Patch 7.2's Account ID protection measures have already been circumvented

[AnnRam]

They can't even protect themselves from normal players that mod the game worse than Skyrim SE and sync the whole client/data with multiple people irl and you expect them to fix a security issue.

My sides.

[Kaurhz]

Probably both at this point.

The most comical part...?

There was probably a solid length debate on how to fix this, what measures to put in place, and the shameful part is... This is something I would expect from a first year undergrad.

[KabrAS]

Once again devs disappointing with a half baked feature they announced, nothing new.

[Kazuke_Miso]

Well yeah, but you can't put those intrusive apps on the same level of evil as a bunny hat enabler, right? I'm not crazy, am I? But because it's not regulated, it's just the wild west.

Because it's not about every plugin or mod being "bad".

It's that Square Enix has constantly threatened that "UNNNGH DON'T PASS OUR RED LINE OR ELSE" and yet has never actually seem to have taken any substantial action to root out the problem, no matter how egregious the offense is.

And in fact, I agree with your logic, which is why SE's actions are even more pathetic:

They have banned a ton of people posting ERP screenshots on Twitter (which harms no one let's be real). But the people using the stalking plugin? Wintraders? Cheaters? Nah.

They go after raiders using a parser to track their DPS on stream. They hunted down the guy who used an "illegal waymark" that gave a minor boost to clarity in P7S and banned him. They killed all those people using Ungarmax for fun trolling around.

But now when the time comes to finally hunt the big shark instead of these small fish, they.... pathetically flail and just plead with the community to "pweaase stop using the third party!!! or we'll sue D:< D:<".

All they do in this game is go after the easy targets, because that's all they can do:

The most comical part...?

There was probably a solid length debate on how to fix this, what measures to put in place, and the shameful part is... This is something I would expect from a first year undergrad.

A lot of people have finally figured this out after a decade of SE's bluffing. They don't actually have the power to go after the "evil". They can only hunt down the people who jaywalked through a red light. When's the last time they have actually gone after the people making CP in FF14? Patched out any way to stalk people? Banned wintrading rings? The Savage "raiders" botting their entire rotations day after day? Or even make any substantial dent in RMT? LOL. No, they will go after a few cheeky players who used Ungarmax instead.

Square Enix's policy against ToS violation has not made any dent against the "evil" plugins or bots. They mostly hunt down players who went just a bit too far, fooling around a bit too much, or maybe saying a naughty swear word in Limsa chat. They only have the power to do that, nothing more.

[Saraide]

This what SE thinks is enough:

[Jeeqbit]

Maybe they should just let ChatGPT do everything for them at this point when they're so incompetent and it'll still be an improvement

Every programmer I know would immediately think of this concern when coding a blacklist feature. It's the literal job of a programmer to foresee "obvious" problems that could stem from their decisions, and account for them in the design.

It's sad that even ChatGPT could have told them this if they lacked this basic foresight, and that even after all the comments from the community they still don't get it.

[LilaIronman]

I think Im putting all my stuff on throwaway accounts, at this point you can't trust them anymore with any info about you lol, hackers would have it so easy here

[GiR_Zippo]

Not hackers, they wouldn't even bother to create an account in a game only to get an accound id you can pressumably only use to track characters.
A hacker would try to get your SE main account login datas and for this they would attack something different, e.x. the webservice.

But that's not even necessary, some players are giving them the account logins for free:
- just create a fake SE forum website hosted in south africa
- copy the design from the login prompt of this forum
- register a lookalike domain
- optional: use cloudflare to protect your webserver
- send a "1Million gil giveaway" DM to people in-game until you get banned
- wait for some to players to login on your fake site and save the login data
Done.

But I'm curious why SE didn't build the blacklist feature server-side...
Yes much more effort, more time-consuming for the devs and much more can break if it goes wrong, but at the end if it's done right, the packets from both parties will be blocked and they will never see each other again...

[Eraden]

Oks. Mao gettings scared here. Mao nots know much abouts computers. Is Mao account and character safe?

[GiR_Zippo]

As long as you don't click on every link you see, open random steam gift websites, click on cutekitty.jpg.exe in your emails: probably yes :P