SE Please start caring about your players privacy.

[SongOfTheWind]

It is so ironic that the response got buried into the 2nd page already
Good job <3

[Serenaya]

We don't know the extent they're going to. It could be a "we're going after Dalamud" collectively but they're being vague as per the usual PR veil. That said, a forum post that's already slipped to the obscurity of page 2 is a terribly mute precedent to set for something that's gotten a massive portion of the playerbase pissed off and/or nervous. At least pin the thread lmao.

Regardless, choosing this approach exclusively over actually fixing the problem that enabled this in the first place is absolutely mind-blowing. Yes, the PlayerScope dev should absolutely face consequences but as many have said, that's cutting off one head of the many the hydra undoubtedly now has. I could give benefit-of-the-doubt and say that they'll do more than they're saying publicly and keeping that quiet will stop perpetrators from getting ahead of the game, but we're long past that at this point imo. This is just extremely typical avoidance from SE/CS3 regarding issues with the game which have been piling up for years. This has already taken 2+ weeks to respond to, and it's clear they don't understand the full extent of the issue either.

It's ultimately a product of them refusing to act for far too long. I'd like to say that for once, it's not hyperbolic to say that consequences could be further reaching than just one plugin despite the effect that could have on player numbers if Dalamud were to be shafted. However, it is extremely on-brand for SE to blame the playerbase above fixing anything themselves so it's entirely possible nothing happens and time inevitably moves along. Previously they have:

- Banned for QoL plugins then added them themselves.
- Blamed the playerbase for having "bad internet" during the EW launch error 2002 fiasco only for them to eventually find a bug in their server code.
- Threatened us with stopping development of content types over their inability to moderate cheaters (yes, obviously cheating is laughably stupid so players shouldn't do it, but the root of the problem is not being addressed)
- Indirectly told us that we're the problem when they couldn't balance jobs properly during Abyssos (and still can't). This point is far less problematic obviously, but it's another example of blaming the playerbase first.

Now we've got another disappointed dad post about third-party, all while nothing is ever done.

Personally I've given up.

[Daralii]

We don't know the extent they're going to. It could be a "we're going after Dalamud" collectively but they're being vague as per the usual PR veil. That said, a forum post that's already slipped to the obscurity of page 2 is a terribly mute precedent to set for something that's gotten a massive portion of the playerbase pissed off and/or nervous. At least pin the thread lmao.

Regardless, choosing this approach exclusively over actually fixing the problem that enabled this in the first place is absolutely mind-blowing. Yes, the PlayerScope dev should absolutely face consequences but as many have said, that's cutting off one head of the many the hydra undoubtedly now has. I could give benefit-of-the-doubt and say that they'll do more than they're saying publicly and keeping that quiet will stop perpetrators from getting ahead of the game, but we're long past that at this point imo. This is just extremely typical avoidance from SE/CS3 regarding issues with the game which have been piling up for years. This has already taken 2+ weeks to respond to, and it's clear they don't understand the full extent of the issue either.

It's ultimately a product of them refusing to act for far too long. I'd like to say that for once, it's not hyperbolic to say that consequences could be further reaching than just one plugin despite the effect that could have on player numbers if Dalamud were to be shafted. However, it is extremely on-brand for SE to blame the playerbase above fixing anything themselves so it's entirely possible nothing happens and time inevitably moves along. Previously they have:

- Banned for QoL plugins then added them themselves.
- Blamed the playerbase for having "bad internet" during the EW launch error 2002 fiasco only for them to eventually find a bug in their server code.
- Threatened us with stopping development of content types over their inability to moderate cheaters (yes, obviously cheating is laughably stupid so players shouldn't do it, but the root of the problem is not being addressed)
- Indirectly told us that we're the problem when they couldn't balance jobs properly during Abyssos (and still can't). This point is far less problematic obviously, but it's another example of blaming the playerbase first.

Now we've got another disappointed dad post about third-party, all while nothing is ever done.

Personally I've given up.

Going scorched earth on Playerscope or plugins in general at this point would accomplish nothing because the compiled databases are already as big as the LuckyBancho census, and completely detached packet sniffers would still exist, but it's easier than actually fixing the problem and admitting their mistake. They'll probably add Denuvo or EasyAntiCheat and say they fixed everything.

[Rehayem]

Going scorched earth on Playerscope or plugins in general at this point would accomplish nothing because the compiled databases are already as big as the LuckyBancho census, and completely detached packet sniffers would still exist, but it's easier than actually fixing the problem and admitting their mistake. They'll probably add Denuvo or EasyAntiCheat and say they fixed everything.

I mentioned this earlier already but adding anti-cheat won't prevent the plugins from harvesting data because the information is sent through the network, meaning that if you know what you're looking for, you can use any other app like Wireshark to look it up. What's gonna happen is that someone will make a standalone app and continue harvesting data while SE pretends to care about its userbase.

[IPhila]

What the Producer Response proves is that either Yoshida does not have a full technical understanding of the problem - i.e., that there is currently an exploit within the game that is caused by sending all of the player character data client-side, and users who are ignoring the ToS have been taking advantage of that exploit - or that CBU3 has decided to omit that this was caused by improper technical design. Neither of those is going to win favor back with the community, especially when all of the points Yoshida listed in their action plan do not indicate any immediate steps to take, but at least if he had acknowledged it was a technical problem that would have indicated some transparency on the matter.

So the team is confident that it's not a security issue that could cause the player's PII to be compromised and it's only the character data that was exposed as of now. Well, what was the point of implementing the blacklist feature in the first place? To mitigate stalking incidents in-game that escalated into the real-world, wasn't it? Did CBU3 decide it wasn't worth it to revert how the player character data was handled prior to Dawntrail because they are aware that the old design was also extremely poor and did nothing to prevent in-game stalking anyway? If so, what is their reasoning for deciding that the current state of passing the data client-side is somehow better? None of that is in the response.

What I wanted to see was that the team recognized this as an issue that requires a short-term plan as well as a long-term one and I don't see that here. CBU3 only provided minimal tools to mitigate stalking because of their poor feature design prior to the blacklist update, many players were already aware of that prior to this expansion. It's the fact that this was supposed to help address that issue, and has now caused a new issue on a much larger scope purely through the implementation alone, that I have a problem with.

If the users abusing the leaked data are located outside of Japan, what legal recourse does Square Enix even have? Even then, I would be willing to accept that they examined legal options and found no viable ways to pursue the issue if they had also included what they were doing to address this from a technical standpoint, because at it's core this is a technical design flaw. Instead Yoshida's response makes it seem like this is a one-time isolated issue caused solely by this particular third-party tool that broke the ToS and they are proceeding in accordance with that description. That isn't acceptable.

I want further details on what CBU3 plans to do to update the client-side handling of the data in addition to the Producer Response.

[Archeron]

Yoshi P just wants play whacka-mole with "hostile" plug ins rather than ADDRESS THE PROBLEM. As usual, lip-service to our issues followed up by no action. It's a Yoshi P trademark at this point. I will honestly be surprised when the day comes that he *actually* addresses our concerns for real.

[Violet]

Dear EN Forum Members
The issue of this tool was also featured in Yahoo! Japan News.
*ttps://news.yahoo.co.jp/articles/0440d97676d3f961aacd80e750486e95e12719be

The news article includes a detailed description of the tool, the announcement on the PD forum, and user concerns.
There are also stories of people who learned of the tool's existence through this report, installed it without much thought, and had their personal information stolen.

My contract is about to expire, so I don't know how long I can comment, but I want to let you know that most JP players share the same thoughts as EN players.

As you probably already know, the correct link is to replace * with h.

I'm using a translator, so there may be inaccuracies or rudeness in the text.

[EunJuAnna]

Dear EN Forum Members
The issue of this tool was also featured in Yahoo! Japan News.
*ttps://news.yahoo.co.jp/articles/0440d97676d3f961aacd80e750486e95e12719be

The news article includes a detailed description of the tool, the announcement on the PD forum, and user concerns.
There are also stories of people who learned of the tool's existence through this report, installed it without much thought, and had their personal information stolen.

My contract is about to expire, so I don't know how long I can comment, but I want to let you know that most JP players share the same thoughts as EN players.

As you probably already know, the correct link is to replace * with h.

I'm using a translator, so there may be inaccuracies or rudeness in the text.

thank you for continuing to update us, I appreciate you and your efforts!

[Manamaru]

Square Enix doesn't care about Privacy. They allowed the Blacklist to be one of the most ineffective tools on any MMORPG for a decade. The only thing worse than the way SE designed the blacklist, is the community finding ways to CONTINUE their predatory stalking behaviours. Really fantastic community we have on this game. I'm half annoyed with Square Enixes fumbling of basic privacy with their awful coding, and half annoyed that we have dedicated communities on this game to enable this behaviour, and no one is ever held accountable for their behaviour.

The legal action they're considering would set a precedent to deter those from trying it, but what they really need to do is a better revamp how the system works for sending information. It should've all been server-side from the start, instead of sending something that was probably unencrypted or not well encrypted from the jump. If Square's IT department is what I expect, then I'm honestly not surprised by the huge foresight. What they need to realize is that the cat is out of the bag and people aren't going to stop just because "good pweyas would nevah do dis :3c " kind of mentality. Being able to capture the packet being sent and obtain the kind of information isn't even the worst thing that could start happening. Sure, those stalkers should be systematically rounded up and thrown into an asylum where they belong, but now this is going to be a race that I thing square enix isn't wanting considering by how things currently are that their work force seems stretched so thin.

[Rehayem]

Someone commented on the JP forums that there's yet another forked database with about 145,000 names registered, all done with Python. The people are clearly seeing YoshiP's message as a joke (because it is) and are, in fact, creating more because this is just another challenge to them.

On the other hand, that post got deleted by the JP moderators because it seems they're going scorched earth, claiming the post "intereferes with service operations".