had no problem playing Final Fantasy XIV: A realm reborn, but decided to pre-order stormblood to get up to date on available content, used the promo code, then code a prompt to update the game. After that, I clicked to start the game, and instead of the usual login screen a full page HTML window appears which then serves up the code injected ISP message. There was no option to back out of it, or reload it, so I closed the game and re-opened, but because the notification appeared again. and again and again and again. If it's just a one time thing I could use my phone's mobile hotspot to get around the issue when it gets out of the shop, but if it's a permanent change in the way the game loads I'll never be able to play this game again.

I'm inclined to think it's related to how the game knows I paid for the expansion though, since currently - even though I successfully used the promo code - my Square-Enix account does not show that I own the expansions yet. (This also, incidentally, means the bug prevents me from registering the game I purchased) However, if it uses an HTTP request to verify that, well, that's a system vulnerability. It means that someone could just copy the web traffic and recreate it via code injection in the router to activate a game license opening up a potential route of piracy. Really, no game should be using any insecure form of communication. If this was HTTPS the code injection wouldn't occur at all, so I know it's an insecure line.

In any case, since this never happened before, and since no other game has ever had this problem, it's gotta be something new and so it should be easy for you to fix. The only page vulnerable to ISP code injection (which is a slowly growing problem in many areas, now that net neutrality is being unraveled) are pages in HTML. Secure HTML and non web page designs don't have this issue. You could even design a page that isn't a webpage and gets it's data from a webpage to side step this problem.

Incidentally, until this is resolved, I advise all of my friends who are on Charter Communications to NOT buy Stormblood.

It's a shame that "Game breaking bug" is not an available option when cancelling my subscription:


Q: Why did you decide to cancel your subscription?

1. I am simply changing my payment method.

2. I want to take a break.

3. I have run out of things I want to do.

4. I am stopping to play another game.

5. My friends have stopped playing.

6. I am no longer interested in playing.

7. Financial reasons.

8. I prefer not to answer.


Although it's an even bigger shame that, unlike FF11, my license isn't cross platform meaning I wasted my money paying for the console version. I have no choice but to cancel if I am not able to resolve this bug.


Time: all the time
Frequency: all the time

Steps:
1. Redeem promo code included with stormblood
2. update from A realm reborn to stormblood
3. Open game
4. See full page HTML which is vulnerable to code injection
5. Turn off game, turn back on, no luck.

Connection Specs
- Type of internet connection/provider: Broadband / Charter Communications
- Modem maker/model number: DOCSIS 3.0

------------------------------------------------------

■ PS4 Specs

Model Number of the PlayStation®4 You Are Using
- Model Number: Just an average non pro PS4 using standard controllers.

[AkaeiNox]

Personally, if my ISP did something like that I would perhaps consider using a VPN. (it's possible to share your connection from your PS4 to your PC that is on a VPN)

...I wish you luck too.

[Culfinrandir]

Which country are you in? Many countries have laws that forbid such data interference & it may be that you need to inform the relevant person in your country to get something done.