i need them to change blocking too, like if you block someone, you automatically have them being unfriend you. While they may not message you, or you see them, people STILL have you added on their list means they can stalk you that way too. I need them to block, to work like a BLOCK. UNFRIEND people.
I mean, them having you as their friend list is better than not. They won't see you online, they won't know you blocked them and it takes one friend space of their list.
@@Paraguai123 yes they see you online they jsut cant whisper you across servers or teleport to your house other then theat they can see anytime you are online and what server/location. The friends list system is a joke.
@@Paraguai123 tell us you have no clue about the stalking peoblem. Unfriend some one cause you don't want em in a list is a thing. If you block some one is cause they did something that crossed a line. Stalkers usually get told to leave you be. They ignore it. You block em. You still get chased down. Not being able to see em dosen't mean they're not there, spewing venon around you and behind your back. Only improvement with the later change is the blocled person can't send you ill messages by making some burner characters
Also if i block them, they should not be able to see me on their screen... Many times i have blocked someone, they can jump on me and emote . I dont see it but others in my fc can. Even if they act like they see nothing. A bit annoying.
@@KnightRaymund This is just not true. JP says the same thing, that SE only listens to NA. There's a ton of stuff that JP complains about that gets ignored too. Course it is good that we are united in this problem, but SE just doesn't listen to 99.99% of the problems that players have.
@@Shizukanexenthey do listen to JP more it's just high tier raiders they listen to, a lot of the dev team is friends with you the world first progging raiders. It's why the job design since Shadowbringers has downgraded for every non-raider.
@@KnightRaymund I don't think that is entirely true, but I can say that they can understand the JP crowd more than the English crowd. Its more of a language barrier thing, even with translators around. Its just easier to get information across in Japanese.
Multiple real actual journalists that square have worked with in the past are also sending them messages questioning this new development so even if JP said nothing, they'd still be forced to respond to keep the media attention from going bad fast.
About 6 months ago someone on reddit pointed out the issues with the new system making character profiles into one thing than to keep it separate like how it use to be and he got shit on so much... Now look at the exact same issues they brought up. I hope they can fix this soon...
To be fair - while they accurately identified the problem, they also closed it with "I don't know if this is a big deal, could matter to somebody, who knows", so even they underestimated the severity. Sometimes for an issue like this you really do have to see it unfold in real time to understand how serious it is.
@@Delicioushashbrowns It's awful to deal with, and it's not ''Rare'' XIV has some really insane playerbase, you think it's all nice and cozy but that's just front, it's fucking awful people once you look deep inside.
Even if they patch it, there's a massive database with everyone's account data that has been collected the past 6 months from all data centers and worlds. Only people that never logged in since Endwalker or before are safe.
@@ultraman498 oh right, forgot about the retainer part, though the location data wouldn't be as relevant in the event that the data access gets patched out, and you could just rename your retainers at that point too
@@kaela-kae I’m not 100% on this, but the mod can track your character’s name history, so I wouldn’t be surprised if it can also track the name history of retainers
Its also alleged via some reddit posts that this SE was made aware that something like this could be made since the start of dawntrail.. they haven't acted or checked to see if this was indeed possible and now here we are. While the creator is a bit of a case, SE is also at fault for allowing this to made possible after being alerted of such things.
Thank you for covering this. I read about it yesterday and know several people that have been stalked over the years. I was mistaken for someone else's alt on one of my characters and they and their entire FC started harassing me for a while. I reported them and took a long break from the game and came back to see their FC no longer existed so I assume that was that. But was still a bad experience and they even had people camping outside my FC and trying to identify my alts at the time.
The crazier part of this, it literally puts plugins in danger now because it doesnt matter if you are a modder or not. This plugin also puts vanilla players in the crosshair. Hopefully SE decided to just fully rework the entire friend list system because now the alarms are ringing for the storm coming.
If they would go after plugins and mods to shut them down, it would be both sad and funny. The shitstorm from people unable to look at their titty goth GF cat, would be amazing. And sad also as they wouldn't pay sub anymore.
@@CaladirAnd then you realize the BAFFLING amount of players who don't engage in that at all, but need XIVAlexander or Noclippy to play the game because the servers for the game are absolutely wack.
ngl, i would actually welcome anticheat and a full lockdown on plugins and mods at this point. botting and cheating are absolutely rampant and the stalker starter pack just dropped. i'm so over this garbage. there are some nice QoL and graphical mods but it isn't worth it. nuke it from orbit.
Someone on reddit actually made a thread warning about this shortly after dawntrail launched and a bunch of the replies were basically like "this probably isn't a big deal" lol
@@UTO7 anything in your ram is public. which effectively is the case here, too. in the end, its SE's fault and they have to fix that. its obviously a problem too that people want to use it that way - but they wouldnt be able to do it if SE didnt implement it horribly.
I think the discussion is not about SE fixing the blacklist system or protecting user data or not, problem is that the devs of this mod probably already have all the data that links characters (main+alts) with other info (retainers, etc) in some database, because of this, changing how the blacklist system works is already too late and now SE, in addition to changes, should sue the devs to make sure all data regarding all FF14 players gets properly destroyed.
Like you said, the damage has already been done. I don’t think SE is going to go that far. Even if they did sue the Dev who made the mod, I doubt they’re the only one with all this data. A vast number of people could easily have their own private collection of all this data that even the Dev is unaware of. Also, Pandora’s box has been opened, I’m sure someone can easily replicate this mod
It'd be far too late. There'd be at least hundreds of copies of the database already and growing. It's the internet, once something is out there it's out there.
Agreed. By having court records they can easily demand a take down of the database wherever it appears. Between this and fixing the code, they can have the problem mostly resolved in a few years.
It took Square Enix 10 years of complaints about stalking problems to get around to the DT blacklist feature. I'm... not very optimistic that they'll move fast on fixing this, even when they absolutely must fix it.
too bad the dt changes adress nothing to the stalking problem. only upgrade is no burner alts can message you. Having a veil around you don't make that person not stalk you, you're simply unaware
Even if they fix it, I'm still concerned about how hamfisted they'll be about it. They solved the "people keep rushing through cutscenes in main scenario roulette and leaving noobs in the dust" not by taking the story cutscenes out of the dungeon but by forcing people to sit through them, which you can still get around if you know what you're doing anyway.
@@alessandroseverino8222literally this. I had a stalker for a year now and I was finishing up dt and we in living memory. I was on maduin and for some reason used search…my stalker was there in every area we went. I couldn’t see them cause they are block but they probably was just following us around for hours. That is so wierd some1 would waste thier time like that.
This is NOT a MOD/Plugin Issue. IDs back and forth between client and server side shouldnt even be a thing in any MMO, period. SE hasnt cought up yet and its a huge Securty Risk they should be aware of.
@@MichaSennin modding makes this possible in the first place. Thats the root of the cause, but i also agree it is not 100% a modding issue, square has their fair share of guilt in this aswell. They need to update their stance and go against this hard!
Wasn't this reported like week 1 of patch and listed as a known issue? Or this just a PSA? Or something new? (The fact that a userID gets attributed and is useable on stuff like this is a problem). User "Myrany" on the ff14 forums pointed this out on 06-29-2024 04:39 PM, that a Unique Identifier Number that does not change even if the player fantasia's, changes names, swaps servers, etc. I thought this was on the known issues, but could be wrong.
The irony is, the mod was initially conceived because the mod maker wanted to find out the owners of retainers on the marketboard. It doesn't take much to understand this was done out of spite to find out who was undercutting him on the marketboard. The odds of positive sentiment, such as buying an expensive item that was wrongly priced with 1 less digit and attempt to return to the owner, is a potential benefit of doubt but unrealistic to launch a full fledge mod for it. Eventually it was never made with good intentions in mind to begin with.
100% agree with you, Brother, SE absolutely needs to fix this ASAP because this is a massive cybersecurity issue. Like, we’re talking serious privacy concerns here stuff that could straight up lead to a possible class action lawsuit if they’re not careful. Not protecting player data like this could easily violate their own Terms of Service, and it’s wild they’d let something this risky happen in the first place. Hopefully, calling attention to this puts the heat on them to actually do something before it spirals out of control. Appreciate you using your platform to break this down for everyone!
People did. Maybe not on Reddit or RUclips. The issue was discovered and known within like a week or so from DT release, were I read about it already then. Just that back than nobody used it, so nobody cared even if there was some limited talk about it.
Yeah I don’t have the link, but someone actually brought up this issue on Reddit 6 months ago and explained the potential issues with the new blacklist system that SE implemented. It was a very valid concern, but most of the commenters gave the guy shit…
Definitely. I remember as well reading about people that just found the id‘s and couldn’t believe they were there. They were pretty much already predicting back then what’s happening now
Honestly as someone who's best friend got stalked for months and doxxed about every single little thing in his life, forced to make multiple alts but still got that person if not multiple people chasing him down, and i think even now has an entire new account and is still having these problems, before dt even came out, square really should address this.
@@Pikaru-c4u You don't need to be up to anything to be stalked. You can just be minding your business when someone just looks at you or has a very casual conversation with you and now they're latched onto you and depending on the severity of their obssession with you they can be very difficult to shake off. You'd be surprised at the lengths stalkers go to in order to continue stalking.
I think the source of this problem is the way SE designed the MB - by letting you see seller retainer names and also forcing signatures on crafted items
For a month one of my characters drew some weird MB stalker who was undercutting far below cost of the mats of this one item. I've got my own way of messing with them back. that said there is a world I'm not saying that makes getting gil so much harder than it has to be compared to what can be charged on other worlds.
Sadly that cat is out of the bag now. You're right, even if the current Developer stops, someone else most likely will pick up the idea and keep going. What is SE gonna do? Ban all Mods? That's already the official stance ._.
Well, the plugin wouldn't work if Square Enix properly implemented the blacklist instead of whatever they did here. Even if they banned all plugins, this information could still be scraped and abused.
@@OmegaMetroid93They literally make a lot of people quit the game the moment they ban mods:)) It would be interesting to see how many people would quit if they do.
@@UmbraWeiss I hope they don't, cuz yeah you're right. My point was more that banning mods wouldn't actually fix this issue, people could still do this without plugins. Now that the cat's out of the bag, it would just be a matter of time because someone else develops a tool to do this. Square needs to fix it themselves.
It was quickly found out that blacklisting in DT involved using an account ID around DT launch. I still think its not just the plugin's fault for facilitating stalking to be easier than it is with the vanilla game, but it should be SE's fault for being negligant to allow people's online data to be client-side in the first place. A change to the blacklist system likely won't come soon unless there is an urgent hotfix. Otherwise, its likely gonna take until 7.2 or 8.0 to correct this and the damage would be already done.
Considering how slow sqenix moves on anything, I doubt even 8.0 they'd have something up. Not unless there's a tragic outcome to the story that gets picked up by legacy media.
I know they said the current block system was supposed to be a stepping stone to a larger rework later, but honestly with the way it's implemented, it needs to be sooner. I also recall that the custom launcher framework that makes this and other plugins work, while it does have systems in place to prevent malicious plugins from entering the official repository, they have no power over plugins that are installed via unofficial repositories. And even if they did, they have no way of stopping it from working without also breaking plugins that aren't malicious. I think covering this is a good thing, because the more people that are aware of it, the more likely it is to be fixed.
my biggest beef with blacklisting is reporting bullying/harrasment during a duty is a joke, nothing will ever happen about it...and if they aren't on the same world server as you you can't blacklist them or even mute them during the duty or the horrid part, nor can you do so afterwards. Granted I don't have stalkers nor am I the type for anyone to have a reason to stalk me...this is super messed up too but the fact you can't even blacklist/mute the people who need to be blacklisted/muted........
Question: What about those systems that show players parse data without their permission, yes it helps those that wants to get better, but what about the tracking on that?
Do you actually think the 2 are even close to be the same? Like 1 shows youre either shit or a God at the game while the other shows your entire FF life...
On lots of platforms, blocking someone doesnt actually block them. They can still see you, follow you, comment to you. But you cant see them. It needs to go both ways. They should never be able to find you again
There's no reason for the IDs used in the black list system to be usable by modders like this, why isn't that data obfuscated/encrypted so that its useless with out putting in time and resources? oversight by SQE. They could easily encrypt the data, and have the decryption key be created based on hashs generated from the user's email, password, and/or the time they logged in.
Fixing out the code base is one thing they need to do but they also need to enforce more social moderation. This kind of anti-social behaviour needs to lead to way more dire consequences for the offending player.
Thank you for covering that. Besides SE and (the most guilty) the plugin dev I actually see another guilty party in this. Discord. This "site" has become far too much a wild west zone with servers existing that have illegal content (like the one of this dev) or even worse. How can it be that Discord completely ignores all the shit that is happening in it? It has become such a monster of data for this game so that no one knows how often their character is even to be found there in screenshots or mentions. Regarding this topic here: Don't give that psycho dev of this plugin even more data like your Discord account or your mail-address people. He will probably NOT whitelist you and also your character data is already out there somewhere being sold to stalkers as we speak. It is too late. All we can hope now is that SE stops their silence and does something. But given their track record I wouldn't hold my breath for that...
This is y I hardly interact with people I don’t already know, the stalking terrifies me and the dev of the mod seems to want to stalk someone… like y else would they bother?
This only came about because of squares reluctance to ban harassers and lose subs. Also, sociopaths do not care about your feelings or privacy. Also I know some countries take privacy extremely seriously like Germany. This could be a legit legal issue for this person.
With all that info that a person can get with that kind of access, and with some people on social media willing to block people and target them for the DUMBEST reasons (no social media platform is immune right now) and with how vitriolic people can get about every last little position they take about anything at all, one has to wonder how much of a good idea that SE were to implement this way of addressing a equally serious topic. No sane person is going to want to see harassment, stalking, and targeting of a player, but I was always worried about how this could be abused by those that see someone that went even an ounce out of lockstep about anything at all. Find account name, then link it to an email, link email to a particular X or Facebook account, see what they've said, dox that person or even worse. Which I think I've heard IS against Square's TOS anyway. There must be better ways for SE to address what they intended to address with that BL update than something that opens the door to so many problems, this being a major one.
This hapenning during the Free login campaign is just bad luck. A lot of people are about to login for their FOMO rewards and get their personal data scraped by bad actors. Another thing to note is MareSync also logs your account information and all your alts and keeps a running database of this, and has shown no intention of stopping so it's not just this plugin, this is just the worst actor in a bad situation.
I'm just waiting to see if the hammer falls or not at this point. Sooner or later, people will push too far... and this is currently the farthest we have seen since the Gshade thing about a year back now.
@@Asmodean1111 in my opinion anti cheat is inevitable now. I've been saying this for a few years now, but all it takes is one scandal that puts Square into a bad light and forces them to clean up the mess. Maybe this is that scandal. If it is not enough yet it will come in the following years
@@TobinatorTx Not happening. It's not as simple as you might think. They can't just add an anti-cheat and call it a day. It needs to be moderated, updated, and constantly checked to ensure that it's working properly. Not to mention that it would make a huge percentage of the player base quit, resulting in lost sales on the game that they absolutely CANNOT afford to lose on.
I don't actually have any faith that Square Enix will take this as very valid criticism of their game and systems. This is likely the thing that will finally make them try do something about mods.
They guy who created a mod like this should be banned forever and even be sued if possible for using peoples data and endanger them. Whatever happen to this guy is absolutely deserved, causing other peoples suffering just because you have a fragile ego is psychotic behavior. Also what the hell is wrong with the FF XIV team to not notice things like that, they work over 10 years with the engine and know the limits. They mentioned in multiple interviews how they have to work around things but on the otherhand stated that as long as they can do all things that they want with this engine, there is no reason to use another one. But the way how it is made possible doesn't matter that much as it seems and yes most of the team that took over FF XIV may never worked on a MMO before but with 10+ years experience, you should start to know typical issues. One of the main reasons why we have no damage meters was herassment so they should be aware of that. Especially how teams at world first events who cheated got herassed and to which extend people herassed them. These are all information available to Square and there is no excuse to not have adressed these things.
The worst thing that bothers me about the way SE handles the Blacklist is - as far as i know - that you don't even need that *Plugin* to gather those informations, other programs outside of FFXIV are likely to be able to achieve the same thing.
I remember sitting in vc with a friend who was super happy about this feature and saying "thisll have a way to be abused for the stalkers absolutely" and them vehemently saying i was a hater or i was being weird about people wanting to protect themselves. There is just zero ways to fully stop a system like this from being abused eventually. Its a good idea in theory but even if anticheat was a thing someone would find ways around it. Anti-cheat also never works. If it did you would never hear a game who has it have any sort of cheaters period. Rust, sea of theives, league of legends, fortnite, whatever you name it has cheaters and always will. The best case argument you can make for them is it inconveniences the cheaters and tbh creates a booming market that is both toxic and profitable for the people making the cheats.
Note that the source for this mod is already out there and it's already been forked over a dozen times. So the code's out, and simply asking the author to just not release the mod is a moot discussion because they in essence already have. S-E needs to fix the availability of the data to the client, which means taking that entire account blacklist feature back to the whiteboard and finding another way to do the work.
The only way to find out those account IDs is via mods, right? So if people harass other players for undercutting or whatever - those players could report them for using mods. Getting your account banned should not be worth it, or am I missing something?
@@Caladir well, if the harassers can have that data to find out who you are ingame ONLY BY USING A MOD, then it's quite obvious that they use a mod, duh. same for anyone who wants to confront people over their dps in dungeons.
@@HitsugixSo what if I got the data from someone else who is using the mod? Would I get banned for that? When the data gets published publicly and anyone can access it by just going to a website, would I get banned for using that?
@@Hitsugix It can be done via 3rd party tools/programs as well. The issue is that the accountID isn't encrypted. Before DT, plugins used character ID's instead. There is no reason why they can't go back to that. The *only* positive use case i've seen for AccountID usage is to ban bad actors from using specific plugins(Mare, for example, keeps a database of accountIDs s for this purpose. If they ban the account, all the characters are also banned. Previously, it just banned a specific character on a specific world, and could be avoided with a name change or world change). However, I don't believe that small positive is worth all the potential negative. Square could fix this by simply encrypting the accountID data. Plugins would just have to go back to the EW way of doing things.
One thing that they would let us is that they let at least Player search available, but not useable Because when mutual blocks happen, whoever blocked first has the power Me and my friend had a fight and we just never wanted to see eachother again, i went to block him in FFXIV and...he blocked me , but now he has the power of keeping me blocked, i can't look for his character name to block him myself. I know they dont want people stalking but i dont want to know if they're online or their location just let me find in game the name ''Bingus'' so i can right click, block, any other option would ''fail'' since they blocked me.
Unless they're going to make other account wide features like glamours/emotes/etc. and stop forcing feature side things to be single character only, they should treat each character as an island that is separate from one another. I think that's the safest thing they could do.
What I would add, the best place to actually tell Square Enix, is to file a Bug Report. That way, no one else except Square Enix will know about it and spread the potential danger. I have filed quite a few in my time and they all got addressed in a fast and flawless manner.
I believe that if someone has bad intentions to do something, they’ll always find a way to do it-otherwise, we wouldn’t have crime, imho. Personally, I’d really like an in-game feature where I can check what my 48 other characters are up to. For example, whether I’ve done XYZ on my 25th character this week or if I still need to do it, etc.
@@Zeloh927 it does indeed. There will be entire data banks and lists of the people doing these things publicly accessible at the ready to be harrassed for it
I think it’s a good thing this guy not only developed this mod, but also talked about it publicly. The only way SE will fix the underlying problem is for someone to threaten this type of security breach.
The only reason he talked about it publicly is because he was forced to. The plugin was originally just a private thing between a few of his friends until someone found the git and shared it to the broader community.
My point to those above is that the plugin community is extremely robust and eventually someone would have made this. The fact that it’s being exposed in patch 7.1 and not 2 or 3 years down the line is a good thing. The plugin is bad, but someone could have used it themselves or only share it with a very small group of people. This would have lead it to be obscure enough to be a non issue while still causing harm. I just hope the dev team can find a workaround because stalking is a real issue.
I'm happy to be spoonfed this info because I didn't really get what was going on in the first place. Whoever made that mod needs to take a good hard look at themselves.
For those screaming "Ban mods!" or scared that thier mods will be banned: Banning mods wouldn't fix this issue. The issue is that the accountID (note, not the login ID. That is seperate) is unencrypted. You can get it from a totally vanilla client as well using a packet sniffer, 3rd party tool, etc. An anti-cheat wouldn't prevent this. The only "fix" is for SE to encrypt the accountID data, and to also legally ensure plugins makers aren't storing previously acquired accountID information (which would me a handful of lawsuits targeting those specific plugin devs)
honestly one of my biggest reasons for hating this game is related to stalking... I started playing this game in 2.0 up until now, and I cannot begin to explain my story of being stalked by an Exfriend... this guy is sick and stalks my every move.. what duty I am in, what I am farming, what I've collected, my profile, location, house etc. the list keeps on going... and the most upsetting part about it is that the game does not protect you against those people..... specially with how the servers are built in a way that you can EASILY be in the same place and time as those stalkers...
It is because of their block system. It is like how alts don't exist if you aren't playing them. It is dumb. A played should be able to use their alts in all homes that they might own without needing someone else to invite them. Like how you can't send gil to an alt via mail. It is dumb. The entire alt system, friendlist, block list, all of that is connected and needs to be completely redone.
I agree with the sentiment here in the comments. I think it’s time for anticheat, screw anyone using third party tools. I’m a console pleb, if I can clear savage and ultimates, anyone can too. Enough is enough.
You’re not thinking about the whole picture. Most of the FF14 player base is role play and casuals. If they introduce an anti cheat, they essentially kill 60-70% of their revenue as role players use TONS of mods to customize their characters. I’m not against an anti cheat, I just know SE is too afraid to do it.
I would love to see the dev team have their hand forced and make a purging crusade against mods and pluggins. Yeah, I want to see the world burn. Of course plugins were made for quality of life first and foremost, but I don't care, ppl will leave on masse and yoshi and co will need to make the qol change official if they don't want to go bankrupt. Or they will do nothing and the community will just handle this themselves like they did with Gshade.
theres a bigger issue even if SE stopped this mess. The Databases are already done. effectively anyone who has access to it can atleast grab very recent data from it.
The person who is making this should be permabanned in addition to the issue they're exploiting being fixed. There's 0 chance they don't know what his account is.
Then all plugging should be banned. You can't play this game of winners and losers because certain things they're just not going to sanction. You can't. Say that this mode needs to be deleted.But then say the nude mods is completely fine. Either it's all okay or none of it's okay
@@ac04project how many streamers also run the mod that tell em what to do like what "Deadly Boss Mode" is in Warcraft? Yes, the TOS say all mods are a violations of rules, Yoshi P on the other hands always put em into a grey area since is well aware of the gravity of some. If you think leaking informations of others, having accounts runned by default by scripts are the same of "omg! this person can see it's character with slighter bigger boobs and improved texture", you're quite delusional. Sure, they can erase em all for what i care... But how many people need their stroke of ego with logs and such? The world first aren't also kinda tied to logs? Least of all... So many people, be the gposer community (shaders and posing tools), raiders (act and all the like) will drop the ball since i highly doubt SE will implement all the feathure so many people use with mods. Hell, to this day i can't share my own house with my alt, yet i can give such permission to others, nor i can't send myself stuff unless i trade to some one else or use company chests...
@@alessandroseverino8222 Will they ban sex mods also that are floating around? custom animations rigs for those things etc? Doubt it. XIV is just starting to become shit pool with worst kind of people. Non-stop gooning and salivating.
@@alessandroseverino8222 I used to play WoW up stil like the first patch of Mists, im familiar with it. I play console, so we dont get mods. I know plenty of people who use the modding tools. However like that situation with the gshade addon, where if you did something in particular, your computer would shut off. These are the innate risks of security beaches when you are running unsanctioned code. Should people have their information protected. But bringing issues like this to light, only strenthens the arguement for why mods shouldnt be allowed. If you say your game cant survive without unsupported addons, then it should fail, if it cant stand on its own content. What i want out of it, is it putting a torch under SE's ass to massively increase the emotes/styles/character customization speed. Its extremely slow and dependent on the community. But the security leak is a symptom, Mods for better or for worse is the root cause. And either you turn a blind eye to all mods, or stand behind the "no mods" stance.
If Modders continue to make malicious mods like these, and people continue to cheat using certain advantageous add-ons, and it continues to get this kind of visibility, I really do see a world in which Creative Business Unit 3 goes scorched earth. The community has been playing with fire for a very long time now. I'm not sure how they'll create a blacklist feature that is account wide, without using account information which could potentially be scraped by those that try hard enough.
Digging deep when a video about the black list comes out. I have Gil seller spammers on mine only. I’ve played since 1.0 and have never had a big enough problem that I think “oh Blist!” Maybe I don’t get offended as easy as others idk.🤷🏻
maybe. with a lot of people quitting the game already, i'm not sure if SE can afford that tho. think of all the omnicrafters and mare lamentorum users. do you think they would keep playing and paying if they can't do their favourite thing in the game anymore? i don't think so.
It’s been a long time since I’ve seen your videos, you’ve slimmed down haven’t you? Best of vibes brother, I’m planning on jumping back to the game later this Year.
@@AlviArin After putting thousands of hours into multiple different MMOs, FF14 definitely had a higher amount of weirdos than any of the other ones I've played. Not that everyone who plays it is one, but there are way more there. Or they're at least more open about being a degenerate.
What’s the deal with someone stalking you in a game? ( legit question) I’ve never had it happen so I don’t know. If they find you what can they do? Is it not a reportable offence to SE?
As a person who has been stalked before in the past, I am extremely against this and worried. SE should have thought this thoroughly before implementing it. For me, they should revert the process back, and random generate new IDs for everything as a counter measure. Sure, it won't help entirely. But, at least I'd sleep better knowing they did this. Also, I hate to say it. But, plugins should be a ban worthy thing. I'm actually tired of SE letting all these plug ins existing and not doing anything about it. The dev of this plugin probably thought, since SE doesn't do anything against other plugins, that the person would be safe. Sorry, Warriors of Light, plugins needs to go. And it's about time SE cracked down heavily on them.
So whats the big deal? Most games I've played i haven't come across some weirdo and needed to block them or have them stalk me and block, I don't have any friends or talk to anyone on ff14 to deal with stalkers or blocking them so why is everyone freaking out about that? What's the worst they can do? Jump in your way and talk smack? Follow you? I don't know how people act in ff14 but if this is something that worries you people then y'all are overreacting and need to learn how to ignore losers, i can understand famous players freaking out but for people who are worried about a single person or two shouldn't even make a big deal about it, just play the game and enjoy yourself, dont let some weirdo's ruin your mood.
The thing is there's already a round about universal friends list that's opt in. Mare Synchronous is account wide and revolves around a singular id that you can be nicknamed.
Mare profiles are not account based. They *can* be if you set it up that way... but you can also have, say, Characters A and B on profile 1 and Character C on profile 2. So, another layer of needed consent.
In mare you don't also have to give willingly to some one else an id? Making it a choise of yours. Unless said person join random synchshell and that's on em. Can't safe the one who chose to roll and jump in a mindfield
@@audrey_in_black The "profiles" aren't, but your mare account is linked to your accountID currently. They made this change so people can no longer get around bans by simply changing character name/world or playing on another character. The main dev claims that the data is securely encrypted on their end, and made a whole announcement on their discord about it, why it's in place, and their thought process behind it.
On the subject of mod based businesses, if you’ve ever gotten a commissioned art of your character, that’s technically not allowed by JP IP laws. So there’s a lot of reasons why mods and fanart are not usually touched on. Literally no one likes the nuclear option.
Blacklisting is also breaking PF for a lot of people, this is a repeat as what happened in overwatch. People are blacklisting everyone for no reason and PF are no starting to have trouble to fill because people cannot see the PF if they are blacklisted.
The problem is that if one mod easily did it, others could. This time it will be a secret and the damage will still be done. They need to figure out how to hide the new ID system.
@@Raven621x yes they are, that's why it can be sniffed out. the blacklist is a client side feature. even the devs who run the red moon, the public repo for most mods, say it's a client-side feature and that's why this works
i need them to change blocking too, like if you block someone, you automatically have them being unfriend you. While they may not message you, or you see them, people STILL have you added on their list means they can stalk you that way too. I need them to block, to work like a BLOCK. UNFRIEND people.
I mean, them having you as their friend list is better than not. They won't see you online, they won't know you blocked them and it takes one friend space of their list.
@@Paraguai123 yes they see you online they jsut cant whisper you across servers or teleport to your house other then theat they can see anytime you are online and what server/location. The friends list system is a joke.
yeah, its also dumb you gotta stalk someone to block them, you can't block them remotely.
@@Paraguai123 tell us you have no clue about the stalking peoblem.
Unfriend some one cause you don't want em in a list is a thing. If you block some one is cause they did something that crossed a line.
Stalkers usually get told to leave you be. They ignore it. You block em. You still get chased down. Not being able to see em dosen't mean they're not there, spewing venon around you and behind your back. Only improvement with the later change is the blocled person can't send you ill messages by making some burner characters
Also if i block them, they should not be able to see me on their screen...
Many times i have blocked someone, they can jump on me and emote . I dont see it but others in my fc can. Even if they act like they see nothing.
A bit annoying.
I did read somewhere that the JP community is sounding the alarm as well for Square to make haste. Heres hoping.
it's sad that that's required but they really only care about or seem to track what JP complains about so it's good that JP is picking this up too.
@@KnightRaymund This is just not true. JP says the same thing, that SE only listens to NA. There's a ton of stuff that JP complains about that gets ignored too.
Course it is good that we are united in this problem, but SE just doesn't listen to 99.99% of the problems that players have.
@@Shizukanexenthey do listen to JP more it's just high tier raiders they listen to, a lot of the dev team is friends with you the world first progging raiders. It's why the job design since Shadowbringers has downgraded for every non-raider.
@@KnightRaymund I don't think that is entirely true, but I can say that they can understand the JP crowd more than the English crowd. Its more of a language barrier thing, even with translators around. Its just easier to get information across in Japanese.
Multiple real actual journalists that square have worked with in the past are also sending them messages questioning this new development so even if JP said nothing, they'd still be forced to respond to keep the media attention from going bad fast.
this is why we can't have nice things
This is what happens when SE is sloppeh.
About 6 months ago someone on reddit pointed out the issues with the new system making character profiles into one thing than to keep it separate like how it use to be and he got shit on so much... Now look at the exact same issues they brought up. I hope they can fix this soon...
Because the community is awful, until they can be targetted. Then they change tunes.
To be fair - while they accurately identified the problem, they also closed it with "I don't know if this is a big deal, could matter to somebody, who knows", so even they underestimated the severity. Sometimes for an issue like this you really do have to see it unfold in real time to understand how serious it is.
That thread is completely infuriating. It's so obvious how many of the commenters have never had to deal with a stalker on xiv before.
@@Delicioushashbrowns It's awful to deal with, and it's not ''Rare'' XIV has some really insane playerbase, you think it's all nice and cozy but that's just front, it's fucking awful people once you look deep inside.
Even if they patch it, there's a massive database with everyone's account data that has been collected the past 6 months from all data centers and worlds. Only people that never logged in since Endwalker or before are safe.
Or people without alts
@@kaela-kae it tracks retainers and keeps a record of everywhere you've been seen in-game by someone with the plugin too
@@ultraman498 oh right, forgot about the retainer part, though the location data wouldn't be as relevant in the event that the data access gets patched out, and you could just rename your retainers at that point too
@@kaela-kae I’m not 100% on this, but the mod can track your character’s name history, so I wouldn’t be surprised if it can also track the name history of retainers
Its also alleged via some reddit posts that this SE was made aware that something like this could be made since the start of dawntrail..
they haven't acted or checked to see if this was indeed possible and now here we are.
While the creator is a bit of a case, SE is also at fault for allowing this to made possible after being alerted of such things.
Thank you for covering this. I read about it yesterday and know several people that have been stalked over the years. I was mistaken for someone else's alt on one of my characters and they and their entire FC started harassing me for a while. I reported them and took a long break from the game and came back to see their FC no longer existed so I assume that was that. But was still a bad experience and they even had people camping outside my FC and trying to identify my alts at the time.
What the fuck. Some people are really crazy, so sorry that happened to you
How do u get mistaken for some1 else
The crazier part of this, it literally puts plugins in danger now because it doesnt matter if you are a modder or not. This plugin also puts vanilla players in the crosshair. Hopefully SE decided to just fully rework the entire friend list system because now the alarms are ringing for the storm coming.
If they would go after plugins and mods to shut them down, it would be both sad and funny. The shitstorm from people unable to look at their titty goth GF cat, would be amazing. And sad also as they wouldn't pay sub anymore.
@@Caladir Only reason they *wouldn't* do that
@@CaladirAnd then you realize the BAFFLING amount of players who don't engage in that at all, but need XIVAlexander or Noclippy to play the game because the servers for the game are absolutely wack.
Yup. Mod community is barely tolerated as it is - hopefully they patch this and don't start nuking mods completely.
ngl, i would actually welcome anticheat and a full lockdown on plugins and mods at this point. botting and cheating are absolutely rampant and the stalker starter pack just dropped. i'm so over this garbage.
there are some nice QoL and graphical mods but it isn't worth it. nuke it from orbit.
Someone on reddit actually made a thread warning about this shortly after dawntrail launched and a bunch of the replies were basically like "this probably isn't a big deal" lol
TBF he was a Reeeedditer.
@@notmousse Community is awful and that's why.
SE appologists are as bad as Blizzard appoligsts. only that they are much younger and less socially developed on average.
actual creep behavior from that dev, honestly SE should make account info private, there is 0 reason to have that shi t be public.
And hilariously enough, they just recently made a new Policy. Yet, they are allowing said masses to be invaded by third parties. The audacity.
I wouldn't call something that's meant to be buried in the code of your game public. Granted they should have expected this would happen.
@@UTO7 anything in your ram is public. which effectively is the case here, too.
in the end, its SE's fault and they have to fix that. its obviously a problem too that people want to use it that way - but they wouldnt be able to do it if SE didnt implement it horribly.
I think the discussion is not about SE fixing the blacklist system or protecting user data or not, problem is that the devs of this mod probably already have all the data that links characters (main+alts) with other info (retainers, etc) in some database, because of this, changing how the blacklist system works is already too late and now SE, in addition to changes, should sue the devs to make sure all data regarding all FF14 players gets properly destroyed.
Like you said, the damage has already been done. I don’t think SE is going to go that far. Even if they did sue the Dev who made the mod, I doubt they’re the only one with all this data. A vast number of people could easily have their own private collection of all this data that even the Dev is unaware of. Also, Pandora’s box has been opened, I’m sure someone can easily replicate this mod
It'd be far too late. There'd be at least hundreds of copies of the database already and growing. It's the internet, once something is out there it's out there.
Agreed. By having court records they can easily demand a take down of the database wherever it appears. Between this and fixing the code, they can have the problem mostly resolved in a few years.
It took Square Enix 10 years of complaints about stalking problems to get around to the DT blacklist feature. I'm... not very optimistic that they'll move fast on fixing this, even when they absolutely must fix it.
too bad the dt changes adress nothing to the stalking problem. only upgrade is no burner alts can message you.
Having a veil around you don't make that person not stalk you, you're simply unaware
Even if they fix it, I'm still concerned about how hamfisted they'll be about it. They solved the "people keep rushing through cutscenes in main scenario roulette and leaving noobs in the dust" not by taking the story cutscenes out of the dungeon but by forcing people to sit through them, which you can still get around if you know what you're doing anyway.
@@alessandroseverino8222literally this. I had a stalker for a year now and I was finishing up dt and we in living memory. I was on maduin and for some reason used search…my stalker was there in every area we went. I couldn’t see them cause they are block but they probably was just following us around for hours. That is so wierd some1 would waste thier time like that.
Yeah but players blacklist too easily and use it to bully too
It's just annoying seeing them type over and over and you still see it...
@alessandroseverino8222 and if they defame or bully you you can't report easily bc you can't see it so square not fixing that
This is NOT a MOD/Plugin Issue. IDs back and forth between client and server side shouldnt even be a thing in any MMO, period. SE hasnt cought up yet and its a huge Securty Risk they should be aware of.
exactly
The funnier thing is this issue mostly affects rp venues / erpers and we all know where the biggest modbeasts are...
@@AlviArin i dont think so. while Venues are for sure popular, its also a tool to cause drama in FCs.
@@MichaSennin modding makes this possible in the first place. Thats the root of the cause, but i also agree it is not 100% a modding issue, square has their fair share of guilt in this aswell. They need to update their stance and go against this hard!
Wasn't this reported like week 1 of patch and listed as a known issue? Or this just a PSA? Or something new? (The fact that a userID gets attributed and is useable on stuff like this is a problem). User "Myrany" on the ff14 forums pointed this out on 06-29-2024 04:39 PM, that a Unique Identifier Number that does not change even if the player fantasia's, changes names, swaps servers, etc. I thought this was on the known issues, but could be wrong.
The irony is, the mod was initially conceived because the mod maker wanted to find out the owners of retainers on the marketboard. It doesn't take much to understand this was done out of spite to find out who was undercutting him on the marketboard. The odds of positive sentiment, such as buying an expensive item that was wrongly priced with 1 less digit and attempt to return to the owner, is a potential benefit of doubt but unrealistic to launch a full fledge mod for it. Eventually it was never made with good intentions in mind to begin with.
Capitalists sure do hate the free market, don't they?
100% agree with you, Brother, SE absolutely needs to fix this ASAP because this is a massive cybersecurity issue. Like, we’re talking serious privacy concerns here stuff that could straight up lead to a possible class action lawsuit if they’re not careful. Not protecting player data like this could easily violate their own Terms of Service, and it’s wild they’d let something this risky happen in the first place. Hopefully, calling attention to this puts the heat on them to actually do something before it spirals out of control. Appreciate you using your platform to break this down for everyone!
If only someone had the foresight to speak up about this when this change went live.
People did. Maybe not on Reddit or RUclips. The issue was discovered and known within like a week or so from DT release, were I read about it already then. Just that back than nobody used it, so nobody cared even if there was some limited talk about it.
Yeah I don’t have the link, but someone actually brought up this issue on Reddit 6 months ago and explained the potential issues with the new blacklist system that SE implemented. It was a very valid concern, but most of the commenters gave the guy shit…
Thank you for posting a video about this. Square NEEDS to be better at how they handle their server side info.
I swear I recall hearing about this being possible back close to Dawntrail's launch.
Yeah, it was a known potential issue, but people didn't take the warning seriously because nothing hadn't happened yet. And now here we are. Lol
Definitely. I remember as well reading about people that just found the id‘s and couldn’t believe they were there. They were pretty much already predicting back then what’s happening now
Wowww. So the user can opt-out of stalking-enabling tracking software by giving their information to the creepy software creator?
Not only that, but they require you to provide your lodestone URL and put a fucking code in your lodestone profile, too? Fuck that noise.
Honestly as someone who's best friend got stalked for months and doxxed about every single little thing in his life, forced to make multiple alts but still got that person if not multiple people chasing him down, and i think even now has an entire new account and is still having these problems, before dt even came out, square really should address this.
Sounds odd, what was ur friend up 2?
@@Pikaru-c4u You don't need to be up to anything to be stalked. You can just be minding your business when someone just looks at you or has a very casual conversation with you and now they're latched onto you and depending on the severity of their obssession with you they can be very difficult to shake off. You'd be surprised at the lengths stalkers go to in order to continue stalking.
I think the source of this problem is the way SE designed the MB - by letting you see seller retainer names and also forcing signatures on crafted items
For a month one of my characters drew some weird MB stalker who was undercutting far below cost of the mats of this one item. I've got my own way of messing with them back. that said there is a world I'm not saying that makes getting gil so much harder than it has to be compared to what can be charged on other worlds.
Sadly that cat is out of the bag now. You're right, even if the current Developer stops, someone else most likely will pick up the idea and keep going. What is SE gonna do? Ban all Mods? That's already the official stance ._.
Well, the plugin wouldn't work if Square Enix properly implemented the blacklist instead of whatever they did here.
Even if they banned all plugins, this information could still be scraped and abused.
@@OmegaMetroid93They literally make a lot of people quit the game the moment they ban mods:)) It would be interesting to see how many people would quit if they do.
@@UmbraWeiss I hope they don't, cuz yeah you're right. My point was more that banning mods wouldn't actually fix this issue, people could still do this without plugins. Now that the cat's out of the bag, it would just be a matter of time because someone else develops a tool to do this. Square needs to fix it themselves.
Smells like lawsuits.
It was quickly found out that blacklisting in DT involved using an account ID around DT launch.
I still think its not just the plugin's fault for facilitating stalking to be easier than it is with the vanilla game, but it should be SE's fault for being negligant to allow people's online data to be client-side in the first place.
A change to the blacklist system likely won't come soon unless there is an urgent hotfix. Otherwise, its likely gonna take until 7.2 or 8.0 to correct this and the damage would be already done.
Considering how slow sqenix moves on anything, I doubt even 8.0 they'd have something up. Not unless there's a tragic outcome to the story that gets picked up by legacy media.
I know they said the current block system was supposed to be a stepping stone to a larger rework later, but honestly with the way it's implemented, it needs to be sooner. I also recall that the custom launcher framework that makes this and other plugins work, while it does have systems in place to prevent malicious plugins from entering the official repository, they have no power over plugins that are installed via unofficial repositories. And even if they did, they have no way of stopping it from working without also breaking plugins that aren't malicious.
I think covering this is a good thing, because the more people that are aware of it, the more likely it is to be fixed.
my biggest beef with blacklisting is reporting bullying/harrasment during a duty is a joke, nothing will ever happen about it...and if they aren't on the same world server as you you can't blacklist them or even mute them during the duty or the horrid part, nor can you do so afterwards. Granted I don't have stalkers nor am I the type for anyone to have a reason to stalk me...this is super messed up too but the fact you can't even blacklist/mute the people who need to be blacklisted/muted........
Question: What about those systems that show players parse data without their permission, yes it helps those that wants to get better, but what about the tracking on that?
Do you actually think the 2 are even close to be the same? Like 1 shows youre either shit or a God at the game while the other shows your entire FF life...
On lots of platforms, blocking someone doesnt actually block them. They can still see you, follow you, comment to you. But you cant see them. It needs to go both ways. They should never be able to find you again
This feature really needs A LOT more work. You can only blacklist people on your world.
I’m curious why they said “ where gonna hide ur stalker from you but allow them to follow u in peace” it’s like square like this type of “gameplay”
There's no reason for the IDs used in the black list system to be usable by modders like this, why isn't that data obfuscated/encrypted so that its useless with out putting in time and resources? oversight by SQE.
They could easily encrypt the data, and have the decryption key be created based on hashs generated from the user's email, password, and/or the time they logged in.
Fixing out the code base is one thing they need to do but they also need to enforce more social moderation. This kind of anti-social behaviour needs to lead to way more dire consequences for the offending player.
Thank you for covering that.
Besides SE and (the most guilty) the plugin dev I actually see another guilty party in this. Discord.
This "site" has become far too much a wild west zone with servers existing that have illegal content (like the one of this dev) or even worse.
How can it be that Discord completely ignores all the shit that is happening in it?
It has become such a monster of data for this game so that no one knows how often their character is even to be found there in screenshots or mentions.
Regarding this topic here:
Don't give that psycho dev of this plugin even more data like your Discord account or your mail-address people.
He will probably NOT whitelist you and also your character data is already out there somewhere being sold to stalkers as we speak. It is too late.
All we can hope now is that SE stops their silence and does something. But given their track record I wouldn't hold my breath for that...
"If it was opt-in then the data would be very limited"
This is the mindset of every shitty IT company too
*looks at microsoft* Indeed.
This is y I hardly interact with people I don’t already know, the stalking terrifies me and the dev of the mod seems to want to stalk someone… like y else would they bother?
This community is just degenerate
How the fuck do you stalk someone in a video game?
This only came about because of squares reluctance to ban harassers and lose subs. Also, sociopaths do not care about your feelings or privacy. Also I know some countries take privacy extremely seriously like Germany. This could be a legit legal issue for this person.
With all that info that a person can get with that kind of access, and with some people on social media willing to block people and target them for the DUMBEST reasons (no social media platform is immune right now) and with how vitriolic people can get about every last little position they take about anything at all, one has to wonder how much of a good idea that SE were to implement this way of addressing a equally serious topic. No sane person is going to want to see harassment, stalking, and targeting of a player, but I was always worried about how this could be abused by those that see someone that went even an ounce out of lockstep about anything at all. Find account name, then link it to an email, link email to a particular X or Facebook account, see what they've said, dox that person or even worse. Which I think I've heard IS against Square's TOS anyway. There must be better ways for SE to address what they intended to address with that BL update than something that opens the door to so many problems, this being a major one.
This hapenning during the Free login campaign is just bad luck. A lot of people are about to login for their FOMO rewards and get their personal data scraped by bad actors.
Another thing to note is MareSync also logs your account information and all your alts and keeps a running database of this, and has shown no intention of stopping so it's not just this plugin, this is just the worst actor in a bad situation.
More data to data monster. As if DT needed more problems and issues.
*This message was sent by a blacklisted player*
I'm just waiting to see if the hammer falls or not at this point. Sooner or later, people will push too far... and this is currently the farthest we have seen since the Gshade thing about a year back now.
@@Asmodean1111 in my opinion anti cheat is inevitable now. I've been saying this for a few years now, but all it takes is one scandal that puts Square into a bad light and forces them to clean up the mess. Maybe this is that scandal. If it is not enough yet it will come in the following years
I am curious if the playerbase will blame SE instead of the mod dev for that anti-cheat...
@@TobinatorTx Not happening. It's not as simple as you might think. They can't just add an anti-cheat and call it a day. It needs to be moderated, updated, and constantly checked to ensure that it's working properly. Not to mention that it would make a huge percentage of the player base quit, resulting in lost sales on the game that they absolutely CANNOT afford to lose on.
@dreamllusion8390 Knowing the player base, I'd say both. As a console player, won't affect me.
@@Asmodean1111 as one who play both on pc and ps5, it doesn't affect me either.
I don't actually have any faith that Square Enix will take this as very valid criticism of their game and systems. This is likely the thing that will finally make them try do something about mods.
Even when they do fix this unfortunately some people will still go to even further lengths.
We've already had a problem with people tracking every little thing you do in this game. Is it only just now people are creeped out by it?
They guy who created a mod like this should be banned forever and even be sued if possible for using peoples data and endanger them. Whatever happen to this guy is absolutely deserved, causing other peoples suffering just because you have a fragile ego is psychotic behavior.
Also what the hell is wrong with the FF XIV team to not notice things like that, they work over 10 years with the engine and know the limits. They mentioned in multiple interviews how they have to work around things but on the otherhand stated that as long as they can do all things that they want with this engine, there is no reason to use another one. But the way how it is made possible doesn't matter that much as it seems and yes most of the team that took over FF XIV may never worked on a MMO before but with 10+ years experience, you should start to know typical issues. One of the main reasons why we have no damage meters was herassment so they should be aware of that. Especially how teams at world first events who cheated got herassed and to which extend people herassed them. These are all information available to Square and there is no excuse to not have adressed these things.
So when are we banning add ons entirely?
@@ac04project Never that kills ff14.
The worst thing that bothers me about the way SE handles the Blacklist is - as far as i know - that you don't even need that *Plugin* to gather those informations, other programs outside of FFXIV are likely to be able to achieve the same thing.
I remember sitting in vc with a friend who was super happy about this feature and saying "thisll have a way to be abused for the stalkers absolutely" and them vehemently saying i was a hater or i was being weird about people wanting to protect themselves. There is just zero ways to fully stop a system like this from being abused eventually. Its a good idea in theory but even if anticheat was a thing someone would find ways around it.
Anti-cheat also never works. If it did you would never hear a game who has it have any sort of cheaters period. Rust, sea of theives, league of legends, fortnite, whatever you name it has cheaters and always will. The best case argument you can make for them is it inconveniences the cheaters and tbh creates a booming market that is both toxic and profitable for the people making the cheats.
We hear you, We are working on it.
Please be patient.
After a few years (repeat)
Note that the source for this mod is already out there and it's already been forked over a dozen times. So the code's out, and simply asking the author to just not release the mod is a moot discussion because they in essence already have. S-E needs to fix the availability of the data to the client, which means taking that entire account blacklist feature back to the whiteboard and finding another way to do the work.
The only way to find out those account IDs is via mods, right? So if people harass other players for undercutting or whatever - those players could report them for using mods.
Getting your account banned should not be worth it, or am I missing something?
How will SE detect you're using mods? They don't have system in place to check it in first place. Other than you saying out loud ''I USE MODS''
@@Caladir well, if the harassers can have that data to find out who you are ingame ONLY BY USING A MOD, then it's quite obvious that they use a mod, duh. same for anyone who wants to confront people over their dps in dungeons.
@@Hitsugix Exactly. that's what I wanted to say. ☺️
@@HitsugixSo what if I got the data from someone else who is using the mod? Would I get banned for that? When the data gets published publicly and anyone can access it by just going to a website, would I get banned for using that?
@@Hitsugix It can be done via 3rd party tools/programs as well. The issue is that the accountID isn't encrypted.
Before DT, plugins used character ID's instead. There is no reason why they can't go back to that.
The *only* positive use case i've seen for AccountID usage is to ban bad actors from using specific plugins(Mare, for example, keeps a database of accountIDs s for this purpose. If they ban the account, all the characters are also banned. Previously, it just banned a specific character on a specific world, and could be avoided with a name change or world change).
However, I don't believe that small positive is worth all the potential negative. Square could fix this by simply encrypting the accountID data. Plugins would just have to go back to the EW way of doing things.
One thing that they would let us is that they let at least Player search available, but not useable
Because when mutual blocks happen, whoever blocked first has the power
Me and my friend had a fight and we just never wanted to see eachother again, i went to block him in FFXIV and...he blocked me , but now he has the power of keeping me blocked, i can't look for his character name to block him myself.
I know they dont want people stalking but i dont want to know if they're online or their location just let me find in game the name ''Bingus'' so i can right click, block, any other option would ''fail'' since they blocked me.
Unless they're going to make other account wide features like glamours/emotes/etc. and stop forcing feature side things to be single character only, they should treat each character as an island that is separate from one another. I think that's the safest thing they could do.
5:47 just gonna say that the same logic here should apply to fflogs. The fact that I had to opt out get tracked is essentially the same thing
I have have genuine stalkers in XIV in my many years of playing. The people that do it are so scary ):
Not scary but disturbing. I have one two. They pretty much stopped but you have to be crazy to waste game time following some1 wtf
What I would add, the best place to actually tell Square Enix, is to file a Bug Report. That way, no one else except Square Enix will know about it and spread the potential danger.
I have filed quite a few in my time and they all got addressed in a fast and flawless manner.
I believe that if someone has bad intentions to do something, they’ll always find a way to do it-otherwise, we wouldn’t have crime, imho.
Personally, I’d really like an in-game feature where I can check what my 48 other characters are up to. For example, whether I’ve done XYZ on my 25th character this week or if I still need to do it, etc.
Hot take. This needs to come out and made as public as possible, so square doesn't sweep it under and kick the can down the road.
Quite serious indeed
Does this mean that people can find my alt, Feet Enjoyer, the lalafell ninja that uses hidden to smell the tosies of balmungs visitors?
Omg lol
Yes, yes it does.
@@Zeloh927 it does indeed. There will be entire data banks and lists of the people doing these things publicly accessible at the ready to be harrassed for it
I think it’s a good thing this guy not only developed this mod, but also talked about it publicly. The only way SE will fix the underlying problem is for someone to threaten this type of security breach.
The only reason he talked about it publicly is because he was forced to. The plugin was originally just a private thing between a few of his friends until someone found the git and shared it to the broader community.
uh... no this is basically worst case scenario
the dev has a video demoing the plugin on his discord and his database already has over 500,000 entries
A good thing? Giving some guideline to some sociopath with a bit of knowedge on the matter?
If this person don't make it, there will just be another
My point to those above is that the plugin community is extremely robust and eventually someone would have made this. The fact that it’s being exposed in patch 7.1 and not 2 or 3 years down the line is a good thing.
The plugin is bad, but someone could have used it themselves or only share it with a very small group of people. This would have lead it to be obscure enough to be a non issue while still causing harm. I just hope the dev team can find a workaround because stalking is a real issue.
@@UltrosFF6 maybe the intention was to show security gaps all along? jk
Easy-ish fix. SQuare should encrypt the account ID with a private key, held on the server account. A one-way encryption.
I'm happy to be spoonfed this info because I didn't really get what was going on in the first place. Whoever made that mod needs to take a good hard look at themselves.
I've also heard that you can only opt out if you download that mod...
For those screaming "Ban mods!" or scared that thier mods will be banned:
Banning mods wouldn't fix this issue. The issue is that the accountID (note, not the login ID. That is seperate) is unencrypted. You can get it from a totally vanilla client as well using a packet sniffer, 3rd party tool, etc. An anti-cheat wouldn't prevent this.
The only "fix" is for SE to encrypt the accountID data, and to also legally ensure plugins makers aren't storing previously acquired accountID information (which would me a handful of lawsuits targeting those specific plugin devs)
honestly one of my biggest reasons for hating this game is related to stalking... I started playing this game in 2.0 up until now, and I cannot begin to explain my story of being stalked by an Exfriend... this guy is sick and stalks my every move.. what duty I am in, what I am farming, what I've collected, my profile, location, house etc. the list keeps on going... and the most upsetting part about it is that the game does not protect you against those people..... specially with how the servers are built in a way that you can EASILY be in the same place and time as those stalkers...
It is because of their block system. It is like how alts don't exist if you aren't playing them. It is dumb. A played should be able to use their alts in all homes that they might own without needing someone else to invite them. Like how you can't send gil to an alt via mail. It is dumb. The entire alt system, friendlist, block list, all of that is connected and needs to be completely redone.
Thank you for signal-boosting this, SE needs to take notice ASAP
I agree with the sentiment here in the comments. I think it’s time for anticheat, screw anyone using third party tools. I’m a console pleb, if I can clear savage and ultimates, anyone can too. Enough is enough.
How do you prevent someone from running a calculator while their game is also running? Because that's what the DPS meter is
That kills the game. Not only with cosmetic mods. But mods that help with actually playing the game like noclippy and xivalexander.
You’re not thinking about the whole picture.
Most of the FF14 player base is role play and casuals. If they introduce an anti cheat, they essentially kill 60-70% of their revenue as role players use TONS of mods to customize their characters.
I’m not against an anti cheat, I just know SE is too afraid to do it.
Multi dollar company that barely reinvests players money into the game is shocked to find out they handle people's data like shit, mfw.
I would love to see the dev team have their hand forced and make a purging crusade against mods and pluggins.
Yeah, I want to see the world burn. Of course plugins were made for quality of life first and foremost, but I don't care, ppl will leave on masse and yoshi and co will need to make the qol change official if they don't want to go bankrupt.
Or they will do nothing and the community will just handle this themselves like they did with Gshade.
As bad and evil as you make this sound, i actually agree. It would be what is needed
I agree as well. I didn't mind the level of third party shit we had back in SB, but since end of SHB it got out of hand. It's time for a purge.
They don't even need to go that far. Just encrypting the accountID alone would fix this issue.
Eventually Yoshi P is going to get sick and tired of modders making mods to be malicious and bans it all outright and ruins it for everyone.
I just want a setting to not allow randos to drive-by FC invite me. I'm so sick of that shit.
theres a bigger issue even if SE stopped this mess.
The Databases are already done. effectively anyone who has access to it can atleast grab very recent data from it.
The person who is making this should be permabanned in addition to the issue they're exploiting being fixed. There's 0 chance they don't know what his account is.
Then all plugging should be banned. You can't play this game of winners and losers because certain things they're just not going to sanction. You can't.
Say that this mode needs to be deleted.But then say the nude mods is completely fine.
Either it's all okay or none of it's okay
@@ac04project how many streamers also run the mod that tell em what to do like what "Deadly Boss Mode" is in Warcraft?
Yes, the TOS say all mods are a violations of rules, Yoshi P on the other hands always put em into a grey area since is well aware of the gravity of some.
If you think leaking informations of others, having accounts runned by default by scripts are the same of "omg! this person can see it's character with slighter bigger boobs and improved texture", you're quite delusional.
Sure, they can erase em all for what i care... But how many people need their stroke of ego with logs and such?
The world first aren't also kinda tied to logs?
Least of all... So many people, be the gposer community (shaders and posing tools), raiders (act and all the like) will drop the ball since i highly doubt SE will implement all the feathure so many people use with mods.
Hell, to this day i can't share my own house with my alt, yet i can give such permission to others, nor i can't send myself stuff unless i trade to some one else or use company chests...
@@alessandroseverino8222 Will they ban sex mods also that are floating around? custom animations rigs for those things etc? Doubt it. XIV is just starting to become shit pool with worst kind of people. Non-stop gooning and salivating.
@@alessandroseverino8222 I used to play WoW up stil like the first patch of Mists, im familiar with it.
I play console, so we dont get mods. I know plenty of people who use the modding tools.
However like that situation with the gshade addon, where if you did something in particular, your computer would shut off. These are the innate risks of security beaches when you are running unsanctioned code.
Should people have their information protected. But bringing issues like this to light, only strenthens the arguement for why mods shouldnt be allowed.
If you say your game cant survive without unsupported addons, then it should fail, if it cant stand on its own content.
What i want out of it, is it putting a torch under SE's ass to massively increase the emotes/styles/character customization speed. Its extremely slow and dependent on the community.
But the security leak is a symptom, Mods for better or for worse is the root cause.
And either you turn a blind eye to all mods, or stand behind the "no mods" stance.
This feature has been nothing but good for me, plz don't let the few bad eggs ruin it.
Classic case of the double-edged sword nature of mods in a live service game... Sigh...
Still do this day I still think SE needs to add an anti cheat engine that disabled all mods.
If Modders continue to make malicious mods like these, and people continue to cheat using certain advantageous add-ons, and it continues to get this kind of visibility, I really do see a world in which Creative Business Unit 3 goes scorched earth. The community has been playing with fire for a very long time now. I'm not sure how they'll create a blacklist feature that is account wide, without using account information which could potentially be scraped by those that try hard enough.
well this is going be a secitly risk and the game will not be safe to play anymore i dont feel safe on the game if square enix dont fix this
asap
Fix the way you type 1st
Digging deep when a video about the black list comes out.
I have Gil seller spammers on mine only. I’ve played since 1.0 and have never had a big enough problem that I think “oh Blist!” Maybe I don’t get offended as easy as others idk.🤷🏻
This might be the reason SE starts using anti mod software to flag fs that use mods, which would kill a good chunk of the player base.
maybe. with a lot of people quitting the game already, i'm not sure if SE can afford that tho. think of all the omnicrafters and mare lamentorum users. do you think they would keep playing and paying if they can't do their favourite thing in the game anymore? i don't think so.
It’s been a long time since I’ve seen your videos, you’ve slimmed down haven’t you? Best of vibes brother, I’m planning on jumping back to the game later this Year.
Ff14 has so much spaghetti code for a lot of things, im surprised there arent more things that can be exploited like this
Thank you for this, it is better to know than not know.
14 is full of weirdos.
Just as much as any other online game, or communities.
@@AlviArinnah, anyone who uses thier characters as a main photo is wierd. Y’all live this game
@@AlviArin After putting thousands of hours into multiple different MMOs, FF14 definitely had a higher amount of weirdos than any of the other ones I've played.
Not that everyone who plays it is one, but there are way more there. Or they're at least more open about being a degenerate.
@@Pikaru-c4u Ever seen people with anime profile pictures? No? you must be new online
What’s the deal with someone stalking you in a game? ( legit question) I’ve never had it happen so I don’t know. If they find you what can they do? Is it not a reportable offence to SE?
Square with ffxiv has always done the bare minimum to deal with issues like these...good thing its such a fun game 😂
Who thought allowing ur stalker to see u is normal, they still follow u lmao.shouldnt it be they can’t see u at all
“Don't you believe in the operation of the moral law, madame?”
If you are the mod creator reading this: please, go to therapy
Just that
*Jeff Goldblum voice* Stalkers, uh, find a way
blocked people staying friended is super weird.
As a person who has been stalked before in the past, I am extremely against this and worried.
SE should have thought this thoroughly before implementing it.
For me, they should revert the process back, and random generate new IDs for everything as a counter measure. Sure, it won't help entirely. But, at least I'd sleep better knowing they did this.
Also, I hate to say it. But, plugins should be a ban worthy thing. I'm actually tired of SE letting all these plug ins existing and not doing anything about it. The dev of this plugin probably thought, since SE doesn't do anything against other plugins, that the person would be safe.
Sorry, Warriors of Light, plugins needs to go. And it's about time SE cracked down heavily on them.
In typical CBU3 fashion they release a new "feature" thats broken.
Not even suprised
So whats the big deal? Most games I've played i haven't come across some weirdo and needed to block them or have them stalk me and block, I don't have any friends or talk to anyone on ff14 to deal with stalkers or blocking them so why is everyone freaking out about that? What's the worst they can do? Jump in your way and talk smack? Follow you? I don't know how people act in ff14 but if this is something that worries you people then y'all are overreacting and need to learn how to ignore losers, i can understand famous players freaking out but for people who are worried about a single person or two shouldn't even make a big deal about it, just play the game and enjoy yourself, dont let some weirdo's ruin your mood.
The thing is there's already a round about universal friends list that's opt in. Mare Synchronous is account wide and revolves around a singular id that you can be nicknamed.
Mare profiles are not account based. They *can* be if you set it up that way... but you can also have, say, Characters A and B on profile 1 and Character C on profile 2.
So, another layer of needed consent.
@audrey_in_black every layer of consent for this kind of system is a good thing.
In mare you don't also have to give willingly to some one else an id?
Making it a choise of yours. Unless said person join random synchshell and that's on em.
Can't safe the one who chose to roll and jump in a mindfield
@@audrey_in_black The "profiles" aren't, but your mare account is linked to your accountID currently. They made this change so people can no longer get around bans by simply changing character name/world or playing on another character.
The main dev claims that the data is securely encrypted on their end, and made a whole announcement on their discord about it, why it's in place, and their thought process behind it.
On the subject of mod based businesses, if you’ve ever gotten a commissioned art of your character, that’s technically not allowed by JP IP laws. So there’s a lot of reasons why mods and fanart are not usually touched on. Literally no one likes the nuclear option.
Blacklisting is also breaking PF for a lot of people, this is a repeat as what happened in overwatch. People are blacklisting everyone for no reason and PF are no starting to have trouble to fill because people cannot see the PF if they are blacklisted.
Just ban the people who use that particu mod 🤷♀️ it's against tos to use mods anyways.
They can't track that, and the issues are happening because of Square's coding mistakes.
The problem is that if one mod easily did it, others could. This time it will be a secret and the damage will still be done. They need to figure out how to hide the new ID system.
@@ArchonLoaf Thats the thing. They CAN track that lol id's are not stored client side.
@@Raven621x yes they are, that's why it can be sniffed out. the blacklist is a client side feature. even the devs who run the red moon, the public repo for most mods, say it's a client-side feature and that's why this works
@@Raven621x they are stored client side. thats the entire issue here dude.
It's too late, the cat is out of the bag. Data on players has already been collected...
Coding 101: Everything you give to the game client will be exploited one way or another, SE will remove that feature, plain and simple.