Final Fantasy 14 communities have been in a little bit of a commotion currently—as a current mod moving into the limelight has uncovered a vulnerability in the way in which Square Enix has dealt with its new-and-‘improved’ blacklist function. In essence, this answer to the sport’s stalker downside has inadvertently made it very straightforward for ToS-violating (however presently untraceable) gamers to uncover all of their goal’s alternate characters.
A fuller clarification requires context. Firstly, whereas mods in Final Fantasy 14 are towards the phrases of service, a ton of gamers use ’em anyway. This is as a result of Square, at current, operates on a type of ‘do not be an fool’ coverage.
The official stance is that mods are forbidden and you shouldn’t use them below any circumstances. Under the desk, nevertheless, Square has acknowledged that it may’t spy in your pc to see what you are utilizing. Instead, it would merely punish you in the event you’re both clearly dishonest, which is detectable via frequent sense, or in the event you’re reported for it. For instance, in the event you use an addon that tracks DPS numbers, you are tremendous, however in the event you flame somebody for his or her DPS sucking? They can report you, and you will be banned.
This has led to a thriving modding group that Square cannot carry the hammer down on, precisely, even when it is led to controversies and disappointments earlier than. Doing so would principally nuke your entire roleplay group, for example, the place the usage of beauty mods is commonplace for innocent visible tweaks (like, say, enjoying a hyur with pointy ears) to Second Life-tier monstrosities of wobbling flesh. That’s to say nothing of the accessibility and high quality of life capabilities mods can supply—not that I’d know—like primary fixes and ping corrections to FF14’s netcode.
Why are individuals frightened?
The mod in query, right here, is a plugin known as PlayerScope. Previously solely utilized by a small group of gamers, its mod writer, who goes by the title Generall on its official Discord, has not too long ago been taking steps to unveil it for “public” use. This has induced a hubbub amongst FF14 communities like r/ffxivdiscussion, which has its pitchforks sharpened.
PlayerScope, to place it merely, scrapes an “account ID” (one which FF14 saves domestically from issues just like the in-game search operate) and uploads it to a server—permitting anybody with the plugin to see each single character connected to that ID. Put merely, a participant with PlayerScope put in can see each single alt you may have.
This hidden variable was modified from being character-wide to account-wide with Dawntrail and the elevated energy of the blacklist operate, as acknowledged by a participant who’d warned mentioned subreddit about six months prior, who wrote: “One may make a device that will log Account IDs and match them with character names. With this database, it is clearly doable to determine alt characters in the event that they have been ever on-line.”
Dalamud, a preferred launcher for addons—which is not related to PlayerScope, to be clear—additionally had some gamers in an comprehensible panic flocking to its Discord to ask questions. In response, a mod from the server corroborates the above data: “AccountID was launched with Dawntrail, however you possibly can’t conceal that data from a plugin as a result of the sport already is aware of it/receives it in plugins. Should [Square Enix] have devised a greater system to resolve that server-side as a substitute of client-side? Yeah. Probably.”
An further level of controversy comes from the PlayerScope plugin’s writer itself who, in an try and mitigate accusations of being a stalking enabler and the like, has created an opt-out system. In an announcement to their Discord, they write: “You received’t want to put in the plugin to cover your characters. You’ll have the ability to set your character’s visibility to non-public via the set-profile-private channel.” As for why it isn’t opt-in, Generall states that if this have been the case, “[the mod] wouldn’t work successfully, as a result of the info pool could be too restricted”.
Who’s within the flawed right here? Well, it is type of an moral quagmire. This device does, in concept, allow stalking—one thing Final Fantasy 14 has sadly had a protracted historical past of troubles with, as a result of some arcane and unusual attitudes to its good friend listing operate (blacklisting does not take away you from their good friend’s listing in flip, for some motive). The new blacklist options render you blissfully unaware of this reality, thoughts, erasing the blocked character and their alts out of your shopper below most circumstances.
Even with these enhancements, although, the one method to totally vanish off your stalker’s radar is to make an alt character, one thing which this mod circumvents. Having to provide your account ID to its writer simply to cease it monitoring you is not any consolation, both, asking victims to basically place their destiny within the palms of a stranger.
And but, the way in which it is described, getting this account ID from the shopper is not even notably laborious. All that has to occur is for the goal to be on-line concurrently you, and the sport shopper will ship that quantity your method, at which level, an addon can decide it up. It’s additionally apparently being utilized by different addons for much less nefarious causes.
All this to say, even when PlayerScope vanished, one other addon may nonetheless be created by unhealthy actors. The miqo’te is type of already out of the bag, and PlayerScope can at the least be mentioned to have made an try and mitigate it. ‘Other individuals could make this’, nevertheless, is not at all times a terrific motive for ‘I’d as nicely make it, anyway’.
If you have been to ask me, I’d say Square must’ve stored addons in thoughts when designing the performance of its new blacklisting system—it feels prefer it’s someway severely underestimated the technological savviness of a modding group it is largely, and even understandably, ignored. But understanding how dramatic these mod disputes are usually, I’ve to surprise how lengthy we’ll keep below the rule of reside and let reside.
