Page 1 of 25 1 2 3 11 ... LastLast
Results 1 to 10 of 279

Hybrid View

  1. #1
    Player
    SillyCrow's Avatar
    Join Date
    Aug 2021
    Location
    Gridania
    Posts
    172
    Character
    M'yahrah Raha
    World
    Exodus
    Main Class
    Machinist Lv 100

    Re: Regarding the Use of Third-Party Programs and Player Safety

    We have confirmed that there exist third-party tools that are being used to check FFXIV character information that is not displayed during normal game play. The tool is being used to display a segment of an FFXIV character's internal account ID, which is then used in an attempt to further correlate information on other characters on the same FFXIV service account.
    So the game shares an internal account ID with the client. If this is not supposed to be seen, that seems like the root problem to me.
    • Is this issue going to be fixed?
    • When can we expect this to be fixed?
    (67)

  2. #2
    Player
    BigCheez's Avatar
    Join Date
    Oct 2021
    Location
    Ul'Dah
    Posts
    732
    Character
    Cheez Whiz
    World
    Twintania
    Main Class
    Paladin Lv 100
    Yes, that's the problem.

    No, it won't be fixed. You can expect it to be fixed never.

    It isn't displaying "a segment of an FFXIV character's internal account ID", they send the whole ass account id to the client, raw and unencrypted and it isn't "used in an attempt to further correlate information on other characters on the same FFXIV service account", they just use the whole account id that they're being given to look up other characters with the same account id.

    This is the devs refusing to acknowledge that this is even their own fault.

    Absolute best case scenario, the plugin will just be made private again. But I'm pretty sure the people who would still have access to it are on my data centre, so that's cool.
    (45)

  3. #3
    Player
    YumieYumiki's Avatar
    Join Date
    Jan 2025
    Posts
    90
    Character
    Yumie Yumiki
    World
    Omega
    Main Class
    Rogue Lv 100
    Quote Originally Posted by BigCheez View Post
    Absolute best case scenario, the plugin will just be made private again.
    Never gonna happen. It used to be on github, meaning people have copies and will continue spreading it, even if SE manages to get a legal injunction against someone or another. The only reason for SE not to fix it on a technical level (handle the blacklisting server side instead of client side) is that it would make the servers slightly more expensive to run. That's literally the only reason. They prefer to compromise their customers security than losing a bit of revenue. That's not a good look.
    (16)

  4. #4
    Player
    BigCheez's Avatar
    Join Date
    Oct 2021
    Location
    Ul'Dah
    Posts
    732
    Character
    Cheez Whiz
    World
    Twintania
    Main Class
    Paladin Lv 100
    Quote Originally Posted by YumieYumiki View Post
    Never gonna happen. It used to be on github, meaning people have copies and will continue spreading it, even if SE manages to get a legal injunction against someone or another. The only reason for SE not to fix it on a technical level (handle the blacklisting server side instead of client side) is that it would make the servers slightly more expensive to run. That's literally the only reason. They prefer to compromise their customers security than losing a bit of revenue. That's not a good look.

    It's still open source. The GitHub repo was removed but they just moved the project to a shady Russian version control platform instead. Yes, people will still have access to the code but they need to be whitelisted to access the database.

    The problem is that you don't actually need the plugin to access any of this information. You could grab the account id via anything that can read values from memory or network traffic. If they don't want people to be able to access this information, they need to stop sending it to people.
    (23)

  5. #5
    Player
    ovIm's Avatar
    Join Date
    Oct 2014
    Posts
    746
    Character
    Vim Mercer
    World
    Alpha
    Main Class
    Gunbreaker Lv 90
    Quote Originally Posted by BigCheez View Post
    It isn't displaying "a segment of an FFXIV character's internal account ID", they send the whole ass account id to the client, raw and unencrypted and it isn't "used in an attempt to further correlate information on other characters on the same FFXIV service account", they just use the whole account id that they're being given to look up other characters with the same account id.

    This is the devs refusing to acknowledge that this is even their own fault.
    The devs don't even acknowledge the entire scope of the problem, let alone what an actual fix could be. Guess we can expect that behavior to be par for the course in the forseeable future.
    And as you said, no modified game client is needed to access the information.
    But I guess actually fixing the issue in a proper way and having the blacklist get handled server side is "too expensive" or something like that.
    (13)
    RIP Viper 28/06/2024 - 30/07/2024. It was a fun month.

  6. #6
    Player
    Collin_Sky's Avatar
    Join Date
    Jun 2018
    Posts
    323
    Character
    Memento Mori
    World
    Twintania
    Main Class
    Astrologian Lv 100
    Like Cheez said, the cat is out of the bag and it's going no where. SE seems completely incapable of taking responsibility for implementing this feature in the absolute dumbest way possible.
    SE are well aware how often people are reading game data because they're literally taking plogons and adding them into QoL features, so they know they exist, they know people are doing it, and didn't take any steps to protect such important information as account ID.
    (20)
    Last edited by Collin_Sky; 01-25-2025 at 12:24 AM.

  7. #7
    Player
    VerdeLuck's Avatar
    Join Date
    Jan 2022
    Posts
    1,112
    Character
    Ymir Bombullshale
    World
    Halicarnassus
    Main Class
    White Mage Lv 100
    Just add an anticheat in 8.0 we need it at this rate.
    (15)

  8. #8
    Player
    ovIm's Avatar
    Join Date
    Oct 2014
    Posts
    746
    Character
    Vim Mercer
    World
    Alpha
    Main Class
    Gunbreaker Lv 90
    Quote Originally Posted by VerdeLuck View Post
    Just add an anticheat in 8.0 we need it at this rate.
    Please no. Anticheat will only harm the regular users and can do nothing to resolve this issue, its literal snake oil.
    (33)
    RIP Viper 28/06/2024 - 30/07/2024. It was a fun month.

  9. #9
    Player
    BigCheez's Avatar
    Join Date
    Oct 2021
    Location
    Ul'Dah
    Posts
    732
    Character
    Cheez Whiz
    World
    Twintania
    Main Class
    Paladin Lv 100
    Quote Originally Posted by ovIm View Post
    Please no. Anticheat will only harm the regular users and can do nothing to resolve this issue, its literal snake oil.
    It would deal with the rampant botting and cheating though, but that's a separate conversation.
    (8)

  10. #10
    Player
    YumieYumiki's Avatar
    Join Date
    Jan 2025
    Posts
    90
    Character
    Yumie Yumiki
    World
    Omega
    Main Class
    Rogue Lv 100
    Quote Originally Posted by BigCheez View Post
    It would deal with the rampant botting and cheating though, but that's a separate conversation.
    If they wanted to fight bots they could apply a number of server side heuristics to prevent them from teleporting around, from getting under the map, from speed hacking. Same thing as the blacklisting issue though, it would increase the server costs and evidently they are content to let people believe that nothing can be done, rather than outright tell us "it would cost us money so fu"
    (5)

Page 1 of 25 1 2 3 11 ... LastLast