FFXIV Stalker Mod video: https://youtu.be/o4UrBkHP_fk
Recently Xeno has reacted to a new Final Fantasy 14 Mod (third party tool) called PlayerScope that offers a wide range of features to track and stalk other players. This is Yoshi-P’s response regarding this mod and Square Enix’s plan to stop other stalker mods in the future.
► Xeno’s Twitch: https://www.twitch.tv/xenosysvex
► Xeno’s Twitter: https://twitter.com/xenosysvex
► Xeno’s Clip Channel: https://www.youtube.com/channel/UCfes1ItlC0DEh5XDJCvBPZg
► Xeno’s Discord: https://discord.gg/xenosysvex
► Xeno’s Reddit: https://www.reddit.com/r/XenosysVex/
► Xeno’s VOD Channel: https://www.youtube.com/channel/UCvVHFO7bSOc6jFJm-oxZIrQ
► Xeno’s fflogs: https://www.fflogs.com/character/id/27629
Thank you for watching! Don’t forget to subscribe to Xeno’s YouTube Channel so you can stay up to date with the best Xeno Highlights, Xeno Reacts, Xeno Guides and the funniest Xeno moments from Final Fantasy 14 (FFXIV) and other games played on stream!
#Xeno #FFXIV #dawntrail
Channel Editor: Leo Coman (Discord: leo.coman)
Outro song: Sirius Beat – The Chosen
Link: http://youtu.be/JuaM1romA3c
If you own the copyright of content showed in this video and would like it to be removed please contact:
► [email protected]
source
The issue was reported and they chose to release it anyway, DT in alot of ways has exposed how lazy they have gotten apparently there's an EU law that opens them to being sued(not sure if this one is true or not so dont quote me on it but still) if this happens how do you get to this point I never thought I'd see this game take such a huge nose dive.
The reason they don't wanna do anything is cause if they block all plugins and mods they cut the games population by at least half
Let me get this straight. THEY put the information client-side. As in, on your PC, my PC, everyone's PCs. And because people can read that information that THEY pushed onto our machines, they're going to try to sue those people?
Nah. We trusted them with our info, and they were reckless and stupid. This isn't on the modders, it's on SE.
If it turns out that the information attained also includes more information such as personal identifiable information or CC information via account id, then this will not be a simple case of cease and decist.
I think they've done it as efficient as possible, but efficiency doesn't mean safety. Code could be so efficient if ppl wouldn't always try to misuse it for profit or to harm others…
to everyone saying "SE won't do anything", well, they HAVE TO now. Japan has laws against cyberstalking and bullying. EU does as well, as does several American states.
SE has a lawful obligation to prevent harassment online, which would include blocking access to personally identifiable information such as account IDs that could be tied to a person's identity.
we are reaching the point where the devs needs to develop features thinking "a mod could see this or can do that"?
what if this wasn't the laziest way to implement the black list but the faster and easier on their systems? you also have the console players that have nothing to do with this and they are getting affected.
Who knows how many features are not created due to mods? or how long until SE creates one that will be so toxic for the community that actually impacts most players?
It seems it is a exploit/vulnerability in the game so?Maybe correct the exploit? Has for persuing legal action, Destiny 2 actively hunts and shuts downs cheater creators and they actually go bust , did it end the cheating? Actually I think it diminishes the prevalence but because d2 is a f2p they cheaters just create new accounts.
I mean shit Nintendo is a juggernauth destroying little content creators because they used their Ip ..
Empty threats. They don't want to crack down on plugins because they'd lose half their subs. It's the state of the game right now. I wish they did but they still kind of somewhat like making money.
it's just a small post telling people "it does not compromise personal SE account data" – because technically, it doesn't, while they are able to gather data in-game that is still technically public data as its sent to the client – and they basically just verified it's intended to be public by not doing anything about the actual underlying issue lol
"Please don't do that" WTF is that answer! So fking lame, the mods have gotten out of hand, its time for some sort of anti-cheat, the amount of plugins for raids is crazy too, like you dont even had to think or care for the mechanics the plugis do it all for you even your rotation. Why raiders ask for harder content when they dont even play it how is ment to be played?
I finished the raid like 5 months ago and quit, didnt came back for fru bc im not that good or maybe i just dont have the plugins to be good XD
Man i cant wait for the moblie version where is zero shit like this!
This is weird to me as a software dev. It's their fault for exposing this information to the client. If they don't want information getting leaked… stop sending that data to the clients… The solution is on their end and the problem is something they caused with their really shitty design.
suing doesn't solve the problem that the info is easily obtainable , another plugin similar will appear
SE's stance on third party programs is as meaningless as Russia's red lines.
"I don't believe a team that can't even fix the friends list could sue anyone"
Do you think it's the game team that handles lawsuits? Just because you're dissatisfied with the state of the game (as is every creator during a .1 patch), doesn't mean that all of square enix is incompetent, nor the likely private investigators and lawyers funded by a massive company that now has to act given that Japan, Europe, and several states in the US have anti-cyberstalking laws.
"how are they going to find the guy"
Oh idk maybe cause he posted it publicly on GitHub, which like many companies has to comply with subpoenas and legal takedown requests. Valve sent legal requests to Github to remove a commonly distributed TF2 hack, and it worked, the account was banned, with not very much fuss. What's the difference here?
Also, like Idk man, you've said you're pretty stupid a lot of times and you managed to sue a guy and get a default motion from a judge. Granted he was a crazed schizophrenic who never covered his tracks but still, imagine what a team of private investigators funded by Square Enix could pull compared to how much evidence you pulled from your Desolance lawsuit?
No matter what your take is on CBU or Square this week, creating malicious software that interacts with a company's software, no matter how easy the vulnerability is to exploit, makes the company in the right to find and take legal action on you. Yeah, the blacklist was made in the easiest, least secure way to ensure speed and usability, but that doesn't change the fact that the person to blame is still the plugin developer and I'm sick of people acting like this is exclusively SE's fault like they made the plugin themselves. This isn't like New World where a new exploit found exclusively by using only the proprietary software allowed you to say, crash somebody else's game. This is a third party creating malicious software to bypass a system to avoid contact with undesired players, and yet it's being framed entirely as an issue on the game creator's end?
Additionally we don't know what other new features are planned based on that new user ID and we don't know what effects changing the IDs would have nor do we know how rough moving the system server side would be on the system.
The blame they have is the vulnerability and we can criticize it further if they don't fix it. Currently we can say they fucked up and the guy who made the plugin should take 90% of the ire. People are just afraid to criticize plugins and are in a state where you're not allowed to think anything positively about SE even if the positivity is the benefit of the doubt. This has been the norm since at least 6.1 since everyone in the 14 community, be it content creators, raiders, casual or otherwise, have all united to blame CBU and SE for every little hiccup, inside or outside of the game.
I never engage with the 14 community cause it's nothing but spoiled brats who complain that it's never enough and typically I keep my distance, but I'm just so sick and tired of everything somehow being blamed on the team even when it's clearly not. It's like that meme of the planet blowing up with the caption "somehow trans people gotta be behind this" but it's how all you fucks talk about this game and the honest to god passionate people who work on it.
damn can we talk about spongebob shutting it down at 8:12?
I have a feeling that the cloud of darkness party I joined and got kicked 30 seconds later was the leader using the stalker tool. The party description was "at least 10 clears no mistakes" or something like that.
So the reason I believe I was kicked was because I have my FF Logs set to private. I dont want to debate why I will always keep it that way but I think it is 100% valid.
Me personally, I have to guestimate that my clears of that fight are probably between 50 – 80. Point is, I am competent, but kicked because I choose not to be judged.
That's just not right.
And that is how SE will shut down all mods and be done with it
lol he won't do shit
he'll just cry again
As a PS5 player only am I in danger of it?
I just need people to chill the fuck out. I really like some of my customization mods, things like better teeth and custom hair. I'd be bummed as fuck to lose them because other plugin creators churn out shit like this.
When it comes to law suits vs criminal suits, the burden of proof is much lower. This basically means square would only need to prove it is more probable then not probable as oppose to criminal law which requires beyond reasonable doubt. So provided they can trace the upload to the author of the plug-in I think there’s reasonable chance of it sticking. This is of course all dependent on the factors of the case and how it is presented in court.
tldr: "we will sue a random guy who decided to exploit a vulnerability we introduced to our client. please stop talking about the vulnerability."
The reason that Xeno has little faith in SE being able to pursue legal action against the individual is because the video game industry has a habit of not exercising their rights as a company and protecting IP. The company that does, Nintendo, constantly gets lambasted for exercising that right, even though they did set a precedent of going after an individual (we can disagree on the finer details).
That all being said, if the main issue is they made information available client-side, why can't they undo this? What could possibly be tracked, or not tracked, having it server-side? Is this more unironic spaghetti code in action or just incompetency on the current coding team? I do remember XIV has swapped out who is working on the game actively, but I'm not exactly sure if people in charge of this section of game development have changed hands.
If it shows player account IDs, it essentially has part of your login credentials. Account IDs and usernames from a cybersecurity standpoint are part of login authentication protocols used in multi factor authentication.
Something you know (Usernames, passwords, pins…etc)
Something you have (Token, Authenticator app, phone…etc)
Something you are (Fingerprint, Face ID, Iris scan…etc)
Essentially, someone out there can get access to at least one of three factors. Seems like a lawsuit might be in the works bc SE can’t enforce their own policies.
the amount of time Nintendo found their victims that created all of these emulators from around the world and sent their lawyer directly to them makes me think that yes, square enix too can search the people that made these mods and send their lawyers. but this is square enix so i don't know their capabilities, since i never once found a case that SE does similar to what nintendo do best.
Well the 3rd unsaid option is they just start banning everyone who ever used a plug-in as the nuclear
With GIT hub they know their home IP address… EVERY commit (upload of a version) has both the user's IP
>AND<account tied to it… which gives you their email. there is a LOT of tracking information that GIT hub tracks… this is because it is a professional website for developers. GIT can easily produce the name and IP of the commiter (person who uploaded each version) and>IF<the law decides to do something GIT hub can EASILY find out who they are.bro got into once incident with a dude about harassment and all of a sudden he is the guru about the law lol
Bungie has sued hackers for millions of dollars. There's a way to find the author and pursued legal action, I can totally see them do it
this is if anything else a major L for SE, they present us with a nothing burger instead of fixing the actual problem… DT has showed us that SE is getting lazy in an excessive amount
Doesn't square enix have bug bounties so people can chase money by finding these and reporting them?
its cheap and lazy to make it client sided, this also explains why blacklisting doesnt hide you from the blockee, only the blockee from you
If you use 3rd party tools and it exposes you to getting your info stolen, good. Fuck 3rd party tools and anyone that uses em😂🎉🎉🎉
You underestimate how much info they have on all of us active players who've paid for the game. Square-Enix's execs are morons who need to reinvest more of the funds gained from 14 into 14, but something like this stalker prug-in that really can't be called by any other name needs to be shut down asap before it gets out to mainstream media sources.
"Final Fantasy XIV Plug-In Allows You to be Stalked (no matter what character you're on)" – is really not something that they'd want investors hearing about. Big companies like Square don't usually threaten legal action as a bluff. Especially since they have the Game Director's Account posting about it. Look at the shit Nintendo's pulled.
The US legal system is completely skewed towards the rich, Japan's legal system is completely skewed towards corpos. Hell, a Japanese dentist (who fucked up the procedure) once sued a guy who left him a bad review (for screwing up the procedure). The dentist won…
This is probably the one and only time I'll be happy about the fucked up nature of both countries' legal systems since it means that that bastard creator is fucked.
Legal action *could*, potentially, do a lot of good to prevent other people from making this sort of plugin.
Assuming they actually found the person and got a conviction, what this plugin does would basically result in criminal prosecution, not just civil – meaning potential prison time, not just a fine or whatnot.
That's not to say I don't think it's SE's fault, in the end, however. They definitely need to fix the issue on their end of things.
Heavy legal action that results in very, very bad consequences does tend to cut down on this sort of thing. It wouldn't stop it completely, but any new plugins would never be shared on the same scale as the current plugin was. There's always going to be similar pieces of software whenever a vulnerability like this is discovered, because humans are terrible. But it would become much more difficult for the average person to get ahold of.
The two actions listed would be fine, useless but fine, if they also acknowledged they need to work on changing the fact they're broadcasting this information unprotected and they will change this when possible.
They're not accepting any culpability for the security of your information here, which makes you question the quality of the rest of their data security for your data.
This is like putting a band aid over a 12 inches cut lmao. Imagine saying instead of "we'll sue the creator and please stop using it/talking about it" he'd have said "we will immediately look into resolving the issue of this privacy vulnerability and we will make sure something like this will never happen again in the future."… Yeah, imagine.
I don't think there's a justification to pursue legal action, since this is a plugin that only displays information that is being sent – by FF14 – to other players.
So the official response is basically, "Yes, we know. Your personal information has not been leaked. We're going to tell you we're going to eventually do something about this so you'll stop yelling. Please look forward to it."
The only law broken was the stupid ancient Japanese IP infringement, where you're not allowed to modify anyone else's work, including client-side software.
No privacy/PII legislation was violated. If the author and users of the database don't reside in Japan, SE has zero change of any legal action. People seriously need to wake up and realise how silly they sound, pretending that this was some massive criminal activity.
There are no personal data involved. There is no PII. I don't even believe GitHub deleted the repo, because there is plenty of software used for actual objective crimes hosted there for many years, and everyone knows about it. I'm pretty confident that it was the author who removed it, precisely in fear of SE doing something silly like this. Regardless, it was a completely harmless database, and could have greatly served the community with providing aggregated information that SE won't ever release.
Either way, as long as they don't hire better engineers, people will keep collecting that data, just less overtly. The vast majority of information was always available. The account ID just makes it easier to track down alt characters, which is a feature that should exist in the game anyway.
There is no such thing as stalking in a video game, not in a sense that would matter anyway.
As Cider Spider has said, "We should Expect Better!!"
bro doesnt understand JP lawyers, look at Nintendo's history or even rockstars history both of them can instantly get people in a flash
This is an even more useless Cease & Desist. C&Ds are mainly used as an intimidation tactic, because the party issuing the C&D is unable to actually file a lawsuit. What Yoshi P did is even weaker than that, because not only can square not do anything about the addon, they likely cannot even find or touch the people involved. On top of that, square is likely going to get blasted by the EU with a lawsuit over their inept handling of PII due to this change.
This, to me, reads as them realising they facked up by exposing important info to the client, but they don't want to admit it.
Both the problem and the solution are entirely on their end
Can someone explain why using this 3 rd party tools? I see peoples blaming SE, but for me the problem is on the tools
The reason the blacklist uses account IDs is so that if you blacklist someone on one character, it blocks all their characters. The likely legal recourse is that the plugin dev accessed confidential user/SE data
Unbelievable. Beyond ridiculous. There is a root cause that can be clearly identified and is fully within the devs' scope of action. The obvious answer is to fix the effin code. Make the logic to run server side exclusive. Even if your code is the worst imaginable code in the world you'll still be able to fix this within 2 or 3 weeks at most, and then you're done with the problem forever. How are they not already doing this? How are they not held to the industry standard of having to fix issues within their product that they are fully responsible for within an acceptable time frame?
There is not crime here lol the only reason that Japanese people say that shit is due to laws in Japan, which are not applicable to most other countries – there is absolutely no legal basis to criminally pursue someone for making a mod that has publicly available information in the code – the code is running on your system you're intercepting information on your own device – it is 100% purely SE's fault for not maintaining the confidentiality of the information and there is no country outside of Japan that would give a fuck about this. literally all they need to do is encrypt the ID and they didn't.
People have this weird obsession with the law that like if something bad happens that oh just take this person to jail or sue them for some perceived damage. in the real world you have to prove criminality and harm which there is no way to do in this case. the people with the strongest case are people who are victims of stalking but the author can just create a banner in the mod like "This software is for statistical usage only and it is against usage policy to track individuals for the purpose of identifying them or their interactions with others or enumeration of their characters in any way" the internet might as well be the wild west even in domestic cases add to that international precedents and forget it the threat is just that a threat that frankly only has teeth in Japan if even there.