Re: Regarding the Use of Third-Party Programs and Player Safety

[Espon]

SE's only choice is to fix the actual problem. There's no reason why the client should be given access to a person's account ID, it should be a check done server-side only.

Legal action won't solve anything once the plugin is already out there, and it does not stop someone else from making the same thing. If anything, people might start taking action against SE for compromising their private data and refusing to fix the exploit.

As for those suggesting SE use anti-cheat software: it does not fix the root of the actual problem. That would be like putting all your money on your front lawn in a box with a sign that says "Do not steal." It's not going to stop anyone as people will find a way around it, since they always do.

[VerdeLuck]

Anticheat wouldn't work for this. You can access this information without tampering with the game's files via Wireshark. You don't even have to directly interface with ff14 to get someone's account ID. Hell, you don't even need to have ff14 installed on the same machine that ff14 is running on. Until that information is not shared with the client, no anticheat or attempts at stifling plugins or mods will ever work.

Most of the people using this tool would be stopped at the requirement of installing and running wireshark, much less having to read the output. It also wouldn't conveniently compile everyone's data into a centralized database for use by even the most tech illiterate.
People seem to be so afraid of not having the perfect solution with 0 workaround that they reject the easy solution in front of their face.

The fact this game has such rampant cheating and people actually threaten to leave the game for good if they can no longer cheat or use 3rd party tools to harass others is definitely eye opening though.

[Rein_eon_Osborne]

Their response reeks of two tones:

• "All of these won't be happening if y'all just be nice :3c"
• "Pls don't speak of 3rd party tools they expose the amateurish mistake(s) our devs made."

This quality of a system is like putting an expensive mobile outdoor with "do not steal"-sign next to it. Hey, it might work if it's done somewhere in certain country... but they can't possibly think people worldwide would abide this religiously.

[SongOfTheWind]

This doesn't make sense. The blacklist feature blocks another player and their alts. Therefore, the client needs to know some info about those alts so it can block them.

It makes perfect sense in the world where the client is not given authority to do account wide blocking. When you block me, as in, my character - you, as a client, is not supposed to be entitled to information beyond that. The server is supposed to know what other characters I have, not you. You only need to get appropriate information about the characters around the world based on what your blacklist is. How that blacklist to character is resolved is for the server to decide, not you.
Does it make more sense? Yes, this is more complex than just blocking individual characters, but more often than not - if you can’t make it right just don’t make it at all is the best approach.

[EunJuAnna]

Most of the people using this tool would be stopped at the requirement of installing and running wireshark, much less having to read the output. It also wouldn't conveniently compile everyone's data into a centralized database for use by even the most tech illiterate.
People seem to be so afraid of not having the perfect solution with 0 workaround that they reject the easy solution in front of their face.

The fact this game has such rampant cheating and people actually threaten to leave the game for good if they can no longer cheat or use 3rd party tools to harass others is definitely eye opening though.

they need to handle account IDs server side, or encrypt them. that's it. that's the easy solution. anti cheat will not stop this. sure it could stop other things, but not this particular issue. this is straight up incompetent dev work.

[YumieYumiki]

Well, one thing you gotta remember is that the whole teleporting around has been used by staff in preparation for Fan Fests.

I mean they can have special GM privileges allowing them to do that, they don't need to let everyone do it through client side cheats.

[ovIm]

Most of the people using this tool would be stopped at the requirement of installing and running wireshark, much less having to read the output. It also woudln't conveniently compile everyone's data into a centralized database for use by even the most tech illiterate.
Peopel seem to be so afraid of not having the perfect solution with 0 workaround that they reject the easy solution in front of their face.

The fact this game has such rampant cheating and people actually threaten to leave the game for good if they can no longer cheat or use 3rd party tools to harass others is definitely eye opening though.

If someone can code something that clings onto the game to extract data, that individual can also code an addon to Wireshark that filters FFXIV network data and saves it in a nice, readable format. Wireshark openly supports plugins, after all.

Add to the fact that an AntiCheat is a very invasive bit of software with a plethora of problems. What you are not seeing is that implementing an AntiCheat will most likely cause many issues with regular playing folk as well. Imagine the AntiCheat gives a false positive and bans your account. Do you trust Square Enix Support to resolve that, with how they are handling this dilemma right now? What if they buy in an AntiCheat like Denuvo that is proven to be an actual issue with customer PCs, in terms of performance. Too many AC solutions also hook very deep into your computer, running constantly. Just look at all the problems Valorants AntiCheat caused.
Asking for an AntiCheat implementation is literally inviting the devil into your home. What about Steam Deck players, they would be excluded from playing as well.

AntiCheat is literally the worst kind of solution to this problem. I'd rather they implement something properly server side.

[Dzian]

To be honest I think SEs stance on third party stuff since day 1 is a big part of this problem..

Over a decade of turning a blind eye letting players get away with more and more blatent stuff.

If they actually enforced the rules from day 1. I do wonder how many of these mods and things would even exist today.

More players see players getting away with blatant rule breaking. The more they think stuff it and do it themselves... there's been 12+ years of zero repercussions. There's literally zero reason not to use them at this point.

I can't really see SE doing anything now. Just the same thingbthey always do. "Please don't use third party tools, but if you do shhhh! We won't do anything"

Hell if they started enforcing it now they ban 80% ofbthe playerbase at least. Suicidal

[BigCheez]

This doesn't make sense. The blacklist feature blocks another player and their alts. Therefore, the client needs to know some info about those alts so it can block them.

No, it doesn't.

What happens right now is that you're given the account id of the account that the character belongs to to check if it matches an account id in your blacklist.

What should happen is that the server should check if the account id matches the account id of any of the characters in your blacklist and just send you a simple yes/no response, so you know if the player is blacklisted but aren't given access to any additional data.

This is the kind of thing that you would generally expect someone to learn in their first year as a junior software developer.

[MiaBlaze-Cari]

This doesn't make sense. The blacklist feature blocks another player and their alts. Therefore, the client needs to know some info about those alts so it can block them.

The client doesn't need to know anything in that regard if that stuff is handled on the server. Let's say Player A logs in on an alt to harass Player B. Player B has Player A blacklisted and therefor the server simply would not send the data about Player A to Player B at all. If blacklists would work in both ways then the Player B data would also not reach Player A.

The way it is now the server sends the data all the time and the client has to handle it, with blacklist data that is from the self-same server. The Blacklist is already saved server-side so it should also be handled there instead of sending an immutable ID of everyone that can be linked to everything on their accounts.