Page 14 of 28 FirstFirst ... 4 12 13 14 15 16 24 ... LastLast
Results 131 to 140 of 275
  1. #131
    Player
    Rolder50's Avatar
    Join Date
    Jan 2018
    Posts
    1,615
    Character
    Alarasong Elaha
    World
    Siren
    Main Class
    White Mage Lv 91
    It's funny that they add a blacklist feature and inadvertently made it even EASIER to stalk people by doing so
    (14)

  2. #132
    Player
    Jokerz_93's Avatar
    Join Date
    May 2020
    Posts
    111
    Character
    Tora Noyama
    World
    Phoenix
    Main Class
    Lancer Lv 100
    Uhm…
    I don’t understand much of these things.
    One thing I do, tho, is how forum ppl seem to have the solution at hand and…just saying “here I am with the solution”.

    Ok, now then?
    If someone was really concerned about an issue affecting their own, they would do something in regard, wouldn’t they?

    To me, shouting the solution without actions it’s just smoke.
    As much as I don’t like where this company is going, It’s hard to think to me that everybody on SE’s HQ are dumb and stupid.
    It is still a multibillion company with a fair decent amount of failure game titles on the back. You can’t reach this point if your employees and work culture are stupid, I think. It it could be just luck, tho…, I don’t know.

    I think, at the end, that the most simple answer is that they know the solution and they are capable to implement it, just not convenient.
    Because money, because they got fever, because of the global heating, because of 5ghz, because anything.
    Anything that those who screams with solutions cannot understand.
    And to be blunt, those data are just a bunch of in game personal informations.
    If those are not protected in any way by SE, this makes me think that even SE doesn’t consider those data relevant.

    Well that’s my take, take or leave it. Up to you.
    Have a good day!!
    (1)

  3. #133
    Player
    Rehayem's Avatar
    Join Date
    Aug 2019
    Posts
    754
    Character
    Yasu Naoya
    World
    Malboro
    Main Class
    Gunbreaker Lv 100
    The only reason YoshiP's statement is about going after the plugin creator is really just PR talk for shareholders. If they admit they made a mistake, their stocks would drop significantly and obviously they don't want that.
    (11)

  4. #134
    Player
    Immut's Avatar
    Join Date
    Sep 2012
    Posts
    424
    Character
    Kaye Esdarke
    World
    Hyperion
    Main Class
    Pugilist Lv 100
    Quote Originally Posted by Jokerz_93 View Post
    Uhm…
    I don’t understand much of these things.
    One thing I do, tho, is how forum ppl seem to have the solution at hand and…just saying “here I am with the solution”.
    Well it's not hard. The technical and legal incompetence on display here by Yoshida is honestly staggering. Who is he going to "pursue legal action" against? Himself? SE is the one broadcasting this data. You don't need a plugin to read it, you just need any network traffic sniffer. You don't even need it to be on the same machine.
    (8)

  5. #135
    Player
    VanillaWafer's Avatar
    Join Date
    Dec 2013
    Location
    Gridania
    Posts
    138
    Character
    Ren Nilla
    World
    Adamantoise
    Main Class
    Scholar Lv 100
    Quote Originally Posted by Jokerz_93 View Post
    -snip-
    I have the same feeling, you're not alone. With all these simple solutions people have been spewing out, you don't think they've already considered that possibility? We don't know if they've already tried in their internal servers and we'll likely never know.

    Yes, it's true that character data are not protected. It seems that people are just very attached to their characters and their privacy attached to them. While I don't think there's anything wrong with that, we all need to understand that character data is not personal data. That's why there isn't a bigger fuss about this whole thing.

    Though, I am a little bothered by "Just don't use the tool." Okay, most players wouldn't use it in the first place, but you can't expect those who are to eventually drop that data. Let's be real here, free will is a thing because they think whatever their justifications are is valid, even if they are wrong.

    I've already accepted the fact that my data is most likely scraped. I do feel bad for those who don't want that information in someone's database, but there's nothing I or any player can do.

    I don't like the response, but I already figured that's the route he'd take. It's way too late anyway as the damage is done. It's literally, "Yeah, we know and we hear you, just don't add yourself to the problem."

    We're sitting ducks, then? Okay.
    (0)

  6. #136
    Player
    Kaurhz's Avatar
    Join Date
    Jul 2015
    Posts
    3,589
    Character
    Asuka Kirai
    World
    Sagittarius
    Main Class
    Dancer Lv 90
    Quote Originally Posted by AmiableApkallu View Post
    Ever used a "Login with Google" button on some random website? Do you know what that website gets? A unique, internal account ID that Google has assigned to you. Details:
    In technical terms, the login flow uses a protocol known as OpenID Connect. One the pieces of information the website eventually gains access to is a "sub" claim:
    An identifier for the user, unique among all Google accounts and never reused. A Google account can have multiple email addresses at different points in time, but the sub value is never changed. Use sub within your application as the unique-identifier key for the user.

    Sending out unique identifiers isn't inherently insecure. It's what that unique identifier can be used for or tied to that is potentially the problem.
    Inherently it isn't a problem, but with the way that FFXIV are doing it, it absolutely is a problem, and absolutely is not a secure way of doing it.

    It has also been a very long time since I've touched OIDC, but I am under the impression the sub claim is only shared with the replying application/party that has authenticated and when said person has requested said information. I am also under the impression that it isn't just sending my sub claim to another random user.
    (1)

  7. #137
    Player
    ValynS's Avatar
    Join Date
    Jul 2024
    Posts
    9
    Character
    V'alyn Sun
    World
    Spriggan
    Main Class
    Carpenter Lv 100
    I don't know if there's realistically a bulletproof way to solve the underlying issue - which imo isn't the exposure of the account id, but is the fact it can reveal which other characters are mine. With the underlying goal being to block all my characters from being visible or being able to interact with someone, theres always going to be a way to figure that out - maybe slightly harder than this tool using account id, but not by much.

    Ultimately there needs to be better tools for reporting and dealing with harassment because even with a theoretical bulletproof blacklist nothing stops a bad actor rolling a new account
    (2)

  8. #138
    Player
    Saraide's Avatar
    Join Date
    Jun 2021
    Posts
    3,082
    Character
    Saraide Derosa
    World
    Odin
    Main Class
    Dark Knight Lv 100
    Quote Originally Posted by VerdeLuck View Post
    So now you're requiring people to know how to get, install wireshark, and now modify wireshark with plugins and export and extract that data.
    You act like requiring a massive amount more tech literacy is the same as a github repo where you plug it into the dalamud launcher and it installs and works instantly.

    You guys are so concerned with a perfect solution with no security holes you're ignoring any mitigation or path forward that reduces the spread and efficacy of the plugin.
    StalkerScope is fully operational if only a small group of people use it. Literally just have one guy logging on a data center, travel every server there and open the player search. In a week or two you will have the unique player ID of everyone.
    (8)
    Quote Originally Posted by Orinori View Post
    Aren't you the same Saraide who makes every savage pf blacklist you because you can never do a mechanic correctly and constantly causes enrage wipes? Pretty ironic to read this lmfao

  9. #139
    Player
    Exmo's Avatar
    Join Date
    Nov 2024
    Posts
    796
    Character
    Exterior Motive
    World
    Raiden
    Main Class
    Dancer Lv 100
    Quote Originally Posted by ValynS View Post
    I don't know if there's realistically a bulletproof way to solve the underlying issue - which imo isn't the exposure of the account id, but is the fact it can reveal which other characters are mine. With the underlying goal being to block all my characters from being visible or being able to interact with someone, theres always going to be a way to figure that out - maybe slightly harder than this tool using account id, but not by much.

    Ultimately there needs to be better tools for reporting and dealing with harassment because even with a theoretical bulletproof blacklist nothing stops a bad actor rolling a new account
    I said the same in another thread. Any blacklist system that blocks an account's alts can be used to discover an account's alts. There is no technical solution that can prevent it.
    (0)

  10. #140
    Player
    BigCheez's Avatar
    Join Date
    Oct 2021
    Location
    Ul'Dah
    Posts
    732
    Character
    Cheez Whiz
    World
    Twintania
    Main Class
    Paladin Lv 100
    Quote Originally Posted by Exmo View Post
    I said the same in another thread. Any blacklist system that blocks an account's alts can be used to discover an account's alts. There is no technical solution that can prevent it.
    And you're still wrong.

    If the blacklist is handled server side, I don't need to be given any information other than a boolean true/false value for whether a character is blacklisted. I don't need to have access to the character id, never mind the account id that the character belongs to.

    All I need to know are the names of the characters that I've blacklisted and that I'm sent [message from blacklisted user] instead of the actual content of a message from a blacklisted user.

    When you go to a store and buy something, do they take your money, put it in the cash register and hand you back your change, or do they hand you the cash register and let you do what you want with it? Same thing. You're effectively claiming that there's no way to handle the transaction without the customer having access to the money in the cash register.
    (9)
    Last edited by BigCheez; 01-25-2025 at 09:32 PM.

Page 14 of 28 FirstFirst ... 4 12 13 14 15 16 24 ... LastLast