Re: Regarding the Use of Third-Party Programs and Player Safety

[Exmo]

And you're still wrong.

If the blacklist is handled server side, I don't need to be given any information other than a boolean true/false value for whether a character is blacklisted. I don't need to have access to the character id, never mind the account id that the character belongs to.

All I need to know are the names of the characters that I've blacklisted and that I'm sent [message from blacklisted user] instead of the actual content of a message from a blacklisted user.

When you go to a store and buy something, do they take your money, put it in the cash register and hand you back your change, or do they hand you the cash register and let you do what you want with it? Same thing. You're effectively claiming that there's no way to handle the transaction without the customer having access to the money in the cash register.

Incorrect. Your thinking is in the clouds rather than of results. It would be extremely easy for a stalker to use player search to discover an alt of someone blocking them by comparing the list against a control account. Doesn't matter if blacklist is handled client side or server side. There is no way around it.

[Collin_Sky]

You're not engaging your brain

lol

and you're being a rude little boy as is usual

lmao I cannot believe these two statements came one after another

Remember kids, the first one to start name calling is the real winner of the argument.

[ValynS]

And you're still wrong.

If the blacklist is handled server side, I don't need to be given any information other than a boolean true/false value for whether a character is blacklisted. I don't need to have access to the character id, never mind the account id that the character belongs to.

All I need to know are the names of the characters that I've blacklisted and that I'm sent [message from blacklisted user] instead of the actual content of a message from a blacklisted user.

When you go to a store and buy something, do they take your money, put it in the cash register and hand you back your change, or do they hand you the cash register and let you do what you want with it? Same thing. You're effectively claiming that there's no way to handle the transaction without the customer having access to the money in the cash register.

But since the blacklist functions also prevent characters from being displayed (to stop in game 'following', poses, emotes, etc) there would need to be more information sent (or omitted) from the servers responses, e.g. the server wouldn't send 'char abc is standing at x.y' type data for blocked chars. Someone could probably view the network traffic and compare that against network traffic when the blacklist is not enabled and use the difference to determine alts. More time consuming and possibly not as 100% as the existing stuff, but still possible. We also don't know the performance impact of all traffic having to be ran through that kind of filter. I'd like to say it wouldn't be much but this game and network perf ... Well, who knows

[BigCheez]

But since the blacklist functions also prevent characters from being displayed (to stop in game 'following', poses, emotes, etc) there would need to be more information sent (or omitted) from the servers responses, e.g. the server wouldn't send 'char abc is standing at x.y' type data for blocked chars. Someone could probably view the network traffic and compare that against network traffic when the blacklist is not enabled and use the difference to determine alts. More time consuming and possibly not as 100% as the existing stuff, but still possible. We also don't know the performance impact of all traffic having to be ran through that kind of filter. I'd like to say it wouldn't be much but this game and network perf ... Well, who knows

There shouldn't be much overhead. You'd only need to check if the player is blacklisted once and then cache the result for as long as you're receiving data about that player.

If, for some reason, they can't implement account-wide blacklist in a way that doesn't create more problems than it solves, they probably shouldn't have implemented it.

[Exmo]

But since the blacklist functions also prevent characters from being displayed (to stop in game 'following', poses, emotes, etc) there would need to be more information sent (or omitted) from the servers responses, e.g. the server wouldn't send 'char abc is standing at x.y' type data for blocked chars. Someone could probably view the network traffic and compare that against network traffic when the blacklist is not enabled and use the difference to determine alts. More time consuming and possibly not as 100% as the existing stuff, but still possible. We also don't know the performance impact of all traffic having to be ran through that kind of filter. I'd like to say it wouldn't be much but this game and network perf ... Well, who knows

100% this. You're still communicating character ABC is the alt of someone on your blacklist, either through a isBlocked flag or through omission of that character. The only difference is you're now performing an additional N^N logical checks every 100ms.

[Lemage]

Developers exposed something to the client that could be abused/exploited with any middleman tool, the third party program itself is an issue but devs need to learn to take accountability and fix their sh*t, and people need to stop absolving them of the blame for making archaic choices and poor decisions with their developments in the first place. They're not an indie dev.

[Exmo]

"Just cache the result" while forgetting you need to check the cache on every request, which is the point of the cache. Checking the cache is a logical check. Making a cache isn't a magical thing that solves all problems. It's still N^N logical checks, but also you need to maintain the cache every time someone changes their blacklist or enters or leaves the instance (or did you want a memory leak that kills the entire server?).

[BigCheez]

"Just cache the result" while forgetting you need to check the cache on every request, which is the point of the cache. Checking the cache is a logical check. Making a cache isn't a magical thing that solves all problems. It's still N^N logical checks, but also you need to maintain the cache every time someone changes their blacklist or enters or leaves the instance (or did you want a memory leak that kills the entire server?).

That depends how they're handling the data and how you cache the results. Yes, they need to check to see if data for a player should be sent but that isn't an expensive operation. Yes, they need to update/clear the cache every once in a while. No, that isn't a big deal either.