Re: Regarding the Use of Third-Party Programs and Player Safety

[Archmortal]

Having the plug-in taken down won't accomplish much. The creator is already planning to distribute it among his friends and in less visible spaces. Pursuing legal action will only stop the creator, it won't stop the people that have already copied the plug-in with plans to make their own. I encourage seeking legal action but it will not prevent another copy-cat plug-in from doing the exact same thing.

What MUST be done is protecting the account ID that no one asked for. You could simply NOT send it client-side. If it absolutely MUST be sent client-side for the blacklist to use its current features then you must AT MINIMUM protect it with randomized hashing if you can't be bothered to encrypt it. You cannot let such sensitive data be sent to the client with no protection in a game that you KNOW has such heavy plug-in usage. Basic data security is just completely absent from its current implementation. THAT'S the problem, Yoshida.

[Sarevok_Thordin]

Having the plug-in taken down won't accomplish much. The creator is already planning to distribute it among his friends and in less visible spaces. Pursuing legal action will only stop the creator, it won't stop the people that have already copied the plug-in with plans to make their own. I encourage seeking legal action but it will not prevent another copy-cat plug-in from doing the exact same thing.

What MUST be done is protecting the account ID that no one asked for. You could simply NOT send it client-side. If it absolutely MUST be sent client-side for the blacklist to use its current features then you must AT MINIMUM protect it with randomized hashing if you can't be bothered to encrypt it. You cannot let such sensitive data be sent to the client with no protection in a game that you KNOW has such heavy plug-in usage. Basic data security is just completely absent from its current implementation. THAT'S the problem, Yoshida.

This the issue, the client does not need the accountID to do anything as it isn't interacting with the other player's account, it's only the character that it sees it needs to check. The accountID should be a server side check with anything requiring the use of account id being managed through a characterid challenge from the client.

A basic pattern of security is least privledge, the client should never have read privledge on account ids of other people.

[Exmo]

This the issue, the client does not need the accountID to do anything as it isn't interacting with the other player's account, it's only the character that it sees it needs to check. The accountID should be a server side check with anything requiring the use of account id being managed through a characterid challenge from the client.

A basic pattern of security is least privledge, the client should never have read privledge on account ids of other people.

This doesn't make sense. The blacklist feature blocks another player and their alts. Therefore, the client needs to know some info about those alts so it can block them.

[SongOfTheWind]

This doesn't make sense. The blacklist feature blocks another player and their alts. Therefore, the client needs to know some info about those alts so it can block them.

It makes perfect sense in the world where the client is not given authority to do account wide blocking. When you block me, as in, my character - you, as a client, is not supposed to be entitled to information beyond that. The server is supposed to know what other characters I have, not you. You only need to get appropriate information about the characters around the world based on what your blacklist is. How that blacklist to character is resolved is for the server to decide, not you.
Does it make more sense? Yes, this is more complex than just blocking individual characters, but more often than not - if you can’t make it right just don’t make it at all is the best approach.

[Exmo]

It makes perfect sense in the world where the client is not given authority to do account wide blocking. When you block me, as in, my character - you, as a client, is not supposed to be entitled to information beyond that. The server is supposed to know what other characters I have, not you. You only need to get appropriate information about the characters around the world based on what your blacklist is. How that blacklist to character is resolved is for the server to decide, not you.
Does it make more sense? Yes, this is more complex than just blocking individual characters, but more often than not - if you can’t make it right just don’t make it at all is the best approach.

You're taking about moving the whole feature server side, which is different to what I was replying to. Moving the feature server side is an option but it's vastly more complex and expensive. Whether it's for much of a gain is open for discussion. Although it's how a small, small number of players use alts, I don't know if SE consider them as a security mechanism to mitigate stalking. Has there ever been a statement to this effect? I doubt they view alts as a matter of privacy, so they probably view the problem caused by this exposed ID as being already resolved by the blacklist feature - your stalker might know of your alts but they can't harass you in game once you blocked them. Determined stalkers will create an entirely new account to bypass your blacklist, but the reporting feature is in place to help people as well. I don't know, I'm only speculating based on what SE have and haven't said so far, but I suspect they might have a different perspective on the whole thing. Maybe they'll give a statement some point in the future that makes their stance clearer.

[BigCheez]

This doesn't make sense. The blacklist feature blocks another player and their alts. Therefore, the client needs to know some info about those alts so it can block them.

No, it doesn't.

What happens right now is that you're given the account id of the account that the character belongs to to check if it matches an account id in your blacklist.

What should happen is that the server should check if the account id matches the account id of any of the characters in your blacklist and just send you a simple yes/no response, so you know if the player is blacklisted but aren't given access to any additional data.

This is the kind of thing that you would generally expect someone to learn in their first year as a junior software developer.

[MiaBlaze-Cari]

This doesn't make sense. The blacklist feature blocks another player and their alts. Therefore, the client needs to know some info about those alts so it can block them.

The client doesn't need to know anything in that regard if that stuff is handled on the server. Let's say Player A logs in on an alt to harass Player B. Player B has Player A blacklisted and therefor the server simply would not send the data about Player A to Player B at all. If blacklists would work in both ways then the Player B data would also not reach Player A.

The way it is now the server sends the data all the time and the client has to handle it, with blacklist data that is from the self-same server. The Blacklist is already saved server-side so it should also be handled there instead of sending an immutable ID of everyone that can be linked to everything on their accounts.

[Sarevok_Thordin]

This doesn't make sense. The blacklist feature blocks another player and their alts. Therefore, the client needs to know some info about those alts so it can block them.

No it doesn't.

The block list should be server side so it can determine if communication should be allowed without the client needing to parse that information itself.

[ThatQEDguy]

I take it "Fixing the issue" isn't on their radar?

[Espon]

SE's only choice is to fix the actual problem. There's no reason why the client should be given access to a person's account ID, it should be a check done server-side only.

Legal action won't solve anything once the plugin is already out there, and it does not stop someone else from making the same thing. If anything, people might start taking action against SE for compromising their private data and refusing to fix the exploit.

As for those suggesting SE use anti-cheat software: it does not fix the root of the actual problem. That would be like putting all your money on your front lawn in a box with a sign that says "Do not steal." It's not going to stop anyone as people will find a way around it, since they always do.